Add support for usbip needed for virtual passkey

[spoore1]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @spoore1, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the infrastructure for virtual passkey testing by integrating usbip support across different Linux environments. It addresses the varying availability of usbip by directly installing it where possible (Fedora) and implementing a robust build-from-source mechanism for distributions like CentOS Stream and Red Hat. These changes ensure that client machines are properly equipped with the necessary usbip tools, enabling seamless virtual passkey functionalities.

Highlights

• USBIP Support for Virtual Passkey: Added comprehensive support for usbip to facilitate virtual passkey testing across various Linux distributions, including Fedora, CentOS Stream, and Red Hat.
• Distribution-Specific Package Installation: Implemented conditional package installations: koji and usbip are installed directly on Fedora clients, while CentOS Stream and Red Hat clients receive necessary build dependencies (gcc, make, automake, autoconf, systemd-devel, libtool) for usbip.
• Dynamic USBIP Build Process: Introduced a new Ansible task file for Red Hat/CentOS Stream to build usbip from kernel sources. This involves downloading the kernel source RPM via Koji, extracting it, and then compiling and installing usbip tools.
• Kernel Version Extraction: A new default variable kver was added to the passkey role to dynamically extract the major kernel version, which is crucial for downloading the correct kernel source RPM for usbip compilation.
• Modular Task Inclusion: Modified the passkey role's main.yml to include distribution-specific tasks dynamically, ensuring the correct usbip setup procedure is applied based on the operating system.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• src/ansible/roles/packages/tasks/CentOS10.yml
  • Added a task block to install usbip build dependencies (gcc, make, automake, autoconf, systemd-devel, libtool) on client machines when passkey_support is enabled.
• src/ansible/roles/packages/tasks/Fedora.yml
  • Added a task block to install the koji package on client machines when passkey_support is enabled.
  • Added a task block to install the usbip package on Fedora client machines when passkey_support is enabled.
• src/ansible/roles/packages/tasks/RedHat10.yml
  • New file added to handle package installations specific to Red Hat 10.
  • Includes a task to install the EPEL repository if extended_packageset is true.
  • Installs usbip build dependencies (gcc, make, automake, autoconf, systemd-devel, libtool) on client machines when passkey_support is enabled.
  • Includes tasks from Fedora.yml.
• src/ansible/roles/passkey/defaults/main.yml
  • Added a new default variable kver to extract the major kernel version from ansible_kernel.
• src/ansible/roles/passkey/tasks/RedHat10.yml
  • New file added to manage usbip installation on Red Hat 10.
  • Creates a temporary directory for building usbip.
  • Configures a Koji profile for CentOS Stream.
  • Downloads the kernel source RPM using Koji, based on the kver variable.
  • Extracts the kernel source RPM and tarball.
  • Builds and installs usbip tools from the extracted kernel sources.
  • Creates a symlink for usbip from /usr/local/sbin/usbip to /usr/sbin/usbip.
• src/ansible/roles/passkey/tasks/main.yml
  • Added a task to dynamically include distribution-specific tasks using distro_includes filter and with_first_found for modularity.

Activity

• No human activity has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds support for usbip, which is needed for virtual passkey testing. The changes involve adding Ansible tasks to install usbip from packages on Fedora, and building it from source on CentOS Stream 10 and RHEL 10. My review focuses on improving the Ansible playbooks for better maintainability, security, and robustness. Key suggestions include simplifying task structures, avoiding GPG check disabling, ensuring temporary file cleanup, and making variable definitions more robust.

[gemini-code-assist]

The temporary build directory created by tempfile is not cleaned up after the playbook runs, which can leave artifacts on the system. It's a good practice to use a block with an always section to ensure the temporary directory is removed, even if tasks fail.

- name: Build and install usbip from source
  block:
  - name: Create temporary build directory
    tempfile:
      state: directory
      suffix: usbip_build
    register: build_dir

  - name: Ensure Koji config directory exists
    file:
      path: "~/.koji/config.d"
      state: directory
      mode: '0755'

  - name: Configure CentOS Stream Koji profile
    copy:
      dest: "~/.koji/config.d/centos-stream.conf"
      content: |
        [centos-stream]
        server = https://kojihub.stream.centos.org/kojihub
        topurl = https://kojihub.stream.centos.org/kojifiles

  - name: Download Kernel Source RPM via Koji
    command:
      cmd: "koji --profile centos-stream download-build --arch=src kernel-{{ kver }}"
      chdir: "{{ build_dir.path }}"
    args:
      creates: "{{ build_dir.path }}/kernel-{{ kver }}.src.rpm"

  - name: Extract Source RPM and Kernel Tarball
    shell: |
      set -ex
      rpm2cpio kernel-{{ kver }}.src.rpm | cpio -id
      xz -dc linux-{{ kver }}.tar.xz | tar xf -
    args:
      chdir: "{{ build_dir.path }}"
      creates: "{{ build_dir.path }}/linux-{{ kver }}/tools/usb/usbip/configure"

  - name: Build and Install USBIP tools
    shell: |
      set -ex
      ./autogen.sh
      ./configure
      make install
    args:
      chdir: "{{ build_dir.path }}/linux-{{ kver }}/tools/usb/usbip/"
      creates: "/usr/local/sbin/usbip"

  - name: Create symlink for usbip
    file:
      src: /usr/local/sbin/usbip
      dest: /usr/sbin/usbip
      state: link

  always:
  - name: Clean up temporary build directory
    file:
      path: "{{ build_dir.path }}"
      state: absent
    when: build_dir.path is defined

[spoore1]

I think it may be better to leave the directory behind for debugging in the event that something fails. I'll be looking for more input on this one though.