From 66be04e78a8c1a6717134024c89773af2b9d1b7f Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Tue, 3 Oct 2023 09:53:40 -0400
Subject: [PATCH] remove mariadb

---
 salt/common/init.sls             |  1 +
 salt/common/packages.sls         | 29 ++++-------------------------
 salt/common/tools/sbin/so-common |  2 +-
 setup/so-functions               |  3 +--
 4 files changed, 7 insertions(+), 28 deletions(-)

diff --git a/salt/common/init.sls b/salt/common/init.sls
index 37ea4239d..f50f0c61b 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -91,6 +91,7 @@ vimconfig:
 alwaysupdated:
   pkg.latest:
     - pkgs:
+      - openssl
       - openssh-server
       - bash
     - skip_suggestions: True
diff --git a/salt/common/packages.sls b/salt/common/packages.sls
index b4e97a81d..c5d2729fd 100644
--- a/salt/common/packages.sls
+++ b/salt/common/packages.sls
@@ -47,35 +47,15 @@ python-rich:
 
 {% if GLOBALS.os_family == 'RedHat' %}
 
-# install versionlock first so we can hold packages in the next states
-install_versionlock:
-  pkg.installed:
-    - name: python3-dnf-plugin-versionlock
-
-# holding these since openssl-devel-1:3.0.7-16.0.1.el9_2 seems to be a requirement for mariadb-devel-3:10.5.16-2.el9_0
-# https://github.com/Security-Onion-Solutions/securityonion/discussions/11443
-holdversion_openssl:
-  pkg.held:
-    - name: openssl
-    - version: 1:3.0.7-16.0.1.el9_2
-
-holdversion_openssl-libs:
-  pkg.held:
-    - name: openssl-libs
-    - version: 1:3.0.7-16.0.1.el9_2
-
-openssl_pkgs:
-  pkg.installed:
-    - skip_suggestions: True
-    - update_holds: True
-    - pkgs:
-      - openssl: 1:3.0.7-16.0.1.el9_2
-      - openssl-libs: 1:3.0.7-16.0.1.el9_2
+remove_mariadb:
+  pkg.removed:
+    - name: mariadb-devel
 
 commonpkgs:
   pkg.installed:
     - skip_suggestions: True
     - pkgs:
+      - python3-dnf-plugin-versionlock
       - curl
       - device-mapper-persistent-data
       - fuse
@@ -88,7 +68,6 @@ commonpkgs:
       - httpd-tools
       - jq
       - lvm2
-      - mariadb-devel
       - net-tools
       - nmap-ncat
       - procps-ng
diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common
index 0dfb19bbe..f754b34ef 100755
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -240,7 +240,7 @@ gpg_rpm_import() {
 	    else
 	        local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys"
 	    fi
-		RPMKEYS=('RPM-GPG-KEY-oracle' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub' 'MariaDB-Server-GPG-KEY')
+		RPMKEYS=('RPM-GPG-KEY-oracle' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub')
 		for RPMKEY in "${RPMKEYS[@]}"; do
     	        rpm --import $RPMKEYSLOC/$RPMKEY
 	        echo "Imported $RPMKEY"
diff --git a/setup/so-functions b/setup/so-functions
index 243e89c99..84d6d80f9 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -2444,8 +2444,7 @@ update_packages() {
 	if [[ $is_oracle ]]; then
 		logCmd "dnf repolist"
 		# holding openssl https://github.com/Security-Onion-Solutions/securityonion/discussions/11443
-		logCmd "dnf -y install openssl-1:3.0.7-16.0.1.el9_2 openssl-libs-1:3.0.7-16.0.1.el9_2 openssl-devel-1:3.0.7-16.0.1.el9_2"
-		logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*,openssl*"
+		logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*"
 		RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo")
 		info "Removing repo files added by oracle-repos package update"
 		for FILE in ${RMREPOFILES[@]}; do