Merge pull request #59 from cisagov/bugfix/fix-broken-python2-builds

Add `--break-system-packages` to shady `pip` commands if supported
cisagov · Sep 20, 2024 · 8ba4778 · 8ba4778
2 parents 0e880a3 + b6dc22e
commit 8ba4778
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 9 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -203,6 +203,10 @@ jobs:
             scenario: python2
           - platform: debian13-systemd
             scenario: python2
+          # Kali cannot build the wheels for HarmJ0y/ImpDump on ARM64.
+          - architecture: arm64
+            platform: kali-systemd
+            scenario: python2
           # Ubuntu Noble does not offer Python 2.
           - platform: ubuntu-24-systemd
             scenario: python2

diff --git a/molecule/python2/molecule.yml b/molecule/python2/molecule.yml
@@ -105,15 +105,16 @@ platforms:
     privileged: true
     volumes:
       - /sys/fs/cgroup:/sys/fs/cgroup:rw
-  - cgroupns_mode: host
-    command: /lib/systemd/systemd
-    image: docker.io/cisagov/docker-kali-ansible:latest
-    name: kali-systemd-arm64
-    platform: arm64
-    pre_build_image: true
-    privileged: true
-    volumes:
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
+  # Kali cannot build the wheels for HarmJ0y/ImpDump on ARM64.
+  # - cgroupns_mode: host
+  #   command: /lib/systemd/systemd
+  #   image: docker.io/cisagov/docker-kali-ansible:latest
+  #   name: kali-systemd-arm64
+  #   platform: arm64
+  #   pre_build_image: true
+  #   privileged: true
+  #   volumes:
+  #     - /sys/fs/cgroup:/sys/fs/cgroup:rw
   # This Ansible role only supports Debian-based platforms for now.
   # - cgroupns_mode: host
   #   command: /lib/systemd/systemd

diff --git a/tasks/create_python_venv.yml b/tasks/create_python_venv.yml
@@ -8,6 +8,13 @@
           - virtualenv
       when: not assessment_tool_python2
 
+    - name: Set pip_break_system_packages if necessary
+      ansible.builtin.set_fact:
+        pip_break_system_packages: --break-system-packages
+      when:
+        - ansible_distribution in ["Debian", "Kali", "Ubuntu"]
+        - ansible_distribution_release not in ["bullseye", "buster", "focal", "jammy"]
+
     # The shadiness is necessary because, on modern distributions, pip
     # (correctly) refuses to uninstall Python packages installed via
     # system packages.
@@ -33,6 +40,7 @@
           register: shady_uninstall
         - name: Shadily install necessary packages for Python 2 via pip
           ansible.builtin.pip:
+            extra_args: "{{ pip_break_system_packages | default(omit) }}"
             name:
               - platformdirs
               # virtualenv 20.22.0 removed support for creating Python 2
@@ -66,6 +74,7 @@
       # run.
       when: shady_install.changed  # noqa: no-handler
       ansible.builtin.pip:
+        extra_args: "{{ pip_break_system_packages | default(omit) }}"
         name:
           - platformdirs
           - virtualenv