I noticed a report on the release of Debian 8 at DistroWatch. I’ve tried a number of linux distros in the past, but never Debian. So I decided to give it a try.
Downloading
The Debian site suggested the first DVD in their series. So I downloaded “debian-8.0.0-amd64-DVD-1.iso”. I normally prefer to use a meta-link for downloading. But I could not find one for the Debian iso, so I used a torrent link instead. Clicking on that link, my browser offered to use “ktorrent”. And that worked out pretty well. The download speed came close to the max that my ISP provides. After the download was complete, “ktorrent” continued to upload to other torrent users. The upload speed was never more than around 10% of my ISP upload max speed.
After downloading, I also downloaded (with “wget” the files “SHA256SUMS” and “SHA256SUMS.sign” from the same download page. Using “gpg”, I checked the signature in the second of those two files to verify the first. Then I checked the sha256sum of the downloaded iso against the line in the “SHA256SUMS” file.
To be more complete, I used the commands:
gpg --verify SHA256SUMS.sign SHA256SUMS sha256sum -c SHA256SUMS
The last of those commands gave many messages about file not found. It has a number of sha256 checksums, but could only check the one for which I had the corresponding file. I ignored those message, and looked for the Ok on the file that I did have. That way the software compares the checksums, which it can do more reliably than I.
My first use of the “gpg” command also gave an error. I did not have the Debian signing key. So I fetched that from keyservers. Then I fetched some of the keys that had signed it. Then I asked gpg to check the signatures on the Debian key. This is not completely satisfying, since I did not find a signature that connects with my web of trust. Still, it checks a lot more than merely using the checksum alone.
After downloading, I copied the iso directly to a USB. The Debian page suggested using “cp”, though it also mentioned “dd”. I used “dd_rescue” on my opensuse system.
Installing
It was when I tried to install, that I ran into some “surprises”. I wanted to install in an existing encrypted LVM. The Debian installer did not provide an easy way to do that.
I then tried getting a root shell under the installer. My plan was to manually open the encrypted LVM, and then ask the installer to rescan the disks. My hope was that this would allow an install into an existing encrypted LVM.
Alas, there was no “cryptsetup” command available in the shell. So I was stymied at the outset.
I then used google to search for answers. I used the search string “install debian existing encrypted lvm” (without the quotes). That gave a number of answers. It seems that the Debian install DVD uses a modified cryptsetup under a different name. And I probably could have used that. Another option would be to install with a live installer, which probably would have the normal “cryptsetup” command available. That would be similar to what I did with an earlier Ubuntu install.
However, I instead decided to do it differently. I plugged in an external drive, and told the installer that it could use the complete drive (deleting what was already there).
I then told the installer to use an encrypted LVM. It created three partitions on my external drive:
- an EFI partition (it formatted this, but did not otherwise use it).
- an “ext” partition for “/boot” sized at around 200M.
- the main LVM partition, containing two logical volumes, one for the root file system and one for swap.
My best recollection is that the installer gave me choice to have separate volumes for “/var”, “/tmp” and “/home”. If it had offered only a separate “/home”, I would have gone with that. But separate “/var” and “/tmp” seemed more than needed.
Then installer next asked what software I wanted. But the choice was crude. I could select a desktop (Gnome, KDE, MATE, Cinnamon, XFCE and maybe one or two more). I chose KDE.
There were few other option in the installer.
The install itself went pretty well. After a while it prompted for the reboot. And, after the reboot, I was running Debian.
I should note that on my computer I hit F12 during boot to get a BIOS boot menu. I did this for the install, to boot from the install USB. And I did it again after install, to boot from the external drive (USB connected).
Reviewing the installer
I’ve already described how the install went. I was not impressed. It reminded me of how much better is the opensuse installer.
I see it as a serious flaw, that there is no direct provision for installing into an existing encrypted LVM. And I’ll note that Ubuntu has a similar flaw. Both Debian and Ubuntu allow install into an encrypted LVM, if the LVM is created by the installer. But they make it difficult to use an existing LVM. And that’s a problem, because the most important part to encrypt are the user home directories. And, on a re-install, you don’t want to have to backup those and start all over.
While I also did not like the lack of fine control over what is installed, that’s not as serious. The Debian strategy, much like the Ubuntu strategy, seems to be to install a fairly minimalist set of software. And then you can install other software later.
UEFI handling
The Debian installer did well on a UEFI system, which was where I did my install. The install DVD (written to USB) booted without problems in UEFI mode. I later tried on a non-UEFI computer, and it booted without problems there too.
The installer handled the UEFI well. I’m not sure why it created an EFI partition on the external drive, since it did not actually use that. Instead, I mounted the EFI partition from the first hard drive as “/boot/efi”, and created a “debian” directory there. It added an entry named “debian” to the NVRAM boot menu, which booted the system without a problem.
There is no support for secure-boot. Debian instructions are clear about that. As I posted earlier, I’m not convinced that secure boot offers much value to the linux user.
The installed system
The installed Debian system seems to be running quite well. The “about KDE” entry on the help screens identifies it as KDE 4.14.2. That’s a little behind the 4.14.6 that I am running with opensuse 13.2, but still reasonably up to date.
Filed under: reviews Tagged: encryption, install, KDE activities, UEFI
