Debian 9 'Stretch' Desktop System Setup
Guided. Use entire disk with encrypted LVM. This creates a LUKS device (/dev/dm-0). Create a separate /home partition (it chooses 10 GB).
When prompted for what to install (by tasksel), keep the defaults and::
- Add the GNOME desktop environment
- Add Print server
- Add SSH server
Update The System
("Update", AKA GNOME Software, should be installed but if not then install the package "gnome-software".)
Run Update and install all the updates that have been released since this version of Debian was released. You may need to reboot afterwards if a newer Linux kernel was installed.
Update won't remove old Linux kernels, to do this you need to instead use Synaptic Package Manager (under 'Installed (auto removable)') or apt-get.
Synaptic > Settings > Repositories. Or use the stand-alone program 'Software & Updates'. Or use
nano /etc/apt/sources.list as su at the command-line, then ctrol+x > y > [Enter] to quit and save.
Remove the flash drive 'CD-ROM' from the list
Additional Repository: Stretch Backports
/etc/apt/sources.list should then look something like this
# Debian main repository (for Debian Stretch). Optionally add contrib non-free.
deb http://ftp.uk.debian.org/debian stretch main
# Debian main repository - updates (for Debian Stretch). Optionally add contrib non-free.
deb http://ftp.uk.debian.org/debian stretch-updates main
# Debian security updates (for Debian Stretch). Optionally add contrib non-free.
deb http://security.debian.org/debian-security/ stretch/updates main
# Debian Backports (for Debian Stretch). Optionally add contrib non-free.
deb http://ftp.debian.org/debian stretch-backports main
# Optional: Debian Multimedia (for Debian Stretch).
# deb http://www.deb-multimedia.org stretch main non-free
# deb http://www.deb-multimedia.org stretch-backports main
For that which is not installed by default.
Recommended Free Software Packages
Install the following:
- libreoffice - the most recent, as root: apt-get -t stretch-backports install libreoffice
- gparted - If you want to do filesystem checks you need gparted - see https://labs.riseup.net/code/issues/8070
- firmware-linux-free - "This package contains firmware which was previously included in the Linux kernel and which is compliant with the Debian Free Software Guidelines. Most firmware previously included in the Linux kernel is non-free and has been moved to the firmware-linux-nonfree package." - https://packages.debian.org/stretch/firmware-linux-free. Info and lists of the firmware files: https://wiki.debian.org/Firmware.
Non-Free Software Packages - install only if definitely required
Note that we've chosen not to install flashplugin-nonfree and codecs for a wide array of audio and video formats.
You may need to add non-free to /etc/apt/sources.list for laptops that require binary blobs, so as to get packages for example for firmware for wireless adapters. Some may be found in firmware-linux-nonfree or others may have their own package.
Optionally install the following:
- firmware-linux-nonfree - "the binary firmware for various drivers in the Linux kernel. This is a collection of firmware blobs which are not individually large enough to warrant a standalone package." Additionally installs firmware-amd-graphics and firmware-misc-nonfree.
- From Debian main repository: https://packages.debian.org/stretch/firmware-linux-nonfree
- Stretch backports repository has a more recent version: https://packages.debian.org/stretch-backports/firmware-linux-nonfree - apt-get -t stretch-backports install firmware-linux-nonfree
- firmware-iwlwifi - standalone package for several Intel wireless adapters - https://wiki.debian.org/iwlwifi
- From Debian main repository: https://packages.debian.org/jessie/firmware-iwlwifi
- Stretch backports repository has a more recent version: "binary firmware for Intel Wireless cards supported by the iwlegacy/iwl3945 and iwlwifi/iwlagn drivers" - https://packages.debian.org/stretch-backports/firmware-iwlwifi - apt-get -t stretch-backports install firmware-iwlwifi
- Microcode - https://wiki.debian.org/Microcode. You can check which version of the microcode your processors are running in Debian version 7 onwards by looking for "microcode" lines in /proc/cpuinfo. brought in by firmware-linux anyway.
- intel-microcode. Available from Debian main repository: https://packages.debian.org/stretch/intel-microcode; or more recent version available from Backports: https://packages.debian.org/stretch-backports/intel-microcode (apt-get -t stretch-backports install intel-microcode)
- amd64-microcode - https://packages.debian.org/stretch/amd64-microcode
Optional Software Packages
- torbrowser-launcher [Backports, contrib] - https://wiki.debian.org/TorBrowser - apt-get install torbrowser-launcher -t stretch-backports
Run Software & Updates → Updates →
- Automatically check for updates: Daily
- When there are security updates: Download and install automatically
(The Software & Updates program is actually called software-properties-gtk and should have installed by default.)
Add any users that require it to "sudoers" so they can perform administrative tasks (when this has been done, Synaptic will henceforth ask for this user's password rather than root's):
# su -
# adduser <USERNAME> sudo
This doesn't take effect until logout and log back in again.
Each person should install Adblock Plus from https://adblockplus.org into their own Firefox (rather than install it once on each PC, centrally, from Debian repositories, because that version is updated too infrequently). Not only does Adblock Plus prevent you seeing many advertisements, it blocks an important attack vector used to distribute malware.
Upgrades from Debian 8 (Jessie) to Debian 9 - skip this step if this is a fesh installation
Go to the terminal sudo -s apt-get install screen screen -D -R 4.2. Checking system status $ aptitude search '~i(!~ODebian)' $ apt-forktracer | sort 4.2.1. Review actions pending in package manager # aptitude > g > g > q 4.2.3. Checking packages status # dpkg --audit This is probably more effort than it is worth: # dpkg -l | pager # aptitude search "~ahold" # dpkg --get-selections | grep 'hold$' 4.2.5. Unofficial sources # nano /etc/apt/sources.list Remove this line: deb http://mozilla.debian.net/ jessie-backports firefox-release By selecting it and using Ctrl+K Keep nano open for the next step. 4.3. Preparing sources for APT Change all instances of "jessie" to "stretch" Save and quit: Ctrl+X Y [Enter] 4.4.1. Recording the session # script -t 2>~/upgrade-stretchstep.time -a ~/upgrade-stretchstep.script 4.4.2. Updating the package list # apt-get update 4.4.3. Make sure you have sufficient space for the upgrade # apt-get -o APT::Get::Trivial-Only=true dist-upgrade 4.4.4. Minimal system upgrade # apt-get upgrade 4.4.5. Upgrading the system # apt-get dist-upgrade