298354d2e3
There are a number of updates we make for Ubuntu Noble in this commit.
1. Remove python2-dev from bindep for Noble as Noble appears to have no
python2 runtime options.
2. Add libjpeg-dev to bindep for noble because Pillow doesn't build
python3.12 wheels for Pillow<10 which we currently depend on. This
means we need to build from source and that depends on libjpeg-dev.
3. We remove double bracket wrappers from ansible vars in ansible
assertion blocks. Having them results in errors like:
Conditional is marked as unsafe, and cannot be evaluated.
4. We update rust testing to explicitly install pkg-config before
building python cryptography. This tool is required to build
cryptography from source and is no longer being pulled in either
by the base images or build-essential meta pacakge.
5. Add an Ubuntu-24.04 tasks file for the ensure-skopeo roles so that
we try to install skopeo using distro packages or build from source
and don't use Kubic which only has packages for old Ubuntu releases.
Change-Id: I388710ce40dc757ada4de819a9c3c59fc32fb07a
53 lines
1.3 KiB
YAML
53 lines
1.3 KiB
YAML
- hosts: all
|
|
tasks:
|
|
|
|
- name: Run ensure-rust
|
|
include_role:
|
|
name: ensure-rust
|
|
|
|
- name: Test cargo run
|
|
shell: |
|
|
cargo new foo
|
|
|
|
- name: Copy hello world
|
|
copy:
|
|
src: hello.rs
|
|
dest: hello.rs
|
|
mode: 0644
|
|
|
|
- name: Compile hello world
|
|
command: rustc hello.rs
|
|
|
|
- name: Run hello world
|
|
command: ./hello
|
|
|
|
- name: Test pyca/cryptography build
|
|
when: ansible_distribution == 'Ubuntu'
|
|
block:
|
|
|
|
- name: Ensure pip
|
|
include_role:
|
|
name: ensure-pip
|
|
|
|
- name: Install deps
|
|
package:
|
|
name: '{{ item }}'
|
|
state: present
|
|
loop:
|
|
- build-essential
|
|
# pkg-config appears to be explicitly needed on Ubuntu Noble
|
|
- pkg-config
|
|
- libssl-dev
|
|
- libffi-dev
|
|
- python3-dev
|
|
become: yes
|
|
|
|
- name: Check build
|
|
shell: |
|
|
python3 -m venv ./venv
|
|
./venv/bin/pip install --upgrade pip
|
|
# Python cryptography relies on a working Rust toolchain to build
|
|
# from source. We set the --no-binary flag to ensure cryptography
|
|
# is built rather than installed via an upstream wheel
|
|
./venv/bin/pip install cryptography --no-binary cryptography
|