diff --git a/bindep.txt b/bindep.txt index b0f784e1d..b9dfdcfb5 100644 --- a/bindep.txt +++ b/bindep.txt @@ -7,5 +7,8 @@ python3-dev [test platform:dpkg platform:apk] # Required for subprocess32 python2-devel [test platform:fedora] python-devel [test platform:rpm !platform:fedora !platform:centos-8 !platform:rhel-8] -python-dev [test platform:dpkg platform:apk !platform:ubuntu-jammy !platform:debian-bookworm] +python-dev [test platform:dpkg platform:apk !platform:ubuntu-jammy !platform:ubuntu-noble !platform:debian-bookworm] python2-dev [test platform:ubuntu-jammy] + +# Required for sphinx testing on Noble for Pillow wheel builds +libjpeg-dev [doc platform:ubuntu-noble] diff --git a/roles/ensure-skopeo/tasks/Ubuntu-24.04.yaml b/roles/ensure-skopeo/tasks/Ubuntu-24.04.yaml new file mode 100644 index 000000000..a95fd24c4 --- /dev/null +++ b/roles/ensure-skopeo/tasks/Ubuntu-24.04.yaml @@ -0,0 +1,49 @@ +- name: Install skopeo from packages + when: not ensure_skopeo_install_from_upstream + package: + name: + - skopeo + - uidmap + state: present + become: yes + +- name: Install skopeo from upstream + when: ensure_skopeo_install_from_upstream + block: + + - name: Install dependencies + become: yes + package: + name: + - libgpgme-dev + - libassuan-dev + - libbtrfs-dev + - libdevmapper-dev + - pkg-config + - build-essential + - golang + state: present + + - name: Clone upstream source + git: + repo: https://github.com/containers/skopeo + dest: '{{ ansible_user_dir }}/skopeo' + version: '{{ ensure_skopeo_install_from_upstream_version }}' + + - name: Build skopeo + command: 'make bin/skopeo' + args: + chdir: '{{ ansible_user_dir }}/skopeo' + + - name: Install binary + become: yes + copy: + src: '{{ ansible_user_dir}}/skopeo/bin/skopeo' + dest: '/usr/local/bin/skopeo' + owner: root + group: root + mode: '0755' + remote_src: yes + + - name: Test binary + command: '/usr/local/bin/skopeo --version' diff --git a/test-playbooks/ensure-nox.yaml b/test-playbooks/ensure-nox.yaml index f89c184d9..805f9e95e 100644 --- a/test-playbooks/ensure-nox.yaml +++ b/test-playbooks/ensure-nox.yaml @@ -27,7 +27,7 @@ - name: Verify nox_executable is set assert: that: - - nox_executable == "{{ ansible_user_dir }}/.local/nox/bin/nox" + - nox_executable == ansible_user_dir + '/.local/nox/bin/nox' - name: Verify nox is installed command: "{{ nox_executable }} --version" register: result @@ -48,4 +48,4 @@ - name: Verify nox_executable is set to the virtualenv nox assert: that: - - nox_executable == '{{ ansible_user_dir }}/nox-venv/bin/nox' + - nox_executable == ansible_user_dir + '/nox-venv/bin/nox' diff --git a/test-playbooks/ensure-tox.yaml b/test-playbooks/ensure-tox.yaml index 46ea17d8e..a5306794c 100644 --- a/test-playbooks/ensure-tox.yaml +++ b/test-playbooks/ensure-tox.yaml @@ -27,7 +27,7 @@ - name: Verify tox_executable is set assert: that: - - tox_executable == "{{ ansible_user_dir }}/.local/tox/bin/tox" + - tox_executable == ansible_user_dir + '/.local/tox/bin/tox' - name: Verify tox is installed command: "{{ tox_executable }} --version" register: result @@ -48,4 +48,4 @@ - name: Verify tox_executable is set to the virtualenv tox assert: that: - - tox_executable == '{{ ansible_user_dir }}/tox-venv/bin/tox' + - tox_executable == ansible_user_dir + '/tox-venv/bin/tox' diff --git a/test-playbooks/multinode/multi-node-firewall.yaml b/test-playbooks/multinode/multi-node-firewall.yaml index c98d2cdab..6cba85b6a 100644 --- a/test-playbooks/multinode/multi-node-firewall.yaml +++ b/test-playbooks/multinode/multi-node-firewall.yaml @@ -13,7 +13,7 @@ - name: Validate ipv4 private firewall configuration assert: that: - - "'-A INPUT -s {{ hostvars[item]['nodepool']['private_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout" + - "'-A INPUT -s ' + hostvars[item]['nodepool']['private_ipv4'] + '/32 -j ACCEPT' in iptables_rules.stdout" with_items: "{{ groups['all'] }}" when: - hostvars[item]['nodepool']['private_ipv4'] @@ -21,7 +21,7 @@ - name: Validate ipv4 public firewall configuration assert: that: - - "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout" + - "'-A INPUT -s ' + hostvars[item]['nodepool']['public_ipv4'] + '/32 -j ACCEPT' in iptables_rules.stdout" with_items: "{{ groups['all'] }}" when: - hostvars[item]['nodepool']['public_ipv4'] @@ -40,5 +40,5 @@ - name: Validate ipv6 firewall configuration assert: that: - - "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv6'] }}/128 -j ACCEPT' in ip6tables_rules.stdout" + - "'-A INPUT -s ' + hostvars[item]['nodepool']['public_ipv6'] + '/128 -j ACCEPT' in ip6tables_rules.stdout" with_items: "{{ groups['all'] }}" diff --git a/test-playbooks/multinode/persistent-firewall.yaml b/test-playbooks/multinode/persistent-firewall.yaml index 51ff9e0e0..d193b2e9c 100644 --- a/test-playbooks/multinode/persistent-firewall.yaml +++ b/test-playbooks/multinode/persistent-firewall.yaml @@ -59,7 +59,7 @@ - name: Validate ipv4 private firewall configuration assert: that: - - "'-A INPUT -s {{ hostvars[item]['nodepool']['private_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout" + - "'-A INPUT -s ' + hostvars[item]['nodepool']['private_ipv4'] + '/32 -j ACCEPT' in iptables_rules.stdout" with_items: "{{ groups['all'] }}" when: - hostvars[item]['nodepool']['private_ipv4'] @@ -67,7 +67,7 @@ - name: Validate ipv4 public firewall configuration assert: that: - - "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout" + - "'-A INPUT -s ' + hostvars[item]['nodepool']['public_ipv4'] + '/32 -j ACCEPT' in iptables_rules.stdout" with_items: "{{ groups['all'] }}" when: - hostvars[item]['nodepool']['public_ipv4'] @@ -75,7 +75,7 @@ - name: Validate ipv4 bridge firewall configuration assert: that: - - "'-A INPUT -s {{ bridge_address_prefix }}.0/{{ bridge_address_subnet }} -d {{ bridge_address_prefix }}.0/{{ bridge_address_subnet }} -j ACCEPT' in iptables_rules.stdout" + - "'-A INPUT -s ' + bridge_address_prefix + '.0/' + bridge_address_subnet | string + ' -d ' + bridge_address_prefix + '.0/' + bridge_address_subnet | string + ' -j ACCEPT' in iptables_rules.stdout" with_items: "{{ groups['all'] }}" # ipv6_addresses is set by the multi-node-firewall role @@ -92,5 +92,5 @@ - name: Validate ipv6 firewall configuration assert: that: - - "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv6'] }}/128 -j ACCEPT' in ip6tables_rules.stdout" + - "'-A INPUT -s ' + hostvars[item]['nodepool']['public_ipv6'] + '/128 -j ACCEPT' in ip6tables_rules.stdout" with_items: "{{ groups['all'] }}" diff --git a/test-playbooks/rust/ensure-rust.yaml b/test-playbooks/rust/ensure-rust.yaml index 26bb42254..59d988fa1 100644 --- a/test-playbooks/rust/ensure-rust.yaml +++ b/test-playbooks/rust/ensure-rust.yaml @@ -35,6 +35,8 @@ state: present loop: - build-essential + # pkg-config appears to be explicitly needed on Ubuntu Noble + - pkg-config - libssl-dev - libffi-dev - python3-dev @@ -44,4 +46,7 @@ shell: | python3 -m venv ./venv ./venv/bin/pip install --upgrade pip + # Python cryptography relies on a working Rust toolchain to build + # from source. We set the --no-binary flag to ensure cryptography + # is built rather than installed via an upstream wheel ./venv/bin/pip install cryptography --no-binary cryptography