New TurnKey Core version (17.1)

Changes:

  • Updated all Debian packages to latest. [ autopatched by buildtasks ]
  • Patched bugfix release. Closes #1734. [ autopatched by buildtasks ]

Links

New TurnKey Core version (17.0)

Changes:

  • Upgraded base distribution to Debian 11.1/Bullseye.
  • Configuration console (confconsole):
    • Minor packaging changes for Debian Bullseye.
    • Fix warnings on Confconsole when upgrading to Python3.9 - resolved by swapping identity check for equality check - closes #1634.
    • Remove dhparams generation - part of #1653.
    • Move Secupdates_adv_conf.py (confconsole plugin) from "common" into confconsole package. Should have no end user impact.
    • Bugfix & improvements to Let's Encrypt plugin:
      • Fix cert not being used on stand-alone Tomcat appliance - closes #1712.
      • Update to support changed systemd output (fixes stunnel not restarted on Bullseye).
    • Improvements in Keyboard setting plugin - not sure if this is enough to fix it, but it should at least be closer. Related to #1695.
    • General code and documentation improvements.
  • Firstboot Initialization (inithooks):
    • Minor packaging changes for Debian Bullseye.
    • Bugfix typo in firstboot.d/15regen-sslcert.
    • Update the init-fence default html.
    • Update simplehttpd.py cyphers.
    • Remove dhparams generation - part of #1653.
    • Code refactor to provide inithook_lib. [ Stefan Davis ]
  • Web management console (webmin):
    • Upgraded webmin to v1.990.
    • Bugfix, refactor and improve TKLBAM Webmin module. Closes #178, #190, #288, #1065, #1260 & #1680. [ Jeremy Davis ]
    • Include webmin-firewall6 (firewall UI for IPv6) by default - part of #1658. [ Richard van Dijk ]
    • Update individual Webmin stunnel config to support IPv6 - part of #1658. [ Richard van Dijk ]
  • Web shell (shellinabox):
    • Update individual Webshell stunnel config to support IPv6 - part of #1658. [ Richard van Dijk ]
  • Backup (tklbam):
    • Change default NTPSERVER to one that also supports IPv6 - part of #1658. [ Richard van Dijk ]
    • Build specific py2 dependencies previously provided by Debian for Bullseye base (TKLBAM still py2). Ideally it should be updated to py3 (or rewritten) but we don't want to block v17.0 release any further.
    • No longer include live* related packages (e.g. di-live, live-tools, etc) in TKLBAM default package list (pkgs only in ISO and uninstalled on install). Closes #1681.
  • Security hardening & improvements:
    • Generate and use new TurnKey Bullseye keys.
    • Provide predefined dh_params (via 'turnkey-make-ssl-cert' where relevant) as per RFC7919 - part of #1653.
    • Enable TLS by default for use with Postfix.
    • Servers which include Apache|LigHHTTPd|Nginx now have HSTS and OCSP stapling configuration (not fully enabled by default - as requires valid SSL/TLS cert).
  • Misc bugfixes & feature implementations:
    • Remove redundant autologin, singleuser_shell & ssh_emptypw scripts from default common overlay.
    • Cleanup/tweak MOTD.
    • Update vim default conf path (for new version of vim in Bullseye).
    • Move Nginx & LigHTTPd apps from FastCGI to PHP-FPM (apps with Nginx/LigHTTPd only) - closes #1589.

Links

New TurnKey Core version (16.1)

Changes:

  • Upgraded base distribution to Debian 10.8/Buster.
  • Configuration console (confconsole):
    • Improvements to networking robustness and error reporting - allow setting up of previously unconfigured or even to some extent misconfigured networking - closes #1457. Stefan Davis & Jeremy Davis ]
    • Catch socket.gaierror in Mail Relaying - closes #1472. Stefan Davis ]
    • Fixed Confconsole stacktrace - closes #1478. Stefan Davis ]
    • Support copy/paste in Confconsole - closes #1545.
    • Option to change default auto secupdates issue resolution - closes #1536.
    • Include confconsole plugin to allow configuration of confconsole autostart - closes #1561.
    • Fix Let's Encrypt staging server URL in config - closes #1497.
    • (Apps with MySQL/MariaDB only) Confconsole perf and info schema install option - closes #1429.
  • Firstboot Initialization (inithooks):
    • Add option to turnkey-init to launch full confconsole when finished.
    • Improve customization re password complexity and blacklisted chars.
    • Improve help text and remove buggy code causing issues in LXC containers - closes #1451.
    • Only launch Confconsole at end of run on non-headless builds.
    • Provide systemd service file for turnkey-init-fence.
  • Web management console (webmin):
    • Updated Webmin to v1.970.
    • Improved service to make more robust (particularly within LXC) - closes #1480.
    • Set iptables-legacy as default so webmin-firewall works as expected - closes #1488.
    • (Apps with MySQL/MariaDB/webmin-mysql only) Default MySQL user 'adminer' (when 'webmin-mysql' module installed) - closes #1529.
  • Hub Domains client (hubdns):
    • Fixed server DNS mapping not updated on IP change - closes #1508.
  • Misc bugfixes & feature implementations:
    • Add alert for RUN_FIRSTBOOT in MOTD - closes #1129.
    • Fix MOTD/turnkey-sysinfo if no network interfaces discovered - closes #1461.
    • Make root:root & 755 ownership/permissions of /usr/local default - closes #1440.
    • Improve 'stunnel4@.service' systemd service template to resolve issues - closes #1513.
    • Provide (optional) 'eth1' interface configured as "hotplug" - closes #1492.
    • (LAMP/LAPP based apps) Only install composer on apps that explicitly use it, or where it makes sense (e.g. LAMP & LAPP will include it) - closes #1563.
    • (Apps with Composer only) Provide turnkey-composer wrapper script so it's easy to not run composer as root - closes #1539.
    • (Apps with Composer only) Automatically clear Composer cache and shallow clone composer installed deps - closes #1541.
    • (Apps with PHP only) Remove deprecated opcache.fast_shutdown option from config - closes #1538.
    • (Apps with Adminer only) Give grant privileges to adminer MySQL/MariaDB user- closes #1496.

Links