In the light of xz

So, yeah, the small dev-op that I am, for my self hosted services for both my family and my small business, needed to react in the light of the xz backdoor.

Got here and read it in diagonal: and run a yay on my systems. This solved for my personal computers. Checked the version of xz and it looks good: 5.6.1-3

The Home Server

The base OS: Debian 11 bullseye

Moved to the next suspect: my NAS / Home Server running OpenMediaVault. Done a update&upgrade just to be sure. xz-utils has version 5.2.5-2.1~deb11u1. Reading here: I should be ok. At least for the base OS. What about the dockers?

The Dockers

I do not know how the dockers were packed, and I admit I should look into detail, but I am betting on "solve through upgrade".

I update the NextCloud AIO through the AIO Interface. Btw. I wanted to write a article about making the AIO Interface available from the web... it will come... :-)

I do not have the patience and in parallel i pull a sudo docker compose pull, which pulls the last images for the rest of my services. I also try a docker-compose up -d which spits some errors... pfuuu, check if NextCloud finished the backup. It did. I can now check why the compose is not working.

Couple of google searches later I find out that docker-compose is obsolete and docker compose is the new thing. Thank you StackOverFlow:

I use the new command, delete the old containers, use again the new command and finish the NextCloud update.

Time to move to the next suspect.

My small VPS

The base OS again Debian 11 bullseye

Just to be sure, I run and update&upgrade

The containers

Here I have some services that are not power intensive but I need them always available. They can also not be installed with softaculous that I have on my account, because Python, Postgres and so on...

I do the "pull" thing again and try to "compose" but the swag is throwing an error on getting the certs...

Couple of searches later I find out that one cannot use anymore the Global Cloudflare API Key and needs an API Token.

Couple of searches later I find out that this should be also specified differently in the Cloudflare authentication file... yes, I have tried to replace the Global API Key with the API Token and expected to be a 1-to-1 replacement. Reading a bit more, I've found out that also the parameter name needs to be changed.

Finally swag gets the certs, all ok. Pfuuu.

My "big" VPS

This is a VPS with a single goal: to run a small online shop.

The base OS: Ubuntu

According to Ubuntu is not affected. OS is kept up to date by scripts. No other services or clutter on this machine! Yey!

As the light of xz fades out...

... I have learned some new things... or got updated on some things... one must keep up to date, or?

I wrote also this, mainly as a reminder to self about what I have done.

... and I am glad that one more time the open source concept functioned. Yes, it's clogged with a lot of information, garbage, speed, overhead, thousand integrations and so on, but it functions as a principle.

P.S. Today I have managed also to make the reCaptcha work with Grav Comments! Yey! Btw. for me it worked with a v2 integration. I have fought with a v3 one for like a half of hour and I have lost...

Add a comment