From c5d120293df57e96af46195f33d9c4a4f3630c24 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Fri, 27 Aug 2021 11:33:51 -0400
Subject: [PATCH 1/5] Initial work to add unattended option to soup

---
 salt/common/tools/sbin/soup | 91 +++++++++++++++++++++++--------------
 1 file changed, 58 insertions(+), 33 deletions(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index ce8923e90..8adabf908 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -105,17 +105,20 @@ add_common() {
 
 airgap_mounted() {
   # Let's see if the ISO is already mounted. 
-  if [ -f /tmp/soagupdate/SecurityOnion/VERSION ]; then
+  if [[ -f /tmp/soagupdate/SecurityOnion/VERSION ]]; then
     echo "The ISO is already mounted"
   else
-    echo ""
-    cat << EOF
+    if [[ -z $ISOLOC ]]; then
+      echo "This is airgap. Ask for a location."
+      echo ""
+      cat << EOF
 In order for soup to proceed, the path to the downloaded Security Onion ISO file, or the path to the CD-ROM or equivalent device containing the ISO media must be provided. 
 For example, if you have copied the new Security Onion ISO file to your home directory, then the path might look like /home/myuser/securityonion-2.x.y.iso. 
 Or, if you have burned the new ISO onto an optical disk then the path might look like /dev/cdrom.
 
 EOF
-    read -rp 'Enter the path to the new Security Onion ISO content: ' ISOLOC
+      read -rp 'Enter the path to the new Security Onion ISO content: ' ISOLOC
+    fi
     if [[ -f $ISOLOC ]]; then
       # Mounting the ISO image
       mkdir -p /tmp/soagupdate
@@ -124,23 +127,27 @@ EOF
       if [ ! -f /tmp/soagupdate/SecurityOnion/VERSION ]; then
         echo "Something went wrong trying to mount the ISO."
         echo "Ensure you verify the ISO that you downloaded."
-        exit 0
+        exit 1
       else
         echo "ISO has been mounted!"
       fi  
     elif [[ -f $ISOLOC/SecurityOnion/VERSION ]]; then
       ln -s $ISOLOC /tmp/soagupdate
       echo "Found the update content"
-    else 
+    elif [[ -b $ISOLOC ]]; then
       mkdir -p /tmp/soagupdate
       mount $ISOLOC /tmp/soagupdate
       if [ ! -f /tmp/soagupdate/SecurityOnion/VERSION ]; then
         echo "Something went wrong trying to mount the device."
         echo "Ensure you verify the ISO that you downloaded."
-        exit 0
+        exit 1
       else
         echo "Device has been mounted!"
-      fi        
+      fi
+    else
+      echo "Could not find Security Onion ISO content at ${ISOLOC}" 
+      echo "Ensure the path you entered is correct, and that you verify the ISO that you downloaded."
+      exit 1
     fi
   fi
 }
@@ -774,39 +781,22 @@ verify_latest_update_script() {
 }
 
 main() {
-  set -e
-  set +e
   trap 'check_err $?' EXIT
   
-  echo "### Preparing soup at $(date) ###"
-  while getopts ":b" opt; do
-    case "$opt" in
-      b ) # process option b
-        shift
-        BATCHSIZE=$1
-        if ! [[ "$BATCHSIZE" =~ ^[0-9]+$ ]]; then
-          echo "Batch size must be a number greater than 0."
-          exit 1
-        fi
-      ;;
-      \? ) 
-        echo "Usage: cmd [-b]"
-      ;;
-    esac
-  done
-
+  echo "Checking to see if this is an airgap install."
+  echo ""
+  check_airgap
+  if [[ $is_airgap -eq 0 && $UNATTENDED == true && -z $ISOLOC ]]; then
+    echo "Missing file argument for unattended airgap upgrade."
+  fi
   echo "Checking to see if this is a manager."
   echo ""
   require_manager
   set_minionid
-  echo "Checking to see if this is an airgap install."
-  echo ""
-  check_airgap
   echo "Found that Security Onion $INSTALLEDVERSION is currently installed."
   echo ""
   if [[ $is_airgap -eq 0 ]]; then
     # Let's mount the ISO since this is airgap
-    echo "This is airgap. Ask for a location."
     airgap_mounted
   else
     echo "Cloning Security Onion github repo into $UPDATE_DIR."
@@ -1029,7 +1019,40 @@ EOF
   echo "### soup has been served at $(date) ###"
 }
 
-cat << EOF
+while getopts ":b:f:y" opt; do
+  case ${opt} in
+    b )
+      BATCHSIZE="$OPTARG"
+      if ! [[ "$BATCHSIZE" =~ ^[0-9]+$ ]]; then
+        echo "Batch size must be a number greater than 0."
+        exit 1
+      fi
+    ;;
+    y )
+      if [[ ! -f /opt/so/state/yeselastic.txt ]]; then
+        echo "Cannot run soup in unattended mode. You must run soup manually to accept the Elastic License."
+        exit 1
+      else
+        UNATTENDED=true 
+      fi
+    ;;
+    f )
+      ISOLOC="$OPTARG"
+    ;;
+    \? ) 
+      echo "Usage: soup [-b] [-y] [-f <iso location>]"
+      exit 1
+    ;;
+    : )
+      echo "Invalid option: $OPTARG requires an argument"
+      exit 1
+    ;;
+  esac
+done
+shift $((OPTIND - 1))
+
+if [[ -z $UNATTENDED ]]; then
+  cat << EOF
 
 SOUP - Security Onion UPdater
 
@@ -1041,7 +1064,9 @@ Press Enter to continue or Ctrl-C to cancel.
 
 EOF
 
-read -r input
+  read -r input
+fi
 
+echo "### Preparing soup at $(date) ###"
 main "$@" | tee -a $SOUP_LOG
   

From ca5339341f6f39fc91f6d3e6fb089d4e71c4b5a4 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Fri, 27 Aug 2021 11:34:28 -0400
Subject: [PATCH 2/5] Fix batch size regex to disallow 0

---
 salt/common/tools/sbin/soup | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 8adabf908..60e0ce93f 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -1023,7 +1023,7 @@ while getopts ":b:f:y" opt; do
   case ${opt} in
     b )
       BATCHSIZE="$OPTARG"
-      if ! [[ "$BATCHSIZE" =~ ^[0-9]+$ ]]; then
+      if ! [[ "$BATCHSIZE" =~ ^[1-9][0-9]*$ ]]; then
         echo "Batch size must be a number greater than 0."
         exit 1
       fi

From 72859adb13b049d8e6317ae386f3fef4fb194e11 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Fri, 27 Aug 2021 15:23:01 -0400
Subject: [PATCH 3/5] Fix typo in so-checkin

---
 salt/common/tools/sbin/so-checkin | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/tools/sbin/so-checkin b/salt/common/tools/sbin/so-checkin
index c70701b71..4f0583906 100755
--- a/salt/common/tools/sbin/so-checkin
+++ b/salt/common/tools/sbin/so-checkin
@@ -17,4 +17,4 @@
 
 . /usr/sbin/so-common
 
-salt-call state.highstate -linfo 
+salt-call state.highstate -l info 

From 576c893eb3731817ecf9eb709467e6d6ab640f3a Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 1 Sep 2021 15:08:53 -0400
Subject: [PATCH 4/5] Exit on missing file argument

---
 salt/common/tools/sbin/soup | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 60e0ce93f..87fe56784 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -788,6 +788,7 @@ main() {
   check_airgap
   if [[ $is_airgap -eq 0 && $UNATTENDED == true && -z $ISOLOC ]]; then
     echo "Missing file argument for unattended airgap upgrade."
+    exit 1
   fi
   echo "Checking to see if this is a manager."
   echo ""

From 446821e9fdd657d580787e39835b2d55a368aa58 Mon Sep 17 00:00:00 2001
From: William Wernert <william.wernert@securityonionsolutions.com>
Date: Wed, 1 Sep 2021 15:11:18 -0400
Subject: [PATCH 5/5] Use exit code 0 when printing error message before
 exiting soup

---
 salt/common/tools/sbin/soup | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/salt/common/tools/sbin/soup b/salt/common/tools/sbin/soup
index 87fe56784..de26e73ea 100755
--- a/salt/common/tools/sbin/soup
+++ b/salt/common/tools/sbin/soup
@@ -127,7 +127,7 @@ EOF
       if [ ! -f /tmp/soagupdate/SecurityOnion/VERSION ]; then
         echo "Something went wrong trying to mount the ISO."
         echo "Ensure you verify the ISO that you downloaded."
-        exit 1
+        exit 0
       else
         echo "ISO has been mounted!"
       fi  
@@ -140,14 +140,14 @@ EOF
       if [ ! -f /tmp/soagupdate/SecurityOnion/VERSION ]; then
         echo "Something went wrong trying to mount the device."
         echo "Ensure you verify the ISO that you downloaded."
-        exit 1
+        exit 0
       else
         echo "Device has been mounted!"
       fi
     else
       echo "Could not find Security Onion ISO content at ${ISOLOC}" 
       echo "Ensure the path you entered is correct, and that you verify the ISO that you downloaded."
-      exit 1
+      exit 0
     fi
   fi
 }
@@ -157,7 +157,7 @@ airgap_update_dockers() {
     # Let's copy the tarball
     if [[ ! -f $AGDOCKER/registry.tar ]]; then
       echo "Unable to locate registry. Exiting"
-      exit 1
+      exit 0
     else
       echo "Stopping the registry docker"
       docker stop so-dockerregistry
@@ -631,7 +631,7 @@ upgrade_space() {
     clean_dockers
     if ! verify_upgradespace; then
       echo "There is not enough space to perform the upgrade. Please free up space and try again"
-      exit 1
+      exit 0
     fi
   else
       echo "You have enough space for upgrade. Proceeding with soup."
@@ -788,7 +788,7 @@ main() {
   check_airgap
   if [[ $is_airgap -eq 0 && $UNATTENDED == true && -z $ISOLOC ]]; then
     echo "Missing file argument for unattended airgap upgrade."
-    exit 1
+    exit 0
   fi
   echo "Checking to see if this is a manager."
   echo ""
@@ -885,7 +885,7 @@ main() {
       echo "Once the issue is resolved, run soup again."
       echo "Exiting."
       echo ""
-      exit 1
+      exit 0
     else
       echo "Salt upgrade success."
       echo ""