From bda9221d6fe203fb21198d8906f194bec34ccfb4 Mon Sep 17 00:00:00 2001 From: m0duspwnens Date: Thu, 13 Jan 2022 13:26:11 -0500 Subject: [PATCH] upgrade salt to 3004 and update bootstrap-salt.sh --- salt/salt/master.defaults.yaml | 2 +- salt/salt/minion.defaults.yaml | 4 +- salt/salt/scripts/bootstrap-salt.sh | 630 +++++++++++++++++++--------- 3 files changed, 442 insertions(+), 194 deletions(-) diff --git a/salt/salt/master.defaults.yaml b/salt/salt/master.defaults.yaml index 8588af65c..8d5e85e15 100644 --- a/salt/salt/master.defaults.yaml +++ b/salt/salt/master.defaults.yaml @@ -2,4 +2,4 @@ # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions salt: master: - version: 3003 \ No newline at end of file + version: 3004 diff --git a/salt/salt/minion.defaults.yaml b/salt/salt/minion.defaults.yaml index 560493bed..ef7bfe37c 100644 --- a/salt/salt/minion.defaults.yaml +++ b/salt/salt/minion.defaults.yaml @@ -2,6 +2,6 @@ # When updating the salt version, also update the version in securityonion-builds/images/iso-task/Dockerfile and saltify function in so-functions salt: minion: - version: 3003 + version: 3004 check_threshold: 3600 # in seconds, threshold used for so-salt-minion-check. any value less than 600 seconds may cause a lot of salt-minion restarts since the job to touch the file occurs every 5-8 minutes by default - service_start_delay: 30 # in seconds. \ No newline at end of file + service_start_delay: 30 # in seconds. diff --git a/salt/salt/scripts/bootstrap-salt.sh b/salt/salt/scripts/bootstrap-salt.sh index 3e54afce0..ee1efcdf1 100644 --- a/salt/salt/scripts/bootstrap-salt.sh +++ b/salt/salt/scripts/bootstrap-salt.sh @@ -14,16 +14,16 @@ # # BUGS: https://github.com/saltstack/salt-bootstrap/issues # -# COPYRIGHT: (c) 2012-2018 by the SaltStack Team, see AUTHORS.rst for more +# COPYRIGHT: (c) 2012-2021 by the SaltStack Team, see AUTHORS.rst for more # details. # # LICENSE: Apache 2.0 -# ORGANIZATION: SaltStack (saltstack.com) +# ORGANIZATION: SaltStack (saltproject.io) # CREATED: 10/15/2012 09:49:37 PM WEST #====================================================================================================================== set -o nounset # Treat unset variables as an error -__ScriptVersion="2020.06.23" +__ScriptVersion="2021.09.17" __ScriptName="bootstrap-salt.sh" __ScriptFullName="$0" @@ -267,12 +267,12 @@ _CUSTOM_REPO_URL="null" _CUSTOM_MASTER_CONFIG="null" _CUSTOM_MINION_CONFIG="null" _QUIET_GIT_INSTALLATION=$BS_FALSE -_REPO_URL="repo.saltstack.com" -_PY_EXE="" +_REPO_URL="repo.saltproject.io" +_PY_EXE="python3" _INSTALL_PY="$BS_FALSE" _TORNADO_MAX_PY3_VERSION="5.0" _POST_NEON_INSTALL=$BS_FALSE -_MINIMUM_PIP_VERSION="8.0.0" +_MINIMUM_PIP_VERSION="9.0.1" _MINIMUM_SETUPTOOLS_VERSION="9.1" _POST_NEON_PIP_INSTALL_ARGS="--prefix=/usr" @@ -293,9 +293,10 @@ __usage() { - stable Install latest stable release. This is the default install type - stable [branch] Install latest version on a branch. Only supported - for packages available at repo.saltstack.com + for packages available at repo.saltproject.io - stable [version] Install a specific version. Only supported for - packages available at repo.saltstack.com + packages available at repo.saltproject.io + To pin a 3xxx minor version, specify it as 3xxx.0 - testing RHEL-family specific: configure EPEL testing repo - git Install from the head of the master branch - git [ref] Install from any git ref (such as a branch, tag, or @@ -376,8 +377,8 @@ __usage() { on the system. -R Specify a custom repository URL. Assumes the custom repository URL points to a repository that mirrors Salt packages located at - repo.saltstack.com. The option passed with -R replaces the - "repo.saltstack.com". If -R is passed, -r is also set. Currently only + repo.saltproject.io. The option passed with -R replaces the + "repo.saltproject.io". If -R is passed, -r is also set. Currently only works on CentOS/RHEL and Debian based distributions. -J Replace the Master config file with data passed in as a JSON string. If a Master config file is found, a reasonable effort will be made to save @@ -603,18 +604,18 @@ elif [ "$ITYPE" = "stable" ]; then if [ "$#" -eq 0 ];then STABLE_REV="latest" else - if [ "$(echo "$1" | grep -E '^(latest|1\.6|1\.7|2014\.1|2014\.7|2015\.5|2015\.8|2016\.3|2016\.11|2017\.7|2018\.3|2019\.2|3000|3001)$')" != "" ]; then + if [ "$(echo "$1" | grep -E '^(latest|1\.6|1\.7|2014\.1|2014\.7|2015\.5|2015\.8|2016\.3|2016\.11|2017\.7|2018\.3|2019\.2|3000|3001|3002|3003|3004)$')" != "" ]; then STABLE_REV="$1" shift - elif [ "$(echo "$1" | grep -E '^(2[0-9]*\.[0-9]*\.[0-9]*|[3-9][0-9]{3}*(\.[0-9]*)?)$')" != "" ]; then - if [ "$(uname)" = "Darwin" ]; then - STABLE_REV="$1" - else - STABLE_REV="archive/$1" + elif [ "$(echo "$1" | grep -E '^(2[0-9]*\.[0-9]*\.[0-9]*|[3-9][0-9]{3}(\.[0-9]*)?)$')" != "" ]; then + # Handle the 3xxx.0 version as 3xxx archive (pin to minor) and strip the fake ".0" suffix + STABLE_REV=$(echo "$1" | sed -E 's/^([3-9][0-9]{3})\.0$/\1/') + if [ "$(uname)" != "Darwin" ]; then + STABLE_REV="archive/$STABLE_REV" fi shift else - echo "Unknown stable version: $1 (valid: 1.6, 1.7, 2014.1, 2014.7, 2015.5, 2015.8, 2016.3, 2016.11, 2017.7, 2018.3, 2019.2, 3000, 3001, latest, \$MAJOR.\$MINOR.\$PATCH until 2019.2, \$MAJOR or \$MAJOR.\$PATCH starting from 3000)" + echo "Unknown stable version: $1 (valid: 1.6, 1.7, 2014.1, 2014.7, 2015.5, 2015.8, 2016.3, 2016.11, 2017.7, 2018.3, 2019.2, 3000, 3001, 3002, 3003, 3004, latest, \$MAJOR.\$MINOR.\$PATCH until 2019.2, \$MAJOR or \$MAJOR.\$PATCH starting from 3000)" exit 1 fi fi @@ -690,7 +691,9 @@ if [ -n "$_PY_EXE" ]; then exit 1 fi - echoinfo "Detected -x option. Using $_PY_EXE to install Salt." + if [ "$_PY_EXE" != "python3" ]; then + echoinfo "Detected -x option. Using $_PY_EXE to install Salt." + fi else _PY_PKG_VER="" _PY_MAJOR_VERSION="" @@ -720,7 +723,7 @@ if [ "$ITYPE" != "git" ]; then fi fi -# Set the _REPO_URL value based on if -R was passed or not. Defaults to repo.saltstack.com. +# Set the _REPO_URL value based on if -R was passed or not. Defaults to repo.saltproject.io. if [ "$_CUSTOM_REPO_URL" != "null" ]; then _REPO_URL="$_CUSTOM_REPO_URL" @@ -899,6 +902,8 @@ __derive_debian_numeric_version() { NUMERIC_VERSION=$(__parse_version_string "9.0") elif [ "$INPUT_VERSION" = "buster/sid" ]; then NUMERIC_VERSION=$(__parse_version_string "10.0") + elif [ "$INPUT_VERSION" = "bullseye/sid" ]; then + NUMERIC_VERSION=$(__parse_version_string "11.0") else echowarn "Unable to parse the Debian Version (codename: '$INPUT_VERSION')" fi @@ -1310,6 +1315,7 @@ __ubuntu_derivatives_translation() { linuxmint_17_ubuntu_base="14.04" linuxmint_18_ubuntu_base="16.04" linuxmint_19_ubuntu_base="18.04" + linuxmint_20_ubuntu_base="20.04" linaro_12_ubuntu_base="12.04" elementary_os_02_ubuntu_base="12.04" neon_16_ubuntu_base="16.04" @@ -1358,7 +1364,7 @@ __check_dpkg_architecture() { fi __REPO_ARCH="$DPKG_ARCHITECTURE" - __REPO_ARCH_DEB='deb' + __REPO_ARCH_DEB='deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg]' __return_code=0 case $DPKG_ARCHITECTURE in @@ -1377,7 +1383,7 @@ __check_dpkg_architecture() { # Saltstack official repository does not yet have arm64 metadata, # use amd64 repositories on arm64, since all pkgs are arch-independent __REPO_ARCH="amd64" - __REPO_ARCH_DEB="deb [arch=$__REPO_ARCH]" + __REPO_ARCH_DEB="deb [signed-by=/usr/share/keyrings/salt-archive-keyring.gpg arch=$__REPO_ARCH]" warn_msg="Support for arm64 packages is experimental and might rely on architecture-independent packages from the amd64 repository." fi error_msg="" @@ -1453,6 +1459,9 @@ __ubuntu_codename_translation() { "20") DISTRO_CODENAME="focal" ;; + "21") + DISTRO_CODENAME="hirsute" + ;; *) DISTRO_CODENAME="trusty" ;; @@ -1541,20 +1550,17 @@ __debian_derivatives_translation() { __debian_codename_translation() { case $DISTRO_MAJOR_VERSION in - "7") - DISTRO_CODENAME="wheezy" - ;; - "8") - DISTRO_CODENAME="jessie" - ;; "9") DISTRO_CODENAME="stretch" ;; "10") DISTRO_CODENAME="buster" ;; + "11") + DISTRO_CODENAME="bullseye" + ;; *) - DISTRO_CODENAME="jessie" + DISTRO_CODENAME="stretch" ;; esac } @@ -1567,8 +1573,8 @@ __debian_codename_translation() { __check_end_of_life_versions() { case "${DISTRO_NAME_L}" in debian) - # Debian versions below 7 are not supported - if [ "$DISTRO_MAJOR_VERSION" -lt 8 ]; then + # Debian versions below 9 are not supported + if [ "$DISTRO_MAJOR_VERSION" -lt 9 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://wiki.debian.org/DebianReleases" @@ -1579,15 +1585,16 @@ __check_end_of_life_versions() { ubuntu) # Ubuntu versions not supported # - # < 14.04 - # = 14.10 - # = 15.04, 15.10 + # < 16.04 # = 16.10 # = 17.04, 17.10 - if [ "$DISTRO_MAJOR_VERSION" -lt 14 ] || \ - [ "$DISTRO_MAJOR_VERSION" -eq 15 ] || \ + # = 18.10 + # = 19.04, 19.10 + if [ "$DISTRO_MAJOR_VERSION" -lt 16 ] || \ [ "$DISTRO_MAJOR_VERSION" -eq 17 ] || \ - { [ "$DISTRO_MAJOR_VERSION" -eq 16 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; }; then + [ "$DISTRO_MAJOR_VERSION" -eq 19 ] || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 16 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 18 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; }; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://wiki.ubuntu.com/Releases" @@ -1631,8 +1638,8 @@ __check_end_of_life_versions() { ;; fedora) - # Fedora lower than 27 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 30 ]; then + # Fedora lower than 33 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 33 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://fedoraproject.org/wiki/Releases" @@ -1641,8 +1648,8 @@ __check_end_of_life_versions() { ;; centos) - # CentOS versions lower than 6 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 6 ]; then + # CentOS versions lower than 7 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " http://wiki.centos.org/Download" @@ -1651,8 +1658,8 @@ __check_end_of_life_versions() { ;; red_hat*linux) - # Red Hat (Enterprise) Linux versions lower than 6 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 6 ]; then + # Red Hat (Enterprise) Linux versions lower than 7 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://access.redhat.com/support/policy/updates/errata/" @@ -1661,8 +1668,8 @@ __check_end_of_life_versions() { ;; oracle*linux) - # Oracle Linux versions lower than 6 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 6 ]; then + # Oracle Linux versions lower than 7 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " http://www.oracle.com/us/support/library/elsp-lifetime-069338.pdf" @@ -1671,8 +1678,8 @@ __check_end_of_life_versions() { ;; scientific*linux) - # Scientific Linux versions lower than 6 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 6 ]; then + # Scientific Linux versions lower than 7 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://www.scientificlinux.org/downloads/sl-versions/" @@ -1681,8 +1688,8 @@ __check_end_of_life_versions() { ;; cloud*linux) - # Cloud Linux versions lower than 6 are no longer supported - if [ "$DISTRO_MAJOR_VERSION" -lt 6 ]; then + # Cloud Linux versions lower than 7 are no longer supported + if [ "$DISTRO_MAJOR_VERSION" -lt 7 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://docs.cloudlinux.com/index.html?cloudlinux_life-cycle.html" @@ -1691,9 +1698,9 @@ __check_end_of_life_versions() { ;; amazon*linux*ami) - # Amazon Linux versions lower than 2012.0X no longer supported + # Amazon Linux versions 2018.XX and lower no longer supported # Except for Amazon Linux 2, which reset the major version counter - if [ "$DISTRO_MAJOR_VERSION" -lt 2012 ] && [ "$DISTRO_MAJOR_VERSION" -gt 10 ]; then + if [ "$DISTRO_MAJOR_VERSION" -le 2018 ] && [ "$DISTRO_MAJOR_VERSION" -gt 10 ]; then echoerror "End of life distributions are not supported." echoerror "Please consider upgrading to the next stable. See:" echoerror " https://aws.amazon.com/amazon-linux-ami/" @@ -1805,7 +1812,7 @@ elif [ "${DISTRO_NAME_L}" = "debian" ]; then __debian_codename_translation fi -if [ "$(echo "${DISTRO_NAME_L}" | grep -E '(debian|ubuntu|centos|red_hat|oracle|scientific|amazon|fedora|macosx)')" = "" ] && [ "$ITYPE" = "stable" ] && [ "$STABLE_REV" != "latest" ]; then +if [ "$(echo "${DISTRO_NAME_L}" | grep -E '(debian|ubuntu|centos|gentoo|red_hat|oracle|scientific|amazon|fedora|macosx)')" = "" ] && [ "$ITYPE" = "stable" ] && [ "$STABLE_REV" != "latest" ]; then echoerror "${DISTRO_NAME} does not have major version pegged packages support" exit 1 fi @@ -1987,7 +1994,7 @@ __apt_key_fetch() { tempfile="$(__temp_gpg_pub)" __fetch_url "$tempfile" "$url" || return 1 - apt-key add "$tempfile" || return 1 + cp -f "$tempfile" /usr/share/keyrings/salt-archive-keyring.gpg && chmod 644 /usr/share/keyrings/salt-archive-keyring.gpg || return 1 rm -f "$tempfile" return 0 @@ -2511,11 +2518,11 @@ __check_services_openbsd() { } # ---------- end of function __check_services_openbsd ---------- #--- FUNCTION ------------------------------------------------------------------------------------------------------- -# NAME: __check_services_alpine +# NAME: __check_services_openrc # DESCRIPTION: Return 0 or 1 in case the service is enabled or not # PARAMETERS: servicename #---------------------------------------------------------------------------------------------------------------------- -__check_services_alpine() { +__check_services_openrc() { if [ $# -eq 0 ]; then echoerror "You need to pass a service name to check!" exit 1 @@ -2534,7 +2541,7 @@ __check_services_alpine() { echodebug "Service ${servicename} is NOT enabled" return 1 fi -} # ---------- end of function __check_services_openbsd ---------- +} # ---------- end of function __check_services_openrc ---------- #--- FUNCTION ------------------------------------------------------------------------------------------------------- @@ -2712,8 +2719,13 @@ EOM ) if ! ${_py_exe} -c "$CHECK_PIP_VERSION_SCRIPT"; then # Upgrade pip to at least 1.2 which is when we can start using "python -m pip" - echodebug "Running '${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} pip>=${_MINIMUM_PIP_VERSION}'" - ${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} -v "pip>=${_MINIMUM_PIP_VERSION}" + if [ "${_py_version}" = "3.5" ]; then + echodebug "Running '${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} pip>=${_MINIMUM_PIP_VERSION},<21.0'" + ${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} -v "pip>=${_MINIMUM_PIP_VERSION},<21.0" + else + echodebug "Running '${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} pip>=${_MINIMUM_PIP_VERSION}'" + ${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} -v "pip>=${_MINIMUM_PIP_VERSION}" + fi sleep 1 echodebug "PATH: ${PATH}" _pip_cmd="pip${_py_version}" @@ -2732,9 +2744,14 @@ EOM echodebug "Installed pip version: $(${_pip_cmd} --version)" fi - # We also lock setuptools to <45 which is the latest release to support both py2 and py3 - echodebug "Running '${_pip_cmd} install wheel setuptools>=${_MINIMUM_SETUPTOOLS_VERSION},<45'" - ${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} wheel "setuptools>=${_MINIMUM_SETUPTOOLS_VERSION},<45" + _setuptools_dep="setuptools>=${_MINIMUM_SETUPTOOLS_VERSION}" + if [ "$_PY_MAJOR_VERSION" -eq 2 ]; then + # We also lock setuptools to <45 which is the latest release to support both py2 and py3 + _setuptools_dep="${_setuptools_dep},<45" + fi + + echodebug "Running '${_pip_cmd} install wheel ${_setuptools_dep}'" + ${_pip_cmd} install ${_POST_NEON_PIP_INSTALL_ARGS} wheel "${_setuptools_dep}" echoinfo "Installing salt using ${_py_exe}" cd "${_SALT_GIT_CHECKOUT_DIR}" || return 1 @@ -2899,12 +2916,12 @@ __enable_universe_repository() { } __install_saltstack_ubuntu_repository() { - # Workaround for latest non-LTS ubuntu - if [ "$DISTRO_MAJOR_VERSION" -eq 19 ] || \ - { [ "$DISTRO_MAJOR_VERSION" -eq 18 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; }; then + # Workaround for latest non-LTS Ubuntu + if { [ "$DISTRO_MAJOR_VERSION" -eq 20 ] && [ "$DISTRO_MINOR_VERSION" -eq 10 ]; } || \ + { [ "$DISTRO_MAJOR_VERSION" -eq 21 ] && [ "$DISTRO_MINOR_VERSION" -eq 04 ]; }; then echowarn "Non-LTS Ubuntu detected, but stable packages requested. Trying packages for previous LTS release. You may experience problems." - UBUNTU_VERSION=18.04 - UBUNTU_CODENAME="bionic" + UBUNTU_VERSION=20.04 + UBUNTU_CODENAME="focal" else UBUNTU_VERSION=${DISTRO_VERSION} UBUNTU_CODENAME=${DISTRO_CODENAME} @@ -2933,9 +2950,9 @@ __install_saltstack_ubuntu_repository() { # SaltStack's stable Ubuntu repository: SALTSTACK_UBUNTU_URL="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/ubuntu/${UBUNTU_VERSION}/${__REPO_ARCH}/${STABLE_REV}" - echo "$__REPO_ARCH_DEB $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > /etc/apt/sources.list.d/saltstack.list + echo "$__REPO_ARCH_DEB $SALTSTACK_UBUNTU_URL $UBUNTU_CODENAME main" > /etc/apt/sources.list.d/salt.list - __apt_key_fetch "$SALTSTACK_UBUNTU_URL/SALTSTACK-GPG-KEY.pub" || return 1 + __apt_key_fetch "$SALTSTACK_UBUNTU_URL/salt-archive-keyring.gpg" || return 1 __wait_for_apt apt-get update || return 1 } @@ -3004,15 +3021,6 @@ install_ubuntu_stable_deps() { _SLEEP=10 fi - if [ "$DISTRO_MAJOR_VERSION" -ge 20 ]; then - # Default Ubuntu 20.04 to Py3 - if [ "x${_PY_EXE}" = "x" ]; then - _PY_EXE=python3 - _PY_MAJOR_VERSION=3 - PY_PKG_VER=3 - fi - fi - if [ $_START_DAEMONS -eq $BS_FALSE ]; then echowarn "Not starting daemons on Debian based distributions is not working mostly because starting them is the default behaviour." fi @@ -3024,8 +3032,12 @@ install_ubuntu_stable_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && - apt-key update && apt-get update || return 1 + if [ "$DISTRO_MAJOR_VERSION" -ge 20 ] || [ "$DISTRO_MAJOR_VERSION" -ge 21 ]; then + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 + else + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && + apt-key update && apt-get update || return 1 + fi fi __apt_get_upgrade_noinput || return 1 @@ -3082,11 +3094,7 @@ install_ubuntu_git_deps() { __PACKAGES="${__PACKAGES} python3-setuptools" else # There is no m2crypto package for Py3 at this time - only install for Py2 - if [ $DISTRO_CODENAME == "focal" ]; then - __PACKAGES="${__PACKAGES} python3-m2crypto" - else __PACKAGES="${__PACKAGES} python-m2crypto" - fi fi __PACKAGES="${__PACKAGES} python${PY_PKG_VER}-crypto python${PY_PKG_VER}-jinja2" @@ -3341,8 +3349,17 @@ install_ubuntu_check_services() { # Debian Install Functions # __install_saltstack_debian_repository() { - DEBIAN_RELEASE="$DISTRO_MAJOR_VERSION" - DEBIAN_CODENAME="$DISTRO_CODENAME" + if [ "$DISTRO_MAJOR_VERSION" -eq 11 ]; then + # Packages for Debian 11 at repo.saltproject.io are not yet available + # Set up repository for Debian 10 for Debian 11 for now until support + # is available at repo.saltproject.io for Debian 11. + echowarn "Debian 11 distribution detected, but stable packages requested. Trying packages from Debian 10. You may experience problems." + DEBIAN_RELEASE="10" + DEBIAN_CODENAME="buster" + else + DEBIAN_RELEASE="$DISTRO_MAJOR_VERSION" + DEBIAN_CODENAME="$DISTRO_CODENAME" + fi __PY_VERSION_REPO="apt" if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then @@ -3367,9 +3384,9 @@ __install_saltstack_debian_repository() { # amd64 is just a part of repository URI, 32-bit pkgs are hosted under the same location SALTSTACK_DEBIAN_URL="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/debian/${DEBIAN_RELEASE}/${__REPO_ARCH}/${STABLE_REV}" - echo "$__REPO_ARCH_DEB $SALTSTACK_DEBIAN_URL $DEBIAN_CODENAME main" > "/etc/apt/sources.list.d/saltstack.list" + echo "$__REPO_ARCH_DEB $SALTSTACK_DEBIAN_URL $DEBIAN_CODENAME main" > "/etc/apt/sources.list.d/salt.list" - __apt_key_fetch "$SALTSTACK_DEBIAN_URL/SALTSTACK-GPG-KEY.pub" || return 1 + __apt_key_fetch "$SALTSTACK_DEBIAN_URL/salt-archive-keyring.gpg" || return 1 __wait_for_apt apt-get update || return 1 } @@ -3387,22 +3404,17 @@ install_debian_deps() { if [ "${_UPGRADE_SYS}" -eq $BS_TRUE ]; then # Try to update GPG keys first if allowed if [ "${_INSECURE_DL}" -eq $BS_TRUE ]; then - __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && - apt-key update && apt-get update || return 1 + if [ "$DISTRO_MAJOR_VERSION" -ge 10 ]; then + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && apt-get update || return 1 + else + __apt_get_install_noinput --allow-unauthenticated debian-archive-keyring && + apt-key update && apt-get update || return 1 + fi fi __apt_get_upgrade_noinput || return 1 fi - if [ "$DISTRO_MAJOR_VERSION" -ge 10 ]; then - # Default Debian 10 to Py3 - if [ "x${_PY_EXE}" = "x" ]; then - _PY_EXE=python3 - _PY_MAJOR_VERSION=3 - PY_PKG_VER=3 - fi - fi - if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then PY_PKG_VER=3 else @@ -4109,7 +4121,7 @@ __install_saltstack_rhel_repository() { # Instead, this should work correctly on all RHEL variants. base_url="${HTTP_VAL}://${_REPO_URL}/${__PY_VERSION_REPO}/redhat/${DISTRO_MAJOR_VERSION}/\$basearch/${repo_rev}/" gpg_key="SALTSTACK-GPG-KEY.pub" - repo_file="/etc/yum.repos.d/saltstack.repo" + repo_file="/etc/yum.repos.d/salt.repo" if [ ! -s "$repo_file" ] || [ "$_FORCE_OVERWRITE" -eq $BS_TRUE ]; then cat <<_eof > "$repo_file" @@ -4127,7 +4139,7 @@ _eof __rpm_import_gpg "${fetch_url}${gpg_key}" || return 1 yum clean metadata || return 1 elif [ "$repo_rev" != "latest" ]; then - echowarn "saltstack.repo already exists, ignoring salt version argument." + echowarn "salt.repo already exists, ignoring salt version argument." echowarn "Use -F (forced overwrite) to install $repo_rev." fi @@ -4139,14 +4151,6 @@ install_centos_stable_deps() { yum -y update || return 1 fi - if [ "$DISTRO_MAJOR_VERSION" -ge 8 ]; then - # CentOS/RHEL 8 Default to Py3 - if [ "x${_PY_EXE}" = "x" ]; then - _PY_EXE=python3 - _PY_MAJOR_VERSION=3 - fi - fi - if [ "$_DISABLE_REPOS" -eq "$BS_TRUE" ] && [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then echowarn "Detected -r or -R option while installing Salt packages for Python 3." echowarn "Python 3 packages for older Salt releases requires the EPEL repository to be installed." @@ -4545,6 +4549,16 @@ install_red_hat_linux_git_deps() { return 0 } +install_red_hat_enterprise_stable_deps() { + install_red_hat_linux_stable_deps || return 1 + return 0 +} + +install_red_hat_enterprise_git_deps() { + install_red_hat_linux_git_deps || return 1 + return 0 +} + install_red_hat_enterprise_linux_stable_deps() { install_red_hat_linux_stable_deps || return 1 return 0 @@ -4585,6 +4599,16 @@ install_red_hat_linux_git() { return 0 } +install_red_hat_enterprise_stable() { + install_red_hat_linux_stable || return 1 + return 0 +} + +install_red_hat_enterprise_git() { + install_red_hat_linux_git || return 1 + return 0 +} + install_red_hat_enterprise_linux_stable() { install_red_hat_linux_stable || return 1 return 0 @@ -4630,6 +4654,21 @@ install_red_hat_linux_git_post() { return 0 } +install_red_hat_enterprise_stable_post() { + install_red_hat_linux_stable_post || return 1 + return 0 +} + +install_red_hat_enterprise_restart_daemons() { + install_red_hat_linux_restart_daemons || return 1 + return 0 +} + +install_red_hat_enterprise_git_post() { + install_red_hat_linux_git_post || return 1 + return 0 +} + install_red_hat_enterprise_linux_stable_post() { install_red_hat_linux_stable_post || return 1 return 0 @@ -4690,6 +4729,21 @@ install_red_hat_linux_testing_post() { return 0 } +install_red_hat_enterprise_testing_deps() { + install_centos_testing_deps || return 1 + return 0 +} + +install_red_hat_enterprise_testing() { + install_centos_testing || return 1 + return 0 +} + +install_red_hat_enterprise_testing_post() { + install_centos_testing_post || return 1 + return 0 +} + install_red_hat_enterprise_server_testing_deps() { install_centos_testing_deps || return 1 return 0 @@ -5061,7 +5115,7 @@ install_alpine_linux_check_services() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - __check_services_alpine salt-$fname || return 1 + __check_services_openrc salt-$fname || return 1 done return 0 @@ -5134,7 +5188,7 @@ install_amazon_linux_ami_deps() { fi if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __REPO_FILENAME="saltstack-repo.repo" + __REPO_FILENAME="salt.repo" # Set a few vars to make life easier. if [ $_USEAWS -eq $BS_TRUE ]; then @@ -5369,13 +5423,13 @@ install_amazon_linux_ami_2_deps() { fi if [ $_DISABLE_REPOS -eq $BS_FALSE ] || [ "$_CUSTOM_REPO_URL" != "null" ]; then - __REPO_FILENAME="saltstack-repo.repo" + __REPO_FILENAME="salt.repo" __PY_VERSION_REPO="yum" PY_PKG_VER="" repo_label="saltstack-repo" repo_name="SaltStack repo for Amazon Linux 2" if [ -n "$_PY_EXE" ] && [ "$_PY_MAJOR_VERSION" -eq 3 ]; then - __REPO_FILENAME="saltstack-py3-repo.repo" + __REPO_FILENAME="salt.repo" __PY_VERSION_REPO="py3" PY_PKG_VER=3 repo_label="saltstack-py3-repo" @@ -5564,7 +5618,7 @@ install_arch_linux_git_deps() { if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then pacman -R --noconfirm python2-distribute pacman -Su --noconfirm --needed python2-crypto python2-setuptools python2-jinja \ - python2-m2crypto python2-futures python2-markupsafe python2-msgpack python2-psutil \ + python2-m2crypto python2-markupsafe python2-msgpack python2-psutil \ python2-pyzmq zeromq python2-requests python2-systemd || return 1 if [ -f "${_SALT_GIT_CHECKOUT_DIR}/requirements/base.txt" ]; then @@ -5606,7 +5660,7 @@ install_arch_linux_stable() { pacman -S --noconfirm --needed bash || return 1 pacman -Su --noconfirm || return 1 # We can now resume regular salt update - pacman -Syu --noconfirm salt python2-futures || return 1 + pacman -Syu --noconfirm salt || return 1 return 0 } @@ -5750,6 +5804,8 @@ install_arch_check_services() { # Using a separate conf step to head for idempotent install... __configure_freebsd_pkg_details() { _SALT_ETC_DIR="/usr/local/etc/salt" + _PKI_DIR=${_SALT_ETC_DIR}/pki + _POST_NEON_PIP_INSTALL_ARGS="--prefix=/usr/local" } install_freebsd_deps() { @@ -5767,13 +5823,15 @@ install_freebsd_git_deps() { if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then - SALT_DEPENDENCIES=$(/usr/local/sbin/pkg rquery %dn py37-salt) + SALT_DEPENDENCIES=$(/usr/local/sbin/pkg rquery %dn py38-salt) # shellcheck disable=SC2086 /usr/local/sbin/pkg install -y ${SALT_DEPENDENCIES} python || return 1 - /usr/local/sbin/pkg install -y py37-requests || return 1 + /usr/local/sbin/pkg install -y py38-requests || return 1 + /usr/local/sbin/pkg install -y py38-tornado4 || return 1 + else - /usr/local/sbin/pkg install -y python python-pip python-setuptools || return 1 + /usr/local/sbin/pkg install -y python py38-pip py38-setuptools libzmq4 libunwind || return 1 fi echodebug "Adapting paths to FreeBSD" @@ -5819,7 +5877,7 @@ install_freebsd_stable() { # installing latest version of salt from FreeBSD CURRENT ports repo # # shellcheck disable=SC2086 - /usr/local/sbin/pkg install -y py37-salt || return 1 + /usr/local/sbin/pkg install -y py38-salt || return 1 return 0 } @@ -5832,6 +5890,13 @@ install_freebsd_git() { if [ "${_POST_NEON_INSTALL}" -eq $BS_TRUE ]; then __install_salt_from_repo_post_neon "${__PYTHON_PATH}" || return 1 + for script in salt_api salt_master salt_minion salt_proxy salt_syndic; do + __fetch_url "/usr/local/etc/rc.d/${script}" "https://raw.githubusercontent.com/freebsd/freebsd-ports/master/sysutils/py-salt/files/${script}.in" || return 1 + sed -i '' 's/%%PREFIX%%/\/usr\/local/g' /usr/local/etc/rc.d/${script} + sed -i '' "s/%%PYTHON_CMD%%/${__ESCAPED_PYTHON_PATH}/g" /usr/local/etc/rc.d/${script} + chmod +x /usr/local/etc/rc.d/${script} || return 1 + done + return 0 fi @@ -6248,7 +6313,7 @@ __set_suse_pkg_repo() { suse_pkg_url_base="https://download.opensuse.org/repositories/systemsmanagement:/saltstack" suse_pkg_url_path="${DISTRO_REPO}/systemsmanagement:saltstack.repo" else - suse_pkg_url_base="${HTTP_VAL}://repo.saltstack.com/opensuse" + suse_pkg_url_base="${HTTP_VAL}://repo.saltproject.io/opensuse" suse_pkg_url_path="${DISTRO_REPO}/systemsmanagement:saltstack:products.repo" fi SUSE_PKG_URL="$suse_pkg_url_base/$suse_pkg_url_path" @@ -6385,6 +6450,9 @@ install_opensuse_git_deps() { if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then __PACKAGES="${__PACKAGES} python-apache-libcloud" fi + # Check for Tumbleweed + elif [ "${DISTRO_MAJOR_VERSION}" -ge 20210101 ]; then + __PACKAGES="python3-pip" else __PACKAGES="python-pip python-setuptools gcc" fi @@ -6466,7 +6534,7 @@ install_opensuse_git_post() { [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - if [ -f /bin/systemctl ]; then + if command -v systemctl; then use_usr_lib=$BS_FALSE if [ "${DISTRO_MAJOR_VERSION}" -ge 15 ]; then @@ -6949,26 +7017,37 @@ install_suse_check_services() { # Gentoo Install Functions. # __autounmask() { - emerge --autounmask-write --autounmask-only "${@}"; return $? -} - -__emerge() { - if [ "$_GENTOO_USE_BINHOST" -eq $BS_TRUE ]; then - emerge --getbinpkg "${@}"; return $? - fi - emerge "${@}"; return $? -} - -__gentoo_config_protection() { - # usually it's a good thing to have config files protected by portage, but + # Unmask package(s) and accept changes + # + # Usually it's a good thing to have config files protected by portage, but # in this case this would require to interrupt the bootstrapping script at # this point, manually merge the changes using etc-update/dispatch-conf/ # cfg-update and then restart the bootstrapping script, so instead we allow # at this point to modify certain config files directly - export CONFIG_PROTECT_MASK="${CONFIG_PROTECT_MASK:-} /etc/portage/package.accept_keywords /etc/portage/package.keywords /etc/portage/package.license /etc/portage/package.unmask /etc/portage/package.use" + export CONFIG_PROTECT_MASK="${CONFIG_PROTECT_MASK:-} + /etc/portage/package.accept_keywords + /etc/portage/package.keywords + /etc/portage/package.license + /etc/portage/package.unmask + /etc/portage/package.use" + emerge --autounmask --autounmask-continue --autounmask-only --autounmask-write "${@}"; return $? +} - # emerge currently won't write to files that aren't there, so we need to ensure their presence - touch /etc/portage/package.accept_keywords /etc/portage/package.keywords /etc/portage/package.license /etc/portage/package.unmask /etc/portage/package.use +__emerge() { + EMERGE_FLAGS='-q' + if [ "$_ECHO_DEBUG" -eq $BS_TRUE ]; then + EMERGE_FLAGS='-v' + fi + + # Do not re-emerge packages that are already installed + EMERGE_FLAGS="${EMERGE_FLAGS} --noreplace" + + if [ "$_GENTOO_USE_BINHOST" -eq $BS_TRUE ]; then + EMERGE_FLAGS="${EMERGE_FLAGS} --getbinpkg" + fi + + # shellcheck disable=SC2086 + emerge ${EMERGE_FLAGS} "${@}"; return $? } __gentoo_pre_dep() { @@ -6988,52 +7067,152 @@ __gentoo_pre_dep() { if [ ! -d /etc/portage ]; then mkdir /etc/portage fi + + # Enable Python 3.6 target for pre Neon Salt release + if echo "${STABLE_REV}" | grep -q "2019" || [ "${ITYPE}" = "git" ] && [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then + EXTRA_PYTHON_TARGET=python3_6 + fi + + # Enable Python 3.7 target for Salt Neon using GIT + if [ "${ITYPE}" = "git" ] && [ "${GIT_REV}" = "v3000" ]; then + EXTRA_PYTHON_TARGET=python3_7 + fi + + if [ -n "${EXTRA_PYTHON_TARGET:-}" ]; then + if ! emerge --info | sed 's/.*\(PYTHON_TARGETS="[^"]*"\).*/\1/' | grep -q "${EXTRA_PYTHON_TARGET}" ; then + echo "PYTHON_TARGETS=\"\${PYTHON_TARGETS} ${EXTRA_PYTHON_TARGET}\"" >> /etc/portage/make.conf + emerge --deep --with-bdeps=y --newuse --quiet @world + fi + fi } __gentoo_post_dep() { - # ensures dev-lib/crypto++ compiles happily - __emerge --oneshot 'sys-devel/libtool' - # the -o option asks it to emerge the deps but not the package. - __gentoo_config_protection - - if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then - __autounmask 'dev-python/libcloud' - __emerge -v 'dev-python/libcloud' - fi - - __autounmask 'dev-python/requests' - __autounmask 'app-admin/salt' - - __emerge -vo 'dev-python/requests' - __emerge -vo 'app-admin/salt' - if [ "${_EXTRA_PACKAGES}" != "" ]; then echoinfo "Installing the following extra packages as requested: ${_EXTRA_PACKAGES}" # shellcheck disable=SC2086 __autounmask ${_EXTRA_PACKAGES} || return 1 # shellcheck disable=SC2086 - __emerge -v ${_EXTRA_PACKAGES} || return 1 + __emerge ${_EXTRA_PACKAGES} || return 1 fi + + return 0 } install_gentoo_deps() { __gentoo_pre_dep || return 1 + + # Make sure that the 'libcloud' use flag is set when Salt Cloud support is requested + if [ "$_INSTALL_CLOUD" -eq $BS_TRUE ]; then + SALT_USE_FILE='/etc/portage/package.use' + if [ -d '/etc/portage/package.use' ]; then + SALT_USE_FILE='/etc/portage/package.use/salt' + fi + + SALT_USE_FLAGS="$(grep -E '^[<>=~]*app-admin/salt.*' ${SALT_USE_FILE} 2>/dev/null)" + SALT_USE_FLAG_LIBCLOUD="$(echo "${SALT_USE_FLAGS}" | grep ' libcloud' 2>/dev/null)" + + # Set the libcloud use flag, if it is not set yet + if [ -z "${SALT_USE_FLAGS}" ]; then + echo "app-admin/salt libcloud" >> ${SALT_USE_FILE} + elif [ -z "${SALT_USE_FLAG_LIBCLOUD}" ]; then + sed 's#^\([<>=~]*app-admin/salt[^ ]*\)\(.*\)#\1 libcloud\2#g' -i ${SALT_USE_FILE} + fi + fi + __gentoo_post_dep || return 1 } install_gentoo_git_deps() { __gentoo_pre_dep || return 1 + + # Install pip if it does not exist + if ! __check_command_exists pip ; then + GENTOO_GIT_PACKAGES="${GENTOO_GIT_PACKAGES:-} dev-python/pip" + fi + + # Install GIT if it does not exist + if ! __check_command_exists git ; then + GENTOO_GIT_PACKAGES="${GENTOO_GIT_PACKAGES:-} dev-vcs/git" + fi + + # Salt <3000 does not automatically install dependencies. It has to be done manually. + if [ "${_POST_NEON_INSTALL}" -eq $BS_FALSE ]; then + GENTOO_GIT_PACKAGES="${GENTOO_GIT_PACKAGES:-} + sys-apps/pciutils + dev-python/pyyaml + dev-python/pyzmq + dev-python/libnacl + dev-python/pycryptodome + dev-python/py + dev-python/requests + /dev/null 2>&1 || ( + systemctl preset salt-$fname.service > /dev/null 2>&1 && + systemctl enable salt-$fname.service > /dev/null 2>&1 + ) else - rc-update add salt-$fname default - /etc/init.d/salt-$fname start + # Salt minion cannot start in a docker container because the "net" service is not available + if [ $fname = "minion" ] && [ -f /.dockerenv ]; then + sed '/need net/d' -i /etc/init.d/salt-$fname + fi + + rc-update add "salt-$fname" > /dev/null 2>&1 || return 1 fi done } +install_gentoo_git_post() { + for fname in api master minion syndic; do + # Skip if not meant to be installed + [ $fname = "api" ] && \ + ([ "$_INSTALL_MASTER" -eq $BS_FALSE ] || ! __check_command_exists "salt-${fname}") && continue + [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue + [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + + if __check_command_exists systemctl ; then + __copyfile "${_SALT_GIT_CHECKOUT_DIR}/pkg/salt-${fname}.service" "/lib/systemd/system/salt-${fname}.service" + + # Skip salt-api since the service should be opt-in and not necessarily started on boot + [ $fname = "api" ] && continue + + systemctl is-enabled salt-$fname.service > /dev/null 2>&1 || ( + systemctl preset salt-$fname.service > /dev/null 2>&1 && + systemctl enable salt-$fname.service > /dev/null 2>&1 + ) + else + cat <<_eof > "/etc/init.d/salt-${fname}" +#!/sbin/openrc-run +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +command="/usr/bin/salt-${fname}" +command_args="\${SALT_OPTS}" +command_background="1" +pidfile="/var/run/salt-${fname}.pid" +name="SALT ${fname} daemon" +retry="20" + +depend() { + use net logger +} +_eof + chmod +x /etc/init.d/salt-$fname + + cat <<_eof > "/etc/conf.d/salt-${fname}" +# /etc/conf.d/salt-${fname}: config file for /etc/init.d/salt-master + +# see man pages for salt-${fname} or run 'salt-${fname} --help' +# for valid cmdline options +SALT_OPTS="--log-level=warning" +_eof + + # Skip salt-api since the service should be opt-in and not necessarily started on boot + [ $fname = "api" ] && continue + + rc-update add "salt-$fname" > /dev/null 2>&1 || return 1 + fi + done + + return 0 +} + install_gentoo_restart_daemons() { [ $_START_DAEMONS -eq $BS_FALSE ] && return - for fname in api master minion syndic; do - # Skip salt-api since the service should be opt-in and not necessarily started on boot - [ $fname = "api" ] && continue - - # Skip if not meant to be installed - [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue - [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue - [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - - if [ -d "/run/systemd/system" ]; then - systemctl stop salt-$fname > /dev/null 2>&1 - systemctl start salt-$fname.service && continue - echodebug "Failed to start salt-$fname using systemd" - if [ "$_ECHO_DEBUG" -eq $BS_TRUE ]; then - systemctl status salt-$fname.service - journalctl -xe - fi - else - /etc/init.d/salt-$fname stop > /dev/null 2>&1 - /etc/init.d/salt-$fname start - fi - done -} - -install_gentoo_check_services() { - if [ ! -d "/run/systemd/system" ]; then - # Not running systemd!? Don't check! - return 0 + # Ensure upstart configs / systemd units are loaded + if __check_command_exists systemctl ; then + systemctl daemon-reload fi for fname in api master minion syndic; do @@ -7098,7 +7314,39 @@ install_gentoo_check_services() { [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue - __check_services_systemd salt-$fname || return 1 + if __check_command_exists systemctl ; then + systemctl stop salt-$fname > /dev/null 2>&1 + systemctl start salt-$fname.service && continue + echodebug "Failed to start salt-$fname using systemd" + if [ "$_ECHO_DEBUG" -eq $BS_TRUE ]; then + systemctl status salt-$fname.service + journalctl -xe + fi + else + # Disable stdin to fix shell session hang on killing tee pipe + rc-service salt-$fname stop < /dev/null > /dev/null 2>&1 + rc-service salt-$fname start < /dev/null || return 1 + fi + done + + return 0 +} + +install_gentoo_check_services() { + for fname in api master minion syndic; do + # Skip salt-api since the service should be opt-in and not necessarily started on boot + [ $fname = "api" ] && continue + + # Skip if not meant to be installed + [ $fname = "minion" ] && [ "$_INSTALL_MINION" -eq $BS_FALSE ] && continue + [ $fname = "master" ] && [ "$_INSTALL_MASTER" -eq $BS_FALSE ] && continue + [ $fname = "syndic" ] && [ "$_INSTALL_SYNDIC" -eq $BS_FALSE ] && continue + + if __check_command_exists systemctl ; then + __check_services_systemd salt-$fname || return 1 + else + __check_services_openrc salt-$fname || return 1 + fi done return 0 @@ -7200,7 +7448,7 @@ __macosx_get_packagesite() { fi PKG="salt-${STABLE_REV}-${__PY_VERSION_REPO}-${DARWIN_ARCH}.pkg" - SALTPKGCONFURL="https://repo.saltstack.com/osx/${PKG}" + SALTPKGCONFURL="https://repo.saltproject.io/osx/${PKG}" } # Using a separate conf step to head for idempotent install... @@ -7253,7 +7501,7 @@ install_macosx_git_deps() { install_macosx_stable() { install_macosx_stable_deps || return 1 - /usr/bin/curl "${SALTPKGCONFURL}" > "/tmp/${PKG}" || return 1 + __fetch_url "/tmp/${PKG}" "${SALTPKGCONFURL}" || return 1 /usr/sbin/installer -pkg "/tmp/${PKG}" -target / || return 1