[PR #7541/b8ecb167 backport][stable-8] CI: devel supports Fedora 39, …

…and no longer Fedora 38 (#7548)

CI: devel supports Fedora 39, and no longer Fedora 38 (#7541)

* devel supports Fedora 39, and no longer Fedora 38.

* Disable 'mail' tests for Python 3.12+.

Ref: #4656

* Fix setupSSLServer to work with Python 3.12.

(cherry picked from commit b8ecb16)

Co-authored-by: Felix Fontein <[email protected]>

.azure-pipelines/azure-pipelines.yml

@@ -173,8 +173,8 @@ stages:
           targets:
             - name: Alpine 3.18
               test: alpine/3.18
-            # - name: Fedora 38
-            #   test: fedora/38
+            # - name: Fedora 39
+            #   test: fedora/39
             - name: Ubuntu 22.04
               test: ubuntu/22.04
           groups:
@@ -267,8 +267,8 @@ stages:
         parameters:
           testFormat: devel/linux/{0}
           targets:
-            - name: Fedora 38
-              test: fedora38
+            - name: Fedora 39
+              test: fedora39
             - name: Ubuntu 20.04
               test: ubuntu2004
             - name: Ubuntu 22.04
@@ -287,6 +287,8 @@ stages:
         parameters:
           testFormat: 2.16/linux/{0}
           targets:
+            - name: Fedora 38
+              test: fedora38
             - name: openSUSE 15
               test: opensuse15
           groups:

tests/integration/targets/java_cert/files/setupSSLServer.py

@@ -18,7 +18,14 @@
     from http.server import HTTPServer, SimpleHTTPRequestHandler
 
 httpd = HTTPServer(('localhost', port), SimpleHTTPRequestHandler)
-httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True,
-                               certfile=os.path.join(root_dir, 'cert.pem'),
-                               keyfile=os.path.join(root_dir, 'key.pem'))
+try:
+    httpd.socket = ssl.wrap_socket(httpd.socket, server_side=True,
+                                   certfile=os.path.join(root_dir, 'cert.pem'),
+                                   keyfile=os.path.join(root_dir, 'key.pem'))
+except AttributeError:
+    # Python 3.12 or newer:
+    context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
+    context.load_cert_chain(certfile=os.path.join(root_dir, 'cert.pem'),
+                            keyfile=os.path.join(root_dir, 'key.pem'))
+    httpd.socket = context.wrap_socket(httpd.socket)
 httpd.handle_request()

tests/integration/targets/mail/tasks/main.yml

@@ -10,96 +10,101 @@
 
 # TODO: Our current implementation does not handle SMTP authentication
 
-# NOTE: If the system does not support smtpd-tls (python 2.6 and older) we do basic tests
-- name: Attempt to install smtpd-tls
-  pip:
-    name: smtpd-tls
-    state: present
-  ignore_errors: true
-  register: smtpd_tls
+- when: 
+    # TODO: https://github.com/ansible-collections/community.general/issues/4656
+    - ansible_python.version.major != 3 or ansible_python.version.minor < 12
+  block:
 
-- name: Install test smtpserver
-  copy:
-    src: '{{ item }}'
-    dest: '{{ remote_tmp_dir }}/{{ item }}'
-  loop:
-  - smtpserver.py
-  - smtpserver.crt
-  - smtpserver.key
+  # NOTE: If the system does not support smtpd-tls (python 2.6 and older) we do basic tests
+  - name: Attempt to install smtpd-tls
+    pip:
+      name: smtpd-tls
+      state: present
+    ignore_errors: true
+    register: smtpd_tls
 
-# FIXME: Verify the mail after it was send would be nice
-#        This would require either dumping the content, or registering async task output
-- name: Start test smtpserver
-  shell: '{{ ansible_python.executable }} {{ remote_tmp_dir }}/smtpserver.py 10025:10465'
-  async: 45
-  poll: 0
-  register: smtpserver
+  - name: Install test smtpserver
+    copy:
+      src: '{{ item }}'
+      dest: '{{ remote_tmp_dir }}/{{ item }}'
+    loop:
+    - smtpserver.py
+    - smtpserver.crt
+    - smtpserver.key
 
-- name: Send a basic test-mail
-  mail:
-    port: 10025
-    subject: Test mail 1 (smtp)
-    secure: never
+  # FIXME: Verify the mail after it was send would be nice
+  #        This would require either dumping the content, or registering async task output
+  - name: Start test smtpserver
+    shell: '{{ ansible_python.executable }} {{ remote_tmp_dir }}/smtpserver.py 10025:10465'
+    async: 45
+    poll: 0
+    register: smtpserver
 
-- name: Send a test-mail with body and specific recipient
-  mail:
-    port: 10025
-    from: ansible@localhost
-    to: root@localhost
-    subject: Test mail 2 (smtp + body)
-    body: Test body 2
-    secure: never
+  - name: Send a basic test-mail
+    mail:
+      port: 10025
+      subject: Test mail 1 (smtp)
+      secure: never
 
-- name: Send a test-mail with attachment
-  mail:
-    port: 10025
-    from: ansible@localhost
-    to: root@localhost
-    subject: Test mail 3 (smtp + body + attachment)
-    body: Test body 3
-    attach: /etc/group
-    secure: never
+  - name: Send a test-mail with body and specific recipient
+    mail:
+      port: 10025
+      from: ansible@localhost
+      to: root@localhost
+      subject: Test mail 2 (smtp + body)
+      body: Test body 2
+      secure: never
 
-# NOTE: This might fail if smtpd-tls is missing or python 2.7.8 or older is used
-- name: Send a test-mail using starttls
-  mail:
-    port: 10025
-    from: ansible@localhost
-    to: root@localhost
-    subject: Test mail 4 (smtp + starttls + body + attachment)
-    body: Test body 4
-    attach: /etc/group
-    secure: starttls
-  ignore_errors: true
-  register: starttls_support
+  - name: Send a test-mail with attachment
+    mail:
+      port: 10025
+      from: ansible@localhost
+      to: root@localhost
+      subject: Test mail 3 (smtp + body + attachment)
+      body: Test body 3
+      attach: /etc/group
+      secure: never
 
-# NOTE: This might fail if smtpd-tls is missing or python 2.7.8 or older is used
-- name: Send a test-mail using TLS
-  mail:
-    port: 10465
-    from: ansible@localhost
-    to: root@localhost
-    subject: Test mail 5 (smtp + tls + body + attachment)
-    body: Test body 5
-    attach: /etc/group
-    secure: always
-  ignore_errors: true
-  register: tls_support
+  # NOTE: This might fail if smtpd-tls is missing or python 2.7.8 or older is used
+  - name: Send a test-mail using starttls
+    mail:
+      port: 10025
+      from: ansible@localhost
+      to: root@localhost
+      subject: Test mail 4 (smtp + starttls + body + attachment)
+      body: Test body 4
+      attach: /etc/group
+      secure: starttls
+    ignore_errors: true
+    register: starttls_support
 
-- fail:
-    msg: Sending mail using starttls failed.
-  when: smtpd_tls is succeeded and starttls_support is failed and tls_support is succeeded
+  # NOTE: This might fail if smtpd-tls is missing or python 2.7.8 or older is used
+  - name: Send a test-mail using TLS
+    mail:
+      port: 10465
+      from: ansible@localhost
+      to: root@localhost
+      subject: Test mail 5 (smtp + tls + body + attachment)
+      body: Test body 5
+      attach: /etc/group
+      secure: always
+    ignore_errors: true
+    register: tls_support
 
-- fail:
-    msg: Send mail using TLS failed.
-  when: smtpd_tls is succeeded and tls_support is failed and starttls_support is succeeded
+  - fail:
+      msg: Sending mail using starttls failed.
+    when: smtpd_tls is succeeded and starttls_support is failed and tls_support is succeeded
 
-- name: Send a test-mail with body, specific recipient and specific ehlohost
-  mail:
-    port: 10025
-    ehlohost: some.domain.tld
-    from: ansible@localhost
-    to: root@localhost
-    subject: Test mail 6 (smtp + body + ehlohost)
-    body: Test body 6
-    secure: never
+  - fail:
+      msg: Send mail using TLS failed.
+    when: smtpd_tls is succeeded and tls_support is failed and starttls_support is succeeded
+
+  - name: Send a test-mail with body, specific recipient and specific ehlohost
+    mail:
+      port: 10025
+      ehlohost: some.domain.tld
+      from: ansible@localhost
+      to: root@localhost
+      subject: Test mail 6 (smtp + body + ehlohost)
+      body: Test body 6
+      secure: never