CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

handle salt for r9 and c9

Browse Source
This commit is contained in:
m0duspwnens
2023-10-19 11:12:20 -04:00
parent 02e22c87e8
commit c5610edd83
3 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
salt/manager/tools/sbin/soup
View File

@@ -620,6 +620,7 @@ upgrade_check_salt() {
if [ "$INSTALLEDSALTVERSION" == "$NEWSALTVERSION" ]; then if [ "$INSTALLEDSALTVERSION" == "$NEWSALTVERSION" ]; then
echo "You are already running the correct version of Salt for Security Onion." echo "You are already running the correct version of Salt for Security Onion."
else else
echo "Salt needs to be upgraded to $NEWSALTVERSION."
UPGRADESALT=1 UPGRADESALT=1
fi fi
} }
@@ -629,16 +630,23 @@ upgrade_salt() {
echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION." echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION."
echo "" echo ""
# If Oracle Linux # If Oracle Linux
if [[ $OS == 'oel' ]]; then if [[ $OS == 'oel' || $OS == 'centos' || $OS == 'rocky' ||]]; then
echo "Removing yum versionlock for Salt." echo "Removing yum versionlock for Salt."
echo "" echo ""
yum versionlock delete "salt-*" yum versionlock delete "salt-*"
echo "Updating Salt packages." echo "Updating Salt packages."
echo "" echo ""
set +e set +e
run_check_net_err \ if [[ $OS == 'oel' ]]; then
"sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -X -r -F -M -x python3 stable \"$NEWSALTVERSION\"" \ run_check_net_err \
"Could not update salt, please check $SOUP_LOG for details." "sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -X -r -F -M -x python3 stable \"$NEWSALTVERSION\"" \
"Could not update salt, please check $SOUP_LOG for details."
# if rocky or centos we want to run without -r to allow the bootstrap script to manage repos
else
run_check_net_err \
"sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -X -F -M -x python3 stable \"$NEWSALTVERSION\"" \
"Could not update salt, please check $SOUP_LOG for details."
fi
set -e set -e
echo "Applying yum versionlock for Salt." echo "Applying yum versionlock for Salt."
echo "" echo ""

7
salt/salt/scripts/bootstrap-salt.sh
View File

@@ -617,13 +617,6 @@ if [ "$(echo "$ITYPE" | grep stable)" = "" ]; then
exit 1 exit 1
fi fi
# We want to require this script to only run with -r. We dont want to accidentally try to install from another repo
# and we dont want to put salt.repo in /etc/yum.repos.d/
if [ "$_DISABLE_REPOS" -eq $BS_FALSE ];then
echoerror "This script has been modified to required the usage of the -r flag which disables this script from using its own repos..."
exit 1
fi
# If doing a git install, check what branch/tag/sha will be checked out # If doing a git install, check what branch/tag/sha will be checked out
if [ "$ITYPE" = "git" ]; then if [ "$ITYPE" = "git" ]; then
if [ "$#" -eq 0 ];then if [ "$#" -eq 0 ];then

3
setup/so-functions
View File

@@ -1972,6 +1972,7 @@ securityonion_repo() {
} }
repo_sync_local() { repo_sync_local() {
SALTVERSION=$(egrep 'version: [0-9]{4}' ../salt/salt/master.defaults.yaml | sed 's/^.*version: //')
info "Repo Sync" info "Repo Sync"
if [[ $is_supported ]]; then if [[ $is_supported ]]; then
# Sync the repo from the the SO repo locally. # Sync the repo from the the SO repo locally.
@@ -2021,7 +2022,7 @@ repo_sync_local() {
curl -fsSL https://repo.securityonion.net/file/so-repo/prod/2.4/so/so.repo | tee /etc/yum.repos.d/so.repo curl -fsSL https://repo.securityonion.net/file/so-repo/prod/2.4/so/so.repo | tee /etc/yum.repos.d/so.repo
rpm --import https://repo.saltproject.io/salt/py3/redhat/9/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub rpm --import https://repo.saltproject.io/salt/py3/redhat/9/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub
dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo curl -fsSL "https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/$SALTVERSION.repo" | tee /etc/yum.repos.d/salt.repo
dnf repolist dnf repolist
curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install
else else