July 2018
Just upgraded from 0.73.1 to 0.73.2 and am now getting the following error message:
pi@ha:~ $ sudo service home-assistant status
● home-assistant.service - Home Assistant
Loaded: loaded (/etc/systemd/system/home-assistant.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2018-07-16 16:52:07 EDT; 233ms ago
Process: 1219 ExecStart=/srv/homeassistant/bin/hass -c /home/homeassistant/.homeassistant (code=exited, status=1/FAILURE)
Main PID: 1219 (code=exited, status=1/FAILURE)
Jul 16 16:52:07 ha hass[1219]: File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/__main__.py", line 352, in main
Jul 16 16:52:07 ha hass[1219]: args = get_arguments()
Jul 16 16:52:07 ha hass[1219]: File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/__main__.py", line 85, in get_arguments
Jul 16 16:52:07 ha hass[1219]: import homeassistant.config as config_util
Jul 16 16:52:07 ha hass[1219]: File "/srv/homeassistant/lib/python3.5/site-packages/homeassistant/config.py", line 162, in <module>
Jul 16 16:52:07 ha hass[1219]: vol.All(cv.ensure_list, [auth.AUTH_PROVIDER_SCHEMA])
Jul 16 16:52:07 ha hass[1219]: AttributeError: module 'homeassistant.auth' has no attribute 'AUTH_PROVIDER_SCHEMA'
Jul 16 16:52:07 ha systemd[1]: home-assistant.service: Main process exited, code=exited, status=1/FAILURE
Jul 16 16:52:07 ha systemd[1]: home-assistant.service: Unit entered failed state.
Jul 16 16:52:07 ha systemd[1]: home-assistant.service: Failed with result 'exit-code'.
Any ideas on how to fix it?
July 2018
balloob
Founder of Home Assistant
Please don’t use blog posts for raising issues, use the issue tracker instead.
It was reported here and has been fixed already.
July 2018
So, what is potentially the scope of a mitm in this context? An attacker could have access to the impacted service even when the machine running Hass is not exposed to the internet? Just to this service or to more?
1 reply
July 2018
I’m using Hass.io with the DuckDNS add-on. Is this also affected with this security incident?
1 reply
July 2018
▶ JayOne73
balloob
Founder of Home Assistant
Hass.io add-ons are not impacted. Only if you are using any of the above integrations within Home Assistant (specified in your configuration.yaml)
July 2018
EDIT: It was a stupid question. It has now appeared. I read elsewhere that there is a delay before hassio gets packaged once a new release comes out.
This feels like a stupid question…
I’m running hassio on HassOS.
Should I have a notification of there being a new version?
On ResinOS I had sensor badge appear on my home page and an indication on the hassio system page with an upgrade button.
July 2018
Does this only affect users that have been using the built in HTTPS encryption?
In other words, are users that use a Nginx Proxy (for example) to handle HTTPS traffic unaffected?
1 reply
July 2018
▶ BrianHanifin
balloob
Founder of Home Assistant
Affects all users as it is affecting outgoing connections. Incoming connections have been and are fine.
July 2018
Stupid question but just want a little clarity. The integrations under “Local, so cannot be impacted”, we don’t need to change anything for those integrations then, correct?
1 reply
July 2018
▶ techwithjake
balloob
Founder of Home Assistant
There are no stupid questions when it comes to security.
Correct, you don’t need to change anything for the local connections.
July 2018
It’s a pity you can’t simply generate new API keys for OpenALPR cloud. I asked them about it and the only way to get new ones is to (delete your old and) create a new account.
I have a question as well regarding the cloud-component: should we change our password for the Home Assistant Cloud, if yes, how?
1 reply
July 2018
▶ tielemans.jorim
balloob
Founder of Home Assistant
You don’t have to change your password for Home Assistant Cloud. Your username and password were never transmitted via unverified SSL connections. Only short-lived access tokens.
