From d3c397acf02fb5dc5eff1fa6820211daf4de3e71 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Wed, 19 Jun 2024 19:29:14 -0400
Subject: [PATCH] Add decode_jwt script, install kubeswitch on linux, unfreeze
 firefox version on linux, disable more bits of currentznver4 FreeBSD build,
 install terminfo-db, and remove build configs from old version of poudboot.

---
 ansible/roles/base/files/decode_jwt.bash      |  8 +++++
 ansible/roles/base/tasks/common.yaml          |  2 ++
 ansible/roles/kubernetes/tasks/linux.yaml     | 18 +++++++++-
 .../package_manager/files/freeze_firefox.conf |  2 --
 .../roles/package_manager/tasks/linux.yaml    |  1 -
 .../poudriere/files/currentznver4_src.conf    | 35 +++++++++++--------
 .../currentznver4-default-framework-pkglist   |  1 +
 ansible/roles/poudriere/tasks/freebsd.yaml    | 10 ------
 .../roles/poudriere/templates/build_config.j2 |  3 --
 ansible/roles/termcap/tasks/freebsd.yaml      |  6 ++++
 10 files changed, 55 insertions(+), 31 deletions(-)
 create mode 100644 ansible/roles/base/files/decode_jwt.bash
 delete mode 100644 ansible/roles/package_manager/files/freeze_firefox.conf
 delete mode 100644 ansible/roles/poudriere/templates/build_config.j2

diff --git a/ansible/roles/base/files/decode_jwt.bash b/ansible/roles/base/files/decode_jwt.bash
new file mode 100644
index 0000000..1012cf9
--- /dev/null
+++ b/ansible/roles/base/files/decode_jwt.bash
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+#
+# Decode the contents of a JWT
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec jq -R 'split(".") | .[0],.[1] | @base64d | fromjson'
diff --git a/ansible/roles/base/tasks/common.yaml b/ansible/roles/base/tasks/common.yaml
index 31acd7a..ac88360 100644
--- a/ansible/roles/base/tasks/common.yaml
+++ b/ansible/roles/base/tasks/common.yaml
@@ -47,6 +47,8 @@
       dest: /usr/local/bin/cleanup_temporary_files
     - src: git_fix_author.bash
       dest: /usr/local/bin/git_fix_author
+    - src: decode_jwt.bash
+      dest: /usr/local/bin/decode_jwt
 
 - import_tasks: tasks/freebsd.yaml
   when: 'os_flavor == "freebsd"'
diff --git a/ansible/roles/kubernetes/tasks/linux.yaml b/ansible/roles/kubernetes/tasks/linux.yaml
index 5b9362e..6f982d2 100644
--- a/ansible/roles/kubernetes/tasks/linux.yaml
+++ b/ansible/roles/kubernetes/tasks/linux.yaml
@@ -1,8 +1,24 @@
+- name: Build aur packages
+  register: buildaur
+  become_user: "{{ build_user.name }}"
+  command: "aurutils-sync --no-view {{ item }}"
+  args:
+    creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
+  loop:
+    - kubeswitch-bin
+
+- name: Update cache
+  when: buildaur.changed
+  pacman:
+    name: []
+    state: present
+    update_cache: true
+
 - name: Install packages
   package:
     name:
       - yamllint
       - stern
-      # - kubeswitch
+      - kubeswitch-bin
       - fluxcd
     state: present
diff --git a/ansible/roles/package_manager/files/freeze_firefox.conf b/ansible/roles/package_manager/files/freeze_firefox.conf
deleted file mode 100644
index b82f82a..0000000
--- a/ansible/roles/package_manager/files/freeze_firefox.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-[options]
-IgnorePkg   = firefox-developer-edition
diff --git a/ansible/roles/package_manager/tasks/linux.yaml b/ansible/roles/package_manager/tasks/linux.yaml
index 19ee9dd..fc69416 100644
--- a/ansible/roles/package_manager/tasks/linux.yaml
+++ b/ansible/roles/package_manager/tasks/linux.yaml
@@ -51,7 +51,6 @@
     owner: root
     group: root
   loop:
-    - freeze_firefox.conf
     - freeze_kernel.conf
 
 - name: Install packages
diff --git a/ansible/roles/poudriere/files/currentznver4_src.conf b/ansible/roles/poudriere/files/currentznver4_src.conf
index 06d9a80..0fb130c 100644
--- a/ansible/roles/poudriere/files/currentznver4_src.conf
+++ b/ansible/roles/poudriere/files/currentznver4_src.conf
@@ -3,28 +3,35 @@ WITH_MALLOC_PRODUCTION=YES
 WITHOUT_LLVM_ASSERTIONS=YES
 WITH_REPRODUCIBLE_BUILD=YES
 
+WITHOUT_DEBUG_FILES=YES
+WITHOUT_ASSERT_DEBUG=YES
+WITHOUT_LLVM_TARGET_ALL=YES
+WITHOUT_LIB32=YES
+WITHOUT_HTML=YES
+
+WITHOUT_OFED=YES # OpenFabrics Enterprise Distributio
+WITHOUT_FLOPPY=YES
+WITHOUT_IPFW=YES
+WITHOUT_IPFILTER=YES
+WITHOUT_GAMES=YES
+WITH_SORT_THREADS=YES
+WITHOUT_TESTS=YES
+WITHOUT_USB_GADGET_EXAMPLES=YES
+WITHOUT_HYPERV=YES
+WITHOUT_LEGACY_CONSOLE=YES
+
 # Would be fun to experiment with:
 # WITHOUT_SOURCELESS=YES
-# WITHOUT_GAMES=YES
-# WITHOUT_KERBEROS=YES
-# WITHOUT_LEGACY_CONSOLE=YES
-WITHOUT_LIB32=YES
 # WITHOUT_LOADER_GELI=YES
 # WITHOUT_MLX5TOOL=YES
 # WITHOUT_NDIS=YES
-# WITHOUT_OFED=YES
 # WITHOUT_PPP=YES
-# WITH_SORT_THREADS=YES
 # WITHOUT_TALK=YES
 # WITHOUT_TCSH=YES
-
-
-# Questionable Optimizations
-WITHOUT_FLOPPY=YES
-WITHOUT_HTML=YES
-WITHOUT_IPFW=YES
-WITHOUT_IPFILTER=YES
-WITHOUT_LLVM_TARGET_ALL=YES
+# WITHOUT_KERNEL_SYMBOLS=YES
 
 # Commented out because maybe I want email alerts for failing disks
 # WITHOUT_MAIL=YES
+
+# Some ports like curl depend on kerberos by default. I figure I'd rather just have kerberos built into the base system than depend on a port.
+# WITHOUT_KERBEROS=YES
diff --git a/ansible/roles/poudriere/files/poudriere.d/currentznver4-default-framework-pkglist b/ansible/roles/poudriere/files/poudriere.d/currentznver4-default-framework-pkglist
index 0bb4a7e..229d3b5 100644
--- a/ansible/roles/poudriere/files/poudriere.d/currentznver4-default-framework-pkglist
+++ b/ansible/roles/poudriere/files/poudriere.d/currentznver4-default-framework-pkglist
@@ -35,6 +35,7 @@ graphics/vulkan-validation-layers
 lang/python
 lang/rust-nightly
 math/gnuplot
+misc/terminfo-db
 multimedia/ffmpeg
 multimedia/libva-intel-driver
 multimedia/libva-intel-media-driver
diff --git a/ansible/roles/poudriere/tasks/freebsd.yaml b/ansible/roles/poudriere/tasks/freebsd.yaml
index 677eaf7..68b7b89 100644
--- a/ansible/roles/poudriere/tasks/freebsd.yaml
+++ b/ansible/roles/poudriere/tasks/freebsd.yaml
@@ -38,7 +38,6 @@
     group: wheel
   loop:
     - /usr/ports/distfiles
-    - /opt/poudriere/build_configs
     - /usr/local/poudriere/data/logs/bulk
 
 - name: Install Configuration
@@ -86,15 +85,6 @@
     - src: poudriere_schedule_ports_tree_upgrade.bash
       dest: /usr/local/bin/poudriere_schedule_ports_tree_upgrade
 
-- name: Install Configuration
-  template:
-    src: "build_config.j2"
-    dest: "/opt/poudriere/build_configs/{{ item.jail }}-{{ item.ports }}-{{ item.set }}"
-    owner: root
-    group: wheel
-    mode: 0600
-  loop: "{{ poudriere_builds }}"
-
 - name: Install src.conf
   when: item.srcconf is defined
   copy:
diff --git a/ansible/roles/poudriere/templates/build_config.j2 b/ansible/roles/poudriere/templates/build_config.j2
deleted file mode 100644
index 52ee8eb..0000000
--- a/ansible/roles/poudriere/templates/build_config.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-JAIL={{ item.jail }}
-PORTS={{ item.ports }}
-SET={{ item.set }}
diff --git a/ansible/roles/termcap/tasks/freebsd.yaml b/ansible/roles/termcap/tasks/freebsd.yaml
index 69bc615..f31e75e 100644
--- a/ansible/roles/termcap/tasks/freebsd.yaml
+++ b/ansible/roles/termcap/tasks/freebsd.yaml
@@ -24,6 +24,12 @@
 #   command: cap_mkdb /usr/share/misc/termcap
 #   when: wrote_alacritty_cap.changed
 
+- name: Install packages
+  package:
+    name:
+      - terminfo-db
+    state: present
+
 - name: Append alacritty terminfo
   command: "tic -xe alacritty,alacritty-direct -"
   args: