Merge pull request #6301 from Security-Onion-Solutions/dev

2.3.90

README.md

@@ -1,6 +1,6 @@
-## Security Onion 2.3.80
+## Security Onion 2.3.90
 
-Security Onion 2.3.80 is here!
+Security Onion 2.3.90 is here!
 
 ## Screenshots
 

VERIFY_ISO.md

@@ -1,18 +1,18 @@
-### 2.3.80 ISO image built on 2021/09/27
+### 2.3.90 ISO image built on 2021/11/19
 
 
 
 ### Download and Verify
 
-2.3.80 ISO image:  
+2.3.90 ISO image:  
-https://download.securityonion.net/file/securityonion/securityonion-2.3.80.iso
+https://download.securityonion.net/file/securityonion/securityonion-2.3.90.iso
 
-MD5: 24F38563860416F4A8ABE18746913E14  
+MD5: F214ECE9F32A6F881D9A735DEAF90E46  
-SHA1: F923C005F54EA2A17AB225ADA0DA46042707AAD9  
+SHA1: 0B04FAA0FEC704CF6AD2030AA7A4AE80D9379AFA  
-SHA256: 8E95D10AF664D9A406C168EC421D943CB23F0D0C1813C6C2DBA9B4E131984018 
+SHA256: BE0E1516D83D7782AEAE9D52449FED45A45D72981515672C761C2A17B7AA613C 
 
 Signature for ISO image:  
-https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.80.iso.sig
+https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90.iso.sig
 
 Signing key:  
 https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/master/KEYS  
@@ -26,22 +26,22 @@ wget https://raw.githubusercontent.com/Security-Onion-Solutions/securityonion/ma
 
 Download the signature file for the ISO:  
 ```
-wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.80.iso.sig
+wget https://github.com/Security-Onion-Solutions/securityonion/raw/master/sigs/securityonion-2.3.90.iso.sig
 ```
 
 Download the ISO image:  
 ```
-wget https://download.securityonion.net/file/securityonion/securityonion-2.3.80.iso
+wget https://download.securityonion.net/file/securityonion/securityonion-2.3.90.iso
 ```
 
 Verify the downloaded ISO image using the signature file:  
 ```
-gpg --verify securityonion-2.3.80.iso.sig securityonion-2.3.80.iso
+gpg --verify securityonion-2.3.90.iso.sig securityonion-2.3.90.iso
 ```
 
 The output should show "Good signature" and the Primary key fingerprint should match what's shown below:
 ```
-gpg: Signature made Mon 27 Sep 2021 08:55:01 AM EDT using RSA key ID FE507013
+gpg: Signature made Fri 19 Nov 2021 05:15:29 PM EST using RSA key ID FE507013
 gpg: Good signature from "Security Onion Solutions, LLC <info@securityonionsolutions.com>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the owner.

salt/common/tools/sbin/soup

@@ -636,6 +636,8 @@ up_to_2.3.90() {
 
   fi
 
+  sed -i -re 's/^(playbook_admin.*|playbook_automation.*)/  \1/g' /opt/so/saltstack/local/pillar/secrets.sls
+  
   INSTALLEDVERSION=2.3.90
 }
 
@@ -807,16 +809,22 @@ upgrade_to_2.3.50_repo() {
 }
 
 verify_latest_update_script() {
+  #we need to render soup and so-common first since they contain jinja
+  salt-call slsutil.renderer $UPDATE_DIR/salt/common/tools/sbin/soup default_renderer='jinja' --local --out=newline_values_only --out-indent=-4 --out-file=/tmp/soup
+  sed -i -e '$a\' /tmp/soup
+  salt-call slsutil.renderer $UPDATE_DIR/salt/common/tools/sbin/so-common default_renderer='jinja' --local --out=newline_values_only --out-indent=-4 --out-file=/tmp/so-common
+  sed -i -e '$a\' /tmp/so-common
   # Check to see if the update scripts match. If not run the new one.
-  CURRENTSOUP=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/soup | awk '{print $1}')
+  CURRENTSOUP=$(md5sum /usr/sbin/soup | awk '{print $1}')
-  GITSOUP=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/soup | awk '{print $1}')
+  GITSOUP=$(md5sum /tmp/soup | awk '{print $1}')
-  CURRENTCMN=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/so-common | awk '{print $1}')
+  CURRENTCMN=$(md5sum /usr/sbin/so-common | awk '{print $1}')
-  GITCMN=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-common | awk '{print $1}')
+  GITCMN=$(md5sum /tmp/so-common | awk '{print $1}')
-  CURRENTIMGCMN=$(md5sum /opt/so/saltstack/default/salt/common/tools/sbin/so-image-common | awk '{print $1}')
+  CURRENTIMGCMN=$(md5sum /usr/sbin/so-image-common | awk '{print $1}')
   GITIMGCMN=$(md5sum $UPDATE_DIR/salt/common/tools/sbin/so-image-common | awk '{print $1}')
 
   if [[ "$CURRENTSOUP" == "$GITSOUP" && "$CURRENTCMN" == "$GITCMN" && "$CURRENTIMGCMN" == "$GITIMGCMN" ]]; then
     echo "This version of the soup script is up to date. Proceeding."
+    rm -f /tmp/soup /tmp/so-common
   else
     echo "You are not running the latest soup version. Updating soup and its components. Might take multiple runs to complete"
     cp $UPDATE_DIR/salt/common/tools/sbin/soup $DEFAULT_SALT_DIR/salt/common/tools/sbin/
@@ -1144,4 +1152,3 @@ fi
 
 echo "### Preparing soup at $(date) ###"
 main "$@" | tee -a $SOUP_LOG
-