From 8e303a4ac7142f130a38ccca8a105d7da6967af9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <Joerg.Sachse@slub-dresden.de>
Date: Thu, 25 Mar 2021 12:32:08 +0100
Subject: [PATCH] feat: pin package versions

---
 tasks/install-repair-tools.yml             | 14 +++++++++++---
 templates/etc/apt/preferences.d/pinning.j2 |  3 +++
 vars/main.yml                              |  8 +++++++-
 3 files changed, 21 insertions(+), 4 deletions(-)
 create mode 100644 templates/etc/apt/preferences.d/pinning.j2

diff --git a/tasks/install-repair-tools.yml b/tasks/install-repair-tools.yml
index 3740685..1607c6d 100644
--- a/tasks/install-repair-tools.yml
+++ b/tasks/install-repair-tools.yml
@@ -30,16 +30,24 @@
 - name: install repairtool (package dependencies are encoded in the package)
   apt:
     name: [
-      'libslub-lza-repair-perl=0.9.15*',
-      'checkit-tiff=1.0.0',
-      'fixit-tiff=0.1.3'
+      '{{ item.package_name }}={{ item.version }}',
     ]
     # CAUTION!!! Always use "state: present". Due to version constraints, we do
     #            not allow just any package version or automatic update
     #            mechanisms. Autoupdates will make the repair tool crash!
     state: present
+  loop: "{{ tool_versions }}"
   tags: [apt]
 
+- name: configure tool version pinning to avoid automatic nightly upgrades
+  template:
+    src: "etc/apt/preferences.d/pinning.j2"
+    dest: "/etc/apt/preferences.d/{{ item.package_name }}"
+    owner: "root"
+    group: "root"
+    mode: 0750
+  loop: "{{ tool_versions }}"
+
 # FHS 3.0 specifies the correct path for the config:
 # https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s09.html
 - name: install checkit_tiff config
diff --git a/templates/etc/apt/preferences.d/pinning.j2 b/templates/etc/apt/preferences.d/pinning.j2
new file mode 100644
index 0000000..e98402c
--- /dev/null
+++ b/templates/etc/apt/preferences.d/pinning.j2
@@ -0,0 +1,3 @@
+Package: {{ item.package_name }}
+Pin: version {{ item.version }}
+Pin-Priority: 999
diff --git a/vars/main.yml b/vars/main.yml
index 8264654..e6b2d64 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,2 +1,8 @@
 ---
-checkit_tiff_version: "v0.6.0"
+tool_versions:
+  - package_name: "checkit-tiff"
+    version: "1.0.0"
+  - package_name: "fixit-tiff"
+    version: "0.1.3"
+  - package_name: "libslub-lza-repair-perl"
+    version: "0.9.15*"
-- 
GitLab