Merge pull request #11465 from Security-Onion-Solutions/fix/pkgs

Fix/pkgs

salt/common/init.sls

@@ -91,6 +91,7 @@ vimconfig:
 alwaysupdated:
   pkg.latest:
     - pkgs:
+      - openssl
       - openssh-server
       - bash
     - skip_suggestions: True

salt/common/packages.sls

@@ -47,35 +47,15 @@ python-rich:
 
 {% if GLOBALS.os_family == 'RedHat' %}
 
-# install versionlock first so we can hold packages in the next states
-install_versionlock:
-  pkg.installed:
-    - name: python3-dnf-plugin-versionlock
-
-# holding these since openssl-devel-1:3.0.7-16.0.1.el9_2 seems to be a requirement for mariadb-devel-3:10.5.16-2.el9_0
-# https://github.com/Security-Onion-Solutions/securityonion/discussions/11443
-holdversion_openssl:
-  pkg.held:
-    - name: openssl
-    - version: 1:3.0.7-16.0.1.el9_2
-
-holdversion_openssl-libs:
-  pkg.held:
-    - name: openssl-libs
-    - version: 1:3.0.7-16.0.1.el9_2
-
-openssl_pkgs:
-  pkg.installed:
-    - skip_suggestions: True
-    - update_holds: True
-    - pkgs:
-      - openssl: 1:3.0.7-16.0.1.el9_2
-      - openssl-libs: 1:3.0.7-16.0.1.el9_2
+remove_mariadb:
+  pkg.removed:
+    - name: mariadb-devel
 
 commonpkgs:
   pkg.installed:
     - skip_suggestions: True
     - pkgs:
+      - python3-dnf-plugin-versionlock
       - curl
       - device-mapper-persistent-data
       - fuse
@@ -88,7 +68,6 @@ commonpkgs:
       - httpd-tools
       - jq
       - lvm2
-      - mariadb-devel
       - net-tools
       - nmap-ncat
       - procps-ng

salt/common/tools/sbin/so-common

@@ -240,7 +240,7 @@ gpg_rpm_import() {
 	    else
 	        local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys"
 	    fi
-		RPMKEYS=('RPM-GPG-KEY-oracle' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub' 'MariaDB-Server-GPG-KEY')
+		RPMKEYS=('RPM-GPG-KEY-oracle' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub')
 		for RPMKEY in "${RPMKEYS[@]}"; do
     	        rpm --import $RPMKEYSLOC/$RPMKEY
 	        echo "Imported $RPMKEY"

salt/mysql/config.sls

@@ -9,7 +9,7 @@
 
 # MySQL Setup
 mysqlpkgs:
-  pkg.installed:
+  pkg.removed:
     - skip_suggestions: False
     - pkgs:
       {% if grains['os_family'] != 'RedHat' %}

setup/so-functions

@@ -2088,7 +2088,7 @@ saltify() {
 		if [[ $waitforstate ]]; then
 			retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION salt-master=$SALTVERSION" || fail_setup
 			retry 150 20 "apt-mark hold salt-minion salt-common salt-master" || fail_setup
-			retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1
+			retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-packaging python3-influxdb python3-lxml" || exit 1
 		else
 			retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION" || fail_setup
 			retry 150 20 "apt-mark hold salt-minion salt-common" || fail_setup
@@ -2443,9 +2443,7 @@ update_sudoers_for_testing() {
 update_packages() {
 	if [[ $is_oracle ]]; then
 		logCmd "dnf repolist"
-		# holding openssl https://github.com/Security-Onion-Solutions/securityonion/discussions/11443
-		logCmd "dnf -y install openssl-1:3.0.7-16.0.1.el9_2 openssl-libs-1:3.0.7-16.0.1.el9_2 openssl-devel-1:3.0.7-16.0.1.el9_2"
-		logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*,openssl*"
+		logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*"
 		RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo")
 		info "Removing repo files added by oracle-repos package update"
 		for FILE in ${RMREPOFILES[@]}; do