Update to 2.14.11.

The Makefile has been removed from the stable-2.14 branch.

.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -26,3 +26,14 @@
 /ansible-core-2.14.2.tar.gz
 /ansible-core-2.14.3.tar.gz
 /ansible-core-2.14.4.tar.gz
+/ansible-core-2.14.5.tar.gz
+/ansible-core-2.14.6.tar.gz
+/ansible-core-2.14.7.tar.gz
+/ansible-core-2.14.8.tar.gz
+/ansible-documentation-2.14.8.tar.gz
+/ansible-core-2.14.9.tar.gz
+/ansible-documentation-2.14.9.tar.gz
+/ansible-core-2.14.10.tar.gz
+/ansible-documentation-2.14.10.tar.gz
+/ansible-core-2.14.11.tar.gz
+/ansible-documentation-2.14.11.tar.gz

GALAXY_COLLECTIONS_PATH_WARNINGS.patch

@@ -0,0 +1,65 @@
+From 734f38b2594692707d1fd3cbcfc8dc8a677f4ee3 Mon Sep 17 00:00:00 2001
+From: Maxwell G <maxwell@gtmx.me>
+Date: Fri, 21 Apr 2023 07:29:10 -0500
+Subject: [PATCH] Add GALAXY_COLLECTIONS_PATH_WARNINGS option. (#78487)
+
+* Add GALAXY_COLLECTIONS_PATH_WARNING option.
+
+This allows users to disable warnings from `ansible-galaxy collection
+install` about `--collections-path` missing from Ansible's configured
+collections_paths.
+---
+ .../fragments/78487-galaxy-collections-path-warnings.yml | 6 ++++++
+ lib/ansible/cli/galaxy.py                                | 5 ++++-
+ lib/ansible/config/base.yml                              | 9 +++++++++
+ 3 files changed, 19 insertions(+), 1 deletion(-)
+ create mode 100644 changelogs/fragments/78487-galaxy-collections-path-warnings.yml
+
+diff --git a/changelogs/fragments/78487-galaxy-collections-path-warnings.yml b/changelogs/fragments/78487-galaxy-collections-path-warnings.yml
+new file mode 100644
+index 00000000000000..4702e94f961d82
+--- /dev/null
++++ b/changelogs/fragments/78487-galaxy-collections-path-warnings.yml
+@@ -0,0 +1,6 @@
++---
++minor_changes:
++- >-
++  Add ``GALAXY_COLLECTIONS_PATH_WARNING`` option to disable the warning
++  given by ``ansible-galaxy collection install`` when installing a collection
++  to a path that isn't in the configured collection paths.
+diff --git a/lib/ansible/cli/galaxy.py b/lib/ansible/cli/galaxy.py
+index fc88137ff63604..0deb0331a582b9 100755
+--- a/lib/ansible/cli/galaxy.py
++++ b/lib/ansible/cli/galaxy.py
+@@ -1393,7 +1393,10 @@ def _execute_install_collection(
+         upgrade = context.CLIARGS.get('upgrade', False)
+ 
+         collections_path = C.COLLECTIONS_PATHS
+-        if len([p for p in collections_path if p.startswith(path)]) == 0:
++        if (
++            C.GALAXY_COLLECTIONS_PATH_WARNING
++            and len([p for p in collections_path if p.startswith(path)]) == 0
++        ):
+             display.warning("The specified collections path '%s' is not part of the configured Ansible "
+                             "collections paths '%s'. The installed collection will not be picked up in an Ansible "
+                             "run, unless within a playbook-adjacent collections directory." % (to_text(path), to_text(":".join(collections_path))))
+diff --git a/lib/ansible/config/base.yml b/lib/ansible/config/base.yml
+index 052a8f0834e4ca..206deb76d2e916 100644
+--- a/lib/ansible/config/base.yml
++++ b/lib/ansible/config/base.yml
+@@ -1366,6 +1366,15 @@ GALAXY_COLLECTION_SKELETON_IGNORE:
+   ini:
+   - {key: collection_skeleton_ignore, section: galaxy}
+   type: list
++GALAXY_COLLECTIONS_PATH_WARNING:
++  name: "ansible-galaxy collection install colections path warnings"
++  description: "whether ``ansible-galaxy collection install`` should warn about ``--collections-path`` missing from configured :ref:`collections_paths`"
++  default: true
++  type: bool
++  env: [{name: ANSIBLE_GALAXY_COLLECTIONS_PATH_WARNING}]
++  ini:
++    - {key: collections_path_warning, section: galaxy}
++  version_added: "2.16"
+ # TODO: unused?
+ #GALAXY_SCMS:
+ #  name: Galaxy SCMS

ansible-core.rpmlintrc

@@ -0,0 +1 @@
+addFilter("E: zero-length")

ansible-core.spec

@@ -4,14 +4,23 @@
 
 Name: ansible-core
 Summary: A radically simple IT automation system
-Version: 2.14.4
+Version: 2.14.11
 %global uversion %{version_no_tilde %{quote:%nil}}
 Release: 1%{?dist}
 # The main license is GPLv3+. Many of the files in lib/ansible/module_utils
 # are BSD licensed. There are various files scattered throughout the codebase
 # containing code under different licenses.
 License: GPL-3.0-or-later AND BSD-2-Clause AND PSF-2.0 AND MIT AND Apache-2.0
-Source: https://github.com/ansible/ansible/archive/v%{uversion}/%{name}-%{uversion}.tar.gz
+
+Source0: https://github.com/ansible/ansible/archive/v%{uversion}/%{name}-%{uversion}.tar.gz
+Source1: https://github.com/ansible/ansible-documentation/archive/v%{uversion}/ansible-documentation-%{uversion}.tar.gz
+
+Patch: https://github.com/ansible/ansible/commit/734f38b2594692707d1fd3cbcfc8dc8a677f4ee3.patch#/GALAXY_COLLECTIONS_PATH_WARNINGS.patch
+# urls - remove deprecated client key calls (#80751)
+# This is needed for Python 3.12, but we apply it unconditionally so
+# controllers running on older Fedora versions can still work with Python 3.12
+# F39+ targets.
+Patch: https://github.com/ansible/ansible/commit/0df794e5a4fe4597ee65b0d492fbf0d0989d5ca0.patch#/urls-remove-deprecated-client-key-calls.patch
 Url: https://ansible.com
 BuildArch: noarch
 
@@ -48,7 +57,6 @@ Obsoletes: ansible-base < 2.10.6-1
 BuildRequires: make
 BuildRequires: python%{python3_pkgversion}-devel
 # Needed to build manpages from source.
-BuildRequires: python%{python3_pkgversion}-straight-plugin
 BuildRequires: python%{python3_pkgversion}-docutils
 # Shell completions
 BuildRequires: python%{python3_pkgversion}-argcomplete
@@ -92,8 +100,7 @@ This package installs extensive documentation for ansible-core
 
 
 %prep
-%autosetup -p1 -n ansible-%{uversion}
-find \( -name '.git_keep' -o -name '.rstcheck.cfg' \) -delete
+%autosetup -p1 -n ansible-%{uversion} -a1
 
 # ansible-test is executed directly by the Makefile, so we need to fix the shebang.
 sed -i -s 's|/usr/bin/env python|%{python3}|' \
@@ -116,7 +123,8 @@ sed '/^mock$/d' test/lib/ansible_test/_data/requirements/units.txt > _requiremen
 %pyproject_wheel
 
 # Build manpages
-make PYTHON=%{python3} docs
+mkdir -p docs/man/man1
+%{python3} packaging/cli-doc/build.py man --output-dir docs/man/man1
 
 # Build shell completions
 (
@@ -197,14 +205,11 @@ done
 mkdir -p %{buildroot}%{_sysconfdir}/ansible/
 mkdir -p %{buildroot}%{_sysconfdir}/ansible/roles/
 
-cp examples/hosts %{buildroot}/etc/ansible/
-cp examples/ansible.cfg %{buildroot}/etc/ansible/
+cp ansible-documentation-%{uversion}/examples/hosts %{buildroot}/etc/ansible/
+cp ansible-documentation-%{uversion}/examples/ansible.cfg %{buildroot}/etc/ansible/
 mkdir -p %{buildroot}/%{_mandir}/man1
 cp -v docs/man/man1/*.1 %{buildroot}/%{_mandir}/man1/
 
-# These files are needed for the unit tests, so we don't remove them in %%prep
-find %{buildroot}/%{python3_sitelib} -name .travis.yml -type f -delete
-
 # We install licenses in this manner so we don't miss new licenses:
   # 1. Copy all files in licenses to %%{_pkglicensedir}.
   # 2. List the files explicitly in %%files.
@@ -215,15 +220,15 @@ install -Dpm 0644 licenses/* -t %{buildroot}%{_pkglicensedir}
 
 %check
 %if %{with tests}
-ln -s /usr/bin/pytest-3 bin/pytest
-make PYTHON=%{python3} tests-py3
+%{python3} bin/ansible-test \
+    units --local --python-interpreter %{python3}
 %endif
 
 
 %files -f %{pyproject_files}
 %license COPYING
 %license %{_pkglicensedir}/{Apache-License,MIT-license,PSF-license,simplified_bsd}.txt
-%doc README.rst changelogs/CHANGELOG-v2.1?.rst
+%doc README.md changelogs/CHANGELOG-v2.1?.rst
 %dir %{_sysconfdir}/ansible/
 %config(noreplace) %{_sysconfdir}/ansible/*
 %{_bindir}/ansible*
@@ -233,13 +238,39 @@ make PYTHON=%{python3} tests-py3
 %{_mandir}/man1/ansible*
 
 %files doc
-%doc docs/docsite/rst
+%doc ansible-documentation-%{uversion}/docs/docsite/rst
 %if %{with docs}
-%doc docs/docsite/_build/html
+%doc ansible-documentation-%{uversion}/docs/docsite/_build/html
 %endif
 
 
 %changelog
+* Thu Oct 12 2023 Maxwell G <maxwell@gtmx.me> - 2.14.11-1
+- Update to 2.14.11.
+
+* Wed Sep 13 2023 Maxwell G <maxwell@gtmx.me> - 2.14.10-1
+- Update to 2.14.10.
+
+* Sun Aug 20 2023 Maxwell G <maxwell@gtmx.me> - 2.14.9-1
+- Update to 2.14.9.
+
+* Tue Jul 18 2023 Maxwell G <maxwell@gtmx.me> - 2.14.8-1
+- Update to 2.14.8.
+
+* Mon Jul 10 2023 Maxwell G <maxwell@gtmx.me> - 2.14.7-2
+- Backport patch to make the `url` module_util compatible with Python 3.12
+  (Fedora 39+) hosts
+
+* Fri Jun 30 2023 Maxwell G <maxwell@gtmx.me> - 2.14.7-1
+- Update to 2.14.7.
+
+* Mon May 29 2023 Maxwell G <maxwell@gtmx.me> - 2.14.6-1
+- Update to 2.14.6.
+- Don't remove dotfiles and empty files. ansible-core actually needs these.
+
+* Mon May 01 2023 Maxwell G <maxwell@gtmx.me> - 2.14.5-1
+- Update to 2.14.5. Fixes rhbz#2189287.
+
 * Wed Mar 29 2023 Maxwell G <maxwell@gtmx.me> - 2.14.4-1
 - Update to 2.14.4. Fixes rhbz#2173765.
 

gating.yaml

@@ -0,0 +1,10 @@
+--- !Policy
+product_versions:
+  - fedora-*
+decision_contexts:
+  - bodhi_update_push_testing
+  - bodhi_update_push_stable
+subject_type: koji_build
+rules:
+  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
+...

sources

@@ -1 +1,2 @@
-SHA512 (ansible-core-2.14.4.tar.gz) = 060ade1c5ddba619211a0797977ef08ffd5c80f4bbae02b10a78ce37bdca6123368acee93ff33ace5d2f7c0d7a497e13e0ad1a6bd3235f9584fb75cf807baa96
+SHA512 (ansible-core-2.14.11.tar.gz) = 4246b0fcab2e89ff2e905c582b03dc4c05a2db29aaac72d9ce75a88edeb0ba3a2b5baee2756adf19b98af5516db4c0dca96c46f8d30d0029cbb37232dc197ee2
+SHA512 (ansible-documentation-2.14.11.tar.gz) = 40261e647092048b398a825abcdcc0b7fed51cabdb0c3e1b5f403ecc36ee7c289f41fec5fe4065ff0b955cf24db56914d61749525922b36f6fc6e606c5e975ad

tests/collections_path_warnings.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/bash
+
+set -xeuo pipefail
+
+export NO_COLOR=1
+
+TMP=$(mktemp -d)
+
+trap "rm -rf $TMP" EXIT
+
+testcase() {
+    set +x
+    echo
+    echo
+    echo "$1"
+    echo
+    echo
+    set -x
+}
+
+fix_log() {
+    tr '\n' ' ' <log | sponge log
+}
+
+
+cd $TMP
+version="0.2.1"
+git clone https://git.sr.ht/~gotmax23/ansible-collection-epel --branch="v${version}" --depth=1
+cd ansible-collection-epel
+mkdir abc
+ansible-galaxy collection build .
+
+run="unbuffer ansible-galaxy collection install gotmax23-epel-${version}.tar.gz"
+warning="The installed collection will not be picked up in an Ansible run"
+
+testcase "Control: Check plain collection install"
+${run} |& tee log
+fix_log
+(! grep "${warning}" log)
+
+testcase "Check special collection install"
+${run} -p abc |& tee log
+fix_log
+grep "${warning}" log
+
+testcase "Check special collection install with option"
+ANSIBLE_GALAXY_COLLECTIONS_PATH_WARNING=1 ${run} -p abc |& tee log
+fix_log
+grep "${warning}" log
+
+testcase "Check special collection install without option"
+ANSIBLE_GALAXY_COLLECTIONS_PATH_WARNING=0 ${run} -p abc |& tee log
+fix_log
+(! grep "${warning}" log)

tests/fedora.fmf

@@ -0,0 +1,16 @@
+summary: A set of Fedora specific ansible integration tests
+discover:
+  - name: Generic ansible integration tests
+    how: shell
+    tests:
+      - name: Run tests/collections_path_warnings.sh
+        summary: Ensure GALAXY_COLLECTIONS_PATH_WARNINGS works properly
+        test: tests/collections_path_warnings.sh
+        require:
+          - ansible-core
+          - git-core
+          - python3-distlib
+          - /usr/bin/sponge
+          - /usr/bin/unbuffer
+execute:
+  how: tmt

tests/smoke.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/bash -x
+
+set -euo pipefail
+
+ansible --version
+ansible -c local -i localhost, localhost -m setup
+ansible -c local -i locahost, localhost -b \
+    -m community.general.copr \
+    -a "name=gotmax23/community.general.copr_integration_tests chroot=fedora-rawhide-x86_64" \
+  |& tee out
+grep 'localhost | CHANGED' out
+ansible -c local -i localhost, localhost -b \
+    -m package \
+    -a name=copr-module-integration-dummy-package  \
+  |& tee out
+grep 'localhost | CHANGED' out
+rpm -ql copr-module-integration-dummy-package

tests/smoke1.fmf

@@ -0,0 +1,14 @@
+summary: Run smoke tests with the ansible bundle installed
+discover:
+  - name: Smoke tests with ansible
+    how: shell
+    tests:
+      - name: Run tests/smoke.sh
+        test: tests/smoke.sh
+        require:
+          - python3-dnf
+          - dnf-plugins-core
+          - ansible-core
+          - ansible
+execute:
+  how: tmt

tests/smoke2.fmf

@@ -0,0 +1,14 @@
+summary: Run smoke tests with the standalone ansible-collection-community-general installed
+discover:
+  - name: Smoke tests with community.general
+    how: shell
+    tests:
+      - name: Run tests/smoke.sh
+        test: tests/smoke.sh
+        require:
+          - python3-dnf
+          - dnf-plugins-core
+          - ansible-core
+          - ansible-collection-community-general
+execute:
+  how: tmt

urls-remove-deprecated-client-key-calls.patch

@@ -0,0 +1,154 @@
+From 0df794e5a4fe4597ee65b0d492fbf0d0989d5ca0 Mon Sep 17 00:00:00 2001
+From: Jordan Borean <jborean93@gmail.com>
+Date: Thu, 18 May 2023 08:17:25 +1000
+Subject: [PATCH] urls - remove deprecated client key calls (#80751)
+
+---
+ .../fragments/urls-client-cert-py12.yml       |  2 ++
+ lib/ansible/module_utils/urls.py              | 28 +++++++++++--------
+ test/units/module_utils/urls/test_Request.py  | 14 ++++------
+ 3 files changed, 24 insertions(+), 20 deletions(-)
+ create mode 100644 changelogs/fragments/urls-client-cert-py12.yml
+
+diff --git a/changelogs/fragments/urls-client-cert-py12.yml b/changelogs/fragments/urls-client-cert-py12.yml
+new file mode 100644
+index 00000000000000..aab129ed96e94b
+--- /dev/null
++++ b/changelogs/fragments/urls-client-cert-py12.yml
+@@ -0,0 +1,2 @@
++bugfixes:
++- urls.py - fixed cert_file and key_file parameters when running on Python 3.12 - https://github.com/ansible/ansible/issues/80490
+diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py
+index 0e5fbb74c4fae2..0197d86e1033b2 100644
+--- a/lib/ansible/module_utils/urls.py
++++ b/lib/ansible/module_utils/urls.py
+@@ -535,15 +535,18 @@ def __init__(self, message, import_traceback, module=None):
+ UnixHTTPSConnection = None
+ if hasattr(httplib, 'HTTPSConnection') and hasattr(urllib_request, 'HTTPSHandler'):
+     class CustomHTTPSConnection(httplib.HTTPSConnection):  # type: ignore[no-redef]
+-        def __init__(self, *args, **kwargs):
++        def __init__(self, client_cert=None, client_key=None, *args, **kwargs):
+             httplib.HTTPSConnection.__init__(self, *args, **kwargs)
+             self.context = None
+             if HAS_SSLCONTEXT:
+                 self.context = self._context
+             elif HAS_URLLIB3_PYOPENSSLCONTEXT:
+                 self.context = self._context = PyOpenSSLContext(PROTOCOL)
+-            if self.context and self.cert_file:
+-                self.context.load_cert_chain(self.cert_file, self.key_file)
++
++            self._client_cert = client_cert
++            self._client_key = client_key
++            if self.context and self._client_cert:
++                self.context.load_cert_chain(self._client_cert, self._client_key)
+ 
+         def connect(self):
+             "Connect to a host on a given (SSL) port."
+@@ -564,10 +567,10 @@ def connect(self):
+             if HAS_SSLCONTEXT or HAS_URLLIB3_PYOPENSSLCONTEXT:
+                 self.sock = self.context.wrap_socket(sock, server_hostname=server_hostname)
+             elif HAS_URLLIB3_SSL_WRAP_SOCKET:
+-                self.sock = ssl_wrap_socket(sock, keyfile=self.key_file, cert_reqs=ssl.CERT_NONE,  # pylint: disable=used-before-assignment
+-                                            certfile=self.cert_file, ssl_version=PROTOCOL, server_hostname=server_hostname)
++                self.sock = ssl_wrap_socket(sock, keyfile=self._client_key, cert_reqs=ssl.CERT_NONE,  # pylint: disable=used-before-assignment
++                                            certfile=self._client_cert, ssl_version=PROTOCOL, server_hostname=server_hostname)
+             else:
+-                self.sock = ssl.wrap_socket(sock, keyfile=self.key_file, certfile=self.cert_file, ssl_version=PROTOCOL)
++                self.sock = ssl.wrap_socket(sock, keyfile=self._client_key, certfile=self._client_cert, ssl_version=PROTOCOL)
+ 
+     class CustomHTTPSHandler(urllib_request.HTTPSHandler):  # type: ignore[no-redef]
+ 
+@@ -602,10 +605,6 @@ def https_open(self, req):
+             return self.do_open(self._build_https_connection, req)
+ 
+         def _build_https_connection(self, host, **kwargs):
+-            kwargs.update({
+-                'cert_file': self.client_cert,
+-                'key_file': self.client_key,
+-            })
+             try:
+                 kwargs['context'] = self._context
+             except AttributeError:
+@@ -613,7 +612,7 @@ def _build_https_connection(self, host, **kwargs):
+             if self._unix_socket:
+                 return UnixHTTPSConnection(self._unix_socket)(host, **kwargs)
+             if not HAS_SSLCONTEXT:
+-                return CustomHTTPSConnection(host, **kwargs)
++                return CustomHTTPSConnection(host, client_cert=self.client_cert, client_key=self.client_key, **kwargs)
+             return httplib.HTTPSConnection(host, **kwargs)
+ 
+     @contextmanager
+@@ -979,7 +978,7 @@ def atexit_remove_file(filename):
+             pass
+ 
+ 
+-def make_context(cafile=None, cadata=None, ciphers=None, validate_certs=True):
++def make_context(cafile=None, cadata=None, ciphers=None, validate_certs=True, client_cert=None, client_key=None):
+     if ciphers is None:
+         ciphers = []
+ 
+@@ -1006,6 +1005,9 @@ def make_context(cafile=None, cadata=None, ciphers=None, validate_certs=True):
+     if ciphers:
+         context.set_ciphers(':'.join(map(to_native, ciphers)))
+ 
++    if client_cert:
++        context.load_cert_chain(client_cert, keyfile=client_key)
++
+     return context
+ 
+ 
+@@ -1514,6 +1516,8 @@ def open(self, method, url, data=None, headers=None, use_proxy=None,
+                 cadata=cadata,
+                 ciphers=ciphers,
+                 validate_certs=validate_certs,
++                client_cert=client_cert,
++                client_key=client_key,
+             )
+             handlers.append(HTTPSClientAuthHandler(client_cert=client_cert,
+                                                    client_key=client_key,
+diff --git a/test/units/module_utils/urls/test_Request.py b/test/units/module_utils/urls/test_Request.py
+index d2c4ea38012a49..a8bc3a0b6bde3b 100644
+--- a/test/units/module_utils/urls/test_Request.py
++++ b/test/units/module_utils/urls/test_Request.py
+@@ -33,6 +33,7 @@ def install_opener_mock(mocker):
+ def test_Request_fallback(urlopen_mock, install_opener_mock, mocker):
+     here = os.path.dirname(__file__)
+     pem = os.path.join(here, 'fixtures/client.pem')
++    client_key = os.path.join(here, 'fixtures/client.key')
+ 
+     cookies = cookiejar.CookieJar()
+     request = Request(
+@@ -46,8 +47,8 @@ def test_Request_fallback(urlopen_mock, install_opener_mock, mocker):
+         http_agent='ansible-tests',
+         force_basic_auth=True,
+         follow_redirects='all',
+-        client_cert='/tmp/client.pem',
+-        client_key='/tmp/client.key',
++        client_cert=pem,
++        client_key=client_key,
+         cookies=cookies,
+         unix_socket='/foo/bar/baz.sock',
+         ca_path=pem,
+@@ -68,8 +69,8 @@ def test_Request_fallback(urlopen_mock, install_opener_mock, mocker):
+         call(None, 'ansible-tests'),  # http_agent
+         call(None, True),  # force_basic_auth
+         call(None, 'all'),  # follow_redirects
+-        call(None, '/tmp/client.pem'),  # client_cert
+-        call(None, '/tmp/client.key'),  # client_key
++        call(None, pem),  # client_cert
++        call(None, client_key),  # client_key
+         call(None, cookies),  # cookies
+         call(None, '/foo/bar/baz.sock'),  # unix_socket
+         call(None, pem),  # ca_path
+@@ -358,10 +359,7 @@ def test_Request_open_client_cert(urlopen_mock, install_opener_mock):
+     assert ssl_handler.client_cert == client_cert
+     assert ssl_handler.client_key == client_key
+ 
+-    https_connection = ssl_handler._build_https_connection('ansible.com')
+-
+-    assert https_connection.key_file == client_key
+-    assert https_connection.cert_file == client_cert
++    ssl_handler._build_https_connection('ansible.com')
+ 
+ 
+ def test_Request_open_cookies(urlopen_mock, install_opener_mock):