Skip to content

fix: resolve QR code generation silently failing after uv migration#15017

Open
rramphal wants to merge 1 commit into
trailofbits:mainfrom
rramphal:fix/wireguard-qr-codes
Open

fix: resolve QR code generation silently failing after uv migration#15017
rramphal wants to merge 1 commit into
trailofbits:mainfrom
rramphal:fix/wireguard-qr-codes

Conversation

@rramphal

@rramphal rramphal commented Jun 20, 2026
edited
Loading

Copy link
Copy Markdown

Description

Replace which segno && segno ... || true with a direct path via
{{ ansible_playbook_python | dirname }}/segno, resolving the binary
from the same venv that Ansible is running in.

Motivation and Context

The QR code task uses which segno && segno ... || true, which relies on
the venv bin/ being on PATH. This works when running via ./algo or
uv run ansible-playbook, but silently produces no QR codes when Ansible
is invoked outside the project venv (e.g., system ansible or
uv tool run --from ansible-core).

This is the only task in the playbooks that uses which to locate a
venv-installed binary — everything else goes through Python imports via
ansible_python_interpreter, which is why nothing else breaks outside
the venv.

Using {{ ansible_playbook_python | dirname }}/segno resolves the binary
directly from the venv, removing the PATH dependency. || true is also
removed — segno is a declared dependency in pyproject.toml, so a failure
should be surfaced, not swallowed.

How Has This Been Tested?

  • Verified segno generates valid PNGs when invoked via the dirname path
    approach, including with multiline WireGuard config content
  • Linting passes (ansible-lint, yamllint)
  • Not tested with a full deployment — would appreciate a deploy test from
    a maintainer before merging

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • I have read the CONTRIBUTING document.
  • My code passes all linters (./scripts/lint.sh)
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • Dependencies use exact versions (e.g., ==1.2.3 not >=1.2.0).

@rramphal rramphal requested a review from jackivanov as a code owner June 20, 2026 11:11
@CLAassistant

CLAassistant commented Jun 20, 2026
edited
Loading

Copy link
Copy Markdown

CLA assistant check
All committers have signed the CLA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jackivanov jackivanov Awaiting requested review from jackivanov jackivanov is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rramphal @CLAassistant