turnkey-core-17.0 (1) turnkey; urgency=low * Upgraded base distribution to Debian 11.1/Bullseye. * Configuration console (confconsole): - Minor packaging changes for Debian Bullseye. - Fix warnings on Confconsole when upgrading to Python3.9 - resolved by swapping identity check for equality check - closes #1634. - Remove dhparams generation - part of #1653. - Move Secupdates_adv_conf.py (confconsole plugin) from "common" into confconsole package. Should have no end user impact. - Bugfix & improvments to Let's Encrypt plugin: - Fix cert not being used on stand-alone Tomcat appliance - closes #1712. - Update to support changed systemd output (fixes stunnel not restarted on Bullseye). - Improvements in Keyboard setting plugin - not sure if this is enough to fix it, but it should at least be closer. Related to #1695. - General code and documentation improvements. * Firstboot Initialization (inithooks): - Minor packaging changes for Debian Bullseye. - Bugfix typo in firstboot.d/15regen-sslcert. - Update the init-fence default html. - Update simplehttpd.py cyphers. - Remove dhparams generation - part of #1653. - Code refactor to provide inithook_lib. [ Stefan Davis ] * Web management console (webmin): - Upgraded webmin to v1.990. - Bugfix, refactor and improve TKLBAM Webmin module. Closes #178, #190, #288, #1065, #1260 & #1680. [ Jeremy Davis ] - Include webmin-firewall6 (firewall UI for IPv6) by default. [ Richard van Dijk ] - Update individual Webmin stunnel config to support IPv6 - part of #1658. [ Richard van Dijk ] * Web shell (shellinabox): - Update individual Webshell stunnel config to support IPv6 - part of #1658. [ Richard van Dijk ] * Backup (tklbam): - Change default NTPSERVER to one that also supports IPv6 - part of #1658. [ Richard van Dijk ] - Build specific py2 dependencies previously provided by Debian for Bullseye base (TKLBAM still py2). Ideally it should be updated to py3 (or rewritten) but we don't want to block v17.0 release any further. - No longer include live* related packages (e.g. di-live, live-tools, etc) in TKLBAM default package list (pkgs only in ISO and uninstalled on install). Closes #1681. * Security hardening & improvements: - Generate and use new TurnKey Bullseye keys. - Provide predefined dh_params (via 'turnkey-make-ssl-cert' where relevant) as per RFC7919 - part of #1653. - Enable TLS by default for use with Postfix. - Servers which include Apache|LigHHTTPd|Nginx now have HSTS and OCSP stapling configuration (not fully enabled by default - as requires valid SSL/TLS cert). * Misc bugfixes & feature implementations: - Remove redundant autologin, singleuser_shell & ssh_emptypw scripts from default common overlay. - Cleanup/tweak MOTD. - Update vim default conf path (for new version of vim in Bullseye). - Move Nginx & LigHTTPd apps from FastCGI to PHP-FPM (apps with Nginx/LigHTTPd only) - closes #1589. -- Jeremy Davis Thu, 07 Apr 2022 06:27:15 +0000 turnkey-core-16.1 (1) turnkey; urgency=low * Upgraded base distribution to Debian 10.8/Buster. * Configuration console (confconsole): - Improvements to networking robustness and error reporting - allow setting up of previously unconfigured or even to some extent misconfigured networking - closes #1457. [ Stefan Davis & Jeremy Davis ] - Catch socket.gaierror in Mail Relaying - closes #1472. [ Stefan Davis ] - Fixed Confconsole stacktrace - closes #1478. [ Stefan Davis ] - Support copy/paste in Confconsole - closes #1545. - Option to change default auto secupdates issue resolution - closes #1536. - Include confconsole plugin to allow configuration of confconsole autostart - closes #1561. - Fix Let's Encrypt staging server URL in config - closes #1497. - (Apps with MySQL/MariaDB only) Confconsole perf and info schema install option - closes #1429. * Firstboot Initialization (inithooks): - Add option to turnkey-init to launch full confconsole when finished. - Improve customization re password complexity and blacklisted chars. - Improve help text and remove buggy code causing issues in LXC containers - closes #1451. - Only launch Confconsole at end of run on non-headless builds. - Provide systemd service file for turnkey-init-fence. * Web management console (webmin): - Updated Webmin to v1.970. - Improved service to make more robust (particularly within LXC) - closes #1480. - Set iptables-legacy as default so webmin-firewall works as expected - closes #1488. - (Apps with MySQL/MariaDB/webmin-mysql only) Default MySQL user 'adminer' (when 'webmin-mysql' module installed) - closes #1529. * Hub Domains client (hubdns): - Fixed server DNS mapping not updated on IP change - closes #1508. * Misc bugfixes & feature implementations: - Add alert for RUN_FIRSTBOOT in MOTD - closes #1129. - Fix MOTD/turnkey-sysinfo if no network interfaces discovered - closes #1461. - Make root:root & 755 ownership/permissions of /usr/local default - closes #1440. - Improve 'stunnel4@.service' systemd service template to resolve issues - closes #1513. - Provide (optional) 'eth1' interface configured as "hotplug" - closes #1492. - (LAMP/LAPP based apps) Only install composer on apps that explicitly use it, or where it makes sense (e.g. LAMP & LAPP will include it) - closes #1563. - (Apps with Composer only) Provide turnkey-composer wrapper script so it's easy to not run composer as root - closes #1539. - (Apps with Composer only) Automatically clear Composer cache and shallow clone composer installed deps - closes #1541. - (Apps with PHP only) Remove deprecated opcache.fast_shutdown option from config - closes #1538. - (Apps with Adminer only) Give grant privileges to adminer MySQL/MariaDB user- closes #1496. -- Jeremy Davis Fri, 12 Feb 2021 15:12:49 +1100 turnkey-core-16.0 (1) turnkey; urgency=low * Upgraded base distribution to Debian 10.3/Buster. * TurnKey Backup and Migration (tklbam): - Fix paths with spaces not working in overrides - closes #1403. [ Stefan Davis ] - Package and dependencies rebuilt against Debian 10.3/Buster. [ Jeremy Davis ] * Configuration console (confconsole): - Migrate code to python3, use default Debian dialog & python3-dialog packages (no longer packaging our own forks). - LE plugin: Completely refactor add-water. - Networking: Add warning when changing ip inside an ssh session. [ Stefan Davis ] - No longer run as separate service (launched at first boot by inithooks). - LE plugin: Improve Dehydrated cron job - closes #912. - LE plugin: Backup domains.txt if it exists so can be manually restored if desired. Part of #1365. - LE plugin: Ensure that ACME v2 API endpoint is used everywhere. Part of #1365. - DH params plugin: New plugin for v16.0; update/improve Diffie-Hellman parameters bit size. Closes #575. Part of #1432. - Mail relay plugin: Allow unauthenticated SMTP relay. Closes #844. - Mail relay plugin: Refactoring, improved error handling. Closes #1434. [ Jeremy Davis ] - All plugins updated to python3 and update python-dialog/dialog usage. - Hostname plugin: Do some validation and bugfix implementation. Closes #845. [ Stefan Davis & Jeremy Davis ] * Firstboot Initialization (inithooks): - Migrate code to python3. [ Stefan Davis ] - Migrate TLS/SSL inithooks from common/overlay into inithooks package. - Leverage (refactored/extended) turnkey-make-ssl-cert script to also generate Diffie-Hellman parameters. Part of #1432. - Option to launch full Confconsole on completion (defaults to minimal). - Fix error message when password complexity = 4 in dialog_wrapper (previous message was misleading). - Add support for blacklisted characters when setting password via dialog_wrapper. [ Jeremy Davis ] * Web management console (webmin): - Upgraded webmin to v1.941 - Developed improved systemd webmin.service file. - Individual Webmin stunnel config - easier to disable/enable Webmin & Webshell independently. [ Jeremy Davis ] * Web shell (shellinabox): - Individual Webshell stunnel config - easier to disable/enable Webmin & Webshell independently. [ Jeremy Davis ] * Installer (di-live): - Migrate code to python3. - Update Debian Installer source components (from Debian d-i source). Closes #412. - Leverage Debian Live Tools for running live and installing (no longer requires casper and busybox-initramfs). - Other major refactoring. [ Jeremy Davis ] * Live environment: - Leverage Debian default live environment (casper and alternate busybox package no longer required; built on default Debian packages; live-tools & live-boot). Closes #942. [ Jeremy Davis ] * Miscellaneous: - ssh-server: Relax SSH config slightly to reduce issues with fail2ban - closes #1398. - hubtools: Fix hub-list-backups - closes #1173. - turnkey-make-ssl-cert: support (re)generation of Diffie-Hellman parameters. Part of #1432. -- Jeremy Davis Tue, 07 Apr 2020 18:44:24 +1000 turnkey-core-15.0 (1) turnkey; urgency=low * Upgraded base distribution to Debian 9.4/Stretch. * TurnKey Backup and Migration (tklbam): - package and dependencies are now reproducible (security) [ Chris Lamb ] - backup update fix - new dependency for Stretch; gnupg (closes #962) [ Ken Robinson ] - restore update fix - ensure patches are applied to tklbam-squid source code (TurnKey squid fork) (closes #970) [ Ken Robinson (troubleshooting) & Chris Lamb (fix) ] * Installer (di-live): - package is now reproducible (security) [ Chris Lamb ] - fix di-live failing to install from live system (closes #1041) [ Stefan Davis ] * Live environment (casper): - package is now reproducible (security) [ Chris Lamb ] - update to support overlayFS (default layering filesystem in stretch) [ Stefan Davis ] * Configuration console (confconsole): - general: - package is now reproducible (security) [ Chris Lamb ] - Networking: - fix for static IP not sticking (since upgrade to stretch base) (closes #952) - Let's Encrypt plugin: - install 'dehydrated' (ACME client) from Debian main repo (previously installed from jessie-backports) - significant refactoring of plugin - support for multiple domains (closes #843) - fix for updated ACME ToS; including dynamically discovered latest ToS; inc dialog display of url for current ToS (closes #976) - update dialog and readme for Debian Stretch (closes #1061) [ Stefan Davis ] * Firstboot Initialization (inithooks): - Updates for headless builds especially LXC/Proxmox & Xen: - include specific inithooks-lxc.service file - initialization systemd service that works reliably inside an LXC container (and doesn't effect other builds) (closes #1071) - include specific inithooks-xen.service file - initialization systemd service that works reliably with the Xen console (and doesn't effect other builds) - force non-interactive dpkg-reconfigure of openssh-server (closes #1085) - updated initfence index page to note that webshell not available (closes #1087) - fix edge case bug where turnkey-sudoadmin would incorrectly adjust services.txt (closes #1124) * Web management console (webmin): - upgraded webmin to v1.881 - package is reproducible (no changes required) (security) - resolve stretch related install problem (closes #920) [ Ken Robinson ] - new default theme, uses upstream default; 'Authentic' (closes #781) - TurnKey theme customizations; TurnKey logos, default to show TKLBAM module on login - remove webmin-file (java based filemanager) module (closes #965) - remove webmin-texteditor module (upstream) - include webmin-fail2ban module - add convenience symlinks to useful Webmin logs (in /var/log/webmin) - reconfigure webmin-raid & webmin-lvm modules during build (workaround for #1091) * TurnKey AMQ (tklamq) - only applies to Hub builds: - python-carrot deprecated, move to dependency on python-kombu * Web shell (shellinabox): - install v2.20 direct from Debian main repo (no longer maintaining our own fork) (closes #918) - version from Debian displays ncurses dialog properly (closes #317) - white on black default webshell (aka shellinabox) theme (closes #1060) * Security hardening: [ John Carver ] - default config mods for: - postfix - ssh - kernel sysctl variables - inc easy option to override (via /etc/sysctl.conf) * Optimized builds (buildtasks): - VM builds (OVA & VMDK): - include open-vm-tools-dkms & linux-headers-amd64 in base builds (closes #1001) [ Stefan Davis ] * Miscellaneous: - update to support overlayFS (default layering filesystem in stretch) - default to systemd init system for all builds - use traditional network interface names, e.g. 'eth0' (disable stretch default of "Predictable Network Interface Names") - 'dpkg-vendor --query Vendor' now returns 'TurnKey` (closes #196) - include fail2ban in all appliances (closes #630 & #991) - MVP uses default Debian conf, protects SSH only - use http://deb.debian.org as Debian url in sources.list - as recommended by Debian (closes #927) - upstream fix for MOTD not being updated dynamically (closes #1024) [ Stefan Davis ] -- Jeremy Davis Tue, 19 Jun 2018 12:35:59 +1000 turnkey-core-14.2 (1) turnkey; urgency=low * Upgraded base distribution to Debian Jessie 8.7. * Webmin (web based administration): - Update to 1.831 (includes fix for [#493]). * Confconsole (configuration console - console based admin): - significant refactoring to support "Advanced" plugins [#369]. - Included new plugins: - Region Config >> Locales/Keyboard/Tzdata [#14, #38, #746, #770, #771]. - Proxy Settings >> Apt proxy [#203]. - System Settings >> Set hostname [#180, #450, #765, #795]. - Mail relay - SMTP email relay config [#482]. - Let's Encrypt SSL certs (via Dehydrated) [#546, #766, #767]. - includes install of dehydrated (from jessie-backports). * Inithooks (firstboot initialization): - make secalerts more robust [#532]. - password complexity requirements explicitly stated [#556]. * di-live (TurnKey installer): - resolved LVM install bug [#782]. - di-live - reordered install options so install to LVM is default [#791]. * TKLBAM (backup and migration tool): - various bugfixes and improvements. * miscellaneous: - tweaked turnkey-make-ssl-cert for improved code styling and functionality. - fixed Monit configuration [#603]. - update default apt URLs to httpredir.debian.org [#742]. - removed core package from all builds (except core) [#762]. - improved default vim-tiny config [#763]. -- Jeremy Davis Wed, 29 Mar 2017 12:41:10 +1100 turnkey-core-14.1 (1) turnkey; urgency=low * Installed all Debian security updates. * Installed updated packages from TurnKey repo - Webmin - Update to 1.780 [#496]. - Webmin - Install new HTML5 file manager. - Confconsole - now handles bridged LXC net config. - Inithooks - email regex now less demanding [#155]. - Inithooks - ssh message on root login attempt (under sudoadmin) to a TKL EC2 instance like Debian does [#541]. - Inithooks - improved container fence firstboot console output [#570]. * turnkey-make-ssl-cert now leaks the least amount of info possible [#572]. -- Jeremy Davis Thu, 25 Feb 2016 00:28:44 +1100 turnkey-core-14.0 (1) turnkey; urgency=low * Upgraded base distribution to Debian Jessie 8.1. * TurnKey Backup and Migration (tklbam): - No longer requires TurnKey Hub or even a network connection. - Ability to force a profile. - Increased robustness of MySQL backup/restore. - Improved logging (output in realtime, exceptions, rotation). - Usability improvements (more verbose, self-documenting). - Improved --debug behavior. - Multiple bugfixes and improvements https://github.com/turnkeylinux/tklbam/blob/master/docs/RelNotes-1.4.txt * Web management console (webmin): - Upgraded webmin to 1.760. - Served behind stunnel4 for improved SSL. * Web shell (shellinabox): - Served behind stunnel4 for improved SSL. - Bugfix: only one line displayed on mobile device (i.e. ipad). * Initialization hooks (inithooks): - Kernel upgrade on firstboot will trigger a reboot. - TurnKey initialization fence HTTPS encryption warning explanation. - Improved SSH key regeneration. - Added system notifications and critical security alerts hook. - Added turnkey-sudoadmin (configure system to use sudo admin user). - Added hostname configuration hook. - Added autogrow filesystem hook. - Added IP configuration hook. - Added support for systemd. * Configuration console (confconsole): - Added support for systemd. * Installer (di-live): - Updated to support Debian 8.0, version bump to 0.9.5. - Upgraded partitioner with latest d-i upstream code. - Removed alignment tags which are not interpreted by debconf. - Updated build-depends and recommends. - Added support for systemd. * Miscellaneous - monit: added cpu/ram/swap/disk alerts. - systemd: set as default init system. - ssl/ssh: lots of security improvements. - openssh-server: configured to permit root login with password. - vim-tiny: set as alternative for vim instead of symlink. - sources.list: updated cdn.debian.net to http.debian.net. - udhcpc: added support for /32 IPv4 subnets. - bashrc: added missing aliases for color terms. - iso-hybrid: ISO images are pre-processed for USB flash booting. - gfxboot: updated to support newer syslinux version. - busybox-initramfs: custom built enabling initramfs support. -- Alon Swartz Thu, 27 Aug 2015 18:32:27 +0300 turnkey-core-13.0 (1) turnkey; urgency=low * Upgraded base distribution to Debian Wheezy 7.2. * TurnKey Backup and Migration (tklbam): - Added PostgreSQL database support. - Added MySQL support for views and triggers. - Added --raw-upload and --dump options to backup. - Added --raw-download and --simulate options to restore. - Added "inspect" state to hooks mechanism. - Multiple backup and restore bugfixes and improvements. https://github.com/turnkeylinux/tklbam/blob/master/docs/RelNotes-1.3.txt * Web management console (webmin): - Upgraded webmin to 1.630. - New version includes new BSDfdisk modules. * Bugfixes and tweaks: - busybox-initramfs: custom built enabling initramfs support. - resolvconf: set resolver timeout to 1 second (useful when offline). -- Alon Swartz Thu, 10 Oct 2013 13:56:25 +0300 turnkey-core-12.1 (1) turnkey; urgency=low * Upgraded base distribution to Debian Squeeze 6.0.7. * Available in both 32-bit (i386) and 64-bit (amd64) architectures. * TurnKey Backup and Migration (tklbam): - Fixed MySQL deserialization code (duplicated last element in row if > 1MB). - Fixed keypacket AES cipher initialization required as of python-crypto 2.6. - Added jitter to tklbam-backup cron job. - Refactored to use pycurl-wrapper's new API class. * TurnKey Configuration Console (confconsole): - Fixed multiple network interface support (LP#1045320). - Added support for --usage (no advanced menu options). - Replaced kbd recommendation with console-tools | console-utilities. * TurnKey Initialization Hooks (inithooks): - Implemented turnkey-init-fence for headless deployments. - Re-implemented turnkey-init in Python. - Display confconsole usage as last screen of turnkey-init. - Improved hooks sub-execution and handling of CTRL-C. - Imported common hooks from overlay into package. - Limit paragraph width for better UX. - Replaced kbd dependency with console-tools | console-utilities. * Web management console (webmin): - Upgraded webmin to 1.620. - New version includes new ISCSI modules and a gray theme. * Web shell (shellinabox): - Support new keycodes (dash, underscore) used by firefox 15+ (LP#1104164). - Install available options as is without renaming or enabling. - Enable default options (white-on-black, color) postinst. - Fixed broken packaging of stray option styling files. - Fixed colors to support dialog interfaces. * TurnKey Python Library (turnkey-pylib): - Multiple improvements to Parallelize and Command modules. - Added 20 new modules. * Bugfixes and tweaks: - packages: added curl (generically useful). - packages: acpi-support-base (handle acpi events - LP#101194). - apt: replaced auto-apt-archive with Debian's CDN mirror network. - apt: updated trusted.gpg.d/$release to $distro. - apt: removed ubuntu trusted key. - bash: improved bashrc whitespace support (LP#932388). - bash: added useful git aliases (see ~/.bashrc.d/git). - di-live: updated architecture config and bootloader depends. - di-live: replaced kbd recommendation with console-tools | console-utilities. - busybox-initramfs: custom built enabling initramfs support. - casper: updated path_id execution per udev changes. - sshd: disabled dns checks (if resolution fails will prevent logins). - motd: tweaked configuration to support upcoming Wheezy release. - pycurl-wrapper: added timeout support, created new API class. - hubdns: increased jitter, refactored to use pycurl-wrapper's API class. * Latest versions of all packages will be installed during build. -- Alon Swartz Wed, 03 Apr 2013 08:00:00 +0200 turnkey-core-12.0 (1) turnkey; urgency=low * Upgraded base distribution to Debian Squeeze 6.0.5. - Support for dependency based boot sequence (insserv). - Default ISO Kernel 2.6-686 (TKL Core Lenny was 486). * TKLBAM (backup and migration): - Upgraded to latest version of TKLBAM (see changelog for details, below are some of the highlights). - Added embedded squid download cache support. - Added backup resume functionality. - Added support for multipart parallel uploads to S3. - Upgraded duplicity and python-boto. - Multipart parallel S3 uploads. - Fixed root cause of MySQL max packet issue (bugfix). * Installer (di-live): - Upgraded di-live to latest version compatible with Squeeze. - Misc bugfixes and tweaks. * Boot (bootsplash and grub): - Upgraded bootsplash generation to be compatible with Squeeze. - Removed bootsplash unused panel options and extraneous files. - Tweaked grub default timeouts (hidden_timeout=0, timeout=3). * Locale: - Set default locale to en_US.UTF-8 (was en_GB). - Updated locale configuration for compatibility with Squeeze. - Includes localepurge (pre-configured and initialized). * Web management console (webmin): - Upgraded webmin to 1.590 and default theme. - Disabled inline webmin upgrades (managed by APT). - Moved history logging to /var/webmin (incorrect use of /etc). * Web shell (shellinabox): - Upgraded shellinabox to 2.14. * Bugfixes and tweaks: - Fixed LSB compatibility (di-live, inithooks, confconsole) [LP#700399]. - Added support for spaces in bashrc promptpath [LP#932388]. - Replaced APT trusted.db with trusted.gpg.d/$distro. - Added bashmarks (super useful bash bookmarking). - Removal of log files generated during build. - inithooks: Improved headless deployment (REDIRECT_OUTPUT directive). - etckeeper: Uninitialization post build and firstboot (turnkey-init). - resolvconf: Removed upstart hack (not relevant on Squeeze). - confconsole: Miscellaneous bugfixes and refactoring. - install-security-updates: Wrapper script for convenience. -- Alon Swartz Wed, 01 Aug 2012 08:00:00 +0200 turnkey-core-11.3 (1) turnkey; urgency=low * Installed security updates. * Enabled etckeeper garbage collection by default. * Upgraded to latest inithooks version (adhoc re-initialization via turnkey-init) -- Alon Swartz Mon, 05 Dec 2011 10:48:44 +0000 turnkey-core-11.2 (1) turnkey; urgency=low * Installed security updates. * Added HubDNS package and firstboot configuration. -- Alon Swartz Fri, 15 Jul 2011 07:47:08 +0000 turnkey-core-11.1 (1) turnkey; urgency=low * Upgraded base distribution to Ubuntu 10.04.1 LTS. * No more chimeras (mixing of packages from Debian/ubuntu). * Installer (di-live): - Added LVM support, with guided partitioning supported in di-live, and webmin module for convenience. - Guided partitioning of root volume will default to 90% of volume group to support LVM snapshots out of the box. - Moved appliance secret regeneration, configuration, setting of passwords to inithooks to run on firstboot. - Installation media will be ejected and a message displayed to remove media after successful installation. - Warning messages will be logged instead of inline (caused a bad user experience). - Upgraded di-live to latest version compatible with Lucid. * Initialization Hooks (inithooks): - Setting of passwords and configuration is now done on firstboot. - Application specific configuration (passwords, email, domain) is now supported putting an end to default settings. - This supports all build targets such as VM builds, and most run in live-mode (convenience, consistent user-experience). - Includes auto-apt-archive to configure the closest APT package archive, determined via the TurnKey Hub GeoIP service. - All relevant inithooks can be preseeded, refer to: https://www.turnkeylinux.org/docs/inithooks * Configuration Console (confconsole): - /etc/confconsole/usage.txt has been replaced with services.txt - The usage screen is now updated dynamically for simpler management and customization. * Updated bootsplash menu: - Install to hard disk - default, moved to first option. - Live system -> Try without installing (Live CD demo mode). - Removed Boot from first hard disk. * Display system info in motd, as well non-persistent mode warning (motd). * NTP configured with recommended pool servers and to cope with large time drifts. * Setting of LANG in /etc/default/locale. * Packages: - Includes TKLBAM (TurnKey Backup and Migration) + new Webmin module. - Includes etckeeper initialized on firstboot (using git-core). - Includes logrotate for automatic log rotation. - Configured APT to not install recommends by default. - Upgraded webmin to 1.520 and default theme. - Upgraded shellinabox to 2.10, set default theme to white-on-black. - Customized bashrc and bashrc.d scripts. - Includes bash-completion (very useful addition for cli). - Includes iproute (ipv6 provisoning). - Includes acpid (support hypervisor reboot/power down signals). - Replaces host with bind9-host (deprecated). - Replaces sysklogd and klogd with rsyslog (inline with Ubuntu). - Grub2 (grub-pc) pre-configuration (verbose, timeout, console). -- Alon Swartz Sun, 19 Dec 2010 15:01:05 +0200 turnkey-core-2009.10 (2) hardy; urgency=low * Installed all security updates (see manifest for package versions). * Install security updates on firstboot (except when running live). * Trick webmin into not checking for upgrades (managed by apt). * Included latest version of inithooks and updated scripts. * Included wget as per common request. -- Alon Swartz Mon, 29 Mar 2010 09:02:11 +0200 turnkey-core-2009.10 (1) hardy; urgency=low * Upgraded base distribution to Ubuntu 8.04.3 LTS. * Added shell-in-a-box to provide web shell access (listening on port 12320 - uses SSL). * Added inithooks to execute firstboot/everyboot scripts, for example regenerating cryptographic keys on live boot: - SSH keys. - Default SSL certificate (used by Webmin, Apache, Lighttpd). * Upgraded Webmin to 1.490 and default theme. - Disabled Webmin scheduled updates (managed by APT) * New versions of confconsole and di-live include many improvements and bugfixes (see their respective release notes for details). * Implemented APT pinning downgrade workaround (LP#315175). * Added a few generically useful packages (unzip: LP#356099, ethtool). * Added IPv6 configuration to /etc/hosts. -- Alon Swartz Tue, 29 Sep 2009 15:39:41 +0200 turnkey-core-2009.02 (1) hardy; urgency=low * initial public release of the TurnKey Linux "core": it's the basic appliance on top of which all TurnKey Linux appliances are now built. * upgraded base distribution to Ubuntu 8.04.2 LTS * added many generically useful webmin modules: - network - firewall configuration (with example configuration) - network configuration - system - configure time, date and timezone - configure users and groups - manage software packages - change passwords - system logs - tools - text editor - shell commands - simple file upload/download - file manager (needs support for Java in browser) - custom commands * changed webmin port from 10000 to 12321 (more distinct, easier to type) * regenerate cryptographic keys during installation - SSH keys - default SSL certificate (used by webmin, Apache, lighttpd) * configured sshd to permit an empty password in demo/live mode * improved package management configuration - enabled Ubuntu's Universe component by default (convenience) - cron-apt configured to: - correctly handle modified conffiles when auto-upgrading (won't hang) - only auto-upgrade packages from the security components - update the cache for all components - share sources with other interfaces to apt (e.g., apt-get) - log to syslog instead of mailing root * new versions of confconsole and di-live include many improvements and bugfixes (see their respective release notes for details) * changed default console font to improve readability of console dialogs * added a few generically useful packages (iptables, ntp, nano) * updated /etc/network/interfaces to support multiple network interface cards * replaced metalog with sysklogd/klogd * optimized footprint (rebuilt from bare essentials) * added the release package that holds this changelog -- Alon Swartz Thu, 29 Jan 2009 14:31:46 +0200