mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-06-29 13:48:14 +02:00
Mike Reeves
f45631af3a
During soup, so-repo-sync runs before the highstate deploys the new repodownload.conf. On the first upgrade to a kernel-aware version the on-disk config lacks the [securityonionkernel] section, so dnf aborts with "Unknown repo: 'securityonionkernel'" (set -e kills soup). Guard the kernel reposync on the section being present; the next sync after the highstate deploys it picks it up.
26 lines
1.3 KiB
Bash
Executable File
26 lines
1.3 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
|
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
|
# Elastic License 2.0.
|
|
NOROOT=1
|
|
. /usr/sbin/so-common
|
|
|
|
set -e
|
|
|
|
curl --retry 5 --retry-delay 60 -A "reposync/$(sync_options)" https://sigs.securityonion.net/checkup --output /tmp/checkup
|
|
|
|
dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionsync --download-metadata -p /nsm/repo/
|
|
createrepo /nsm/repo
|
|
|
|
# The kernel repo section is deployed to repodownload.conf by the manager highstate, which
|
|
# runs AFTER this script during soup. On the first upgrade to a kernel-aware version the
|
|
# on-disk config still predates the section, so guard on its presence to avoid dnf's
|
|
# "Unknown repo: 'securityonionkernel'" aborting the sync (set -e). The next sync after the
|
|
# highstate deploys the section will pick it up.
|
|
if grep -q '^\[securityonionkernel\]' /opt/so/conf/reposync/repodownload.conf; then
|
|
dnf reposync --norepopath -g --delete -m -c /opt/so/conf/reposync/repodownload.conf --repoid=securityonionkernel --download-metadata -p /nsm/kernelrepo/
|
|
createrepo /nsm/kernelrepo
|
|
fi
|