This page contains notes about the installation of Debian 10 "Buster" on several of my computers. Historically, this page is a follow-up to my "other" Debian pages and supersedes these. It was extended to document some specific installation cases and also includes documentation and rants about some issues that I encountered. - As usual, this document has been "anonymised" in a few places; in particular IP addresses have been replaced by xxx or yyy.
The upgrade to Debian 11 "Bullseye" is described elsewhere on this site.
The initial installation was performed using the Debian 10 64-bit "netinstall" USB stick.
Before doing so, I adjusted the HDD partitions on my server (using gparted) and changed the
partition scheme to GPT,
since the state of the art has moved away from MBR:
| Partition | Size | Filesystem | Label | mount point | Comment |
|---|---|---|---|---|---|
| /dev/sda1 | 500 MB | vfat | EFI | /boot/efi | |
| /dev/sda2 | 30 GB | ext4 | d10 | / | This is the root filesystem of Debian 10. |
| /dev/sda3 | 30 GB | ext4 | d8 | /mnt/debian8 | This holds the "old" Debian 8 files, It will be overwritten when updating the system in the future. |
| /dev/sda4 | 120 GB | ext4 | home | /home | Home directories. |
| /dev/sda5 | 320 GB | ext4 | share | /mnt/share | Local NFS export for music, photos, etc. |
| /dev/sda6 | 8 GB | swap | swap | swap | Swap space. |
| /dev/sda7 | 400 GB | ext4 | vbox | /mnt/vbox | VirtualBox files. |
Packages: During the installation, I select at least ssh server, file server and standard system utilities for any computer, no matter if desktop, laptop or server. For the main server in my home network, I add print server (CUPS).
Desktop: For machines running the KDE desktop, I prefer to select the packages manually later on (see below). For low-end machines, I prefer the XFCE desktop and install it with the Debian installer.
Once the initial installation finished and the system has booted, log in.
The first thing I do is to apt install vim, edit /etc/vim/vimrc and un-comment syntax on.
Edit /etc/apt/sources.list. Remove the entry for the Debian CD, then add non-free contrib at the end of the first 4 entries.
apt update
apt install firmware-linux* firmware-misc-nonfree acpi-support hwinfo ntpdate hwinfo lshw mc acl \
firmware-amd-graphics firmware-realtek firmware-atheros firmware-iwlwifi
If not already included in some metapackage, do apt install openssh-server and set up sshd.
Some key entries in my /etc/ssh/sshd_config are:
Port 1234 # obviously not THIS port but you get the idea Protocol 2 PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication yes AcceptEnv LANG LC_* Banner /etc/issue.net AllowUsers joe jack
Create the banner file that is shown upon login:
cat <<EOF > /etc/issue.net ******************************************************************** * This system is for the use of authorized users only. * * Unauthorized access to this system is prohibited. * * * * Usage of this system is monitored and recorded. * * Anyone using this system expressly consents to such monitoring * * and is advised that if such monitoring reveals possible * * evidence of criminal activity, system personnel may provide the * * evidence from such monitoring to law enforcement officials. * ******************************************************************** EOF
On the server, /etc/hosts contains some fixed IP addresses and aliases in my local network (most are handled by dnmasq, see below).
/etc/hosts.allow
ALL: 127.0.0.1 LOCAL 192.168.* (or 192.168.999.* or whatever fits your subnet)
/etc/hosts.deny
sshd: ALL EXCEPT LOCAL : rfc931 : spawn (/usr/sbin/safe_finger -l @%h | \
mail -s%d-%h root) & : twist /bin/echo "Access prohibited by system administration. Go away."
ALL: ALL EXCEPT LOCAL
On all my machines except laptops, I want security updates to be downloaded and applied automatically:
apt install unattended-upgrades dpkg-reconfigure unattended-upgrades
Bad News: The network interfaces have been renamed. While this is supposed to bring more consistency in the device naming, it also introduces a lot of problems since scripts are no longer transferable between computers:
In the "past", the first interface was always assigned to eth0. Even if the system had multiple interface cards, the old naming scheme allowed to define "which card is what interface" in /etc/udev/rules.d/70-persistent-net.rules. Afterwards, you could use eth0 and eth1 across multiple systems. In standard systems with a single network card, only eth0 was present anyway and the details did not matter. This was universal and could be replicated across all kinds of systems, from firewall rules through the Samba configuration up to utilities such as Conky. It meant that you could swap entire harddisks between computers and be sure that the machine would boot and connect.
With the "new" interface names, all these scripts need to be revised on every single computer. On different computers I have seen interface names as colorful as enp3s0, enp4s0, enp0s25, enp63s0 (?!), wlp2s0, wlp3s0, wlp5s0 and others. Where is the consistency in this?
After figuring out "which card does what" with ip a, I adjusted /etc/network/interfaces
to assigned the way the two cards are operated. At the same time, this is where the firewall is launched:
source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # firewall pre-up iptables-restore < /etc/iptables.conf # the external network card auto enp3s0 allow-hotplug enp3s0 iface enp3s0 inet dhcp # The primary (internal) network interface auto enp4s0 allow-hotplug enp4s0 iface enp4s0 inet static address 192.168.xxx.yy netmask 255.255.255.0 broadcast 192.168.xxx.255 # do NOT set any gateway here!
For any machine that does not require routing, the uncomplicated
firewall ufw is probably the easiest solution out there:
apt install ufw ufw enable ufw allow in 1234/tcp
However, I could not figure out how to use ufw with a router and NAT (and make the rules persists after a reboot!).
After wasting too much time with different firewall options, I decided to stick with good old iptables
for the router since it was the "easiest" to configure. The file /etc/network/iptables.conf contains mostly the same firewall rules as before:
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i enp4s0 -j ACCEPT -A INPUT -p icmp --icmp-type any -j ACCEPT -A INPUT -p 50 -j ACCEPT -A INPUT -p 51 -j ACCEPT -A INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # sshd runs on a non-standard port. Obviously not THIS one but you get the idea ;-) -A INPUT -m state --state NEW -m tcp -p tcp --dport 1234 -j ACCEPT # router -A FORWARD -i enp3s0 -o enp4s0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i enp4s0 -o enp3s0 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -o enp3s0 -j MASQUERADE COMMIT
Edit /etc/sysctl.conf and activate routing by un-commenting the line net.ipv4.ip_forward=1.
For the local DHCP server, apt install dnsmasq, then edit /etc/dnsmasq.conf:
local=/localnet/ interface=enp4s0 listen-address=127.0.0.1 domain=localnet dhcp-range=192.168.xxx.yy,192.168.xxx.zz,12h dhcp-leasefile=/var/lib/misc/dnsmasq.leases log-queries dhcp-host=01:12:23:34:45:56,thing # assign name "thing" to MAC address 01:12:23:34:45:56
Reboot.
At this point, the router functionality should be established and your machines on the internal network should be able to access Internet again. Test if DNS is working, e.g.:
dig debian.org @localhost nslookup debian.org localhost nslookup debian.org i5.localnet
On production machines I like to have a quick look at the key logfiles (e.g. using conky). Of course the default permission
for these files is rather restrictive ... yet I do not want to log in as root just to have read access.
On the other hand, I don't want to grant access to these files to all users in my group, nor use sudo.
With Linux supporting ACL (access Control Lists), the solution is as simple and as elegant as it can get:
apt install acl, then to grant selective access on a per-file and per-user basis. The following cronjob allows user
joe to read two of the log files (to be run as a cronjob, due to log file rotation)
11 * * * * root setfacl -m user:joe:r-- /var/log/messages /var/log/daemon.log
While we're at it, let's create a directory for my backup log files ...
mkdir /var/log/backup
... and in /etc/rsyslog.conf, the most important events shall be logged to console 9 and 10:
*.info;mail.none;cron.none /dev/tty9 kern.warn,*.err;authpriv.none /dev/tty10
I prefer not to install all language packs. Here, be careful to select the languages you want to keep!
Generally I select the generic language plus the UTF-8 variant, e.g. de and then dialects such as de_DE.UTF-8 and de_CH.UTF-8 :
apt install localepurge localepurge
Now, install the desktop files.
KDE: One could simply select the "Debian Desktop with KDE" (using tasksel), but I found that this installs a lot of "tools" that I do not need.
Thus, I decided to install everything "by hand". The first command will fetch packages needed for clean integration of non-KDE applications and install the good old "Oxygen" theme
(and you could put all this on one line, of course):
apt install kde-plasma-desktop kdeplasma-addons-data plasma-widgets-addons kde-config-gtk-style \
kde-config-systemd kde-style-qtcurve-qt5 gtk2-engines-qtcurve print-manager kde-config-gtk-style \
breeze-gtk-theme gtk2-engines-oxygen gtk3-engines-oxygen oxygen-icon-theme plasma-theme-oxygen
apt install dolphin okular okular-extra-backends apper kmix kate kmail kcharselect kaddressbook \
kdeadmin kmenuedit kinfocenter ksnapshot kfind kwalletmanager kmenuedit kdepim kdeconnect
apt install firefox-esr chromium deluge lynx curl nmap dnsutils build-essential module-assistant
apt install dos2unix ark rar unrar sharutils mailutils subversion rsync unison-gtk
apt install lyx texlive-lang-french texlive-lang-german tex4ht glabels faketime
apt install ttf-mscorefonts-installer fonts-liberation libreoffice libreoffice-kde
apt install enchant aspell-fr aspell-de hunspell-en-us hunspell-fr hunspell-de-de hunspell-de-ch
apt install gimp gimp-gutenprint imagemagick digikam hugin gwenview kipi-plugins
apt install sqlite sqlitebrowser python-dateutil filelight conky
apt install pdftk qpdf pdfmod ghostscript cups-pdf atril pdfgrep # handling PDF
apt install gftp bluefish tidy sitecopy # HTML authoring
apt install gpsbabel qmapshack # GPS related
apt install kicad gerbv # electronics development
apt install inkscape gnuplot-x11 # graphics and science :-)
apt install vlc k3b kde-config-cddb audacity easytag clementine # Multimedia and CD authoring
XFCE, MATE: For less complex desktop environments, I usually choose the "Debian Desktop with XFCE" (or MATE) option using tasksel.
A typical installation (again ... you could put all this on one line):
# the following two lines are specific for the MATE desktop: apt install mate-desktop-environment # metapackage apt install caja-sendto caja-open-terminal caja-wallpaper caja-xattr-tags caja-image-converter apt install firefox-esr thunderbird chromium deluge lynx curl nmap dnsutils build-essential module-assistant apt install ufw dos2unix ark rar unrar sharutils subversion rsync unison-gtk apt install ttf-mscorefonts-installer fonts-liberation libreoffice gnote glabels apt install enchant aspell-fr aspell-de hunspell-en-us hunspell-fr hunspell-de-de hunspell-de-ch apt install gimp gimp-gutenprint imagemagick digikam vlc k3b apt install sqlite sqlitebrowser python-dateutil filelight conky k3b apt install pdftk qpdf pdfmod ghostscript cups-pdf atril system-config-printer
Time for some clean-up. On a desktop system, we do not need the Network Manager applet, and I don't understand why minidlna is installed by default without asking. In addition, I observed some trouble with Intel graphics:
apt remove network-manager kde-nm nm minidlna apt remove xserver-xorg-video-intel apt purge xserver-xorg-video-intel
Enable Alt-Ctrl-Backspace to kill X server. This needs to be done AFTER X is set up; the setting we want is on the very last screen:
dpkg-reconfigure keyboard-configuration
For machines that make files available via NFS (i.e. NFS server):
apt install nfs-kernel-server nfs-common vim /etc/exports
For read-only export, /etc/exports contains something like:
/mnt/share 192.168.xxx.0/255.255.255.0(ro,sync,nohide,mp,no_root_squash,no_subtree_check)
For read-write access, /etc/exports contains something like:
/mnt/nasdrive 192.168.xxx.0/255.255.255.0(rw,sync,nohide,mp,no_subtree_check)
The corresponding clients will have something like this in their /etc/fstab:
192.168.xxx.yy:/mnt/nasdrive /mnt/nas nfs noauto,user,bg,hard,intr,_netdev 0 0
... and they need the NFS tools, of course:
apt install nfs-common
If a print server is already on the network, we can simply make it available through /etc/printcap:
cat >> /etc/printcap LJ5MP|HP LaserJet 5MP (via JetDirect) @ i5:rm=hp2:rp=LJ5MP: OKI531|Oki C531dn @ i5:rm=hp2:rp=OKI531: ^D
The CUPS printing system provides also the traditional lpr functionality, so we set the default printer (as user):
lpstat -p -d # see which printers are available lpoptions -d LJ5MP # set default printer
Specify the default papersize:
echo "a4" > /etc/papersize tl-paper set all a4
I keep a fully functional webserver on my local machine, so that I can test webpages with PHP scripts and other functionalities without publishing them on my "real" webserver yet. Installing Apache on Debian is done with a single command:
apt install apache2 php libapache2-mod-php
Since I create and modify all the HTML and PHP files in a folder www/<sitename> inside my home directory, I want to access them directly inside this location (i.e. without copying them to the server). Per-user web directories to the rescue:
a2enmod userdir
In /etc/apache2/mods-enabled/userdir.conf, replace all occurrences of public_html by www, then restart Apache:
systemctl restart apache2
If you get the error message "apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName", the fix is simple:
echo "ServerName localhost" >> /etc/apache2/conf.d/httpd.conf and run apache2ctl configtest to confirm.
Firewall: Since the server is only accessed on the local machine, I do not need to open ports 80 (http) and 443 (https) on the firewall.
We did not set up a specific Samba user. Instead, the Samba shares were created by root and then assigned to an existing user:
mkdir /mnt/share/win/ /mnt/share/win/transfer
chmod 2755 /mnt/share/win/ /mnt/share/win/transfer
chown -R joe:joe /mnt/share/win/
Note that the Linux file permissions are always applied, overriding the things you wish to happen via the Samba config file.
Since we are not using per-user logins here, all file access is simply assigned to the Linux user who owns the Samba share
(and that we just defined above). This is the reason why we use force user and force group in the
config file below.
apt install samba (for the clients: apt install samba-client cifs-utils),
then adjust the configuration file /etc/samba/smb.conf.
Check with testparm.
Some useful entries (not everything is shown) might be:
[global]
follow symlinks = yes # Make symlinks accessible
wide links = yes
allow insecure wide links = yes
map to guest = bad user
create mask = 0664
directory mask = 2755
force create mode = 0644
force directory mode = 2755
[share] # read-only
comment = Shared drive (read-only)
path = /mnt/share/win
public = yes
writable = no
force user = joe
force group = joe
[transfer] # read-write
comment = Transfer drive (read/write for everyone)
path = /mnt/share/win/transfer
public = yes
writable = yes
force user = joe
force group = joe
As usual, almost everything worked right out of the box:
My Wacom Bamboo MTE-450 tablet was detected and immediately usable.
Synchronising with the Palm T2 works: apt install jpilot pilot-link,
then usermod -a -G dialout joe and use usb: as the communication port.
Bluetooth audio finally works, I can use my Bluetooth headset e.g. for videoconferencing:
apt install pulseaudio pulseaudio-module-bluetooth pavucontrol bluez-firmware service bluetooth restart killall pulseaudio
If you can hear audio in the headset but the microphone does not work, the headset is most probably connected as "A2DP Sink" (i.e. listening only).
To correct this, simply launch pavucontrol ("PulseAudio Volume Control"), go to the Configure tab and switch the profile from "Sink" to "Headset".
kdeconnect is a great little application that integrates Android phones and Android Tablets into the KDE desktop. Some use cases that I could appreciate immediately:
First, install the generic Linux tools for scanning and OCR, then add the user to the scanner group:
apt install sane sane-utils xsane parallel tesseract-ocr tesseract-ocr-fra tesseract-ocr-deu usermod -a -G scanner joe
This scanner requires a proprietary driver that is available from the Epson support pages (I don't provide a specific link here - just search for "Epson Image Scan! for Linux"). After downloading and unpacking, launch the installer:
cd /path/to/epson/iscan-bundle-1.0.4.x64.deb/ ./install.sh
This scanner is my workhorse for document scanning. It requires a proprietary driver that is available from Fujitsu (I don't provide a specific link here - just search for "Fujitsu Image Scanner Driver for Linux"). After downloading, just install the .deb package with dpkg:
cd /path/to/fujitsu/fujitsu-sp1120/ dpkg -i pfusp-ubuntu18.04_2.1.1_amd64.deb
One problem with the SP1120 was that I could not access the scanner as normal user: scanimage: open of device pfusp:SP1120:001:002 failed: Access to resource has been denied. The document scanner would only work as root, despite me being member of the group scanner.
The reason is that the Fujitsu scanner driver is using some extended ACL that prevented a normal user from using the device. The fix was to create a specific udev rule to correct the rights:
cat >> /etc/udev/rules.d/50-libsane.rules
# Fujitsu SP1120
ATTRS{idVendor}=="04c5", ATTRS{idProduct}=="1473", ENV{libsane_matched}="yes", MODE="0664",OWNER="root",GROUP="root"
^D
udevadm trigger
The ATTRS can be found by looking at the output of lsusb:
$ lsusb Bus 002 Device 002: ID 04b8:011e Seiko Epson Corp. GT-8300UF [Perfection 1660 PHOTO] Bus 002 Device 010: ID 04c5:1473 Fujitsu, Ltd
The MODE to be used is the same as for /dev/bus/usb/002/002, i.e. the Epson scanner.
The Epson Perfection 2480 scanner does not require a proprietary driver but proprietary firmware:
cp /path/to/downloaded/firmware/esfw41.bin /lib/firmware/
Then, edit /etc/sane.d/snapscan.conf and make two modifications near the top of the file:
firmware /lib/firmware/esfw41.bin /dev/usb/scanner0 bus=usb
After a service saned restart, the scanner should now be accessible.
Starting the scanners was slow since there were too many drivers enabled in /etc/sane.d/dll.conf. I disabled all of these, except the ones that I actually use:
pfusb (the Fujitsu driver)epkowa (the Epson driver)net (for scanning over the network)Also, in /etc/sane.d/epkowa.conf I disabled the scsi line.
My two network printers, a Laserjet 5MP and an OKI 531C, were identified and installed without problems.
For the Brother HL-3140CW, a printer driver from the Brother website is required. The driver features the old i386 architecture but, fortunately, Brother offers a printer installer that will download and install only those i386 packages that are strictly neccessary. After downloading and unpacking, just run the installer, specifying the exact printer type as argument (shown in bold):
bash /home/jha/Downloads/linux-brprinter-installer-2.2.1-1 hl-3140cw
I use VirtualBox to run instances of Microsoft Windows and other software as "guest" inside the Linux system. Install and updates are done through apt:
echo -e "\n# VirtualBox - get it directly from Oracle" >> /etc/apt/sources.list echo "deb http://download.virtualbox.org/virtualbox/debian buster contrib" >> /etc/apt/sources.list wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | apt-key add - apt update apt install virtualbox-6.1 adduser joe vboxusers
To enable USB support you need to download and install a module from the Virtualbox website; the process is self-explaining.
If you use Microsoft Windows 10 as "guest" under Linux and have problems using the microphone,
please launch pavucontrol ("PulseAudio Volume Control") while the Windows "guest" is running,
then verify the settings in check two places:
I am mostly using atril as PDF reader now. If I need to fill in forms, okular.
Yet ... there are still a few use cases where I need to use Acrobat Reader, albeit Adobe has abandoned the software several years ago for the Linux world.
A Debian package of the latest version (9.5.5) is still available but features the old i386 architecture.
Using gdebi helps to keep the amount of 386 packages down,
i.e. we do not install acroread from www.deb-multimedia.org
but use the files from the Adobe ftp server:
apt install gdebi dpkg --add-architecture i386 apt update apt install libc6:i386 libgdk-pixbuf2.0-0:i386 libglib2.0-0:i386 libgtk2.0-0:i386 libxml2:i386 wget ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/9.5.5/enu/AdbeRdr9.5.5-1_i386linux_enu.deb gdebi AdbeRdr9.5.5-1_i386linux_enu.deb
Bug: The software runs (with occasional crashes), but something is wrong with the font management: it would appear that acroread cannot access all of the installed fonts and falls back to its "emergency" fonts, which are not ... pleasing to read, to say the least. You can see this under File > Properties > Fonts, where e.g. Arial is replaced by Adobe Sans MM.
As a workaround, take care to create only PDF files that are PDF/A compliant; these have the fonts embedded.
FWIW, I wrote "something is wrong with the font management" since the output of fc-cache -fv or fc-cache -v shows looped directories:
... /usr/share/fonts/truetype: skipping, looped directory detected /usr/share/fonts/type1: skipping, looped directory detected /usr/local/share/fonts/a: skipping, looped directory detected ...
The Arduino development package provided by Debian is outdated (due to license issues for the newer versions). To install the actual version, I download it from the Arduino website, then proceeded as follows:
sudo mkdir /opt/arduino sudo chown -R joe:joe /opt/arduino/ sudo usermod -a -G dialout joe
.. then continue as normal user:
cd /opt/arduino/ tar xvf ~/Downloads/arduino-1.8.12-linux64.tar.xz cd arduino-1.8.12/ ./install.sh
apt install kaccounts-providers
To add a CardDAV account (Contacts list) to the KDE KOrganizer, go into Kontact > Settings > Configure Kontact > Calendar (!) > General > Tab "Calendars" > Add > DAV Groupware Ressource > enter your account.
To add a Google Calendar to the KDE KOrganizer, go into Kontact > Settings > Configure Kontact > Calendar > General > Tab "Calendars" > Add > Google Calendars and Tasks > enter your gmail account.
To use SQLite in LibreOffice, proceed as follows:
apt install libsqliteodbc cat <<EOF > /etc/odbcinst.ini [SQLite] Description=SQLite ODBC Driver Driver=libsqliteodbc.so Setup=libsqliteodbc.so UsageCount=1 [SQLite3] Description=SQLite3 ODBC Driver Driver=libsqlite3odbc.so Setup=libsqlite3odbc.so UsageCount=1 EOF
The specific databases for each user are referenced in ~/odbc.ini like this:
[Clients 2020] Description=Reservations 2020 Driver=SQLite3 Database=/home/joe/db/reservations/res2020.sqlite Timeout=2000
One weird thing is that the local ~/bin directory is no longer in the PATH (unless you use a login shell), i.e. users cannot execute any scripts in their local bin directory without specifying the full path. To correct this for all users, edit the system-wide /etc/bash.bashrc and add:
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
My preferred writing tool LyX has no print menu anymore. It would appear that printing support was officially dropped from Lyx in 2015, following isolated complaints about the print preview.
The missing print support in LyX was among the reasons why I never moved to Debian 9 "Stretch". Still, I think this is a strange move - I'm using LyX every day to write and print (sic) texts, letters and invoices. Passing through an external viewer just looks like a waste of time to me.
The transition from KDE4 (Debian 8) to KDE5 (Debian 10) resulted in many messed-up configurations and settings.
I ended up logging off, doing a rm .config/plasma* and started over with with an almost fresh desktop.
A further rm .kde/share/config/kdeglobals did significantly speed up the login time.
Of course I had to re-enter many settings and options, but at least the behaviour of most applications was consistent again.
If you want to reduce the spacing between Desktop icons, edit
/usr/share/plasma/plasmoids/org.kde.desktopcontainment/contents/ui/FolderView.qml,
search for the function cellWidth (around line 600) and change as follows:
- var minIconWidth = Math.max(iconWidth, units.iconSizes.small * 8); + var minIconWidth = Math.max(iconWidth, units.iconSizes.small * 6);
I do not like the Breeze Theme (why do so many Linux Desktops try to copy the worst of Microsoft Windows?).
Fortunately, the good old Oxygen style is still there and can be installed with apt install oxygen-icon-theme plasma-theme-oxygen.
Once installed, go to System Settings > Application Style and select QtCurve - the display is much more compact.
I have always used custom locale settings, e.g.
In KDE5, most of the proposed currency formats for my location (Switzerland) are wrong ... and I cannot modify the individual settings - it would appear that they are hardcoded in the Qt source files (!) The problem could be solved easily if there were a means to (re-)introduce custom formats ... as was the case in previous KDE versions. I filed a bug with Debian, it was closed as "Resolved Upstream".
It was suggested to use mixture of different country settings, adjustable in Numeric, Currency and Time Formats >"Detailed Settings":
export LANG=fr_CH.UTF-8 export LC_NUMERIC=C export LC_TIME=en_SE.UTF-8 export LC_MONETARY=de_CH.UTF-8 export LANGUAGE=en_US.UTF-8
... however, as soon as these "mixed" settings are used, they screw up different applications!
As an example, the glabels merge function does not recognize Umlaut or accents.
The problem was temporarily solved with the above rm ./config/plasma* but after I while it reappeared, accompanied by messages like these:
(process:15072): Gtk-WARNING **: 12:35:45.983: Locale not supported by C library.
Using the fallback 'C' locale.
The problem persists even when I launch these applications as LANG=C glabels-3 or LANGUAGE=C glabels-3.
If you have the solution (other than "not touching the Detailed Settings"), please let me know.
Migrating KMail from the previous version (Debian 8, KDE4) to Debian Buster (KDE5) resulted in a big mess. The KMail accounts were only migrated partially, many of the the identities were messed up and many default folders were mis-assigned, including filters.
After a lot of trial and error, I ended up deleting all accounts in KMail and re-entered all account data from scratch (just for the record: 7 different mail accounts). Some things I found out:
The default KMail screen layout is a waste of screen space, so I did the following:
I have been using KMail "forever", IIRC starting with my very first Linux distribution. Over time, the KMail developers introduced changes that modified the scope of the software, moving towards an integration Personal Information Management package (KDE PIM). While I still appreciate the idea, there were core developments unrelated to the initial goal (such as "desktop search") that resulted in a software that is not just complicated but complex - in particular when it comes to to archive and restore.
This has grown into a real issue to me since I need to transfer mails and mail settings between my desktop and my laptop, with thousands of files in the Local Mail folder.
I used to have a working setup with a single unison profile that would perfectly synchronize both machines under Debian 8. The move to KDE5 broke this ... and I am currently working around the problem by using two different unison configurations:
The differences between the two are just two lines, pointed out in the code snippet below. The second configuration still marks all "new" files (= added since the last sync) as unread, but at least they are transferred.
# Unison: ignore all the log files, but not the prf files ignore = Name unison.log ignore = Name .unison/* ignorenot = Name .unison/*prf path = .unison # this is where all the local mail is stored (maildir) path = .local/share/.local-mail.directory path = .local/share/local-mail # Akonadi resources. # this needs to be adjusted every time if you add or remove an account ... # ## COMMENT OUT AFTER 1st SYNC ## path = .local/share/akonadi path = .local/share/akonadi-davgroupware path = .local/share/akonadi_googlecalendar_resource_0 path = .local/share/akonadi_maildir_resource_0 path = .local/share/akonadi_imap_resource_4 path = .local/share/akonadi_migration_agent path = .local/share/emailidentities path = .local/share/kaddressbook path = .local/share/kmail2 path = .local/share/kontact path = .local/share/korganizer path = .local/share/notes # path = .local/share/kxmlgui5 ## COMMENT OUT AFTER 1st SYNC ## path = .config/akonadi path = .config/akonadi-firstrunrc path = .config/akonadi_akonotes_resource_0rc path = .config/akonadi_archivemail_agentrc path = .config/akonadi_contactrc path = .config/akonadi_davgroupware_resource_9rc path = .config/akonadi_followupreminder_agentrc path = .config/akonadi_googlecalendar_resource_0rc path = .config/akonadi_imap_resource_0rc path = .config/akonadi_imap_resource_1rc path = .config/akonadi_imap_resource_2rc path = .config/akonadi_imap_resource_3rc path = .config/akonadi_imap_resource_4rc path = .config/akonadi_imap_resource_5rc path = .config/akonadi_imap_resource_6rc path = .config/akonadi_indexing_agentrc path = .config/akonadi_kalarm_resource_0rc path = .config/akonadi_kalarm_resource_1rc path = .config/akonadi_kalarm_resource_2rc path = .config/akonadi_maildir_resource_0rc path = .config/akonadi_maildispatcher_agent.notifyrc path = .config/akonadi_mailfilter_agentrc path = .config/akonadi_newmailnotifier_agentrc path = .config/akonadi_notes_agentrc path = .config/akonadikderc path = .config/emaildefaults path = .config/emailidentities path = .config/mailtransports path = .config/kaddressbookrc path = .config/kmail2rc path = .config/kmailsearchindexingrc path = .config/kmailsnippetrc
If you want to mount a USB device and get the error message
Error - KIO Client: Unable to run the command specified. The file or folder /media/<username>/... does not exist,
simply unmount the device, then delete its mountpoint in /media/<username>/.
The mountpoint will be re-created when you re-insert the device.
I have no idea what causes this error, but it is related to extended permissions of the mountpoint.
I'm using Debian on all of my computers; this includes laptops. The installation of Debian Buster on a laptop is performed along the same lines as described above and went mostly seamless. Specific points are listed below; a few generic comments and hints:
apt install firmware-linux* firmware-iwlwifi acpi-support ntfs-3g bluetooth bluez bluez-firmware blueman kde-config-touchpad kde-config-systemd plasma-nm print-managerI'm using a Lenovo T440s as main laptop.
The move to Debian 10 was performed in 2020-01 and included a harddisk upgrade: the 128 GB SSD was changed against a 500 GB SSD. The old drive had a 50-GB Windows 7 partition on sda1 that I wanted to preserve and transfer "as is" to the new drive, then extend to 100 GB. I proceeded as follows:
dd if=/dev/sda1 | gzip -c > /path/to/usbdrive/sda1.gzgunzip -c /path/to/backup/sda1.gz | dd of=/dev/sda1cfdisk /dev/sda and check that the drive is marked as bootable (Windows needs this)ntfsresize --size 99G /dev/sda1If you run into trouble detecting Windows, try (under Linux):
os-probe update-grub
The Linux install was without trouble, all devices work as expected and the system is stable through suspend/resume cycles. Here is the disk layout ("Disklabel type: dos"):
| Partition | Size | Filesystem | Label | mount point | Comment |
|---|---|---|---|---|---|
| /dev/sda1 | 93 GB | W95 FAT32 | win | /mnt/win | MS Windows 7 (dual-boot) |
| /dev/sda2 | 20 GB | ext4 | d10 | / | This is the root filesystem of Debian 10. |
| /dev/sda3 | 20 GB | ext4 | other | /mnt/other | This will be used when updating the system in the future. |
| /dev/sda5 | 93 GB | ext4 | home | /home | Home directories. |
| /dev/sda6 | 230 GB | ext4 | share | /mnt/share-local | Backup copy of the local NFS server data. |
| /dev/sda7 | 8 GB | swap | swap | swap | Swap space. |
I'm using an Acer ES1-131 (the sticker on the box says "Aspire E 11") as 2nd portable computer. Mine has an Intel Celeron N3050 Dual-Core CPU @ 1.6 GHz and came with a 500-GB harddisk, 2 GB of RAM and Windows 10 and was totally underpowered for that purpose. Fortunately, it runs very well once you install Linux with a light desktop such as XFCE or MATE, and a later update to 8 GB of RAM made even Windows 10 almost usable on the machine :-)
My disk layout (gpt) preserves most of the Windows partitions but was thoroughly resized to free up space:
| Partition | Size | Filesystem | Label | mount point | Comment |
|---|---|---|---|---|---|
| /dev/sda1 | 100 MB | vfat | ESP | /boot/efi | EFI system with boot files. |
| /dev/sda2 | 16 MB | Microsoft reserved | - | - | left untouched. |
| /dev/sda3 | 97 GB | Microsoft basic data | Acer | /mnt/win | Windows 10 partition, resized |
| /dev/sda4 | 826 MB | Windows recovery environment | - | - | Windows recovery, unused, shrunk to the minimum. |
| /dev/sda5 | 20 GB | ext4 | debian8 | /mnt/debian8 | This holds the "old" Debian 8 files, It will be overwritten when updating the system in the future. |
| /dev/sda6 | 20 GB | ext4 | debian | / | This is the root filesystem of Debian 10. |
| /dev/sda7 | 8 GB | swap | swap | swap | Swap space. |
| /dev/sda8 | 78 GB | ext4 | homedirs | /home | Home directories. |
| /dev/sda9 | 242 GB | ext4 | share-local | /mnt/share-local | Backup copy of the local NFS server data. |
apt install firmware-linux-nonfree firmware-atheros firmware-realtek acpi-support net-tools
To use UEFI boot, simply proceed as follows:
A showstopper was that the graphic display on my machine would not come up. The workaround was to switch to the framebuffer device:
apt install fbdev xserver-xorg-video-fbdev dpkg-reconfigure xserver-xorg-video-fbdev
FWIW, the lspci settings for this graphics card:
00:02.0 VGA compatible controller [0300]: Intel Corporation Atom/Celeron/Pentium Processor
x5-E8000/J3xxx/N3xxx Integrated Graphics Controller [8086:22b1] (rev 21)
On another machine of the same type (this one with Intel Celeron N2840 @ 2.16 GHz and Insyde BIOS V1.10), the install went without problems:
00:02.0 VGA compatible controller: Intel Corporation Atom Processor Z36xxx/Z37xxx Series Graphics & Display (rev 0e)
With Debian 10, the machine finally supports suspend/resume when closing the lid.
On machines with Broadcom BCM43142 chipset, run apt install broadcom-sta-dkms:
this driver "survives" suspend/resume cycles.
With the Qualcomm Atheros QCA 9565 / AR 9565 chipset, WiFi would not come up again after a suspend/resume cycle. The solution is to reload the r8169 driver with a script:
cat <<EOF > /lib/systemd/system-sleep/r8169-refresh
#!/bin/bash
# script to reload the r8169 driver after suspend.
# source: https://askubuntu.com/questions/1029250/ubuntu-18-04-ethernet-disconnected-after-suspend
# 2020-03-05 JHa
PROGNAME=$(basename "$0")
state=$1
action=$2
function log {
logger -i -t "$PROGNAME" "$*"
}
log "Running $action $state"
if [[ $state == post ]]; then
modprobe -r r8169 \
&& log "Removed r8169" \
&& modprobe -i r8169 \
&& log "Inserted r8169"
fi
EOF
(to be completed ...)
If the grub package is updated automatically, it may happen that the system does not boot anymore. In such a case, simply boot into the rescue system and run:
grub-install /dev/sda grub-install /dev/sdb
Both drives will be able to boot alone.