New TurnKey Core version (18.0)

Changes:

  • Upgraded base distribution to Debian 12.x/Bullseye.
  • Configuration console (confconsole):
    • Support for DNS-01 Let's Encrypt challenges. [ Oleh Dmytrychenko github: @NitrogenUA ]
    • Support for getting Let's Encrypt cert via IPv6 - closes #1785.
    • Refactor network interface code to ensure that it works as expected and supports more possible network config (e.g. hotplug interfaces & wifi).
    • Show error message rather than stacktrace when window resized to incompatable resolution - closes #1609. [ Stefan Davis ]
    • Bugfix exception when quitting configuration of mail relay. [ Oleh Dmytrychenko github: @NitrogenUA ]
    • Improve code quality: implement typing, fstrings and make (mostly) PEP8 compliant. [ Stefan Davis & Jeremy Davis ]
  • Firstboot Initialization (inithooks):
    • Refactor start up (now hooks into getty process, rather than having it's own service). [ Stefan Davis ]
    • Refactor firstboot.d/01ipconfig (and 09hostname) to ensure that hostname is included in dhcp info when set via inithooks.
    • Package turnkey-make-ssl-cert script (from common overlay - now packaged as turnkey-ssl). Refactor relevant scripts to leverage turnkey-ssl.
    • Refactor run script - use bashisms and general tidying.
    • Show blacklisted password characters more nicely.
    • Misc packaging changes/improvements.
    • Support returning output from MySQL - i.e. support 'SELECT'. (Only applies to apps that include MySQL/MariaDB).
  • Web management console (webmin):
    • Upgraded webmin to v2.102.
    • Removed stunnel reverse proxy (Webmin hosted directly now).
    • Ensure that Webmin uses HTTPS with default cert (/etc/ssl/private/cert.pem).
    • Disabled Webmin Let's Encrypt (for now).
  • Web shell (shellinabox):
    • Completely removed in v18.0 (Webmin now has a proper interactive shell).
  • Backup (tklbam):
    • Ported dependencies to Debian Bookworm; otherwise unchanged.
  • Security hardening & improvements:
    • Generate and use new TurnKey Bookworm keys.
    • Automate (and require) default pinning for packages from Debian backports. Also support non-free backports.
  • IPv6 support (where not noted elsewhere):
    • Adminer (only on LAMP based apps) listen on IPv6.
    • Nginx/NodeJS (NodeJS based apps only) listen on IPv6.
  • Misc bugfixes & feature implementations:
    • Remove rsyslog package (systemd journal now all that's needed).
    • Include zstd compression support.
    • Enable new non-free-firmware apt repo by default.
    • Improve turnkey-artisan so that it works reliably in cron jobs (only Laravel based LAMP apps).

Links

New TurnKey Core version (17.1)

Changes:

  • Updated all Debian packages to latest. [ autopatched by buildtasks ]
  • Patched bugfix release. Closes #1734. [ autopatched by buildtasks ]

Links

New TurnKey Core version (17.0)

Changes:

  • Upgraded base distribution to Debian 11.1/Bullseye.
  • Configuration console (confconsole):
    • Minor packaging changes for Debian Bullseye.
    • Fix warnings on Confconsole when upgrading to Python3.9 - resolved by swapping identity check for equality check - closes #1634.
    • Remove dhparams generation - part of #1653.
    • Move Secupdates_adv_conf.py (confconsole plugin) from "common" into confconsole package. Should have no end user impact.
    • Bugfix & improvements to Let's Encrypt plugin:
      • Fix cert not being used on stand-alone Tomcat appliance - closes #1712.
      • Update to support changed systemd output (fixes stunnel not restarted on Bullseye).
    • Improvements in Keyboard setting plugin - not sure if this is enough to fix it, but it should at least be closer. Related to #1695.
    • General code and documentation improvements.
  • Firstboot Initialization (inithooks):
    • Minor packaging changes for Debian Bullseye.
    • Bugfix typo in firstboot.d/15regen-sslcert.
    • Update the init-fence default html.
    • Update simplehttpd.py cyphers.
    • Remove dhparams generation - part of #1653.
    • Code refactor to provide inithook_lib. [ Stefan Davis ]
  • Web management console (webmin):
    • Upgraded webmin to v1.990.
    • Bugfix, refactor and improve TKLBAM Webmin module. Closes #178, #190, #288, #1065, #1260 & #1680. [ Jeremy Davis ]
    • Include webmin-firewall6 (firewall UI for IPv6) by default - part of #1658. [ Richard van Dijk ]
    • Update individual Webmin stunnel config to support IPv6 - part of #1658. [ Richard van Dijk ]
  • Web shell (shellinabox):
    • Update individual Webshell stunnel config to support IPv6 - part of #1658. [ Richard van Dijk ]
  • Backup (tklbam):
    • Change default NTPSERVER to one that also supports IPv6 - part of #1658. [ Richard van Dijk ]
    • Build specific py2 dependencies previously provided by Debian for Bullseye base (TKLBAM still py2). Ideally it should be updated to py3 (or rewritten) but we don't want to block v17.0 release any further.
    • No longer include live* related packages (e.g. di-live, live-tools, etc) in TKLBAM default package list (pkgs only in ISO and uninstalled on install). Closes #1681.
  • Security hardening & improvements:
    • Generate and use new TurnKey Bullseye keys.
    • Provide predefined dh_params (via 'turnkey-make-ssl-cert' where relevant) as per RFC7919 - part of #1653.
    • Enable TLS by default for use with Postfix.
    • Servers which include Apache|LigHHTTPd|Nginx now have HSTS and OCSP stapling configuration (not fully enabled by default - as requires valid SSL/TLS cert).
  • Misc bugfixes & feature implementations:
    • Remove redundant autologin, singleuser_shell & ssh_emptypw scripts from default common overlay.
    • Cleanup/tweak MOTD.
    • Update vim default conf path (for new version of vim in Bullseye).
    • Move Nginx & LigHTTPd apps from FastCGI to PHP-FPM (apps with Nginx/LigHTTPd only) - closes #1589.

Links

Pages