Merge pull request #2096 from wazuh/merge-4.14.2-into-main

2025-12-10 00:38:27 -06:00 · 2025-11-28 13:24:49 +01:00 · 2025-11-28 13:24:49 +01:00 · ccbb78131b
commit ccbb78131b
parent f751d0af6b c037570220
3 changed files with 19 additions and 11 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -27,11 +27,13 @@ All notable changes to this project will be documented in this file.

 ### Added

+- Code improvements for 4.14.2 ([#2090](https://github.com/wazuh/wazuh-docker/pull/2090))
 - Artifactory vulnerabilities notification ([#2078](https://github.com/wazuh/wazuh-docker/pull/2078))

 ### Changed

- 
+- The location of the remove command for the wazuh-authd certificates has been changed. ([#2094](https://github.com/wazuh/wazuh-docker/pull/2094))
+- Removed sslmanager key from the docker manager image to 4.14.2. ([#2093](https://github.com/wazuh/wazuh-docker/pull/2093))

 ### Fixed

--- a/build-docker-images/wazuh-manager/Dockerfile
+++ b/build-docker-images/wazuh-manager/Dockerfile
@ -28,7 +28,9 @@ RUN URL_VAR="wazuh_manager_url_${TARGETARCH}_rpm" && \
    -o /tmp/s6-overlay-amd64.tar.gz && \
    tar xzf /tmp/s6-overlay-amd64.tar.gz -C / --exclude="./bin" && \
    tar xzf /tmp/s6-overlay-amd64.tar.gz -C /usr ./bin && \
-    rm  /tmp/s6-overlay-amd64.tar.gz
+    rm  /tmp/s6-overlay-amd64.tar.gz && \
+    rm -f /var/ossec/etc/sslmanager.key && \
+    rm -f /var/ossec/etc/sslmanager.cert

 COPY config/etc/ /etc/
 COPY --chown=root:wazuh config/create_user.py /var/ossec/framework/scripts/create_user.py
--- a/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
+++ b/build-docker-images/wazuh-manager/config/etc/cont-init.d/0-wazuh-init
@ -6,8 +6,6 @@ source /permanent_data.env

 WAZUH_INSTALL_PATH=/var/ossec
 WAZUH_CONFIG_MOUNT=/wazuh-config-mount
-AUTO_ENROLLMENT_ENABLED=${AUTO_ENROLLMENT_ENABLED:-true}
-

 ##############################################################################
 # Aux functions
@ -70,8 +68,17 @@ apply_exclusion_data() {
        mkdir -p ${DIR}
      fi

+      safe_cp() {
+          if cp -p "$1" "$2" 2>/dev/null; then
+              return 0
+          else
+              echo "Warning: Could not copy $1 (may be read-only)"
+              return 0
+          fi
+      }
+
      print "Updating ${exclusion_file}"
-      exec_cmd "cp -p ${WAZUH_INSTALL_PATH}/data_tmp/exclusion/${exclusion_file} ${exclusion_file}"
+      exec_cmd "safe_cp ${WAZUH_INSTALL_PATH}/data_tmp/exclusion/${exclusion_file} ${exclusion_file}"
    fi
  done
 }
@ -269,14 +276,11 @@ main() {
  # Remove some files in permanent_data (i.e. .template.db)
  remove_data_files

-  # Generate wazuh-authd certs if AUTO_ENROLLMENT_ENABLED is true and does not exist
-  if [ $AUTO_ENROLLMENT_ENABLED == true ]
-  then
+  # Create wazuh-authd key and cert if not present
  if [ ! -e ${WAZUH_INSTALL_PATH}/etc/sslmanager.key ]
  then
    create_ossec_key_cert
  fi
-  fi

  # Mount selected files (WAZUH_CONFIG_MOUNT) to container
  mount_files