[TriLUG] supporting legacy SSL ciphers
John Franklin via TriLUG
trilug at trilug.org
Mon Feb 22 09:55:20 EST 2021
On Feb 21, 2021, at 22:35, Alan Porter via TriLUG <trilug at trilug.org> wrote:
>
> I started thinking about running the entire old server image in a virtual machine... a VM inside the virtual machine that Linode gives me. But then I got to thinking smaller. If not a full VM, how about a docker image. And smaller. If not a docker image, how about just a 'chroot'?
>
> CHROOT is what I did... and it works!
>
> I provisioned a brand-new server from Linode, and rsynced the entire filesystem from the 2006-era server into a subdirectory (we can call it $CHROOTDIR). Then I removed all of the cruft, like years of old logs.
>
Well done!
A simple chroot-jail works fine here because Linus does his best to maintain backwards compatibility in the kernel. If, for some reason, the 2006-era libc could no longer connect to the system calls in the latest kernels, you’d need something like Docker to translate the system calls.
It also, I think, illustrates one of the risks of Docker-based deployments of software — the inability to update an old Docker image because it still works and the newer version doesn’t or can't. I’m certain it will mean lots of EOL’d software running in production in containers five to ten years from now.
Again, awesome work, and thanks for sharing how it all worked out!
jf
--
John Franklin
franklin at elfie.org
More information about the TriLUG
mailing list