v14.2 Release Update #1 - 27 more appliances

Wow, has it really been almost a month since I announced v14.2 Core?! Looks like it has! Time flies when you're having fun I guess... :)

I'm pleased to announce 27 new updated appliances that have are now on the mirror. As per usual, these appliances are all available for download in a range of builds. Get them now via the appropriate links on the relevant appliance pages (specific appliance page links provided below). All the new appliances will launch by default from the Hub.

Also there are some other news to share; including a newer version of Adminer, as well as a (somewhat minor) confconsole bug fix. Unfortunately, OpenStack builds are still a work in progress and the Marketplace images are still coming, but hopefully we'll get there soon.

Without further ado, let's round up the first batch of new v14.2 appliances.

27 Updated Appliances

All new v14.2 appliances have version 1.0.0 of Confconsole (which has a somewhat minor bug), as mentioned in the Core announcement. As well as the usual Debian package updates. All appliances also include the other v14.2 components, such as updated Webmin and TKLBAM. All appliances that include Adminer, now have a newer version included. Hopefully the newer version has better support for PostgreSQL users (a number of you have noted that the previous version was a little limited). Read more about that below.

All appliances that install components from upstream source code (i.e. code direct from the original developers) have also been updated. Where ever possible we give LTS versions precedence over "the latest", but generally they should all now include a very recent, up to date stable release.

Newer Version of Adminer

Ninja Debian Developer, TurnKey friend and all round nice guy; Chris Lamb has kindly updated the version of Adminer in the Debian repositories. And TurnKey Community Legend; Ken Robinson (aka DocCyblade) stepped in and tweaked the code to add it to all the v14.2 LAMP/LAPP based appliances as well as for Lighty and Nginx (and a few others).

As many of you may know, the specific version of any software in Debian stable is usually locked for the duration of the release. They do get security patches and bug fixes. But those are backported to the version of the software already included in stable.

However, Debian also has what is called a "backports" repository. The Debian backports repository provides a pathway to have newer software included in a stable release. It isn't perfect, as backported packages don't have the same level of testing, support and attention as packages in the "main" repo. But we've been keeping our eye on Adminer for a while. It seems pretty well constructed and Chris has done a stellar job backporting it. So we think that any potential risks are outweighed by the gains.

Adminer Background Story

For those of you that are interested, I'd like to share a little of the background of this update.

Late last year, it looked like Adminer was close to dropping out of the Debian repositories altogether. The previous maintainer was MIA and the package was already really old (v3.3.3). In a passing conversation, I mentioned my concerns to Chris (whom I'd only just met - via email). I didn't really think much more about it, but next thing I know, Chris had stepped in and taken over the maintenance of the Debian Adminer package. He'd packaged and uploaded the latest version (v4.2.5 at the time) to 'unstable' (where all Debian packages start out). After the obligatory wait, it migrated to testing and Chris developed a Jessie backport.

Soon after the newer Adminer hit backports, TurnKey Community Power Dev; Ken Robinson jumped into gear and tweaked the TurnKey buildcode to include the newer Adminer version. Thanks tons to both of you guys! You rock!

Congrats to Chris (a complete aside)

As a complete aside, we'd also love to congratulate Chris on his recent success in being elected as the new Debian Project Leader. I must say that I found his platform appealing and if I were a Debian Developer, I wouldn't have hesitated to vote for him too! Nice work Chris!

The Fresh Appliances

To get back on track, the freshly updated appliances (in alphabetical order) are:

Please spin one (or 2 or 3 or more) up and let us know what you think. We always love feedback, but particularly constructive criticism.

Confconsole Bug Fix

Soon after release, a bug in the new Confconsole Hostname plugin came to light. As noted on GitHub, this issue relates to the Postfix config not being updated with the new hostname. As such it will only affect users who have the affected version of Confconsole (1.0.0+4+g18aa7e6 aka v1.0.0), use it to update their hostname and wish to send email. The fixed version of Confconsole is v1.0.1. Unfortunately, it only became apparent after we had already built this latest round of updated appliances.

For a moment, we contemplated rebuilding them all. But seeing as we have a ton more appliances to get through, not to mention starting work on v15.0 (rebase on Debian Stretch), we thought better of it. So instead of spending precious time rebuilding affected appliances, we decided to just push on.

It's far from ideal, but it seems to us to be the best bad option. Hopefully you'll agree. As hinted above, we have released a fixed package and users can update to it via apt.

To check your version of Confconsole:

apt-get update && apt-cache policy confconsole

Users potentially affected by this bug will see:

  Installed: 1.0.0+4+g18aa7e6
  Candidate: 1.0.1
  Version table:
    1.0.1 0
       999 http://archive.turnkeylinux.org/debian/ jessie/main amd64 Packages apt-cache
*** 1.0.0+4+g18aa7e6 0
       100 /var/lib/dpkg/status

From this, we can see that the installed version is '1.0.0+4+g18aa7e6' (aka "v1.0.0") but the "candidate" (version that will be installed with 'apt-get install') is v1.0.1. v14.0/14.1 users would expect to see '0.9.4+153+g10511f8' installed. If you see 0.9.4..., then this bug does not affect you (but perhaps you'll want to update).

For users affected by this (i.e. anyone who has manually updated confconsole or anyone using Core v14.2 or any of these 27 new appliances), the fix is as simple as updating. Do that like this:

apt-get update && apt-get install confconsole

If you are using v14.0 or v14.1 and wish to update, please see the docs.

More to Come

With a library of around 100 appliances, that means we're close to a third of the way through. I'm hoping to have another batch of 10-20 ready by next week and get them all updated (bar perhaps a couple of the extra tricky ones) by the end of the month. We'll see how that goes... Regardless, I will keep plugging away until they're all up to date!

So please try them out and let us know what you think. We're especially interested in bug reports, suggested improvements (big and small) and any other constructive criticism you have for us. Please post in the comments below, or start a new thread in the forums

. Bug reports and feature requests can be lodged directly to our "Issue Tracker".
You can get future posts delivered by email or good old-fashioned RSS.
TurnKey also has a presence on Google+, Twitter and Facebook.


Andi Northrop's picture

Nice work, shall be spinning LAMP and Drupal 8 up shortly :)

Just to note the Drupal 8 page is still showing the old permissions error "You are not authorized to access this page."


John Youssef's picture

Ditto, would really like to get that Drupal 8 VM

Jeremy Davis's picture

Sorry guys I forgot about that (it looked fine to me...). It's fixed now so you should be good to go. Please let us know how it goes.
John Youssef's picture

Looks like the manifest for that ovf is invalid, any chance we could get it updated?


Jeremy Davis's picture

Someone else also reported that. I've put it on the tracker and we'll look into it ASAP (not sure why I didn't hit that in my testing).

Unfortunately I don't have an ETA on releasing a fix but I'll get to it real soon. I've lodged a bug on the tracker.

In the meantime, please try the VMDK or the ISO. And what I might do for now is just disable the OVA download.

Jeremy Davis's picture

As per my post on that other thread, I can't really reproduce it. I'm not sure whether there is something funky with the version which I have, or a bug in the version you guys have?

So if you can please give me some more info on the specific software you are using and the version. Hopefully I can work out what the issue is... Or perhaps you just got a corrupted download? Although usually a corrupted archive won't open properly (so I would expect you would more likely get an error on corrupted ova, rather than corrupted manifest).

John Youssef's picture

I'm using VMware ESXi 5.5. When I try to deploy the tempate I get the following error:

The OVF package is invalid and cannot be deployed.

The following manifest file entry (line 1) is invalid: SHA256(turnkey-drupal8-14.2-jessie-amd64.ovf)=5ddfd7f9f45c088d9253b2c9b667263723a08fdb56d3fdda31621d53c6fbcef7

Jeremy Davis's picture

Thanks very much. I'll look a bit closer at the manifest and see what's going on. I'll be back with something more as soon as I can.
Jeremy Davis's picture

I finally put some time aside to look into this a little closer. And I'm pretty sure I've discovered the issue. It's a compatibility problem with older versions of VMware products.

For v14.2 we used the latest version of VMware's OVF tool (v4.2) to produce our OVAs. And it appears that for this latest release (for v14.1 we used OVFTool v4.1) VMware have updated the checksum to SHA256 (which is good; SHA1 is essentially broken from a security standpoint).

However, it seems that older VMware products, such as ESX/ESKi up until vSphere v6.0 are not compatible with SHA256 checksums and can only understand SHA1 checksums. Older versions of VMware's other software are no doubt also affected e.g. Workstation, Player, etc.

I have discussed this with Alon and I'm going to test including both an SHA1 and SHA265 checksum to see if that can get us over the line and provide backwards compatibility. Even if I do manage to work around it satisfactorily, you'll no doubt hit this issue more and more as other vendors update to the new version of OVFTool. So longer term, it's probably worth looking at your upgrade options. You're going to need to either update your VMware infrastructure, or move to an alternate hypervisor (e.g. ProxmoxVE).

If I can't provide backwards compatibility, then until you upgrade, you'll need to resort to using the legacy VMX (included with our legacy VMDK build) or install from ISO. Another work around would be to download the old version of OVFTool (v4.1 should do it) and pre-process the OVAs with that first.

Bjarne's picture

Thank you so much for your continued support and development of Turnkey Linux.

We've been running a WordPress intranet on the v14.1 release in a Hyper-V machine for almost a year, with near 100% uptime. Very impressed.

I'll download the v14.2 release and give it a spin on my machine.

Using Turnkey WordPress and I LIKE it :)

Jeremy Davis's picture

Thanks for the kind, encouraging words! :)

Probably the most significant change specific to the v14.2 WordPress appliance is that it now comes with no plugins pre-installed.

We had a few comments that lead us to reconsider bundling it with plugins. One is that they're really easy for an admin to install them from within WordPress. The other was that whilst most of them were pretty useful, it's still highly unlikely that anyone would want all the ones we were including. So either there is something adding to server load without providing benefit (and potentially an attack vector too), or the admin needs to remove unwanted plugins. Either way it's a bit sucky...

FWIW, all the other cool stuff (e.g. the Let's Encrypt integration) is common to all v14.2 apps.

Bjarne's picture

As promised, I gave the latest WordPress stack a thorough spin:

  • Installed the .iso in a HyperV machine
  • Imported a 510 MB large WordPress website using All In One WP-Migration
  • Ensured WordPress 4.7 PDF thumbnail support, by adding imagick and ghostscript within webmin
  • Noticed that turnkey credits added to the output, conflicts with Divi builder, but once removed (sorry), everything worked perfectly.
  • Installed and tested WordFence.

Being a local test installation, I wasn't able to test the new Let's Encrypt certificate support.

The page https://www.turnkeylinux.org/wordpress still mentions the plugins that were prevously bundled. Thank you for not including those anymore, makes the install even lighter and quicker.

Thank's to everyone involved in this project - your efforts are appreciated :)


Using Turnkey WordPress and I LIKE it :)


Post new comment