reposync attempt for reocky

2025-12-06 17:22:49 +01:00 · 2023-02-14 10:08:34 -05:00
parent b2d85b843f
commit 89bd9163fb
4 changed files with 83 additions and 32 deletions
--- a/salt/common/tools/sbin/so-common
+++ b/salt/common/tools/sbin/so-common
@@ -187,14 +187,14 @@ get_random_value() {
 }

 gpg_rpm_import() {
-	if [[ "$OS" == "centos" ]]; then
+	if [[ "$OS" == "rocky" ]]; then
 	    if [[ "$WHATWOULDYOUSAYYAHDOHERE" == "setup" ]]; then
-	        local RPMKEYSLOC="../salt/repo/client/files/centos/keys"
+	        local RPMKEYSLOC="../salt/repo/client/files/rocky/keys"
 	    else
-	        local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/centos/keys"
+	        local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/rocky/keys"
 	    fi
 	
-	    RPMKEYS=('RPM-GPG-KEY-EPEL-7' 'docker.pub' 'SALTSTACK-GPG-KEY.pub' 'securityonion.pub')
+	    RPMKEYS=('RPM-GPG-KEY-EPEL-9' 'SALTSTACK-GPG-KEY2.pub' 'securityonion.pub')

 	    for RPMKEY in "${RPMKEYS[@]}"; do
    	        rpm --import $RPMKEYSLOC/$RPMKEY
@@ -371,7 +371,7 @@ salt_minion_count()
 	MINIONCOUNT=$(ls -la $MINIONDIR/*.sls | grep sls | wc -l)

 set_cron_service_name() {
-	if [[ "$OS" == "centos" ]]; then
+	if [[ "$OS" == "rocky" ]]; then
 		cron_service_name="crond"
 	else
 		cron_service_name="cron"
@@ -380,7 +380,7 @@ set_cron_service_name() {

 set_os() {
 	if [ -f /etc/redhat-release ]; then
-		OS=centos
+		OS=rocky
 	else
 		OS=ubuntu
 	fi
--- a/salt/repo/client/files/rocky/RPM-GPG-KEY-EPEL-9
+++ b/salt/repo/client/files/rocky/RPM-GPG-KEY-EPEL-9
@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGE3mOsBEACsU+XwJWDJVkItBaugXhXIIkb9oe+7aadELuVo0kBmc3HXt/Yp
+CJW9hHEiGZ6z2jwgPqyJjZhCvcAWvgzKcvqE+9i0NItV1rzfxrBe2BtUtZmVcuE6
+2b+SPfxQ2Hr8llaawRjt8BCFX/ZzM4/1Qk+EzlfTcEcpkMf6wdO7kD6ulBk/tbsW
+DHX2lNcxszTf+XP9HXHWJlA2xBfP+Dk4gl4DnO2Y1xR0OSywE/QtvEbN5cY94ieu
+n7CBy29AleMhmbnx9pw3NyxcFIAsEZHJoU4ZW9ulAJ/ogttSyAWeacW7eJGW31/Z
+39cS+I4KXJgeGRI20RmpqfH0tuT+X5Da59YpjYxkbhSK3HYBVnNPhoJFUc2j5iKy
+XLgkapu1xRnEJhw05kr4LCbud0NTvfecqSqa+59kuVc+zWmfTnGTYc0PXZ6Oa3rK
+44UOmE6eAT5zd/ToleDO0VesN+EO7CXfRsm7HWGpABF5wNK3vIEF2uRr2VJMvgqS
+9eNwhJyOzoca4xFSwCkc6dACGGkV+CqhufdFBhmcAsUotSxe3zmrBjqA0B/nxIvH
+DVgOAMnVCe+Lmv8T0mFgqZSJdIUdKjnOLu/GRFhjDKIak4jeMBMTYpVnU+HhMHLq
+uDiZkNEvEEGhBQmZuI8J55F/a6UURnxUwT3piyi3Pmr2IFD7ahBxPzOBCQARAQAB
+tCdGZWRvcmEgKGVwZWw5KSA8ZXBlbEBmZWRvcmFwcm9qZWN0Lm9yZz6JAk4EEwEI
+ADgWIQT/itE0RZcQbs6BO5GKOHK/MihGfAUCYTeY6wIbDwULCQgHAgYVCgkICwIE
+FgIDAQIeAQIXgAAKCRCKOHK/MihGfFX/EACBPWv20+ttYu1A5WvtHJPzwbj0U4yF
+3zTQpBglQ2UfkRpYdipTlT3Ih6j5h2VmgRPtINCc/ZE28adrWpBoeFIS2YAKOCLC
+nZYtHl2nCoLq1U7FSttUGsZ/t8uGCBgnugTfnIYcmlP1jKKA6RJAclK89evDQX5n
+R9ZD+Cq3CBMlttvSTCht0qQVlwycedH8iWyYgP/mF0W35BIn7NuuZwWhgR00n/VG
+4nbKPOzTWbsP45awcmivdrS74P6mL84WfkghipdmcoyVb1B8ZP4Y/Ke0RXOnLhNe
+CfrXXvuW+Pvg2RTfwRDtehGQPAgXbmLmz2ZkV69RGIr54HJv84NDbqZovRTMr7gL
+9k3ciCzXCiYQgM8yAyGHV0KEhFSQ1HV7gMnt9UmxbxBE2pGU7vu3CwjYga5DpwU7
+w5wu1TmM5KgZtZvuWOTDnqDLf0cKoIbW8FeeCOn24elcj32bnQDuF9DPey1mqcvT
+/yEo/Ushyz6CVYxN8DGgcy2M9JOsnmjDx02h6qgWGWDuKgb9jZrvRedpAQCeemEd
+fhEs6ihqVxRFl16HxC4EVijybhAL76SsM2nbtIqW1apBQJQpXWtQwwdvgTVpdEtE
+r4ArVJYX5LrswnWEQMOelugUG6S3ZjMfcyOa/O0364iY73vyVgaYK+2XtT2usMux
+VL469Kj5m13T6w==
+=Mjs/
+-----END PGP PUBLIC KEY BLOCK-----
--- a/salt/repo/client/files/rocky/SALTSTACK-GPG-KEY2.pub
+++ b/salt/repo/client/files/rocky/SALTSTACK-GPG-KEY2.pub
@@ -0,0 +1,31 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBGLXV/8BCADCuomk2pibSOuLQeKMIwV3Afy60080hykdc4tU4qQS+zBJZZC0
+VBl2TAOmMWyeY5DRF2ibRTx6Ap8qYefuEjWlo2WHWWZH4WhNkJWL3aWiu8Ga+fFo
+ebjoUFLGgpKDGKveO9PF8A41IP1CLvDicpWXTxfqzQKDOvg3g5EmCx+5ksviXHJ1
+lY5CBbhVPmU3ruzGBqN/6B90VyTicbIyIZKZdnElAqaW6OiEaOmj2Oadi3ARJLWA
+8rpVPweZE0/S4B5UIuMh+JVJU3Os1BUXHKN3LAPENZa1NNYX3j53GxGMf+SAKe0g
+QHe+fHiiB7a6iBl09W8cUJh8HINXW+vvU6mZABEBAAG0MlNhbHRTdGFjayBQYWNr
+YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQFSBBMBCAA8FiEE
+9+rekz4krjI0B2hWN6cQR50w17YFAmLXV/8CGwMFCwkIBwIDIgIBBhUKCQgLAgQW
+AgMBAh4HAheAAAoJEDenEEedMNe2d0MH/36khQzCWMc5ezznO7bcOHOS3OWjQveF
+Vv60y54QRnINCEa7w7ckjiap3dUSJxTo5eoAKNbgX5SgrshEY1HDXDoqgumHJLFW
+J+L4f3CXFBhvObUOwB7ApUNHURcoNQYK7kS/vUJrQ3dFyT7uvgysGtv+/WpboY1s
+ScJnVtWyQmLe7qj5pJ0aI5pPjFnP9869zPScNb6o6lbqGp/xhnL5NkZCF0DNgItw
+HXyNsRPyc8JG+P+GP80XWZ37ajEdwkiPbtu3CD5pvBO1w5FPLBwuH5CSgQFEcA4V
+QH8ThU0P1IhKe3xPRNgawcBTAHXqOD0OxilAIsQdfrKkRiTEcZtFZW25AQ0EYtdX
+/wEIANFBzJfSks4ti/JQkECtEAwH7OtqUxu1QhSSRusGsQu/PpjBRZzlaVlKjS4c
+fGTiZ8+25RX063vBQ+XpuTN9T9boEE4EywM11FCx1zRZIc+HlLOIJ10uKWUapmPM
+7flnQWXMgJzP47rHe0ofEHlP4/av5C1imgWEtEpYyn1B4qgSxvLFDq46rD5m+DP
+2xNZbwWd0uSAG/wZNonVkISYymB0UTnUm8FABH1Ci7lXO9JnuW+IvVt32C5VibGy
+FXdAJGmIiqsvBhJSUl+GJhO6NTXntuevqPLUXD9PuHWo4Vo1Afek8kqZByyiyrTZ
+StDhrbo/8dSAVQMibLEfNS7R0QkAEQEAAYkBNgQYAQgAIBYhBPfq3pM+JK4yNAdo
+VjenEEedMNe2BQJi11f/AhsMAAoJEDenEEedMNe2zhgH/0wxbQpaCho0BRbUbe6L
+jm9r3yTWn6M+yYv+cBeH9sbobIVOqTvZcawzTEPWa+eVbKgkqhZjUTyfFDpjq9s6
+67zLZnCh85hLoyieSQBER59dc1pmqZJP3VrAIT1lGKMIdjZoN8JAF8IbmJHE1j65
+iZZdhbxfFHnDx22gQ+3nfniTNTWsfVAQeoAjeOuakPKdfUEMsXPBhtBBuFY4NcrT
+TIsBevT4J/STCLkEqlMtYC8ldxUCZqQXdtxqltC4k+y0kp4PmNc3/Vmp65oAeuxI
+d8TNwgZdamdinv5mPrTfBqSNiELQAcPQnOwpsqEDYF2pq9L4sdNGavP5ZvPGRLkH
+uU=
+=383D
+-----END PGP PUBLIC KEY BLOCK-----
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -886,19 +886,13 @@ detect_cloud() {
 detect_os() {
 	title "Detecting Base OS"
 	if [ -f /etc/redhat-release ]; then
-		if grep -q "CentOS Linux release 7" /etc/redhat-release; then
-			OS=centos
-			OSVER=7
-			is_centos=true
-			pkgman="yum"
-		elif grep -q "Rocky Linux release 8" /etc/redhat-release; then
+		if grep -q "Rocky Linux release 9" /etc/redhat-release; then
 			OS=rocky
-			OSVER=8
+			OSVER=9
 			is_rocky=true
 			pkgman="dnf"
-			info "We currently do not support Rocky Linux $OSVER but we are working on it!"
 		else
-			info "We do not support the version of CentOS you are trying to use."
+			info "We do not support the operating system you are trying to use."
 			exit 1
 		fi

@@ -932,13 +926,10 @@ installer_progress_loop() {
 }

 installer_prereq_packages() {
-	if [ "$OS" == centos ]; then
+	if [ "$OS" == rocky ]; then
 		if [[ ! $is_iso ]]; then
-			if ! yum versionlock > /dev/null 2>&1; then
-				logCmd "yum -y install yum-plugin-versionlock"
-			fi
 			if ! command -v nmcli > /dev/null 2>&1; then
-				logCmd "yum -y install NetworkManager"
+				logCmd "dnf -y install NetworkManager"
 			fi
 		fi
 		logCmd "systemctl enable NetworkManager"
@@ -1715,7 +1706,7 @@ proxy_validate() {
 }

 reserve_group_ids() {
-	# This is a hack to fix CentOS from taking group IDs that we need
+	# This is a hack to fix OS from taking group IDs that we need
 	logCmd "groupadd -g 928 kratos"
 	logCmd "groupadd -g 930 elasticsearch"
 	logCmd "groupadd -g 931 logstash"
@@ -1837,8 +1828,8 @@ reset_proxy() {

 	[[ -f /etc/gitconfig ]] && rm -f /etc/gitconfig
 	
-	if [[ $is_centos ]]; then
-		sed -i "/proxy=/d" /etc/yum.conf
+	if [[ $is_rocky ]]; then
+		sed -i "/proxy=/d" /etc/dnf/dnf.conf
 	else
 		[[ -f /etc/apt/apt.conf.d/00-proxy.conf ]] && rm -f /etc/apt/apt.conf.d/00-proxy.conf
 	fi
@@ -1881,9 +1872,9 @@ drop_install_options() {

 remove_package() {
 	local package_name=$1
-	if [[ $is_centos ]]; then
+	if [[ $is_rocky ]]; then
 		if rpm -qa | grep -q "$package_name"; then
-			logCmd "yum remove -y $package_name"
+			logCmd "dnf remove -y $package_name"
 		fi
 	else
 		if dpkg -l | grep -q "$package_name"; then
@@ -1908,7 +1899,7 @@ securityonion_repo() {
 			echo "Syncing Repo"
 			repo_sync_local
 		fi
-		logCmd "yum -v clean all"
+		logCmd "dnf -v clean all"
 		logCmd "mkdir -vp /root/oldrepos"
 		logCmd "mv -v /etc/yum.repos.d/* /root/oldrepos/"
 		logCmd "ls -la /etc/yum.repos.d/"
@@ -1928,13 +1919,13 @@ securityonion_repo() {
 		fi

 		# need to yum clean all before repo conf files are removed or clean,cleans nothing
-		logCmd "yum repolist all"
+		logCmd "dnf repolist all"
 		# update this package because the repo config files get added back
 		# if the package is updated when the update_packages function is called
-		logCmd "yum -v -y update centos-release"
+		logCmd "dnf -v -y update rocky-release"
 		info "Backing up the .repo files that were added by the centos-release package."
-		logCmd "mv -bvf /etc/yum.repos.d/CentOS* /root/oldrepos/"
-		logCmd "yum repolist all"
+		logCmd "mv -bvf /etc/yum.repos.d/rocky* /root/oldrepos/"
+		logCmd "dnf repolist all"
 	fi
 }

@@ -1968,14 +1959,14 @@ repo_sync_local() {
 	if [[ ! "$REPOSYNC" -gt 0 ]]; then
 		# Install reposync
 		info "Installing createrepo"
-		logCmd "yum -y install -c /root/repodownload.conf yum-utils createrepo"
+		logCmd "dnf -y install -c /root/repodownload.conf createrepo"
 	else
 		info "We have what we need to sync"
 	fi

 	# Make sure we can get to the sig repo
    logCmd "curl --retry 5 --retry-delay 60 -A 'gridinstall/$SOVERSION/$OS/$(uname -r)' https://sigs.securityonion.net/checkup --output /tmp/checkup" 
-	logCmd "reposync --norepopath -n -g -l -d -m -c /root/repodownload.conf -r securityonionsync --download-metadata -p /nsm/repo/"
+	logCmd "dnf reposync --norepopath -n -g --delete -m -c /root/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/"
 	

 	# After the download is complete run createrepo