profile
viewpoint
Jeremy Davis JedMeister Turnkey GNU/Linux @turnkeylinux @turnkeylinux-apps Launceston, Tasmania, Australia https://turnkeylinux.org/

issue commentturnkeylinux/tracker

Confconsole Let's Encrypt - badNonce - JWS has no anti-replay nonce

@deutrino - Yes I need to consolidate all this info into a simple step-by-step. In the meantime, please let me know if you have any issues apply the fix.

JedMeister

comment created time in 2 hours

issue commentturnkeylinux/tracker

Gitea doesn't include Adminer

@deutrino - Assuming that you are the same "deutrino" who recently posted on our forums; a few things:

  • Firstly, my deepest apologies on accidentally deleteing your website user account... :man_facepalming:
  • Please feel free to recreate your account there and I will be more careful this time! In future I need to be a bit more careful when deleteing users before I've finished my first coffee of the day...
  • Let me know when you've recreated it and I can ensure that I add you to the "contributors" group so your future posts bypass the forum spam filters.
  • Using the email notifications I got regarding your forum activity, I have recreated your post(s) on the forums here.
  • I have also opened this issue regarding your bug report; plus responded to your OP there in the forums.
JedMeister

comment created time in 2 hours

issue commentturnkeylinux/tracker

Gitea doesn't include Adminer

Actually, we should probably remove the Adminer inithook from the MySQL makefile in common and move it to the Adminer common overlay.

JedMeister

comment created time in 3 hours

issue openedturnkeylinux/tracker

Gitea doesn't include Adminer

The Gitea docs and the firstboot scripts, all note that the Gitea appliance includes Adminer (for DB management). However, it has recently been reported that that is not the case!

We should ensure that it is included in the next release! It should be a simple case of updating the Makefile to include the Adminer overlay and relevant conf script...

created time in 3 hours

issue openedturnkeylinux/tracker

EspoCRM - include "WebSocket" in next EspoCRM appliance release

A EspoCRM user recently noted that he was having troubles setting up EspoCRM's WebSocket.

It looks fairly straight forward and well documented. The only other additional requirement would be installation of the php-zmq package.

created time in a day

create barnchJedMeister/canvas

branch : inithooks-fix

created branch time in a day

issue openedturnkeylinux/tracker

Canvas - 500 errors (appears to be related to RCE API)

A user has reported that the current version of TurnKey Canvas is experiencing issues, namely this message:

Page Error
Something broke unexpectedly.
If you have a moment, click here to tell us what happened.

Within the logs, there are 500 errors being noted. The stacktrace in the database (full error messages are stored in the DB, rather than the log) shows more info:

       message        |                                                                                         backtrace                                                                                         
----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 key must be 32 bytes | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/json-jwt-1.9.4/lib/json/jwe.rb:33:in `key='                                                                                                +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/json-jwt-1.9.4/lib/json/jwe.rb:33:in `encrypt!'                                                                                            +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/json-jwt-1.9.4/lib/json/jwt.rb:40:in `encrypt'                                                                                             +
                      | /var/www/canvas/lib/canvas/security.rb:147:in `create_encrypted_jwt'                                                                                                                     +
                      | /var/www/canvas/lib/canvas/security/services_jwt.rb:71:in `generate'                                                                                                                     +
                      | /var/www/canvas/lib/canvas/security/services_jwt.rb:95:in `for_user'                                                                                                                     +
                      | /var/www/canvas/lib/services/rich_content.rb:24:in `env_for'                                                                                                                             +
                      | /var/www/canvas/app/controllers/application_controller.rb:198:in `rce_js_env'                                                                                                            +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/callbacks.rb:413:in `block in make_lambda'                                                        +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/callbacks.rb:178:in `block (2 levels) in halting_and_conditional'                                 +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/abstract_controller/callbacks.rb:12:in `block (2 levels) in <module:Callbacks>'                                     +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/callbacks.rb:179:in `block in halting_and_conditional'                                            +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/callbacks.rb:507:in `block in invoke_before'                                                      +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/callbacks.rb:507:in `each'                                                                        +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/callbacks.rb:507:in `invoke_before'                                                               +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/callbacks.rb:106:in `block in run_callbacks'                                                      +
                      | /var/www/canvas/app/controllers/application_controller.rb:484:in `report_to_datadog'                                                                                                     +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/callbacks.rb:117:in `block in run_callbacks'                                                      +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/inst_statsd-2.1.4/lib/inst_statsd/statsd.rb:95:in `batch'                                                                                  +
                      | /var/www/canvas/app/controllers/application_controller.rb:472:in `batch_statsd'                                                                                                          +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/callbacks.rb:117:in `block in run_callbacks'                                                      +
                      | /var/www/canvas/lib/temp_cache.rb:28:in `enable'                                                                                                                                         +
                      | /var/www/canvas/app/controllers/application_controller.rb:468:in `enable_request_cache'                                                                                                  +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/callbacks.rb:117:in `block in run_callbacks'                                                      +
                      | /var/www/canvas/app/controllers/application_controller.rb:462:in `set_locale'                                                                                                            +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/callbacks.rb:117:in `block in run_callbacks'                                                      +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/callbacks.rb:135:in `run_callbacks'                                                               +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/abstract_controller/callbacks.rb:19:in `process_action'                                                             +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_controller/metal/rescue.rb:20:in `process_action'                                                            +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_controller/metal/instrumentation.rb:32:in `block in process_action'                                          +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/notifications.rb:166:in `block in instrument'                                                     +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/notifications/instrumenter.rb:21:in `instrument'                                                  +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/notifications.rb:166:in `instrument'                                                              +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_controller/metal/instrumentation.rb:30:in `process_action'                                                   +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_controller/metal/params_wrapper.rb:252:in `process_action'                                                   +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activerecord-5.1.6.2/lib/active_record/railties/controller_runtime.rb:22:in `process_action'                                               +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/abstract_controller/base.rb:124:in `process'                                                                        +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionview-5.1.6.2/lib/action_view/rendering.rb:30:in `process'                                                                            +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_controller/metal.rb:189:in `dispatch'                                                                        +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_controller/metal.rb:253:in `dispatch'                                                                        +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_dispatch/routing/route_set.rb:49:in `dispatch'                                                               +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_dispatch/routing/route_set.rb:31:in `serve'                                                                  +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_dispatch/journey/router.rb:50:in `block in serve'                                                            +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_dispatch/journey/router.rb:33:in `each'                                                                      +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_dispatch/journey/router.rb:33:in `serve'                                                                     +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_dispatch/routing/route_set.rb:844:in `call'                                                                  +
                      | /var/www/canvas/gems/plugins/respondus_soap_endpoint/lib/respondus_soap_endpoint/middleware.rb:78:in `call'                                                                              +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/rack-2.0.6/lib/rack/etag.rb:25:in `call'                                                                                                   +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/rack-2.0.6/lib/rack/conditional_get.rb:25:in `call'                                                                                        +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/rack-2.0.6/lib/rack/head.rb:12:in `call'                                                                                                   +
                      | /var/www/canvas/app/middleware/request_throttle.rb:60:in `block in call'                                                                                                                 +
                      | /var/www/canvas/app/middleware/request_throttle.rb:278:in `reserve_capacity'                                                                                                             +
                      | /var/www/canvas/app/middleware/request_throttle.rb:55:in `call'                                                                                                                          +
                      | /var/www/canvas/app/middleware/request_context_session.rb:25:in `call'                                                                                                                   +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:232:in `context'                                                                                +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/rack-2.0.6/lib/rack/session/abstract/id.rb:226:in `call'                                                                                   +
                      | /var/www/canvas/app/middleware/load_account.rb:29:in `call'                                                                                                                              +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_dispatch/middleware/cookies.rb:613:in `call'                                                                 +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_dispatch/middleware/callbacks.rb:26:in `block in call'                                                       +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/callbacks.rb:97:in `run_callbacks'                                                                +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_dispatch/middleware/callbacks.rb:24:in `call'                                                                +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_dispatch/middleware/debug_exceptions.rb:59:in `call'                                                         +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_dispatch/middleware/show_exceptions.rb:31:in `call'                                                          +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/railties-5.1.6.2/lib/rails/rack/logger.rb:36:in `call_app'                                                                                 +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/railties-5.1.6.2/lib/rails/rack/logger.rb:26:in `call'                                                                                     +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_dispatch/middleware/remote_ip.rb:79:in `call'                                                                +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/request_store-1.4.1/lib/request_store/middleware.rb:19:in `call'                                                                           +
                      | /var/www/canvas/app/middleware/request_context_generator.rb:49:in `call'                                                                                                                 +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/rack-2.0.6/lib/rack/method_override.rb:22:in `call'                                                                                        +
                      | /var/www/canvas/app/middleware/prevent_non_multipart_parse.rb:33:in `call'                                                                                                               +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/rack-2.0.6/lib/rack/runtime.rb:22:in `call'                                                                                                +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/activesupport-5.1.6.2/lib/active_support/cache/strategy/local_cache_middleware.rb:27:in `call'                                             +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/actionpack-5.1.6.2/lib/action_dispatch/middleware/executor.rb:12:in `call'                                                                 +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/rack-2.0.6/lib/rack/sendfile.rb:111:in `call'                                                                                              +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/railties-5.1.6.2/lib/rails/engine.rb:522:in `call'                                                                                         +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/railties-5.1.6.2/lib/rails/railtie.rb:185:in `public_send'                                                                                 +
                      | /var/www/canvas/vendor/bundle/ruby/2.4.0/gems/railties-5.1.6.2/lib/rails/railtie.rb:185:in `method_missing'                                                                              +
                      | /usr/local/rbenv/versions/2.4.5/lib/ruby/gems/2.4.0/gems/passenger-6.0.2/src/ruby_supportlib/phusion_passenger/rack/thread_handler_extension.rb:97:in `process_request'                  +
                      | /usr/local/rbenv/versions/2.4.5/lib/ruby/gems/2.4.0/gems/passenger-6.0.2/src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:149:in `accept_and_process_next_request'+
                      | /usr/local/rbenv/versions/2.4.5/lib/ruby/gems/2.4.0/gems/passenger-6.0.2/src/ruby_supportlib/phusion_passenger/request_handler/thread_handler.rb:110:in `main_loop'                      +
                      | /usr/local/rbenv/versions/2.4.5/lib/ruby/gems/2.4.0/gems/passenger-6.0.2/src/ruby_supportlib/phusion_passenger/request_handler.rb:415:in `block (3 levels) in start_threads'             +
                      | /usr/local/rbenv/versions/2.4.5/lib/ruby/gems/2.4.0/gems/passenger-6.0.2/src/ruby_supportlib/phusion_passenger/utils.rb:113:in `block in create_thread_and_abort_on_exception'
(1 row)

created time in 2 days

push eventturnkeylinux/bootstrap

Jeremy Davis

commit sha fac0079f7bc91e19523bbd036a21c17756c2e625

include sysvinit-utils pkg (essential)

view details

push time in 2 days

startedgchq/CyberChef

started time in 9 days

startedtmhedberg/SimpylFold

started time in 9 days

issue openedturnkeylinux/tracker

Set hostname automatically when launching a server from the Hub - Ability to pre-seed hostname

When launching a new server from the Hub, it'd be awesome if the hostname set within the Hub was set within the server too.

Related to #768

created time in 10 days

issue commentturnkeylinux/tracker

[Stretch] Cannot login to Adminer

Hi @lisawebcoder - This (now fixed) issue was related to a past release of TurnKey Linux (our library of Debian based software appliances). I'm not at all familiar with this stuff on Windows (I'm a Linux user, both for work and personal usage). So I'm not 100% sure that this is relevant to you. Although I'll share what I know and perhaps it may assist heading you in the right direction?

Prior to hitting this issue, we used the 'root' MySQL user to log in. In our case, it was changes to the way that the default 'root' MySQL user could log in. Prior to Debian Stretch (the basis of our v15.x release), the 'root' user was a normal (albeit powerful) MySQL user account, with a password. In Stretch, that changed and the default 'root' user now uses a Linux socket, so doesn't require a password, but can't be used with Adminer (or any connection other than from the commandline of the local system). I'm not sure how it's done on Windows though (obviously Windows doesn't have Linux sockets, not sure if they have something similar though?).

I don't consider myself an Adminer expert, but I do know a bit about it. There is no "default" login, it uses the existing MySQL users. So you need to use the login credentials of an existing MySQL user that has appropriate permissions (or create a new user with those permissions). For our purposes, we created a special user (with root-like permissions) specifically for use with Adminer.

I hope that helps head you in the right direction...

OnGle

comment created time in 13 days

issue commentturnkeylinux/tracker

Confconsole Let's Encrypt - badNonce - JWS has no anti-replay nonce

@spyrule - Oops! Thanks for the heads up. I've fixed it in the OP.

JedMeister

comment created time in 14 days

startedetesync/server-skeleton

started time in 14 days

startedetesync/etesync-web

started time in 14 days

issue commentturnkeylinux/tracker

Confconsole Let's Encrypt - badNonce - JWS has no anti-replay nonce

FWIW, I've just updated the OP with details of the related Debian bug report. If you follow the link, editing the Dehydrated script itself is an alternate option to resolving this issue.

The fix I'd already documented is still an option.

JedMeister

comment created time in 15 days

issue closedturnkeylinux/tracker

Flag TKL Support for OpenNebula Marketplace

OpenNebula now supports TurnKey LXC builds via their Marketplace - website needs to be updated to note this.

It'd be great if TKL images could be available via the OpenNebula Marketplace.

TBH I haven't played with OpenNebula and/or their marketplace so I am not completely clear on what the best course of action to achieve that ends would be and/or how much work it would require. Ideally it'd be great if TKL images were available in the 3 main formats supported by OpenNebula (currently KVM, Xen and VMware - OVZ support is also in development).

I'm not sure on the best approach to doing that - I guess it'd be best if TKL didn't need to host additional images just for the purpose of OpenNebula but I'm not clear on how or even if that is technically possible.

Some relevant references: http://archives.opennebula.org/documentation:rel4.4:vm4market https://support.opennebula.pro/entries/455869-Image-Contextualization https://wiki.debian.org/OpenNebula/PreparingDebianVmImage

Note: I have tagged both Core and TKLDev as even if formal support for OpenNebula Marketplace was not done, a script/plugin/tklpatch (as per #161) on the creation of OpenNebula ready images in TKLDev could also be a very useful thing...

<bountysource-plugin>

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource. </bountysource-plugin>

closed time in 16 days

JedMeister

issue commentturnkeylinux/tracker

Flag TKL Support for OpenNebula Marketplace

You can replace 5.8 for stable and it will point to the latest stable version of opennebula.

Awesome, thanks. I've just updated the links to use that instead.

Please, let me know when you add the logo to the Turnkey home page

Done. To make it consistent with the others, I made it black and shrunk it a bit. If you're unhappy with that, please feel free to provide an alternate similar sized logo (PNG with transparent background and logo in black (or black & white, grayscale is an option too although black/b&w is preferable).

I'll close this now that it's been added, but we can reopen if more is required.

JedMeister

comment created time in 16 days

issue closedturnkeylinux/tracker

Error reading from database

It says this when typing in link...

closed time in 16 days

Lukas-Batema

issue commentturnkeylinux/tracker

Error reading from database

Ok great. I'll close this then. If you have questions or need guidance, please open a new thread on the forums.

Lukas-Batema

comment created time in 16 days

issue openedturnkeylinux/tracker

Confconsole Let's Encrypt - possible edge (corner?) case issue - "add-water" not being killed

JP just noted in the forums that he had an issue getting a new certificate recently. The output was:

 root@lamp /usr/bin# /usr/lib/confconsole/plugins.d/Lets_Encrypt/dehydrated-wrapper
[2019-09-29 22:22:48] dehydrated-wrapper: INFO: started
[2019-09-29 22:22:48] dehydrated-wrapper: INFO: No process found listening on port 80; continuing
[2019-09-29 22:22:48] dehydrated-wrapper: INFO: running dehydrated
/etc/dehydrated/confconsole.hook.sh: line 33: kill: (2591) - No such process
cat: /var/run/add-water/pid: No such file or directory
kill: usage: kill [-s sigspec | -n signum | -sigspec] pid | jobspec ... or kill -l [sigspec]
rm: cannot remove '/var/run/add-water/pid': No such file or directory
[2019-09-29 22:22:54] dehydrated-wrapper: FATAL: dehydrated exited with a non-zero exit code.
[2019-09-29 22:22:54] dehydrated-wrapper: WARNING: Python is still listening on port 80
[2019-09-29 22:22:54] dehydrated-wrapper: INFO: attempting to kill add-water server
[2019-09-29 22:22:54] dehydrated-wrapper: WARNING: Something went wrong, restoring original cert & key.
[2019-09-29 22:22:54] dehydrated-wrapper: INFO: starting stunnel4
[2019-09-29 22:22:54] dehydrated-wrapper: WARNING: Check today's previous log entries for details of error.

I suspect that there is an edge (corner?) case bug here with the way that the dehydrated wrapper handles things. More info in the thread.

TBH, I'm not 100% sure of the nature of the potential issue, nor the best way to reduce the likelihood of it causing others issues, but we should have a closer look.

created time in 17 days

issue commentturnkeylinux/tracker

Flag TKL Support for OpenNebula Marketplace

Hey @dann1 thanks for your patience and persistence. I'm still flat out with a mile long todo list (sort of my default position). But I just decided that this was one of those jobs that shouldn't really take too long and might be a good candidate to quickly clear an item from my list. So I just bit the bullet and spent half hour updating the TurnKey "build types" doc page. It's still not perfect, but at least it's documented now.

The only other thing that occurred to me is that the OpenNebula docs don't seem to support "latest" as a version (or perhaps I just missed how to do that). That means that the links I have included to your docs will always point to the OpenNebula v5.8 docs. It'd be nice if there were a way to always link to the latest version of the docs. As a workaround, I also added a link to the page source (on GitHub).

JedMeister

comment created time in 17 days

issue commentturnkeylinux/tracker

Confconsole Let's Encrypt - badNonce - JWS has no anti-replay nonce

I just updated the OP to fix up some mistakes.

Also @thmai11 thanks for your post on the forums. Deepest apologies that I accidentally deleted your website user account :sob: (I was intending to add you to the "contributor group so future posts will avoid the spam filters - but on auto pilot I accidentally clicked 'cancel' instead of 'save'.)

JedMeister

comment created time in 19 days

issue openedturnkeylinux/tracker

Confconsole Let's Encrypt - badNonce - JWS has no anti-replay nonce

It appears that a recent update to Let's Encrypt has caused issues with older versions of Dehydarated (the Let's Encrypt client we use with Confconsole).

Unfortunately, the fix is a little convoluted (and a little hacky) as we need to update our default hook script too (due to unrelated changes in newer versions of Dehydrated).

Ideally, we should probably remove the packaged Dehydarated client and manually install (to /usr/local/bin), but I'm going to cut a corner and suggest just overwriting the default Dehydrated. It's generally considered very poor practice to muck around with files in /usr (with the exception of /usr/local) because they are managed by the package management system. However, seeing as Dehydrated is a bash script (so no real dependencies to speak of) then it much less of an issue. Also, we'll mitigate any other potential issues by putting a hold on the package. (Alternatively, you can do it "properly" by removing the dehydrated package; and downloading the script to /usr/local/bin/dehydrated).

Hold the current package (so an update won't overwrite the newer version we're installing)

apt hold dehydrated

Download the latest fixed version (0.6.5) and make it executable

wget wget https://raw.githubusercontent.com/lukas2511/dehydrated/v0.6.5/dehydrated \
    -O /usr/bin/dehydrated
chmod +x /usr/bin/dehydrated

Download the fixed hook script

FILE=share/letsencrypt/dehydrated-confconsole.hook.sh
wget https://raw.githubusercontent.com/turnkeylinux/confconsole/master/$FILE -O /usr/$FILE

If you've already run Dehydrated via Confconsole, you'll also need to overwrite the hook script that has been copied to /etc/confconsole:

# assuming same shell session as above codeblock
cp /usr/$FILE /etc/dehydrated/confconsole.hook.sh

created time in 20 days

push eventturnkeylinux/confconsole

Jeremy Davis

commit sha 0b0938608a71c896e952a238874a2daca018fd4e

fix hook script so that it only accepts specific hook commands to bring it in line with latest Dehydrated

view details

Jeremy Davis

commit sha 5b70b984563599c8c7ee7c99cfd109980f4be83d

Merge branch 'badNonce-fix'

view details

push time in 20 days

issue commentturnkeylinux/tracker

Unprivileged TurnKey containers on LXC (inc Proxmox) fail

@dmnc-net thanks for your input and feedback.

Whilst we do intend to implement a work around for this issue, it's a not super high priority item as the user-side workaround is well documented and pretty straight forward (albeit a bit of a PITA), both here and on Proxmox forums.

Please note that it's not that we don't care about this issue, just that we're a small team with a lot on our plate. Whilst I get that this is an annoyance, because of our small team and massive amount of competing priorities, we always need to carefully decide how we spend the limited time we have available. FWIW currently my main focus is getting our v16.0 / Debian Buster based release available. I was intending to implement this "fix" (i.e. work around the changed Proxmox defaults and limitations of LXC).

It's probably also worth noting that if you are really concerned about security, whilst an "unprivileged" container helps, the only real answer if you need solid security and true isolation, is to use a "proper" VM (i.e. a KVM VM within Proxmox). Our ISO should install to a "proper" VM, no problems ("proper" VMs don't have the same limitations as LXC).

JedMeister

comment created time in 20 days

issue commentturnkeylinux/tracker

Error reading from database

Hi there,

I'm sorry to hear of your troubles, but I'm not at all clear what the issue you are hitting is related to.

Could you please elaborate on where/when this issue occurs? Is it on the website? If so, please share which page and what you did to arrive at that point? Or is it on a TurnKey server you have running somewhere? Or something else entirely?

If it's within a TurnKey server, please let me know which one (e.g. WordPress, LAMP, etc), which version (e.g. v15.2, etc) and where you have it running (AWS EC2 launched from the Hub, local VMware VM, etc).

Lukas-Batema

comment created time in 20 days

startedjarun/nnn

started time in 24 days

startedprometheus/prometheus

started time in a month

startedhunterlong/statping

started time in a month

startedthanos-io/thanos

started time in a month

issue openedturnkeylinux/tracker

Redmine / Revision Control appliances can't disable unauthenticated access to repos.

2 recent threads in the forums (namely here and here) suggest that it is currently not possible to deny unauthenticated access to the version control web interfaces.

It should be possible out of the box, to disable public access to those interfaces!

created time in a month

startedd4t4x/data-selfie-image-classification

started time in a month

push eventJedMeister/webmin

Jeremy Davis

commit sha 107ee63ff3e2cc5168318bbe7fd6796bb6967c7b

update webmin to 1.920

view details

Jeremy Davis

commit sha 90fd2cba7423bc63a54e6fd3175fdff3f61eeaa0

update to webmin 1.930

view details

Jeremy Davis

commit sha ccb781717f78590578bb3fa14932c5c35aecae62

Merge branch 'update-to-1.930'

view details

push time in a month

startedGDSSecurity/SSH-Weak-DH

started time in a month

push eventJedMeister/buildtasks

Jeremy Davis

commit sha 097f9a1b3bc495140751bd112d019920fb15836c

get verbose debug messages from openstack-bundle

view details

Jeremy Davis

commit sha 77fb9a6cf6b34a8301dfe023d6c9920e31563819

TEMP: attempting to debug annoying intermittant issue when building in the cloud...

view details

Jeremy Davis

commit sha fc29c6d7e56d5f5a8c99adf301005d62441c5455

TEMP: more debugging...

view details

Jeremy Davis

commit sha 17fab98fa2119d2b0abdbb3d23b28bc432986598

DEBUG: more debugging attempts

view details

Jeremy Davis

commit sha 147eecdc3aa68d9803273bd5e4d40591d254af78

DEBUG: this should work now...

view details

Jeremy Davis

commit sha 628ce81e5fb6a9a37e3718aac6ea2e2ee97770d4

tidy up debugging

view details

push time in a month

create barnchJedMeister/buildtasks

branch : buster-dev

created branch time in a month

push eventJedMeister/common

Jeremy Davis

commit sha a29df27164c10e6a55bee3550302667a7169a159

tweak webmin php config

view details

Jeremy Davis

commit sha 85a485d3854168f40a62c45a05f9034727b27e6d

Merge pull request #133 from JedMeister/php-webmin tweak webmin php config

view details

qq7

commit sha 95255cd7f889d302d6f42c9c582a49f00e580cc4

ruby 2.4.5 in rails-pgsql

view details

Jeremy Davis

commit sha 652960a891f175c2a6a88a585821c9b89c87dc80

Merge branch 'ruby2.4.5'

view details

Jeremy Davis

commit sha 483692e86fba3827df5f1347bd8ad43d6d15897e

options --no-ri --no-rdoc have been removed; use --no-document instead - see https://guides.rubygems.org/command-reference/#gem_install

view details

Stefan Davis

commit sha 42738a5fc3758e2c7aee224146bf2a4b4072c8fc

add script which gets all releases and tags for a github repo

view details

Stefan Davis

commit sha 3a0aacd825d393a145492d7120d8d467d185460f

Fix some bad practice bash

view details

Stefan Davis

commit sha 9f3e300f4b3683ac8034f81bc204ebdad7363446

Add conf vars for private access tokens

view details

Stefan Davis

commit sha 02d3aa36e6d54ea432ad563b38ae96c11f93870a

Redirect message to stderr

view details

Stefan Davis

commit sha 0adaf84f348d46eef20d83b39f62058f28603a1b

Add PHP72 config var and seperate PHP52 functionality into PHPXX and PHP_ALT

view details

qq7

commit sha b78459ef48140f7cad471147ca4502b19a97bbf0

Create innodb-barracuda.cnf

view details

Jeremy Davis

commit sha 4d7ea5f7e842d92f3b3dbcc15a94ea17d551d891

Merge pull request #136 from qq7/patch-1 Create innodb-barracuda.cnf

view details

Stefan Davis

commit sha 0e799119f8b41c26e6863d6c6c13ab79f1ae9739

Finish dynamic PHP version - use PHP_VERSION=X.X instead of PHPXX=y - dynamically pin php packages based on PHP_VERSION - currently unable to dynamically generate version specific plans

view details

Stefan Davis

commit sha abbae677c5a50132e6828b09553f9b8d0cd210e9

add php-imagick to sury preferences

view details

Jeremy Davis

commit sha 39dcd998558c07dea24fa94cae2df857f661ffd1

Merge pull request #137 from OnGle/auto-release-checker Auto release checker

view details

Jeremy Davis

commit sha 6a378cc4693269e8c8936b8dc2e4d51a38f8083a

Merge pull request #138 from OnGle/php72 Php72

view details

Jeremy Davis

commit sha 6fe49450a8682c5517af91ac7a7117e5855ab1d0

remove backup sury gpg file

view details

Stefan Davis

commit sha 1a609d884ab00a3c6984c0d6778163d42bfb5a8b

Updated common php preferences

view details

Jeremy Davis

commit sha 0f7932a38e4814790c225e3c5a510cb918fe29b8

Merge pull request #139 from OnGle/php-updates Php updates

view details

Jeremy Davis

commit sha 5ed5d87efbc4b2f633b55b37ad9c2b306a07971a

tweak gh_releases script

view details

push time in a month

push eventJedMeister/common

Jeremy Davis

commit sha 2ad7a029afd93ec6b09f905d8eb82a06768df074

add fail2ban fix - as noted in Debian bug #902413

view details

Jeremy Davis

commit sha 4310abf1dd96b8131f9aea611fbfc0c68f9c528a

comment out deprecated sysctl option

view details

Jeremy Davis

commit sha 0d1dfb9e817bf8633ac2cee9c7a37084d442c6d8

set 'send_redirects' default key for sysctl too

view details

Jeremy Davis

commit sha 0acb4faf8bc0f886b0a74fb4dea479cc241a6c14

adjust grub-iface-naming conf so doesn't assume empty GRUB_CMDLINE_LINUX

view details

Jeremy Davis

commit sha 70adcef9d72061fcd59f8b3dd933f7427bdd387e

enable kernel debug if DEBUG=y; otherwise disable journalctl logging to console

view details

Jeremy Davis

commit sha dea5559615a642a772e765bdf8e4ce13d5f56b5c

update casper scripts (to be live scripts) & remove other mentions of casper

view details

Jeremy Davis

commit sha 09c11a76ad692678ea617a4534d0d29c763fafdd

adjusting plan (will need tidy)

view details

Jeremy Davis

commit sha 3e2af7d4d951acf6bf5e9e7b6d98b41ee3818c8d

base plan: update a few py2 deps to py3 and align comments

view details

Jeremy Davis

commit sha 912df82fb694fc13cae786ea1a471cbcaacdf108

implement hack to install etckeeper without py2

view details

Jeremy Davis

commit sha 740967939559d9cfb26b254210e9401da1abbd4a

git-core is now a virtual pkg provided by git, so use that instead

view details

Jeremy Davis

commit sha 44677b0abf7e9a05d6bc1ecb9d3fa66426e0e07b

add missing info comment to apt conf script

view details

Jeremy Davis

commit sha d1e549b472df98901bf00a37db59395f7f768207

mask live-tools.service (partial duplication of di-live.service)

view details

Jeremy Davis

commit sha e2ecc8f9d26425ba1410ad626853c6cc39cc0fb9

Split sslcert inithook script up & elborate dhparams - separate out TLS/SLL generation and move to slightly later: (overlays/turnkey.d/sslcert/usr/lib/inithooks/firstboot.d/16regen-sslcert) - move and elaborate DH param file generation in separate script: (overlays/turnkey.d/sslcert/usr/lib/inithooks/firstboot.d/15regen-dhparams) - move webserver restarts to much later: (overlays/turnkey.d/sslcert/usr/lib/inithooks/firstboot.d/90restart-webservers)

view details

push time in a month

issue commentturnkeylinux/tracker

Unprivileged TurnKey containers on LXC (inc Proxmox) fail

@joshuamallow - Yes, sort of...

If you need to have Postfix authenticate via LDAP, then there is no way to run a TurnKey (or Debian/Ubuntu/etc) LXC container unprivileged, as Postfix runs within a chroot, which needs access to /dev/random & /dev/urandom.

If you don't need that, then yes you can run a TurnKey LXC container as unprivileged, although unfortunately the setup is a little convoluted. (Postfix will still work fine, just that you won't be able to authenticate via LDAP).

We do plan to make that the default for our upcoming v16.0 release, although there isn't any ETA on that currently (it'll be ASAP).

To run TurnKey within an unprivileged, you need to first launch a privileged container. Then remove the random and urandom files from the Postfix chroot and then backup the container. You can then launch a new unprivileged container from the backup you created.

If you wish to leave the server uninitialised (so the firstboot scripts run at boot time) rather than logging in directly to remove the files, enter via pct and run the following lines to remove random/urandom:

rm /var/spool/postfix/dev/random
rm /var/spool/postfix/dev/urandom
JedMeister

comment created time in a month

issue commentturnkeylinux/tracker

Add qemu-guest-agent to TKL

Hi @renne - Thanks for the request.

I've tagged it with "iso", but I just wanted to clarify that you were suggesting that we include it with all builds? Or were you just recommending it for our OpenStack builds (which are qcow2 format images)? Or something else?

renne

comment created time in a month

issue openedturnkeylinux/tracker

HubDNS - support for IPv6

HubDNS currently only supports IPv4. It should also support IPv6.

The Hub is tagged too as I'm fairly sure that the Hub too would need to be updated to support IPv6.

created time in 2 months

issue closedturnkeylinux/tracker

HubDNS weirdness...

I just launched a new server from the Hub and set a tklapp.com domain name for it.

The instance is up and running and I can contact it via the IP address or the AWS DNS name. However, the tklapp.com domain seemed to be taking a long time to update, it was still pointing to the default tklapp.com page which displays:

The site you are looking for is currently not available.

user@ninjux ~$ dig ldap-test.tklapp.com

; <<>> DiG 9.9.5-9+deb8u11-Debian <<>> ldap-test.tklapp.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35320
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ldap-test.tklapp.com.		IN	A

;; ANSWER SECTION:
ldap-test.tklapp.com.	85436	IN	CNAME	tklapp.com.
tklapp.com.		86399	IN	A	23.21.244.168

;; Query time: 172 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jun 28 09:55:01 AEST 2017
;; MSG SIZE  rcvd: 79

So I decided to see if I could speed it up by forcing HubDNS to update. So on the server:

root@openldap ~# hubdns-update
Updated ldap-test.tklapp.com. with 54.206.85.130

According to dig, that appeared to work almost instantly:

user@ninjux ~$ dig ldap-test.tklapp.com

; <<>> DiG 9.9.5-9+deb8u11-Debian <<>> ldap-test.tklapp.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29553
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ldap-test.tklapp.com.		IN	A

;; ANSWER SECTION:
ldap-test.tklapp.com.	9	IN	A	54.206.85.130

;; Query time: 208 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jun 28 09:55:41 AEST 2017
;; MSG SIZE  rcvd: 65

But when I tried to browse to the site via my browser, I still get the tklapp default/error page. I thought that may have been just because of browser caching, so I cleared my cache and opened it in an incognito window for good measure. But still getting the same default tklapp page?!

So I double checked dig, and it's changed back again - WTF?!:

user@ninjux ~$ dig ldap-test.tklapp.com

; <<>> DiG 9.9.5-9+deb8u11-Debian <<>> ldap-test.tklapp.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58097
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;ldap-test.tklapp.com.		IN	A

;; ANSWER SECTION:
ldap-test.tklapp.com.	85367	IN	CNAME	tklapp.com.
tklapp.com.		85367	IN	A	23.21.244.168

;; Query time: 30 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jun 28 09:56:03 AEST 2017
;; MSG SIZE  rcvd: 79

I retired again and same result... (hubdns-update works almost instantly, but then within a minute (or perhaps less) it switches back to the default tklapp.com IP.

However, I note that in the time it's taken me to write this, it now appears to finally be working properly. It seems like something on the Hub end is keeping it locked to the default tklapp.com IP until it's ready to let it go?! Perhaps there is some race condition going on?

Perhaps this is the real issue behind #618?

closed time in 2 months

JedMeister

issue commentturnkeylinux/tracker

HubDNS weirdness...

I'm going to close this now as I think (as noted) that it's to do with my local setup.

JedMeister

comment created time in 2 months

issue closedturnkeylinux/tracker

[Hub] Cloned instances steal HubDNS association

I've labeled this as a bug but I'm not quite sure whether it is a feature or a bug! :)

I just tested the snapshot/clone abilities of the Hub and it's awesome! However I noticed that the cloned instance 'steals' the HubDNS/tklapp.com domain association. When I reboot the original server it 'steals' it back... I'm not sure how this could be resolved but it is not optimal IMO.

<bountysource-plugin>

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource. </bountysource-plugin>

closed time in 2 months

JedMeister

issue commentturnkeylinux/tracker

[Hub] Cloned instances steal HubDNS association

I'm going to close this as I'm not 100% sure what we could do about it. As the name suggests, a cloned server is a copy of the original server so I'm not really sure how HubDNS could know to differentiate...

JedMeister

comment created time in 2 months

issue commentturnkeylinux/tracker

Request: "Read the Docs" server

Hey @ghoulmann - Long time no chat mate! I hope you are well.

That would be awesome if you did! It's highly unlikely that we'll get a chance to get to it any time soon. Mark (in the forums) expressed an interest in giving it a go, but he also noted that he was having troubles getting it installed, so that doesn't really bode well...

In case you didn't see it, I did have one comment re my brief glance at the install instructions:

The only thing that jumps out at me is that in the dependencies section (I looked at Ubuntu, which should be near enough for our purposes), it suggests installing python-dev, python-pip and python-setuptools. But it then goes on to explicitly create a python3 virtual env?! I assume that they actually mean the python3 versions of those packages. I.e. python3-dev, python3-pip and python3-setuptools.

JedMeister

comment created time in 2 months

issue commentturnkeylinux/tracker

ERPNext - new appliance feature request

Hey @hibouambigu

Thanks for taking the time to reply!

You're most welcome! :smile: I always love to see new appliances added to our library (despite the added workload in then maintaining them... :wink: ) So it would be remiss of me to not at least respond!

Please excuse this lengthy response, but I wanted to address your post as directly and explicitly as possible...

I would be keen to take you up on the offer of some support and coaching with it. I've been successful deploying ERPNext in Ubuntu 18.04, so far, but willing to take a crack at Debian 9 as well in the interest of a TKL container build.

Awesome! I imagine that there shouldn't be too much difference between installing on Ubuntu vs installing on Debian.

FWIW the main "higher priority" item on my agenda at the moment is getting (at least an RC) of TurnKey 16.0 Core out the door (based on Debian 10/Buster). I'm getting pretty close (although in fairness, I've been saying that for weeks now...).

But in the meantime, developing an appliance on our current base is fine. Porting it to Debian 10/Buster shouldn't be too bad. It may require some dependency "massaging", but otherwise should be fairly straight forward.

Admittedly it might take me a little bit to play with TKLDev and figure out the right questions to ask you.

Yes, totally understandable.

As we use TKLDev all the time (and we developed it) I'm sure that there is some "curse of knowledge" that goes on within the docs. Having someone such as yourself looking over it, may assist us to improve the docs to make things more clear?!

So please do not hesitate to ask any questions you have. Especially if there is anything in the docs that doesn't make sense, or could be improved for clarity.

OTTOMH, the only thing that the docs cover that wont work as expected, is the "sandbox" (as noted in the first paragraph of my previous comment).

I've been using some of your appliances in Proxmox VE's LXC implementation with success (thanks!) but probably could use a better-than-topographic understanding of containers to get to grips with TKLDev.

Great to hear that our containers have been of value to you.

I forget whether TKLDev is available as a container, but if it is, it shouldn't be (there are some issues with using nested overlay filesystems - as employed by both LXC and TKLDev). So the first step will be to install it as a "proper" VM (the iso installs fine to KVM under Proxmox, or there is an OVA that will work under alternate VM environment if you prefer).

In regards to ERPNext, as you discovered awhile back it does seem to have a good number of common dependencies which are satisfied in part by a handful of existing TKL offerings: MariaDB, Nginx, Redis, Node.js, etc.

The application has a deployment script which takes a handful of arguments to configure a batteries included installation (Nginx, MariaDB and other dependencies). Perhaps TurnKey Core would be a good start then.

In all of our appliances, MariaDB, Nginx and Redis are all installed from the (Debian) repos, so starting with Core and adding those (and any other packages provided by the Debian repos) to the plan (plan/main) should do the trick to get them installed.

NodeJS is installed via a common makefile, namely nodejs.mk. You too can leverage the existing code by adding this line to you appliance Makefile:

include $(FAB_PATH)/common/mk/turnkey/nodejs.mk

Put that line just above the include $(FAB_PATH)/common/mk/turnkey.mk line in your ERPNext appliance Makefile (link to the relevant line in Core's Makefile).

Any large config changes (or other complete files/scripts you wish to include) can be added to the overlay directory (relative to /, e.g. to add /etc/some.config to your appliance, add the file to the build code as overlay/etc/some.config). Installation (including further config adjustments) can be done via a conf script (executable files in conf.d/ are run in alphanumeric order, after the overlays are applied). Currently the convention is to do all your work in conf.d/main, although many also have a conf.d/downloads script and a couple of the more complex installs break the script into separate, multiple conf.d/ scripts (prefixed with a 2 digit number to ensure they run in the desired order). Having said that, I imagine that a single conf script would be suitable in this case.

Beyond the installation, probably the trickiest component of new appliance development are the inithooks (aka firstboot scripts). They ensure that each appliance is unique (lots of software these days has some sort of "secret" that should be unique to each install). They also allow users to do stuff such as set admin user passwords and emails on firstboot.

Hopefully my previous comment (plus the docs as noted/linked to there) will assist, but as I say, any further questions, please ask.

JedMeister

comment created time in 2 months

push eventturnkeylinux-apps/odoo

Stefan Davis

commit sha ed38b24e23dffa59ccc0bbab056c469572873ecc

Update wkhtmltopdf

view details

Stefan Davis

commit sha ef3760041ba592d1329c29515152e1bad8406fc6

update changelog

view details

Jeremy Davis

commit sha 5a7224923a7cdc80fc153a5c444820e210d166a6

Merge pull request #14 from OnGle/odoo-pdf-fix Odoo pdf fix

view details

push time in 2 months

PR merged turnkeylinux-apps/odoo

Odoo pdf fix

Fixes https://github.com/turnkeylinux/tracker/issues/1343

+15 -2

0 comment

3 changed files

OnGle

pr closed time in 2 months

issue closedturnkeylinux/tracker

Odoo v15.x not outputting PDFs as expected

As reported in our forums the current v15.1 Odoo appliance doesn't output PDFs as expected.

Apparently it can be resolved by updating the version of wkhtmltopdf. I.e. remove the installed version (v0.12.3 - from the Debian repos) and download and install a newer version (currently v0.12.5) direct from upstream.

Here's the workaround (assumes root, if not root, precede these commands with sudo su -, or each individual command with sudo):

apt-get remove wkhtmltopdf
DEB=/wkhtmltox_0.12.5-1.stretch_amd64.deb
URL=https://downloads.wkhtmltopdf.org/0.12/0.12.5
wget $URL/$DEB
dpkg -i $DEB

Please note that from my reading of the Odoo source code, you will likely also need to increase workers >= 2 in your Odoo conf file (/etc/odoo/odoo.conf) and restart Odoo (service odoo restart).

closed time in 2 months

JedMeister

issue commentturnkeylinux/tracker

Redmine 15.2 SVN Repository

@speedy32129 - Ok thanks for the heads up. That all sounds a bit broken...

I wonder if it's an issue with something missing from the environment when run as a cron job? FWIW we have a doc/wiki page on testing cron jobs.

Ideally, I'd jump on this myself ASAP, but I'm currently pretty snowed under with v16.0 dev (really hope to have at least a Core RC iso available really soon...). I'll delegate it to another developer, but I'm not sure when we'll be able to get to it. If you discover anything further in the meantime, please share.

speedy32129

comment created time in 2 months

startedsharkdp/pastel

started time in 2 months

push eventJedMeister/turnkey-sysinfo

Jeremy Davis

commit sha 796d708059857e15f121ebd2e141ce8c4ed4d724

consolidate and bugfix code (now that turnkey-version is included in pkg)

view details

push time in 2 months

push eventJedMeister/turnkey-sysinfo

Jeremy Davis

commit sha e9e36ee6472036162bc8b60d7192d49ae4778ac7

update debian files: add detailed description and include turnkey-version binary in pkg

view details

Jeremy Davis

commit sha 2737db73f0ccee5323ac27516d347ba4f5eb6184

add licence and info to head of turnkey-version script

view details

push time in 2 months

create barnchJedMeister/turnkey-version

branch : transitional-package

created branch time in 2 months

push eventJedMeister/turnkey-sysinfo

Jeremy Davis

commit sha 34b797baae7703ac558c0a9157816db175b3d66e

remove executil from motd script

view details

Stefan Davis

commit sha 288df1ee807e64e38e732d1cd291d9dc1324050a

Merged turnkey-version, turnkey-sysinfo & turnkey-pylib.sysversion

view details

push time in 2 months

issue commentturnkeylinux/tracker

Turnkey Fileserver webmin/web shell fails with external storage attached

All good. Thanks for confirming that there isn't a bug. :smile:

Silent-Hunter

comment created time in 2 months

issue commentturnkeylinux/tracker

Webmin vulnerability

FWIW, I've just published a blog post regarding this.

So whilst the core of this issue is a non-issue, I think I will leave this issue open for now (with the intention of closing once we release a security update).

dafyddj

comment created time in 2 months

issue commentturnkeylinux/tracker

ERPNext - new appliance feature request

@hibouambigu - Thanks for your input. I agree it would make a great appliance. I'd love to see it happen, although at this point we have some higher priority items.

I note that @sanath2020 did have a look, but I assume from lack of recent updates that they got otherwise occupied and/or struggled to get it working and/or installed for their personal use (rather than developing the build code to allow us to provide an appliance).

We may get to it ourselves at some point, although we're a relatively small team, with lots to do! My offer of support and coaching to anyone who would like to have a go at developing the required build code (so that we can release an appliance) still stands. So if you'd like to have a go, please read previous comments and let me know if you have any further questions or need a hand with anything...

JedMeister

comment created time in 2 months

issue openedturnkeylinux/tracker

Request: ReadTheDocs server

As noted in the forums recently, Mark has a requested a Read the Docs appliance. The install instructions are noted here.

created time in 2 months

issue closedturnkeylinux/tracker

Turnkey Fileserver webmin/web shell fails with external storage attached

I installed the latest ISO downloaded from the Turnkey website in a Proxmox VM, and it worked, I was able to access webmin and the web shell. Then I changed to a static IP, shut down the VM, and added a 4TB external drive. On booting back up, the webmin and shell give a connection refused error. I tried it again, but added the external drive before installing Turnkey, and it did the same thing.

It's Proxmox Virtual Environment 6.0-4 and Turnkey Fileserver 15.0.

closed time in 2 months

Silent-Hunter

issue commentturnkeylinux/tracker

Turnkey Fileserver webmin/web shell fails with external storage attached

Hi there.

I suspect that this is something that has gone wrong, specific to your setup, rather than a TurnKey bug. As a general rule, we prefer to provide support via our forums and try to reserve GitHub "issues" for bugs and/or feature requests (i.e. action required on our part). I'll close this for now (in anticipation that it's something wrong with your specific setup, rather than a TurnKey bug). But seeing as you've already posted here, I'll give you few pointers:

As it's both Webmin and Webshell that aren't working, my guess is that the Stunnel service is not running, or has failed (both Webmin and Webshell are running behind Stunnel). So I'd recommend checking (the service is actually named stunnel4). Do that like this:

systemctl status stunnel4

For completeness, you can also check Webmin and Webshell services too (Webshell is also known as shellinabox):

systemctl status webmin
systemctl status shellinabox

The system log may also give you some indication of why things aren't working. You can access that via the journalctl command:

journalctl

To just view info from the journal about a specific service, use the -u switch. E.g.:

journalctl -u stunnel4

Hopefully that might give some insight into what the actual cause of the issue is.

Silent-Hunter

comment created time in 2 months

push eventturnkeylinux-apps/openvpn

Peter Lieven

commit sha 1b345874ea5a2a69933c9978aacfed6347358696

fix: disable compression since the VORACLE attack [1] the recommended setting is to disable compression. Furthermore some openvpn client refuse to enable lzo compression resulting in no longer working vpn setup. [1] https://community.openvpn.net/openvpn/wiki/VORACLE Signed-off-by: Peter Lieven <pl@kamp.de>

view details

Peter Lieven

commit sha 2dfa142a60a6de34e2ee0e81d8abe19d9b7630b9

fix(openvpn-addclient): avoid newline in profile url Signed-off-by: Peter Lieven <pl@kamp.de>

view details

Jeremy Davis

commit sha 375b3d597678f0f5a884d453da91bbd93e3f2603

Merge pull request #27 from plieven/master openvpn app fixes

view details

push time in 2 months

PR merged turnkeylinux-apps/openvpn

openvpn app fixes
+1 -3

0 comment

3 changed files

plieven

pr closed time in 2 months

issue commentturnkeylinux/tracker

Webmin vulnerability

Hi @dafyddj - Thanks for flagging this.

FWIW I also saw this over the weekend and intend to publish a blog post today.

As it turns out, TurnKey servers are not vulnerable to this particular exploit as the version of Webmin that we currently package and provide is v1.881 (i.e. prior to a malicious version being uploaded).

However, there are a few (IMO much less serious; albeit well worth patching) potential vulnerabilities in the version that we currently provide. So we intend to push out a Webmin (v1.930) security update for v15.x servers this week. This should allay any concerns that TurnKey users may have.

Thanks again for being vigilant. I try to keep abreast of potential TurnKey related security issues, but really appreciate the assistance and input of others such as yourself.

dafyddj

comment created time in 2 months

startedPyCQA/bandit

started time in 2 months

issue commentturnkeylinux/tracker

Redemine 15.2 SVN Repository

Hi there,

I assume you are referring to this cron job?

It's weird that the cron script would be having issues with $WEBROOT as it's explicitly set at the top of the cron script.

Also, it looks look like it should be logging to /var/log/reposman.log, so perhaps you could share what's in there?

speedy32129

comment created time in 2 months

push eventJedMeister/inithooks

Jeremy Davis

commit sha 779e441b91b273ddbb4ca28955caa9ba7d05c48d

commit WIP of bin/dialog_wrapper.py

view details

push time in 2 months

push eventturnkeylinux/confconsole

Jeremy Davis

commit sha 48a309ac17d7ee1ea5ab669d7b89885d2dbf90fa

include check for "boot=live"

view details

push time in 2 months

push eventJedMeister/confconsole

Jeremy Davis

commit sha 6abb4fd750030c4e2c1a87bdb240fb400b827c8c

fix spelling/typo

view details

push time in 2 months

push eventJedMeister/confconsole

Jeremy Davis

commit sha 48a309ac17d7ee1ea5ab669d7b89885d2dbf90fa

include check for "boot=live"

view details

push time in 2 months

delete branch JedMeister/inithooks

delete branch : py3-from-stefan

delete time in 2 months

push eventturnkeylinux/inithooks

Jeremy Davis

commit sha 38f35953944c09a552fcf023c9ccb71908a77f40

add inithooks-openstack.service to installed systemd files - closes #1340 (properly)

view details

Jeremy Davis

commit sha aeccd1b38bc3630f238ff6f28103e81304559c8e

Merge branch 'openstack-fix'

view details

Stefan Davis

commit sha 08bae2cc6524645a6e0b9e80c807ede8eea53ba6

updated to python3 (i think)

view details

Stefan Davis

commit sha 7475684c87fb3e812244ce1ab9a0e1085e5b14b6

commit changes to turnkey-init

view details

Jeremy Davis

commit sha d503a210cd44c95d182ac6ca6dc5bcc50eda5f77

update debian files for py3

view details

Jeremy Davis

commit sha 700d000de096a88194790201b47bec5a0a1ef0a2

replace errant tab with spaces in dialog_wrapper.py & more py3 updates

view details

Jeremy Davis

commit sha f740b3eb62d10cf539e90e093fe9b48a4fb41e5b

replace casper with live

view details

Jeremy Davis

commit sha 67861488538d2a373f632d51121031e8620ba151

more python3 tweaks

view details

push time in 2 months

push eventJedMeister/inithooks

Jeremy Davis

commit sha 38f35953944c09a552fcf023c9ccb71908a77f40

add inithooks-openstack.service to installed systemd files - closes #1340 (properly)

view details

Jeremy Davis

commit sha aeccd1b38bc3630f238ff6f28103e81304559c8e

Merge branch 'openstack-fix'

view details

Stefan Davis

commit sha 08bae2cc6524645a6e0b9e80c807ede8eea53ba6

updated to python3 (i think)

view details

Stefan Davis

commit sha 7475684c87fb3e812244ce1ab9a0e1085e5b14b6

commit changes to turnkey-init

view details

Jeremy Davis

commit sha d503a210cd44c95d182ac6ca6dc5bcc50eda5f77

update debian files for py3

view details

Jeremy Davis

commit sha 700d000de096a88194790201b47bec5a0a1ef0a2

replace errant tab with spaces in dialog_wrapper.py & more py3 updates

view details

Jeremy Davis

commit sha f740b3eb62d10cf539e90e093fe9b48a4fb41e5b

replace casper with live

view details

Jeremy Davis

commit sha 67861488538d2a373f632d51121031e8620ba151

more python3 tweaks

view details

push time in 2 months

delete branch JedMeister/inithooks

delete branch : py3-2to3

delete time in 2 months

create barnchJedMeister/inithooks

branch : race-condition

created branch time in 2 months

create barnchJedMeister/inithooks

branch : py3-from-stefan

created branch time in 2 months

create barnchJedMeister/inithooks

branch : py3-2to3

created branch time in 2 months

push eventJedMeister/turnkey-conffile

Jeremy Davis

commit sha 33393fb5622ee8db81d933a1a73971d5bd51ac8e

fix read() func

view details

push time in 2 months

push eventJedMeister/turnkey-conffile

Jeremy Davis

commit sha 8638ddfee2b883de7ee3f351a42ffb2c5967529a

add gitignore

view details

push time in 2 months

push eventJedMeister/turnkey-conffile

Jeremy Davis

commit sha c6cf9b7fbe42467b66d48084102cd9299ca935dc

PY3: remove usage of 'file()'

view details

push time in 2 months

push eventJedMeister/inithooks

Jeremy Davis

commit sha 8b5d396da3a3373a151843429e9c874983b28d89

more python3 tweaks

view details

push time in 2 months

push eventJedMeister/inithooks

Jeremy Davis

commit sha 4199ee6fa4c3b8838aafa94e4fb7b9a26a7467e6

replace casper with live

view details

Jeremy Davis

commit sha 040969e6e3cbc95f71fd1c089c37d78c7fec2ed7

more python3 tweaks

view details

push time in 2 months

issue closedturnkeylinux/tracker

devise and document changelog policy

TurnKey should have a clearly defined policy on what should (and shouldn't) be noted in changelogs. IMO the policy should be bundled in with the TKLDev docs as it would be relevant to appliance developers and maintainers.

The current situation is quite adhoc and some consistency (both between appliances, and between releases) would be useful for end users. Having said that, I don't personally want to dictate what should or shouldn't go into a changelog, so let's have a discussion about it. Part of that discussion should be clarity on who the intended audience of the changelog is.

OTTOMH a few things that should be included in the changelogs:

  • changes to upstream version (for appliances that include 3rd party software)
  • changes to upstream install method (for appliances that include 3rd party software, e.g. tarball install, composer install, git clone install, etc)
  • specific bugfixes and feature requests which have been implemented
  • adjustments to inithooks, specifically inclusion/removal of questions/settings
  • any/all configuration changes from Debian defaults (not necessarily every specific change, but the fact that we aren't using Debian defaults - where the specifics of these changes can be found should be noted IMO)
  • changes to TurnKey packages (pkgs common to all appliances noted in core only; pkgs common to specific appliances, e.g. tkldev - in that appliance only)

Additionally, IMO we should consider having common changelog text noted somewhere in common. That way when someone updates an appliance that uses something from common they have some changelog content which can be copy/pasted.

Also relevant to #728 & #275

closed time in 2 months

JedMeister

issue commentturnkeylinux/tracker

devise and document changelog policy

I think that this is now adequately covered in the TKLDev docs: https://github.com/turnkeylinux-apps/tkldev/blob/master/docs/development/changelog.rst so am closing. If anyone disagrees, please feel free to reopen.

JedMeister

comment created time in 2 months

push eventJedMeister/turnkey-sysinfo

Jeremy Davis

commit sha 05457508bfe42de575141b500997d70ac13ff4eb

ensure that /usr/share/turnkey-sysinfo/contrib/motd exists

view details

Jeremy Davis

commit sha 43bcda3b42fbd2d47ba1771039e0863a5e48682f

fix shebangs for py3

view details

push time in 2 months

issue closedturnkeylinux/tracker

Not all tags shown (website)

Reported on lp#914498 by @JedMeister on 2012-01-11

Description

When browsing forum tags (when in forums, click on 'more tags' in left hand pane, takes you to: http://www.turnkeylinux.org/tagadelic/chunk/9) not all the tags are shown. To me it seems like heaps of them are missing.

<bountysource-plugin>

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource. </bountysource-plugin>

closed time in 2 months

alonswartz

issue commentturnkeylinux/tracker

Not all tags shown (website)

Thanks for the bump on this one @qq7. TBH, I'm not 100% sure, but as you point out, the URL is a 404. IIRC when the site was upgraded from drupal6 to drupal7, we dropped the usage of the "tagadelic" module (and are now just using the default/built-in tagging stuff).

So I say, let's close this for now and if need be a new issue could be opened with current info...

alonswartz

comment created time in 2 months

startedkeepassx/keepassx

started time in 2 months

startedhallard/Battery-Voltage-Measure

started time in 2 months

issue openedturnkeylinux/tracker

osCommerce - use "Community Edition" branch by default

It appears that the latest "official" release (v2.3.4.1) of osCommerce (i.e. downloaded from the top of this page) is really dated. According to my [reading on their forums], osCommerce.com is/was controlled and maintained by a single individual who has since gone AWOL.However, the community have a fork which is being maintained as "Community Edition Phoenix". Read more about that here and here on their forums. The osCommerce Products page (scroll down from the "Official release") notes "Phoenix Edition v1.0.2.0 - OSCOM CE Phoenix is the official Community Edition of osCommerce".

The "CE" version is much sexier, using Bootstrap 4 and is clearly being maintained (latest release was 18 days ago, prior release was July). So I believe that it would be a much better user experience to pre-install this "Community Edition" fork, rather than the "Offical" release.

Note that the code itself is hosted here on GitHub and the latest download is available from the Releases page.

created time in 2 months

issue commentpaypal/TLS-update

Tlstest site down

Yep not working for me either... Dig isn't finding a record for that (sub)domain at all (at least via Google Public DNS):

$ dig tlstest.paypal.com @8.8.8.8

; <<>> DiG 9.10.3-P4-Debian <<>> tlstest.paypal.com @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27292
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;tlstest.paypal.com.		IN	A

;; AUTHORITY SECTION:
paypal.com.		269	IN	SOA	ppns1.phx.paypal.com. hostmaster.paypal.com. 2012274645 7200 600 1209600 300

;; Query time: 28 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Aug 16 11:58:29 AEST 2019
;; MSG SIZE  rcvd: 104
Skouat

comment created time in 2 months

issue closedturnkeylinux/tracker

Webmin - not editing 000-default site TLS cert

As recently reported in the forums, it appears that Webmin may not be editing the default (000-default) Apache virtualhost - specifically relating to the SSL/TLS cert?!

closed time in 2 months

JedMeister

issue commentturnkeylinux/tracker

Webmin - not editing 000-default site TLS cert

As noted in my comment, I can't reproduce this issue so am closing for now.

JedMeister

comment created time in 2 months

issue commentturnkeylinux/tracker

PHP update in 15.3 stable

Ok great. Looks like you are all good now.

Re the lack of links for configuring PHP7.2 ini files in Webmin, I'm pretty sure if you click the little cog, you can configure it to point to the PHP7.2 version (you'll need to add the full path the the 7.2 ini files).

I'll close this now. If you need more support, best to sign up to the website and post in the forums. (You need to be logged in to open a new thread).

WWE-Corey

comment created time in 2 months

issue closedturnkeylinux/tracker

PHP update in 15.3 stable

turnkey-wordpress-15.3-stetch-amd64

Current version of PHP is 7.0 and I need at least 7.1 for certain plug-ins. How can this be updated?

Current plug-in I am trying to install is Weather Station.

closed time in 2 months

WWE-Corey

issue openedturnkeylinux/tracker

Webmin - not editing 000-default site TLS cert

As recently reported in the forums, it appears that Webmin may not be editing the default (000-default) Apache virtualhost - specifically relating to the SSL/TLS cert?!

created time in 2 months

issue commentturnkeylinux/tracker

PHP update in 15.3 stable

Hmm, it should be picking up the key from /usr/share/keyrings/php-sury.org.gpg. Perhaps double check these:

ls /usr/share/keyrings/php-sury.org.gpg

(Should just return the filename - if it errors then the key is in the wrong place). And double check that /etc/apt/sources.list.d/php.list looks like this (i.e. run cat /etc/apt/sources.list.d/php.list):

# DEB.SURY.ORG repo for php
deb [signed-by=/usr/share/keyrings/php-sury.org.gpg] https://packages.sury.org/php/ stretch main

Alternatively, if you aren't super concerned about following "best practice" re 3rd party repos (Onjre is a trustworthy guy IMO - so in this instance the risk probably isn't huge) you could remove the bit in square brackets from the php.list sources file. I.e. so it looks like this:

# DEB.SURY.ORG repo for php
deb https://packages.sury.org/php/ stretch main
WWE-Corey

comment created time in 2 months

issue commentturnkeylinux/tracker

PHP update in 15.3 stable

Best bet is to install from deb.sury.org.

You could just follow the instructions from the readme, but in an effort to make it a bit easier on you, try copy/pasting the below into a terminal of your appliance.

Please note that it's untested, so I recommend that you test on a development server first! If you have any issues or questions, please ask before you run this on a production server! Having said that, it should be ok as the basis of the below is all pulled from the TurnKey build code (with some minor modifications). FWIW some apps are already using this method to install newer version of PHP. The bulk of this comes from this particular build script.

Note that this includes package pinning for additional (best practice) security and does not add the third party key to your default apt keyring (again best practice security).

As the first line suggests, this will install PHP7.2.

PHP_VERSION=7.2

PKGS="apt-transport-https lsb-release ca-certificates"
apt update
DEBIAN_FRONTEND=noninteractive apt install -y $PKGS

FILE=usr/share/keyrings/php-sury.org.gpg
URL=https://github.com/turnkeylinux/common/raw/master/overlays/php-sury

wget $URL/$FILE -O $FILE

SOURCES_LIST=/etc/apt/sources.list.d
PREFS_LIST=/etc/apt/preferences.d

cat > $SOURCES_LIST/php.list <<EOF
# DEB.SURY.ORG repo for php
deb [signed-by=/usr/share/keyrings/php-sury.org.gpg] https://packages.sury.org/php/ stretch main
EOF

cat > $PREFS_LIST/php-sury.pref <<EOF
Package: *
Pin: origin packages.sury.org
Pin-Priority: 10
Package: php${PHP_VERSION}-*
Pin: origin packages.sury.org
Pin-Priority: 550
Package: php-common
Pin: origin packages.sury.org
Pin-Priority: 550
Package: php-pear
Pin: origin packages.sury.org
Pin-Priority: 550
Package: php-imagick
Pin: origin packages.sury.org
Pin-Priority: 550
Package: php-redis
Pin: origin packages.sury.org
Pin-Priority: 550
Package: php-igbinary
Pin: origin packages.sury.org
Pin-Priority: 550
Package: libapache2-mod-php${PHP_VERSION}
Pin: origin packages.sury.org
Pin-Priority: 550
EOF

Now you'll need to install the PHP packages (you may wish to have additional ones, but this should be a good start).

PKGS="php7.2-mysql libapache2-mod-php7.2 php7.2-gd php7.2-cli php7.2-curl php7.2-xml php7.2-mbstring php7.2-zip php-pear php-imagick"
apt update
DEBIAN_FRONTEND=noninteractive apt install -y $PKGS

To make PHP7.2 Apache integration the new default, disable the current default Apache-PHP module and restart Apache:

DEFAULT=7.0
NEW=7.2
a2dismod php${DEFAULT}
a2enmod php${NEW}
service apache2 restart

Finally, to make PHP 7.2 the default PHP when running php from the commandline:

VER=7.2
update-alternatives --set php /usr/bin/php${VER}
update-alternatives --set php-config /usr/bin/php-config${VER}
update-alternatives --set phpdbg /usr/bin/phpdbg${VER}
update-alternatives --set phpize /usr/bin/phpize${VER}

Note that you may need to make adjustments to the new php.ini (IIRC the Apache and CLI configs should be found at the following respective locations: /etc/php7.2/apache/php.ini & /etc/php7.2/cli/php.ini).

If you get any errors about missing PHP modules, then you can install like this:

apt update
apt-install php7.2-<module_name>
service apache2 restart

For further info, please see the deb.sury.org GitHub wiki.

WWE-Corey

comment created time in 2 months

more