diff --git a/salt/common/init.sls b/salt/common/init.sls index 37ea4239d6..f50f0c61b3 100644 --- a/salt/common/init.sls +++ b/salt/common/init.sls @@ -91,6 +91,7 @@ vimconfig: alwaysupdated: pkg.latest: - pkgs: + - openssl - openssh-server - bash - skip_suggestions: True diff --git a/salt/common/packages.sls b/salt/common/packages.sls index b4e97a81d8..c5d2729fdb 100644 --- a/salt/common/packages.sls +++ b/salt/common/packages.sls @@ -47,35 +47,15 @@ python-rich: {% if GLOBALS.os_family == 'RedHat' %} -# install versionlock first so we can hold packages in the next states -install_versionlock: - pkg.installed: - - name: python3-dnf-plugin-versionlock - -# holding these since openssl-devel-1:3.0.7-16.0.1.el9_2 seems to be a requirement for mariadb-devel-3:10.5.16-2.el9_0 -# https://github.com/Security-Onion-Solutions/securityonion/discussions/11443 -holdversion_openssl: - pkg.held: - - name: openssl - - version: 1:3.0.7-16.0.1.el9_2 - -holdversion_openssl-libs: - pkg.held: - - name: openssl-libs - - version: 1:3.0.7-16.0.1.el9_2 - -openssl_pkgs: - pkg.installed: - - skip_suggestions: True - - update_holds: True - - pkgs: - - openssl: 1:3.0.7-16.0.1.el9_2 - - openssl-libs: 1:3.0.7-16.0.1.el9_2 +remove_mariadb: + pkg.removed: + - name: mariadb-devel commonpkgs: pkg.installed: - skip_suggestions: True - pkgs: + - python3-dnf-plugin-versionlock - curl - device-mapper-persistent-data - fuse @@ -88,7 +68,6 @@ commonpkgs: - httpd-tools - jq - lvm2 - - mariadb-devel - net-tools - nmap-ncat - procps-ng diff --git a/salt/common/tools/sbin/so-common b/salt/common/tools/sbin/so-common index 0dfb19bbec..f754b34ef9 100755 --- a/salt/common/tools/sbin/so-common +++ b/salt/common/tools/sbin/so-common @@ -240,7 +240,7 @@ gpg_rpm_import() { else local RPMKEYSLOC="$UPDATE_DIR/salt/repo/client/files/$OS/keys" fi - RPMKEYS=('RPM-GPG-KEY-oracle' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub' 'MariaDB-Server-GPG-KEY') + RPMKEYS=('RPM-GPG-KEY-oracle' 'RPM-GPG-KEY-EPEL-9' 'SALT-PROJECT-GPG-PUBKEY-2023.pub' 'docker.pub' 'securityonion.pub') for RPMKEY in "${RPMKEYS[@]}"; do rpm --import $RPMKEYSLOC/$RPMKEY echo "Imported $RPMKEY" diff --git a/salt/mysql/config.sls b/salt/mysql/config.sls index 5f9010011f..274f25d761 100644 --- a/salt/mysql/config.sls +++ b/salt/mysql/config.sls @@ -9,7 +9,7 @@ # MySQL Setup mysqlpkgs: - pkg.installed: + pkg.removed: - skip_suggestions: False - pkgs: {% if grains['os_family'] != 'RedHat' %} diff --git a/setup/so-functions b/setup/so-functions index 243e89c99d..aad627a8df 100755 --- a/setup/so-functions +++ b/setup/so-functions @@ -2088,7 +2088,7 @@ saltify() { if [[ $waitforstate ]]; then retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION salt-master=$SALTVERSION" || fail_setup retry 150 20 "apt-mark hold salt-minion salt-common salt-master" || fail_setup - retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-mysqldb python3-packaging python3-influxdb python3-lxml" || exit 1 + retry 150 20 "apt-get -y install python3-pip python3-dateutil python3-m2crypto python3-packaging python3-influxdb python3-lxml" || exit 1 else retry 150 20 "apt-get -y install salt-common=$SALTVERSION salt-minion=$SALTVERSION" || fail_setup retry 150 20 "apt-mark hold salt-minion salt-common" || fail_setup @@ -2443,9 +2443,7 @@ update_sudoers_for_testing() { update_packages() { if [[ $is_oracle ]]; then logCmd "dnf repolist" - # holding openssl https://github.com/Security-Onion-Solutions/securityonion/discussions/11443 - logCmd "dnf -y install openssl-1:3.0.7-16.0.1.el9_2 openssl-libs-1:3.0.7-16.0.1.el9_2 openssl-devel-1:3.0.7-16.0.1.el9_2" - logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*,openssl*" + logCmd "dnf -y update --allowerasing --exclude=salt*,docker*,containerd*" RMREPOFILES=("oracle-linux-ol9.repo" "uek-ol9.repo" "virt-ol9.repo") info "Removing repo files added by oracle-repos package update" for FILE in ${RMREPOFILES[@]}; do