Merge pull request #3968 from Security-Onion-Solutions/issue/3501

Issue/3501
2025-12-06 17:22:49 +01:00 · 2021-04-22 15:37:59 -04:00
parent 694c3b87fe 4f545eefc2
commit 7da091375e
4 changed files with 13 additions and 5 deletions
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -171,7 +171,7 @@ gpg_rpm_import() {
 	    if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then
 	        local RPMKEYSLOC="../salt/repo/client/files/centos/keys"
 	    else
-	        local RPMKEYSLOC="$UPDATEDIR/salt/repo/client/files/centos/keys"
+	        local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/centos/keys"
 	    fi
 	
 	    RPMKEYS=('RPM-GPG-KEY-EPEL-7' 'GPG-KEY-WAZUH' 'docker.pub' 'SALTSTACK-GPG-KEY.pub' 'securityonion.pub')
--- a/salt/salt/map.jinja
+++ b/salt/salt/map.jinja
@@ -4,9 +4,11 @@
 {% if grains.os == 'Ubuntu' %}
  {% set SPLITCHAR = '+' %}
  {% set SALTNOTHELD = salt['cmd.run']('apt-mark showhold | grep -q salt ; echo $?', python_shell=True) %}
+  {% set SALTPACKAGES = ['salt-common', 'salt-master', 'salt-minion'] %}
 {% else %}
  {% set SPLITCHAR = '-' %}
  {% set SALTNOTHELD = salt['cmd.run']('yum versionlock list | grep -q salt ; echo $?', python_shell=True) %}
+  {% set SALTPACKAGES = ['salt', 'salt-master', 'salt-minion'] %}
 {% endif %}

 {% set INSTALLEDSALTVERSION = salt['pkg.version']('salt-minion').split(SPLITCHAR)[0] %}
--- a/salt/salt/minion.sls
+++ b/salt/salt/minion.sls
@@ -2,6 +2,7 @@
 {% from 'salt/map.jinja' import SALTVERSION %}
 {% from 'salt/map.jinja' import INSTALLEDSALTVERSION %}
 {% from 'salt/map.jinja' import SALTNOTHELD %}
+{% from 'salt/map.jinja' import SALTPACKAGES %}
 {% import_yaml 'salt/minion.defaults.yaml' as SALTMINION %}
 {% set service_start_delay = SALTMINION.salt.minion.service_start_delay %}

@@ -15,7 +16,10 @@ include:
 unhold_salt_packages:
  module.run:
    - pkg.unhold:
-      - name: 'salt-*'
+      - pkgs:
+{% for package in SALTPACKAGES %}
+        - {{ package }}
+{% endfor %}
 {% endif %}

 install_salt_minion:
@@ -33,7 +37,10 @@ install_salt_minion:
 hold_salt_packages:
  module.run:
    - pkg.hold:
-      - name: 'salt-*'
+      - pkgs:
+{% for package in SALTPACKAGES %}
+        - {{ package }}
+{% endfor %}
 {% endif %}

 set_log_levels:
--- a/setup/so-preflight
+++ b/setup/so-preflight
@@ -46,8 +46,7 @@ check_new_repos() {
 	if [[ $OS == 'centos' ]]; then
 		local repo_arr=( 
 			"https://download.docker.com/linux/centos/docker-ce.repo"
-			"https://repo.saltstack.com/py3/redhat/7/x86_64/archive/3003/SALTSTACK-GPG-KEY.pub"
-			"https://repo.saltstack.com/py3/ubuntu/18.04/amd64/archive/3003/SALTSTACK-GPG-KEY.pub"
+			"https://repo.securityonion.net/file/securityonion-repo/keys/SALTSTACK-GPG-KEY.pub"
 			"https://download.docker.com/linux/ubuntu/gpg"
 			"https://packages.wazuh.com/key/GPG-KEY-WAZUH"
 			"https://packages.wazuh.com/3.x/yum/"