securityonion-sostat: block bad docker packages Security-Onion-Soluti…

…ons/security-onion#1652
Security-Onion-Solutions · Oct 15, 2019 · a0d14ac · a0d14ac
1 parent 63820c2
commit a0d14ac
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 0 deletions.
diff --git a/debian/changelog b/debian/changelog
@@ -1,3 +1,9 @@
+securityonion-sostat (20120722-0ubuntu0securityonion131) xenial; urgency=medium
+
+  * securityonion-sostat: block bad docker packages #1652 
+
+ -- Doug Burks <[email protected]>  Tue, 15 Oct 2019 11:38:50 -0400
+
 securityonion-sostat (20120722-0ubuntu0securityonion130) xenial; urgency=medium
 
   * securityonion-sostat: update Elastic verbiage for when components are not running Security-Onion-Solutions/security-onion#1633 

diff --git a/debian/install b/debian/install
@@ -1 +1,2 @@
 bin/* usr/sbin
+preferences.d/ etc/apt/preferences.d
diff --git a/debian/patches/securityonion-sostat:-block-bad-docker-packages-#1652 b/debian/patches/securityonion-sostat:-block-bad-docker-packages-#1652
@@ -0,0 +1,35 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-sostat (20120722-0ubuntu0securityonion131) xenial; urgency=medium
+ .
+   * securityonion-sostat: block bad docker packages #1652
+Author: Doug Burks <[email protected]>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- /dev/null
++++ securityonion-sostat-20120722/preferences.d/securityonion-docker-block
+@@ -0,0 +1,7 @@
++Package: docker-ce
++Pin: version 5:19.03.3~3-0~ubuntu-xenial
++Pin-Priority: -1
++
++Package: docker-ce-cli
++Pin: version 5:19.03.3~3-0~ubuntu-xenial
++Pin-Priority: -1
diff --git a/debian/patches/series b/debian/patches/series
@@ -123,3 +123,4 @@ issues-1536-and-1544
 fix-spacing
 sostat:-support-elastic-auth-#1562
 securityonion-sostat:-update-Elastic-verbiage-for-when-components-are-not-running-Security-Onion-Solutionssecurity-onion#1633
+securityonion-sostat:-block-bad-docker-packages-#1652
diff --git a/debian/postinst b/debian/postinst
@@ -39,6 +39,15 @@ case "$1" in
 	# Re-apply the noninteractive setting so that soup can proceed unattended.
 	echo "debconf debconf/frontend select noninteractive" | debconf-set-selections || echo "Unable to set debconf to noninteractive!"
 
+	# Emergency check for docker issue
+	if dpkg -l |grep docker |grep -q "5:19.03.3~3-0~ubuntu-xenial"; then
+		echo "Docker 19.03.3 detected! This version has issues:"
+		echo "https://blog.securityonion.net/2019/10/docker-package-issues-please-do-not.html"
+		echo
+		echo "We recommend removing the docker-ce and docker-ce-cli packages and re-installing:"
+		echo "sudo apt purge docker-ce docker-ce-cli && sudo apt install docker-ce docker-ce-cli"
+	fi
+
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)

diff --git a/preferences.d/securityonion-docker-block b/preferences.d/securityonion-docker-block
@@ -0,0 +1,7 @@
+Package: docker-ce
+Pin: version 5:19.03.3~3-0~ubuntu-xenial
+Pin-Priority: -1
+
+Package: docker-ce-cli
+Pin: version 5:19.03.3~3-0~ubuntu-xenial
+Pin-Priority: -1
Original file line number	Diff line number	Diff line change
		@@ -1 +1,2 @@
		bin/* usr/sbin
		preferences.d/ etc/apt/preferences.d