From eab4bff766e3fedd7c53e53616ec9a50f359ada0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=94=D0=B0=D0=BC=D1=8F=D0=BD=20=D0=9C=D0=B8=D0=BD=D0=BA?=
 =?UTF-8?q?=D0=BE=D0=B2?= <damencho@jitsi.org>
Date: Thu, 22 Jan 2026 06:15:13 -0600
Subject: [PATCH] fix(prosody): Moves to using shell for roster and user
 creation.

* fix(prosody): Moves to using shell for roster creation.

* fix(prosody): Moves to using shell for user creation.
---
 prosody/rootfs/defaults/prosody.cfg.lua       |   1 +
 prosody/rootfs/etc/cont-init.d/10-config      |  23 +--
 .../services.d/{prosody => 50-prosody}/run    |   0
 .../etc/services.d/70-register-setup/run      | 139 ++++++++++++++++++
 .../rootfs/etc/services.d/90-roster-setup/run |  77 ++++++++++
 5 files changed, 218 insertions(+), 22 deletions(-)
 rename prosody/rootfs/etc/services.d/{prosody => 50-prosody}/run (100%)
 create mode 100755 prosody/rootfs/etc/services.d/70-register-setup/run
 create mode 100755 prosody/rootfs/etc/services.d/90-roster-setup/run

diff --git a/prosody/rootfs/defaults/prosody.cfg.lua b/prosody/rootfs/defaults/prosody.cfg.lua
index 04d752d..71158d9 100644
--- a/prosody/rootfs/defaults/prosody.cfg.lua
+++ b/prosody/rootfs/defaults/prosody.cfg.lua
@@ -100,6 +100,7 @@ modules_enabled = {
 		--"compression"; -- Stream compression (Debian: requires lua-zlib module to work)
 
 	-- Admin interfaces
+		"admin_shell"; -- Enable admin shell for prosodyctl shell commands
 		-- "admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
 		--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
 
diff --git a/prosody/rootfs/etc/cont-init.d/10-config b/prosody/rootfs/etc/cont-init.d/10-config
index 73b4c73..f0be0af 100644
--- a/prosody/rootfs/etc/cont-init.d/10-config
+++ b/prosody/rootfs/etc/cont-init.d/10-config
@@ -81,12 +81,7 @@ fi
 [ -z "${XMPP_HIDDEN_DOMAIN}" ] && export XMPP_HIDDEN_DOMAIN="$XMPP_RECORDER_DOMAIN"
 [ -z "${XMPP_HIDDEN_DOMAIN}" ] && export XMPP_HIDDEN_DOMAIN=hidden.meet.jitsi
 
-prosodyctl --config $PROSODY_CFG register focus $XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD
-
-# if we are in client mode, we need to subscribe the focus user to the focus component proxy
-if [[ "$PROSODY_MODE" == "client" ]]; then
-    prosodyctl --config $PROSODY_CFG mod_roster_command subscribe focus.$XMPP_DOMAIN focus@$XMPP_AUTH_DOMAIN
-fi
+# User registration is now handled by the 70-register-setup service after prosody starts
 
 if [[ -z $JVB_AUTH_PASSWORD ]]; then
     echo 'FATAL ERROR: JVB auth password must be set'
@@ -99,20 +94,12 @@ if [[ "$JVB_AUTH_PASSWORD" == "$OLD_JVB_AUTH_PASSWORD" ]]; then
     exit 1
 fi
 
-# we see the next register command to hang from time to time, suspect it's a race with mod_roster_command
-# Once this is released: https://issues.prosody.im/1908 we can remove this sleep and make sure prosody is running
-# and then use 'prosodyctl shell user create' to add user live and 'prosodyctl shell roster' to modify their roster live.
-sleep 1
-
-prosodyctl --config $PROSODY_CFG register $JVB_AUTH_USER $XMPP_AUTH_DOMAIN $JVB_AUTH_PASSWORD
-
 if [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then
     OLD_JIBRI_XMPP_PASSWORD=passw0rd
     if [[ "$JIBRI_XMPP_PASSWORD" == "$OLD_JIBRI_XMPP_PASSWORD" ]]; then
         echo 'FATAL ERROR: Jibri auth password must be changed, check the README'
         exit 1
     fi
-    prosodyctl --config $PROSODY_CFG register $JIBRI_XMPP_USER $XMPP_AUTH_DOMAIN $JIBRI_XMPP_PASSWORD
 fi
 
 if [[ "$PROSODY_MODE" == "client" ]]; then
@@ -122,13 +109,6 @@ if [[ "$PROSODY_MODE" == "client" ]]; then
             echo 'FATAL ERROR: Jibri recorder password must be changed, check the README'
             exit 1
         fi
-        prosodyctl --config $PROSODY_CFG register $JIBRI_RECORDER_USER $XMPP_HIDDEN_DOMAIN $JIBRI_RECORDER_PASSWORD
-    fi
-    if [[ "$(echo "$ENABLE_TRANSCRIPTIONS" | tr '[:upper:]' '[:lower:]')" == "true" ]] || [[ "$ENABLE_TRANSCRIPTIONS" == "1" ]]; then
-        if [[ ! -z $JIGASI_TRANSCRIBER_PASSWORD ]]; then
-            [ -z "$JIGASI_TRANSCRIBER_USER" ] && JIGASI_TRANSCRIBER_USER="transcriber"
-            prosodyctl --config $PROSODY_CFG register $JIGASI_TRANSCRIBER_USER $XMPP_HIDDEN_DOMAIN $JIGASI_TRANSCRIBER_PASSWORD
-        fi
     fi
 fi
 
@@ -138,7 +118,6 @@ if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then
         echo 'FATAL ERROR: Jigasi auth password must be changed, check the README'
         exit 1
     fi
-    prosodyctl --config $PROSODY_CFG register $JIGASI_XMPP_USER $XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD
 fi
 
 if [[ "$PROSODY_MODE" == "visitors" ]]; then
diff --git a/prosody/rootfs/etc/services.d/prosody/run b/prosody/rootfs/etc/services.d/50-prosody/run
similarity index 100%
rename from prosody/rootfs/etc/services.d/prosody/run
rename to prosody/rootfs/etc/services.d/50-prosody/run
diff --git a/prosody/rootfs/etc/services.d/70-register-setup/run b/prosody/rootfs/etc/services.d/70-register-setup/run
new file mode 100755
index 0000000..ab19091
--- /dev/null
+++ b/prosody/rootfs/etc/services.d/70-register-setup/run
@@ -0,0 +1,139 @@
+#!/usr/bin/with-contenv bash
+
+echo "[register-setup] Service starting..."
+
+# Wait for prosody to be ready
+echo "[register-setup] Waiting for prosody to be ready..."
+MAX_ATTEMPTS=60
+ATTEMPT=0
+
+while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do
+    if curl --fail --silent --output /dev/null http://127.0.0.1:5280/health 2>&1; then
+        echo "[register-setup] Prosody is ready!"
+        break
+    fi
+    ATTEMPT=$((ATTEMPT + 1))
+    echo "[register-setup] Attempt $ATTEMPT/$MAX_ATTEMPTS..."
+    sleep 2
+done
+
+if [ $ATTEMPT -eq $MAX_ATTEMPTS ]; then
+    echo "[register-setup] ERROR: Prosody did not become ready in time"
+    exit 1
+fi
+
+# Set defaults (matching init script)
+[ -z "${JIBRI_RECORDER_USER}" ] && export JIBRI_RECORDER_USER=recorder
+[ -z "${JIBRI_XMPP_USER}" ] && export JIBRI_XMPP_USER=jibri
+[ -z "${JIGASI_XMPP_USER}" ] && export JIGASI_XMPP_USER=jigasi
+[ -z "${JVB_AUTH_USER}" ] && export JVB_AUTH_USER=jvb
+[ -z "${XMPP_DOMAIN}" ] && XMPP_DOMAIN=meet.jitsi
+[ -z "${XMPP_AUTH_DOMAIN}" ] && XMPP_AUTH_DOMAIN=auth.meet.jitsi
+[ -z "${XMPP_HIDDEN_DOMAIN}" ] && XMPP_HIDDEN_DOMAIN="$XMPP_RECORDER_DOMAIN"
+[ -z "${XMPP_HIDDEN_DOMAIN}" ] && XMPP_HIDDEN_DOMAIN=hidden.meet.jitsi
+[ -z "$PROSODY_MODE" ] && PROSODY_MODE="client"
+
+PROSODY_CFG="/config/prosody.cfg.lua"
+
+# Validate required passwords
+if [[ -z $JICOFO_AUTH_PASSWORD ]]; then
+    echo '[register-setup] FATAL ERROR: Jicofo auth password must be set'
+    exit 1
+fi
+
+if [[ -z $JVB_AUTH_PASSWORD ]]; then
+    echo '[register-setup] FATAL ERROR: JVB auth password must be set'
+    exit 1
+fi
+
+OLD_JVB_AUTH_PASSWORD=passw0rd
+if [[ "$JVB_AUTH_PASSWORD" == "$OLD_JVB_AUTH_PASSWORD" ]]; then
+    echo '[register-setup] FATAL ERROR: JVB auth password must be changed, check the README'
+    exit 1
+fi
+
+# Register focus user
+echo "[register-setup] Registering focus user..."
+OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create focus@$XMPP_AUTH_DOMAIN $JICOFO_AUTH_PASSWORD 2>&1)
+if [ $? -eq 0 ]; then
+    echo "[register-setup] Focus user registered successfully"
+else
+    echo "[register-setup] Focus user registration output: $OUTPUT"
+fi
+
+# Register JVB user
+echo "[register-setup] Registering JVB user..."
+OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JVB_AUTH_USER@$XMPP_AUTH_DOMAIN $JVB_AUTH_PASSWORD 2>&1)
+if [ $? -eq 0 ]; then
+    echo "[register-setup] JVB user registered successfully"
+else
+    echo "[register-setup] JVB user registration output: $OUTPUT"
+fi
+
+# Register Jibri user if password is set
+if [[ ! -z $JIBRI_XMPP_PASSWORD ]]; then
+    OLD_JIBRI_XMPP_PASSWORD=passw0rd
+    if [[ "$JIBRI_XMPP_PASSWORD" == "$OLD_JIBRI_XMPP_PASSWORD" ]]; then
+        echo '[register-setup] FATAL ERROR: Jibri auth password must be changed, check the README'
+        exit 1
+    fi
+    echo "[register-setup] Registering Jibri user..."
+    OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIBRI_XMPP_USER@$XMPP_AUTH_DOMAIN $JIBRI_XMPP_PASSWORD 2>&1)
+    if [ $? -eq 0 ]; then
+        echo "[register-setup] Jibri user registered successfully"
+    else
+        echo "[register-setup] Jibri user registration output: $OUTPUT"
+    fi
+fi
+
+# Register Jibri recorder and Jigasi transcriber in client mode only
+if [[ "$PROSODY_MODE" == "client" ]]; then
+    if [[ ! -z $JIBRI_RECORDER_PASSWORD ]]; then
+        OLD_JIBRI_RECORDER_PASSWORD=passw0rd
+        if [[ "$JIBRI_RECORDER_PASSWORD" == "$OLD_JIBRI_RECORDER_PASSWORD" ]]; then
+            echo '[register-setup] FATAL ERROR: Jibri recorder password must be changed, check the README'
+            exit 1
+        fi
+        echo "[register-setup] Registering Jibri recorder user..."
+        OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIBRI_RECORDER_USER@$XMPP_HIDDEN_DOMAIN $JIBRI_RECORDER_PASSWORD 2>&1)
+        if [ $? -eq 0 ]; then
+            echo "[register-setup] Jibri recorder user registered successfully"
+        else
+            echo "[register-setup] Jibri recorder user registration output: $OUTPUT"
+        fi
+    fi
+
+    if [[ "$(echo "$ENABLE_TRANSCRIPTIONS" | tr '[:upper:]' '[:lower:]')" == "true" ]] || [[ "$ENABLE_TRANSCRIPTIONS" == "1" ]]; then
+        if [[ ! -z $JIGASI_TRANSCRIBER_PASSWORD ]]; then
+            [ -z "$JIGASI_TRANSCRIBER_USER" ] && JIGASI_TRANSCRIBER_USER="transcriber"
+            echo "[register-setup] Registering Jigasi transcriber user..."
+            OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIGASI_TRANSCRIBER_USER@$XMPP_HIDDEN_DOMAIN $JIGASI_TRANSCRIBER_PASSWORD 2>&1)
+            if [ $? -eq 0 ]; then
+                echo "[register-setup] Jigasi transcriber user registered successfully"
+            else
+                echo "[register-setup] Jigasi transcriber user registration output: $OUTPUT"
+            fi
+        fi
+    fi
+fi
+
+# Register Jigasi user if password is set
+if [[ ! -z $JIGASI_XMPP_PASSWORD ]]; then
+    OLD_JIGASI_XMPP_PASSWORD=passw0rd
+    if [[ "$JIGASI_XMPP_PASSWORD" == "$OLD_JIGASI_XMPP_PASSWORD" ]]; then
+        echo '[register-setup] FATAL ERROR: Jigasi auth password must be changed, check the README'
+        exit 1
+    fi
+    echo "[register-setup] Registering Jigasi user..."
+    OUTPUT=$(prosodyctl --config $PROSODY_CFG shell user create $JIGASI_XMPP_USER@$XMPP_AUTH_DOMAIN $JIGASI_XMPP_PASSWORD 2>&1)
+    if [ $? -eq 0 ]; then
+        echo "[register-setup] Jigasi user registered successfully"
+    else
+        echo "[register-setup] Jigasi user registration output: $OUTPUT"
+    fi
+fi
+
+echo "[register-setup] All users registered, service completed"
+# This is a oneshot service - tell s6 to stop supervising and sleep
+s6-svc -O /var/run/s6/services/70-register-setup
+exec sleep infinity
diff --git a/prosody/rootfs/etc/services.d/90-roster-setup/run b/prosody/rootfs/etc/services.d/90-roster-setup/run
new file mode 100755
index 0000000..bb18989
--- /dev/null
+++ b/prosody/rootfs/etc/services.d/90-roster-setup/run
@@ -0,0 +1,77 @@
+#!/usr/bin/with-contenv bash
+
+echo "[roster-setup] Service starting..."
+
+# Default to client mode if not set (matching init script behavior)
+[ -z "$PROSODY_MODE" ] && PROSODY_MODE="client"
+
+# Only run in client mode
+if [[ "$PROSODY_MODE" != "client" ]]; then
+    echo "[roster-setup] Not in client mode (PROSODY_MODE=$PROSODY_MODE), exiting..."
+    s6-svc -O /var/run/s6/services/90-roster-setup
+    exec sleep infinity
+fi
+
+echo "[roster-setup] Running in client mode, proceeding with roster setup"
+
+# Wait for prosody to be ready
+echo "[roster-setup] Waiting for prosody to be ready..."
+MAX_ATTEMPTS=60
+ATTEMPT=0
+
+while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do
+    if curl --fail --silent --output /dev/null http://127.0.0.1:5280/health 2>&1; then
+        echo "[roster-setup] Prosody is ready!"
+        break
+    fi
+    ATTEMPT=$((ATTEMPT + 1))
+    echo "[roster-setup] Attempt $ATTEMPT/$MAX_ATTEMPTS..."
+    sleep 2
+done
+
+if [ $ATTEMPT -eq $MAX_ATTEMPTS ]; then
+    echo "[roster-setup] ERROR: Prosody did not become ready in time"
+    exit 1
+fi
+
+# Set defaults for XMPP domains (matching init script)
+[ -z "${XMPP_DOMAIN}" ] && XMPP_DOMAIN=meet.jitsi
+[ -z "${XMPP_AUTH_DOMAIN}" ] && XMPP_AUTH_DOMAIN=auth.meet.jitsi
+
+# Subscribe the focus user to the focus component proxy using prosodyctl shell
+echo "[roster-setup] Setting up roster subscription..."
+echo "[roster-setup] Command: prosodyctl shell roster subscribe_both focus@$XMPP_AUTH_DOMAIN focus.$XMPP_DOMAIN"
+PROSODY_CFG="/config/prosody.cfg.lua"
+
+# Capture both stdout and stderr
+OUTPUT=$(prosodyctl --config $PROSODY_CFG shell roster subscribe_both focus@$XMPP_AUTH_DOMAIN focus.$XMPP_DOMAIN 2>&1)
+RESULT=$?
+
+echo "[roster-setup] Command output:"
+echo "$OUTPUT"
+
+if [ $RESULT -eq 0 ]; then
+    echo "[roster-setup] Roster subscription completed successfully"
+
+    # Reload mod_client_proxy module to apply roster changes
+    echo "[roster-setup] Reloading client_proxy module..."
+    RELOAD_OUTPUT=$(prosodyctl --config $PROSODY_CFG shell module reload client_proxy 2>&1)
+    RELOAD_RESULT=$?
+
+    echo "[roster-setup] Module reload output:"
+    echo "$RELOAD_OUTPUT"
+
+    if [ $RELOAD_RESULT -eq 0 ]; then
+        echo "[roster-setup] Module reloaded successfully"
+    else
+        echo "[roster-setup] WARNING: Failed to reload module (exit code: $RELOAD_RESULT)"
+    fi
+else
+    echo "[roster-setup] ERROR: Failed to setup roster subscription (exit code: $RESULT)"
+    echo "[roster-setup] This is a oneshot service, will sleep to prevent restart loop"
+fi
+
+echo "[roster-setup] Oneshot service completed, sleeping..."
+# This is a oneshot service - tell s6 to stop supervising and sleep
+s6-svc -O /var/run/s6/services/90-roster-setup
+exec sleep infinity