From 06344b682730a09e9b7c3aece36bcbc8f9a50754 Mon Sep 17 00:00:00 2001
From: Achilleas Koutsou <achilleas@koutsou.net>
Date: Tue, 25 Feb 2025 15:06:04 +0100
Subject: [PATCH] stages: add a new dnf4.versionlock stage

New stage that writes a versionlock.list to lock packages in the format
used by the dnf4 versionlock plugin.
---
 stages/org.osbuild.dnf4.versionlock           | 29 ++++++++++++++++++
 stages/org.osbuild.dnf4.versionlock.meta.json | 30 +++++++++++++++++++
 2 files changed, 59 insertions(+)
 create mode 100644 stages/org.osbuild.dnf4.versionlock
 create mode 100644 stages/org.osbuild.dnf4.versionlock.meta.json

diff --git a/stages/org.osbuild.dnf4.versionlock b/stages/org.osbuild.dnf4.versionlock
new file mode 100644
index 00000000..062da425
--- /dev/null
+++ b/stages/org.osbuild.dnf4.versionlock
@@ -0,0 +1,29 @@
+#!/usr/bin/python3
+import pathlib
+import sys
+import time
+
+import osbuild.api
+
+
+def main(tree, options):
+    add = options["add"]
+
+    tree = pathlib.Path(tree)
+    locklist = tree / "etc/dnf/plugins/versionlock.list"
+    nowstr = time.ctime()
+    with locklist.open(mode="a", encoding="utf-8") as locklist_fp:
+        for item in add:
+            # the plugin adds an empty line followed by a comment with a timestamp above each item, let's replicate the
+            # behaviour
+            locklist_fp.writelines([
+                "\n",
+                f"# Added lock on {nowstr}\n",
+                item + "\n",
+            ])
+
+
+if __name__ == '__main__':
+    args = osbuild.api.arguments()
+    r = main(args["tree"], args["options"])
+    sys.exit(r)
diff --git a/stages/org.osbuild.dnf4.versionlock.meta.json b/stages/org.osbuild.dnf4.versionlock.meta.json
new file mode 100644
index 00000000..b7b61123
--- /dev/null
+++ b/stages/org.osbuild.dnf4.versionlock.meta.json
@@ -0,0 +1,30 @@
+{
+  "summary": "Protect packages from being updated using the DNF versionlock plugin",
+  "description": [
+    "This stage writes the versionlock.list file which is read by the DNF 4 versionlock plugin",
+    "to lock packages to specific versions.",
+    "https://dnf-plugins-core.readthedocs.io/en/latest/versionlock.html",
+    "",
+    "Notes:",
+    " - This stage is only valid for dnf4 and will have no effect on distributions that use dnf5.",
+    " - Items are written as is. This is unlike adding items by calling 'dnf versionlock add',",
+    "   which uses the dnf cache to retrieve version information for the listed packages."
+  ],
+  "schema": {
+    "additionalProperties": false,
+    "description": "DNF 4 versionlock plugin.",
+    "required": [
+      "add"
+    ],
+    "properties": {
+      "add": {
+        "type": "array",
+        "minitems": 1,
+        "description": "Add a versionlock for all available packages matching the spec.",
+        "items": {
+          "type": "string"
+        }
+      }
+    }
+  }
+}