From dc8c80633b59db2b15d0647c980800103d61b657 Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Wed, 1 Jul 2026 10:23:04 -0500 Subject: [PATCH 1/3] update airgap soup to sync uek repo from iso and retain latest packages only --- salt/manager/tools/sbin/soup | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 3c4cbe7c4..92d89f5e6 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -245,6 +245,7 @@ check_airgap() { UPDATE_DIR=/tmp/soagupdate/SecurityOnion AGDOCKER=/tmp/soagupdate/docker AGREPO=/tmp/soagupdate/minimal/Packages + AGUEKREPO=/tmp/soagupdate/uek/Packages else is_airgap=1 fi @@ -1004,13 +1005,19 @@ update_airgap_rules() { rsync -a $UPDATE_DIR/agrules/securityonion-resources/* /nsm/securityonion-resources/ } -update_airgap_repo() { +update_airgap_repos() { # Update the files in the repo - echo "Syncing new updates to /nsm/repo" - rsync -a $AGREPO/* /nsm/repo/ - echo "Creating repo" + echo "Syncing new updates to /nsm/repo & /nsm/kernelrepo" + # using --delete to replicate so-repo-sync behavior of keeping only latest packages in local repo + rsync -a --delete "$AGREPO"/ /nsm/repo/ + rsync -a --delete "$AGUEKREPO"/ /nsm/kernelrepo/ + dnf -y install yum-utils createrepo_c + + echo "Running createrepo for /nsm/repo" createrepo /nsm/repo + echo "Running createrepo for /nsm/kernelrepo" + createrepo /nsm/kernelrepo } update_salt_mine() { @@ -1766,7 +1773,7 @@ main() { set -e if [[ $is_airgap -eq 0 ]]; then - update_airgap_repo + update_airgap_repos dnf clean all check_os_updates elif [[ $OS == 'oracle' ]]; then From e88eb65a4400b3d3b5f43bc765b9dc79ce1edb18 Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Wed, 1 Jul 2026 10:29:05 -0500 Subject: [PATCH 2/3] keep old packages for rollback ability --- salt/manager/tools/sbin/soup | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index 92d89f5e6..b84c38087 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -244,8 +244,7 @@ check_airgap() { is_airgap=0 UPDATE_DIR=/tmp/soagupdate/SecurityOnion AGDOCKER=/tmp/soagupdate/docker - AGREPO=/tmp/soagupdate/minimal/Packages - AGUEKREPO=/tmp/soagupdate/uek/Packages + AGREPO=/tmp/soagupdate/minimal/Packages AGUEKREPO=/tmp/soagupdate/uek/Packages else is_airgap=1 fi @@ -1008,9 +1007,9 @@ update_airgap_rules() { update_airgap_repos() { # Update the files in the repo echo "Syncing new updates to /nsm/repo & /nsm/kernelrepo" - # using --delete to replicate so-repo-sync behavior of keeping only latest packages in local repo - rsync -a --delete "$AGREPO"/ /nsm/repo/ - rsync -a --delete "$AGUEKREPO"/ /nsm/kernelrepo/ + # Airgap soup copies new files into the local repo, but doesn't remove old packages. Retaining the ability to rollback package updates + rsync -a "$AGREPO"/ /nsm/repo/ + rsync -a "$AGUEKREPO"/ /nsm/kernelrepo/ dnf -y install yum-utils createrepo_c From 24b75b4a2ba5ce8f4548bbfd3f72d1c1172d3c36 Mon Sep 17 00:00:00 2001 From: reyesj2 <94730068+reyesj2@users.noreply.github.com> Date: Wed, 1 Jul 2026 12:50:23 -0500 Subject: [PATCH 3/3] typo --- salt/manager/tools/sbin/soup | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup index b84c38087..6725cc95c 100755 --- a/salt/manager/tools/sbin/soup +++ b/salt/manager/tools/sbin/soup @@ -244,7 +244,8 @@ check_airgap() { is_airgap=0 UPDATE_DIR=/tmp/soagupdate/SecurityOnion AGDOCKER=/tmp/soagupdate/docker - AGREPO=/tmp/soagupdate/minimal/Packages AGUEKREPO=/tmp/soagupdate/uek/Packages + AGREPO=/tmp/soagupdate/minimal/Packages + AGUEKREPO=/tmp/soagupdate/uek/Packages else is_airgap=1 fi