From 472769452cf98c392ebf00cdb20f55b0117f7322 Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Wed, 1 Apr 2026 15:22:37 -0400
Subject: [PATCH 1/4] Default soup to 3/main branch for 3.X.X installations

---
 salt/manager/tools/sbin/soup | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index d31b8ba0d..49472b312 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -317,7 +317,11 @@ clone_to_tmp() {
   # Make a temp location for the files
   mkdir -p /tmp/sogh
   cd /tmp/sogh
-  SOUP_BRANCH="-b 2.4/main"
+  if [[ "$INSTALLEDVERSION" == 3.* ]]; then
+    SOUP_BRANCH="-b 3/main"
+  else
+    SOUP_BRANCH="-b 2.4/main"
+  fi
   if [ -n "$BRANCH" ]; then
     SOUP_BRANCH="-b $BRANCH"
   fi

From 1355e8eb1147ead982910992fed3bed230697c84 Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Wed, 1 Apr 2026 15:27:24 -0400
Subject: [PATCH 2/4] Re-exec soup with 3/main branch when running on 3.X.X

---
 salt/manager/tools/sbin/soup | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 49472b312..ace57cc34 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -317,11 +317,7 @@ clone_to_tmp() {
   # Make a temp location for the files
   mkdir -p /tmp/sogh
   cd /tmp/sogh
-  if [[ "$INSTALLEDVERSION" == 3.* ]]; then
-    SOUP_BRANCH="-b 3/main"
-  else
-    SOUP_BRANCH="-b 2.4/main"
-  fi
+  SOUP_BRANCH="-b 2.4/main"
   if [ -n "$BRANCH" ]; then
     SOUP_BRANCH="-b $BRANCH"
   fi
@@ -2132,6 +2128,12 @@ failed_soup_restore_items() {
 main() {
   trap 'check_err $?' EXIT
 
+  # If running 3.X.X, re-launch soup using the 3/main branch
+  if [[ "$INSTALLEDVERSION" == 3.* && "$BRANCH" != "3/main" ]]; then
+    echo "Detected Security Onion $INSTALLEDVERSION. Switching to 3/main branch."
+    exec env BRANCH=3/main soup "$@"
+  fi
+
   if [ -n "$BRANCH" ]; then
     echo "SOUP will use the $BRANCH branch."
     echo ""

From f2d6d8a3fe85addc43b83059390e4dba25532423 Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Wed, 1 Apr 2026 15:43:21 -0400
Subject: [PATCH 3/4] Fetch and replace soup scripts from 3/main before
 proceeding on 3.X.X

---
 salt/manager/tools/sbin/soup | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index ace57cc34..67bc150ec 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -2128,9 +2128,23 @@ failed_soup_restore_items() {
 main() {
   trap 'check_err $?' EXIT
 
-  # If running 3.X.X, re-launch soup using the 3/main branch
+  # If running 3.X.X, we need to fetch the correct soup and supporting scripts
+  # from the 3/main branch before proceeding, otherwise we'll clone 2.4/main
+  # and end up with incompatible scripts.
   if [[ "$INSTALLEDVERSION" == 3.* && "$BRANCH" != "3/main" ]]; then
-    echo "Detected Security Onion $INSTALLEDVERSION. Switching to 3/main branch."
+    echo "Detected Security Onion $INSTALLEDVERSION. Fetching soup from 3/main branch."
+    rm -rf /tmp/sogh
+    mkdir -p /tmp/sogh
+    cd /tmp/sogh
+    git clone -b 3/main https://github.com/Security-Onion-Solutions/securityonion.git
+    if [ ! -f "$UPDATE_DIR/VERSION" ]; then
+      echo "Unable to clone 3/main branch from Github. Please check your Internet access."
+      exit 1
+    fi
+    cp "$UPDATE_DIR/salt/manager/tools/sbin/soup" /usr/sbin/soup
+    cp "$UPDATE_DIR/salt/common/tools/sbin/so-common" /usr/sbin/so-common
+    cp "$UPDATE_DIR/salt/common/tools/sbin/so-image-common" /usr/sbin/so-image-common
+    echo "Updated soup scripts from 3/main. Restarting soup."
     exec env BRANCH=3/main soup "$@"
   fi
 

From 3f27d00dd145f30b571ae80c151847cae2f8b59c Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Wed, 1 Apr 2026 16:12:07 -0400
Subject: [PATCH 4/4] Fix soup_scripts.sls to handle 3.X versions instead of
 falling back to 2.3

---
 salt/common/soup_scripts.sls | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/salt/common/soup_scripts.sls b/salt/common/soup_scripts.sls
index 24e6c6152..70fe403b4 100644
--- a/salt/common/soup_scripts.sls
+++ b/salt/common/soup_scripts.sls
@@ -3,7 +3,8 @@
 # https://securityonion.net/license; you may not use this file except in compliance with the
 # Elastic License 2.0.
 
-{% if '2.4' in salt['cp.get_file_str']('/etc/soversion') %}
+{% set soversion = salt['cp.get_file_str']('/etc/soversion') %}
+{% if '2.4' in soversion or soversion.startswith('3.') %}
 
 {%   import_yaml '/opt/so/saltstack/local/pillar/global/soc_global.sls' as SOC_GLOBAL %}
 {%   if SOC_GLOBAL.global.airgap %}