This page contains miscellaneous notes about the installation of (and also "upgrade to") Debian 12 "Bookworm" on several of my computers. Historically, this page is a follow-up to my "other" Debian pages and supersedes these. It also documents some specific installation cases and also includes rants about some issues that I encountered. - As usual, this document has been "anonymised" in a few places; in particular IP addresses have been replaced by xxx or yyy.
Note that some of the configurations will deviate from the previous settings. The main reason is that we have modified several parts of our setup: my desktop computer is no longer the "central" server and router; instead, it has been converted back to a "standard" desktop. A separate, low-power computer (also running Debian 12 of course) is now acting as router, and it also serves as a secondary back-up NFS server and a Samba server.
On a few machines, I simply performed an in-place upgrade of the existing system, instead on a new installation.
First, make sure the system is fully up to date:
apt update && apt upgrade apt autoremove
Next, edit /etc/apt/sources.list and replace all occurrences of bullseye with bookworm and add the new non-free-firmware parts.
The final file looks as follows:
deb http://deb.debian.org/debian/ bookworm main non-free-firmware contrib non-free deb-src http://deb.debian.org/debian/ bookworm main non-free-firmware contrib non-free deb http://security.debian.org/debian-security bookworm-security main non-free-firmware contrib non-free deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware contrib non-free deb http://deb.debian.org/debian/ bookworm-updates main non-free-firmware contrib non-free deb-src http://deb.debian.org/debian/ bookworm-updates main non-free-firmware contrib non-free
Now, verify if we can access all upgrades:
apt update
If the previous command shows no error, we can proceed:
apt upgrade --without-new-pkgs apt full-upgrade
That's all :-) The process can take anything between a few minutes and a few hours, depending on the speed of the machine and the number of packages installed.
You will be asked several times if you want to keep existing configuration files or if you want to overwrite them with the version provided by the package maintainer: For most of the server-related packages and for customized services such as ssh, I kept my version.
Once the upgrade is finished, reboot the system.
If you run other operating systems on the same machine, you may want to run:
dpkg-reconfigure grub-pc
The initial installation was performed using the Debian 12 64-bit "netinstall" USB stick. A while earlier, I had replaced the conventional 1-TB HDD by a 500-GB SSD as system disk and repurposed the "old" HDD for file storage. Also, the machine had been upgraded from 8 GB to 12 GB RAM. Overall, the disk layout is now as follows:
| Partition | Size | Filesystem | Label | mount point | Comment |
|---|---|---|---|---|---|
| /dev/sda1 | 250 MB | vfat | EFI | /boot/efi | |
| /dev/sda2 | 38 GB | ext4 | debian | / | This is the root filesystem of Debian 12 (on the fast SSD). |
| /dev/sda3 | 11 GB | swap | swap | swap | Swap space. |
| /dev/sda4 | 120 GB | ext4 | home | /home | Home directories, now on the fast SSD. |
| /dev/sda5 | 305 GB | ext4 | vbox | /mnt/vbox | VirtualBox files. This really benefits from the fast SSD! |
| /dev/sdb1 | 128 MB | vfat | EFI | (currently not mounted) | |
| /dev/sdb2 | 430 GB | ext4 | share | /mnt/share | Local NFS export for music, photos, etc. |
| /dev/sdb3 | 430 GB | ext4 | backup_local | /mnt/backup_local | Yet another backup space. |
| /dev/sdb3 | 12 GB | swap | swap | swap | Swap space. |
Packages: During the installation, I select at least ssh server, file server and standard system utilities for any computer.
Desktop: For machines running the KDE desktop, I select this. For low-end machines, I prefer the XFCE desktop and install it with the Debian installer.
Once the initial installation finished and the system has booted, log in.
The first thing I do is to apt install vim, edit /etc/vim/vimrc and un-comment syntax on.
Next, edit /etc/apt/sources.list and add the new non-free-firmware parts on all 6 lines. The final file is shown above.
apt update
apt install firmware-linux* firmware-misc-nonfree acpi-support hwinfo ntpdate hwinfo lshw mc acl \
firmware-amd-graphics firmware-realtek firmware-atheros firmware-iwlwifi
If not already included in some metapackage, do apt install openssh-server and set up sshd.
Some key entries in my /etc/ssh/sshd_config are:
Port 1234 # obviously not THIS port but you get the idea Protocol 2 PermitRootLogin no PermitEmptyPasswords no PasswordAuthentication yes AcceptEnv LANG LC_* Banner /etc/issue.net AllowUsers joe jack
Create the banner file that is shown upon login:
cat <<EOF > /etc/issue.net ******************************************************************** * This system is for the use of authorized users only. * * Unauthorized access to this system is prohibited. * * * * Usage of this system is monitored and recorded. * * Anyone using this system expressly consents to such monitoring * * and is advised that if such monitoring reveals possible * * evidence of criminal activity, system personnel may provide the * * evidence from such monitoring to law enforcement officials. * ******************************************************************** EOF
On the server, /etc/hosts contains some fixed IP addresses and aliases in my local network (most are handled by dnmasq, see below).
/etc/hosts.allow
ALL: 127.0.0.1 LOCAL 192.168.* (or 192.168.999.* or whatever fits your subnet)
/etc/hosts.deny
sshd: ALL EXCEPT LOCAL : rfc931 : spawn (/usr/sbin/safe_finger -l @%h | \
mail -s%d-%h root) & : twist /bin/echo "Access prohibited by system administration. Go away."
ALL: ALL EXCEPT LOCAL
On all my machines except laptops, I want security updates to be downloaded and applied automatically:
apt install unattended-upgrades dpkg-reconfigure unattended-upgrades
Bad News: The network interfaces have been renamed. While this is supposed to bring more consistency in the device naming, it also introduces a lot of problems since scripts are no longer transferable between computers:
In the "past", the first interface was always assigned to eth0. Even if the system had multiple interface cards, the old naming scheme allowed to define "which card is what interface" in /etc/udev/rules.d/70-persistent-net.rules. Afterwards, you could use eth0 and eth1 across multiple systems. In standard systems with a single network card, only eth0 was present anyway and the details did not matter. This was universal and could be replicated across all kinds of systems, from firewall rules through the Samba configuration up to utilities such as Conky. It meant that you could swap entire harddisks between computers and be sure that the machine would boot and connect.
With the "new" interface names, all these scripts need to be revised on every single computer. On different computers I have seen interface names as colorful as enp3s0, enp4s0, enp0s25, enp63s0 (?!), wlp2s0, wlp3s0, wlp5s0 and others. Where is the consistency in this?
After figuring out "which card does what" with ip a, I adjusted /etc/network/interfaces
to assigned the way the two cards are operated. At the same time, this is where the firewall is launched:
source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # firewall pre-up iptables-restore < /etc/iptables.conf # the external network card auto enp3s0 allow-hotplug enp3s0 iface enp3s0 inet dhcp # The primary (internal) network interface auto enp4s0 allow-hotplug enp4s0 iface enp4s0 inet static address 192.168.xxx.yy netmask 255.255.255.0 broadcast 192.168.xxx.255 # do NOT set any gateway here!
For any machine that does not require routing, the uncomplicated
firewall ufw is probably the easiest solution out there:
apt install ufw ufw enable ufw allow in 1234/tcp
However, I could not figure out how to use ufw with a router and NAT (and make the rules persists after a reboot!).
After wasting too much time with different firewall options, I decided to stick with good old iptables
for the router since it was the "easiest" to configure. The file /etc/network/iptables.conf contains mostly the same firewall rules as before:
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -i enp4s0 -j ACCEPT -A INPUT -p icmp --icmp-type any -j ACCEPT -A INPUT -p 50 -j ACCEPT -A INPUT -p 51 -j ACCEPT -A INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # sshd runs on a non-standard port. Obviously not THIS one but you get the idea ;-) -A INPUT -m state --state NEW -m tcp -p tcp --dport 1234 -j ACCEPT # router -A FORWARD -i enp3s0 -o enp4s0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i enp4s0 -o enp3s0 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A POSTROUTING -o enp3s0 -j MASQUERADE COMMIT
For a system that is used as a router, edit /etc/sysctl.conf and activate routing by un-commenting the line net.ipv4.ip_forward=1.
To have a local DHCP server, apt install dnsmasq, then edit /etc/dnsmasq.conf:
local=/localnet/ interface=enp4s0 listen-address=127.0.0.1 domain=localnet dhcp-range=192.168.xxx.yy,192.168.xxx.zz,12h dhcp-leasefile=/var/lib/misc/dnsmasq.leases log-queries dhcp-host=01:12:23:34:45:56,thing # assign name "thing" to MAC address 01:12:23:34:45:56
Reboot.
At this point, the router functionality should be established and your machines on the internal network should be able to access Internet again. Test if DNS is working, e.g.:
dig debian.org @localhost nslookup debian.org localhost nslookup debian.org i5.localnet
FIXME
While we're at it, let's create a directory for my backup log files ...
mkdir /var/log/backup
I prefer not to install all language packs. Here, be careful to select the languages you want to keep!
Generally I select the generic language plus the UTF-8 variant, e.g. de and then dialects such as de_DE.UTF-8 and de_CH.UTF-8 :
apt install localepurge localepurge
Now, install the desktop files.
KDE:
apt install kde-config-systemd kde-style-qtcurve-qt5 gtk2-engines-qtcurve print-manager gtk2-engines-oxygen oxygen-icon-theme plasma-theme-oxygen apt install lyx texlive-font-utils texlive-lang-english texlive-lang-french texlive-lang-german # typesetting apt install pdftk qpdf pdfmod ghostscript cups-pdf atril pdfgrep # handling PDF apt install gftp bluefish tidy sitecopy # HTML authoring apt install gpsbabel qmapshack # GPS related apt install kicad gerbv # electronics development apt install inkscape gnuplot-x11 # graphics and science :-) apt install vlc k3b kde-config-cddb audacity easytag clementine # Multimedia and CD authoring
XFCE, MATE: For less complex desktop environments, I usually choose the "Debian Desktop with XFCE" (or MATE) option using tasksel.
A typical installation (again ... you could put all this on one line):
# the following two lines are specific for the MATE desktop: apt install mate-desktop-environment # metapackage apt install caja-sendto caja-open-terminal caja-wallpaper caja-xattr-tags caja-image-converter apt install firefox-esr thunderbird chromium deluge lynx curl nmap dnsutils build-essential module-assistant apt install ufw dos2unix ark rar unrar sharutils subversion rsync unison-gtk apt install ttf-mscorefonts-installer fonts-liberation libreoffice gnote glabels apt install enchant aspell-fr aspell-de hunspell-en-us hunspell-fr hunspell-de-de hunspell-de-ch apt install gimp gimp-gutenprint imagemagick digikam vlc k3b apt install sqlite sqlitebrowser python-dateutil filelight conky k3b apt install pdftk qpdf pdfmod ghostscript cups-pdf atril system-config-printer
Time for some clean-up. On a desktop system, we do not need the Network Manager applet, and I don't understand why minidlna is installed by default without asking. In addition, I observed some trouble with Intel graphics:
apt remove network-manager kde-nm nm minidlna apt remove xserver-xorg-video-intel apt purge xserver-xorg-video-intel
When you install KDE, Debian 12 will automatically install Wayland. I prefer to stay with the standard X server, so lets remove Wayland altogether:
apt remove plasma-workspace-wayland
Enable Alt-Ctrl-Backspace to kill X server. This needs to be done AFTER X is set up; the setting we want is on the very last screen:
dpkg-reconfigure keyboard-configuration
For machines that make files available via NFS (i.e. NFS server):
apt install nfs-kernel-server nfs-common vim /etc/exports
For read-only export, /etc/exports contains something like:
/mnt/share 192.168.xxx.0/255.255.255.0(ro,sync,nohide,mp,no_root_squash,no_subtree_check)
For read-write access, /etc/exports contains something like:
/mnt/nasdrive 192.168.xxx.0/255.255.255.0(rw,sync,nohide,mp,no_subtree_check)
The corresponding clients will have something like this in their /etc/fstab:
192.168.xxx.yy:/mnt/nasdrive /mnt/nas nfs noauto,user,bg,hard,intr,_netdev 0 0
... and they need the NFS tools, of course:
apt install nfs-common
I keep a fully functional webserver on my local machine, so that I can test webpages with PHP scripts and other functionalities without publishing them on my "real" webserver yet (I use sitecopy to publish these data later on, synchronizing my local directories 1:1 with those on the webserver). Installing Apache on Debian is done with a single command:
apt install apache2 php libapache2-mod-php
Since I create and modify all the HTML and PHP files in a folder www/<sitename> inside my home directory, I want to access them directly inside this location (i.e. without copying them to the server). Per-user web directories come to the rescue, but the entire Apache configuration seems to be "hardwired" to the folder location public_html. Since I am using www, some files need to be modified:
a2enmod userdir sed -i "s/public_html/www/" /etc/apache2/mods-available/userdir.conf sed -i "s/public_html/www/" /etc/apache2/mods-available/php8.2.conf # in this file, follow also the instructions in the section '# Running PHP scripts in user directories is disabled by default' systemctl restart apache2
I noticed that some of my PHP files would not run. The error log in /var/log/apache2/error.log showed PHP Fatal error: Uncaught Error: Class "IntlDateFormatter" not found in .... The problem was solved by installing the "intl" extension to PHP:
apt install php8.2-intl systemctl restart apache2
Since this server is only accessed on the local machine, I do not need to open ports 80 (http) and 443 (https) on the firewall.
We did not set up a specific Samba user. Instead, the Samba shares were created by root and then assigned to an existing user:
mkdir /mnt/share/win/ /mnt/share/win/transfer
chmod 2755 /mnt/share/win/ /mnt/share/win/transfer
chown -R joe:joe /mnt/share/win/
Note: the Linux file permissions are always applied, overriding the things you wish to happen via the Samba config file.
Since we are not using per-user logins here, all file access is simply assigned to the Linux user who owns the Samba share
(and that we just defined above). This is the reason why we use force user and force group in the
config file below.
apt install samba (for the clients: apt install samba-client cifs-utils),
then adjust the configuration file /etc/samba/smb.conf.
Check with testparm.
Some useful entries (not everything is shown) might be:
[global]
follow symlinks = yes # Make symlinks accessible
wide links = yes
allow insecure wide links = yes
map to guest = bad user
create mask = 0664
directory mask = 2755
force create mode = 0644
force directory mode = 2755
[share] # read-only
comment = Shared drive (read-only)
path = /mnt/share/win
public = yes
writable = no
force user = joe
force group = joe
[transfer] # read-write
comment = Transfer drive (read/write for everyone)
path = /mnt/share/win/transfer
public = yes
writable = yes
force user = joe
force group = joe
As usual, almost everything worked right out of the box or with only minor tweaks, most of these are related to vendor-specific quirks:
Synchronising with the Palm T2 works, but the related packages seem to be un-maintained today. We need to enable some of the old sources in /etc/apt/sources.list:
cat >> /etc/apt/sources.list # jpilot is only available in the old (deb10) repos: deb http://deb.debian.org/debian/ buster main ^D apt update # refresh apt install jpilot pilot-link # install software usermod -a -G dialout joe # add "joe" to the "dialout" group
Remember to use usb: as the communication port.
kdeconnect is a great little application that integrates Android phones and Android Tablets into the KDE desktop. Some use cases that I could appreciate immediately:
First, install the generic Linux tools for scanning and OCR, then add the user to the scanner group:
apt install sane sane-utils xsane parallel tesseract-ocr tesseract-ocr-fra tesseract-ocr-deu usermod -a -G scanner joe
This scanner requires a proprietary driver that is available from the Epson support pages (I don't provide a specific link here - just search for "Epson Image Scan! for Linux"). After downloading and unpacking, launch the installer:
cd /path/to/downloaded/epson/iscan-bundle-1.0.4.x64.deb/ bash ./install.sh
This scanner is my workhorse for document scanning. It requires a proprietary driver that is available from Fujitsu (I don't provide a specific link here - just search for "Fujitsu Image Scanner Driver for Linux"). After downloading, install the .deb package with dpkg:
cd /path/to/downloaded/fujitsu/fujitsu-sp1120/ dpkg -i pfusp-ubuntu18.04_2.1.1_amd64.deb
As mentioned before, the Fujitsu scanner driver is using some extended ACL that prevents a normal user from using the device. The fix is to create a specific udev rule to correct the rights:
cat >> /etc/udev/rules.d/50-libsane.rules
# Fujitsu SP1120
ATTRS{idVendor}=="04c5", ATTRS{idProduct}=="1473", ENV{libsane_matched}="yes", MODE="0664",OWNER="root",GROUP="root"
^D
udevadm trigger
These ATTRS can be found by looking at the output of lsusb:
$ lsusb Bus 002 Device 013: ID 04c5:1473 Fujitsu, Ltd
To ensure a fast start of the scanners, I disabled most drivers in /etc/sane.d/dll.conf,
except the net entry (for scanning over the network).
Both the Fujitsu pfusb and the Epson epkowa drivers will receive their own files and are no longer "embedded" in /etc/sane.d/dll.conf.
If you use scanners over the network, remember to enable the "SANE daemon" on the machine where the scanners are attached.
My two network printers, a HP Laserjet 5MP and an OKI 531C, were identified in CUPS and installed without problems. The Laserjet required a specific driver before it would work:
apt install printer-driver-hpcups
Also, most printers have menus that presents way too may options. As an example, I mostly print in DIN A4 as standard paper size, followed by occasional A5 and rarely A6. All other page sizes are not interesting and will only clutter the menu. Therefore, I modified the corresponding PPD files and only kept "my" paper sizes. Of course, I keep a copy of these PPD files for any re-installation.
The CUPS printing system provides also the traditional lpr functionality, so we set the default printer (as user):
lpstat -p -d # see which printers are available lpoptions -d LJ5MP # set default printer
Specify the default papersize:
echo "a4" > /etc/papersize tl-paper set all a4
For the Brother P-touch QL-1100 label printer, Brother only provides driver for 32-bit architecture. We need to add this to the system before we can install the driver:
dpkg --add-architecture i386 apt update apt install lib32z1 # this is needed dpkg -i brother.ql1100pdrv-2.1.4-0.i386.deb
To define labels in A6 size (the standard shipping label for international parcels):
brpapertoollpr_ql1100 -P QL-1100 -n customA6 -w 103 -h 152
To print such a label, use Page Scaling NONE and Auto Rotate and Center ON (the page orientation does not matter).
To define labels in A7 size (small shipping labels for national parcels):
brpapertoollpr_ql1100 -P QL-1100 -n customA7 -w 103 -h 78
To print such a label, use Orientation PORTRAIT, Page Scaling NONE and Auto Rotate and Center OFF.
The main desktop computer is equipped with a NVIDIA Corporation GK208B [GeForce GT 710] graphics card that I mostly use for 3D visualisation. This card seems to be not very well supported, but you get the full 3D functionality even without installing any on the proprietary NVIDIA drivers.
If you really want to install the NVIDIA drivers:
apt install nvidia-detect nvidia-detect # then install what is proposed here, e.g. apt install nvidia-tesla-470-driver
Removal:
apt remove nvidia-* apt purge nvidia*
I use VirtualBox to run instances of Microsoft Windows and other software as "guest" inside the Linux system. I used to get these files directly from Oracle, but Debian has complicated the handling of such external files due to the required file signatures. However, we can now use the Debian fasttrack system:
cat >> /etc/apt/sources.list # VirtualBox - get it through Debian fasttrack deb https://fasttrack.debian.net/debian-fasttrack/ bookworm-fasttrack main contrib deb https://fasttrack.debian.net/debian-fasttrack/ bookworm-backports-staging main contrib ^D apt install fasttrack-archive-keyring apt update apt install virtualbox virtualbox-guest-additions-iso adduser joe vboxusers
To enable USB support you need to download and install a module from the Virtualbox website; the process is self-explaining.
If you use Microsoft Windows 10 as "guest" under Linux and have problems using the microphone,
please launch pavucontrol ("PulseAudio Volume Control") while the Windows "guest" is running,
then verify the settings in check two places:
apt install kaccounts-providers
To add a CardDAV account (Contacts list) to the KDE KOrganizer, go into Kontact > Settings > Configure Kontact > Calendar (!) > General > Tab "Calendars" > Add > DAV Groupware Ressource > enter your account.
To add a Google Calendar to the KDE KOrganizer, go into Kontact > Settings > Configure Kontact > Calendar > General > Tab "Calendars" > Add > Google Calendars and Tasks > enter your gmail account.
To install the latest Firefox versions, you can replace the Debian built-in firefox-esr by the versions provided by Mozilla (Source):
# import the Mozilla apt repository key, then check the fingerprint
wget -q https://packages.mozilla.org/apt/repo-signing-key.gpg -O- | sudo tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null
gpg -n -q --import --import-options import-show /etc/apt/keyrings/packages.mozilla.org.asc | awk '/pub/{getline; gsub(/^ +| +$/,""); if($0 == "35BAA0B33E9EB396F59CA838C0BA5CE6DC6315A3") print "\nThe key fingerprint matches ("$0").\n"; else print "\nVerification failed: the fingerprint ("$0") does not match the expected one.\n"}'
# add the Mozilla apt repository to sources.list.d
echo "deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main" | sudo tee -a /etc/apt/sources.list.d/mozilla.list > /dev/null
# adjust priorities
echo '
Package: *
Pin: origin packages.mozilla.org
Pin-Priority: 1000
' | sudo tee /etc/apt/preferences.d/mozilla
# remove the Debian-provided package and install the new one
apt remove firefox-esr
apt install firefox
To install Python modules that are not in the Debian repositories, use pipx. This will install and manage a virtual environment:
apt install pipx ## this will also install python3.11-venv apt install python3-svglib
As normal user, you can then install the packages in your local environment:
pipx install qrbill pipx ensurepath
The Arduino development package provided by Debian is outdated (due to license issues for the newer versions). To install the actual 2.x version, I downloaded the AppImage version from the Arduino website, then proceeded as follows:
mkdir /opt/arduino chown -R joe:joe /opt/arduino/ ln -s /opt/arduino/arduino-ide_2.2.1_Linux_64bit.AppImage arduino usermod -a -G dialout joe
One issue is that the local ~/bin directory is no longer in the PATH (unless you use a login shell), i.e. users cannot execute any scripts in their local bin directory without specifying the full path. To correct this for all users, edit the system-wide /etc/bash.bashrc and add:
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
I do not like the Breeze Theme (why do so many Linux Desktops try to copy the worst of Microsoft Windows?).
Fortunately, the good old Oxygen style is still there and can be installed with apt install oxygen-icon-theme plasma-theme-oxygen.
Once installed, I modified the following settings to get a much more compact display:
Similar to this, the default KMail screen layout is a waste of screen space, so I did the following:
Another weird thing is a security policy of Imagemagick, which does not allow conversion pdf-related conversions. This issue exists for quite a while now. A workaround is to disable a section in /etc/ImageMagick-6/policy.xml by commenting it out (i.e. moving the comment-closing sign at the bottom):
<!-- disable ghostscript format types <policy domain="coder" rights="none" pattern="PS" /> <policy domain="coder" rights="none" pattern="PS2" /> <policy domain="coder" rights="none" pattern="PS3" /> <policy domain="coder" rights="none" pattern="EPS" /> <policy domain="coder" rights="none" pattern="PDF" /> <policy domain="coder" rights="none" pattern="XPS" /> -->
I'm using Debian on all of my computers; this includes laptops. The installation of Debian 12 on a laptop is performed along the same lines as described above and went mostly seamless. Specific points are listed below; a few generic comments and hints:
apt install firmware-linux* firmware-iwlwifi acpi-support ntfs-3g bluetooth bluez bluez-firmware blueman kde-config-touchpad kde-config-systemd plasma-nm print-managerFIXME
I'm using an Acer ES1-131 (the sticker on the box says "Aspire E 11") as 2nd portable computer. Mine has an Intel Celeron N3050 Dual-Core CPU @ 1.6 GHz and came with a 500-GB harddisk, 2 GB of RAM and Windows 10 and was totally underpowered for that purpose. Fortunately, it runs very well once you install Linux with a light desktop such as XFCE or MATE, and a later update to 8 GB of RAM and replacing the harddisk by a 512-GB SSD made even Windows 10 usable on the machine :-)
Here is the current disk layout (gpt):
| Partition | Size | Filesystem | Label | mount point | Comment |
|---|---|---|---|---|---|
| /dev/sda1 | 100 MB | vfat | ESP | /boot/efi | EFI system with boot files. |
| /dev/sda2 | 16 MB | Microsoft reserved | - | - | left untouched. |
| /dev/sda3 | 97 GB | Microsoft basic data | Acer | /mnt/win | Windows 10 partition, resized |
| /dev/sda4 | 0.8 GB | Windows recovery environment | - | - | Windows recovery, unused, shrunk to the minimum. |
| /dev/sda5 | 20 GB | ext4 | debian8 | / | This is the root filesystem of Debian 12. |
| /dev/sda6 | 20 GB | ext4 | debian | /mnt/debian-old | This was the "old" Debian 11 root filesystem. |
| /dev/sda7 | 8 GB | swap | swap | swap | Swap space. |
| /dev/sda8 | 85 GB | ext4 | home | /home | Home directories. |
| /dev/sda9 | 246 GB | ext4 | share-local | /mnt/share-local | Backup copy of the local NFS server data. |
To use UEFI boot, simply proceed as follows:
Since I am using two different partitions for the root filesystem, I can perform a complete installation in one partition and still keep the "old" system, should some problem occur. Again, this all went without problems:
# as root:
apt install vim # my preferred editor ;-)
vim /etc/vim/vimrc # un-comment "syntax on"
vim /etc/ssh/sshd_config # adjust port, Banner and AllowUsers
vim /etc/apt/sources.list # add "contrib non-free" to all entries, as explained above
apt update
dpkg-reconfigure grub-efi-amd64 # required since this is a dual-boot machine
mkdir /mnt/win # prepare windows mountpoint
tail -3 /mnt/debian-old/etc/fstab >> /etc/fstab
vim /etc/fstab # windows mount: /dev/sda3 /mnt/win ntfs utf8 0 0
apt install firmware-linux* firmware-atheros firmware-ath9k-htc firmware-misc-nonfree
apt install lyx unison-gtk chromium deluge curl nmap dnsutils build-essential module-assistant \
dos2unix rar unrar sharutils subversion ttf-mscorefonts-installer glabels pdftk qpdf pdfarranger \
aspell-fr aspell-de hunspell-fr hunspell-de-de hunspell-de-ch gimp-gutenprint vlc \
sqlite3 sqlitebrowser python-is-python3 python3-dateutil mailutils nfs-common \
smartmontools lshw hwinfo ntpdate filelight conky munin-client acpi-support \
thunderbird android-file-transfer qmapshack bluez-firmware blueman
dpkg-reconfigure keyboard-configuration # allow Alt-Ctrl-Backspace to kill the X server
apt install localepurge
localepurge
With Debian 12, the machine fully supports suspend/resume when closing the lid. Graphics, Network and WiFi survive the sleep mode without any problems :-)
On one of our servers, I decided to do a complete re-installation. After booting from USB stick, the system automatically detected the pre-existing RAID configuration and suggested the corresponding mdX devices. I merely had to select the mount points of the individual partitions.
On this machine, Debian was installed in a separate root partition. Again, I could copy many configuration files from the previous version:
# as root: usermod -aG sudo joe # add joe to the sudoers apt install vim # my preferred editor ;-) vim /etc/vim/vimrc # un-comment "syntax on" vim /etc/ssh/sshd_config # adjust port, Banner and AllowUsers vim /etc/apt/sources.list # add "contrib non-free" to all entries, as explained above tail -1 /mnt/debian11/etc/exports >> /etc/exports cat /mnt/debian11/etc/issue.net >> /etc/issue.net cp -v /mnt/debian11/etc/resolv.conf /etc/resolv.conf cp -v /mnt/debian11/etc/hosts.deny /etc/hosts.deny cp -v /mnt/debian11/etc/hosts.allow /etc/hosts.allow ## /etc/hosts was identical vim /etc/network/interfaces # add permanent connection (this is a server) vim /etc/resolv.conf # check for local network dpkg-reconfigure grub-pc apt remove xsane saned apt install firmware-linux* firmware-misc-nonfree acpi-support ntpdate hwinfo lshw mc mailutils smartmontools apt install nfs-kernel-server nfs-common apt install unattended-upgrades dpkg-reconfigure unattended-upgrades apt install localepurge localepurge
We are using munin to monitor the status of the machines on our network.
The installation is simple and the /etc/munin/munin-node.conf configuration file on the clients essentially contains the
address of the munin server: allow ^192\.168\.xx\.yy$.
apt install munin-node cp -v /mnt/debian11/etc/munin/munin-node.conf /etc/munin/ munin-node-configure --shell --families=contrib,auto | sh -x
If the grub package is updated automatically, it may happen that the system does not boot anymore. In such a case, simply boot into the rescue system and run:
grub-install /dev/sda grub-install /dev/sdb
Both drives will be able to boot alone.