changelog

turnkey-core-16.1 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian 10.8/Buster.

  * Configuration console (confconsole):

    - Improvements to networking robustness and error reporting - allow setting
      up of previously unconfigured or even to some extent misconfigured
      networking - closes #1457.
    [ Stefan Davis & Jeremy Davis ]
    - Catch socket.gaierror in Mail Relaying - closes #1472.
    [ Stefan Davis ]
    - Fixed Confconsole stacktrace - closes #1478.
    [ Stefan Davis ]
    - Support copy/paste in Confconsole - closes #1545.
    - Option to change default auto secupdates issue resolution - closes
      #1536.
    - Include confconsole plugin to allow configuration of confconsole
      autostart - closes #1561.
    - Fix Let's Encrypt staging server URL in config - closes #1497.
    - (Apps with MySQL/MariaDB only) Confconsole perf and info schema install
      option - closes #1429.

  * Firstboot Initialization (inithooks):

    - Add option to turnkey-init to launch full confconsole when finished.
    - Improve customization re password complexity and blacklisted chars.
    - Improve help text and remove buggy code causing issues in LXC
      containers - closes #1451.
    - Only launch Confconsole at end of run on non-headless builds.
    - Provide systemd service file for turnkey-init-fence.

  * Web management console (webmin):

    - Updated Webmin to v1.970.
    - Improved service to make more robust (particularly within LXC) - closes
      #1480.
    - Set iptables-legacy as default so webmin-firewall works as expected -
      closes #1488.
    - (Apps with MySQL/MariaDB/webmin-mysql only) Default MySQL user 'adminer'
      (when 'webmin-mysql' module installed) - closes #1529.

  * Hub Domains client (hubdns):

    - Fixed server DNS mapping not updated on IP change - closes #1508.

  * Misc bugfixes & feature implementations:

    - Add alert for RUN_FIRSTBOOT in MOTD - closes #1129.
    - Fix MOTD/turnkey-sysinfo if no network interfaces discovered - closes
      #1461.
    - Make root:root & 755 ownership/permissions of /usr/local default -
      closes #1440.
    - Improve 'stunnel4@.service' systemd service template to resolve issues -
      closes #1513.
    - Provide (optional) 'eth1' interface configured as "hotplug" - closes
      #1492.
    - (LAMP/LAPP based apps) Only install composer on apps that explicitly
      use it, or where it makes sense (e.g. LAMP & LAPP will include it) -
      closes #1563.
    - (Apps with Composer only) Provide turnkey-composer wrapper script so
      it's easy to not run composer as root - closes #1539.
    - (Apps with Composer only) Automatically clear Composer cache and
      shallow clone composer installed deps - closes #1541.
    - (Apps with PHP only) Remove deprecated opcache.fast_shutdown option from
      config - closes #1538.
    - (Apps with Adminer only) Give grant privileges to adminer MySQL/MariaDB
      user- closes #1496.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Fri, 12 Feb 2021 15:12:49 +1100

turnkey-core-16.0 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian 10.3/Buster.

  * TurnKey Backup and Migration (tklbam):

    - Fix paths with spaces not working in overrides - closes #1403.
    [ Stefan Davis ]
    - Package and dependencies rebuilt against Debian 10.3/Buster.
    [ Jeremy Davis ]

  * Configuration console (confconsole):

    - Migrate code to python3, use default Debian dialog & python3-dialog
      packages (no longer packaging our own forks).
    - LE plugin: Completely refactor add-water.
    - Networking: Add warning when changing ip inside an ssh session.
    [ Stefan Davis ]
    - No longer run as separate service (launched at first boot by inithooks).
    - LE plugin: Improve Dehydrated cron job - closes #912.
    - LE plugin: Backup domains.txt if it exists so can be manually restored
      if desired. Part of #1365.
    - LE plugin: Ensure that ACME v2 API endpoint is used everywhere. Part of
      #1365.
    - DH params plugin: New plugin for v16.0; update/improve Diffie-Hellman
      parameters bit size. Closes #575. Part of #1432.
    - Mail relay plugin: Allow unauthenticated SMTP relay. Closes #844.
    - Mail relay plugin: Refactoring, improved error handling. Closes #1434.
    [ Jeremy Davis ]
    - All plugins updated to python3 and update python-dialog/dialog usage.
    - Hostname plugin: Do some validation and bugfix implementation. Closes
      #845.
    [ Stefan Davis & Jeremy Davis ]

  * Firstboot Initialization (inithooks):

    - Migrate code to python3.
    [ Stefan Davis ]
    - Migrate TLS/SSL inithooks from common/overlay into inithooks package.
    - Leverage (refactored/extended) turnkey-make-ssl-cert script to also
      generate Diffie-Hellman parameters. Part of #1432.
    - Option to launch full Confconsole on completion (defaults to minimal).
    - Fix error message when password complexity = 4 in dialog_wrapper
      (previous message was misleading).
    - Add support for blacklisted characters when setting password via
      dialog_wrapper.
    [ Jeremy Davis ]

  * Web management console (webmin):

    - Upgraded webmin to v1.941
    - Developed improved systemd webmin.service file.
    - Individual Webmin stunnel config - easier to disable/enable Webmin &
      Webshell independently.
    [ Jeremy Davis ]

  * Web shell (shellinabox):

    - Individual Webshell stunnel config - easier to disable/enable Webmin &
      Webshell independently.
    [ Jeremy Davis ]

  * Installer (di-live):

    - Migrate code to python3.
    - Update Debian Installer source components (from Debian d-i source).
      Closes #412.
    - Leverage Debian Live Tools for running live and installing (no longer
      requires casper and busybox-initramfs).
    - Other major refactoring.
    [ Jeremy Davis ]

  * Live environment:

    - Leverage Debian default live environment (casper and alternate busybox
      package no longer required; built on default Debian packages; live-tools
      & live-boot). Closes #942.
    [ Jeremy Davis ]

  * Miscellaneous:

    - ssh-server: Relax SSH config slightly to reduce issues with fail2ban -
      closes #1398.
    - hubtools: Fix hub-list-backups - closes #1173.
    - turnkey-make-ssl-cert: support (re)generation of Diffie-Hellman
      parameters. Part of #1432.

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Tue, 07 Apr 2020 18:44:24 +1000

turnkey-core-15.0 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian 9.4/Stretch.

  * TurnKey Backup and Migration (tklbam):

    - package and dependencies are now reproducible (security)
      [ Chris Lamb ]
    - backup update fix - new dependency for Stretch; gnupg (closes #962)
      [ Ken Robinson ]
    - restore update fix - ensure patches are applied to tklbam-squid source
      code (TurnKey squid fork) (closes #970)
      [ Ken Robinson (troubleshooting) & Chris Lamb (fix) ]

  * Installer (di-live):

    - package is now reproducible (security)
      [ Chris Lamb ]
    - fix di-live failing to install from live system (closes #1041)
      [ Stefan Davis ]

  * Live environment (casper):

    - package is now reproducible (security)
      [ Chris Lamb ]
    - update to support overlayFS (default layering filesystem in stretch)
      [ Stefan Davis ]

  * Configuration console (confconsole):

    - general:
      - package is now reproducible (security)
        [ Chris Lamb ]

    - Networking:
      - fix for static IP not sticking (since upgrade to stretch base)
        (closes #952)

    - Let's Encrypt plugin:
      - install 'dehydrated' (ACME client) from Debian main repo (previously
        installed from jessie-backports)
      - significant refactoring of plugin
      - support for multiple domains (closes #843)
      - fix for updated ACME ToS; including dynamically discovered latest ToS;
        inc dialog display of url for current ToS (closes #976)
      - update dialog and readme for Debian Stretch (closes #1061)
        [ Stefan Davis ]

  * Firstboot Initialization (inithooks):

    - Updates for headless builds especially LXC/Proxmox & Xen:
      - include specific inithooks-lxc.service file - initialization systemd
        service that works reliably inside an LXC container (and doesn't effect
        other builds) (closes #1071)
      - include specific inithooks-xen.service file - initialization systemd
        service that works reliably with the Xen console (and doesn't effect
        other builds)
      - force non-interactive dpkg-reconfigure of openssh-server (closes #1085)
      - updated initfence index page to note that webshell not available
        (closes #1087)
      - fix edge case bug where turnkey-sudoadmin would incorrectly adjust
        services.txt (closes #1124)

  * Web management console (webmin):

    - upgraded webmin to v1.881
    - package is reproducible (no changes required) (security)
    - resolve stretch related install problem (closes #920)
      [ Ken Robinson ]
    - new default theme, uses upstream default; 'Authentic' (closes #781)
    - TurnKey theme customizations; TurnKey logos, default to show TKLBAM
      module on login
    - remove webmin-file (java based filemanager) module (closes #965)
    - remove webmin-texteditor module (upstream)
    - include webmin-fail2ban module
    - add convenience symlinks to useful Webmin logs (in /var/log/webmin)
    - reconfigure webmin-raid & webmin-lvm modules during build (workaround
      for #1091)

  * TurnKey AMQ (tklamq) - only applies to Hub builds:

    - python-carrot deprecated, move to dependency on python-kombu

  * Web shell (shellinabox):

    - install v2.20 direct from Debian main repo (no longer maintaining our
      own fork) (closes #918)
    - version from Debian displays ncurses dialog properly (closes #317)
    - white on black default webshell (aka shellinabox) theme (closes #1060)

  * Security hardening:
    [ John Carver ]

    - default config mods for:
      - postfix
      - ssh
      - kernel sysctl variables
        - inc easy option to override (via /etc/sysctl.conf)

  * Optimized builds (buildtasks):

    - VM builds (OVA & VMDK):
      - include open-vm-tools-dkms & linux-headers-amd64 in base builds (closes
        #1001)
        [ Stefan Davis ]

  * Miscellaneous:

    - update to support overlayFS (default layering filesystem in stretch)
    - default to systemd init system for all builds
    - use traditional network interface names, e.g. 'eth0' (disable stretch
      default of "Predictable Network Interface Names")
    - 'dpkg-vendor --query Vendor' now returns 'TurnKey` (closes #196)
    - include fail2ban in all appliances (closes #630 & #991)
      - MVP uses default Debian conf, protects SSH only
    - use http://deb.debian.org as Debian url in sources.list - as
      recommended by Debian (closes #927)
    - upstream fix for MOTD not being updated dynamically (closes #1024)
      [ Stefan Davis ]

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Tue, 19 Jun 2018 12:35:59 +1000

turnkey-core-14.2 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian Jessie 8.7.

  * Webmin (web based administration):

    - Update to 1.831 (includes fix for [#493]).

  * Confconsole (configuration console - console based admin):

    - significant refactoring to support "Advanced" plugins [#369].
    - Included new plugins:

      - Region Config >> Locales/Keyboard/Tzdata [#14, #38, #746, 
        #770, #771].
      - Proxy Settings >> Apt proxy [#203].
      - System Settings >> Set hostname [#180, #450, #765, #795].
      - Mail relay - SMTP email relay config [#482].
      - Let's Encrypt SSL certs (via Dehydrated) [#546, #766, #767].

        - includes install of dehydrated (from jessie-backports).

  * Inithooks (firstboot initialization):

      - make secalerts more robust [#532].
      - password complexity requirements explicitly stated [#556].

  * di-live (TurnKey installer):

      - resolved LVM install bug [#782].
      - di-live - reordered install options so install to LVM is 
        default [#791].

  * TKLBAM (backup and migration tool):

      - various bugfixes and improvements.

  * miscellaneous:

      - tweaked turnkey-make-ssl-cert for improved code styling and
        functionality.
      - fixed Monit configuration [#603].
      - update default apt URLs to httpredir.debian.org [#742].
      - removed core package from all builds (except core) [#762].
      - improved default vim-tiny config [#763].

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Wed, 29 Mar 2017 12:41:10 +1100

turnkey-core-14.1 (1) turnkey; urgency=low

  * Installed all Debian security updates.

  * Installed updated packages from TurnKey repo
    - Webmin - Update to 1.780 [#496].
    - Webmin - Install new HTML5 file manager.
    - Confconsole - now handles bridged LXC net config.
    - Inithooks - email regex now less demanding [#155].
    - Inithooks - ssh message on root login attempt (under sudoadmin)
      to a TKL EC2 instance like Debian does [#541].
    - Inithooks - improved container fence firstboot console output [#570].

  * turnkey-make-ssl-cert now leaks the least amount of info possible 
    [#572].

 -- Jeremy Davis <jeremy@turnkeylinux.org>  Thu, 25 Feb 2016 00:28:44 +1100

turnkey-core-14.0 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian Jessie 8.1.

  * TurnKey Backup and Migration (tklbam):

    - No longer requires TurnKey Hub or even a network connection.
    - Ability to force a profile.
    - Increased robustness of MySQL backup/restore.
    - Improved logging (output in realtime, exceptions, rotation).
    - Usability improvements (more verbose, self-documenting).
    - Improved --debug behavior.
    - Multiple bugfixes and improvements
      https://github.com/turnkeylinux/tklbam/blob/master/docs/RelNotes-1.4.txt

  * Web management console (webmin):

    - Upgraded webmin to 1.760.
    - Served behind stunnel4 for improved SSL.

  * Web shell (shellinabox):

    - Served behind stunnel4 for improved SSL.
    - Bugfix: only one line displayed on mobile device (i.e. ipad).

  * Initialization hooks (inithooks):

    - Kernel upgrade on firstboot will trigger a reboot.
    - TurnKey initialization fence HTTPS encryption warning explanation.
    - Improved SSH key regeneration.
    - Added system notifications and critical security alerts hook.
    - Added turnkey-sudoadmin (configure system to use sudo admin user).
    - Added hostname configuration hook.
    - Added autogrow filesystem hook.
    - Added IP configuration hook.
    - Added support for systemd.

  * Configuration console (confconsole):

    - Added support for systemd.

  * Installer (di-live):

    - Updated to support Debian 8.0, version bump to 0.9.5.
    - Upgraded partitioner with latest d-i upstream code.
    - Removed alignment tags which are not interpreted by debconf.
    - Updated build-depends and recommends.
    - Added support for systemd.

  * Miscellaneous

    - monit: added cpu/ram/swap/disk alerts.
    - systemd: set as default init system.
    - ssl/ssh: lots of security improvements.
    - openssh-server: configured to permit root login with password.
    - vim-tiny: set as alternative for vim instead of symlink.
    - sources.list: updated cdn.debian.net to http.debian.net.
    - udhcpc: added support for /32 IPv4 subnets.
    - bashrc: added missing aliases for color terms.
    - iso-hybrid: ISO images are pre-processed for USB flash booting.
    - gfxboot: updated to support newer syslinux version.
    - busybox-initramfs: custom built enabling initramfs support.

 -- Alon Swartz <alon@turnkeylinux.org>  Thu, 27 Aug 2015 18:32:27 +0300

turnkey-core-13.0 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian Wheezy 7.2.

  * TurnKey Backup and Migration (tklbam):

    - Added PostgreSQL database support.
    - Added MySQL support for views and triggers.
    - Added --raw-upload and --dump options to backup.
    - Added --raw-download and --simulate options to restore.
    - Added "inspect" state to hooks mechanism.
    - Multiple backup and restore bugfixes and improvements.
      https://github.com/turnkeylinux/tklbam/blob/master/docs/RelNotes-1.3.txt

  * Web management console (webmin):

    - Upgraded webmin to 1.630.
    - New version includes new BSDfdisk modules.

  * Bugfixes and tweaks:

    - busybox-initramfs: custom built enabling initramfs support.
    - resolvconf: set resolver timeout to 1 second (useful when offline).

 -- Alon Swartz <alon@turnkeylinux.org>  Thu, 10 Oct 2013 13:56:25 +0300

turnkey-core-12.1 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian Squeeze 6.0.7.

  * Available in both 32-bit (i386) and 64-bit (amd64) architectures.

  * TurnKey Backup and Migration (tklbam):

    - Fixed MySQL deserialization code (duplicated last element in row if > 1MB).
    - Fixed keypacket AES cipher initialization required as of python-crypto 2.6.
    - Added jitter to tklbam-backup cron job.
    - Refactored to use pycurl-wrapper's new API class.

  * TurnKey Configuration Console (confconsole):

    - Fixed multiple network interface support (LP#1045320).
    - Added support for --usage (no advanced menu options).
    - Replaced kbd recommendation with console-tools | console-utilities.

  * TurnKey Initialization Hooks (inithooks):

    - Implemented turnkey-init-fence for headless deployments.
    - Re-implemented turnkey-init in Python.
    - Display confconsole usage as last screen of turnkey-init.
    - Improved hooks sub-execution and handling of CTRL-C.
    - Imported common hooks from overlay into package.
    - Limit paragraph width for better UX.
    - Replaced kbd dependency with console-tools | console-utilities.

  * Web management console (webmin):

    - Upgraded webmin to 1.620.
    - New version includes new ISCSI modules and a gray theme.

  * Web shell (shellinabox):

    - Support new keycodes (dash, underscore) used by firefox 15+ (LP#1104164).
    - Install available options as is without renaming or enabling.
    - Enable default options (white-on-black, color) postinst.
    - Fixed broken packaging of stray option styling files.
    - Fixed colors to support dialog interfaces.

  * TurnKey Python Library (turnkey-pylib):

    - Multiple improvements to Parallelize and Command modules.
    - Added 20 new modules.

  * Bugfixes and tweaks:

    - packages: added curl (generically useful).
    - packages: acpi-support-base (handle acpi events - LP#101194).

    - apt: replaced auto-apt-archive with Debian's CDN mirror network.
    - apt: updated trusted.gpg.d/$release to $distro.
    - apt: removed ubuntu trusted key.

    - bash: improved bashrc whitespace support (LP#932388).
    - bash: added useful git aliases (see ~/.bashrc.d/git).

    - di-live: updated architecture config and bootloader depends.
    - di-live: replaced kbd recommendation with console-tools | console-utilities.

    - busybox-initramfs: custom built enabling initramfs support.
    - casper: updated path_id execution per udev changes.

    - sshd: disabled dns checks (if resolution fails will prevent logins).
    - motd: tweaked configuration to support upcoming Wheezy release.
    - pycurl-wrapper: added timeout support, created new API class.
    - hubdns: increased jitter, refactored to use pycurl-wrapper's API class.

  * Latest versions of all packages will be installed during build.

 -- Alon Swartz <alon@turnkeylinux.org>  Wed, 03 Apr 2013 08:00:00 +0200

turnkey-core-12.0 (1) turnkey; urgency=low

  * Upgraded base distribution to Debian Squeeze 6.0.5.

    - Support for dependency based boot sequence (insserv).
    - Default ISO Kernel 2.6-686 (TKL Core Lenny was 486).

  * TKLBAM (backup and migration):

    - Upgraded to latest version of TKLBAM (see changelog for details, below
      are some of the highlights).
    - Added embedded squid download cache support.
    - Added backup resume functionality.
    - Added support for multipart parallel uploads to S3.
    - Upgraded duplicity and python-boto.
    - Multipart parallel S3 uploads.
    - Fixed root cause of MySQL max packet issue (bugfix).

  * Installer (di-live):

    - Upgraded di-live to latest version compatible with Squeeze.
    - Misc bugfixes and tweaks.

  * Boot (bootsplash and grub):

    - Upgraded bootsplash generation to be compatible with Squeeze.
    - Removed bootsplash unused panel options and extraneous files.
    - Tweaked grub default timeouts (hidden_timeout=0, timeout=3).

  * Locale:

    - Set default locale to en_US.UTF-8 (was en_GB).
    - Updated locale configuration for compatibility with Squeeze.
    - Includes localepurge (pre-configured and initialized).

  * Web management console (webmin):

    - Upgraded webmin to 1.590 and default theme.
    - Disabled inline webmin upgrades (managed by APT).
    - Moved history logging to /var/webmin (incorrect use of /etc).

  * Web shell (shellinabox):

    - Upgraded shellinabox to 2.14.

  * Bugfixes and tweaks:

    - Fixed LSB compatibility (di-live, inithooks, confconsole) [LP#700399].
    - Added support for spaces in bashrc promptpath [LP#932388].
    - Replaced APT trusted.db with trusted.gpg.d/$distro.
    - Added bashmarks (super useful bash bookmarking).

    - Removal of log files generated during build.

    - inithooks: Improved headless deployment (REDIRECT_OUTPUT directive).
    - etckeeper: Uninitialization post build and firstboot (turnkey-init).
    - resolvconf: Removed upstart hack (not relevant on Squeeze).
    - confconsole: Miscellaneous bugfixes and refactoring.
    - install-security-updates: Wrapper script for convenience.

 -- Alon Swartz <alon@turnkeylinux.org>  Wed, 01 Aug 2012 08:00:00 +0200

turnkey-core-11.3 (1) turnkey; urgency=low

  * Installed security updates.
  * Enabled etckeeper garbage collection by default.
  * Upgraded to latest inithooks version (adhoc re-initialization via turnkey-init)

 -- Alon Swartz <alon@turnkeylinux.org>  Mon, 05 Dec 2011 10:48:44 +0000

turnkey-core-11.2 (1) turnkey; urgency=low

  * Installed security updates.
  * Added HubDNS package and firstboot configuration.

 -- Alon Swartz <alon@turnkeylinux.org>  Fri, 15 Jul 2011 07:47:08 +0000

turnkey-core-11.1 (1) turnkey; urgency=low

  * Upgraded base distribution to Ubuntu 10.04.1 LTS.

  * No more chimeras (mixing of packages from Debian/ubuntu).

  * Installer (di-live):

    - Added LVM support, with guided partitioning supported in di-live,
      and webmin module for convenience.
    - Guided partitioning of root volume will default to 90% of volume
      group to support LVM snapshots out of the box.
    - Moved appliance secret regeneration, configuration, setting of
      passwords to inithooks to run on firstboot.
    - Installation media will be ejected and a message displayed to
      remove media after successful installation.
    - Warning messages will be logged instead of inline (caused a bad
      user experience).
    - Upgraded di-live to latest version compatible with Lucid.

  * Initialization Hooks (inithooks):

    - Setting of passwords and configuration is now done on firstboot.
    - Application specific configuration (passwords, email, domain) is
      now supported putting an end to default settings.
    - This supports all build targets such as VM builds, and most run
      in live-mode (convenience, consistent user-experience).
    - Includes auto-apt-archive to configure the closest APT package
      archive, determined via the TurnKey Hub GeoIP service.
    - All relevant inithooks can be preseeded, refer to:
      https://www.turnkeylinux.org/docs/inithooks
          
  * Configuration Console (confconsole):

    - /etc/confconsole/usage.txt has been replaced with services.txt
    - The usage screen is now updated dynamically for simpler management
      and customization.

  * Updated bootsplash menu:

    - Install to hard disk - default, moved to first option.
    - Live system -> Try without installing (Live CD demo mode).
    - Removed Boot from first hard disk.

  * Display system info in motd, as well non-persistent mode warning (motd).

  * NTP configured with recommended pool servers and to cope with large time
    drifts.

  * Setting of LANG in /etc/default/locale.

  * Packages:

    - Includes TKLBAM (TurnKey Backup and Migration) + new Webmin module.
    - Includes etckeeper initialized on firstboot (using git-core).
    - Includes logrotate for automatic log rotation.

    - Configured APT to not install recommends by default.

    - Upgraded webmin to 1.520 and default theme.
    - Upgraded shellinabox to 2.10, set default theme to white-on-black.

    - Customized bashrc and bashrc.d scripts.
    - Includes bash-completion (very useful addition for cli).
    - Includes iproute (ipv6 provisoning).
    - Includes acpid (support hypervisor reboot/power down signals).
    - Replaces host with bind9-host (deprecated).
    - Replaces sysklogd and klogd with rsyslog (inline with Ubuntu).

    - Grub2 (grub-pc) pre-configuration (verbose, timeout, console).

 -- Alon Swartz <alon@turnkeylinux.org>  Sun, 19 Dec 2010 15:01:05 +0200

turnkey-core-2009.10 (2) hardy; urgency=low

  * Installed all security updates (see manifest for package versions).

  * Install security updates on firstboot (except when running live).

  * Trick webmin into not checking for upgrades (managed by apt).

  * Included latest version of inithooks and updated scripts.

  * Included wget as per common request.

 -- Alon Swartz <alon@turnkeylinux.org>  Mon, 29 Mar 2010 09:02:11 +0200

turnkey-core-2009.10 (1) hardy; urgency=low

  * Upgraded base distribution to Ubuntu 8.04.3 LTS.

  * Added shell-in-a-box to provide web shell access (listening on port
    12320 - uses SSL).

  * Added inithooks to execute firstboot/everyboot scripts, for example
    regenerating cryptographic keys on live boot:
    
    - SSH keys.
    - Default SSL certificate (used by Webmin, Apache, Lighttpd).

  * Upgraded Webmin to 1.490 and default theme.

    - Disabled Webmin scheduled updates (managed by APT)

  * New versions of confconsole and di-live include many improvements and
    bugfixes (see their respective release notes for details).

  * Implemented APT pinning downgrade workaround (LP#315175).
  * Added a few generically useful packages (unzip: LP#356099, ethtool).
  * Added IPv6 configuration to /etc/hosts.

 -- Alon Swartz <alon@turnkeylinux.org>  Tue, 29 Sep 2009 15:39:41 +0200

turnkey-core-2009.02 (1) hardy; urgency=low

  * initial public release of the TurnKey Linux "core": it's the basic
    appliance on top of which all TurnKey Linux appliances are now built.

  * upgraded base distribution to Ubuntu 8.04.2 LTS

  * added many generically useful webmin modules:
  
    - network
        - firewall configuration (with example configuration)
        - network configuration

    - system
        - configure time, date and timezone
        - configure users and groups
        - manage software packages
        - change passwords
        - system logs

    - tools
        - text editor
        - shell commands
        - simple file upload/download
        - file manager (needs support for Java in browser)
        - custom commands

  * changed webmin port from 10000 to 12321 (more distinct, easier to type)

  * regenerate cryptographic keys during installation
    
    - SSH keys 
    - default SSL certificate (used by webmin, Apache, lighttpd)

  * configured sshd to permit an empty password in demo/live mode

  * improved package management configuration

    - enabled Ubuntu's Universe component by default (convenience)
    - cron-apt configured to:

        - correctly handle modified conffiles when auto-upgrading (won't hang)
        - only auto-upgrade packages from the security components
        - update the cache for all components 
        - share sources with other interfaces to apt (e.g., apt-get)
        - log to syslog instead of mailing root

  * new versions of confconsole and di-live include many improvements and
    bugfixes (see their respective release notes for details)

  * changed default console font to improve readability of console dialogs
  * added a few generically useful packages (iptables, ntp, nano)
  * updated /etc/network/interfaces to support multiple network interface cards
  * replaced metalog with sysklogd/klogd
  * optimized footprint (rebuilt from bare essentials)
  * added the release package that holds this changelog

 -- Alon Swartz <alon@turnkeylinux.org>  Thu, 29 Jan 2009 14:31:46 +0200