From 31a7f7c61740ab5c5899800d735ce87c74d71ad7 2023-11-19 12:21:02
From: Branko Majic <branko@majic.rs>
Date: 2023-11-19 12:21:02
Subject: [PATCH] MAR-181: Install Prosody from Debian backports repository:

- This way we should be able to get way more features available, and
  reduce chances of breaking upgrades from upstream project towards
  Debian-provided packages due to eventual bigger differences between
  the nightly builds and official releases.

---

diff --git a/docs/releasenotes.rst b/docs/releasenotes.rst
index 478824c29ed5021f84f38d8760243f48bc2e32de..95c72ee2fe5735b8c138cdbb9e0627cc0fe5cb91 100644
--- a/docs/releasenotes.rst
+++ b/docs/releasenotes.rst
@@ -28,6 +28,9 @@ run applications using Debian-only repositories.
     project removing older versions of packages or dropping entire
     repository archives for older Debian releases.
 
+  * Prosody package and some of its dependencies are installed from
+    Debian backports to get more featureful release installed.
+
 
 6.0.0
 -----
diff --git a/roles/xmpp_server/molecule/default/tests/test_default.py b/roles/xmpp_server/molecule/default/tests/test_default.py
index fc684c9915cd579b65bb8e46768e0d11f1f29caa..a41efec8280a8f9896feba066e6488d2fc8abdb6 100644
--- a/roles/xmpp_server/molecule/default/tests/test_default.py
+++ b/roles/xmpp_server/molecule/default/tests/test_default.py
@@ -301,6 +301,42 @@ def test_prosody_certificate_checker_crontab(host):
     assert "/usr/local/bin/check_prosody_certificate.sh" in crontab.content_string
 
 
+def test_backports_repository(host):
+    """
+    Tests if the backports repository has been configured.
+    """
+
+    repository = host.file("/etc/apt/sources.list.d/backports.list")
+
+    distribution_release = host.ansible("setup")["ansible_facts"]["ansible_distribution_release"]
+    expected_content = "deb http://deb.debian.org/debian %s-backports main" % distribution_release
+
+    assert repository.is_file
+    assert repository.user == "root"
+    assert repository.group == "root"
+    assert repository.mode == 0o644
+    assert repository.content_string.rstrip() == expected_content
+
+
+def test_backports_prosody_pinning(host):
+    """
+    Tests if the backports pin for Prosody has been deployed correctly.
+    """
+
+    pin = host.file("/etc/apt/preferences.d/prosody")
+
+    assert pin.is_file
+    assert pin.user == "root"
+    assert pin.group == "root"
+    assert pin.mode == 0o644
+
+    prosody_package = host.package("prosody")
+    lua_ldap_package = host.package("lua-sec")
+
+    assert "bpo" in prosody_package.version
+    assert "bpo" in lua_ldap_package.version
+
+
 # @TODO: Tests which were not implemented due to lack of out-of-box tools:
 #
 # - Proxy capability.
diff --git a/roles/xmpp_server/tasks/main.yml b/roles/xmpp_server/tasks/main.yml
index 17da421486ce322d91de89af3660e69f6393a3f3..4272df47c4f2a6b759036c8583a2e3f6c2917f03 100644
--- a/roles/xmpp_server/tasks/main.yml
+++ b/roles/xmpp_server/tasks/main.yml
@@ -4,6 +4,28 @@
   apt:
     name: python-apt
 
+- name: Set-up the Debian backports repository
+  template:
+    src: backports.list.j2
+    dest: /etc/apt/sources.list.d/backports.list
+    owner: root
+    group: root
+    mode: 0644
+  register: backports_repository_configuration
+
+- name: Update apt cache if backports repository configuration changed (for immediate use)
+  apt:
+    update_cache: true
+  when: backports_repository_configuration.changed
+
+- name: Configure package pins to backports for Prosody
+  template:
+    src: prosody_backports_pin.j2
+    dest: /etc/apt/preferences.d/prosody
+    owner: root
+    group: root
+    mode: 0644
+
 - name: Collect information about installed packages
   package_facts:
 
diff --git a/roles/xmpp_server/templates/backports.list.j2 b/roles/xmpp_server/templates/backports.list.j2
new file mode 100644
index 0000000000000000000000000000000000000000..1f5aad8c3281f65a359ba6219c87f515c5aadd33
--- /dev/null
+++ b/roles/xmpp_server/templates/backports.list.j2
@@ -0,0 +1 @@
+deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main
diff --git a/roles/xmpp_server/templates/lua_ldap_backports_pin.j2 b/roles/xmpp_server/templates/lua_ldap_backports_pin.j2
deleted file mode 100644
index db35a72518cd479ba57a498c0b562342bdec8085..0000000000000000000000000000000000000000
--- a/roles/xmpp_server/templates/lua_ldap_backports_pin.j2
+++ /dev/null
@@ -1,9 +0,0 @@
-#
-# This file contains pinning information for deploying the backported
-# version of lud-ldap that supports Lua 5.2 (for use with the Prosody
-# XMPP server).
-#
-
-Package: lua-ldap
-Pin: release a={{ ansible_distribution_release }}-backports
-Pin-Priority: 600
\ No newline at end of file
diff --git a/roles/xmpp_server/templates/prosody_backports_pin.j2 b/roles/xmpp_server/templates/prosody_backports_pin.j2
new file mode 100644
index 0000000000000000000000000000000000000000..58c5bbf7001e6e0757391bc2157624b69f1247fa
--- /dev/null
+++ b/roles/xmpp_server/templates/prosody_backports_pin.j2
@@ -0,0 +1,8 @@
+#
+# Pins Prosody and some related packages to Debian backports in order
+# to get more up-to-date features and bug/security updates.
+#
+
+Package: prosody lua-sec
+Pin: release a={{ ansible_distribution_release }}-backports
+Pin-Priority: 600