You are here
Changes:
- Upgraded base distribution to Debian 11.1/Bullseye.
- Configuration console (confconsole):
- Minor packaging changes for Debian Bullseye.
- Fix warnings on Confconsole when upgrading to Python3.9 - resolved by
swapping identity check for equality check - closes #1634.
- Remove dhparams generation - part of #1653.
- Move Secupdates_adv_conf.py (confconsole plugin) from "common" into
confconsole package. Should have no end user impact.
- Bugfix & improvements to Let's Encrypt plugin:
- Fix cert not being used on stand-alone Tomcat appliance - closes #1712.
- Update to support changed systemd output (fixes stunnel not restarted
on Bullseye).
- Improvements in Keyboard setting plugin - not sure if this is enough to
fix it, but it should at least be closer. Related to #1695.
- General code and documentation improvements.
- Firstboot Initialization (inithooks):
- Minor packaging changes for Debian Bullseye.
- Bugfix typo in firstboot.d/15regen-sslcert.
- Update the init-fence default html.
- Update simplehttpd.py cyphers.
- Remove dhparams generation - part of #1653.
- Code refactor to provide inithook_lib.
[ Stefan Davis ]
- Web management console (webmin):
- Upgraded webmin to v1.990.
- Bugfix, refactor and improve TKLBAM Webmin module. Closes #178, #190,
#288, #1065, #1260 & #1680.
[ Jeremy Davis ]
- Include webmin-firewall6 (firewall UI for IPv6) by default - part of #1658.
[ Richard van Dijk ]
- Update individual Webmin stunnel config to support IPv6 - part of #1658.
[ Richard van Dijk ]
- Web shell (shellinabox):
- Update individual Webshell stunnel config to support IPv6 - part of
#1658.
[ Richard van Dijk ]
- Backup (tklbam):
- Change default NTPSERVER to one that also supports IPv6 - part of #1658.
[ Richard van Dijk ]
- Build specific py2 dependencies previously provided by Debian for
Bullseye base (TKLBAM still py2). Ideally it should be updated to py3
(or rewritten) but we don't want to block v17.0 release any further.
- No longer include live* related packages (e.g. di-live, live-tools, etc)
in TKLBAM default package list (pkgs only in ISO and uninstalled on
install). Closes #1681.
- Security hardening & improvements:
- Generate and use new TurnKey Bullseye keys.
- Provide predefined dh_params (via 'turnkey-make-ssl-cert' where
relevant) as per RFC7919 - part of #1653.
- Enable TLS by default for use with Postfix.
- Servers which include Apache|LigHHTTPd|Nginx now have HSTS and OCSP
stapling configuration (not fully enabled by default - as requires valid
SSL/TLS cert).
- Misc bugfixes & feature implementations:
- Remove redundant autologin, singleuser_shell & ssh_emptypw scripts from
default common overlay.
- Cleanup/tweak MOTD.
- Update vim default conf path (for new version of vim in Bullseye).
- Move Nginx & LigHTTPd apps from FastCGI to PHP-FPM (apps with
Nginx/LigHTTPd only) - closes #1589.
Links
Changes:
- Upgraded base distribution to Debian 10.8/Buster.
- Configuration console (confconsole):
- Improvements to networking robustness and error reporting - allow setting
up of previously unconfigured or even to some extent misconfigured
networking - closes #1457.
Stefan Davis & Jeremy Davis ]
- Catch socket.gaierror in Mail Relaying - closes #1472.
Stefan Davis ]
- Fixed Confconsole stacktrace - closes #1478.
Stefan Davis ]
- Support copy/paste in Confconsole - closes #1545.
- Option to change default auto secupdates issue resolution - closes
#1536.
- Include confconsole plugin to allow configuration of confconsole
autostart - closes #1561.
- Fix Let's Encrypt staging server URL in config - closes #1497.
- (Apps with MySQL/MariaDB only) Confconsole perf and info schema install
option - closes #1429.
- Firstboot Initialization (inithooks):
- Add option to turnkey-init to launch full confconsole when finished.
- Improve customization re password complexity and blacklisted chars.
- Improve help text and remove buggy code causing issues in LXC
containers - closes #1451.
- Only launch Confconsole at end of run on non-headless builds.
- Provide systemd service file for turnkey-init-fence.
- Web management console (webmin):
- Updated Webmin to v1.970.
- Improved service to make more robust (particularly within LXC) - closes
#1480.
- Set iptables-legacy as default so webmin-firewall works as expected -
closes #1488.
- (Apps with MySQL/MariaDB/webmin-mysql only) Default MySQL user 'adminer'
(when 'webmin-mysql' module installed) - closes #1529.
- Hub Domains client (hubdns):
- Fixed server DNS mapping not updated on IP change - closes #1508.
- Misc bugfixes & feature implementations:
- Add alert for RUN_FIRSTBOOT in MOTD - closes #1129.
- Fix MOTD/turnkey-sysinfo if no network interfaces discovered - closes
#1461.
- Make root:root & 755 ownership/permissions of /usr/local default -
closes #1440.
- Improve 'stunnel4@.service' systemd service template to resolve issues -
closes #1513.
- Provide (optional) 'eth1' interface configured as "hotplug" - closes
#1492.
- (LAMP/LAPP based apps) Only install composer on apps that explicitly
use it, or where it makes sense (e.g. LAMP & LAPP will include it) -
closes #1563.
- (Apps with Composer only) Provide turnkey-composer wrapper script so
it's easy to not run composer as root - closes #1539.
- (Apps with Composer only) Automatically clear Composer cache and
shallow clone composer installed deps - closes #1541.
- (Apps with PHP only) Remove deprecated opcache.fast_shutdown option from
config - closes #1538.
- (Apps with Adminer only) Give grant privileges to adminer MySQL/MariaDB
user- closes #1496.
Links
Changes:
- Upgraded base distribution to Debian 10.3/Buster.
- TurnKey Backup and Migration (tklbam):
- Fix paths with spaces not working in overrides - closes #1403.
[ Stefan Davis ]
- Package and dependencies rebuilt against Debian 10.3/Buster.
[ Jeremy Davis ]
- Configuration console (confconsole):
- Migrate code to python3, use default Debian dialog & python3-dialog
packages (no longer packaging our own forks).
- LE plugin: Completely refactor add-water.
- Networking: Add warning when changing ip inside an ssh session.
[ Stefan Davis ]
- No longer run as separate service (launched at first boot by inithooks).
- LE plugin: Improve Dehydrated cron job - closes #912.
- LE plugin: Backup domains.txt if it exists so can be manually restored
if desired. Part of #1365.
- LE plugin: Ensure that ACME v2 API endpoint is used everywhere. Part of
#1365.
- DH params plugin: New plugin for v16.0; update/improve Diffie-Hellman
parameters bit size. Closes #575. Part of #1432.
- Mail relay plugin: Allow unauthenticated SMTP relay. Closes #844.
- Mail relay plugin: Refactoring, improved error handling. Closes #1434.
[ Jeremy Davis ]
- All plugins updated to python3 and update python-dialog/dialog usage.
- Hostname plugin: Do some validation and bugfix implementation. Closes
#845.
[ Stefan Davis & Jeremy Davis ]
- Firstboot Initialization (inithooks):
- Migrate code to python3.
[ Stefan Davis ]
- Migrate TLS/SSL inithooks from common/overlay into inithooks package.
- Leverage (refactored/extended) turnkey-make-ssl-cert script to also
generate Diffie-Hellman parameters. Part of #1432.
- Option to launch full Confconsole on completetion (defaults to minimal).
- Fix error message when password complexity = 4 in dialog_wrapper
(previous message was misleading).
- Add support for blacklisted characters when setting password via
dialog_wrapper.
[ Jeremy Davis ]
- Web management console (webmin):
- Upgraded webmin to v1.941
- Developed improved systemd webmin.service file.
- Individual Webmin stunnel config - easier to disable/enable Webmin &
Webshell independantly.
[ Jeremy Davis ]
- Web shell (shellinabox):
- Individual Webshell stunnel config - easier to disable/enable Webmin &
Webshell independantly.
[ Jeremy Davis ]
- Installer (di-live):
- Migrate code to python3.
- Update Debian Installer source components (from Debian d-i source).
Closes #412.
- Leverage Debian Live Tools for running live and installing (no longer
requires casper and busybox-initramfs).
- Other major refactoring.
[ Jeremy Davis ]
- Live environment:
- Leverage Debian default live environment (casper and alternate busybox
package no longer required; built on default Debian packages; live-tools
& live-boot). Closes #942.
[ Jeremy Davis ]
- Miscellaneous:
- ssh-server: Relax SSH config slightly to reduce issues with fail2ban -
closes #1398.
- hubtools: Fix hub-list-backups - closes #1173.
- turnkey-make-ssl-cert: support (re)generation of Diffie-Hellman
parameters. Part of #1432.
Links
Pages