This page contains a description of the installation and customisation of Debian 7.4 "Wheezy" on my Dell Inspiron 530 desktop computer which is used as server, router and production machine. Historically, this is a follow-up to my Fedora 14 page and it has been superseded by the move to a new computer. - As usual, this document has been "anonymised" in a few places; in particular IP addresses have been replaced by XXX or YYY.
In spring 2014 I moved most of my computers to Debian.
The key reason for changing from Fedora to Debian was the longevity of the system: My computers are tools that I use every day for my business. I do not want to waste time with frequent upgrades of the entire system ... but Fedora issues a new release every 6 months, which meant that my trusty Fedora 14 installation reached its official end-of-life already in 2011-12-08, i.e. just one year after its release. Too short for a production system.
For quite a while, I have been searching for and playing with alternatives. My key requirements, in a nutshell:
Up to 2013, I had acquired most of my "productive" Linux experience on RedHat-based systems, namely Fedora and RHEL. It was thus obvious that I considered Scientific Linux and the very similar CentOS (which I discarded due to its different scope). Appealing were both its known-to-me structure and its unusual long support: the 6.x releases are expected to be supported until 2020. Indeed I have installed such systems for my clients, both as server and as enterprise desktops - however, a few packages that I need daily were not available in SL6 (jpilot, glabels). Albeit one can usually compile "missing" packages from the related Fedora source packages (the software that comes with SL 6.5 is close to Fedora 14 or 15), I wanted a more recent system.
Thus, after some tests, I decided to switch to Debian, offering a lifecycle of 3 to 4 years between major releases, and an "upgrade while running" philosophy. My learning curve was steep since the system structure and administration are quite different from Redhat-based systems. Note that I did not say "difficult", just "different" ;-)
The computer is still the same: My Dell Inspiron 530 with Intel E4500 Core Duo 2.20 GHz processor with 800 MHz FSB, 3 GB RAM, 320 GB Seagate ST3320620AS harddisk (SATA 3.0 Gb/s, cache 16 MBytes, 7200 rpm), a DVD burner HL-DT-ST Model DVD+-RW GSA-H73N (HLDS Inc.), a Teac 19-in-1 media card reader, Intel 3100 onboard graphics and a Dell E228WFP 22" widescreen display.
Since it is a server and router for my home network, it is equipped with a second network card. The machine has performed flawlessly under Linux right from its acquisition in early 2008: first came Fedora 8 for about 1.5 years, followed by Fedora 11 and then Fedora 14 between 2010-11 and 2014-02. The move to Debian took place in early 2014, but I replaced the computer in summer 2014 due to its age.
Today, installing Linux is plug-and-play. A common Linux desktop PC is fully installed and operational in less than 2 hours.
In this case, however, I went a slower path since I wanted a minimal server-with-KDE install (cf. Debian Wiki and Philip Reimer) In addition, the machine is configured as a router which implied some particular steps.
This does not mean that it took a long time - from inserting the install CD to an operational router and firewall it took barely 1 hour!
If you have another Linux system running that uses the same partitions (e.g. /home), be aware that the installer will re-format some partitions (at least the new system's root, usually also the swap partition). This may lead to changed signatures, impeding an eventual reboot of the "other" OS:
UUID of these partitions by their conventional /dev/sdaX counterpart.SELINUX=permissive in /etc/selinux/config).The initial installation was performed from the Debian 7.4 64-bit "netinstall" CD. Using a custom disk layout, I simply installed Debian over the "old" Fedora 11 partition that was available on this system, keeping Fedora 14 intact:
| Partition | Type | Filesystem | Label | mount point | Comment |
|---|---|---|---|---|---|
| /dev/sda1 | primary | vfat | DellUtility | /mnt/dell | Dell Utilities from factory install, left unchanged. |
| /dev/sda2 | primary | 20 GB ext4 | F14 | /mnt/f14 | This was the root filesystem of Fedora 14. Will be used when updating the system in the future. |
| /dev/sda3 | primary | 20 GB ext4 | Debian | / | This is the root filesystem of Debian. |
| /dev/sda4 | extended | This holds the following partitions. | |||
| /dev/sda5 | logical | 60 GB ext4 | home | /home | Home directories. |
| /dev/sda6 | logical | 120 GB ext4 | share | /mnt/share | Local NFS export. Music, images, etc. |
| /dev/sda7 | logical | 5 GB swap | swap | swap | Swap space. |
| /dev/sda8 | logical | 80 GB ext4 | vbox | /mnt/vbox | VirtualBox files. |
During the installation, I de-select "Desktop" and select ssh server, file server (this installs both NFS and Samba), print server (CUPS) and standard system utilities. This initial installation was finished in barely 16 min; upon reboot we log in on the console:
apt-get install vim
Then, edit /etc/vim/vimrc and un-comment syntax on.
Edit /etc/apt/sources.list. Remove the entry for the Debian CD, then add non-free contrib at the end of the first 4 entries.
apt-get update apt-get install firmware-linux* mc ntpdate acpi-support sysv-rc-conf hwinfo ethtool
Copy the existing shares and their mount points:
mkdir /mnt/f14 /mnt/vbox/ /mnt/share /mnt/dell grep /mnt/vbox/ /mnt/f14/etc/fstab >> /etc/fstab grep /mnt/share /mnt/f14/etc/fstab >> /etc/fstab grep /mnt/dell/ /mnt/f14/etc/fstab >> /etc/fstab
Now comes the tricky part: This system has two network cards - and we need to avoid that the cards be assigned in arbitrary order. In my case, the card connected to my ISP was automatically assigned as eth0 during installation but I want this to be eth1 on the production system - simply because all my computers have the internal network on eth0.
The key is to edit /etc/udev/rules.d/70-persistent-net.rules and to adjust (only!) the value of the NAME= key as needed.
You can check the assignment with ethtool -i ethX && ethtool -P ethX; on my system this can be resumed as follows:
Edit /etc/network/interfaces and assign the way the two cards are operated. At the same time, this is where the firewall is launched:
# The loopback network interface auto lo iface lo inet loopback # activate the firewall pre-up iptables-restore < /etc/network/iptables.rules # The primary (internal) network interface auto eth0 allow-hotplug eth0 iface eth0 inet static address 192.168.xx.yy netmask 255.255.255.0 broadcast 192.168.xx.255 # do NOT set any gateway here! # the external network card auto eth1 allow-hotplug eth1 iface eth1 inet dhcp
Copy existing firewall rules: cp /mnt/f14/etc/sysconfig/iptables /etc/network/iptables.rules
Edit etc/sysctl.conf and activate routing by un-commenting the line net.ipv4.ip_forward=1.
At the same occasion, you may want to insert kernel.sysrq=1.
For the DHCP server, I switched from dhcpd to dnmasq: apt-get install dnsmasq, then edit /etc/dnsmasq.conf:
local=/localnet/ interface=eth0 listen-address=127.0.0.1 domain=localnet dhcp-range=192.168.xx.yy,192.168.xx.zz,12h log-queries # these go into /var/log/daemon.log #dhcp-leasefile=/var/lib/misc/dnsmasq.leases # I keep the default
Reboot.
At this point, the router functionality should be established and your machines on the internal network should be able to access Internet again. Test if DNS is working, e.g.:
dig debian.org @localhost nslookup debian.org localhost nslookup debian.org dh.localnet
Please note that NetworkManager and /etc/network/interfaces interfere with each other:
apt-get remove network-manager && insserv networking
Customize sshd rather restrictive; some key entries in /etc/ssh/sshd_config are:
Protocol 2 PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication yes Banner /etc/issue.net AllowUsers xxx
Copy some NFS-related files from the existing system, adjust as needed:
cat /mnt/f14/etc/hosts >> /etc/hosts && vim /etc/hosts cp /mnt/f14/etc/hosts.allow /etc/hosts.allow cp /mnt/f14/etc/hosts.deny /etc/hosts.deny cat /mnt/f14/etc/exports >> /etc/exports && vim /etc/exports
Copy fonts:
cp /mnt/f14/usr/share/fonts/msttcorefonts/* /usr/local/share/fonts/ fc-cache /usr/local/share/fonts/ # a simpler alternative: apt-get install ttf-mscorefonts-installer apt-get install ttf-liberation
Copy existing samba configuration:
cd /etc/samba/ mv smb.conf smb.conf.orig cp /mnt/f14/etc/samba/smb.conf . /etc/init.d/samba restart
The CUPS printing system provides also the traditional lpr functionality, so we set the default printer (as user):
lpstat -p -d # see which printers are available lpoptions -d HPLJ5 # set default printer
Note: I did not restart/reload services here since we're going to reboot later anyway.
Let's install the X environment. I went for a clean, minimalist KDE environment:
apt-get install avahi-utils upower desktop-base apt-get install --no-install-recommends xorg kdm kde-workspace konsole virtuoso-minimal
Enable Alt-Ctrl-Backspace to kill X server. This needs to be done AFTER X is set up; the setting we want is on the very last screen:
dpkg-reconfigure keyboard-configuration
Limit the available language packs. Here, be careful to select the languages you want to keep!
Generally I select the generic language plus the UTF-8 variant, e.g. de and then dialects such as de_DE.UTF-8 and de_CH.UTF-8 :
apt-get install localepurge localepurge
Install KDE and related applications. The first command will install some packages needed for clean integration of KDE applications:
apt-get install kde-plasma-desktop kdeplasma-addons plasma-widget-folderview \
kde-config-gtk-style kwin-style-qtcurve kde-style-qtcurve gtk2-engines-qtcurve
apt-get install dolphin okular apper kmix konqueror konq-plugins kate kompare kmail knode kinfocenter\
kcalc ksnapshot kcharselect kaddressbook kdeadmin kdirstat kmenuedit kfind kgpg kwalletmanager
Albeit it is technically not necessary, I usually reboot the system here so that I can continue working in an X environment. You could simply run startx, too ;-)
Continue to install applications and utilities. You could put all this on one line of course:
apt-get install lyx tex4ht glabels unison-gtk jpilot pilot-link akonadi-kde-resource-googledata apt-get install enchant aspell-fr aspell-de hunspell-en-us hunspell-fr hunspell-de-de hunspell-de-ch apt-get install rsync gftp sitecopy bluefish tidy dos2unix ark rar unrar nmap bum filelight conky apt-get install k3b kde-config-cddb gimp inkscape python-lxml gwenview kipi-plugins digikam hugin autopano-sift-c apt-get install cups-pdf cups-driver-gutenprint gimp-gutenprint pdftk qpdf pdfmod khelpcenter4 gnuplot-x11 apt-get install iceweasel deluge subversion lynx curl amarok easytag gpsbabel qlandkartegt sharutils
LibreOffice 4 is not in the repositories for Wheezy, so we need a trick (but please read the next section before you do this, you may want to change your mind!):
echo -e "\n# Backports for recent version of LibreOffice" >> /etc/apt/sources.list echo "deb http://ftp.debian.org/debian/ wheezy-backports main" >> /etc/apt/sources.list apt-get update apt-get -t wheezy-backports install libreoffice libreoffice-kde libreoffice-help-en-us libreoffice-presenter-console
However, I encountered a few issues with this version - mainly crashes during merge operations. I decided to roll back to the previous version, LibreOffice 3.5.4.2:
# remove or comment the entry in /etc/apt/sources.list apt-get remove libreoffice-core # this will remove a lot more but it saves typing ;-) apt-get autoremove # clean up apt-get install libreoffice libreoffice-kde libreoffice-help-en-us libreoffice-presenter-console
If you want to install the advanced Grammar Checker LanguageTool
(through the Extension Manager), you need to change from Java 6 to Java 7. I did this using apper, changing all files with openjdk-6-xxx against their counterpart with openjdk-7-xxx
... and it turned out that a apt-get remove openjdk-6-* is enough to remove the old and install the new version automagically :-)
echo -e "\n# Multimedia" >> /etc/apt/sources.list echo "deb http://www.deb-multimedia.org/ wheezy main non-free" >> /etc/apt/sources.list apt-get update apt-get install deb-multimedia-keyring apt-get update apt-get upgrade apt-get install libdvdcss2 flashplugin-nonfree w64codecs lame
Make sure you do not have the following on the system:
apt-get remove network-manager apt-get remove dirmngr # removes kdepim apt-get remove winbind
On production machines I like to have a quick look at the key logfiles (e.g. using conky). Of course the default permission
for these files is rather restrictive ... yet I do not want to log in as root just to have read access.
On the other hand, I don't want to grant access to these files to all users in my group.
With Linux supporting ACL (access Control Lists), the solution is as simple and as elegant as it can get: Use ACL to grant selective access on a per-file and per-user basis. The following cronjob allows user joe to read two of the log files (to be run as a cronjob, due to log file rotation)
11 * * * * root setfacl -m user:joe:r-- /var/log/messages /var/log/daemon.log
As usual, almost everything worked right out of the box:
dialout. Use usb: as the communication port.alias scsi_hostadapter aic7xxxapt-get install sane or apt-get install xsane.apt-get install unattended-upgrades dpkg-reconfigure unattended-upgrades
I'm using Debian on most of my computers; this includes laptops. Both machines mentioned below have been used under Fedora 14, too; the installation of Debain Wheezy was performed along the same lines as described above and went mostly seamless. Specific points are listed below; a few generic comments and hints:
network-manager. Uncomment all ethX and wireless devices in /etc/network/interfaces.apt-get install wireless-tools bluedevil acpi-support kde-config-touchpad network-manager-kde plasma-widget-networkmanagementkde-plasma-netbook, this is for touchscreens.I'm using a Lenovo IdeaPad S12 as main laptop. Comments and hints:
w32codecs).apt-get remove --purge nvidia-* && rm /etc/X11/xorg.conf.d/20-nvidia.confapt-get install wireless-tools linux-headers-$(uname -r|sed 's,[^-]*-[^-]*-,,') broadcom-sta-dkms modprobe -r b44 b43 b43legacy ssb brcmsmac modprobe wl
I have a Fujitsu Lifebook 8020D as backup laptop. Comments and hints:
w32codecs).non-free contrib sources, run:
apt-get install firmware-ipw2x00 wireless-tools apt-get install xserver-xorg-video-ati xserver-xorg-video-radeon libgl1-mesa-dri
For certain applications (e.g. a consulting mandate that requires accessing the client's data remotely) I use Citrix Receiver, which is essentially a terminal client to a Microsoft Windows server. The software is not Open Source but is available free of charge on the manufacturer's website, section "Downloads", product "Citrix Receiver".
The installation of Citrix Receiver on 64-bit Debian Wheezy is not straightforward since the 64-bit package is broken; we need to rebuild it. What follows is a mixture of an Ubuntu HowTo and the Debian Wiki:
apt-get install lib32z1 libxp6:i386 libsm6:i386 libxmu6:i386 libxinerama1:i386 \
libglib2.0-0:i386 libxft2:i386 libgtk2.0-0:i386 libc6-i386 lib32asound2
# as user
cd /tmp
dpkg-deb -x icaclient_13.0.0.256735_amd64.deb ica_temp/
dpkg-deb --control icaclient_13.0.0.256735_amd64.deb ica_temp/DEBIAN
vim ica_temp/DEBIAN/control # remove the dependencies for ia32-libs and ndiswrapper
dpkg -b ica_temp icaclient-modified.deb
# as root
dpkg -i icaclient-modified.deb
# ... and copy the certificate:
cp /mnt/f14/opt/Citrix/ICAClient/keystore/cacerts/PCA-3G5.pem /opt/Citrix/ICAClient/keystore/cacerts/
Upon first launch, an application launched inside a Citrix session may ask to "open with..." - if this happens, simply select (always open with) /opt/Citrix/ICAClient/wfica.sh. Done!
Installing Citrix receiver for i386 on 32-bit Debian Wheezy is straightforward:
apt-get install libxerces-c3.1 libcurl3 dpkg -i icaclient_13.0.0.256735_i386.deb # ... and copy the certificate: cp /mnt/f14/opt/Citrix/ICAClient/keystore/cacerts/PCA-3G5.pem /opt/Citrix/ICAClient/keystore/cacerts/
I use VirtualBox to run an instance of Microsoft Windows as "guest" inside the Linux system. For details, please refer to my GPS software page.
Installation in Debian Wheezy is straightforward. Pulseaudio is not needed for KDE but will be required to provide sound to VirtualBox:
apt-get install virtualbox virtualbox-guest-additions pulseaudio usermod -a -G vboxusers joe
To enable USB support you will be requested to download and install a module from the Virtualbox website; the process is self-explaining.
The only problem I observed is that videos don't play correctly inside the Virtualbox environment ... all you see is a white square. This did not happen in my previous installations on the same machine, and it is independent from the architecture (tried this with i386 and amd64 on the same computer hardware).
As a workaround, I can start the guest in headless mode (VBoxManage startvm "Windows" --type headless) and use a remote desktop connection (rdp, e.g. krdc).
I have to use headless mode - as soon as I have the guest in a "normal" mode and connect via rdp, the display won't work.
Update: It turned out that I have to disable 2D acceleration of the Windows guest. The 3D acceleration can be left enabled!