soup salt and repos ohh my

salt/common/init.sls

@@ -74,6 +74,12 @@ repair_yumdb:
     - onlyif:
       - 'yum check-update 2>&1 | grep "Error: rpmdb open failed"'
 
+crsynckeys:
+  file.recurse:
+    - name: /etc/pki/rpm_gpg
+    - source: salt://common/keys/
+
+
 crbase:
   file.absent:
     - name: /etc/yum.repos.d/CentOS-Base.repo

salt/common/tools/sbin/soup

@@ -409,6 +409,30 @@ up_2.3.2X_to_2.3.30() {
       sed -i "/^strelka:/a \\  repos: \n    - https://github.com/Neo23x0/signature-base" /opt/so/saltstack/local/pillar/global.sls;
   fi
   check_log_size_limit
+  INSTALLEDVERSION=2.3.30
+}
+
+up_2.3.3X_to_2.3.50() {
+  if [[ $OS == 'centos' ]]; then
+    # Import GPG Keys
+    gpg_rpm_import
+
+    if [[ ! $is_airgap ]]; then
+
+      DELREPOS=('CentOS-Base' 'CentOS-CR' 'CentOS-Debuginfo' 'docker-ce' 'CentOS-fasttrack' 'CentOS-Media' 'CentOS-Sources' 'CentOS-Vault' 'CentOS-x86_64-kernel' 'epel' 'epel-testing' 'saltstack' 'wazuh')
+    
+      for DELREPO in "${DELREPOS[@]}";
+        rm /etc/yum.repos.d/$DELREPO
+      done
+
+      # Copy the new repo file if not airgap
+      cp $UPDATE_DIR/salt/common/yum_repos/securityonion.repo /etc/yum.repos.d/
+      yum clean all
+      yum repolist
+    fi
+  fi
+  INSTALLEDVERSION=2.3.50
+  
 }
 
 verify_upgradespace() {
@@ -503,7 +527,7 @@ upgrade_salt() {
   echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION."
   echo ""
   # If CentOS
-  if [ "$OS" == "centos" ]; then
+  if [[ $OS == 'centos' ]]; then
     echo "Removing yum versionlock for Salt."
     echo ""
     yum versionlock delete "salt-*"
@@ -518,7 +542,7 @@ upgrade_salt() {
     echo ""
     yum versionlock add "salt-*"
   # Else do Ubuntu things
-  elif [ "$OS" == "ubuntu" ]; then
+  elif [[ $OS == 'ubuntu' ]]; then
     echo "Removing apt hold for Salt."
     echo ""
     apt-mark unhold "salt-common"

salt/common/yum_repos/securityonion.repo

@@ -31,25 +31,25 @@ name=Extra Packages for Enterprise Linux 7 - $basearch
 baseurl=https://repo.securityonion.net/file/securityonion-repo/epel/
 enabled=1
 gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/RPM-GPG-KEY-EPEL-7
+gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
 
 [docker-ce-stable]
 name=Docker CE Stable - $basearch
 baseurl=https://repo.securityonion.net/file/securityonion-repo/docker-ce-stable
 enabled=1
 gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/docker.pub
+gpgkey=file:///etc/pki/rpm-gpg/docker.pub
 
-[saltstack]
+[saltstack3003]
 name=SaltStack repo for RHEL/CentOS $releasever PY3
-baseurl=https://repo.securityonion.net/file/securityonion-repo/saltstack/
+baseurl=https://repo.securityonion.net/file/securityonion-repo/saltstack3003/
 enabled=1
 gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/SALTSTACK-GPG-KEY.pub
+gpgkey=file:///etc/pki/rpm-gpg/SALTSTACK-GPG-KEY.pub
 
 [wazuh_repo]
 gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/GPG-KEY-WAZUH
+gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-WAZUH
 enabled=1
 name=Wazuh repository
 baseurl=https://repo.securityonion.net/file/securityonion-repo/wazuh_repo/
@@ -57,7 +57,7 @@ protect=1
 
 [wazuh4_repo]
 gpgcheck=1
-gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/GPG-KEY-WAZUH
+gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-WAZUH
 enabled=1
 name=Wazuh repository
 baseurl=https://repo.securityonion.net/file/securityonion-repo/wazuh4_repo/

salt/common/yum_repos/securityonioncache.repo

@@ -40,9 +40,9 @@ enabled=1
 gpgcheck=1
 gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/docker.pub
 
-[saltstack]
+[saltstack3003]
 name=SaltStack repo for RHEL/CentOS $releasever PY3
-baseurl=http://repocache.securityonion.net/file/securityonion-repo/saltstack/
+baseurl=http://repocache.securityonion.net/file/securityonion-repo/saltstack3003/
 enabled=1
 gpgcheck=1
 gpgkey=https://repo.securityonion.net/file/securityonion-repo/keys/SALTSTACK-GPG-KEY.pub