Closed c-bordon closed 6 months ago
The case was analyzed for both rpm and deb:
RPM doesn't support this this situation natively. The only way that would apparently solve the case would be to write a script that detects the installed version and compares it against the version that you want to install, if the new version is less than the installed one, finish the process. For this, i could use the %pre scriptlet. This validation is already done by rpm against the database, the problem is that all the steps that can be edited within the SPEC are after this validation, so it should be a custom program.
Generate a package with a series of prints in all the steps of the spec, in order to detect the values of $1. As seen below, all are after the validation that generates the downgrade. On the other hand, there is no specific $1 for the downgrade.
[root@centos8 vagrant]# rpm -q --scripts wazuh-indexer-4.3.5-1.x86_64
preinstall scriptlet (using /bin/sh):
echo -n "step: prep"
echo -n "value of \$1 -> " $1
if [ $1 = 1 ];then # Install
# Create package group
getent group wazuh-indexer > /dev/null 2>&1 || groupadd -r wazuh-indexer
if ! id wazuh-indexer &> /dev/null; then
useradd --system \
--no-create-home \
--home-dir /usr/share/wazuh-indexer \
--gid wazuh-indexer \
--shell /sbin/nologin \
--comment "wazuh-indexer user" \
wazuh-indexer > /dev/null 2>&1
fi
fi
# Stop the services to upgrade the package
if [ $1 = 2 ]; then
if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-indexer > /dev/null 2>&1; then
systemctl stop wazuh-indexer.service > /dev/null 2>&1
touch /usr/share/wazuh-indexer/wazuh-indexer.restart
# Check for SysV
elif command -v service > /dev/null 2>&1 && service wazuh-indexer status 2>/dev/null | grep "is running" > /dev/null 2>&1; then
service wazuh-indexer stop > /dev/null 2>&1
touch /usr/share/wazuh-indexer/wazuh-indexer.restart
elif [ -x /etc/init.d/wazuh-indexer ]; then
if command -v invoke-rc.d >/dev/null && invoke-rc.d --quiet wazuh-indexer status > /dev/null 2>&1; then
invoke-rc.d wazuh-indexer stop > /dev/null 2>&1
touch /usr/share/wazuh-indexer/wazuh-indexer.restart
fi
# Older Suse linux distributions do not ship with systemd
# but do not have an /etc/init.d/ directory
# this tries to stop the wazuh-indexer service on these
# as well without failing this script
elif [ -x /etc/rc.d/init.d/wazuh-indexer ] ; then
/etc/rc.d/init.d/wazuh-indexer stop > /dev/null 2>&1
touch /usr/share/wazuh-indexer/wazuh-indexer.restart
fi
fi
# -----------------------------------------------------------------------------
postinstall scriptlet (using /bin/sh):
echo -n "step: post"
echo -n "value of \$1 -> " $1
export OPENSEARCH_PATH_CONF=${OPENSEARCH_PATH_CONF:-/etc/wazuh-indexer}
if [ $1 = 1 ];then # Install
echo "wazuh-indexer hard nproc 4096" >> /etc/security/limits.conf
echo "wazuh-indexer soft nproc 4096" >> /etc/security/limits.conf
echo "wazuh-indexer hard nofile 65535" >> /etc/security/limits.conf
echo "wazuh-indexer soft nofile 65535" >> /etc/security/limits.conf
# To pick up /usr/lib/sysctl.d/wazuh-indexer.conf
if command -v systemctl > /dev/null 2>&1; then
systemctl restart systemd-sysctl > /dev/null 2>&1 || true
fi
fi
# -----------------------------------------------------------------------------
preuninstall scriptlet (using /bin/sh):
echo -n "step: preun"
echo -n "value of \$1 -> " $1
export OPENSEARCH_PATH_CONF=${OPENSEARCH_PATH_CONF:-/etc/wazuh-indexer}
if [ $1 = 0 ];then # Remove
echo -n "Stopping wazuh-indexer service..."
echo -n "step: preun inside"
echo -n "value of \$1 -> " $1
if command -v systemctl > /dev/null 2>&1 && systemctl is-active --quiet wazuh-indexer > /dev/null 2>&1; then
systemctl --no-reload stop wazuh-indexer.service > /dev/null 2>&1
# Check for SysV
elif command -v service > /dev/null 2>&1; then
service wazuh-indexer stop > /dev/null 2>&1
elif [ -x /etc/init.d/wazuh-indexer ]; then
if command -v invoke-rc.d >/dev/null; then
invoke-rc.d wazuh-indexer stop > /dev/null 2>&1
else
/etc/init.d/wazuh-indexer stop > /dev/null 2>&1
fi
elif [ -x /etc/rc.d/init.d/wazuh-indexer ] ; then
/etc/rc.d/init.d/wazuh-indexer stop > /dev/null 2>&1
else # Anything else
kill -15 `pgrep -f opensearch` > /dev/null 2>&1
fi
echo " OK"
# Check for systemd
if command -v systemctl > /dev/null 2>&1 && systemctl > /dev/null 2>&1; then
systemctl disable wazuh-indexer > /dev/null 2>&1
systemctl daemon-reload > /dev/null 2>&1
# Check for SysV
elif command -v service > /dev/null 2>&1 && command -v chkconfig > /dev/null 2>&1; then
chkconfig wazuh-indexer off > /dev/null 2>&1
chkconfig --del wazuh-indexer > /dev/null 2>&1
fi
fi
# -----------------------------------------------------------------------------
postuninstall scriptlet (using /bin/sh):
echo -n "step: postun"
echo -n "value of \$1 -> " $1
export OPENSEARCH_PATH_CONF=${OPENSEARCH_PATH_CONF:-/etc/wazuh-indexer}
if [ $1 = 0 ];then
# Cleaning limits file
sed -i '/wazuh-indexer/d' /etc/security/limits.conf
# Remove the user if it exists
if id -u wazuh-indexer > /dev/null 2>&1; then
userdel wazuh-indexer >/dev/null 2>&1
fi
# Remove the group if it exists
if command -v getent > /dev/null 2>&1 && getent group wazuh-indexer > /dev/null 2>&1; then
groupdel wazuh-indexer >/dev/null 2>&1
elif id -g wazuh-indexer > /dev/null 2>&1; then
groupdel wazuh-indexer >/dev/null 2>&1
fi
# Remove lingering folders and files
rm -rf /usr/share/wazuh-indexer
fi
# -----------------------------------------------------------------------------
posttrans scriptlet (using /bin/sh):
echo -n "step: posttrans"
echo -n "value of \$1 -> " $1
export OPENSEARCH_PATH_CONF=${OPENSEARCH_PATH_CONF:-/etc/wazuh-indexer}
if [ -f /usr/share/wazuh-indexer/wazuh-indexer.restart ]; then
echo -n "Starting wazuh-indexer service..."
rm -f /usr/share/wazuh-indexer/wazuh-indexer.restart
if command -v systemctl > /dev/null 2>&1; then
systemctl daemon-reload > /dev/null 2>&1
systemctl restart wazuh-indexer.service > /dev/null 2>&1
# Check for SysV
elif command -v service > /dev/null 2>&1; then
service wazuh-indexer restart > /dev/null 2>&1
elif [ -x /etc/init.d/wazuh-indexer ]; then
if command -v invoke-rc.d >/dev/null; then
invoke-rc.d wazuh-indexer restart > /dev/null 2>&1
else
/etc/init.d/wazuh-indexer restart > /dev/null 2>&1
fi
elif [ -x /etc/rc.d/init.d/wazuh-indexer ] ; then
/etc/rc.d/init.d/wazuh-indexer restart > /dev/null 2>&1
fi
echo " OK"
fi
if [ ! -f "/etc/wazuh-indexer"/opensearch.keystore ]; then
"/usr/share/wazuh-indexer"/bin/opensearch-keystore create
chown wazuh-indexer:wazuh-indexer "/etc/wazuh-indexer"/opensearch.keystore
chmod 660 "/etc/wazuh-indexer"/opensearch.keystore
md5sum "/etc/wazuh-indexer"/opensearch.keystore > "/etc/wazuh-indexer"/.opensearch.keystore.initial_md5sum
chown wazuh-indexer:wazuh-indexer "/etc/wazuh-indexer"/.opensearch.keystore.initial_md5sum
chmod 600 "/etc/wazuh-indexer"/.opensearch.keystore.initial_md5sum
else
chown wazuh-indexer:wazuh-indexer "/etc/wazuh-indexer"/opensearch.keystore
chmod 660 "/etc/wazuh-indexer"/opensearch.keystore
if "/usr/share/wazuh-indexer"/bin/opensearch-keystore has-passwd --silent ; then
echo "### Warning: unable to upgrade encrypted keystore" 1>&2
echo " Please run opensearch-keystore upgrade and enter password" 1>&2
else
"/usr/share/wazuh-indexer"/bin/opensearch-keystore upgrade
fi
fi
# -----------------------------------------------------------------------------
[root@centos8 vagrant]#
Install:
[root@centos8 vagrant]# yum install wazuh-indexer-4.3.5-1.x86_64.rpm
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 2:54:37 ago on Wed Jun 29 19:02:03 2022.
Dependencies resolved.
================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================
Installing:
wazuh-indexer x86_64 4.3.5-1 @commandline 361 M
Transaction Summary
================================================================================================================================================================================
Install 1 Package
Total size: 361 M
Installed size: 614 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 1/1
step: prep
value of $1 -> 1
Installing : wazuh-indexer-4.3.5-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 1/1
step: install
value of $1 -> 1
step: post
value of $1 -> 1
Verifying : wazuh-indexer-4.3.5-1.x86_64 1/1
Installed:
wazuh-indexer-4.3.5-1.x86_64
Complete!
Uninstall:
[root@centos8 vagrant]# yum remove wazuh-indexer
Failed to set locale, defaulting to C.UTF-8
Dependencies resolved.
================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================
Removing:
wazuh-indexer x86_64 4.3.5-1 @@commandline 614 M
Transaction Summary
================================================================================================================================================================================
Remove 1 Package
Freed space: 614 M
Is this ok [y/N]: y
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 step: preun
value of $1 -> 0
Stopping wazuh-indexer service...
step: preun inside
value of $1 -> 0
OK
Erasing : wazuh-indexer-4.3.5-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 1/1
postun
value of $1 -> 0
Verifying : wazuh-indexer-4.3.5-1.x86_64 1/1
Removed:
wazuh-indexer-4.3.5-1.x86_64
Complete!
[root@centos8 vagrant]#
Downgrade:
[root@centos8 vagrant]# yum install wazuh-indexer-4.3.0-1.x86_64.rpm
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 0:24:56 ago on Wed Jun 29 19:02:03 2022.
Dependencies resolved.
================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================
Downgrading:
wazuh-indexer x86_64 4.3.0-1 @commandline 361 M
Transaction Summary
================================================================================================================================================================================
Downgrade 1 Package
Total size: 361 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.3.0-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.3.0-1.x86_64 1/2
Downgrading : wazuh-indexer-4.3.0-1.x86_64 1/2
Running scriptlet: wazuh-indexer-4.3.0-1.x86_64 1/2
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 2/2
Cleanup : wazuh-indexer-4.3.5-1.x86_64 2/2
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 2/2
Running scriptlet: wazuh-indexer-4.3.0-1.x86_64 2/2
Starting wazuh-indexer service... OK
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 2/2
Verifying : wazuh-indexer-4.3.0-1.x86_64 1/2
Verifying : wazuh-indexer-4.3.5-1.x86_64 2/2
Downgraded:
wazuh-indexer-4.3.0-1.x86_64
Complete!
[root@centos8 vagrant]#
After the investigation, we try to generate the script to abort the execution, working on it.
For debian what was found investigating was that you can disable the upgrade via apt or dpkg. This would be to hold the package so that it does not allow downgrade:
sudo apt-mark hold *name of the package*
sudo apt-mark unhold *name of the package*
echo "PACKAGEhold" | sudo dpkg --set-selections
or
dpkg -i --refuse-downgrade *
another option is to use a package manager like Synaptic Package Manager and prevent updating from the GUI.
I think that for this case, the conclusion would be the same as for RPM, detect the downgrade in %pre script by comparing the versions and abort the installation of the package.
An option to obtain the version would be:
rpm -qi wazuh-indexer | grep Version | cut -d':' -f2 | sed 's/ *//g'
[root@centos8 vagrant]# rpm -qi wazuh-indexer | grep Version | cut -d':' -f2 | sed 's/ *//g'
4.3.5
[root@centos8 vagrant]#
Then I compare it against %{version}
and if it is less I finish the script.
Something like this:
%pre
if [ $1 = 1 || $1 = 2 ];then
# Check version to prevent downgrade
currentver=$(rpm -qi %{name} | grep Version | cut -d':' -f2 | sed 's/ *//g' | sed 's/v//g')
newversion=$(%{version} | sed 's/v//g')
if [ "$(printf '%s\n' "$newversion" "$currentver" | sort -V | head -n1)" = "$newversion" ]; then
echo "Actual version: ${currentver} Greater than to ${newversion}"
exit 1
fi
fi
Implemented the following change for rpm:
%pre
echo "check dolar: ${1} fin"
if [ $1 = 2 ];then
echo "Check version to prevent downgrade..."
# Check version to prevent downgrade
currentver=$(rpm -qi %{name} | grep Version | cut -d':' -f2 | sed 's/ *//g' | sed 's/v//g')
if [ ! -z $currentver ];then
echo "current version: ${currentver} fin"
newversion=$(echo %{version} | sed 's/v//g')
echo "new version: ${newversion} fin"
if [ "$(printf '%s\n' "$newversion" "$currentver" | sort -V | head -n1)" = "$newversion" ]; then
echo "ERROR: trying to install the version: ${newversion} that is lower than the installed version: ${currentver}. The downgrade option is aborted."
exit 1
fi
fi
fi
This validates that the version that is trying to be deployed is greater than the installed version. All the tests were done with yum, since if the rpm is used, it already validates this. And for this case, the downgrade is not allowed unless the rpm -Uvh --oldpackage param is specified.
Install with rpm:
[root@centos8 vagrant]# rpm -i wazuh-indexer-4.3.4-1.x86_64.rpm
package wazuh-indexer-4.3.5-1.x86_64 (which is newer than wazuh-indexer-4.3.4-1.x86_64) is already installed
file /usr/share/wazuh-indexer/modules/systemd/systemd-1.2.4.jar from install of wazuh-indexer-4.3.4-1.x86_64 conflicts with file from package wazuh-indexer-4.3.5-1.x86_64
file /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-certs-tool.sh from install of wazuh-indexer-4.3.4-1.x86_64 conflicts with file from package wazuh-indexer-4.3.5-1.x86_64
file /usr/share/wazuh-indexer/plugins/opensearch-security/tools/wazuh-passwords-tool.sh from install of wazuh-indexer-4.3.4-1.x86_64 conflicts with file from package wazuh-indexer-4.3.5-1.x86_64
[root@centos8 vagrant]#
Install with yum: Two packages 4.3.4 and 4.3.5 were generated with the changes proposed in the spec.
[root@centos8 vagrant]# ls -la
total 739948
drwx------. 3 vagrant vagrant 185 Jun 30 20:48 .
drwxr-xr-x. 3 root root 21 Feb 4 12:06 ..
-rw-r--r--. 1 vagrant vagrant 18 Jul 27 2021 .bash_logout
-rw-r--r--. 1 vagrant vagrant 141 Jul 27 2021 .bash_profile
-rw-r--r--. 1 vagrant vagrant 376 Jul 27 2021 .bashrc
drwx------. 2 vagrant vagrant 29 Jun 28 19:35 .ssh
-rw-r--r--. 1 vagrant vagrant 378831204 Jun 30 20:48 wazuh-indexer-4.3.4-1.x86_64.rpm
-rw-r--r--. 1 vagrant vagrant 378832540 Jun 30 16:35 wazuh-indexer-4.3.5-1.x86_64.rpm
Installed version 4.3.5 and tried to install version 4.3.4:
[root@centos8 vagrant]# yum install wazuh-indexer-4.3.5-1.x86_64.rpm
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 2:57:25 ago on Thu Jun 30 19:39:10 2022.
Dependencies resolved.
================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================
Installing:
wazuh-indexer x86_64 4.3.5-1 @commandline 361 M
Transaction Summary
================================================================================================================================================================================
Install 1 Package
Total size: 361 M
Installed size: 614 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 1/1
check dolar: 1 fin
Installing : wazuh-indexer-4.3.5-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 1/1
Verifying : wazuh-indexer-4.3.5-1.x86_64 1/1
Installed:
wazuh-indexer-4.3.5-1.x86_64
Complete!
[root@centos8 vagrant]#
[root@centos8 vagrant]# yum install wazuh-indexer-4.3.4-1.x86_64.rpm
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 3:05:38 ago on Thu Jun 30 19:39:10 2022.
Dependencies resolved.
================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================
Downgrading:
wazuh-indexer x86_64 4.3.4-1 @commandline 361 M
Transaction Summary
================================================================================================================================================================================
Downgrade 1 Package
Total size: 361 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.3.4-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.3.4-1.x86_64 1/2
check dolar: 2 fin
Check version to prevent downgrade...
current version: 4.3.5 fin
new version: 4.3.4 fin
ERROR: Trying to install the version: 4.3.4 that is lower than the installed version: 4.3.4. The downgrade option is aborted.
error: %prein(wazuh-indexer-4.3.4-1.x86_64) scriptlet failed, exit status 1
Error in PREIN scriptlet in rpm package wazuh-indexer
Verifying : wazuh-indexer-4.3.4-1.x86_64 1/2
Verifying : wazuh-indexer-4.3.5-1.x86_64 2/2
Failed:
wazuh-indexer-4.3.4-1.x86_64 wazuh-indexer-4.3.5-1.x86_64
Error: Transaction failed
[root@centos8 vagrant]#
Another test was to install version 4.3.4, upgrade to 4.3.5 and then try to downgrade to 4.3.4
[root@centos8 vagrant]# yum remove wazuh-indexer
Failed to set locale, defaulting to C.UTF-8
Dependencies resolved.
================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================
Removing:
wazuh-indexer x86_64 4.3.5-1 @@commandline 614 M
Transaction Summary
================================================================================================================================================================================
Remove 1 Package
Freed space: 614 M
Is this ok [y/N]: y
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 1/1
Stopping wazuh-indexer service... OK
Erasing : wazuh-indexer-4.3.5-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 1/1
Verifying : wazuh-indexer-4.3.5-1.x86_64 1/1
Removed:
wazuh-indexer-4.3.5-1.x86_64
Complete!
[root@centos8 vagrant]# yum install wazuh-indexer-4.3.4-1.x86_64.rpm
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 3:06:16 ago on Thu Jun 30 19:39:10 2022.
Dependencies resolved.
================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================
Installing:
wazuh-indexer x86_64 4.3.4-1 @commandline 361 M
Transaction Summary
================================================================================================================================================================================
Install 1 Package
Total size: 361 M
Installed size: 614 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.3.4-1.x86_64 1/1
check dolar: 1 fin
Installing : wazuh-indexer-4.3.4-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.3.4-1.x86_64 1/1
Verifying : wazuh-indexer-4.3.4-1.x86_64 1/1
Installed:
wazuh-indexer-4.3.4-1.x86_64
Complete!
[root@centos8 vagrant]# yum install wazuh-indexer-4.3.5-1.x86_64.rpm
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 3:07:22 ago on Thu Jun 30 19:39:10 2022.
Dependencies resolved.
================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================
Upgrading:
wazuh-indexer x86_64 4.3.5-1 @commandline 361 M
Transaction Summary
================================================================================================================================================================================
Upgrade 1 Package
Total size: 361 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 1/2
check dolar: 2 fin
Check version to prevent downgrade...
current version: 4.3.4 fin
new version: 4.3.5 fin
Upgrading : wazuh-indexer-4.3.5-1.x86_64 1/2
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 1/2
Running scriptlet: wazuh-indexer-4.3.4-1.x86_64 2/2
Cleanup : wazuh-indexer-4.3.4-1.x86_64 2/2
Running scriptlet: wazuh-indexer-4.3.4-1.x86_64 2/2
Running scriptlet: wazuh-indexer-4.3.5-1.x86_64 2/2
Running scriptlet: wazuh-indexer-4.3.4-1.x86_64 2/2
Verifying : wazuh-indexer-4.3.5-1.x86_64 1/2
Verifying : wazuh-indexer-4.3.4-1.x86_64 2/2
Upgraded:
wazuh-indexer-4.3.5-1.x86_64
Complete!
[root@centos8 vagrant]# yum install wazuh-indexer-4.3.4-1.x86_64.rpm
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 3:08:04 ago on Thu Jun 30 19:39:10 2022.
Dependencies resolved.
================================================================================================================================================================================
Package Architecture Version Repository Size
================================================================================================================================================================================
Downgrading:
wazuh-indexer x86_64 4.3.4-1 @commandline 361 M
Transaction Summary
================================================================================================================================================================================
Downgrade 1 Package
Total size: 361 M
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Running scriptlet: wazuh-indexer-4.3.4-1.x86_64 1/1
Running scriptlet: wazuh-indexer-4.3.4-1.x86_64 1/2
check dolar: 2 fin
Check version to prevent downgrade...
current version: 4.3.5 fin
new version: 4.3.4 fin
ERROR: Trying to install the version: 4.3.4 that is lower than the installed version: 4.3.4. The downgrade option is aborted.
error: %prein(wazuh-indexer-4.3.4-1.x86_64) scriptlet failed, exit status 1
Error in PREIN scriptlet in rpm package wazuh-indexer
Verifying : wazuh-indexer-4.3.4-1.x86_64 1/2
Verifying : wazuh-indexer-4.3.5-1.x86_64 2/2
Failed:
wazuh-indexer-4.3.4-1.x86_64 wazuh-indexer-4.3.5-1.x86_64
Error: Transaction failed
[root@centos8 vagrant]#
It will be validated with the team if these changes are incorporated, and then apply the same solution for the deb systems. You also have to apply these changes to the manager, agent and dashboard specs. The echoes are only for testing, then they will be removed.
Downgrading minor versions of Wazuh causes problems due to changes in permissions between users, among other things, it would be important that the downgrade process be prevented from the package.
yum downgrade
Issue related: https://github.com/wazuh/wazuh-packages/issues/1616