Debian base installation

Introduction

These are my notes about the installation of a Debian GNU/Linux system on a 64-bit (“AMD64” architecture) PC. A significant part of these notes describe the preparation of the installation medias. The assumption is made that you have access to a working machine with a Debian GNU/Linux system installed a fast enough internet connection (to download a few hundreds of megabytes). This machine will be used to prepare the installation medias for the new system.

Many software packages are also downloaded during the installation, so the target machine should also have a fast enough internet connection.

Getting an installation CD

See the Getting Debian page for information about how to download a Debian installer CD image or buy installation CDs.

If you have a fast enough internet connection and a CD burning drive, you can download a small (approximately 300MB) installation image and burn it to a blank CD-R. Commands like the ones below should do it. The example is for Debian 10.0.0 (Buster). Note also that it is assumed that you have cdrskin installed. Run apt-get install cdrskin as root if not. Note also that the dev=<cd_burning_drive_device_file> option is probably not mandatory as cdrskin can detect CD burning devices (cdrskin --devices lists the detected devices):

wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.0.0-amd64-netinst.iso
cdrskin dev=<cd_burning_drive_device_file> -eject -v -data debian-10.0.0-amd64-netinst.iso

You might want to verify the authenticity of the ISO image. Download the SHA512 checksum and associated signature file:

wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS
wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS.sign

Then, attempt to verify the authenticity of the image:

gpg --verify SHA512SUMS.sign

If there are lines like the following in the output, it means that you have never imported the key used to sign the image (and this is confirmed by the fact that it does not appear in the output of gpg --list-keys).

gpg: using RSA key DF9B9C49EAA9298432589D76DA87E80D6294BE9B
gpg: Can’t check signature: No public key

You can import the key with:

gpg --keyserver keyring.debian.org --recv DF9B9C49EAA9298432589D76DA87E80D6294BE9B

A new attempt to check the signature with gpg --verify SHA512SUMS.sign now produces a line like

gpg: Good signature from “Debian CD signing key <debian-cd@lists.debian.org>”

When the burning is done, you might also want to check the integrity of the burned CD. Just compare the output of the following command with the checksum from the downloaded checksum file:

dd if=/dev/<cd_burning_drive_device_file> bs=2048 \
  count=$(($(stat -c %s debian-10.0.0-amd64-netinst.iso)/2048)) \
  conv=notrunc,noerror | sha512sum

Preparing a media with firmware archive, just in case

Note that this step is not necessary if your installation CD already includes firmware (that is if you have downloaded the image from a subdirectory of cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware).

The Debian Wiki provides some instructions, but here are the details of what I’ve done (for a Debian Buster install, and including the authenticity verification of the archive):

mkdir -p ~/download/debian_buster_firmware # Create a directory somewhere.
cd ~/download/debian_buster_firmware       # Move to that directory.

# Download the firmware archive, its SHA512 checksum and associated signature
# file.
wget http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/buster/current/firmware.tar.gz
wget http://cdimage.debian.org/cdimage/unofficial/non-free/firmware/buster/current/SHA512SUMS

I’ve checked the SHA512 checksum of firmware.tar.gz by issuing a sha512sum firmware.tar.gz command and comparing the output with what is in SHA512SUMS.

The final steps consisted in extracting the files from the firmware archive (tar xvzf firmware.tar.gz) and copy all the files with .deb extension to a “firmware” directory located at the root of a USB stick.

During Debian installation, plug in this USB stick when (and if) you get this kind of screen:

_images/debian_install_screenshot_hw-detect_load_firmware_0.png

Disk partitioning

At the disk partitioning stage, two non-trivial questions arise:

I settled on the following partitioning schemes:

Machine with spinning HDD only Machine with 128GB SDD + spinning HDD
Single / partition + swap
  • / partition on SSD (20GB).
  • /usr partition on SSD.
  • /var partition on spinning HDD (20GB).
  • /tmp partition on spinning HDD (10GB).
  • swap partition on spinning HDD.
  • /home partition on spinning HDD.

Postponing the installation of a graphical environment

During Debian installation, you arrive at this screen.

_images/debian_install_screenshot_tasksel_first_0.png

Checking none of the desktop environment results obviously in no desktop environment installed. But it is possible to install one (including one that was not proposed by the Debian installer) later.

Shutting down and rebooting a Debian system

After the installation, you should be able to boot into the newly installed system and log in as root or normal user. But it may not be obvious how to shutdown or reboot the system:

systemctl poweroff # Shut down.
systemctl reboot   # Reboot.

Immediate post-install actions

This section describes what I usually do after booting into the newly installed Debian system.

Fixing the slow boot issue

One of my machines is affected by the TSSTcorp CDDVDW SH-S223C related slow boot issue. You can check if you have this particular CD/DVD-RW drive with this command (assuming your optical drive is associated with device /dev/sr0):

udevadm info -a -p  $(udevadm info -q path -n /dev/sr0) | grep model

The fix involves changing file /lib/udev/rules.d/60-persistent-storage.rules and then regenerating the initramfs image (as root for both operations):

update-initramfs -u # As root, regenerates the initramfs image.

As for the change to /lib/udev/rules.d/60-persistent-storage.rules, the internet gives two solutions:

  • Commenting out entirely the ATAPI device rule, as suggested on Paul Philippov’s website, with this command:

    sed -i '/ATAPI/,+1s/^/#/' /lib/udev/rules.d/60-persistent-storage.rules # As root.
    

    I’ve been doing that for years without any issue.

  • Cancelling the rule for the SH-S223C only, as suggested in Debian bug #622340. That’s what I’m doing now.

Note that the change to /lib/udev/rules.d/60-persistent-storage.rules and the regenration of the initramfs image have to be redone after each update of the udev Debian package (because /lib/udev/rules.d/60-persistent-storage.rules is overwritten and the initramfs image regenerated by the update).

System update

Update the system as root with:

apt-get update       # As root.
apt-get dist-upgrade # As root.

Preventing the system from beeping

The newly installed system may emit beeps quiet often (for example when working in a terminal emulator). To stop that, you can blacklist module pcspkr by adding a file as root in /etc/modprobe.d (file name suggestion: nobeep.conf). The file should contain this line:

blacklist pcspkr

After rebooting the system, module pcspkr should not be loaded any more (i.e. lsmod | grep pcspkr should output nothing) and you should not hear beeps any more.

Adding deb-multimedia to the sources

You may want to add deb-multimedia as a source of packages for the newly installed Debian system (see this linuxconfig.org article).

http://deb-multimedia.org provides some instructions:

First, add as root a line like this one (example for Debian Buster) in your /etc/apt/sources.list:

deb https://www.deb-multimedia.org buster main non-free

Then, issue as root the following commands:

apt-get update -oAcquire::AllowInsecureRepositories=true
apt-get install deb-multimedia-keyring
apt-get update
apt-get dist-upgrade

Installing firmware-linux-nonfree

Depending on your hardware, you may not need the firmware-linux-nonfree. On my machines, this package makes life easier (most notably with Wi-Fi network adapter and/or graphics) and is installed either during installation (if the firmware archive has been required) or post-installation, manually:

apt-get install firmware-linux-nonfree # As root.

Note that the /etc/apt/sources.list file must have the non-free section. You can download my /etc/apt/sources.list. Make sure you issue a apt-get update command after changing /etc/apt/sources.list.

Checking the configured time zone

Check the configured time zone with:

cat /etc/timezone

If the configuration is not correct, you can change it as root with:

dpkg-reconfigure tzdata # As root.

Synchronizing the system date with network time servers

Just install package ntp:

apt-get install ntp # As root.

See the Debian Wiki NTP page for more details.

Installing a console locker

There are many screen and/or console locker programs. I’ve installed physlock:

apt-get install physlock # As root.

Installing a memory (RAM) tester

RAM failures are not so rare in my experience. A tester like Memtest86+ can really help diagnosing a RAM failure. The apt-get install command below installs Memtest86+ and adds an entry in the Grub menu (you have to reboot your machine and select the Memtest86+ grub entry to start Memtest86+):

apt-get install memtest86+ # As root.

Installing a wireless devices status management tool

On a laptop computer, it may be useful to check the status (enabled, hard blocked, soft blocked) of the wireless devices. Package rfkill makes that possible:

apt-get install rfkill # As root.

Check the statuses with:

/usr/sbin/rfkill list

Installing a CD burning tool

I use cdrskin to burn CDs (in particular the Debian installation CDs) on an internal or external (USB) CD burning drive:

apt-get install cdrskin # As root.

Installing locate / updatedb

Command locate is a way of finding files on your computer. It is faster than find. It relies on a database (upatedb) which is automatically updated now and then.

Install locate and updatedb with:

apt-get install locate # As root.

You can force the database update as root with:

updatedb # As root.

Post-install maintenance

I regularly run the following commands to keep the system up to date:

apt-get update & apt-get dist-upgrade
apt-get autoremove # Useful if some packages have become unneeded.
apt-get autoclean  # Useful to avoid that the APT cache grows out of control.