CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

handle salt for r9 and c9

Browse Source
This commit is contained in:
m0duspwnens
2023-10-19 11:12:20 -04:00
parent 02e22c87e8
commit c5610edd83
3 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
salt/manager/tools/sbin/soup
View File

@@ -620,6 +620,7 @@ upgrade_check_salt() {
if [ "$INSTALLEDSALTVERSION" == "$NEWSALTVERSION" ]; then
echo "You are already running the correct version of Salt for Security Onion."
else
echo "Salt needs to be upgraded to $NEWSALTVERSION."
UPGRADESALT=1
fi
}
@@ -629,16 +630,23 @@ upgrade_salt() {
echo "Performing upgrade of Salt from $INSTALLEDSALTVERSION to $NEWSALTVERSION."
echo ""
# If Oracle Linux
if [[ $OS == 'oel' ]]; then
if [[ $OS == 'oel' || $OS == 'centos' || $OS == 'rocky' ||]]; then
echo "Removing yum versionlock for Salt."
echo ""
yum versionlock delete "salt-*"
echo "Updating Salt packages."
echo ""
set +e
if [[ $OS == 'oel' ]]; then
run_check_net_err \
"sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -X -r -F -M -x python3 stable \"$NEWSALTVERSION\"" \
"Could not update salt, please check $SOUP_LOG for details."
# if rocky or centos we want to run without -r to allow the bootstrap script to manage repos
else
run_check_net_err \
"sh $UPDATE_DIR/salt/salt/scripts/bootstrap-salt.sh -X -F -M -x python3 stable \"$NEWSALTVERSION\"" \
"Could not update salt, please check $SOUP_LOG for details."
fi
set -e
echo "Applying yum versionlock for Salt."
echo ""

7
salt/salt/scripts/bootstrap-salt.sh
View File

@@ -617,13 +617,6 @@ if [ "$(echo "$ITYPE" | grep stable)" = "" ]; then
exit 1
fi
# We want to require this script to only run with -r. We dont want to accidentally try to install from another repo
# and we dont want to put salt.repo in /etc/yum.repos.d/
if [ "$_DISABLE_REPOS" -eq $BS_FALSE ];then
echoerror "This script has been modified to required the usage of the -r flag which disables this script from using its own repos..."
exit 1
fi
# If doing a git install, check what branch/tag/sha will be checked out
if [ "$ITYPE" = "git" ]; then
if [ "$#" -eq 0 ];then

3
setup/so-functions
View File

@@ -1972,6 +1972,7 @@ securityonion_repo() {
}
repo_sync_local() {
SALTVERSION=$(egrep 'version: [0-9]{4}' ../salt/salt/master.defaults.yaml | sed 's/^.*version: //')
info "Repo Sync"
if [[ $is_supported ]]; then
# Sync the repo from the the SO repo locally.
@@ -2021,7 +2022,7 @@ repo_sync_local() {
curl -fsSL https://repo.securityonion.net/file/so-repo/prod/2.4/so/so.repo | tee /etc/yum.repos.d/so.repo
rpm --import https://repo.saltproject.io/salt/py3/redhat/9/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub
dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
curl -fsSL https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/3006.1.repo | tee /etc/yum.repos.d/salt.repo
curl -fsSL "https://repo.saltproject.io/salt/py3/redhat/9/x86_64/minor/$SALTVERSION.repo" | tee /etc/yum.repos.d/salt.repo
dnf repolist
curl --retry 5 --retry-delay 60 -A "netinstall/$SOVERSION/$OS/$(uname -r)/1" https://sigs.securityonion.net/checkup --output /tmp/install
else