From 81c1d8362d8e5c09089ec77c671e31aef7f39642 Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Fri, 13 Mar 2026 15:09:37 -0400
Subject: [PATCH 1/6] Fix pcap migration to strip yaml document end marker from
 so-yaml output

---
 salt/manager/tools/sbin/soup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 16fb9e669..60d0a9bda 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -396,7 +396,7 @@ migrate_pcap_to_suricata() {
 
   for pillar_file in "$PCAPFILE" "$MINIONDIR"/*.sls; do
     [[ -f "$pillar_file" ]] || continue
-    pcap_enabled=$(so-yaml.py get "$pillar_file" pcap.enabled 2>/dev/null) || continue
+    pcap_enabled=$(so-yaml.py get "$pillar_file" pcap.enabled 2>/dev/null | head -1) || continue
     so-yaml.py add "$pillar_file" suricata.pcap.enabled "$pcap_enabled"
     so-yaml.py remove "$pillar_file" pcap
   done

From 322c0b8d568e432b35970c2419353681e63a05d3 Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Fri, 13 Mar 2026 15:14:19 -0400
Subject: [PATCH 2/6] Move pcap.enabled under suricata.pcap.enabled in
 so-minion

---
 salt/manager/tools/sbin/so-minion | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/salt/manager/tools/sbin/so-minion b/salt/manager/tools/sbin/so-minion
index 417b1eaf3..2d5ef448e 100755
--- a/salt/manager/tools/sbin/so-minion
+++ b/salt/manager/tools/sbin/so-minion
@@ -462,19 +462,14 @@ function add_sensor_to_minion() {
         echo "      lb_procs: '$CORECOUNT'"
         echo "suricata:"
         echo "  enabled: True "
+        echo "  pcap:"
+        echo "    enabled: True"
         if [[ $is_pcaplimit ]]; then
-            echo "  pcap:"
             echo "    maxsize: $MAX_PCAP_SPACE"
         fi
         echo "  config:"
         echo "    af-packet:"
         echo "      threads: '$CORECOUNT'"
-        echo "pcap:"
-        echo "  enabled: True"
-        if [[ $is_pcaplimit ]]; then
-            echo "  config:"
-            echo "    diskfreepercentage: $DFREEPERCENT"
-        fi
         echo "  "
     } >> $PILLARFILE
     if [ $? -ne 0 ]; then

From e2483e4be01a6aa59652c6d9bfa44a30404820e5 Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Fri, 13 Mar 2026 15:22:29 -0400
Subject: [PATCH 3/6] Fix so-yaml addKey crash when intermediate key has None
 value

---
 salt/manager/tools/sbin/so-yaml.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/manager/tools/sbin/so-yaml.py b/salt/manager/tools/sbin/so-yaml.py
index fd5d8b056..6f412b725 100755
--- a/salt/manager/tools/sbin/so-yaml.py
+++ b/salt/manager/tools/sbin/so-yaml.py
@@ -256,7 +256,7 @@ def replacelistobject(args):
 def addKey(content, key, value):
     pieces = key.split(".", 1)
     if len(pieces) > 1:
-        if not pieces[0] in content:
+        if pieces[0] not in content or content[pieces[0]] is None:
             content[pieces[0]] = {}
         addKey(content[pieces[0]], pieces[1], value)
     elif key in content:

From 7f4adb70bdac8e38042b14c12cd8f96097118a4b Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Fri, 13 Mar 2026 15:34:04 -0400
Subject: [PATCH 4/6] Fix so-yaml get to print scalar values without YAML
 document end marker

---
 salt/manager/tools/sbin/so-yaml.py | 5 ++++-
 salt/manager/tools/sbin/soup       | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/salt/manager/tools/sbin/so-yaml.py b/salt/manager/tools/sbin/so-yaml.py
index 6f412b725..3558e57d8 100755
--- a/salt/manager/tools/sbin/so-yaml.py
+++ b/salt/manager/tools/sbin/so-yaml.py
@@ -346,7 +346,10 @@ def get(args):
         print(f"Key '{key}' not found by so-yaml.py", file=sys.stderr)
         return 2
 
-    print(yaml.safe_dump(output))
+    if isinstance(output, (dict, list)):
+        print(yaml.safe_dump(output).strip())
+    else:
+        print(output)
     return 0
 
 
diff --git a/salt/manager/tools/sbin/soup b/salt/manager/tools/sbin/soup
index 60d0a9bda..16fb9e669 100755
--- a/salt/manager/tools/sbin/soup
+++ b/salt/manager/tools/sbin/soup
@@ -396,7 +396,7 @@ migrate_pcap_to_suricata() {
 
   for pillar_file in "$PCAPFILE" "$MINIONDIR"/*.sls; do
     [[ -f "$pillar_file" ]] || continue
-    pcap_enabled=$(so-yaml.py get "$pillar_file" pcap.enabled 2>/dev/null | head -1) || continue
+    pcap_enabled=$(so-yaml.py get "$pillar_file" pcap.enabled 2>/dev/null) || continue
     so-yaml.py add "$pillar_file" suricata.pcap.enabled "$pcap_enabled"
     so-yaml.py remove "$pillar_file" pcap
   done

From 1713f6af769033ca2dd1f472ede5836861b2d340 Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Fri, 13 Mar 2026 15:53:53 -0400
Subject: [PATCH 5/6] Fix so-yaml tests to match scalar output without document
 end marker

---
 salt/manager/tools/sbin/so-yaml_test.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/manager/tools/sbin/so-yaml_test.py b/salt/manager/tools/sbin/so-yaml_test.py
index 6f479921b..d48136bf4 100644
--- a/salt/manager/tools/sbin/so-yaml_test.py
+++ b/salt/manager/tools/sbin/so-yaml_test.py
@@ -393,7 +393,7 @@ class TestRemove(unittest.TestCase):
 
             result = soyaml.get([filename, "key1.child2.deep1"])
             self.assertEqual(result, 0)
-            self.assertIn("45\n...", mock_stdout.getvalue())
+            self.assertEqual("45\n", mock_stdout.getvalue())
 
     def test_get_str(self):
         with patch('sys.stdout', new=StringIO()) as mock_stdout:
@@ -404,7 +404,7 @@ class TestRemove(unittest.TestCase):
 
             result = soyaml.get([filename, "key1.child2.deep1"])
             self.assertEqual(result, 0)
-            self.assertIn("hello\n...", mock_stdout.getvalue())
+            self.assertEqual("hello\n", mock_stdout.getvalue())
 
     def test_get_list(self):
         with patch('sys.stdout', new=StringIO()) as mock_stdout:

From 12dec366e08add8fd68a869928d3cbb38ddcbc0e Mon Sep 17 00:00:00 2001
From: Mike Reeves <reevesmk@gmail.com>
Date: Fri, 13 Mar 2026 15:58:47 -0400
Subject: [PATCH 6/6] Fix so-yaml get to output booleans in YAML format and add
 bool test

---
 salt/manager/tools/sbin/so-yaml.py      |  4 +++-
 salt/manager/tools/sbin/so-yaml_test.py | 11 +++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/salt/manager/tools/sbin/so-yaml.py b/salt/manager/tools/sbin/so-yaml.py
index 3558e57d8..598948119 100755
--- a/salt/manager/tools/sbin/so-yaml.py
+++ b/salt/manager/tools/sbin/so-yaml.py
@@ -346,7 +346,9 @@ def get(args):
         print(f"Key '{key}' not found by so-yaml.py", file=sys.stderr)
         return 2
 
-    if isinstance(output, (dict, list)):
+    if isinstance(output, bool):
+        print(str(output).lower())
+    elif isinstance(output, (dict, list)):
         print(yaml.safe_dump(output).strip())
     else:
         print(output)
diff --git a/salt/manager/tools/sbin/so-yaml_test.py b/salt/manager/tools/sbin/so-yaml_test.py
index d48136bf4..b829108a0 100644
--- a/salt/manager/tools/sbin/so-yaml_test.py
+++ b/salt/manager/tools/sbin/so-yaml_test.py
@@ -406,6 +406,17 @@ class TestRemove(unittest.TestCase):
             self.assertEqual(result, 0)
             self.assertEqual("hello\n", mock_stdout.getvalue())
 
+    def test_get_bool(self):
+        with patch('sys.stdout', new=StringIO()) as mock_stdout:
+            filename = "/tmp/so-yaml_test-get.yaml"
+            file = open(filename, "w")
+            file.write("{key1: { child1: 123, child2: { deep1: 45 } }, key2: false, key3: [e,f,g]}")
+            file.close()
+
+            result = soyaml.get([filename, "key2"])
+            self.assertEqual(result, 0)
+            self.assertEqual("false\n", mock_stdout.getvalue())
+
     def test_get_list(self):
         with patch('sys.stdout', new=StringIO()) as mock_stdout:
             filename = "/tmp/so-yaml_test-get.yaml"