Softpedia >Linux >Linux Distributions >TurnKey Core Live CD >  Changelog

TurnKey Core Live CD Changelog

What's new in TurnKey Core Live CD 15.0

Jul 30, 2018
  • Based on Debian 9/Stretch:
  • As per previous major "point zero" releases of TurnKey, v15.0 is based on the most recent release of Debian. For v15.0, that is Debian 9/Stretch (v14.x was based on Debian 8/Jessie). Most (if not all) pre-installed software should be newer versions and the Debian apt repos are filled with literally thousands of updated packages.
  • PHP 7.0:
  • Possibly one of the most highly anticipated and significant changes for many TurnKey users this release, will be the provision of PHP 7.0. Many users have been asking for it for a while, and it's finally here as the default TurnKey PHP version! :) It's also worth noting, that there are a few appliances which are currently incompatible with PHP7. For those few, we're leveraging Ondřej Surý's third party Debian repo. Ondřej is trusted Debian and Ubuntu developer and a member of the official Debian PHP maintainers. Appliances that utilize Ondřej's PHP packages have (or at least will have) it clearly noted on their relevant appliance page and in the appliance changelog.
  • MySQL replaced with MariaDB:
  • Debian have dropped MySQL as the default "MySQL database", in favour of MariaDB. MariaDB is provided as a "drop in MySQL replacement". As of Debian 9/Stretch, installing the "MySQL" Debian package, will actually install MariaDB. As TurnKey is based on Debian, we've followed suit. Whilst we've not changed the name of our MySQL appliance, it should be noted, that it is in fact a MariaDB appliance!
  • Whilst MariaDB is provided as a "drop in replacement" for MySQL, it is important to highlight, that it contains some advanced features which aren't (yet?) available in MySQL. Moving forward, if you continue to use MariaDB on TurnKey (or any other distro for that matter) you should expect no issues. OTOH, if you for some reason decide to move back to MySQL, especially if you are using any of the advanced MariaDB features, then you would be well advised to do your homework and some solid testing first. For a fairly comprehensive list covering compatibility between MariaDB and MySQL, please see this page on the MariaDB site. For features in MariaDB vs MySQL, please see this page.
  • It's also worth noting that as well as the change to MariaDB v10.1 in TurnKey v15.0, MariaDB (and MySQL 5.6 - essentially the basis for MariaDB 10.1) have a quirk. It's a result of the updated default MySQL character encoding format to "utf8mb" ("UTF-8 Multi-Byte" as opposed to "utf8"). Whilst it's a bit of a silly and somewhat misleading name ("utf8" already uses 3 bytes to store each character), the reality is that MySQL's previous "utf8" was itself incorrect and misleading! FWIW MySQL "utf8" character encoding is only a subset of UTF-8, whereas "uft8mb" is the full UFF-8 character set!
  • But why does this matter? The change to the full UTF-8 character set means that MySQL/MariaDB now supports the full range of International/Asian characters, as well as mathematical symbols and emoji. The "utf8" character set has been the default MySQL character encoding for many years now. Problems can occur when app developers work on the assumption that each character requires 3 bytes. MySQL tables generally define how may bytes they will require (rather than how many characters), so a change to the default encoding can cause issues when these assumptions are broken. Details of how we've worked around this in our appliances and how TurnKey users may need to address this as they migrate existing data to v15.0 is beyond the scope of this post. It's a blog post for another day, but I figured well worth noting now.
  • New Webmin Theme:
  • When TurnKey first started packaging Webmin (about 10 years ago!), we found the default Webmin theme a little clunky. The 3rd party "StressFree" theme was more to our liking. And we've been packaging the "StressFree" theme amd setting it as default ever since. It's served us well over the years, but as it has not had any serious maintenance for quite a few years now, it was getting a little tired. A quick google lead me to new (at least to me) default Webmin theme; "Authentic". It's quite attractive IMO and very functional.
  • So for this release we have dropped "StressFree" in favour of "Authentic". The new theme provides a responsive layout so will render well on mobile devices (one of the complaints against StressFree). It also provides a handy system resource usage dashboard. It does use a few more resources, so users of lower resource servers may find it a little slow. But we hope that most TurnKey users find the improved look and functionality outweigh any downsides. Those who prefer the lower resource usage of "StressFree", or just prefer it's simplicity will be pleased to hear that "StressFree" is still packaged and can easily be installed via apt. Please see the docs for details.
  • We have it configured it to open by default to the TKLBAM initialization module/page. But that can be easily changed (e.g. to the system resource dashboard). Please see the docs for details of that too.
  • Reproducible Packages:
  • For those that are unaware, in recent years, Debian has embarked on a Reproducible Builds initiative. In a nutshell, Debian aims to make all binary packages byte-for-byte reproducible. In other words, you can build the package locally from source and it should EXACTLY match the binary package (of the same version) that you can download via apt. This has massive security benefits, in that users no longer need to trust the package distribution system. Users can verify that the binary package installed on their system is built from the source code available to view on the Debian version control system. This makes Debian an unlikely target for compiler level attacks, such as XcodeGhost (a MacOS/iOS malware distribution system implemented via hacked compiler).
  • Debian note that they do not yet have full coverage, but according to the latest stats they have made significant progress. As I write this, over 94% of the packages in (64 bit) Debian Stretch are reproducible! As security fans, we asked one of the reproducible build experts, and current Debian Project Leader, Chris Lamb to work his reproducible magic on our packages! There are still a couple of packages that haven't had the attention, but most (if not all) of the TurnKey packages installed on TurnKey servers should currently be reproducible. Please feel free to test them out yourself, and if you notice anything amiss (e.g. a package that is not reproducible), please open a new bug on our issue tracker (although perhaps have a quick read of the existing meta issue &/or search first, just in case).
  • Website upgrade (work in progress):
  • As any seasoned TurnKey user should have noticed, the website has had a major refresh with a shiny new responsive theme. Over the last few months, we have been tidying up a few minor flaws and imperfections, but we're almost there. As part of the v15.0 release, I also plan on tidying up the appliance pages a little. Part of that will involve updating the appliance page text itself, but also some of the other components.
  • Many noticed that for v14.2 the changelogs weren't updated. That was due to the backend update semi-automation scripts broke with the update to a newer Drupal version. The scripts have now been updated to work with the current Drupal version we use so should be fully functional again. As such, I aim to get the website changelogs back up to date for the v15.0 release [see update below]. It's also worthy of note that many/most of the screenshots are old and outdated. I hope to fix that too as the release progresses - although it may be a little slower than ideal. [update] v14.2 changelogs have (finally) been uploaded and the v15.0 changelogs for the appliances released so far are now available.
  • Plus much more:
  • As noted in the v15.0RC release announcement, there are numerous other updates, changes and fixes that have been applied in v15.0. Some specific to individual appliances, some more general TurnKey tweaks. I had intended to provide more details of them in this blog post but it has already grown much larger than I had intended. So I'll aim to highlight and discuss some of them in the announcements of future stages of the release and/or in their own blog posts. In the meantime, I'll simply restate those previously mentioned (that I haven't already mentioned above):
  • Use of new union filesystem (running live and in TKLDev) OverlayFS - new default in Stretch; v14.x and earlier used auFS
  • Updates for Confconsole; Let's Encrypt module
  • Webmin - Update to latest v1.881 (plus new default theme: 'Authentic' - as noted above)
  • Webshell - now using Debian's package (rather than our own fork)
  • SystemD now default init system on all builds (SysvInit was still used on some v14.x builds)
  • Security hardening - courtesy of long time TurnKey contributor; John Carver, we have some nice hardening tweaks, including security improvements to: postfix, ssh & kernel sysctl variables/options (plus easy way to disable kernel hardening)
  • Inclusion of fail2ban - only an MVP implementation protecting SSH, but it's a start!

New in TurnKey Core Live CD 14.0 (Sep 18, 2015)

  • Adminer (replaces PHPMyAdmin & PHPPgAdmin):
  • Troubles forcing the Debian Jessie version of PHPMyAdmin to stay bound to port 12322 (without hardcoding a full URL) lead me to consider Adminer (as suggested on the tracker). Following some testing we decided to go for it. No sooner had the decision been made; community superstar Ken Robinson (@DocCyblade | TKL) swung into action and took the project on!
  • Hardened default SSL/TLS settings:
  • After the SSL troubles of the last year or so, default webserver settings have been slowly getting better. However nowhere near good enough for community powerhouse John Carver (@Dude4Linux | TKL). John took it upon himself to drive the hardening of default TurnKey webserver SSL settings (technically TLS settings as all versions of SSL are now disabled).
  • The result is that now TurnKey appliances have Webmin and Webshell hidden behind stunnel (TLS only) and the 3 webservers we use across appliances (Apache, LigHTTPd & Nginx) are all configured to use consistent hardened TLS cipher suite and settings. Tomcat too has hardened TLS settings for v14.0.
  • Security & System Alerts:
  • For a long time TurnKey appliances have been auto installing security updates. But have you ever wondered what has been updated and when? Well wonder no more! TurnKey appliances will now alert you via email when updates have been installed. This should make questions of "am I vulnerable to such-and-such?" much easier to answer.
  • TurnKey v14.0 appliances also include a minimalist monitoring system (Monit) which also alerts via email when RAM, CPU and/or HDD limits are hit (75%, 90% & 90% respectively). The email address for all these features can be set at firstboot. As a bonus you will also be automatically subscribed to TurnKey's "Security and News Alerts" email list. This is a very low traffic e-newletter which will only email you with important security and/or news announcements. You can unsubscribe at any time if you'd rather not.

New in TurnKey Core Live CD 14.0 RC1 (May 14, 2015)

  • TurnKey Backup and Migration (tklbam):
  • No longer requires TurnKey Hub or even a network connection.
  • Ability to force a profile.
  • Increased robustness of MySQL backup/restore.
  • Improved logging (output in realtime, exceptions, rotation).
  • Usability improvments (more verbose, self-documenting).
  • Improved --debug behaviour.
  • Multiple bugfixes and improvements
  • Web management console (webmin):
  • Upgraded webmin to 1.740.
  • Configured SSL to resolve Poodle vulnerability.
  • Web shell (shellinabox):
  • Served behind stunnel4 to resolve Poodle vulnerability.
  • Bugfix: only one line displayed on mobile device (ie. ipad).
  • Initialization hooks (inithooks):
  • Kernel upgrade on firstboot will trigger a reboot.
  • TurnKey initialization fence HTTPS encryption warning explanation.
  • Improved SSH key regeneration.
  • New hooks added: hostname, autogrow-fs, ipconfig.
  • Added autogrow filesystem hook.
  • Added IP configuration hook.
  • Added support for systemd.
  • Configuration console (confconsole):
  • Added support for systemd.
  • Installer (di-live):
  • Updated to support Debian 8.0, version bump to 0.9.5.
  • Upgraded partitioner with latest d-i upstream code.
  • Removed alignment tags which are not interpreted by debconf.
  • Updated build-depends and recommends.
  • Added support for systemd.
  • Miscallaneous:
  • systemd: set as default init system.
  • ssl/ssh: lots of security improvements.
  • openssh-server: configured to permit root login with password.
  • vim-tiny: set as alternative for vim instead of symlink.
  • sources.list: updated cdn.debian.net to http.debian.net.
  • udhcpc: added support for /32 IPv4 subnets.
  • bashrc: added missing aliases for color terms.
  • iso-hybrid: ISO images are pre-processed for USB flash booting.
  • gfxboot: updated to support newer syslinux version.
  • busybox-initramfs: custom built enabling initramfs support.

New in TurnKey Core Live CD 12.1 (Jun 8, 2013)

  • Upgraded base distribution to Debian Squeeze 6.0.7.
  • Available in both 32-bit (i386) and 64-bit (amd64) architectures.
  • TurnKey Backup and Migration (tklbam):
  • Fixed MySQL deserialization code (duplicated last element in row if > 1MB).
  • Fixed keypacket AES cipher initialization required as of python-crypto 2.6.
  • Added jitter to tklbam-backup cron job.
  • Refactored to use pycurl-wrapper's new API class.
  • TurnKey Configuration Console (confconsole):
  • Fixed multiple network interface support (LP#1045320).
  • Added support for --usage (no advanced menu options).
  • Replaced kbd recommendation with console-tools | console-utilities.
  • TurnKey Initialization Hooks (inithooks):
  • Implemented turnkey-init-fence for headless deployments.
  • Re-implemented turnkey-init in Python.
  • Display confconsole usage as last screen of turnkey-init.
  • Improved hooks sub-execution and handling of CTRL-C.
  • Imported common hooks from overlay into package.
  • Limit paragraph width for better UX.
  • Replaced kbd dependency with console-tools | console-utilities.
  • Web management console (webmin):
  • Upgraded webmin to 1.620.
  • New version includes new ISCSI modules and a gray theme.
  • Web shell (shellinabox):
  • Support new keycodes (dash, underscore) used by firefox 15+ (LP#1104164).
  • Install available options as is without renaming or enabling.
  • Enable default options (white-on-black, color) postinst.
  • Fixed broken packaging of stray option styling files.
  • Fixed colors to support dialog interfaces.
  • TurnKey Python Library (turnkey-pylib):
  • Multiple improvements to Parallelize and Command modules.
  • Added 20 new modules.
  • Bugfixes and tweaks:
  • packages: added curl (generically useful).
  • packages: acpi-support-base (handle acpi events - LP#101194).
  • apt: replaced auto-apt-archive with Debian's CDN mirror network.
  • apt: updated trusted.gpg.d/$release to $distro.
  • apt: removed ubuntu trusted key.
  • bash: improved bashrc whitespace support (LP#932388).
  • bash: added useful git aliases (see ~/.bashrc.d/git).
  • di-live: updated architecture config and bootloader depends.
  • di-live: replaced kbd recommendation with console-tools | console-utilities.
  • busybox-initramfs: custom built enabling initramfs support.
  • casper: updated path_id execution per udev changes.
  • sshd: disabled dns checks (if resolution fails will prevent logins).
  • motd: tweaked configuration to support upcoming Wheezy release.
  • pycurl-wrapper: added timeout support, created new API class.
  • hubdns: increased jitter, refactored to use pycurl-wrapper's API class.

New in TurnKey Core Live CD 13.0 RC (Jan 17, 2013)

  • This is a release candidate of TurnKey Core 13 based on Debian 7.0 ("Wheezy")- the upcoming version of Debian, which hasn't officially been released bu shouldn't be too far off.
  • 64-bit support: TurnKey Core 13RC is available in both 32bit and 64bit versions. This means we can now guarantee that TurnKey 13 will come with 64-bit support. The wait for is nearly over. To be honest lack of 64-bit support been a nagging source of embarrassment for TurnKey for quite a while now. A significant 66% of users said this was "Very important" to them.

New in TurnKey Core Live CD 11.1-lucid-x86 (Jan 25, 2011)

  • Upgraded base distribution to Ubuntu 10.04.1 LTS.
  • No more chimeras (mixing of packages from Debian/ubuntu).
  • Installer (di-live):
  • Added LVM support, with guided partitioning supported in di-live, and webmin module for convenience.
  • Guided partitioning of root volume will default to 90% of volume group to support LVM snapshots out of the box.
  • Moved appliance secret regeneration, configuration, setting of passwords to inithooks to run on firstboot.
  • Installation media will be ejected and a message displayed to remove media after successful installation.
  • Warning messages will be logged instead of inline (caused a bad user experience).
  • Upgraded di-live to latest version compatible with Lucid.
  • Initialization Hooks (inithooks):
  • Setting of passwords and configuration is now done on firstboot.
  • Application specific configuration (passwords, email, domain) is now supported putting an end to default settings.
  • This supports all build targets such as VM builds, and most run in live-mode (convenience, consistent user-experience).
  • Includes auto-apt-archive to configure the closest APT package archive, determined via the TurnKey Hub GeoIP service.
  • All relevant inithooks can be preseeded, refer to: http://www.turnkeylinux.org/docs/inithooks
  • Configuration Console (confconsole):
  • /etc/confconsole/usage.txt has been replaced with services.txt
  • The usage screen is now updated dynamically for simpler management and customization.
  • Updated bootsplash menu:
  • Install to hard disk - default, moved to first option.
  • Live system -> Try without installing (Live CD demo mode).
  • Removed Boot from first hard disk.
  • Display system info in motd, as well non-persistent mode warning (motd).
  • NTP configured with recommended pool servers and to cope with large time drifts.
  • Setting of LANG in /etc/default/locale.
  • Packages:
  • Includes TKLBAM (TurnKey Backup and Migration) + new Webmin module.
  • Includes etckeeper initialized on firstboot (using git-core).
  • Includes logrotate for automatic log rotation.
  • Configured APT to not install recommends by default.
  • Upgraded webmin to 1.520 and default theme.
  • Upgraded shellinabox to 2.10, set default theme to white-on-black.
  • Customized bashrc and bashrc.d scripts.
  • Includes bash-completion (very useful addition for cli).
  • Includes iproute (ipv6 provisoning).
  • Includes acpid (support hypervisor reboot/power down signals).
  • Replaces host with bind9-host (deprecated).
  • Replaces sysklogd and klogd with rsyslog (inline with Ubuntu).
  • Grub2 (grub-pc) pre-configuration (verbose, timeout, console).

New in TurnKey Core Live CD 2009.10-hardy-x86 (Oct 25, 2009)

  • Upgraded base distribution to Ubuntu 8.04.3 LTS.
  • Added shell-in-a-box to provide web shell access (listening on port 12320 - uses SSL).
  • Added inithooks to execute firstboot/everyboot scripts, for example regenerating cryptographic keys on live boot:
  • SSH keys.
  • Default SSL certificate (used by Webmin, Apache, Lighttpd).
  • Upgraded Webmin to 1.490 and default theme.
  • Disabled Webmin scheduled updates (managed by APT)
  • New versions of confconsole and di-live include many improvements and bugfixes (see their respective release notes for details).
  • Implemented APT pinning downgrade workaround (LP#315175).
  • Added a few generically useful packages (unzip: LP#356099, ethtool).
  • Added IPv6 configuration to /etc/hosts.