Check out my first novel, midnight's simulacra!

Debian Unstable: Difference between revisions

From dankwiki
No edit summary
No edit summary
 
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
Update 2019-03-30: wow, this page sure is out of date! My next install is going to be [[Arch]] anyway. It's been a fantastic 20 years, Debian, and I'm happy to write you a letter of recommendation.
==Installing Sid==
==Installing Sid==
* Acquire the [http://www.debian.org/devel/debian-installer/ daily businesscard ISO].
* Acquire the [http://www.debian.org/devel/debian-installer/ daily businesscard ISO].
Line 5: Line 7:
* Boot the ISO, selecting an Expert install
* Boot the ISO, selecting an Expert install
==Post-install==
==Post-install==
===sudo===
* Install <tt>sudo</tt>. Edit <tt>/etc/sudoers</tt> (using <tt>visudo</tt>) to allow the sudo group to run all commands without a password:
* Install <tt>sudo</tt>. Edit <tt>/etc/sudoers</tt> (using <tt>visudo</tt>) to allow the sudo group to run all commands without a password:
<code>%sudo ALL=(ALL:ALL) NOPASSWD:ALL</code>
<code>%sudo ALL=(ALL:ALL) NOPASSWD:ALL</code>
* Add user account to sudo group
* Add user account to sudo group
===debconf===
* <tt>dpkg-reconfigure debconf</tt>, set minimum priority to Low
* <tt>dpkg-reconfigure debconf</tt>, set minimum priority to Low
* <tt>dpkg-reconfigure -a</tt>, reconfiguring all debconf questions
* <tt>dpkg-reconfigure -a</tt>, reconfiguring all debconf questions
===boot process===
* Edit <tt>/etc/default/rcS</tt>, enabling FSCKFIX, VERBOSE, RAMRUN, RAMLOCK
* Edit <tt>/etc/default/rcS</tt>, enabling FSCKFIX, VERBOSE, RAMRUN, RAMLOCK
* Edit <tt>/etc/default/grub</tt>, removing "quiet" from GRUB_CMDLINE_LINUX_DEFAULT
* Edit <tt>/etc/default/grub</tt>, removing "quiet" from GRUB_CMDLINE_LINUX_DEFAULT
** Rerun <tt>update-grub</tt>
** Rerun <tt>update-grub</tt>
* Edit <tt>/etc/default/ntp</tt>, changing NTPD_OPTS to '-g -x'
* Ensure LABEL or UUID directives are being used in <tt>/etc/fstab</tt>
** If not, retrieve them using <tt>blkid</tt>, and replace the /dev references
* Install mcelog. Edit <tt>/etc/default/mcelog</tt>, adding "--syslog_error" to DAEMON_OPTS.
* Install <tt>mingetty</tt>. Open <tt>/etc/inittab</tt> and convert 'getty 38400' to 'mingetty'.
====networking-related====
* Install ntpd. Edit <tt>/etc/default/ntp</tt>, changing NTPD_OPTS to '-g -x'.
** This allows the clock to be arbitrarily set once (presumably on startup), without slew delay
** This allows the clock to be arbitrarily set once (presumably on startup), without slew delay
* Unless the machine is intended as a mail server, set up a smarthost with <tt>ssmtp</tt>, purging <tt>Postfix</tt>/<tt>Exim</tt>
* Install openssh-server. Disable password-based authentication (use only keys).
** Debian already ships OpenSSH configured to use Protocol 2 only.
** Optionally disable reverse DNS lookups: <tt>UseDNS no</tt>
** Optionally disable password-based auth: <tt>PasswordAuthentication no</tt>
* Add <tt>iptables</tt> rules to <tt>/etc/network/interfaces</tt>
** Filter unused RFC 1938 addresses via the RAW table and [http://ipset.netfilter.org/tips.html ipset]
** Filter INVALID and UNKNOWN states via the INPUT table (if appropriate) (requires connection tracking)
* Enable IPv4 and IPv6 forwarding, if appropriate, in <tt>/etc/sysctl.conf</tt>:
** <tt>net.ipv4.ip_forward=1</tt>
** <tt>net.ipv6.conf.all.forwarding=1</tt> (note: disables Stateless Address Autoconfiguration!)
==Multiuser==
* Clone my home directory from https://github.com/dankamongmen/dankhome.git
* Clone my home directory from https://github.com/dankamongmen/dankhome.git
* Set a color for the local machine in <tt>.pcolor</tt>
* Set a color for the local machine in <tt>.pcolor</tt>
** This is based on the binary <tt>bin/color</tt>, and hooks to PS1 in <tt>.bashrc</tt>
** This is based on the binary <tt>bin/color</tt>, and hooks to PS1 in <tt>.bashrc</tt>
* Install <tt>mingetty</tt>. Open <tt>/etc/inittab</tt> and convert 'getty 38400' to 'mingetty'.
* Install compiz and gdm3.
* If SSH keys will be homed on this (hopefully local) machine...
** Install <tt>libpam-ssh</tt>, and configure it
** Recently, this can be done entirely inside of debconf -- no editing of PAM configs by hand
* Remove <tt>info</tt> and install <tt>pinfo</tt>
* Remove <tt>info</tt> and install <tt>pinfo</tt>
* ''FIXME'' plenty more..
* ''FIXME'' plenty more..
==External Applications==
===[[Perforce]]===
* Grab the amd64 [http://www.perforce.com/perforce/downloads/linuxlist.html#linux26x86_64 Perforce binaries]
* Unpack the P4V tarball to local/
* Update the local/ symlink: <tt>ln -sf abspath local/p4</tt>
* Set up the p4 command line utility: <tt>chmod 775 p4</tt> and <tt>mv p4 local/p4/bin</tt>
===Flash===
* So long as there's no native 64-bit Linux client, you can either...
** Use the GNU [http://www.gnu.org/s/gnash/ Gnash] plugin, which works kinda
** Use the 32-bit player with nspluginwrapper, from [[Debian_Unstable#Debian_Multimedia|Debian Multimedia]]
===Debian Multimedia===
* See the page at http://debian-multimedia.org/
* Add <tt>deb http://www.debian-multimedia.org sid main non-free</tt> to <tt>/etc/apt/sources.list</tt>, and install <tt>debian-multimedia-keyring</tt>

Latest revision as of 23:56, 30 March 2019

Update 2019-03-30: wow, this page sure is out of date! My next install is going to be Arch anyway. It's been a fantastic 20 years, Debian, and I'm happy to write you a letter of recommendation.

Installing Sid

  • Acquire the daily businesscard ISO.
    • These won't work from time to time, especially when base packages are being upgraded (the installer will expect a version which is no longer available)
  • Prepare external firmware, if necessary
  • Boot the ISO, selecting an Expert install

Post-install

sudo

  • Install sudo. Edit /etc/sudoers (using visudo) to allow the sudo group to run all commands without a password:

%sudo ALL=(ALL:ALL) NOPASSWD:ALL

  • Add user account to sudo group

debconf

  • dpkg-reconfigure debconf, set minimum priority to Low
  • dpkg-reconfigure -a, reconfiguring all debconf questions

boot process

  • Edit /etc/default/rcS, enabling FSCKFIX, VERBOSE, RAMRUN, RAMLOCK
  • Edit /etc/default/grub, removing "quiet" from GRUB_CMDLINE_LINUX_DEFAULT
    • Rerun update-grub
  • Ensure LABEL or UUID directives are being used in /etc/fstab
    • If not, retrieve them using blkid, and replace the /dev references
  • Install mcelog. Edit /etc/default/mcelog, adding "--syslog_error" to DAEMON_OPTS.
  • Install mingetty. Open /etc/inittab and convert 'getty 38400' to 'mingetty'.

networking-related

  • Install ntpd. Edit /etc/default/ntp, changing NTPD_OPTS to '-g -x'.
    • This allows the clock to be arbitrarily set once (presumably on startup), without slew delay
  • Unless the machine is intended as a mail server, set up a smarthost with ssmtp, purging Postfix/Exim
  • Install openssh-server. Disable password-based authentication (use only keys).
    • Debian already ships OpenSSH configured to use Protocol 2 only.
    • Optionally disable reverse DNS lookups: UseDNS no
    • Optionally disable password-based auth: PasswordAuthentication no
  • Add iptables rules to /etc/network/interfaces
    • Filter unused RFC 1938 addresses via the RAW table and ipset
    • Filter INVALID and UNKNOWN states via the INPUT table (if appropriate) (requires connection tracking)
  • Enable IPv4 and IPv6 forwarding, if appropriate, in /etc/sysctl.conf:
    • net.ipv4.ip_forward=1
    • net.ipv6.conf.all.forwarding=1 (note: disables Stateless Address Autoconfiguration!)

Multiuser

  • Clone my home directory from https://github.com/dankamongmen/dankhome.git
  • Set a color for the local machine in .pcolor
    • This is based on the binary bin/color, and hooks to PS1 in .bashrc
  • Install compiz and gdm3.
  • If SSH keys will be homed on this (hopefully local) machine...
    • Install libpam-ssh, and configure it
    • Recently, this can be done entirely inside of debconf -- no editing of PAM configs by hand
  • Remove info and install pinfo
  • FIXME plenty more..

External Applications

Perforce

  • Grab the amd64 Perforce binaries
  • Unpack the P4V tarball to local/
  • Update the local/ symlink: ln -sf abspath local/p4
  • Set up the p4 command line utility: chmod 775 p4 and mv p4 local/p4/bin

Flash

  • So long as there's no native 64-bit Linux client, you can either...
    • Use the GNU Gnash plugin, which works kinda
    • Use the 32-bit player with nspluginwrapper, from Debian Multimedia

Debian Multimedia