Debian 9 'Stretch' Desktop System Setup


Guided. Use entire disk with encrypted LVM. This creates a LUKS device (/dev/dm-0). Create a separate /home partition (it chooses 10 GB).

When prompted for what to install (by tasksel), keep the defaults and::

Update The System

("Update", AKA GNOME Software, should be installed but if not then install the package "gnome-software".)

Run Update and install all the updates that have been released since this version of Debian was released. You may need to reboot afterwards if a newer Linux kernel was installed.

Update won't remove old Linux kernels, to do this you need to instead use Synaptic Package Manager (under 'Installed (auto removable)') or apt-get.

# update-pciids

Additional Repositories

Synaptic > Settings > Repositories. Or use the stand-alone program 'Software & Updates'. Or use nano /etc/apt/sources.list as su at the command-line, then ctrol+x > y > [Enter] to quit and save.

Remove the flash drive 'CD-ROM' from the list

Additional Repository: Stretch Backports


Distribution: stretch-backports

Section(s): main

/etc/apt/sources.list should then look something like this

# Debian main repository (for Debian Stretch). Optionally add contrib non-free.
deb stretch main

# Debian main repository - updates (for Debian Stretch). Optionally add contrib non-free.
deb stretch-updates main

# Debian security updates (for Debian Stretch). Optionally add contrib non-free.
deb stretch/updates main

# Debian Backports (for Debian Stretch). Optionally add contrib non-free.
deb stretch-backports main

# Optional: Debian Multimedia (for Debian Stretch).
# deb stretch main non-free
# deb stretch-backports main

Add Software

For that which is not installed by default.

Recommended Free Software Packages

Install the following:

Non-Free Software Packages - install only if definitely required

Note that we've chosen not to install flashplugin-nonfree and codecs for a wide array of audio and video formats.

You may need to add non-free to /etc/apt/sources.list for laptops that require binary blobs, so as to get packages for example for firmware for wireless adapters. Some may be found in firmware-linux-nonfree or others may have their own package.

Optionally install the following:

Optional Software Packages

Automatic Updates

Run Software & Updates → Updates →

(The Software & Updates program is actually called software-properties-gtk and should have installed by default.)

User Accounts

Add any users that require it to "sudoers" so they can perform administrative tasks (when this has been done, Synaptic will henceforth ask for this user's password rather than root's):
# su -
# adduser <USERNAME> sudo

This doesn't take effect until logout and log back in again.

Per-User Setup

Each person should install Adblock Plus from into their own Firefox (rather than install it once on each PC, centrally, from Debian repositories, because that version is updated too infrequently). Not only does Adblock Plus prevent you seeing many advertisements, it blocks an important attack vector used to distribute malware.

Upgrades from Debian 8 (Jessie) to Debian 9 - skip this step if this is a fesh installation

Go to the terminal

sudo -s

apt-get install screen

screen -D -R

4.2. Checking system status

$ aptitude search '~i(!~ODebian)'

$ apt-forktracer | sort

4.2.1. Review actions pending in package manager

# aptitude > g > g > q

4.2.3. Checking packages status

# dpkg --audit

This is probably more effort than it is worth:
# dpkg -l | pager

# aptitude search "~ahold"

# dpkg --get-selections | grep 'hold$'

4.2.5. Unofficial sources

# nano /etc/apt/sources.list
Remove this line:
deb jessie-backports firefox-release
By selecting it and using Ctrl+K

Keep nano open for the next step.

4.3. Preparing sources for APT

Change all instances of "jessie" to "stretch"

Save and quit:

4.4.1. Recording the session

# script -t 2>~/upgrade-stretchstep.time -a ~/upgrade-stretchstep.script

4.4.2. Updating the package list

# apt-get update

4.4.3. Make sure you have sufficient space for the upgrade

# apt-get -o APT::Get::Trivial-Only=true dist-upgrade

4.4.4. Minimal system upgrade

# apt-get upgrade

4.4.5. Upgrading the system

# apt-get dist-upgrade