CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11461 from Security-Onion-Solutions/fix/pkgs

Browse Source
This commit is contained in:
Mike Reeves
2023-10-02 17:38:38 -04:00
committed by GitHub
parent d91eaa9ae5 8995752c27
commit a35889ebdc
3 changed files with 30 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/common/init.sls
View File

@@ -91,7 +91,6 @@ vimconfig:
alwaysupdated: alwaysupdated:
pkg.latest: pkg.latest:
- pkgs: - pkgs:
- openssl
- openssh-server - openssh-server
- bash - bash
- skip_suggestions: True - skip_suggestions: True

29
salt/common/packages.sls
View File

@@ -46,6 +46,32 @@ python-rich:
{% endif %} {% endif %}
{% if GLOBALS.os_family == 'RedHat' %} {% if GLOBALS.os_family == 'RedHat' %}
# install versionlock first so we can hold packages in the next states
install_versionlock:
pkg.installed:
- name: python3-dnf-plugin-versionlock
# holding these since openssl-devel-1:3.0.7-16.0.1.el9_2 seems to be a requirement for mariadb-devel-3:10.5.16-2.el9_0
# https://github.com/Security-Onion-Solutions/securityonion/discussions/11443
holdversion_openssl:
pkg.held:
- name: openssl
- version: 1:3.0.7-16.0.1.el9_2
holdversion_openssl-libs:
pkg.held:
- name: openssl-libs
- version: 1:3.0.7-16.0.1.el9_2
openssl_pkgs:
pkg.installed:
- skip_suggestions: True
- update_holds: True
- pkgs:
- openssl: 1:3.0.7-16.0.1.el9_2
- openssl-libs: 1:3.0.7-16.0.1.el9_2
commonpkgs: commonpkgs:
pkg.installed: pkg.installed:
- skip_suggestions: True - skip_suggestions: True
@@ -65,9 +91,7 @@ commonpkgs:
- mariadb-devel - mariadb-devel
- net-tools - net-tools
- nmap-ncat - nmap-ncat
- openssl
- procps-ng - procps-ng
- python3-dnf-plugin-versionlock
- python3-docker - python3-docker
- python3-m2crypto - python3-m2crypto
- python3-packaging - python3-packaging
@@ -79,4 +103,5 @@ commonpkgs:
- unzip - unzip
- wget - wget
- yum-utils - yum-utils
{% endif %} {% endif %}

4
setup/so-functions
View File

@@ -2443,7 +2443,9 @@ update_sudoers_for_testing() {
update_packages() { update_packages() {
if [[ $is_oracle ]]; then if [[ $is_oracle ]]; then
logCmd "dnf repolist" logCmd "dnf repolist"
logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*" # holding openssl https://github.com/Security-Onion-Solutions/securityonion/discussions/11443
logCmd "dnf -y install openssl-1:3.0.7-16.0.1.el9_2 openssl-libs-1:3.0.7-16.0.1.el9_2 openssl-devel-1:3.0.7-16.0.1.el9_2"
logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*,openssl*"
RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo") RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo")
info "Removing repo files added by oracle-repos package update" info "Removing repo files added by oracle-repos package update"
for FILE in ${RMREPOFILES[@]}; do for FILE in ${RMREPOFILES[@]}; do