Received: from email.lodispoto.com (email.lodispoto.com [IPv6:2600:3c00::f03c:93ff:fece:530b])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 00D4D2259F1
	for <~alpine/users@lists.alpinelinux.org>; Sat, 30 Mar 2024 05:17:02 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id A19234210E
	for <~alpine/users@lists.alpinelinux.org>; Sat, 30 Mar 2024 00:17:01 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lodispoto.com;
	s=dkim; t=1711775821; h=from:subject:date:message-id:to:mime-version:content-type:
	 content-language:autocrypt; bh=1/CznLVRnf+ttOqsNExBibYGa7sxCrYWFLYJzlWhKDY=;
	b=DcQHg40sQRz2S0F1+ryR7m0xgaMLB60xZ8vxNZPMTQsh9LR9Qx5iqptNvjvb7eBmxlKi3W
	RQ0kzPhQ9ioG/0w8tqT3f0/Ot1nPJnuORF/wz2oEbfnReFAupQcqu9G+fFaduRLqsTVfW2
	KdXQcKjQ9inAjS7OxQBPbcbAsT+Jfg+YSHbM1WRA2cWJGlu0rWOjQSwkl6Xb7Sk7ZZuiZZ
	smphLbC5FB2owoT/OBRPo1dfNcYpdBoDKiIdyTq32rNecRKMZHaLC/k8Ak/FjsSNXm/pcr
	fZEyBsZ/VKOoihWniiGZNmEY/pEG3omWRolsKKk6TfM8Gyx/3a1pwzz14erprQ==
Content-Type: multipart/alternative;
 boundary="------------odP8QwwEhALAw9BWhBjKpbY2"
Message-ID: <1c614505-92f2-42b4-ba46-b227777e0d5b@lodispoto.com>
Date: Sat, 30 Mar 2024 00:16:57 -0500
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: ~alpine/users@lists.alpinelinux.org
Content-Language: en-US
From: Mike Lodispoto <mike@lodispoto.com>
Subject: XZ force downgrade led to removal of many packages
Autocrypt: addr=mike@lodispoto.com; keydata=
 xsDNBGRq89gBDACz7Oc3yu539TNt+ndntDERbStrq0O1mfl5vG/bb3PbJ6HpxMUucOC+xidX
 tcEfH8x/r+bCwXaqbSvEGOMk85bMZmwNtNqP1lszFvM2RJ4pidiS1FN4a5eYALD8pvSg5xJA
 +8x1rTBVaw05yP1+d61FDYOzIx2pg9k9+nm8CyMB/PsDsPf/cKSs1EDOKPbHVUQftQHFFSDd
 CXDeXY0EvdB9wBeON7/o+r/emS4aQXVqm19cxMcMIAiNE6y4uXQV8xzTQsNFeSMrlhbN8M5e
 G9VaI6YNqOuVodHUxPJZMtETyPw7zKnm/q+2atcGpfB6wgMN4dVWrQTe+7ff91CY5u0mIqG/
 LRNV0mEohmjV/p6d/6rS4vWbKO9I2gjRz5UHicCbLt3c3mPiLQP4bqiuSSLfrZQpf8JZ0HqA
 S7ELiZX6Eiv9zZlZ7qeKZ5r5tCnN4G0sEXj1Utz37vKIpWJoxNbXWkLuBOxdWfmZ2lPKFdvZ
 zGM1fSxt7XT49vxN3R/UDJ0AEQEAAc0mTWljaGFlbCBMb2Rpc3BvdG8gPG1pa2VAbG9kaXNw
 b3RvLmNvbT7CwQ4EEwEIADgWIQQVdJlMwTOb62rmp6On0mSSaYL9cwUCZOWJpgIbAwULCQgH
 AgYVCgkICwIEFgIDAQIeAQIXgAAKCRCn0mSSaYL9c/+iC/sFNuyjQ5K8ySZRrHYE29Mh5Yi1
 dU/BIXbHcdjDEZXfDZhHfKpSJhzXWfAGgvU4ItKxFJ/pZjuXmRSh4tQPVUeJh2FNJaAlibCo
 1TPJIgHvWX9xcJn/2MbAlXcfa7HmZPMJYdSkrIRA2eJNd6pu37gmXpNpbbUNXIK8K9Q1VGw/
 oiYWXBYM2F8v972SLjfZ2lXOgdU4pu6ikkf1EwV5FUK/QNT1WK6/5G4G/Y2MpNILjWPYVbqK
 y1yZCTxUhQT4Tm2ifKbWuxd3YrKLThcxFGMfR0ONRpDqtOxhllbBw9OVf3f98mN6b6NmqVjT
 smaueY76Eyeru3X0SheDIh/CFPpbWBIkIwcnncvTJz0ldGE7xklvZLOid+q+//QEeNpwySB6
 2yfRdLoKDwxtnecW78CZeeD8fgZkG2C9zN6170+Y3XbXJd72L8dB2XYwIRAinF8QX3Xx0l7H
 ZyaFvtE3PS9q8mCni0dHn4MDNl/wpefjfI22CSB7ncz3vTDUVRxot3zOwM0EZGrz2AEMAOu3
 sPbBnctUZiNTfcNz+ziPd8kvrU/9lPzNxacgLGTyPQcsbie6cvaBJO9ir6occnnU1AjTU3lH
 ycYQUOazAzBHkLb02RYZlZFoBOspxXioPB88J9UOCvNDk3EzkicmVucgvbe8S2umMFalau9w
 hdh/jrlfISNwBSBWbGnvc9i+jqT7QYN93zlPgTAIvROUO1ao3+NH/CgKG3iSsjngXX++pGHD
 dKaPNM4G9VUUB2Dsserr7vZCXSDyNzMkQCyuh8rr5bAJEFZ955XztOSRvXQmCuZfaIW+hzFK
 lgKdYLc3K6ETJYfF+xIds66vYbjG6+yWdrJIVvzViJxziwADhqJNjOemDCvn8ubNbwy4ONKJ
 jMDRmZgytBR5Ytu6tQBrihLw4xc2KtscV+bmH0qeVDYCsrkRxozghaJx9f1g0i/DRnu2SaXb
 3DtUFNPQzzyLSezQOSKuU9DYLpGPvt2zaQSCHZ4xWGluVzNqnHyIeSd6VvUZFmBfIhYy2HQQ
 BD/gZQARAQABwsD2BBgBCgAJBYJkavPYApsMACEJEKfSZJJpgv1zFiEEFXSZTMEzm+tq5qej
 p9JkkmmC/XMq+Qv/YbbGnGyYMfsmwqtRF+bIrvUjG/p2lun1K272PGhjOd2rRGbRrHc4Vwfn
 UVbCUV8rSD46LAFh8Ttte+LJYCfiQXXrHN3avH8OqMdaVAs4pui/bGAyfnqhESQ9XucybK5L
 gvCRmZG7HjoI6hYRHG9tRe2u+YLvue888M156cyTawrqouSt/OxfxMqX+/n2aTKouFaAkH0i
 syaYk5YB1yjW8GKmCjbMSU/V8spjB6mduTyShRZF2G72e+V/5mqGqZTMBJkrukvuPblHzXKX
 ZPmnHX/Pkgp4Hgyub9cQvx65EUt6bsp06xwws/fHFB01B4eKDQ3qml5AKYt7qASw0PQnqUaX
 GHATayxCUnYeq9CIaxO578V0EkqRnN0v+niy/nOFWk7pa4+C6KW430YCaPM22KYTemuEiqQF
 v9SOZs3ysI1QMKyE7bsxxcYNaGdInzp7KUj7t1IDNDk7JVUafOxT/G5yo8IAw/y1wjy4z/G2
 JH53RA1MTroCbT76gd1+LosO
X-Last-TLS-Session-Version: TLSv1.3

This is a multi-part message in MIME format.
--------------odP8QwwEhALAw9BWhBjKpbY2
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

Hello,

I was attempting to downgrade XZ because of the SSH backdoor in it.

I'm not the most familiar with Alpine, so this might have been user 
inexperience that screwed me, but I did

|apk add xz-libs=5.4.6 --force|

I had tried it without force before, but it had said something along the 
lines of xz-libs is required by world.

This ended up with a bunch of essential packages removed.

|certbot-nginx-pyc certbot-nginx certbot-pyc certbot 
py3-configargparse-pyc py3-configargparse py3-distro-pyc py3-distro 
py3-distutils-extra-pyc py3-distutils-extra py3-parsedatetime-pyc py3
-parsedatetime py3-future-pyc py3-future py3-acme-pyc py3-acme 
py3-josepy-pyc py3-josepy py3-pyrfc3339-pyc py3-pyrfc3339 py3-tz-pyc 
py3-tz py3-openssl-pyc py3-openssl py3-cryptography-pyc p
y3-cryptography py3-cffi-pyc py3-cffi py3-cparser-pyc py3-cparser 
cloud-init-openrc cloud-init-doc cloud-init-pyc cloud-init 
cloud-utils-growpart partx sfdisk py3-configobj-pyc py3-configob
j py3-six-pyc py3-six py3-jinja2-doc py3-jinja2-pyc py3-jinja2 
py3-markupsafe-pyc py3-markupsafe py3-jsonpatch-pyc py3-jsonpatch 
py3-jsonpointer-pyc py3-jsonpointer py3-jsonschema-pyc py3-j
sonschema py3-jsonschema-specifications-pyc 
py3-jsonschema-specifications py3-referencing-pyc py3-referencing 
py3-attrs-pyc py3-attrs py3-rpds-py-pyc py3-rpds-py py3-requests-pyc 
py3-reques
ts py3-certifi-pyc py3-certifi py3-charset-normalizer-pyc 
py3-charset-normalizer py3-idna-pyc py3-idna py3-urllib3-pyc py3-urllib3 
py3-yaml-pyc py3-yaml shadow-doc shadow tzdata-doc tzdata
eudev-doc eudev-openrc eudev udev-init-scripts-openrc udev-init-scripts 
eudev-libs gdbm-doc grub-bios grub-doc grub ifupdown-ng-iproute2 
iproute2-minimal iotop-pyc iotop-doc iotop json-c-do
c kmod-doc libelf libfdisk libsmartcols libxml2-doc libzip-doc 
linux-pam-doc linux-virt mariadb-doc mariadb-openrc mkinitfs-doc 
mkinitfs kmod lddtree mpdecimal-doc mysql mariadb php7-cgi ph
p7-fpm php7-simplexml php7-soap php7-xmlreader php7-dom php7-xmlrpc 
php7-xml php7-zip php81-doc php81 php81-common py3-packaging-pyc 
py3-parsing-pyc py3-pip-pyc py3-pip-doc py3-pip py3-setu
ptools-pyc py3-setuptools py3-packaging py3-parsing python3-doc 
python3-pyc python3-pycache-pyc0 pyc yaml python3 kmod-libs libzip 
libxml2 xz-libs cryptsetup-libs argon2-libs gdbm json-c li
bpanelw linux-pam mpdecimal|

In my mind, force would have had it told me what packages were going to 
be changed before applying them, so I could approve it like normal.

Am I just completely screwed? I can do a clean install if needed, but 
I'd like to salvage my system.

Thanks,

Mike Lodispoto

--------------odP8QwwEhALAw9BWhBjKpbY2
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>Hello,<br>
    </p>
    <p>I was attempting to downgrade XZ because of the SSH backdoor in
      it.  </p>
    <p>I'm not the most familiar with Alpine, so this might have been
      user inexperience that screwed me, but I did</p>
    <p> <code>apk add xz-libs=5.4.6 --force</code> </p>
    <p>I had tried it without force before, but it had said something
      along the lines of xz-libs is required by world.</p>
    <p>This ended up with a bunch of essential packages removed.</p>
    <code>certbot-nginx-pyc certbot-nginx certbot-pyc certbot
      py3-configargparse-pyc py3-configargparse py3-distro-pyc
      py3-distro py3-distutils-extra-pyc py3-distutils-extra
      py3-parsedatetime-pyc py3<br>
      -parsedatetime py3-future-pyc py3-future py3-acme-pyc py3-acme
      py3-josepy-pyc py3-josepy py3-pyrfc3339-pyc py3-pyrfc3339
      py3-tz-pyc py3-tz py3-openssl-pyc py3-openssl py3-cryptography-pyc
      p<br>
      y3-cryptography py3-cffi-pyc py3-cffi py3-cparser-pyc py3-cparser
      cloud-init-openrc cloud-init-doc cloud-init-pyc cloud-init
      cloud-utils-growpart partx sfdisk py3-configobj-pyc py3-configob<br>
      j py3-six-pyc py3-six py3-jinja2-doc py3-jinja2-pyc py3-jinja2
      py3-markupsafe-pyc py3-markupsafe py3-jsonpatch-pyc py3-jsonpatch
      py3-jsonpointer-pyc py3-jsonpointer py3-jsonschema-pyc py3-j<br>
      sonschema py3-jsonschema-specifications-pyc
      py3-jsonschema-specifications py3-referencing-pyc py3-referencing
      py3-attrs-pyc py3-attrs py3-rpds-py-pyc py3-rpds-py
      py3-requests-pyc py3-reques<br>
      ts py3-certifi-pyc py3-certifi py3-charset-normalizer-pyc
      py3-charset-normalizer py3-idna-pyc py3-idna py3-urllib3-pyc
      py3-urllib3 py3-yaml-pyc py3-yaml shadow-doc shadow tzdata-doc
      tzdata <br>
      eudev-doc eudev-openrc eudev udev-init-scripts-openrc
      udev-init-scripts eudev-libs gdbm-doc grub-bios grub-doc grub
      ifupdown-ng-iproute2 iproute2-minimal iotop-pyc iotop-doc iotop
      json-c-do<br>
      c kmod-doc libelf libfdisk libsmartcols libxml2-doc libzip-doc
      linux-pam-doc linux-virt mariadb-doc mariadb-openrc mkinitfs-doc
      mkinitfs kmod lddtree mpdecimal-doc mysql mariadb php7-cgi ph<br>
      p7-fpm php7-simplexml php7-soap php7-xmlreader php7-dom
      php7-xmlrpc php7-xml php7-zip php81-doc php81 php81-common
      py3-packaging-pyc py3-parsing-pyc py3-pip-pyc py3-pip-doc py3-pip
      py3-setu<br>
      ptools-pyc py3-setuptools py3-packaging py3-parsing python3-doc
      python3-pyc python3-pycache-pyc0 pyc yaml python3 kmod-libs libzip
      libxml2 xz-libs cryptsetup-libs argon2-libs gdbm json-c li<br>
      bpanelw linux-pam mpdecimal</code>
    <p>In my mind, force would have had it told me what packages were
      going to be changed before applying them, so I could approve it
      like normal.</p>
    <p>Am I just completely screwed? I can do a clean install if needed,
      but I'd like to salvage my system.</p>
    <p>Thanks,</p>
    <p>Mike Lodispoto<br>
    </p>
  </body>
</html>

--------------odP8QwwEhALAw9BWhBjKpbY2--