You are here
Changes:
- Upgraded base distribution to Debian 9.4/Stretch.
- TurnKey Backup and Migration (tklbam):
- package and dependencies are now reproducible (security)
[ Chris Lamb ]
- backup update fix - new dependency for Stretch; gnupg (closes #962)
[ Ken Robinson ]
- restore update fix - ensure patches are applied to tklbam-squid source
code (TurnKey squid fork) (closes #970)
[ Ken Robinson (troubleshooting) & Chris Lamb (fix) ]
- Installer (di-live):
- package is now reproducible (security)
[ Chris Lamb ]
- fix di-live failing to install from live system (closes #1041)
[ Stefan Davis ]
- Live environment (casper):
- package is now reproducible (security)
[ Chris Lamb ]
- update to support overlayFS (default layering filesystem in stretch)
[ Stefan Davis ]
- Configuration console (confconsole):
- general:
- package is now reproducible (security)
[ Chris Lamb ]
- Networking:
- fix for static IP not sticking (since upgrade to stretch base)
(closes #952)
- Let's Encrypt plugin:
- install 'dehydrated' (ACME client) from Debian main repo (previously
installed from jessie-backports)
- significant refatoring of plugin
- support for multiple domains (closes #843)
- fix for updated ACME ToS; including dynamically discovered latest ToS;
inc dialog display of url for current ToS (closes #976)
- update dialog and readme for Debian Stretch (closes #1061)
[ Stefan Davis ]
- Firstboot Initialization (inithooks):
- Updates for headless builds especially LXC/Proxmox & Xen:
- include specific inithooks-lxc.service file - initialization SystemD
service that works reliably inside an LXC container (and doesn't effect
other builds) (closes #1071)
- include specific inithooks-xen.service file - initialization SystemD
service that works reliably with the Xen console (and doesn't effect
other builds)
- force non-interactive dpkg-reconfigure of openssh-server (closes #1085)
- updated initfence index page to note that webshell not avaialble
(closes #1087)
- fix edge case bug where turnkey-sudoadmin would incorrectly adjust
services.txt (closes #1124)
- Web management console (webmin):
- upgraded webmin to v1.881
- package is reproducible (no changes required) (security)
- resolve stretch related install problem (closes #920)
[ Ken Robinson ]
- new default theme, uses upstream default; 'Authentic' (closes #781)
- TurnKey theme customizations; TurnKey logos, default to show TKLBAM
module on login
- remove webmin-file (java based filemanager) module (closes #965)
- remove webmin-texteditor module (upstream)
- include webmin-fail2ban module
- add convience symlinks to useful Webmin logs (in /var/log/webmin)
- reconfigure webmin-raid & webmin-lvm modules during build (workaround
for #1091)
- TurnKey AMQ (tklamq) - only applies to Hub builds:
- python-carrot deprecated, move to dependency on python-kombu
- Web shell (shellinabox):
- install v2.20 direct from Debian main repo (no longer maintaining our
own fork) (closes #918)
- version from Debian displays ncurses dialog properly (closes #317)
- white on black default webshell (aka shellinabox) theme (closes #1060)
- Security hardening:
[ John Carver ]
- default config mods for:
- postfix
- ssh
- kernel sysctl variables
- inc easy option to override (via /etc/sysctl.conf)
- Optimized builds (buildtasks):
- VM builds (OVA & VMDK):
- include open-vm-tools-dkms & linux-headers-amd64 in base builds (closes
#1001)
[ Stefan Davis ]
- Miscellaneous:
- update to support overlayFS (default layering filesystem in stretch)
- default to SystemD init system for all builds
- use traditional network interface names, e.g. 'eth0' (disable stretch
default of "Predictable Network Interface Names")
- 'dpkg-vendor --query Vendor' now returns 'TurnKey` (closes #196)
- include fail2ban in all appliances (closes #630 & #991)
- MVP uses default Debian conf, protects SSH only
- use http://deb.debian.org as Debian url in sources.list - as
recommended by Debian (closes #927)
- upstream fix for MOTD not being updated dynamically (closes #1024)
[ Stefan Davis ]
Links
Changes:
- Upgraded base distribution to Debian Jessie 8.7.
- Webmin (web based administration):
- Update to 1.831 (includes fix for [#493]).
- Confconsole (configuration console - console based admin):
- significant refactoring to support "Advanced" plugins [#369].
- Included new plugins:
- Region Config >> Locales/Keyboard/Tzdata [#14, #38, #746,
#770, #771].
- Proxy Settings >> Apt proxy [#203].
- System Settings >> Set hostname [#180, #450, #765, #795].
- Mail relay - SMTP email relay config [#482].
- Let's Encrypt SSL certs (via Dehydrated) [#546, #766, #767].
- includes install of dehydrated (from jessie-backports).
- Inithooks (firstboot initialization):
- - make secalerts more robust [#532].
- password complexity requirements explicitly stated [#556].
- di-live (TurnKey installer):
- - resolved LVM install bug [#782].
- di-live - reordered install options so install to LVM is
default [#791].
- TKLBAM (backup and migration tool):
- - various bugfixes and improvements.
- miscellaneous:
- - tweaked turnkey-make-ssl-cert for improved code styling and
functionality.
- fixed Monit configuration [#603].
- update default apt URLs to httpredir.debian.org [#742].
- removed core package from all builds (except core) [#762].
- improved default vim-tiny config [#763].
Links
Changes:
- Installed all Debian security updates.
- Installed updated packages from TurnKey repo
- Webmin - Update to 1.780 [#496].
- Webmin - Install new HTML5 file manager.
- Confconsole - now handles bridged LXC net config.
- Inithooks - email regex now less demanding [#155].
- Inithooks - ssh message on root login attempt (under sudoadmin)
to a TKL EC2 instance like Debian does [#541].
- Inithooks - improved container fence firstboot console output [#570].
- turnkey-make-ssl-cert now leaks the least amount of info possible
[#572].
Links
Pages