profile
viewpoint
Jeremy Davis JedMeister Turnkey GNU/Linux @turnkeylinux @turnkeylinux-apps Launceston, Tasmania, Australia https://turnkeylinux.org/

issue commentturnkeylinux/tracker

Pool can't install python3-bcrypt on buster

Thanks for posting this @OnGle - considering that you noted that it installs ok with apt, just not when using pool; it certainly sounds like a pool bug...

Hopefully we can put some decent work around in place before the v16.0 release? Although perhaps it will install ok when doing a "normal" build (i.e. after the packages are published to the repo)?! Regardless we should keep this in mind as a potentially useful test case for when/if we upgrade pool to py3.

OnGle

comment created time in a day

issue closedturnkeylinux/tracker

TKLBAM restore overwrites WebMin with Prior versions

I just did a quick install of TKL Joomla3 (reads TKL 15.3). Then ran a TKLBAM Restore from a either 14.0 or 14.1 Joomla3 Install.

Everything went very well Except - the Momentary Showing of new WEBMIN flashed away and WEBMIN became the OLD Webmin when I logged in on port 12321.

Everything else moved well. Data, Certificates etc.

I would expect the WEBMIN and Foundation of TKL 15.x to remain intact and not revert to 14.x.

closed time in a day

l-arnold

issue commentturnkeylinux/tracker

TKLBAM restore overwrites WebMin with Prior versions

Hey @l-arnold

Glad to hear that you worked out the Webmin theme stuff. It's a bit sucky that it doesn't "just work", but I suspect that your experience was because that the old default "Stressfree" theme is not installed by default on v15.x. So I guess when the restored system couldn't use the Webmin theme that it was configured to use, it feel back to some funky old 90s theme (that is possibly bundled by default). Still thanks for noting it here as it's great to be aware of that sort of issue.

Re lack of feedback from TKLBAM in Webmin, as you discovered, the output of Webmin should be the same, regardless of whether it's running in Webmin or the terminal. So perhaps there was just some change in how long it takes before it provides the first feedback in v15.x?

Anyway, I'll close this now as you noted.

l-arnold

comment created time in a day

create barnchturnkeylinux/cdroots

branch : stretch

created branch time in a day

release turnkeylinux/confconsole

v1.1.2

released time in 7 days

created tagturnkeylinux/confconsole

tagv1.1.2

TurnKey Linux Configuration Console

created time in 7 days

push eventturnkeylinux/confconsole

Jeremy Davis

commit sha 5ca3351071c7841a767d6c3cf0864e92edd1833b

Remove install section from add-water.service (so doesn't auto start at boot time).

view details

push time in 7 days

issue commentturnkeylinux/tracker

Install ZoneMinder from 3rd party repo for v16.x

Hey @MPTMG - Lovely to hear from you again! :smile: I hope you are well.

Please feel free to take this one on! :smile:

However, there are a few notes. Apologies if I'm telling you stuff you already know...

Firstly, we'll need to secure the third party repo (as hinted in my post). We use a combo of package pinning and separate gpg keys. There are a few examples I can point to, but Jenkins is one (see here - it could instead be done as an overlay; but conf script is ok too).

Secondly, unfortunately, things are a little choked up with the v16.0 release and we currently don't have all our software published in our repo for v16.x. So there will be a little holdup on that. Hopefully it'll be up soon, but I can't give an ETA. If we don't have it done by early next week, I may look at some alternate path to unblock things...

So there is no pressure to meet your stated/suggested timeline.

please note that the next release of the TUrnKey appliance will be v16.0 (so based on Debian 10/Buster) and unfortunately, the pieces aren't yet in place for end users to build v16.0 appliances just yet.

JedMeister

comment created time in 7 days

issue openedturnkeylinux/tracker

Confconsole - Let's Encrypt - Add-water running at boot up

Following a few recent posts in the forums (namely here and here) it's apparent that the most recent fix for Confconsole's Let's Encrypt plugin still has a bug...

It turns out that somewhere along the line the add-water service (our mini challenge server) is set to start on boot (not what we want at all). So whilst everything works fine when initially installing (as per the release notes), if/when the server is rebooted, add-water will (attempt to) start up. If it starts before the main webserver (which is likely) then it will stop the normal webserver from starting (because port 80 is already in use by add-water).

created time in 7 days

issue commentturnkeylinux/tracker

TKLBAM restore overwrites WebMin with Prior versions

Hi @l-arnold - I'm not sure, but my suspicion is that it's not actually installing an old version of Webmin, just re-enabling the old theme (so it looks like the old Webmin). The theme that Webmin uses is set in the Webmin config and a complete TKLBAM restore will default to using the original (i.e. backed up) config files.

Assuming that I'm right, then I'm not really sure how we could automatically work around that in a sensible way. Although explicitly excluding the webmin config when restoring is pretty straight forward. E.g.:

tklbam-restore --limits="-/etc/webmin"
l-arnold

comment created time in 7 days

issue openedturnkeylinux/tracker

PostgreSQL appliance inithooks fail

@deutrino - FWIW this is a consolidated TurnKey issue tracker. Please post all TurnKey related issues here.

Reposting what you posted in the forums, re the PostgrreSQL appliance:

[...] it hung for a while on first boot. Error message:

[  802.762617] inithooks[336]: Traceback (most recent call last):
[  802.784061] inithooks[336]:   File 
"/usr/lib/inithooks/firstboot.d/25ec2-userdata", line 40, in <module>
[  802.791844] inithooks[336]:     main()
[  802.802152] inithooks[336]:   File 
"/usr/lib/inithooks/firstboot.d/25ec2-userdata", line 28, in main
[  802.818551] inithooks[336]:     userdata = ec2metadata.get('user-data')
[  802.828055] inithooks[336]:   File 
"/usr/lib/python2.7/dist-packages/ec2metadata/__init__.py", line 85, in get
[  802.838756] inithooks[336]:     m = EC2Metadata()
[  802.852056] inithooks[336]:   File 
"/usr/lib/python2.7/dist-packages/ec2metadata/__init__.py", line 32, in 
__init__
[  802.871975] inithooks[336]:     raise Error("could not establish 
connection to: %s" % self.addr)
[  802.893493] inithooks[336]: ec2metadata.Error: could not establish 
connection to: 169.254.169.254

I assume that this was an AWS server? The address 169.254.169.254 is a static IP which should be bonded to all AWS instances and is how you access instance metadata. In this particular case, it appears to have been unable to connect for some reason? Could be a race condition, or it could be some intermittent AWS fault. I recommend that you retry launching again, but this time if possible, in a different zone to the server that failed.

created time in 8 days

push eventJedMeister/turnkey-pylib

Jeremy Davis

commit sha c742b067cb8f0fe5e8cca8248c78fc871cdb9766

Add python-lzma dependency (required by pylib/debinfo.py).

view details

Jeremy Davis

commit sha ff299b078f3d874dba326f3d570eeaddc2a2b67a

Merge branch 'buster-dev'

view details

push time in 14 days

push eventturnkeylinux/turnkey-pylib

Jeremy Davis

commit sha c742b067cb8f0fe5e8cca8248c78fc871cdb9766

Add python-lzma dependency (required by pylib/debinfo.py).

view details

Jeremy Davis

commit sha ff299b078f3d874dba326f3d570eeaddc2a2b67a

Merge branch 'buster-dev'

view details

push time in 14 days

push eventJedMeister/turnkey-pylib

Jeremy Davis

commit sha 422cc82c08ad8cd0e69db812965d7d54590d29d1

some modifications to build buster on stretch (incomplete & not working)

view details

Jeremy Davis

commit sha e50b661e4aae78c4cd085d9855afb20273996619

fixed broken debinfo._extract_control()

view details

Jeremy Davis

commit sha 1867767f969bb86a5d839540b9222be627a39762

Merge pull request #2 from JedMeister/buster-dev Buster dev

view details

push time in 14 days

push eventturnkeylinux/verseek

Jeremy Davis

commit sha 5a2e25da10eeabac1fa5a1724bc385de0ca5a087

Update git-core dependency to be git (git-core transitional package removed in Buster).

view details

Jeremy Davis

commit sha b1bee74b2db49d71a7e8f82f3d5cef3bd14c461b

Merge branch 'buster-dev'

view details

push time in 14 days

delete branch turnkeylinux/verseek

delete branch : jessie

delete time in 14 days

startedmail-in-a-box/mailinabox

started time in 14 days

release turnkeylinux/confconsole

v1.1.1

released time in 15 days

issue commentturnkeylinux/tracker

Redmine 15.2 SVN Repository

All good mate. Glad that we got to the bottom of it.

speedy32129

comment created time in 16 days

issue commentturnkeylinux/tracker

Redmine 15.2 SVN Repository

Hang on, I misunderstood how it's meant to work. After I created a new Redmine project (test-001), it worked for me...

root@redmine ~# ruby /var/www/redmine/extra/svn/reposman.rb --redmine localhost --svn-dir /srv/repos/svn --owner www-data --url file:///srv/repos/svn --key-file /var/www/redmine/api_key --verbose --test
running in test mode
querying Redmine for active projects with repository module enabled...
retrieved 3 projects
processing project git-helloworld (git-helloworld)
	repository for project git-helloworld already exists in Redmine
processing project svn-helloworld (svn-helloworld)
	repository for project svn-helloworld already exists in Redmine
processing project test-001 (test-001)
	repository /srv/repos/svn/test-001 created
	repository /srv/repos/svn/test-001 registered in Redmine with url file:///srv/repos/svn/test-001

To actually create the new SVN repo, you need to omit the --test switch, but I'm only testing so I updated the cron job to also use the --verbose and --test switches; plus changed the time to 1 minute (it's 10 minutes by default). And here's what happened:

.root@redmine ~# cat /etc/cron.d/redmine 
WEBROOT=/var/www/redmine

* * * * * root /usr/local/rbenv/shims/ruby $WEBROOT/extra/svn/reposman.rb --redmine localhost --svn-dir /srv/repos/svn --owner www-data --url file:///srv/repos/svn --key-file $WEBROOT/api_key --verbose 2>&1 >> /var/log/reposman.log

I waited until it ran, then checked the log file:

root@redmine ~# cat /var/log/reposman.log 
running in test mode
querying Redmine for active projects with repository module enabled...
retrieved 3 projects
processing project git-helloworld (git-helloworld)
	repository for project git-helloworld already exists in Redmine
processing project svn-helloworld (svn-helloworld)
	repository for project svn-helloworld already exists in Redmine
processing project test-001 (test-001)
	repository /srv/repos/svn/test-001 created
	repository /srv/repos/svn/test-001 registered in Redmine with url file:///srv/repos/svn/test-001

So it appears to be working as it should...?! Next up, I removed the --test switch. And waited until it ran again. here's the relevant log entry:

querying Redmine for active projects with repository module enabled...
retrieved 3 projects
processing project git-helloworld (git-helloworld)
	repository for project git-helloworld already exists in Redmine
processing project svn-helloworld (svn-helloworld)
	repository for project svn-helloworld already exists in Redmine
processing project test-001 (test-001)
	repository /srv/repos/svn/test-001 created
	repository /srv/repos/svn/test-001 registered in Redmine with url file:///srv/repos/svn/test-001

The subsequent entries all looks like this:

querying Redmine for active projects with repository module enabled...
retrieved 3 projects
processing project git-helloworld (git-helloworld)
	repository for project git-helloworld already exists in Redmine
processing project svn-helloworld (svn-helloworld)
	repository for project svn-helloworld already exists in Redmine
processing project test-001 (test-001)

And if I look in /srv/repos/new-test01/, then there appears to be an SVN repo there:

root@redmine ~# ls -la /srv/repos/new-test01/
total 32
drwxrwxr-x 6 www-data root 4096 Nov 23 01:43 .
drwxr-xr-x 6 vcs      vcs  4096 Nov 23 01:43 ..
-rwxrwxr-x 1 www-data root  246 Nov 23 01:43 README.txt
drwxrwxr-x 2 www-data root 4096 Nov 23 01:43 conf
drwxrwxr-x 6 www-data root 4096 Nov 23 01:43 db
-rwxrwxr-x 1 www-data root    2 Nov 23 01:43 format
drwxrwxr-x 2 www-data root 4096 Nov 23 01:43 hooks
drwxrwxr-x 2 www-data root 4096 Nov 23 01:43 locks
speedy32129

comment created time in 18 days

issue commentturnkeylinux/tracker

Redmine 15.2 SVN Repository

Ok, I've had a quick look and on face value it looks like it should "just work". But when I created a new git repo called test in /srv/repos/git it doesn't seem to see it (so doesn't do anything). So I suspect that there is something I'm missing on how the tool is meant to work and it's requirements... I'm also not super familiar with Redmine either so perhaps my workflow is completely wrong?

So I'll do a little research and find out a bit more about reposman.rb. In the meantime, you could see what it's actually doing (perhaps you're hitting the same thing I am?). Run this from the commandline:

ruby /var/www/redmine/extra/svn/reposman.rb --redmine localhost --svn-dir /srv/repos/svn --owner www-data --url file:///srv/repos/svn --key-file /var/www/redmine/api_key --verbose --test
speedy32129

comment created time in 18 days

issue commentturnkeylinux/tracker

Redmine 15.2 SVN Repository

Hi @speedy32129 - I'll have to have a look for you. It certainly should "just work". Unfortunately it's usually the squeaky wheels that get the oiling... I'll try to have a look at this ASAP. Probably the best place to discuss this would be on our forums or now you're on the Hub, you can hit us up via support (blue icon in the bottom right, or "support link in the top bar).

speedy32129

comment created time in 18 days

push eventJedMeister/youphptube

Jeremy Davis

commit sha 5ba8dd9ae9408ac897b58ac72317ce9ec5928961

Stop youtube-dl update cron job from whinging about the locale in the logs.

view details

push time in 19 days

push eventJedMeister/youphptube

Jeremy Davis

commit sha 77f87abef68f14b07465fe6329649e14f550b92c

Tidied up conf script.

view details

push time in 19 days

create barnchJedMeister/youphptube

branch : nginx-from-source

created branch time in 19 days

startedmitmproxy/mitmproxy

started time in 20 days

issue commentnextcloud/talk-android

Emoticons do not work in chats

Hey @Niemand112233 - Did you ever resolve this? I have come across a similar issue and I'm stumped...

maxlinux2000

comment created time in 20 days

create barnchJedMeister/youphptube

branch : improve-setup

created branch time in 20 days

push eventJedMeister/youphptube

Jeremy Davis

commit sha 2fcdfef0852328282f507c205bf0201aacdea256

add logo and screenshots

view details

Jeremy Davis

commit sha 45a5caeb3ff96532605be04386b0e472ad022aca

fix readme title typo

view details

Jeremy Davis

commit sha 5b073501aa0cfcfda7ceeabe036c2847622eb17f

fix browser redirect loop if IP set as APP_DOMAIN

view details

Jeremy Davis

commit sha c3316d304d49fa8c66b6f579687e7819e10b3f2d

Merge branch 'fix-redirect-for-ip' - part of #1230

view details

MPTMG

commit sha eb997d17abb01d7e9f3816d9cac9d8d5bd2839de

Add Encoder Adding YouPHPTube-Encoder For Processing Recordings

view details

MPTMG

commit sha fe9f4736c504979f670403431f332778eb148142

FixMinor Typos Preventing Build and Config Indent error python and missing directory error (build). Enable encoder site by default.

view details

Jeremy Davis

commit sha 250aecde6c8c48f35e2646a6b734dba66cfd05a8

move Apache port config to conf script

view details

Jeremy Davis

commit sha a39a50082c969023a7f51464c9d6cc8c8ed9a816

shouldn't need to overwrite apache.conf; adjust vhost configs

view details

Jeremy Davis

commit sha 38593c958f102d558dd2f14fe18aa76e47ac2440

bump changelog and tweak readme

view details

Jeremy Davis

commit sha 0d1cd3195dfc8e60d6ccc7573a0fd0d44ea160f5

Merge branch 'mptmg-encoding-addition'

view details

Jeremy Davis

commit sha c3cf628419b583517f433d16784a7cc00c96edb2

finalise changelog for fixes and improvment

view details

push time in 20 days

push eventturnkeylinux/pool

Jeremy Davis

commit sha bf725e97c56b7404a0ca56ca020320a3189d2d11

Fix git dependency (git is now the pkg name).

view details

push time in 20 days

created tagJedMeister/pycurl-wrapper

tagv2.0

Simplified wrapper for python-pycurl

created time in 20 days

push eventJedMeister/pycurl-wrapper

Jeremy Davis

commit sha a974464fa686d57af8c9205ed72215b2a49308ad

ran 2to3 over py files

view details

Jeremy Davis

commit sha 98b92ed32dc03b336e386bb2c687ffc6e524171a

use json from stdlib

view details

Jeremy Davis

commit sha ea03042eefaff29bca49ea0cb10e6c438d83ea6e

adjust debian control and rules to build for py3

view details

Jeremy Davis

commit sha bda0dab950601d445a8969544ecec63203422d3b

setup.py manual 2to3 adjustment

view details

Jeremy Davis

commit sha 837019878319ffb10e333090cb796abb0deb7c23

Merge branch 'python3'

view details

push time in 20 days

fork JedMeister/pycurl-wrapper

Simplified wrapper for python-pycurl

fork in 20 days

created tagturnkeylinux/pycurl-wrapper

tagv1.3

Simplified wrapper for python-pycurl

created time in 20 days

create barnchturnkeylinux/pycurl-wrapper

branch : v1.3

created branch time in 20 days

push eventturnkeylinux/pycurl-wrapper

Stefan Davis

commit sha eb51472c1f78591fddf5469d2007a7c6f95850a5

Updated debian packaging stuff to python3

view details

Stefan Davis

commit sha 386c45e623325afb215668a549772a64b03194d2

Updated python to python3

view details

Stefan Davis

commit sha 4c16cee408798422d6273f960e1786e40e0ef88e

Remove commands usage from setup.py

view details

Stefan Davis

commit sha bc0ea1b59ddd447129093d530b090c2c7e925cf5

Remove usage of file

view details

Stefan Davis

commit sha dd0fa97051592ba33a3449591037782ebfdf1b44

Fix encoding issue

view details

Stefan Davis

commit sha 75a447e8a869b62da923c1e73dad80f33dfa1fdd

Fix some string/bytes mismatches

view details

Jeremy Davis

commit sha f2cd7ebfc444ca767ccc6209aefd0dff7bd769f6

Merge pull request #2 from OnGle/python3 Python3

view details

push time in 20 days

PR merged turnkeylinux/pycurl-wrapper

Python3

Updated to python3 Part of https://github.com/turnkeylinux/tracker/issues/887

+28 -25

2 comments

4 changed files

OnGle

pr closed time in 20 days

create barnchturnkeylinux/hubdns

branch : v1.1

created branch time in 20 days

created tagturnkeylinux/hubdns

tagv1.1

TurnKey Hub Dynamic DNS client

created time in 20 days

push eventturnkeylinux/common

Stefan Davis

commit sha a9a1e98daf359b0b875e2912587ea02d48e42628

Updates for LAPP

view details

Jeremy Davis

commit sha 0d97ccd61d8bd70dfb9e54162792b53f35dba3f4

Merge pull request #142 from OnGle/16-update-lapp Updates for LAPP

view details

push time in 21 days

PR merged turnkeylinux/common

Updates for LAPP

Update postgres inithook to python3 ready for buster

+14 -12

1 comment

1 changed file

OnGle

pr closed time in 21 days

pull request commentturnkeylinux/common

Updates for LAPP

IMO, it'd be good to get rid of use of os.system - and standardise on subprocess (.run/checkout and Popen where required). But we'll leave it be for now...

OnGle

comment created time in 21 days

push eventturnkeylinux/common

Stefan Davis

commit sha 64878cb5e9b6262f68bd6c71a4c617ad919aa56c

Move service wrapper to common systemd-chroot overlay

view details

Stefan Davis

commit sha c1e069ea488a1f9abfed017ea9568781d65e387c

Add generic mysql entry

view details

Stefan Davis

commit sha 2ecb3d3993798b64d8c3d865ba595ab649172bb5

remove now defunct barracuda setting

view details

Stefan Davis

commit sha f2407bf462c0c75a1ade3553da2104397fec4411

Update mysql conf & overlay

view details

Stefan Davis

commit sha 15d6f4c2eb87c913894b1db1310bbefa6447c6cd

Remove executil & ensure python3

view details

Stefan Davis

commit sha eeafd80822d40dae507d4890439d260fc1f4ffbc

Replace file with open

view details

Jeremy Davis

commit sha 6c672bd6efdcb4da59225f5a0850ded557aa2bdf

Merge pull request #141 from OnGle/16-update 16 update

view details

push time in 21 days

PR merged turnkeylinux/common

16 update

Updates required for lamp to build on v16 (buster)

+17 -18

0 comment

6 changed files

OnGle

pr closed time in 21 days

issue closedturnkeylinux/tracker

Odoo 15.2 TKLBAM Backup Profile appears to be missing

I just went to run a backup on a new install of Odoo (TKL 15.2 build) and get the following error:

TurnKey Hub Error: Backup profile archive not found: turnkey-odoo-15.2-stretch-amd64

I'll test on a 14.1 build for comparison. (Update - 14.1 (or 14.2 not sure) did have TKLBAM Profile) 15.2 ODOO was an alternative install which did not have the TKLBAM profile.

closed time in 21 days

l-arnold

issue commentturnkeylinux/tracker

Odoo 15.2 TKLBAM Backup Profile appears to be missing

Hey @l-arnold - That because we never actually built it.

There was a bug which we fixed in the build code (about 4 months ago) but we never actually built it. TBH, it slipped of the radar and when I remembered it, we decided to focus all our attention on v16.0 rather than releasing an updated Odoo.

If you want to build a TKLBAM profile for it, so long as you still have the ISO, you can do that really easily. The tool that does it, is in buildtasks.

So do this:

cd /turnkey/fab
git clone https://github.com/turnkeylinux/tklbam-profiles.git
mkdir -p ~/tklbam-generated-profiles/odoo
cd buildtasks
bin/generate-tklbam-profile --profiles-conf=/turnkey/fab/tklbam-profiles /path/to/iso ~/tklbam-generated-profiles/odoo

Then upload the resulting file to your server, unpack it and when you initialise TKLBAM, use the --profile /path/to/your/new/profile switch.

I hope that helps.

l-arnold

comment created time in 21 days

issue closedturnkeylinux/tracker

Webmin doesn't install on Buster

webmin builds but fails to install on buster tkldev.

The following error occured while attempting to build v16 core on v16 tkldev:

Errors were encountered while processing:
 /tmp/apt-dpkg-install-l4sy93/000-webmin_1.930-turnkey+20+g2919206_all.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
Traceback (most recent call last):
  File "/usr/lib/fab/wrapper.py", line 34, in <module>
    CliWrapper.main()
  File "/usr/lib/python2.7/dist-packages/pyproject.py", line 388, in main
    commands.run(name, args)
  File "/usr/lib/python2.7/dist-packages/pyproject.py", line 261, in run
    command.module.main()
  File "/usr/lib/fab/pylib/cmd_install.py", line 129, in main
    installer.install(packages, ignore_errors)
  File "/usr/lib/fab/pylib/installer.py", line 251, in install
    self._install(packages, ignore_errors, ['--allow-unauthenticated'])
  File "/usr/lib/fab/pylib/installer.py", line 137, in _install
    self.chroot.system("apt-get", *(args + packages))
  File "/usr/lib/python2.7/dist-packages/chroot.py", line 80, in system
    executil.system(*self._prepare_command(*command))
  File "/usr/lib/python2.7/dist-packages/executil.py", line 56, in system
    raise ExecError(command, exitcode)

package built from turnkey master using pool.

closed time in 23 days

OnGle

issue commentturnkeylinux/tracker

Webmin doesn't install on Buster

Awesome, thanks @OnGle

After having a look at the scripts a little myself, I think that they still really require some work.

However, seeing as that isn't really a priority, I've reverted that previous commit, so as per https://github.com/turnkeylinux/webmin/commit/338d41818ba537957ed85abbbea089088feaf5ae I'm closing this issue.

OnGle

comment created time in 23 days

push eventturnkeylinux/webmin

Jeremy Davis

commit sha 338d41818ba537957ed85abbbea089088feaf5ae

Revert "add -e to inst/rm scripts" - closes #1378 This reverts commit d42f570f77934c43a4120474303325a71d9226ab.

view details

push time in 23 days

issue openedturnkeylinux/tracker

Install ZoneMinder from 3rd party repo for v16.x

When following up on a support request in the forums, I discovered that the ZoneMinder package has been removed from the Debian packages. However, there is a third party package repo available which will likely be a good option?! There is an install tutorial on their wiki. Docs for install on Stretch (using the same repo) are included in the official docs so it appears to be encouraged by the devs although I don't know how much vetting they do?!

As per usual with 3rd party repos, the package will need pinning and we should also store the key in /usr/share/keyring (or whatever it is - sorry I didn't double check...).

created time in 23 days

issue commentturnkeylinux/tracker

Webmin doesn't install on Buster

Looking a little closer at this, the only change I made to the pre/post install/remove scripts, was to set -e (see here).

The dirty way would be to just revert that commit. Although I think it'd be worth a bit of investigation first to see if we can fix it. What do you think?

OnGle

comment created time in 23 days

issue closedturnkeylinux/tracker

YouPHPTube LetsEncrypt fails from Confconsole

Fails with error

  • ERROR: An error occurred while sending post-request to https://acme-v01.api.letsencrypt.org'/acme/new-reg (Status 400) Details: { "type": "urn:acme:error:badNonce", "detail": "JWS has no anti-replay nonce",

Then, the terminal UX cuts off the rest of the error with a useless "55%" indicator (and how the @@@@ do you scroll this @@@@ing thing?)

closed time in 23 days

walt93

issue commentturnkeylinux/tracker

YouPHPTube LetsEncrypt fails from Confconsole

Hi @walt93 - This looks like a duplicate of #1359 so I'll close this one for now.

To resolve it, please follow the steps as outlined in the Confconsole v1.1.1 release notes. If you have any troubles, you can post back here if you'd like and I'll see it and respond.

Re scrolling, try the PageDown key (sometimes displayed as 'PgDn' on some keyboards). (and PageUp to go back up again). FWIW, that output also goes to the log (I forget the exact path OTTOMH, but it should be something like /var/log/confconsole/letsencrypt.log or similar).

walt93

comment created time in 23 days

issue openedturnkeylinux/tracker

Bring Ghost appliance more into line with upstream install

As per my recent blog post, the Ghost appliance is harder for an end user to use than it should be IMO.

As a minimum, we should translate the content of my post into the ghost appliance set up.

created time in a month

issue commentturnkeylinux/tracker

ssh keyauth not working for all openstack images based on core >=15

@mpetrowi:

Thanks for the response

You're most welcome. It's the least that I could do considering that you're giving us feedback on how we could do better! :smile:

sorry about tacking this on the wrong issue

No problem! It was good actually as this issue needed closing anyway. Besides, we're fairly casual about that stuff. It's better to have the feedback in a place that's not ideal, rather than not at all! :smile:

I am impressed with turnkey so far, at least once I got past the not being able to login part.

Glad to hear (other than than the not being able to log in part...).

As I say though, if you have any other further thoughts to share, please do so. Here on our GitHub issue tracker is the place for bug reports and feature requests (either post in the most appropriate existing issue if there is one, or post in a "new issue" and we'll respond and tag it as appropriate). On the forums is the place for more general feedback and/or support.

Have a good one and hope that TurnKey works well for you.

kaergel

comment created time in a month

issue openedturnkeylinux/tracker

Ensure that only TLS1.2+ are supported in TurnKey apps

For v16.0 release, we should be double checking that none of our servers support deprecated versions of TLS (aka SSL) - namely TLSv1 & TLSv1.1. Note that Chrome (Jan 2020), Firefox (Mar 2020) and even IE/Edge (mid 2020) will stop supporting anything lower than TLSv1.2.

For Apache, this should do the trick (in /etc/apache2/mods-available/ssl.conf):

	SSLProtocol -SSLv3 -TLSv1 -TLSv1.1

Note that SSLv2 is not supported by Apache at all so is not required to be noted). AFAIK the version of Apache in v16.0 (v2.4.38 - in Debian 10/Buster) supports TLSv1.2 & TLSv1.3.

This will all need confirmation and testing, but seems pretty reasonable to me...

created time in a month

issue commentturnkeylinux/tracker

Add DNS and DHCP server to Domain Controller appliance

I suggest to query if a DHCP server should be enabled in the first setup menu of the DC appliance.

Great idea! :smile:

Thanks for the additional info re KEA too. I think we'll stick with ISC-DHCP for now then.

Unfortunately, we're currently working on the transition to v16.0 (based on Debian 10/Buster) so it'll probably be a little while before we do a new release of our DC appliance, but I like your ideas and we'll aim to implement them for the next release.

renne

comment created time in a month

issue commentturnkeylinux/tracker

ssh keyauth not working for all openstack images based on core >=15

Hi @mpetrowi,

Sorry to hear of your troubles. It certainly doesn't sound like you had a very "TurnKey" experience... :cry: We try to balance good security defaults against ease of use as best we can, and clearly we sometimes get it wrong...

Regardless, thanks for bringing this bug report back to my attention. FWIW, I'm almost certain that the cause of this specific bug on OpenStack was directly related to #1340 (which was resolved a few months ago by fixing the specific issue and rebuilding all the OpenStack builds). @kaergel - sorry for not being proactive and letting you know sooner! Hopefully better late than never...

However @mpetrowi, your point is a good one. We implemented MaxAuthTries 2 for v15.x on the recommendation of a very security conscious community member. Fail2ban was also implemented around the same time and having it that tight alongside fail2ban was/is probably overkill. Beyond your scenario, MaxAuthTries 2 also means that ssh-copy-id doesn't work out of the box either (see #1130).

As per the closure of that issue, we've bumped MaxAuthTries to 3 for our next major release (v16.0 - unfortunately, it will still be a little while away, but getting closer...). IIRC the default is 6, but as we allow password logins (to make life easier for new users; default is to accept keys only), it's important to lock it down a little more IMO.

For future reference, (assuming that you are using OpenSSH client) I found the best way to discover the cause of the issue when trying to log in via SSH is to launch ssh with the -vvv switch. In my case that made it pretty clear what was going on... It's perhaps also worth noting, that using the -o PubkeyAuthentication=no switch should force your OpenSSH client to not try any keys and just ask for a password.

I'll close this now, but as a "new to TurnKey user" @mpetrowi, we really value your input. So if you have any further suggestions, please feel free to share. Although, unless it's directly related to my post here; ideally please do that on a directly relevant issue, or over on our forums (requires free website user account).

kaergel

comment created time in a month

issue closedturnkeylinux/tracker

ssh keyauth not working for all openstack images based on core >=15

Hi,

it looks like the ssh-publickey does not get properly injected in the own- and nextcloud openstack images with version >=15. No login is possible. I've tested the following images:

  • turnkey-nextcloud-15.0-stretch-amd64-openstack.qcow2
  • turnkey-nextcloud-15.1-stretch-amd64-openstack.qcow2
  • turnkey-owncloud-15.0-stretch-amd64-openstack.qcow2
  • turnkey-owncloud-15.1-stretch-amd64-openstack.qcow2

ssh root@<floatingip> does not work and asks for password. Nextcloud 14.2 is working.

Best regards

closed time in a month

kaergel

issue openedturnkeylinux/tracker

TKLBAM failing with: OSError: [Errno 2] No such file or directory: '/var/spool/postfix/<redacted_path>'

A user has just reported that twice in a row a TKLBAM backup failed. Both times it choked on files in /var/spool/postfix/.... I assume because the spooled mails had sent and/or been deferred.

TBH, I'm not really sure why it's not an issue more often (I can only assume that TKLBAM already has some mitigation for this, but it's imperfect).

Regardless, a hook script to stop/start postfix when running a backup might be the best way to go?!

created time in a month

issue commentYouPHPTube/YouPHPTube

I have uploaded a video on my phptube www.gappedtube.com and only thing that happened is go to blank page

He @ucmafialtd - are you not planning on using TurnKey anymore? If not, that's fine, no hard feelings or any of that. Especially considering that you had such a crappy run trying to get things up and running...

Although as you say, the TurnKey server is still running (so is still costing you money on AWS) and you are still on the TurnKey free trial which will expire in a few days. Please hit me up via support@turnkeylinux.org so I can help you shut your server and account down so that you don't get hit with fees!

Re getting your domain to migrate to a new server, you'll need to adjust the nameservers with your domain registrar to point to whatever new nameservers you are using. Otherwise, you'll need to create an A record to point to your server's IP.

ucmafialtd

comment created time in a month

issue commentYouPHPTube/YouPHPTube

Says my IP address is still the same as it was

He @ucmafialtd - are you not planning on using TurnKey anymore? If not, that's fine, no hard feelings or any of that. Especially considering that you had such a crappy run trying to get things up and running...

Although as you say, the TurnKey server is still running (so is still costing you money on AWS) and you are still on the TurnKey free trial which will expire in a few days. Please hit me up via support@turnkeylinux.org so I can help you shut your server and account down so that you don't get hit with fees!

Re getting your domain to migrate to a new server, you'll need to adjust the nameservers with your domain registrar to point to whatever new nameservers you are using. Otherwise, you'll need to create an A record to point to your server's IP.

ucmafialtd

comment created time in a month

issue commentturnkeylinux/tracker

Webmin doesn't install on Buster

Hmm, looks like the package install is failing with a non-zero exit code.

I did do a fair bit of work on that in preparation for Buster and I thought that I had tested pretty well. But I guess we're moving into new territory now, so I guess that's bound to happen.

FWIW one of the things I did was added -e to all the post/pre install/rm webmin package scripts. So my guess is that something I changed is causing an error under some specific circumstance. The proper fix is to find the specific issue and fix it. The dirty hack workaround would be to remove the -es again...

OnGle

comment created time in a month

issue commentturnkeylinux/tracker

deckdebuild should create /turnkey/fab/deckdebuilds/chroots/ directory when installed

As noted by @OnGle; it's essentially a typo in the TKLDev conf.d/main script:

deckbuilds should be deckdebuilds.

JedMeister

comment created time in a month

delete tag turnkeylinux/autoversion

delete tag : v0.9.4

delete time in a month

create barnchturnkeylinux/webmin

branch : 15.x

created branch time in a month

issue closedturnkeylinux/tracker

Confconsole Let's Encrypt - possible edge (corner?) case issue - "add-water" not being killed

JP just noted in the forums that he had an issue getting a new certificate recently. The output was:

 root@lamp /usr/bin# /usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrated-wrapper
[2019-09-29 22:22:48] dehydrated-wrapper: INFO: started
[2019-09-29 22:22:48] dehydrated-wrapper: INFO: No process found listening on port 80; continuing
[2019-09-29 22:22:48] dehydrated-wrapper: INFO: running dehydrated
/etc/dehydrated/confconsole.hook.sh: line 33: kill: (2591) - No such process
cat: /var/run/add-water/pid: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
rm: cannot remove '/var/run/add-water/pid': No such file or directory
[2019-09-29 22:22:54] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-09-29 22:22:54] dehydrated-wrapper: WARNING: Python is still listening on port 80
[2019-09-29 22:22:54] dehydrated-wrapper: INFO: attempting to kill add-water server
[2019-09-29 22:22:54] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-09-29 22:22:54] dehydrated-wrapper: INFO: starting stunnel4
[2019-09-29 22:22:54] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.

I suspect that there is an edge (corner?) case bug here with the way that the dehydrated wrapper handles things. More info in the thread.

TBH, I'm not 100% sure of the nature of the potential issue, nor the best way to reduce the likelihood of it causing others issues, but we should have a closer look.

closed time in a month

JedMeister

issue commentturnkeylinux/tracker

Confconsole Let's Encrypt - possible edge (corner?) case issue - "add-water" not being killed

This issue is closed by the release of Confconsole v1.1.1. It's not yet available from our repos and still requires some specific steps to use on a v15.x server (although better than instructions published previously). Please see the release notes for full step by step setup and further info.

JedMeister

comment created time in a month

issue closedturnkeylinux/tracker

Confconsole Let's Encrypt - badNonce - JWS has no anti-replay nonce

A recent update to Let's Encrypt has caused issues with older versions of Dehydrated (the Let's Encrypt client we use with Confconsole). And soon after, the v1 API was deprecated and only users with existing certificates can access the v1 API endpoint.

So there are a number of issues that have all occurred within a brief period of time. This post has got a bit messy, so I've completely rewritten it [Oct 18th 2019].


Setting up. These instructions should be run in a single shell session. If you run the separate steps at separate times or in separate shells, then you will need to re-run this first setup bit:

# set vars to use
DEHYD_ETC=/etc/dehydrated
SHARE=/usr/share/confconsole/letsencrypt
CONFIG="$DEHYD_ETC/confconsole.config"
GH_URL=https://raw.githubusercontent.com/turnkeylinux/confconsole/master
GH_HOOK=share/letsencrypt/dehydrated-confconsole.hook.sh
CC_HOOK="$DEHYD_ETC/confconsole.hook.sh"
SH_HOOK=$SHARE/dehydrated-confconsole.hook.sh

Now the actual steps to fix the issues:

  1. Update Dehydrated:
# add stretch-backports repo and updated dehydrated:
echo "deb http://http.debian.net/debian stretch-backports main" > /etc/apt/sources.list.d/backports.list
apt update
apt install -t stretch-backports dehydrated
  1. Download the updated TurnKey hook script:
wget $GH_URL/$GH_HOOK -O $SH_HOOK
cp $SH_HOOK $CC_HOOK
  1. Update the config to use the v2 API end point:
echo 'CA="https://acme-v02.api.letsencrypt.org/directory"' >> $CONFIG
echo 'CA_TERMS="https://acme-v02.api.letsencrypt.org/terms"' >> $CONFIG
  1. Manually run the new Dehydrated to accept the terms of service for Let's Encrypt:
/usr/bin/dehydrated --register --accept-terms
  1. Launch Confconsole and attempt to get a new certificate.

If you wish to just run the script directly (rather than via confconsole), this should do the trick:

/usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrated-wrapper

Hopefully you should now have a working certificate...! :smile: Don't forget to enable auto cert updates (via confconsole - if you haven't already).

Users with multiple domains should also be aware of #1360. It doesn't appear to cause problems when only one domain is used (and I've tested with 2 and it seemed ok). I plan to look into that a bit closer ASAP, but no ETA.


Users who have previously addressed this issue by updating Dehydrated via some other method can leave their system as is if they wish. Or alternatively, they can install the version from the stretch backports repo (as above; they should be roughly the same version). Note that if the package has been held, then the hold will need to be removed first. I.e.:

apt-mark unhold dehydrated

[Previous ramblings removed for clarity]

closed time in a month

JedMeister

issue commentturnkeylinux/tracker

Confconsole Let's Encrypt - badNonce - JWS has no anti-replay nonce

This issue is closed by the release of Confconsole v1.1.1. It's not yet available from our repos and still requires some specific steps to use on a v15.x server (although better than the previous instructions, which I'll update in a sec). Please see the release notes for full step by step setup and further info.

JedMeister

comment created time in a month

issue closedturnkeylinux/tracker

Let’s Encrypt - ACME v2 API Endpoint

Just an fyi as I'm guessing Core v15 will be available sometime early next year:

Let's Encrypt says ACME v2 API Endpoint Coming January 2018: https://letsencrypt.org/2017/06/14/acme-v2-api.html

They "are not setting an end-of-life date for the ACME v1 protocol" so it should not affect the current confconsole plugin for quite some time.

ACME v2 will supposedly allow wildcard certs to be issued according to: https://arstechnica.com/information-technology/2017/07/lets-encrypt-to-start-offering-free-wildcard-certificates-for-https/

Thanks.

closed time in a month

bormanst

issue commentturnkeylinux/tracker

Let’s Encrypt - ACME v2 API Endpoint

Confconsole v1.1.1 now includes support for the Let's Encrypt v2 API endpoint out of the box. It requires some specific steps to use on a v15.x server, so please see the release notes for further info.

bormanst

comment created time in a month

release turnkeylinux/confconsole

v1.1.1

released time in a month

issue openedturnkeylinux/tracker

Hub: support for manually editing/updating custom domains

Within the Hub, if you wish to update the IP of a custom domain, currently you need to delete the custom subdomains and re-add it with the new IP.

You can update them with hubtools, but I think it would be nice to also support manually editing them from the Domains page.

created time in a month

push eventturnkeylinux/autoversion

Jeremy Davis

commit sha 52e3b1052f99d269391b5b7c6cdebdc39d8c47df

depend on git to support install on buster

view details

Jeremy Davis

commit sha d5eab69c00465405bcd9a65ed101f173c676a2c5

include git version in control file, plus include missing comma

view details

Jeremy Davis

commit sha 7a66b1fe807b55e3b5de417ca0b7fc5ab178fc86

update maintainer name & email

view details

Jeremy Davis

commit sha 9c88c0d4e93179e8ff3282582b0d6354c22d93e7

remove "git-core" package from dependencies

view details

Jeremy Davis

commit sha 50b0c7fb5a002ae8684dc9f22e4f75c75a173f10

Merge pull request #3 from JedMeister/buster-dev Buster dev

view details

push time in a month

PR merged turnkeylinux/autoversion

Buster dev

Minor modification to dependencies for v16.x (Debian 10/Buster based). Backwards compatible with v15.x (Debian 9/Stretch based).

+2 -2

0 comment

1 changed file

JedMeister

pr closed time in a month

created tagturnkeylinux/autoversion

tagv0.9.4

map git commits to auto-versions and vice versa

created time in a month

create barnchturnkeylinux/autoversion

branch : 15.x

created branch time in a month

PR opened turnkeylinux/autoversion

Buster dev

Minor modification to dependencies for v16.x (Debian 10/Buster based). Backwards compatible with v15.x (Debian 9/Stretch based).

+2 -2

0 comment

1 changed file

pr created time in a month

issue commentYouPHPTube/YouPHPTube

I have uploaded a video on my phptube www.gappedtube.com and only thing that happened is go to blank page

@DanielnetoDotCom - Ah ok, so perhaps that wasn't the issue and it was something else?! Regardless, the videos now appear to play ok.

ucmafialtd

comment created time in a month

delete branch turnkeylinux/buildroot

delete branch : buster-dev

delete time in a month

delete branch turnkeylinux/bootstrap

delete branch : buster-dev

delete time in a month

push eventturnkeylinux/bootstrap

Jeremy Davis

commit sha a87dc0e181658781e84955b7931cabcf2b3c81b2

remove mktemp pkg - part of coreutils since stretch (existed as transitional pkg)

view details

Jeremy Davis

commit sha 40fde92d7ad2e3bc038613b1502af3087006b616

remove initscripts & sysv-rc (no longer needed in buster; or stretch either...)

view details

Jeremy Davis

commit sha 5b7403ac17c43c2f5f8b9550275e1984a9bd4db1

include init-system-helpers pkg (essential)

view details

Jeremy Davis

commit sha fac0079f7bc91e19523bbd036a21c17756c2e625

include sysvinit-utils pkg (essential)

view details

Jeremy Davis

commit sha 14a28279dd43f1ae0d1f7312fb13ef182e0c10d5

Merge pull request #2 from turnkeylinux/buster-dev Update for building TurnKey v16.x (based on Debian 10/Buster). Should still work fine for v15.x (Debian 9/Stretch based).

view details

push time in a month

PR merged turnkeylinux/bootstrap

Buster dev

Update for building TurnKey v16.x (based on Debian 10/Buster). Should still work fine for v15.x (Debian 9/Stretch based).

+2 -4

0 comment

2 changed files

JedMeister

pr closed time in a month

PR opened turnkeylinux/bootstrap

Buster dev

Update for building TurnKey v16.x (based on Debian 10/Buster). Should still work fine for v15.x (Debian 9/Stretch based).

+2 -4

0 comment

2 changed files

pr created time in a month

push eventturnkeylinux/buildroot

Jeremy Davis

commit sha f50a32609efcbfe7e33d1b3d40daca5c32abf1d1

update plan for buster

view details

Jeremy Davis

commit sha 526ed9237f7af2891fb00dd1d40c82b49fef6c2e

retabbed case in conf.d/patch-dpkg-gencontrol

view details

Jeremy Davis

commit sha 091e12df944dc21e5cb1c5bd9ebe9728832b19cb

updated conf.d/patch-dpkg-gencontrol for buster; could probably remove altogether now...

view details

Jeremy Davis

commit sha a7d30842632dc27ccf8ebc612de831802647125b

add a couple more dependencies

view details

Jeremy Davis

commit sha 23d490eb9f41f4575fbec8fbf7e0bcace821b681

Merge pull request #2 from turnkeylinux/buster-dev Buster dev

view details

push time in a month

PR merged turnkeylinux/buildroot

Buster dev

Updates for building packages for TurnKey v16.x (based on Debian Buster). Should be backwards compatible, at least for building v15.x (Debian Stretch based) buildroot.

+15 -7

0 comment

2 changed files

JedMeister

pr closed time in a month

PR opened turnkeylinux/buildroot

Buster dev

Updates for building packages for TurnKey v16.x (based on Debian Buster). Should be backwards compatible, at least for building v15.x (Debian Stretch based) buildroot.

+15 -7

0 comment

2 changed files

pr created time in a month

create barnchJedMeister/bootstrap

branch : buster-dev

created branch time in a month

push eventJedMeister/bootstrap

Alon Swartz

commit sha e548663f34acc035ba504f652b96e48172da9cec

updated notes to use new signing hash method

view details

push time in a month

create barnchJedMeister/buildroot

branch : buster-dev

created branch time in a month

push eventJedMeister/buildroot

Jeremy Davis

commit sha 8b9f53ce33874ee654786569b222636fd6cad2b1

added 'rpi' DISTRO sources

view details

Jeremy Davis

commit sha 1964a170e8d1cd0b859da06b138b4a8e92ba1739

Updated README (autoversion location)

view details

Jeremy Davis

commit sha 96a3aa1bd5b19bfba9c108412f024efb7c2c6d4c

changed rpi to raspbian to be consistent with existing distros

view details

Jeremy Davis

commit sha 73d2f6429f37779141102018fc43b08a642b5780

fixed an 'rpi' entry that I had missed

view details

Jeremy Davis

commit sha 9b2acdd4007d0c3f3bec44bea39b92d15dbf4f16

fixed hardcoded raspbian CODENAME

view details

Alon Swartz

commit sha 5c4ebd16ddf19de564c1cc610165399eea8056d1

Merge pull request #1 from JedMeister/rpi Support building Raspbian buildroot

view details

Alon Swartz

commit sha 2b4b1500bab0cb8824ca80f33163479f99eacbda

cdn.debian.net deprecated. replaced with http.debian.net

view details

Alon Swartz

commit sha 185c1045acc9e41c37443039d957871e79a3785d

updated dpkg-gencontrol patch for jessie

view details

Alon Swartz

commit sha faeaca3bba2ea89235660d997f186d3d61086967

added hack for squeeze apt sources and config (eol)

view details

Alon Swartz

commit sha 8bf9386bf8a95095e3fa7a369e62ddcb67f004b7

updated for stretch

view details

push time in a month

create barnchturnkeylinux/buildroot

branch : 15.x

created branch time in a month

create barnchturnkeylinux/bootstrap

branch : 15.x

created branch time in a month

delete branch JedMeister/turnkey-pylib

delete branch : buster-dev

delete time in a month

pull request commentturnkeylinux/turnkey-pylib

Buster dev

Merging this now and I don't think that were any further requirements.

JedMeister

comment created time in a month

push eventturnkeylinux/fab

Jeremy Davis

commit sha abe156a69f27f27d02c5bbf015b3a3af2b6a739a

remove use of executil and use subprocess instead

view details

Jeremy Davis

commit sha 49b01e7b03fd16f0886549ffa4d56385f51f36a6

fab-installer updates for buster (still py2)

view details

Jeremy Davis

commit sha 2c0246344429a55d1b67ceb9005468489a44d5ef

Completed bootstrap.mk & product.mk updates for Buster.

view details

Jeremy Davis

commit sha fee754d548f430374b466b9364512d88d3deb52e

Merge pull request #5 from JedMeister/buster-dev Buster dev

view details

push time in a month

PR merged turnkeylinux/fab

Buster dev

Please note that this update requires the 'turnkey' debootstrap script.

Mostly it should be backwards compatible with v15.x / Debian 9/Stretch. However the changes to product.mk may break the ability to build a v15.x / Stretch ISO because of the switch from casper to the Debian live system. I haven't tested that and IMO it's a small price to pay to push forward with Buster! (Worst case scenario, reinstall Fab from the repo).

+21 -16

0 comment

4 changed files

JedMeister

pr closed time in a month

create barnchturnkeylinux/fab

branch : 15.x

created branch time in a month

delete branch turnkeylinux/fab

delete branch : jessie

delete time in a month

more