turnkey-core-15.0 (1) turnkey; urgency=low * Upgraded base distribution to Debian 9.4/Stretch. * TurnKey Backup and Migration (tklbam): - package and dependencies are now reproducible (security) [ Chris Lamb ] - backup update fix - new dependency for Stretch; gnupg (closes #962) [ Ken Robinson ] - restore update fix - ensure patches are applied to tklbam-squid source code (TurnKey squid fork) (closes #970) [ Ken Robinson (troubleshooting) & Chris Lamb (fix) ] * Installer (di-live): - package is now reproducible (security) [ Chris Lamb ] - fix di-live failing to install from live system (closes #1041) [ Stefan Davis ] * Live environment (casper): - package is now reproducible (security) [ Chris Lamb ] - update to support overlayFS (default layering filesystem in stretch) [ Stefan Davis ] * Configuration console (confconsole): - general: - package is now reproducible (security) [ Chris Lamb ] - Networking: - fix for static IP not sticking (since upgrade to stretch base) (closes #952) - Let's Encrypt plugin: - install 'dehydrated' (ACME client) from Debian main repo (previously installed from jessie-backports) - significant refatoring of plugin - support for multiple domains (closes #843) - fix for updated ACME ToS; including dynamically discovered latest ToS; inc dialog display of url for current ToS (closes #976) - update dialog and readme for Debian Stretch (closes #1061) [ Stefan Davis ] * Firstboot Initialization (inithooks): - Updates for headless builds especially LXC/Proxmox & Xen: - include specific inithooks-lxc.service file - initialization SystemD service that works reliably inside an LXC container (and doesn't effect other builds) (closes #1071) - include specific inithooks-xen.service file - initialization SystemD service that works reliably with the Xen console (and doesn't effect other builds) - force non-interactive dpkg-reconfigure of openssh-server (closes #1085) - updated initfence index page to note that webshell not avaialble (closes #1087) - fix edge case bug where turnkey-sudoadmin would incorrectly adjust services.txt (closes #1124) * Web management console (webmin): - upgraded webmin to v1.881 - package is reproducible (no changes required) (security) - resolve stretch related install problem (closes #920) [ Ken Robinson ] - new default theme, uses upstream default; 'Authentic' (closes #781) - TurnKey theme customizations; TurnKey logos, default to show TKLBAM module on login - remove webmin-file (java based filemanager) module (closes #965) - remove webmin-texteditor module (upstream) - include webmin-fail2ban module - add convience symlinks to useful Webmin logs (in /var/log/webmin) - reconfigure webmin-raid & webmin-lvm modules during build (workaround for #1091) * TurnKey AMQ (tklamq) - only applies to Hub builds: - python-carrot deprecated, move to dependency on python-kombu * Web shell (shellinabox): - install v2.20 direct from Debian main repo (no longer maintaining our own fork) (closes #918) - version from Debian displays ncurses dialog properly (closes #317) - white on black default webshell (aka shellinabox) theme (closes #1060) * Security hardening: [ John Carver ] - default config mods for: - postfix - ssh - kernel sysctl variables - inc easy option to override (via /etc/sysctl.conf) * Optimized builds (buildtasks): - VM builds (OVA & VMDK): - include open-vm-tools-dkms & linux-headers-amd64 in base builds (closes #1001) [ Stefan Davis ] * Miscellaneous: - update to support overlayFS (default layering filesystem in stretch) - default to SystemD init system for all builds - use traditional network interface names, e.g. 'eth0' (disable stretch default of "Predictable Network Interface Names") - 'dpkg-vendor --query Vendor' now returns 'TurnKey` (closes #196) - include fail2ban in all appliances (closes #630 & #991) - MVP uses default Debian conf, protects SSH only - use http://deb.debian.org as Debian url in sources.list - as recommended by Debian (closes #927) - upstream fix for MOTD not being updated dynamically (closes #1024) [ Stefan Davis ] -- Jeremy Davis Tue, 19 Jun 2018 12:35:59 +1000 turnkey-core-14.2 (1) turnkey; urgency=low * Upgraded base distribution to Debian Jessie 8.7. * Webmin (web based administration): - Update to 1.831 (includes fix for [#493]). * Confconsole (configuration console - console based admin): - significant refactoring to support "Advanced" plugins [#369]. - Included new plugins: - Region Config >> Locales/Keyboard/Tzdata [#14, #38, #746, #770, #771]. - Proxy Settings >> Apt proxy [#203]. - System Settings >> Set hostname [#180, #450, #765, #795]. - Mail relay - SMTP email relay config [#482]. - Let's Encrypt SSL certs (via Dehydrated) [#546, #766, #767]. - includes install of dehydrated (from jessie-backports). * Inithooks (firstboot initialization): - make secalerts more robust [#532]. - password complexity requirements explicitly stated [#556]. * di-live (TurnKey installer): - resolved LVM install bug [#782]. - di-live - reordered install options so install to LVM is default [#791]. * TKLBAM (backup and migration tool): - various bugfixes and improvements. * miscellaneous: - tweaked turnkey-make-ssl-cert for improved code styling and functionality. - fixed Monit configuration [#603]. - update default apt URLs to httpredir.debian.org [#742]. - removed core package from all builds (except core) [#762]. - improved default vim-tiny config [#763]. -- Jeremy Davis Wed, 29 Mar 2017 12:41:10 +1100 turnkey-core-14.1 (1) turnkey; urgency=low * Installed all Debian security updates. * Installed updated packages from TurnKey repo - Webmin - Update to 1.780 [#496]. - Webmin - Install new HTML5 file manager. - Confconsole - now handles bridged LXC net config. - Inithooks - email regex now less demanding [#155]. - Inithooks - ssh message on root login attempt (under sudoadmin) to a TKL EC2 instance like Debian does [#541]. - Inithooks - improved container fence firstboot console output [#570]. * turnkey-make-ssl-cert now leaks the least amount of info possible [#572]. -- Jeremy Davis Thu, 25 Feb 2016 00:28:44 +1100 turnkey-core-14.0 (1) turnkey; urgency=low * Upgraded base distribution to Debian Jessie 8.1. * TurnKey Backup and Migration (tklbam): - No longer requires TurnKey Hub or even a network connection. - Ability to force a profile. - Increased robustness of MySQL backup/restore. - Improved logging (output in realtime, exceptions, rotation). - Usability improvments (more verbose, self-documenting). - Improved --debug behaviour. - Multiple bugfixes and improvements https://github.com/turnkeylinux/tklbam/blob/master/docs/RelNotes-1.4.txt * Web management console (webmin): - Upgraded webmin to 1.760. - Served behind stunnel4 for improved SSL. * Web shell (shellinabox): - Served behind stunnel4 for improved SSL. - Bugfix: only one line displayed on mobile device (ie. ipad). * Initialization hooks (inithooks): - Kernel upgrade on firstboot will trigger a reboot. - TurnKey initialization fence HTTPS encryption warning explanation. - Improved SSH key regeneration. - Added system notifications and critical security alerts hook. - Added turnkey-sudoadmin (configure system to use sudo admin user). - Added hostname configuration hook. - Added autogrow filesystem hook. - Added IP configuration hook. - Added support for systemd. * Configuration console (confconsole): - Added support for systemd. * Installer (di-live): - Updated to support Debian 8.0, version bump to 0.9.5. - Upgraded partitioner with latest d-i upstream code. - Removed alignment tags which are not interpreted by debconf. - Updated build-depends and recommends. - Added support for systemd. * Miscallaneous - monit: added cpu/ram/swap/disk alerts. - systemd: set as default init system. - ssl/ssh: lots of security improvements. - openssh-server: configured to permit root login with password. - vim-tiny: set as alternative for vim instead of symlink. - sources.list: updated cdn.debian.net to http.debian.net. - udhcpc: added support for /32 IPv4 subnets. - bashrc: added missing aliases for color terms. - iso-hybrid: ISO images are pre-processed for USB flash booting. - gfxboot: updated to support newer syslinux version. - busybox-initramfs: custom built enabling initramfs support. -- Alon Swartz Thu, 27 Aug 2015 18:32:27 +0300 turnkey-core-13.0 (1) turnkey; urgency=low * Upgraded base distribution to Debian Wheezy 7.2. * TurnKey Backup and Migration (tklbam): - Added PostgreSQL database support. - Added MySQL support for views and triggers. - Added --raw-upload and --dump options to backup. - Added --raw-download and --simulate options to restore. - Added "inspect" state to hooks mechanism. - Multiple backup and restore bugfixes and improvements. https://github.com/turnkeylinux/tklbam/blob/master/docs/RelNotes-1.3.txt * Web management console (webmin): - Upgraded webmin to 1.630. - New version includes new BSDfdisk modules. * Bugfixes and tweaks: - busybox-initramfs: custom built enabling initramfs support. - resolvconf: set resolver timeout to 1 second (useful when offline). -- Alon Swartz Thu, 10 Oct 2013 13:56:25 +0300 turnkey-core-12.1 (1) turnkey; urgency=low * Upgraded base distribution to Debian Squeeze 6.0.7. * Available in both 32-bit (i386) and 64-bit (amd64) architectures. * TurnKey Backup and Migration (tklbam): - Fixed MySQL deserialization code (duplicated last element in row if > 1MB). - Fixed keypacket AES cipher initialization required as of python-crypto 2.6. - Added jitter to tklbam-backup cron job. - Refactored to use pycurl-wrapper's new API class. * TurnKey Configuration Console (confconsole): - Fixed multiple network interface support (LP#1045320). - Added support for --usage (no advanced menu options). - Replaced kbd recommendation with console-tools | console-utilities. * TurnKey Initialization Hooks (inithooks): - Implemented turnkey-init-fence for headless deployments. - Re-implemented turnkey-init in Python. - Display confconsole usage as last screen of turnkey-init. - Improved hooks sub-execution and handling of CTRL-C. - Imported common hooks from overlay into package. - Limit paragraph width for better UX. - Replaced kbd dependency with console-tools | console-utilities. * Web management console (webmin): - Upgraded webmin to 1.620. - New version includes new ISCSI modules and a gray theme. * Web shell (shellinabox): - Support new keycodes (dash, underscore) used by firefox 15+ (LP#1104164). - Install available options as is without renaming or enabling. - Enable default options (white-on-black, color) postinst. - Fixed broken packaging of stray option styling files. - Fixed colors to support dialog interfaces. * TurnKey Python Library (turnkey-pylib): - Multiple improvements to Parallelize and Command modules. - Added 20 new modules. * Bugfixes and tweaks: - packages: added curl (generically useful). - packages: acpi-support-base (handle acpi events - LP#101194). - apt: replaced auto-apt-archive with Debian's CDN mirror network. - apt: updated trusted.gpg.d/$release to $distro. - apt: removed ubuntu trusted key. - bash: improved bashrc whitespace support (LP#932388). - bash: added useful git aliases (see ~/.bashrc.d/git). - di-live: updated architecture config and bootloader depends. - di-live: replaced kbd recommendation with console-tools | console-utilities. - busybox-initramfs: custom built enabling initramfs support. - casper: updated path_id execution per udev changes. - sshd: disabled dns checks (if resolution fails will prevent logins). - motd: tweaked configuration to support upcoming Wheezy release. - pycurl-wrapper: added timeout support, created new API class. - hubdns: increased jitter, refactored to use pycurl-wrapper's API class. * Latest versions of all packages will be installed during build. -- Alon Swartz Wed, 03 Apr 2013 08:00:00 +0200 turnkey-core-12.0 (1) turnkey; urgency=low * Upgraded base distribution to Debian Squeeze 6.0.5. - Support for dependency based boot sequence (insserv). - Default ISO Kernel 2.6-686 (TKL Core Lenny was 486). * TKLBAM (backup and migration): - Upgraded to latest version of TKLBAM (see changelog for details, below are some of the highlights). - Added embedded squid download cache support. - Added backup resume functionality. - Added support for multipart parallel uploads to S3. - Upgraded duplicity and python-boto. - Multipart parallel S3 uploads. - Fixed root cause of MySQL max packet issue (bugfix). * Installer (di-live): - Upgraded di-live to latest version compatible with Squeeze. - Misc bugfixes and tweaks. * Boot (bootsplash and grub): - Upgraded bootsplash generation to be compatible with Squeeze. - Removed bootsplash unused panel options and extraneous files. - Tweaked grub default timeouts (hidden_timeout=0, timeout=3). * Locale: - Set default locale to en_US.UTF-8 (was en_GB). - Updated locale configuration for compatibility with Squeeze. - Includes localepurge (pre-configured and initialized). * Web management console (webmin): - Upgraded webmin to 1.590 and default theme. - Disabled inline webmin upgrades (managed by APT). - Moved history logging to /var/webmin (incorrect use of /etc). * Web shell (shellinabox): - Upgraded shellinabox to 2.14. * Bugfixes and tweaks: - Fixed LSB compatibility (di-live, inithooks, confconsole) [LP#700399]. - Added support for spaces in bashrc promptpath [LP#932388]. - Replaced APT trusted.db with trusted.gpg.d/$distro. - Added bashmarks (super useful bash bookmarking). - Removal of log files generated during build. - inithooks: Improved headless deployment (REDIRECT_OUTPUT directive). - etckeeper: Uninitialization post build and firstboot (turnkey-init). - resolvconf: Removed upstart hack (not relevant on Squeeze). - confconsole: Miscallaneous bugfixes and refactoring. - install-security-updates: Wrapper script for convenience. -- Alon Swartz Wed, 01 Aug 2012 08:00:00 +0200 turnkey-core-11.3 (1) turnkey; urgency=low * Installed security updates. * Enabled etckeeper garbage collection by default. * Upgraded to latest inithooks version (adhoc re-initialization via turnkey-init) -- Alon Swartz Mon, 05 Dec 2011 10:48:44 +0000 turnkey-core-11.2 (1) turnkey; urgency=low * Installed security updates. * Added HubDNS package and firstboot configuration. -- Alon Swartz Fri, 15 Jul 2011 07:47:08 +0000 turnkey-core-11.1 (1) turnkey; urgency=low * Upgraded base distribution to Ubuntu 10.04.1 LTS. * No more chimeras (mixing of packages from Debian/ubuntu). * Installer (di-live): - Added LVM support, with guided partitioning supported in di-live, and webmin module for convenience. - Guided partitioning of root volume will default to 90% of volume group to support LVM snapshots out of the box. - Moved appliance secret regeneration, configuration, setting of passwords to inithooks to run on firstboot. - Installation media will be ejected and a message displayed to remove media after successful installation. - Warning messages will be logged instead of inline (caused a bad user experience). - Upgraded di-live to latest version compatible with Lucid. * Initialization Hooks (inithooks): - Setting of passwords and configuration is now done on firstboot. - Application specific configuration (passwords, email, domain) is now supported putting an end to default settings. - This supports all build targets such as VM builds, and most run in live-mode (convenience, consistent user-experience). - Includes auto-apt-archive to configure the closest APT package archive, determined via the TurnKey Hub GeoIP service. - All relevant inithooks can be preseeded, refer to: https://www.turnkeylinux.org/docs/inithooks * Configuration Console (confconsole): - /etc/confconsole/usage.txt has been replaced with services.txt - The usage screen is now updated dynamically for simpler management and customization. * Updated bootsplash menu: - Install to hard disk - default, moved to first option. - Live system -> Try without installing (Live CD demo mode). - Removed Boot from first hard disk. * Display system info in motd, as well non-persistent mode warning (motd). * NTP configured with recommended pool servers and to cope with large time drifts. * Setting of LANG in /etc/default/locale. * Packages: - Includes TKLBAM (TurnKey Backup and Migration) + new Webmin module. - Includes etckeeper initialized on firstboot (using git-core). - Includes logrotate for automatic log rotation. - Configured APT to not install recommends by default. - Upgraded webmin to 1.520 and default theme. - Upgraded shellinabox to 2.10, set default theme to white-on-black. - Customized bashrc and bashrc.d scripts. - Includes bash-completion (very useful addition for cli). - Includes iproute (ipv6 provisoning). - Includes acpid (support hypervisor reboot/power down signals). - Replaces host with bind9-host (deprecated). - Replaces sysklogd and klogd with rsyslog (inline with Ubuntu). - Grub2 (grub-pc) pre-configuration (verbose, timeout, console). -- Alon Swartz Sun, 19 Dec 2010 15:01:05 +0200 turnkey-core-2009.10 (2) hardy; urgency=low * Installed all security updates (see manifest for package versions). * Install security updates on firstboot (except when running live). * Trick webmin into not checking for upgrades (managed by apt). * Included latest version of inithooks and updated scripts. * Included wget as per common request. -- Alon Swartz Mon, 29 Mar 2010 09:02:11 +0200 turnkey-core-2009.10 (1) hardy; urgency=low * Upgraded base distribution to Ubuntu 8.04.3 LTS. * Added shell-in-a-box to provide web shell access (listening on port 12320 - uses SSL). * Added inithooks to execute firstboot/everyboot scripts, for example regenerating cryptographic keys on live boot: - SSH keys. - Default SSL certificate (used by Webmin, Apache, Lighttpd). * Upgraded Webmin to 1.490 and default theme. - Disabled Webmin scheduled updates (managed by APT) * New versions of confconsole and di-live include many improvements and bugfixes (see their respective release notes for details). * Implemented APT pinning downgrade workaround (LP#315175). * Added a few generically useful packages (unzip: LP#356099, ethtool). * Added IPv6 configuration to /etc/hosts. -- Alon Swartz Tue, 29 Sep 2009 15:39:41 +0200 turnkey-core-2009.02 (1) hardy; urgency=low * initial public release of the TurnKey Linux "core": it's the basic appliance on top of which all TurnKey Linux appliances are now built. * upgraded base distribution to Ubuntu 8.04.2 LTS * added many generically useful webmin modules: - network - firewall configuration (with example configuration) - network configuration - system - configure time, date and timezone - configure users and groups - manage software packages - change passwords - system logs - tools - text editor - shell commands - simple file upload/download - file manager (needs support for Java in browser) - custom commands * changed webmin port from 10000 to 12321 (more distinct, easier to type) * regenerate cryptographic keys during installation - SSH keys - default SSL certificate (used by webmin, Apache, lighttpd) * configured sshd to permit an empty password in demo/live mode * improved package management configuration - enabled Ubuntu's Universe component by default (convenience) - cron-apt configured to: - correctly handle modified conffiles when auto-upgrading (won't hang) - only auto-upgrade packages from the security components - update the cache for all components - share sources with other interfaces to apt (e.g., apt-get) - log to syslog instead of mailing root * new versions of confconsole and di-live include many improvements and bugfixes (see their respective release notes for details) * changed default console font to improve readability of console dialogs * added a few generically useful packages (iptables, ntp, nano) * updated /etc/network/interfaces to support multiple network interface cards * replaced metalog with sysklogd/klogd * optimized footprint (rebuilt from bare essentials) * added the release package that holds this changelog -- Alon Swartz Thu, 29 Jan 2009 14:31:46 +0200