In this section we will describe each installer component in detail. The components have been grouped into stages that should be recognizable for users. They are presented in the order they appear during the install. Note that not all modules will be used for every installation; which modules are actually used depends on the installation method you use and on your hardware.
Let's assume the Debian Installer has booted and you are facing its first screen. At this time, the capabilities of
debian-installer are still quite limited. It doesn't know much about your hardware, preferred language, or even the task it should perform. Don't worry. Because
debian-installer is quite clever, it can automatically probe your hardware, locate the rest of its components and upgrade itself to a capable installation system. However, you still need to help
debian-installer with some information it can't determine automatically (like selecting your preferred language, keyboard layout or desired network mirror).
You will notice that
debian-installer performs hardware detection several times during this stage. The first time is targeted specifically at the hardware needed to load installer components (e.g. your CD-ROM or network card). As not all drivers may be available during this first run, hardware detection needs to be repeated later in the process.
During hardware detection
debian-installer checks if any of the drivers for the hardware devices in your system require firmware to be loaded. If any firmware is requested but unavailable, a dialog will be displayed that allows the missing firmware to be loaded from a removable medium. See Розділ 6.4, «Loading Missing Firmware» for further details.
One of the first things
debian-installer does, is to check available memory. If the available memory is limited, this component will make some changes in the installation process which hopefully will allow you to install Debian GNU/Linux on your system.
The first measure taken to reduce memory consumption by the installer is to disable translations, which means that the installation can only be done in English. Of course, you can still localize the installed system after the installation has completed.
If that is not sufficient, the installer will further reduce memory consumption by loading only those components essential to complete a basic installation. This reduces the functionality of the installation system. You will be given the opportunity to load additional components manually, but you should be aware that each component you select will use additional memory and thus may cause the installation to fail.
If the installer runs in low memory mode, it is recommended to create a relatively large swap partition (64–128MB). The swap partition will be used as virtual memory and thus increases the amount of memory available to the system. The installer will activate the swap partition as early as possible in the installation process. Note that heavy use of swap will reduce performance of your system and may lead to high disk activity.
Despite these measures, it is still possible that your system freezes, that unexpected errors occur or that processes are killed by the kernel because the system runs out of memory (which will result in «Out of memory» messages on VT4 and in the syslog).
For example, it has been reported that creating a big ext3 file system fails in low memory mode when there is insufficient swap space. If a larger swap doesn't help, try creating the file system as ext2 (which is an essential component of the installer) instead. It is possible to change an ext2 partition to ext3 after the installation.
It is possible to force the installer to use a higher lowmem level than the one based on available memory by using the boot parameter «lowmem» as described in Розділ 5.3.2, «Debian Installer Parameters».
In most cases the first questions you will be asked concern the selection of localization options to be used both for the installation and for the installed system. The localization options consist of language, location and locales.
The language you choose will be used for the rest of the installation process, provided a translation of the different dialogs is available. If no valid translation is available for the selected language, the installer will default to English.
The selected geographic location (in most cases a country) will be used later in the installation process to select the correct time zone and a Debian mirror appropriate for that country. Language and country together will help determine the default locale for your system and select the correct keyboard layout.
You will first be asked to select your preferred language. The language names are listed both in English (left side) and in the language itself (right side); the names on the right side are also shown in the proper script for the language. The list is sorted on the English names. At the top of the list is an extra option that allows you to select the «C» locale instead of a language. Choosing the «C» locale will result in the installation proceding in English; the installed system will have no localization support as the
locales package will not be installed.
Next you will be asked to select your geographic location. If you selected a language that is recognized as an official language for more than one country, you will be shown a list of only those countries. To select a country that is not in that list, choose (the last option). You will then be presented with a list of continents; selecting a continent will lead to a list of relevant countries on that continent.
If the language has only one country associated with it, a list of countries will be displayed for the continent or region the country belongs to, with that country selected as the default. Use theoption to select countries on a different continent.
It is important to select the country where you live or where you are located as it determines the time zone that will be configured for the installed system.
If you selected a combination of language and country for which no locale is defined and there exist multiple locales for the language, then the installer will allow you to choose which of those locales you prefer as the default locale for the installed system. In all other cases a default locale will be selected based on the selected language and country.
Any default locale selected as described in the previous paragraph will use UTF-8 as character encoding.
If you are installing at low priority, you will have the option of selecting additional locales, including so-called «legacy» locales, to be generated for the installed system; if you do, you will be asked which of the selected locales should be the default for the installed system.
Keyboards are often tailored to the characters used in a language. Select a layout that conforms to the keyboard you are using, or select something close if the keyboard layout you want isn't represented. Once the system installation is complete, you'll be able to select a keyboard layout from a wider range of choices (run dpkg-reconfigure keyboard-configuration as root after you have completed the installation).
Move the highlight to the keyboard selection you desire and press Enter. Use the arrow keys to move the highlight — they are in the same place in all national language keyboard layouts, so they are independent of the keyboard configuration.
When installing via the hd-media method, there will be a moment where you need to find and mount the Debian Installer iso image in order to get the rest of the installation files. The component iso-scan does exactly this.
At first, iso-scan automatically mounts all block devices (e.g. partitions and logical volumes) which have some known filesystem on them and sequentially searches for filenames ending with
.ISO for that matter). Beware that the first attempt scans only files in the root directory and in the first level of subdirectories (i.e. it finds
/data/, but not
/data/tmp/). After an iso image has been found, iso-scan checks its content to determine if the image is a valid Debian iso image or not. In the former case we are done, in the latter iso-scan seeks for another image.
In case the previous attempt to find an installer iso image fails, iso-scan will ask you whether you would like to perform a more thorough search. This pass doesn't just look into the topmost directories, but really traverses whole filesystem.
If iso-scan does not discover your installer iso image, reboot back to your original operating system and check if the image is named correctly (ending in
.iso), if it is placed on a filesystem recognizable by
debian-installer, and if it is not corrupted (verify the checksum). Experienced Unix users could do this without rebooting on the second console.
Note that the partition (or disk) hosting the ISO image can't be reused during the installation process as it will be in use by the installer. To work-around this, and provided that you have enough system memory, the installer can copy the ISO image into RAM before mounting it. This is controlled by the low priority
iso-scan/copy_iso_to_ram debconf question (it is only asked if the memory requirement is met).
As you enter this step, if the system detects that you have more than one network device, you'll be asked to choose which device will be your primary network interface, i.e. the one which you want to use for installation. The other interfaces won't be configured at this time. You may configure additional interfaces after installation is complete; see the interfaces(5) man page.
debian-installer tries to configure your computer's network automatically as far as possible. If the automatic configuration fails, that may be caused by many factors ranging from an unplugged network cable to missing infrastructure for automatic configuration. For further explanation in case of errors, check the error messages on the fourth console. In any case, you will be asked if you want to retry, or if you want to perform a manual setup. Sometimes the network services used for autoconfiguration can be slow in their responses, so if you are sure everything is in place, simply start the autoconfiguration attempt again. If autoconfiguration fails repeatedly, you can instead choose the manual network setup.
The manual network setup in turn asks you a number of questions about your network, notably
Name server addresses, and a
Hostname. Moreover, if you have a wireless network interface, you will be asked to provide your
Wireless ESSID («wireless network name») and a
WEP key or
WPA/WPA2 passphrase. Fill in the answers from Розділ 3.3, «Information You Will Need».
Some technical details you might, or might not, find handy: the program assumes the network IP address is the bitwise-AND of your system's IP address and your netmask. The default broadcast address is calculated as the bitwise OR of your system's IP address with the bitwise negation of the netmask. It will also guess your gateway. If you can't find any of these answers, use the offered defaults — if necessary, you can change them by editing
From Debian GNU/Linux 7.0 («Wheezy») onwards,
debian-installer supports IPv6 as well as the «classic» IPv4. All combinations of IPv4 and IPv6 (IPv4-only, IPv6-only and dual-stack configurations) are supported.
Autoconfiguration for IPv4 is done via DHCP (Dynamic Host Configuration Protocol). Autoconfiguration for IPv6 supports stateless autoconfiguration using NDP (Neighbor Discovery Protocol, including recursive DNS server (RDNSS) assignment), stateful autoconfiguration via DHCPv6 and mixed stateless/stateful autoconfiguration (address configuration via NDP, additional parameters via DHCPv6).
Just before configuring the clock, the installer will allow you to set up the «root» account and/or an account for the first user. Other user accounts can be created after the installation has been completed.
The root account is also called the super-user; it is a login that bypasses all security protection on your system. The root account should only be used to perform system administration, and only used for as short a time as possible.
Any password you create should contain at least 6 characters, and should contain both upper- and lower-case characters, as well as punctuation characters. Take extra care when setting your root password, since it is such a powerful account. Avoid dictionary words or use of any personal information which could be guessed.
If anyone ever tells you they need your root password, be extremely wary. You should normally never give your root password out, unless you are administering a machine with more than one system administrator.
In case you do not specify a password for the «root» user here, this account will be disabled but the sudo package will be installed later to enable administrative tasks to be carried out on the new system. By default, the first user created on the system will be allowed to use the sudo command to become root.
The system will ask you whether you wish to create an ordinary user account at this point. This account should be your main personal log-in. You should not use the root account for daily use or as your personal login.
Why not? Well, one reason to avoid using root's privileges is that it is very easy to do irreparable damage as root. Another reason is that you might be tricked into running a Trojan-horse program — that is a program that takes advantage of your super-user powers to compromise the security of your system behind your back. Any good book on Unix system administration will cover this topic in more detail — consider reading one if it is new to you.
You will first be prompted for the user's full name. Then you'll be asked for a name for the user account; generally your first name or something similar will suffice and indeed will be the default. Finally, you will be prompted for a password for this account.
If at any point after installation you would like to create another account, use the adduser command.
The installer will first attempt to connect to a time server on the Internet (using the NTP protocol) in order to correctly set the system time. If this does not succeed, the installer will assume the time and date obtained from the system clock when the installation system was booted are correct. It is not possible to manually set the system time during the installation process.
Depending on the location selected earlier in the installation process, you may be shown a list of time zones relevant for that location. If your location has only one time zone and you are doing a default installation, you will not be asked anything and the system will assume that time zone.
In expert mode or when installing at medium priority, you will have the additional option to select «Coordinated Universal Time» (UTC) as time zone.
If for some reason you wish to set a time zone for the installed system that does not match the selected location, there are two options.
The simplest option is to just select a different time zone after the installation has been completed and you've booted into the new system. The command to do this is:
# dpkg-reconfigure tzdata
Alternatively, the time zone can be set at the very start of the installation by passing the parameter
time/zone= when you boot the installation system. The value should of course be a valid time zone, for example
For automated installations the time zone can be set to any desired value using preseeding.
At this time, after hardware detection has been executed a final time,
debian-installer should be at its full strength, customized for the user's needs and ready to do some real work. As the title of this section indicates, the main task of the next few components lies in partitioning your disks, creating filesystems, assigning mountpoints and optionally configuring closely related options like RAID, LVM or encrypted devices.
If you are uncomfortable with partitioning, or just want to know more details, see Додаток C, Partitioning for Debian.
First you will be given the opportunity to automatically partition either an entire drive, or available free space on a drive. This is also called «guided» partitioning. If you do not want to autopartition, choose from the menu.
The partitioner used in
debian-installer is fairly versatile. It allows to create many different partitioning schemes, using various partition tables, file systems and advanced block devices.
Exactly which options are available depends mainly on the architecture, but also on other factors. For example, on systems with limited internal memory some options may not be available. Defaults may vary as well. The type of partition table used by default can for example be different for large capacity hard disks than for smaller hard disks. Some options can only be changed when installing at medium or low debconf priority; at higher priorities sensible defaults will be used.
The installer supports various forms of advanced partitioning and use of storage devices, which in many cases can be used in combination.
Logical Volume Management (LVM)
Supported are RAID levels 0, 1, 4, 5, 6 and 10.
Serial ATA RAID (using
Also called «fake RAID» or «BIOS RAID». Support for Serial ATA RAID is currently only available if enabled when the installer is booted. Further information is available on our Wiki.
See our Wiki for information. Support for multipath is currently only available if enabled when the installer is booted.
The following file systems are supported.
ext2, ext3, ext4
The default file system selected in most cases is ext4; for
/boot partitions ext2 will be selected by default when guided partitioning is used.
jfs (not available on all architectures)
xfs (not available on all architectures)
reiserfs (optional; not available on all architectures)
Support for the Reiser file system is no longer available by default. When the installer is running at medium or low debconf priority it can be enabled by selecting the
partman-reiserfs component. Only version 3 of the file system is supported.
Existing partitions will be recognized and it is possible to assign mount points for them. It is not possible to create new qnx4 partitions.
Existing NTFS partitions can be resized and it is possible to assign mount points for them. It is not possible to create new NTFS partitions.
If you choose guided partitioning, you may have three options: to create partitions directly on the hard disk (classic method), or to create them using Logical Volume Management (LVM), or to create them using encrypted LVM.
The option to use (encrypted) LVM may not be available on all architectures.
When using LVM or encrypted LVM, the installer will create most partitions inside one big partition; the advantage of this method is that partitions inside this big partition can be resized relatively easily later. In the case of encrypted LVM the big partition will not be readable without knowing a special key phrase, thus providing extra security of your (personal) data.
When using encrypted LVM, the installer will also automatically erase the disk by writing random data to it. This further improves security (as it makes it impossible to tell which parts of the disk are in use and also makes sure that any traces of previous installations are erased), but may take some time depending on the size of your disk.
If you choose guided partitioning using LVM or encrypted LVM, some changes in the partition table will need to be written to the selected disk while LVM is being set up. These changes effectively erase all data that is currently on the selected hard disk and you will not be able to undo them later. However, the installer will ask you to confirm these changes before they are written to disk.
If you choose guided partitioning (either classic or using (encrypted) LVM) for a whole disk, you will first be asked to select the disk you want to use. Check that all your disks are listed and, if you have several disks, make sure you select the correct one. The order they are listed in may differ from what you are used to. The size of the disks may help to identify them.
Any data on the disk you select will eventually be lost, but you will always be asked to confirm any changes before they are written to the disk. If you have selected the classic method of partitioning, you will be able to undo any changes right until the end; when using (encrypted) LVM this is not possible.
Next, you will be able to choose from the schemes listed in the table below. All schemes have their pros and cons, some of which are discussed in Додаток C, Partitioning for Debian. If you are unsure, choose the first one. Bear in mind that guided partitioning needs a certain minimal amount of free space to operate with. If you don't give it at least about 1GB of space (depends on chosen scheme), guided partitioning will fail.
|Partitioning scheme||Minimum space||Created partitions|
|All files in one partition||600MB||
|Separate /home partition||500MB||
|Separate /home, /var and /tmp partitions||1GB||
If you choose guided partitioning using (encrypted) LVM, the installer will also create a separate
/boot partition. The other partitions, including the swap partition, will be created inside the LVM partition.
If you have booted in EFI mode then within the guided partitioning setup there will be an additional partition, formatted as a FAT32 bootable filesystem, for the EFI boot loader. This partition is known as an EFI System Partition (ESP). There is also an additional menu item in the formatting menu to manually set up a partition as an ESP.
After selecting a scheme, the next screen will show your new partition table, including information on whether and how partitions will be formatted and where they will be mounted.
The list of partitions might look like this:
SCSI1 (0,0,0) (sda) - 6.4 GB WDC AC36400L #1 primary 16.4 MB B f ext2 /boot #2 primary 551.0 MB swap swap #3 primary 5.8 GB ntfs pri/log 8.2 MB FREE SPACE SCSI2 (1,0,0) (sdb) - 80.0 GB ST380021A #1 primary 15.9 MB ext3 #2 primary 996.0 MB fat16 #3 primary 3.9 GB xfs /home #5 logical 6.0 GB f ext4 / #6 logical 1.0 GB f ext3 /var #7 logical 498.8 MB ext3
This example shows two hard drives divided into several partitions; the first disk has some free space. Each partition line consists of the partition number, its type, size, optional flags, file system, and mountpoint (if any). Note: this particular setup cannot be created using guided partitioning but it does show possible variation that can be achieved using manual partitioning.
This concludes the guided partitioning. If you are satisfied with the generated partition table, you can choosefrom the menu to implement the new partition table (as described at the end of this section). If you are not happy, you can choose to and run guided partitioning again, or modify the proposed changes as described below for manual partitioning.
A similar screen to the one shown just above will be displayed if you choose manual partitioning except that your existing partition table will be shown and without the mount points. How to manually set up your partition table and the usage of partitions by your new Debian system will be covered in the remainder of this section.
If you select a pristine disk which has neither partitions nor free space on it, you will be asked if a new partition table should be created (this is needed so you can create new partitions). After this, a new line entitled «FREE SPACE» should appear in the table under the selected disk.
If you select some free space, you will have the opportunity to create a new partition. You will have to answer a quick series of questions about its size, type (primary or logical), and location (beginning or end of the free space). After this, you will be presented with a detailed overview of your new partition. The main setting is software RAID, LVM, an encrypted file system, or not be used at all. Other settings include mountpoint, mount options, and bootable flag; which settings are shown depends on how the partition is to be used. If you don't like the preselected defaults, feel free to change them to your liking. E.g. by selecting the option , you can choose a different filesystem for this partition, including options to use the partition for swap, software RAID, LVM, or not use it at all. When you are satisfied with your new partition, select and you will return to partman's main screen., which determines if the partition will have a file system on it, or be used for swap,
If you decide you want to change something about your partition, simply select the partition, which will bring you to the partition configuration menu. This is the same screen as is used when creating a new partition, so you can change the same settings. One thing that may not be very obvious at a first glance is that you can resize the partition by selecting the item displaying the size of the partition. Filesystems known to work are at least fat16, fat32, ext2, ext3 and swap. This menu also allows you to delete a partition.
Be sure to create at least two partitions: one for the root filesystem (which must be mounted as
/) and one for swap. If you forget to mount the root filesystem, partman won't let you continue until you correct this issue.
If you boot in EFI mode but forget to select and format an EFI System Partition, partman will detect this and will not let you continue until you allocate one.
Capabilities of partman can be extended with installer modules, but are dependent on your system's architecture. So if you can't see all promised goodies, check if you have loaded all required modules (e.g.
After you are satisfied with partitioning, selectfrom the partitioning menu. You will be presented with a summary of changes made to the disks and asked to confirm that the filesystems should be created as requested.
If you have more than one harddrive in your computer, you can use partman-md to set up your drives for increased performance and/or better reliability of your data. The result is called Multidisk Device (or after its most famous variant software RAID).
MD is basically a bunch of partitions located on different disks and combined together to form a logical device. This device can then be used like an ordinary partition (i.e. in partman you can format it, assign a mountpoint, etc.).
What benefits this brings depends on the type of MD device you are creating. Currently supported are:
Is mainly aimed at performance. RAID0 splits all incoming data into stripes and distributes them equally over each disk in the array. This can increase the speed of read/write operations, but when one of the disks fails, you will lose everything (part of the information is still on the healthy disk(s), the other part was on the failed disk).
The typical use for RAID0 is a partition for video editing.
Is suitable for setups where reliability is the first concern. It consists of several (usually two) equally-sized partitions where every partition contains exactly the same data. This essentially means three things. First, if one of your disks fails, you still have the data mirrored on the remaining disks. Second, you can use only a fraction of the available capacity (more precisely, it is the size of the smallest partition in the RAID). Third, file-reads are load-balanced among the disks, which can improve performance on a server, such as a file server, that tends to be loaded with more disk reads than writes.
Optionally you can have a spare disk in the array which will take the place of the failed disk in the case of failure.
Is a good compromise between speed, reliability and data redundancy. RAID5 splits all incoming data into stripes and distributes them equally on all but one disk (similar to RAID0). Unlike RAID0, RAID5 also computes parity information, which gets written on the remaining disk. The parity disk is not static (that would be called RAID4), but is changing periodically, so the parity information is distributed equally on all disks. When one of the disks fails, the missing part of information can be computed from remaining data and its parity. RAID5 must consist of at least three active partitions. Optionally you can have a spare disk in the array which will take the place of the failed disk in the case of failure.
As you can see, RAID5 has a similar degree of reliability to RAID1 while achieving less redundancy. On the other hand, it might be a bit slower on write operations than RAID0 due to computation of parity information.
Is similar to RAID5 except that it uses two parity devices instead of one.
A RAID6 array can survive up to two disk failures.
RAID10 combines striping (as in RAID0) and mirroring (as in RAID1). It creates
n copies of incoming data and distributes them across the partitions so that none of the copies of the same data are on the same device. The default value of
n is 2, but it can be set to something else in expert mode. The number of partitions used must be at least
n. RAID10 has different layouts for distributing the copies. The default is near copies. Near copies have all of the copies at about the same offset on all of the disks. Far copies have the copies at different offsets on the disks. Offset copies copy the stripe, not the individual copies.
RAID10 can be used to achieve reliability and redundancy without the drawback of having to calculate parity.
To sum it up:
|Type||Minimum Devices||Spare Device||Survives disk failure?||Available Space|
|RAID0||2||no||no||Size of the smallest partition multiplied by number of devices in RAID|
|RAID1||2||optional||yes||Size of the smallest partition in RAID|
|RAID5||3||optional||yes||Size of the smallest partition multiplied by (number of devices in RAID minus one)|
|RAID6||4||optional||yes||Size of the smallest partition multiplied by (number of devices in RAID minus two)|
|RAID10||2||optional||yes||Total of all partitions divided by the number of chunk copies (defaults to two)|
If you want to know more about Software RAID, have a look at Software RAID HOWTO.
To create an MD device, you need to have the desired partitions it should consist of marked for use in a RAID. (This is done in partman in the menu where you should select → .)
Make sure that the system can be booted with the partitioning scheme you are planning. In general it will be necessary to create a separate file system for
Next, you should choose partman menu. (The menu will only appear after you mark at least one partition for use as .) On the first screen of partman-md simply select . You will be presented with a list of supported types of MD devices, from which you should choose one (e.g. RAID1). What follows depends on the type of MD you selected.from the main
RAID0 is simple — you will be issued with the list of available RAID partitions and your only task is to select the partitions which will form the MD.
RAID1 is a bit more tricky. First, you will be asked to enter the number of active devices and the number of spare devices which will form the MD. Next, you need to select from the list of available RAID partitions those that will be active and then those that will be spare. The count of selected partitions must be equal to the number provided earlier. Don't worry. If you make a mistake and select a different number of partitions,
debian-installer won't let you continue until you correct the issue.
RAID5 has a setup procedure similar to RAID1 with the exception that you need to use at least three active partitions.
RAID6 also has a setup procedure similar to RAID1 except that at least four active partitions are required.
RAID10 again has a setup procedure similar to RAID1 except in expert mode. In expert mode,
debian-installer will ask you for the layout. The layout has two parts. The first part is the layout type. It is either
n (for near copies),
f (for far copies), or
o (for offset copies). The second part is the number of copies to make of the data. There must be at least that many active devices so that all of the copies can be distributed onto different disks.
It is perfectly possible to have several types of MD at once. For example, if you have three 200 GB hard drives dedicated to MD, each containing two 100 GB partitions, you can combine the first partitions on all three disks into the RAID0 (fast 300 GB video editing partition) and use the other three partitions (2 active and 1 spare) for RAID1 (quite reliable 100 GB partition for
After you set up MD devices to your liking, you can partman-md to return back to the partman to create filesystems on your new MD devices and assign them the usual attributes like mountpoints.
If you are working with computers at the level of system administrator or «advanced» user, you have surely seen the situation where some disk partition (usually the most important one) was short on space, while some other partition was grossly underused and you had to manage this situation by moving stuff around, symlinking, etc.
To avoid the described situation you can use Logical Volume Manager (LVM). Simply said, with LVM you can combine your partitions (physical volumes in LVM lingo) to form a virtual disk (so called volume group), which can then be divided into virtual partitions (logical volumes). The point is that logical volumes (and of course underlying volume groups) can span across several physical disks.
Now when you realize you need more space for your old 160GB
/home partition, you can simply add a new 300GB disk to the computer, join it with your existing volume group and then resize the logical volume which holds your
/home filesystem and voila — your users have some room again on their renewed 460GB partition. This example is of course a bit oversimplified. If you haven't read it yet, you should consult the LVM HOWTO.
LVM setup in
debian-installer is quite simple and completely supported inside partman. First, you have to mark the partition(s) to be used as physical volumes for LVM. This is done in the menu where you should select → .
Be aware: the new LVM setup will destroy all data on all partitions marked with an LVM type code. So, if you already have an LVM on some of your disks, and want to install Debian additionally to that machine, the old (already existing) LVM will be wiped out! The same counts for partitions, which are (for any reason) misleadingly marked with an LVM type code, but contain something different (like an encrypted volume). You need to remove such disks from the system, before performing a new LVM setup!
When you return to the main partman screen, you will see a new option . When you select that, you will first be asked to confirm pending changes to the partition table (if any) and after that the LVM configuration menu will be shown. Above the menu a summary of the LVM configuration is shown. The menu itself is context sensitive and only shows valid actions. The possible actions are:
: shows LVM device structure, names and sizes of logical volumes and more
partman screen: return to the main
Use the options in that menu to first create a volume group and then create your logical volumes inside it.
After you return to the main partman screen, any created logical volumes will be displayed in the same way as ordinary partitions (and you should treat them as such).
debian-installer allows you to set up encrypted partitions. Every file you write to such a partition is immediately saved to the device in encrypted form. Access to the encrypted data is granted only after entering the passphrase used when the encrypted partition was originally created. This feature is useful to protect sensitive data in case your laptop or hard drive gets stolen. The thief might get physical access to the hard drive, but without knowing the right passphrase, the data on the hard drive will look like random characters.
The two most important partitions to encrypt are: the home partition, where your private data resides, and the swap partition, where sensitive data might be stored temporarily during operation. Of course, nothing prevents you from encrypting any other partitions that might be of interest. For example
/var where database servers, mail servers or print servers store their data, or
/tmp which is used by various programs to store potentially interesting temporary files. Some people may even want to encrypt their whole system. Generally the only exception here is the
/boot partition which must remain unencrypted, because historically there was no way to load the kernel from an encrypted partition. (GRUB is now able to do that, but
debian-installer currently lacks native support for encrypted
/boot. The setup is therefore covered in a separate document.)
Please note that the performance of encrypted partitions will be less than that of unencrypted ones because the data needs to be decrypted or encrypted for every read or write. The performance impact depends on your CPU speed, chosen cipher and a key length.
To use encryption, you have to create a new partition by selecting some free space in the main partitioning menu. Another option is to choose an existing partition (e.g. a regular partition, an LVM logical volume or a RAID volume). In themenu, you need to select at the option. The menu will then change to include several cryptographic options for the partition.
The encryption method supported by
debian-installer is dm-crypt (included in newer Linux kernels, able to host LVM physical volumes).
Let's have a look at the options available when you select encryption via
Device-mapper (dm-crypt). As always: when in doubt, use the defaults, because they have been carefully chosen with security in mind.
This option lets you select the encryption algorithm (cipher) which will be used to encrypt the data on the partition.
debian-installer currently supports the following block ciphers: aes, blowfish, serpent, and twofish. It is beyond the scope of this document to discuss the qualities of these different algorithms, however, it might help your decision to know that in 2000, AES was chosen by the American National Institute of Standards and Technology as the standard encryption algorithm for protecting sensitive information in the 21st century.
Here you can specify the length of the encryption key. With a larger key size, the strength of the encryption is generally improved. On the other hand, increasing the length of the key usually has a negative impact on performance. Available key sizes vary depending on the cipher.
The Initialization Vector or IV algorithm is used in cryptography to ensure that applying the cipher on the same clear text data with the same key always produces a unique cipher text. The idea is to prevent the attacker from deducing information from repeated patterns in the encrypted data.
From the provided alternatives, the default
xts-plain64 is currently the least vulnerable to known attacks. Use the other alternatives only when you need to ensure compatibility with some previously installed system that is not able to use newer algorithms.
Here you can choose the type of the encryption key for this partition.
The encryption key will be computed on the basis of a passphrase which you will be able to enter later in the process.
A new encryption key will be generated from random data each time you try to bring up the encrypted partition. In other words: on every shutdown the content of the partition will be lost as the key is deleted from memory. (Of course, you could try to guess the key with a brute force attack, but unless there is an unknown weakness in the cipher algorithm, it is not achievable in our lifetime.)
Random keys are useful for swap partitions because you do not need to bother yourself with remembering the passphrase or wiping sensitive information from the swap partition before shutting down your computer. However, it also means that you will not be able to use the «suspend-to-disk» functionality offered by newer Linux kernels as it will be impossible (during a subsequent boot) to recover the suspended data written to the swap partition.
Determines whether the content of this partition should be overwritten with random data before setting up the encryption. This is recommended because it might otherwise be possible for an attacker to discern which parts of the partition are in use and which are not. In addition, this will make it harder to recover any leftover data from previous installations.
After you have selected the desired parameters for your encrypted partitions, return back to the main partitioning menu. There should now be a new menu item called. After you select it, you will be asked to confirm the deletion of data on partitions marked to be erased and possibly other actions such as writing a new partition table. For large partitions this might take some time.
Next you will be asked to enter a passphrase for partitions configured to use one. Good passphrases should be longer than 8 characters, should be a mixture of letters, numbers and other characters and should not contain common dictionary words or information easily associable with you (such as birthdates, hobbies, pet names, names of family members or relatives, etc.).
Before you input any passphrases, you should have made sure that your keyboard is configured correctly and generates the expected characters. If you are unsure, you can switch to the second virtual console and type some text at the prompt. This ensures that you won't be surprised later, e.g. by trying to input a passphrase using a qwerty keyboard layout when you used an azerty layout during the installation. This situation can have several causes. Maybe you switched to another keyboard layout during the installation, or the selected keyboard layout might not have been set up yet when entering the passphrase for the root file system.
If you selected to use methods other than a passphrase to create encryption keys, they will be generated now. Because the kernel may not have gathered a sufficient amount of entropy at this early stage of the installation, the process may take a long time. You can help speed up the process by generating entropy: e.g. by pressing random keys, or by switching to the shell on the second virtual console and generating some network and disk traffic (downloading some files, feeding big files into
/dev/null, etc.). This will be repeated for each partition to be encrypted.
After returning to the main partitioning menu, you will see all encrypted volumes as additional partitions which can be configured in the same way as ordinary partitions. The following example shows a volume encrypted via dm-crypt.
Encrypted volume (
sda2_crypt) - 115.1 GB Linux device-mapper #1 115.1 GB F ext3
Now is the time to assign mount points to the volumes and optionally change the file system types if the defaults do not suit you.
Pay attention to the identifiers in parentheses (
sda2_crypt in this case) and the mount points you assigned to each encrypted volume. You will need this information later when booting the new system. The differences between the ordinary boot process and the boot process with encryption involved will be covered later in Розділ 7.2, «Монтування зашифрованих томів».
Once you are satisfied with the partitioning scheme, continue with the installation.
Although this stage is the least problematic, it consumes a significant fraction of the install because it downloads, verifies and unpacks the whole base system. If you have a slow computer or network connection, this could take some time.
During installation of the base system, package unpacking and setup messages are redirected to
tty4. You can access this terminal by pressing Left Alt+F4; get back to the main installer process with Left Alt+F1.
The unpack/setup messages generated during this phase are also saved in
/var/log/syslog. You can check them there if the installation is performed over a serial console.
As part of the installation, a Linux kernel will be installed. At the default priority, the installer will choose one for you that best matches your hardware. In lower priority modes, you will be able to choose from a list of available kernels.
When packages are installed using the package management system, it will by default also install packages that are recommended by those packages. Recommended packages are not strictly required for the core functionality of the selected software, but they do enhance that software and should, in the view of the package maintainers, normally be installed together with that software.
For technical reasons packages installed during the installation of the base system are installed without their «Recommends». The rule described above only takes effect after this point in the installation process.
At this point you have a usable but limited system. Most users will want to install additional software on the system to tune it to their needs, and the installer allows you do so. This step can take even longer than installing the base system if you have a slow computer or network connection.
One of the tools used to install packages on a Debian GNU/Linux system is the program apt, from the
apt package. Other front-ends for package management, like aptitude and synaptic, are also in use. These front-ends are recommended for new users, since they integrate some additional features (package searching and status checks) in a nice user interface.
apt must be configured so that it knows from where to retrieve packages. The results of this configuration are written to the file
/etc/apt/sources.list. You can examine and edit this file to your liking after the installation is complete.
If you are installing at default priority, the installer will largely take care of the configuration automatically, based on the installation method you are using and possibly using choices made earlier in the installation. In most cases the installer will automatically add a security mirror and, if you are installing the stable distribution, a mirror for the «stable-updates» service.
If you are installing at a lower priority (e.g. in expert mode), you will be able to make more decisions yourself. You can choose whether or not to use the security and/or stable-updates services, and you can choose to add packages from the «contrib» and «non-free» sections of the archive.
If you are installing from a CD or DVD image that is part of a larger set, the installer will ask if you want to scan additional installation media. If you have such additional media available, you probably want to do this so the installer can use the packages included on them.
If you do not have any additional media, that is no problem: using them is not required. If you also do not use a network mirror (as explained in the next section), it can mean that not all packages belonging to the tasks you select in the next step of the installation can be installed.
Packages are included on CD and DVD images in the order of their popularity. This means that for most uses only the first image of a set is needed and that only very few people actually use any of the packages included on the last images of a set.
It also means that buying or downloading and burning a full CD set is just a waste of money as you'll never use most of them. In most cases you are better off getting only the first 3 to 8 CDs and installing any additional packages you may need from the Internet by using a mirror. The same goes for DVD sets: the first DVD, or maybe the first two DVDs will cover most needs.
If you do scan multiple installation media, the installer will prompt you to exchange them when it needs packages from one that isn't currently in the drive. Note that only discs that belong to the same set should be scanned. The order in which they are scanned does not really matter, but scanning them in ascending order will reduce the chance of mistakes.
One question that will be asked during most installs is whether or not to use a network mirror as a source for packages. In most cases the default answer should be fine, but there are some exceptions.
If you are not installing from a full CD/DVD image, you really should use a network mirror as otherwise you will end up with only a very minimal system. However, if you have a limited Internet connection it is best not to select the
desktop task in the next step of the installation.
If you are installing from a single full CD image, using a network mirror is not required, but is still strongly recommended because a single CD image contains only a fairly limited number of packages. If you have a limited Internet connection it may still be best to not select a network mirror here, but to finish the installation using only what's available on the CD image and selectively install additional packages after the installation (i.e. after you have rebooted into the new system).
If you are installing from DVD, any packages needed during the installation should be present on the first DVD image. Use of a network mirror is optional.
One advantage of adding a network mirror is that updates, that have occurred since the CD/DVD images were created and have been included in a point release, will become available for installation, thus extending the life of your CD/DVD set without compromising the security or stability of the installed system.
In summary: selecting a network mirror is generally a good idea, except if you do not have a good Internet connection. If the current version of a package is available from installation media, the installer will always use that. The amount of data that will be downloaded if you do select a mirror thus depends on
the tasks you select in the next step of the installation,
which packages are needed for those tasks,
which of those packages are present on the installation media you have scanned, and
whether any updated versions of packages included on the installation media are available from a mirror (either a regular package mirror, or a mirror for security or stable-updates).
Note that the last point means that, even if you choose not to use a network mirror, some packages may still be downloaded from the Internet if there is a security or stable-updates update available for them and those services have been configured.
Unless you chose not to use a network mirror, you will be presented with a list of network mirrors based upon your country selection earlier in the installation process. Choosing the offered default is usually fine.
The offered default is deb.debian.org, which is not a mirror itself but will redirect to a mirror that should be up-to-date and fast. These mirrors support TLS (https protocol) and IPv6. This service is maintained by the Debian System Administration (DSA) team.
A mirror can also be specified by hand by choosing «enter information manually» . You can then specify a mirror host name and an optional port number. This actually has to be a URL base, i.e. when specifying an IPv6 address, one has to add square brackets around it, for instance «[2001:db8::1]».
If your computer is on an IPv6-only network (which is probably not the case for the vast majority of users), using the default mirror for your country might not work. All the mirrors in the list are reachable via IPv4, but only some of them can be used via IPv6. As connectivity of individual mirrors can change over time, this information is not available in the installer. If there is no IPv6 connectivity for the default mirror for your country, you can either try some of the other mirrors offered to you or choose the «enter information manually» option. You can then specify «ftp.ipv6.debian.org» as the mirror name, which is an alias for a mirror available via IPv6, although it will probably not be the fastest possible one.
During the installation process, you are given the opportunity to select additional software to install. Rather than picking individual software packages from the 87573 available packages, this stage of the installation process focuses on selecting and installing predefined collections of software to quickly set up your computer to perform various tasks.
These tasks loosely represent a number of different jobs or things you want to do with your computer, such as «Desktop environment», «Web server», or «SSH server». Розділ D.2, «Disk Space Needed for Tasks» lists the space requirements for the available tasks.
Some tasks may be pre-selected based on the characteristics of the computer you are installing. If you disagree with these selections you can deselect them. You can even opt to install no tasks at all at this point.
In the standard user interface of the installer, you can use the space bar to toggle selection of a task.
The «Desktop environment» task will install a graphical desktop environment.
Note that this will only work if the packages needed for the desired desktop environment are actually available. If you are installing using a single full CD image, they will possibly need to be downloaded from a network mirror as they might not be available on the CD image due to its limited amount of space. Installing any of the available desktop environments this way should work fine if you are using a DVD image or any other installation method.
The various server tasks will install software roughly as follows. Web server:
apache2; SSH server:
The «Standard system» task will install any package that has a priority «standard». This includes a lot of common utilities that are normally available on any Linux or Unix system. You should leave this task selected unless you know what you are doing and want a really minimal system.
If during language selection a default locale other than the «C» locale was selected, tasksel will check if any localization tasks are defined for that locale and will automatically try to install relevant localization packages. This includes for example packages containing word lists or special fonts for your language. If a desktop environment was selected, it will also install appropriate localization packages for that (if available).
Once you've selected your tasks, select apt will install the packages that are part of the selected tasks. If a particular program needs more information from the user, it will prompt you during this process.. At this point,
You should be aware that especially the Desktop task is very large. Especially when installing from a normal CD-ROM in combination with a mirror for packages not on the CD-ROM, the installer may want to retrieve a lot of packages over the network. If you have a relatively slow Internet connection, this can take a long time. There is no option to cancel the installation of packages once it has started.
Even when packages are included on the CD-ROM, the installer may still retrieve them from the mirror if the version available on the mirror is more recent than the one included on the CD-ROM. If you are installing the stable distribution, this can happen after a point release (an update of the original stable release); if you are installing the testing distribution this will happen if you are using an older image.
If you are installing a diskless workstation, obviously, booting off the local disk isn't a meaningful option, and this step will be skipped.
Before a boot loader is installed, the installer will attempt to probe for other operating systems which are installed on the machine. If it finds a supported operating system, you will be informed of this during the boot loader installation step, and the computer will be configured to boot this other operating system in addition to Debian.
Note that multiple operating systems booting on a single machine is still something of a black art. The automatic support for detecting and setting up boot loaders to boot other operating systems varies by architecture and even by subarchitecture. If it does not work you should consult your boot manager's documentation for more information.
The amd64 boot loader is called «grub». Grub is a flexible and robust boot loader and a good default choice for new users and old hands alike.
By default, grub will be installed on the UEFI partition/the Boot Record of the primary drive, where it will take over complete control of the boot process. If you prefer, you can install it elsewhere. See the grub manual for complete information.
If you do not want to install grub, use thebutton to get to the main menu, and from there select whatever bootloader you would like to use.
This option can be used to complete the installation even when no boot loader is to be installed, either because the arch/subarch doesn't provide one, or because none is desired (e.g. you will use existing boot loader).
If you plan to manually configure your bootloader, you should check the name of the installed kernel in
/target/boot. You should also check that directory for the presence of an initrd; if one is present, you will probably have to instruct your bootloader to use it. Other information you will need are the disk and partition you selected for your
/ filesystem and, if you chose to install
/boot on a separate partition, also your
This is the last step in the Debian installation process during which the installer will do any last minute tasks. It mostly consists of tidying up after the
The installer may ask you if the computer's clock is set to UTC. Normally this question is avoided if possible and the installer tries to work out whether the clock is set to UTC based on things like what other operating systems are installed.
In expert mode you will always be able to choose whether or not the clock is set to UTC. Systems that (also) run Dos or Windows are normally set to local time. If you want to dual-boot, select local time instead of UTC.
At this point
debian-installer will also attempt to save the current time to the system's hardware clock. This will be done either in UTC or local time, depending on the selection that was just made.
The components listed in this section are usually not involved in the installation process, but are waiting in the background to help the user in case something goes wrong.
If the installation is successful, the logfiles created during the installation process will be automatically saved to
/var/log/installer/ on your new Debian system.
Choosingfrom the main menu allows you to save the log files to a USB stick, network, hard disk, or other media. This can be useful if you encounter fatal problems during the installation and wish to study the logs on another system or attach them to an installation report.
There are several methods you can use to get a shell while running an installation. On most systems, and if you are not installing over serial console, the easiest method is to switch to the second virtual console by pressing Left Alt+F2 (on a Mac keyboard, Option+F2). Use Left Alt+F1 to switch back to the installer itself.
For the graphical installer see also Розділ 6.1.1, «Using the graphical installer».
If you cannot switch consoles, there is also an
exit to close the shell and return to the installer.
At this point you are booted from the RAM disk, and there is a limited set of Unix utilities available for your use. You can see what programs are available with the command ls /bin /sbin /usr/bin /usr/sbin and by typing help. The shell is a Bourne shell clone called ash and has some nice features like autocompletion and history.
To edit and view files, use the text editor nano. Log files for the installation system can be found in the
Although you can do basically anything in a shell that the available commands allow you to do, the option to use a shell is really only there in case something goes wrong and for debugging.
Doing things manually from the shell may interfere with the installation process and result in errors or an incomplete installation. In particular, you should always use let the installer activate your swap partition and not do this yourself from a shell.
One of the more interesting components is network-console. It allows you to do a large part of the installation over the network via SSH. The use of the network implies you will have to perform the first steps of the installation from the console, at least to the point of setting up the networking. (Although you can automate that part with Розділ 4.6, «Automatic Installation».)
This component is not loaded into the main installation menu by default, so you have to explicitly ask for it. If you are installing from optical media, you need to boot with medium priority or otherwise invoke the main installation menu and chooseand from the list of additional components select . Successful load is indicated by a new menu entry called .
After selecting this new entry, you will be asked for a new password to be used for connecting to the installation system and for its confirmation. That's all. Now you should see a screen which instructs you to login remotely as the user installer with the password you just provided. Another important detail to notice on this screen is the fingerprint of this system. You need to transfer the fingerprint securely to the person who will continue the installation remotely.
Should you decide to continue with the installation locally, you can always press Enter, which will bring you back to the main menu, where you can select another component.
Now let's switch to the other side of the wire. As a prerequisite, you need to configure your terminal for UTF-8 encoding, because that is what the installation system uses. If you do not, remote installation will be still possible, but you may encounter strange display artefacts like destroyed dialog borders or unreadable non-ascii characters. Establishing a connection with the installation system is as simple as typing:
ssh -l installer
install_host is either the name or IP address of the computer being installed. Before the actual login the fingerprint of the remote system will be displayed and you will have to confirm that it is correct.
The ssh server in the installer uses a default configuration that does not send keep-alive packets. In principle, a connection to the system being installed should be kept open indefinitely. However, in some situations — depending on your local network setup — the connection may be lost after some period of inactivity. One common case where this can happen is when there is some form of Network Address Translation (NAT) somewhere between the client and the system being installed. Depending on at which point of the installation the connection was lost, you may or may not be able to resume the installation after reconnecting.
You may be able to avoid the connection being dropped by adding the option
If you install several computers in turn and they happen to have the same IP address or hostname, ssh will refuse to connect to such host. The reason is that it will have different fingerprint, which is usually a sign of a spoofing attack. If you are sure this is not the case, you will need to delete the relevant line from
After the login you will be presented with an initial screen where you have two possibilities calledand . The former brings you to the main installer menu, where you can continue with the installation as usual. The latter starts a shell from which you can examine and possibly fix the remote system. You should only start one SSH session for the installation menu, but may start multiple sessions for shells.
After you have started the installation remotely over SSH, you should not go back to the installation session running on the local console. Doing so may corrupt the database that holds the configuration of the new system. This in turn may result in a failed installation or problems with the installed system.
 In technical terms: where multiple locales exist for that language with differing country codes.
 At medium and low priority you can always select your preferred locale from those available for the selected language (if there's more than one).
 Legacy locales are locales which do not use UTF-8, but one of the older standards for character encoding such as ISO 8859-1 (used by West European languages) or EUC-JP (used by Japanese).
 The installer will encrypt the LVM volume group using a 256 bit AES key and makes use of the kernel's «dm-crypt» support.
 To be honest, you can construct an MD device even from partitions residing on single physical drive, but that won't give any benefits.
 It is believed that the guys from three-letter agencies can restore the data even after several rewrites of the magnetooptical media, though.
 Note that the program which actually installs the packages is called dpkg. However, this program is more of a low-level tool. apt is a higher-level tool, which will invoke dpkg as appropriate. It knows how to retrieve packages from your installation media, the network, or wherever. It is also able to automatically install other packages which are required to make the package you're trying to install work correctly.
 You should know that to present this list, the installer is merely invoking the tasksel program. It can be run at any time after installation to install more packages (or remove them), or you can use a more fine-grained tool such as aptitude. If you are looking for a specific single package, after installation is complete, simply run
aptitude install , where
package is the name of the package you are looking for.
 That is: press the Alt key on the left-hand side of the space bar and the F2 function key at the same time.
 The following command will remove an existing entry for a host: ssh-keygen -R <