You are here
New TurnKey Core version (16.1)
Changes:
- Upgraded base distribution to Debian 10.8/Buster.
- Configuration console (confconsole):
- Improvements to networking robustness and error reporting - allow setting up of previously unconfigured or even to some extent misconfigured networking - closes #1457. Stefan Davis & Jeremy Davis ]
- Catch socket.gaierror in Mail Relaying - closes #1472. Stefan Davis ]
- Fixed Confconsole stacktrace - closes #1478. Stefan Davis ]
- Support copy/paste in Confconsole - closes #1545.
- Option to change default auto secupdates issue resolution - closes #1536.
- Include confconsole plugin to allow configuration of confconsole autostart - closes #1561.
- Fix Let's Encrypt staging server URL in config - closes #1497.
- (Apps with MySQL/MariaDB only) Confconsole perf and info schema install option - closes #1429.
- Firstboot Initialization (inithooks):
- Add option to turnkey-init to launch full confconsole when finished.
- Improve customization re password complexity and blacklisted chars.
- Improve help text and remove buggy code causing issues in LXC containers - closes #1451.
- Only launch Confconsole at end of run on non-headless builds.
- Provide systemd service file for turnkey-init-fence.
- Web management console (webmin):
- Updated Webmin to v1.970.
- Improved service to make more robust (particularly within LXC) - closes #1480.
- Set iptables-legacy as default so webmin-firewall works as expected - closes #1488.
- (Apps with MySQL/MariaDB/webmin-mysql only) Default MySQL user 'adminer' (when 'webmin-mysql' module installed) - closes #1529.
- Hub Domains client (hubdns):
- Fixed server DNS mapping not updated on IP change - closes #1508.
- Misc bugfixes & feature implementations:
- Add alert for RUN_FIRSTBOOT in MOTD - closes #1129.
- Fix MOTD/turnkey-sysinfo if no network interfaces discovered - closes #1461.
- Make root:root & 755 ownership/permissions of /usr/local default - closes #1440.
- Improve 'stunnel4@.service' systemd service template to resolve issues - closes #1513.
- Provide (optional) 'eth1' interface configured as "hotplug" - closes #1492.
- (LAMP/LAPP based apps) Only install composer on apps that explicitly use it, or where it makes sense (e.g. LAMP & LAPP will include it) - closes #1563.
- (Apps with Composer only) Provide turnkey-composer wrapper script so it's easy to not run composer as root - closes #1539.
- (Apps with Composer only) Automatically clear Composer cache and shallow clone composer installed deps - closes #1541.
- (Apps with PHP only) Remove deprecated opcache.fast_shutdown option from config - closes #1538.
- (Apps with Adminer only) Give grant privileges to adminer MySQL/MariaDB user- closes #1496.
Links
New TurnKey Core version (16.0)
Changes:
- Upgraded base distribution to Debian 10.3/Buster.
- TurnKey Backup and Migration (tklbam):
- Fix paths with spaces not working in overrides - closes #1403. [ Stefan Davis ]
- Package and dependencies rebuilt against Debian 10.3/Buster. [ Jeremy Davis ]
- Configuration console (confconsole):
- Migrate code to python3, use default Debian dialog & python3-dialog packages (no longer packaging our own forks).
- LE plugin: Completely refactor add-water.
- Networking: Add warning when changing ip inside an ssh session. [ Stefan Davis ]
- No longer run as separate service (launched at first boot by inithooks).
- LE plugin: Improve Dehydrated cron job - closes #912.
- LE plugin: Backup domains.txt if it exists so can be manually restored if desired. Part of #1365.
- LE plugin: Ensure that ACME v2 API endpoint is used everywhere. Part of #1365.
- DH params plugin: New plugin for v16.0; update/improve Diffie-Hellman parameters bit size. Closes #575. Part of #1432.
- Mail relay plugin: Allow unauthenticated SMTP relay. Closes #844.
- Mail relay plugin: Refactoring, improved error handling. Closes #1434. [ Jeremy Davis ]
- All plugins updated to python3 and update python-dialog/dialog usage.
- Hostname plugin: Do some validation and bugfix implementation. Closes #845. [ Stefan Davis & Jeremy Davis ]
- Firstboot Initialization (inithooks):
- Migrate code to python3. [ Stefan Davis ]
- Migrate TLS/SSL inithooks from common/overlay into inithooks package.
- Leverage (refactored/extended) turnkey-make-ssl-cert script to also generate Diffie-Hellman parameters. Part of #1432.
- Option to launch full Confconsole on completetion (defaults to minimal).
- Fix error message when password complexity = 4 in dialog_wrapper (previous message was misleading).
- Add support for blacklisted characters when setting password via dialog_wrapper. [ Jeremy Davis ]
- Web management console (webmin):
- Upgraded webmin to v1.941
- Developed improved systemd webmin.service file.
- Individual Webmin stunnel config - easier to disable/enable Webmin & Webshell independantly. [ Jeremy Davis ]
- Web shell (shellinabox):
- Individual Webshell stunnel config - easier to disable/enable Webmin & Webshell independantly. [ Jeremy Davis ]
- Installer (di-live):
- Migrate code to python3.
- Update Debian Installer source components (from Debian d-i source). Closes #412.
- Leverage Debian Live Tools for running live and installing (no longer requires casper and busybox-initramfs).
- Other major refactoring. [ Jeremy Davis ]
- Live environment:
- Leverage Debian default live environment (casper and alternate busybox package no longer required; built on default Debian packages; live-tools & live-boot). Closes #942. [ Jeremy Davis ]
- Miscellaneous:
Links
New TurnKey Core version (15.0)
Changes:
- Upgraded base distribution to Debian 9.4/Stretch.
- TurnKey Backup and Migration (tklbam):
- package and dependencies are now reproducible (security) [ Chris Lamb ]
- backup update fix - new dependency for Stretch; gnupg (closes #962) [ Ken Robinson ]
- restore update fix - ensure patches are applied to tklbam-squid source code (TurnKey squid fork) (closes #970) [ Ken Robinson (troubleshooting) & Chris Lamb (fix) ]
- Installer (di-live):
- package is now reproducible (security) [ Chris Lamb ]
- fix di-live failing to install from live system (closes #1041) [ Stefan Davis ]
- Live environment (casper):
- package is now reproducible (security) [ Chris Lamb ]
- update to support overlayFS (default layering filesystem in stretch) [ Stefan Davis ]
- Configuration console (confconsole):
- general: - package is now reproducible (security) [ Chris Lamb ]
- Networking: - fix for static IP not sticking (since upgrade to stretch base) (closes #952)
- Let's Encrypt plugin: - install 'dehydrated' (ACME client) from Debian main repo (previously installed from jessie-backports) - significant refatoring of plugin - support for multiple domains (closes #843) - fix for updated ACME ToS; including dynamically discovered latest ToS; inc dialog display of url for current ToS (closes #976) - update dialog and readme for Debian Stretch (closes #1061) [ Stefan Davis ]
- Firstboot Initialization (inithooks):
- Updates for headless builds especially LXC/Proxmox & Xen: - include specific inithooks-lxc.service file - initialization SystemD service that works reliably inside an LXC container (and doesn't effect other builds) (closes #1071) - include specific inithooks-xen.service file - initialization SystemD service that works reliably with the Xen console (and doesn't effect other builds) - force non-interactive dpkg-reconfigure of openssh-server (closes #1085) - updated initfence index page to note that webshell not avaialble (closes #1087) - fix edge case bug where turnkey-sudoadmin would incorrectly adjust services.txt (closes #1124)
- Web management console (webmin):
- upgraded webmin to v1.881
- package is reproducible (no changes required) (security)
- resolve stretch related install problem (closes #920) [ Ken Robinson ]
- new default theme, uses upstream default; 'Authentic' (closes #781)
- TurnKey theme customizations; TurnKey logos, default to show TKLBAM module on login
- remove webmin-file (java based filemanager) module (closes #965)
- remove webmin-texteditor module (upstream)
- include webmin-fail2ban module
- add convience symlinks to useful Webmin logs (in /var/log/webmin)
- reconfigure webmin-raid & webmin-lvm modules during build (workaround for #1091)
- TurnKey AMQ (tklamq) - only applies to Hub builds:
- python-carrot deprecated, move to dependency on python-kombu
- Web shell (shellinabox):
- install v2.20 direct from Debian main repo (no longer maintaining our own fork) (closes #918)
- version from Debian displays ncurses dialog properly (closes #317)
- white on black default webshell (aka shellinabox) theme (closes #1060)
- Security hardening:
[ John Carver ]
- default config mods for: - postfix - ssh - kernel sysctl variables - inc easy option to override (via /etc/sysctl.conf)
- Optimized builds (buildtasks):
- VM builds (OVA & VMDK): - include open-vm-tools-dkms & linux-headers-amd64 in base builds (closes #1001) [ Stefan Davis ]
- Miscellaneous:
- update to support overlayFS (default layering filesystem in stretch)
- default to SystemD init system for all builds
- use traditional network interface names, e.g. 'eth0' (disable stretch default of "Predictable Network Interface Names")
- 'dpkg-vendor --query Vendor' now returns 'TurnKey` (closes #196)
- include fail2ban in all appliances (closes #630 & #991) - MVP uses default Debian conf, protects SSH only
- use http://deb.debian.org as Debian url in sources.list - as recommended by Debian (closes #927)
- upstream fix for MOTD not being updated dynamically (closes #1024) [ Stefan Davis ]