Merge branch 'lxc-php82' into unstable

2023-08-29 15:26:40 +02:00 · 2023-08-29 15:26:40 +02:00 · 6e5ba9bd9a
parent 594146bdac 090495e920
commit 6e5ba9bd9a
4 changed files with 36 additions and 41 deletions
--- a/lxc-php/defaults/main.yml
+++ b/lxc-php/defaults/main.yml
@ -21,7 +21,7 @@ lxc_php_container_releases:
  php74: "bullseye"
  php80: "bullseye"
  php81: "bullseye"
-  php82: "bullseye"
+  php82: "bookworm"

 lxc_php_services:
  php56: 'php5-fpm.service'
@ -33,3 +33,5 @@ lxc_php_services:
  php82: 'php8.2-fpm.service'

 apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
+apt_basics_components: "{{ (ansible_virtualization_role == 'host') | ternary('main contrib non-free', 'main') }}"
+
--- a/lxc-php/tasks/php82.yml
+++ b/lxc-php/tasks/php82.yml
@ -1,46 +1,32 @@
 ---

- name: set APT keyring (Debian <12)
+- name: set APT keyring
  ansible.builtin.set_fact:
    lxc_apt_keyring_dir: /etc/apt/trusted.gpg.d
-  when: ansible_distribution_major_version is version('12', '<')
-
- name: set APT keyring (Debian >=12)
-  ansible.builtin.set_fact:
-    lxc_apt_keyring_dir: /etc/apt/keyrings
-  when: ansible_distribution_major_version is version('12', '>=')

 - name: "{{ lxc_php_version }} - Install dependency packages"
  community.general.lxc_container:
    name: "{{ lxc_php_version }}"
-    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget apt-transport-https gnupg"
+    container_command: "DEBIAN_FRONTEND=noninteractive apt install -y wget gnupg"

- name: "{{ lxc_php_version }} - fix bullseye repository"
-  ansible.builtin.replace:
-    dest: "{{ lxc_rootfs }}/etc/apt/sources.list"
-    regexp: 'bullseye/updates'
-    replace: 'bullseye-security'
+- name: "{{ lxc_php_version }} - delete sources.list bookworm repository"
+  ansible.builtin.file:
+    path: "{{ lxc_rootfs }}/etc/apt/sources.list"
+    state: absent

- name: "{{ lxc_php_version }} - Add sury repo (Debian >=12)"
+- name: "{{ lxc_php_version }} - system bookworm repository"
  ansible.builtin.template:
-    src: sury.sources.j2
-    dest: /etc/apt/sources.list.d/sury.sources
-    mode: "0644"
+    src: bookworm_basics.sources.j2
+    dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/system.sources"
+    force: true
+    mode: "0644"
+
+- name: "{{ lxc_php_version }} - security bookworm repository"
+  ansible.builtin.template:
+    src: bookworm_security.sources.j2
+    dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/security.sources"
    force: true
-  register: sury_sources
-  when: ansible_distribution_major_version is version('12', '>=')
-
- name: "{{ lxc_php_version }} - Add sury repo (Debian <12)"
-  ansible.builtin.lineinfile:
-    dest: "{{ lxc_rootfs }}/etc/apt/sources.list.d/sury.list"
-    line: "{{ item }}"
-    state: present
-    create: yes
    mode: "0644"
-  loop:
-    - "deb [signed-by={{ apt_keyring_dir }}/sury.gpg] https://packages.sury.org/php/ bullseye main"
-    - "deb [signed-by={{ apt_keyring_dir }}/pub_evolix.asc] http://pub.evolix.org/evolix bullseye-php82 main"
-  when: ansible_distribution_major_version is version('12', '<')

 - name: "Ensure {{ lxc_rootfs }}{{ apt_keyring_dir }} directory exists"
  file:
@ -53,16 +39,7 @@
 - name: copy pub.evolix.org GPG key
  ansible.builtin.copy:
    src: pub_evolix.asc
-    dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/pub_evolix.asc
-    mode: "0644"
-    owner: root
-    group: root
-  when: ansible_distribution_major_version is version('12', '<')
-
- name: copy packages.sury.org GPG Key
-  ansible.builtin.copy:
-    src: sury.gpg
-    dest: /var/lib/lxc/{{ lxc_php_version }}/rootfs{{ apt_keyring_dir }}/sury.gpg
+    dest: "{{ lxc_rootfs }}{{ lxc_apt_keyring_dir }}/pub_evolix.asc"
    mode: "0644"
    owner: root
    group: root
--- a/lxc-php/templates/bookworm_basics.sources.j2
+++ b/lxc-php/templates/bookworm_basics.sources.j2
@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+
+Types: deb
+URIs: http://mirror.evolix.org/debian
+Suites: bookworm bookworm-updates
+Components: {{ apt_basics_components | mandatory }} 
+Enabled: yes
+Signed-By: /usr/share/keyrings/debian-archive-bookworm-automatic.gpg
--- a/lxc-php/templates/bookworm_security.sources.j2
+++ b/lxc-php/templates/bookworm_security.sources.j2
@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+
+Types: deb
+URIs: https://security.debian.org/debian-security
+Suites: bookworm-security
+Components: {{ apt_basics_components | mandatory }} 
+Enabled: yes
+Signed-By: /usr/share/keyrings/debian-archive-bookworm-security-automatic.gpg