From f85dd910a302bad9515390d99d7929fe8106fe3c Mon Sep 17 00:00:00 2001
From: m0duspwnens <josh.patterson@securityonionsolutions.com>
Date: Mon, 2 Oct 2023 11:13:08 -0400
Subject: [PATCH] hold openssl from update during setup

---
 salt/common/packages.sls | 2 ++
 setup/so-functions       | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/salt/common/packages.sls b/salt/common/packages.sls
index a4a32f15f..0bf8616be 100644
--- a/salt/common/packages.sls
+++ b/salt/common/packages.sls
@@ -47,6 +47,8 @@ python-rich:
 
 {% if GLOBALS.os_family == 'RedHat' %}
 
+# holding these since openssl-devel-1:3.0.7-16.0.1.el9_2 seems to be a requirement for mariadb-devel-3:10.5.16-2.el9_0
+# https://github.com/Security-Onion-Solutions/securityonion/discussions/11443
 holdversion_openssl:
   pkg.held:
     - name: openssl
diff --git a/setup/so-functions b/setup/so-functions
index 679142e2a..26e1b2dab 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -2443,7 +2443,8 @@ update_sudoers_for_testing() {
 update_packages() {
 	if [[ $is_oracle ]]; then
 		logCmd "dnf repolist"
-		logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*"
+		# holding openssl https://github.com/Security-Onion-Solutions/securityonion/discussions/11443
+		logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*,openssl*"
 		RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo")
 		info "Removing repo files added by oracle-repos package update"
 		for FILE in ${RMREPOFILES[@]}; do