From 627a06e30d0e6562a12f248ea83bbcaffa4db2fe Mon Sep 17 00:00:00 2001
From: AnatomicJC <anatomicjc@open-web.fr>
Date: Fri, 23 Jul 2021 16:07:16 +0200
Subject: [PATCH] CRI-O: Install libseccomp2 from backports on Debian 10
 (#7816)

* CRI-O: Install libseccomp2 from backports on Debian 10

libseccomp2 is a required dependency of cri-o-runc package

The one provided in Debian 10 repositories is outdated

* 7816: Remove useless when condition

As this condition is handled by block
---
 .../cri-o/tasks/crio_repo.yml                 | 20 +++++++++++++++++++
 roles/container-engine/cri-o/tasks/main.yaml  |  7 +++++++
 roles/container-engine/cri-o/vars/debian.yml  |  3 +++
 3 files changed, 30 insertions(+)

diff --git a/roles/container-engine/cri-o/tasks/crio_repo.yml b/roles/container-engine/cri-o/tasks/crio_repo.yml
index b0ca20725..099d2ef64 100644
--- a/roles/container-engine/cri-o/tasks/crio_repo.yml
+++ b/roles/container-engine/cri-o/tasks/crio_repo.yml
@@ -1,5 +1,25 @@
 ---
 
+- block:
+    - name: Add Debian Backports apt repo
+      apt_repository:
+        repo: "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-backports main"
+        state: present
+        filename: debian-backports
+
+    - name: Set libseccomp2 pin priority to apt_preferences on Debian buster
+      copy:
+        content: |
+          Package: libseccomp2
+          Pin: release a={{ ansible_distribution_release }}-backports
+          Pin-Priority: 1001
+        dest: "/etc/apt/preferences.d/libseccomp2"
+        owner: "root"
+        mode: 0644
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_version == "10"
+
 - name: CRI-O kubic repo name for debian os family
   set_fact:
     crio_kubic_debian_repo_name: "{{ ((ansible_distribution == 'Ubuntu') | ternary('x','')) ~ ansible_distribution ~ '_' ~ ansible_distribution_version }}"
diff --git a/roles/container-engine/cri-o/tasks/main.yaml b/roles/container-engine/cri-o/tasks/main.yaml
index cde3552f9..d22d1dc32 100644
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@@ -87,6 +87,13 @@
     - not skip_downloads|default(false)
     - download_run_once
 
+- name: Add libseccomp2 package from Debian Backports to install
+  set_fact:
+    crio_packages: "{{ crio_debian_buster_backports_packages + crio_packages }}"
+  when:
+    - ansible_distribution == "Debian"
+    - ansible_distribution_version == "10"
+
 - name: Install cri-o packages
   package:
     name: "{{ item }}"
diff --git a/roles/container-engine/cri-o/vars/debian.yml b/roles/container-engine/cri-o/vars/debian.yml
index defdb88be..1e582d996 100644
--- a/roles/container-engine/cri-o/vars/debian.yml
+++ b/roles/container-engine/cri-o/vars/debian.yml
@@ -10,6 +10,9 @@ crio_versioned_pkg:
     - "cri-o=1.19*"
     - cri-o-runc
 
+crio_debian_buster_backports_packages:
+  - "libseccomp2"
+
 default_crio_packages: "{{ crio_versioned_pkg[crio_version] }}"
 
 crio_packages: "{{ debian_crio_packages | default(default_crio_packages) }}"