Manual Debian Install#
Standard#
In this example we will do a manual installation of Debian GNU/Linux from another Debian GNU/Linux system.
This gives us more control on the packages to install and more variability on disk configurations. This method is similar to the one used to install Arch Linux.
Vedi anche
Partition name |
Mount point |
mdadm name |
/dev/nvme0n1p0 |
/boot |
/dev/md0 |
/dev/nvme0n1p1 |
/ |
/dev/md1 |
/dev/nvme0n1p2 |
/home |
/dev/md2 |
/dev/nvme0n1p3 |
/data |
/dev/md3 |
/dev/nvme1n1p0 |
/boot |
/dev/md0 |
/dev/nvme1n1p1 |
/ |
/dev/md1 |
/dev/nvme1n1p2 |
/home |
/dev/md2 |
/dev/nvme1n1p3 |
/data |
/dev/md3 |
install the packages to perform a Debian installation
apt-get install debootstrap arch-install-scripts
create GPT partitions using fdisk and set their type to Linux RAID
fdisk /dev/nvme0n1 # [ ... ] fdisk /dev/nvme1n1 # [ ... ]
make the RAID devices
mdadm --create --verbose --level=1 --metadata=1.0 --raid-devices=2 /dev/md0 /dev/nvme0n1p0 /dev/nvme1n1p0 mdadm --create --verbose --level=10 --metadata=1.2 --chunk=512 --raid-devices=2 --layout=f2 /dev/md1 /dev/nvme0n1p1 /dev/nvme1n1p1 mdadm --create --verbose --level=10 --metadata=1.2 --chunk=512 --raid-devices=2 --layout=f2 /dev/md2 /dev/nvme0n1p2 /dev/nvme1n1p2 mdadm --create --verbose --level=10 --metadata=1.2 --chunk=512 --raid-devices=2 --layout=f2 /dev/md3 /dev/nvme0n1p3 /dev/nvme1n1p3
make the filesystems
mkfs.ext4 /dev/md0 mkfs.f2fs -O extra_attr,inode_checksum,sb_checksum /dev/md1 mkfs.f2fs -O extra_attr,inode_checksum,sb_checksum /dev/md2 mkfs.f2fs -O extra_attr,inode_checksum,sb_checksum /dev/md3
enable a swap partiton optionally
mount the partitions
mount /dev/md1 /mnt/debinst mkdir /mnt/debinst/boot /mnt/debinst/home /mnt/debinst/data mount /dev/md0 /mnt/debinst/boot mount /dev/md2 /mnt/debinst/home mount /dev/md3 /mnt/debinst/data
debootstrap
/usr/sbin/debootstrap --arch amd64 bullseye /mnt/debinst https://debian.mirror.garr.it/debian/
generate the fstab file
genfstab -U /mnt/debinst >> /mnt/debinst/etc/fstab
do a chroot
arch-chroot /mnt/debinst
set the timezone, locale and fix the binaries path for the root user
echo 'PATH=$PATH:/sbin' >> ~/.bashrc dpkg-reconfigure tzdata apt-get install locales && dpkg-reconfigure locales locale-gen
install these packages: these are just a selection of stuff I frequently use
apt-get install apt-transport-tor f2fs-tools btrfs-progs htop openssh-server openssh-client sshfs haveged ntpsec apache2 postfix dovecot-core fail2ban cups ffmpeg motion rtorrent docker smartmontools autossh screen nut python3-pip curl wget python3 git sane irqbalance unbound thermald earlyoom dnscrypt-proxy qemu-system-x86 qemu rsync roundcube-core schedtool certbot python-certbot-apache lshw usbutils powertop offlineimap gdisk bash-completion linux-image-amd64 man-db w3m dnsutils lm-sensors borgmatic python3-bs4 console-setup keyboard-configuration
update the RAID configuration
apt-get install mdadm mdadm --detail --scan >> /etc/mdadm.conf
install the bootloader. I prefer using Syslinux on servers but unfortunately it needs to be installed manually on Debian
apt-get install syslinux extlinux mkdir /boot/syslinux cp /usr/lib/syslinux/modules/bios/*.c32 /boot/syslinux/ extlinux --install /boot/syslinux sgdisk /dev/nvme0n1 --attributes=1:set:2 sgdisk /dev/nvme1n1 --attributes=1:set:2 sgdisk /dev/nvme0n1 --attributes=1:show sgdisk /dev/nvme1n1 --attributes=1:show dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/mbr/gptmbr.bin of=/dev/nvme0n1 dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/mbr/gptmbr.bin of=/dev/nvme1n1
add this configuration for the bootloader
1# Config file for Syslinux - 2# /boot/syslinux/syslinux.cfg 3# 4# Comboot modules: 5# * menu.c32 - provides a text menu 6# * vesamenu.c32 - provides a graphical menu 7# * chain.c32 - chainload MBRs, partition boot sectors, Windows bootloaders 8# * hdt.c32 - hardware detection tool 9# * reboot.c32 - reboots the system 10# 11# To Use: Copy the respective files from /usr/lib/syslinux to /boot/syslinux. 12# If /usr and /boot are on the same file system, symlink the files instead 13# of copying them. 14# 15# If you do not use a menu, a 'boot:' prompt will be shown and the system 16# will boot automatically after 5 seconds. 17# 18# Please review the wiki: https://wiki.parabola.nu/index.php/Syslinux 19# The wiki provides further configuration examples 20 21DEFAULT debian 22PROMPT 0 # Set to 1 if you always want to display the boot: prompt 23TIMEOUT 50 24# You can create syslinux keymaps with the keytab-lilo tool 25KBDMAP it.ktl 26 27# Menu Configuration 28# Either menu.c32 or vesamenu32.c32 must be copied to /boot/syslinux 29#UI menu.c32 30UI vesamenu.c32 31 32# Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu 33MENU TITLE Debian GNU/Linux 34MENU COLOR border 35;40 #ff777caa #a0000000 std 35MENU COLOR title 1;35;40 #ff777caa #a0000000 std 36MENU COLOR sel 7;35;47 #e0ffffff #20777caa all 37MENU COLOR unsel 35;40 #ff777caa #a0000000 std 38MENU COLOR help 35;40 #c0b2b2b2 #a0000000 std 39MENU COLOR timeout_msg 35;40 #ff777caa #00000000 std 40MENU COLOR timeout 1;35;40 #ff777caa #00000000 std 41MENU COLOR msg07 35;40 #ff777caa #a0000000 std 42MENU COLOR tabmsg 35;40 #ff777caa #00000000 std 43 44MENU WIDTH 78 45MENU MARGIN 4 46MENU ROWS 7 47MENU VSHIFT 10 48MENU TABMSGROW 14 49MENU CMDLINEROW 14 50MENU HELPMSGROW 16 51MENU HELPMSGENDROW 29 52 53# boot sections follow 54# 55# TIP: If you want a 1024x768 framebuffer, add "vga=773" to your kernel line. 56# 57#-* 58 59LABEL debian 60MENU LABEL Debian 5.10.0-13 61LINUX ../vmlinuz-5.10.0-13-amd64 62APPEND root=UUID=4a276a15-c79b-49ba-ac6e-17564eafb9fd rw 63INITRD ../initrd.img-5.10.0-13-amd64 64 65# If you want Memtest on syslinux, use this LABEL section to launch it (install the memtest86+ package) 66LABEL memtest 67MENU LABEL Memtest86+ 68LINUX ../memtest86+/memtest.bin 69 70LABEL hdt 71 MENU LABEL HDT (Hardware Detection Tool) 72 COM32 hdt.c32 73 74LABEL reboot 75 MENU LABEL Reboot 76 COM32 reboot.c32 77 78LABEL poweroff 79 MENU LABEL Poweroff 80 COM32 poweroff.c32
Nota
The UUID of the root filesystem in this example is
4a276a15-c79b-49ba-ac6e-17564eafb9fd
. You can get this valuelsblk -o name,uuid | grep md1
The kernel version is
5.10.0-13-amd64
add these modules to the initramfs
1# List of modules that you want to include in your initramfs. 2# They will be loaded at boot time in the order below. 3# 4# Syntax: module_name [args ...] 5# 6# You must run update-initramfs(8) to effect this change. 7# 8# Examples: 9# 10# raid1 11# sd_mod 12 13encrypt 14 15lvm2 16fsck 17udev 18keyboard 19autodetect 20raid1 21raid10 22f2fs 23fscrypto 24crc32-pclmul 25crc32c_generic 26crc32c-intel 27crc32_generic 28libcrc32c
update the initramfs
update-initramfs -k all -u
blacklist the kernel package so we don’t have to deal changing the bootloader configuration every time a new kernel is available. This way you are responsible to remove the blacklist and update Syslinux’s configuration when needed
apt-mark hold linux-image-amd64
Nota
To remove the hold run
apt-mark unhold linux-image-amd64
edit
/etc/network/interfaces
to get a static IP addressenable the OpenSSH server
systemctl enable ssh
temporarely enable root access via ssh. Set this value
PermitRootLogin yes
Avvertimento
Remember to disable root access once you create new users!
add a new root password
passwd root
run sync and quit
sync exit
unmount the partitions
umount -R /mnt/debinst
Variations#
Encryption#
If you are encrypting the root partition using LVM on LUKS you have to change the bootloader configuration and the crypttab file.
Vedi anche
dm-crypt/Encrypting an entire system - ArchWiki [5]
change Syslinux’s
APPEND
lines# [ ... ] APPEND cryptdevice=UUID=ABCD-0123:cryptlvm root=/dev/MyLVMgroupName/root rw # [ ... ]
edit the crypttab file like this
# <target name> <source device> <key file> <options> key UUID=ABCD-0123 none luks
Nota
ABCD-0123
is the UUID of the physical partition.MyLVMgroupName
is the name of the LVM group where the root partition is installed.
Footnotes