Merge remote-tracking branch 'remotes/origin/soup2350' into salt3003.1

2025-12-06 17:22:49 +01:00 · 2021-04-06 15:48:36 -04:00
parent 80509fbbc6 92768ecd08
commit 9c7309797a
4 changed files with 40 additions and 9 deletions
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -74,6 +74,12 @@ repair_yumdb:
    - onlyif:
      - 'yum check-update 2>&1 | grep "Error: rpmdb open failed"'

+crsynckeys:
+  file.recurse:
+    - name: /etc/pki/rpm_gpg
+    - source: salt://common/keys/
+
+
 crbase:
  file.absent:
    - name: /etc/yum.repos.d/CentOS-Base.repo
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -239,6 +239,7 @@ preupgrade_changes() {
    [[ "$INSTALLEDVERSION" =~ rc.3 ]] && rc3_to_2.3.0
    [[ "$INSTALLEDVERSION" == 2.3.0 || "$INSTALLEDVERSION" == 2.3.1 || "$INSTALLEDVERSION" == 2.3.2 || "$INSTALLEDVERSION" == 2.3.10 ]] && up_2.3.0_to_2.3.20
    [[ "$INSTALLEDVERSION" == 2.3.20 || "$INSTALLEDVERSION" == 2.3.21 ]] && up_2.3.2X_to_2.3.30
+    [[ "$INSTALLEDVERSION" == 2.3.30 ]] && up_2.3.3X_to_2.3.50
 }

 postupgrade_changes() {
@@ -409,6 +410,30 @@ up_2.3.2X_to_2.3.30() {
      sed -i "/^strelka:/a \\  repos: \n    - https://github.com/Neo23x0/signature-base" /opt/so/saltstack/local/pillar/global.sls;
  fi
  check_log_size_limit
+  INSTALLEDVERSION=2.3.30
+}
+
+up_2.3.3X_to_2.3.50() {
+  if [[ $OS == 'centos' ]]; then
+    # Import GPG Keys
+    gpg_rpm_import
+
+    if [[ ! $is_airgap ]]; then
+
+      DELREPOS=('CentOS-Base' 'CentOS-CR' 'CentOS-Debuginfo' 'docker-ce' 'CentOS-fasttrack' 'CentOS-Media' 'CentOS-Sources' 'CentOS-Vault' 'CentOS-x86_64-kernel' 'epel' 'epel-testing' 'saltstack' 'wazuh')
+    
+      for DELREPO in "${DELREPOS[@]}";
+        rm /etc/yum.repos.d/$DELREPO
+      done
+
+      # Copy the new repo file if not airgap
+      cp $UPDATE_DIR/salt/common/yum_repos/securityonion.repo /etc/yum.repos.d/
+      yum clean all
+      yum repolist
+    fi
+  fi
+  INSTALLEDVERSION=2.3.50
+  
 }

 verify_upgradespace() {
@@ -503,7 +528,7 @@ upgrade_salt() {
  echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION."
  echo ""
  # If CentOS
-  if [ "$OS" == "centos" ]; then
+  if [[ $OS == 'centos' ]]; then
    echo "Removing yum versionlock for Salt."
    echo ""
    yum versionlock delete "salt-*"
@@ -514,7 +539,7 @@ upgrade_salt() {
    echo ""
    yum versionlock add "salt-*"
  # Else do Ubuntu things
-  elif [ "$OS" == "ubuntu" ]; then
+  elif [[ $OS == 'ubuntu' ]]; then
    echo "Removing apt hold for Salt."
    echo ""
    apt-mark unhold "salt-common"
--- a/salt/common/yum_repos/securityonion.repo
+++ b/salt/common/yum_repos/securityonion.repo
@@ -31,25 +31,25 @@ name=Extra Packages for Enterprise Linux 7 - $basearch
 baseurl=https://repo.securityonion.net/file/securityonion-repo/epel/
 enabled=1
 gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/RPM-GPG-KEY-EPEL-7
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

 [docker-ce-stable]
 name=Docker CE Stable - $basearch
 baseurl=https://repo.securityonion.net/file/securityonion-repo/docker-ce-stable
 enabled=1
 gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/docker.pub
+gpgkey=file:///etc/pki/rpm-gpg/docker.pub

-[saltstack]
+[saltstack3003]
 name=SaltStack repo for RHEL/CentOS $releasever PY3
 baseurl=https://repo.securityonion.net/file/securityonion-repo/saltstack3003/
 enabled=1
 gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/SALTSTACK-GPG-KEY.pub
+gpgkey=file:///etc/pki/rpm-gpg/SALTSTACK-GPG-KEY.pub

 [wazuh_repo]
 gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/GPG-KEY-WAZUH
+gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-WAZUH
 enabled=1
 name=Wazuh repository
 baseurl=https://repo.securityonion.net/file/securityonion-repo/wazuh_repo/
@@ -57,7 +57,7 @@ protect=1

 [wazuh4_repo]
 gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/GPG-KEY-WAZUH
+gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-WAZUH
 enabled=1
 name=Wazuh repository
 baseurl=https://repo.securityonion.net/file/securityonion-repo/wazuh4_repo/
--- a/salt/common/yum_repos/securityonioncache.repo
+++ b/salt/common/yum_repos/securityonioncache.repo
@@ -40,7 +40,7 @@ enabled=1
 gpgcheck=1
 gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/docker.pub

-[saltstack]
+[saltstack3003]
 name=SaltStack repo for RHEL/CentOS $releasever PY3
 baseurl=http://repocache.securityonion.net/file/securityonion-repo/saltstack3003/
 enabled=1