fix(bootstrap): deploy all non-EOL core distros (keyrings, repos, versions)

2026-05-25 03:52:44 +02:00
parent 37df881daa
commit e0ecf628cd
12 changed files with 73 additions and 40 deletions
--- a/roles/bootstrap/tasks/archlinux.yml
+++ b/roles/bootstrap/tasks/archlinux.yml
@@ -1,4 +1,9 @@
 ---
+- name: Refresh Arch keyring in the live environment
+  ansible.builtin.command: pacman -Sy --noconfirm archlinux-keyring
+  register: bootstrap_arch_keyring
+  changed_when: bootstrap_arch_keyring.rc == 0
+
 - name: Bootstrap ArchLinux
  vars:
    _config: "{{ lookup('vars', bootstrap_var_key) }}"
--- a/roles/bootstrap/tasks/debian.yml
+++ b/roles/bootstrap/tasks/debian.yml
@@ -3,9 +3,7 @@
  vars:
    bootstrap_debian_release: >-
      {{
-        'buster' if (os_version | string) == '10'
-        else 'bullseye' if (os_version | string) == '11'
-        else 'bookworm' if (os_version | string) == '12'
+        'bookworm' if (os_version | string) == '12'
        else 'trixie' if (os_version | string) == '13'
        else 'sid' if (os_version | string) == 'unstable'
        else 'trixie'
@@ -28,10 +26,24 @@
        fail_msg: "{{ bootstrap_var_key }} must be a dict with base/extra/conditional keys."
        quiet: true

+    - name: Check for a debootstrap script for the target release
+      ansible.builtin.stat:
+        path: "/usr/share/debootstrap/scripts/{{ bootstrap_debian_release }}"
+      register: bootstrap_debian_script
+
+    - name: Symlink a missing debootstrap script to the sid base
+      ansible.builtin.file:
+        src: sid
+        dest: "/usr/share/debootstrap/scripts/{{ bootstrap_debian_release }}"
+        state: link
+      when: not bootstrap_debian_script.stat.exists
+
    - name: Install Debian base system
      ansible.builtin.command: >-
-        debootstrap --include={{ bootstrap_debian_base_csv }}
-        {{ bootstrap_debian_release }} /mnt {{ system_cfg.mirror }}
+        debootstrap --keyring=/usr/share/keyrings/debian-archive-keyring.gpg
+        --include={{ bootstrap_debian_base_csv }}
+        {{ bootstrap_debian_release }} /mnt
+        {{ system_cfg.mirror | default('http://deb.debian.org/debian', true) }}
      register: bootstrap_debian_base_result
      changed_when: bootstrap_debian_base_result.rc == 0

--- a/roles/bootstrap/tasks/ubuntu.yml
+++ b/roles/bootstrap/tasks/ubuntu.yml
@@ -4,8 +4,8 @@
    # ubuntu = latest non-LTS, ubuntu-lts = latest LTS
    bootstrap_ubuntu_release_map:
      ubuntu: questing
-      ubuntu-lts: noble
-    bootstrap_ubuntu_release: "{{ bootstrap_ubuntu_release_map[os] | default('noble') }}"
+      ubuntu-lts: resolute
+    bootstrap_ubuntu_release: "{{ bootstrap_ubuntu_release_map[os] | default('resolute') }}"
    _config: "{{ lookup('vars', bootstrap_var_key) }}"
    bootstrap_ubuntu_base_csv: "{{ (['ca-certificates'] + _config.base) | unique | join(',') }}"
    bootstrap_ubuntu_extra_args: >-
@@ -24,13 +24,25 @@
        fail_msg: "{{ bootstrap_var_key }} must be a dict with base/extra/conditional keys."
        quiet: true

+    - name: Check for a debootstrap script for the target release
+      ansible.builtin.stat:
+        path: "/usr/share/debootstrap/scripts/{{ bootstrap_ubuntu_release }}"
+      register: bootstrap_ubuntu_script
+
+    - name: Symlink a missing debootstrap script to the ubuntu base
+      ansible.builtin.file:
+        src: gutsy
+        dest: "/usr/share/debootstrap/scripts/{{ bootstrap_ubuntu_release }}"
+        state: link
+      when: not bootstrap_ubuntu_script.stat.exists
+
    - name: Install Ubuntu base system
      ansible.builtin.command: >-
        debootstrap
        --keyring=/usr/share/keyrings/ubuntu-archive-keyring.gpg
        --include={{ bootstrap_ubuntu_base_csv }}
        {{ bootstrap_ubuntu_release }} /mnt
-        {{ system_cfg.mirror }}
+        {{ system_cfg.mirror | default('http://archive.ubuntu.com/ubuntu', true) }}
      register: bootstrap_ubuntu_base_result
      changed_when: bootstrap_ubuntu_base_result.rc == 0

--- a/roles/bootstrap/templates/debian.sources.list.j2
+++ b/roles/bootstrap/templates/debian.sources.list.j2
@@ -1,7 +1,7 @@
 # Managed by Ansible.
 {% set release = bootstrap_debian_release %}
-{% set mirror = system_cfg.mirror %}
-{% set components = 'main contrib non-free' ~ (' non-free-firmware' if (os_version | string) not in ['10', '11'] else '') %}
+{% set mirror = system_cfg.mirror | default('http://deb.debian.org/debian', true) %}
+{% set components = 'main contrib non-free non-free-firmware' %}

 deb {{ mirror }} {{ release }} {{ components }}
 deb-src {{ mirror }} {{ release }} {{ components }}
--- a/roles/bootstrap/vars/main.yml
+++ b/roles/bootstrap/vars/main.yml
@@ -23,6 +23,7 @@ bootstrap_common_conditional: >-
 bootstrap_rhel:
  repos:
    - "rhel{{ os_version_major }}-baseos"
+    - "rhel{{ os_version_major }}-appstream"
  base:
    - core
    - base
@@ -285,8 +286,7 @@ bootstrap_ubuntu:
    - zstd
  conditional: >-
    {{
-      (['tldr'] if (os_version | default('') | string | length) > 0 else [])
-      + (['shim-signed'] if system_cfg.features.secure_boot.enabled | bool else [])
+      (['shim-signed'] if system_cfg.features.secure_boot.enabled | bool else [])
      + bootstrap_common_conditional
    }}