Update ansible playbooks to use up-to-date version of git

[sej-jackson]

The Git project has now released new versions of git to fix recent security vulnerabilities, and since the playbooks are installing git built from source of version 2.15.0 (from October 2017), changing them to use the fixed version (2.39.1) would help with ensuring that the systems we configure with them are fixed also.

https://github.blog/2023-01-17-git-security-vulnerabilities-announced-2/

Searching the playbooks for "git" hits on 97 files most of which are likely to be unrelated to the installation of git itself, but will still need checking. However, searching on "git --version" found these 5, all of which will definitely need updating:

% find . -type f -exec grep -li "git --version" {} \;
./AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/Solaris.yml
./AdoptOpenJDK_Unix_Playbook/roles/Common/tasks/SLES.yml
./AdoptOpenJDK_Unix_Playbook/roles/GIT_Source/tasks/main.yml
./vagrant.yml
./AdoptOpenJDK_ITW_Playbook/roles/GIT_Source/tasks/main.yml
% 

I checked the Dockerfiles also, but they don't include any hard-coded git versions.

[aswinkr77]

Compiled and installed git 2.41.0 successfully on the docker centos6 image pulled from adoptopenjdk/centos6_build_image. Needs the libcurl-devel package for compiling git from source.

[aswinkr77]

Looks like compiling git version >2.26 requires the libcurl-devel package on all distros(name of the package maybe different on different distros).

[sxa]

Yeah on the .deb platforms (Debian, Ubuntu etc.) it's a slightly less consistent package name that has a version number in it so it will potentially require further investigation to get it right everywhere.

[aswinkr77]

@sxa The dependency package is already available in the Common role for CentOS, Rhel, Ubuntu and SLES.

Actually, I tested the latest git version on the Adopitum centos6 build image pulled from the docker image which hasn't been updated for over 9 months(related issue #3211) and was missing the libcurl-devel package but in reality, the package is available in the Unix Playbook.

Note: I tested the latest version 2.41 in CentOS, Rhel, Ubuntu, SLES 15 and SLES 12.5 with the dependency package installed.

For CentOS:
libcurl-devel

infrastructure/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/CentOS.yml

Lines 100 to 107 in fcb6021

	Test_Tool_Packages:
	- gcc
	- gcc-c++
	- unzip
	- zlib-devel
	- perl-devel
	- libcurl-devel
	- openssl-devel

For Rhel:
libcurl-devel

infrastructure/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/RedHat.yml

Lines 110 to 114 in fcb6021

	- zlib-devel
	- perl-devel
	- expat-devel
	- libcurl-devel
	- mercurial

For Ubuntu:
libcurl4-openssl-dev

infrastructure/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Ubuntu.yml

Lines 23 to 26 in fcb6021

	- libcapstone-dev
	- libcups2-dev
	- libcurl4-openssl-dev
	- libdwarf-dev # OpenJ9

For SLES 15:
libcurl-devel

infrastructure/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/SLES.yml

Lines 31 to 36 in fcb6021

	Additional_Build_Tools_SLES15:
	- alsa-devel
	- cups-devel
	- fontconfig-devel
	- java-1_8_0-openjdk
	- libcurl-devel

For SLES 12.5:
libcurl-devel

infrastructure/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/SLES.yml

Lines 70 to 71 in fcb6021

	Additional_Build_Tools_SLES12_SP5:
	- libcurl-devel ## Required To Install Git From Source

For Fedora:
libcurl-devel

infrastructure/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Fedora.yml

Lines 29 to 33 in fcb6021

	- gmp-devel
	- gnutls
	- gnutls-utils
	- libcurl-devel
	- libffi-devel

For openSUSE:
libcurl-devel

infrastructure/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/openSUSE.yml

Lines 19 to 23 in fcb6021

	- glibc
	- glibc-devel
	- gnutls
	- libcurl-devel
	- libdw1

For Debian:
libcurl4-openssl-dev

infrastructure/ansible/playbooks/AdoptOpenJDK_Unix_Playbook/roles/Common/vars/Debian.yml

Lines 20 to 24 in fcb6021

	- libasound2-dev
	- libcapstone-dev
	- libcups2-dev
	- libcurl4-openssl-dev
	- libdwarf-dev # OpenJ9