Why I run Debian, and some Debian tricks

After Dan Bowman pointed out another blogger’s recent difficulties installing Evolution on Mandrake 8.1, I had little comment other than, “That wouldn’t be an issue if you’re running Debian.” Well, I think I said a few other things because I tend to be wordy, but that was the only important thing I had to say.Debian is one of the more difficult Linux distributions to install (you have to know what hardware is in your machine–it doesn’t nicely autodetect everything like Mandrake), but it’s far and away the easiest distribution to maintain. We’ll get back to that in a minute.

Released versions of Debian tend to be ultra-conservative. The current version, Debian 2.2r5, still uses the 2.2.19 kernel, for one thing (and that’s a fairly recent change). The current 2.2 kernel is either 2.2.39 or 2.2.40. All packages (at least all the ones anyone uses anymore) are constantly checked and maintained and patched. In theory, the current stable Debian release ought to be the most bullet-proof Linux available.

Besides Debian Stable, there’s also Debian Testing and Debian Unstable. Debian Unstable is pretty cutting-edge, but I’ve had no problems running it. I just keep up with the current patches and the system runs fine. I know people who run production servers on Testing and Unstable and get away with it.

If you want the latest and greatest stuff, after you install Debian, edit the file /etc/apt/sources.list and uncomment the ftp and http lines. Next, copy and paste those lines, then edit the “stable” to read “unstable.” (Or if you’re more conservative, edit it to read “testing.”) Be aware that occasionally you’ll run into problems running packages from unstable under stable. I ran Evolution, Galeon, Dillo, Sylpheed, and a multitude of other packages from unstable just fine, but when I installed AbiWord (a really nice, lean, mean, superfast word processor, by the way) it failed to run right. I upgraded to unstable, and then it worked perfectly.

OK, let’s talk some tricks.

Want to upgrade your distribution after a new version comes out, or upgrade from stable to testing or unstable? Easy. Type this:

apt-get update ; apt-get dist-upgrade

Then Debian will go download the pieces it needs to upgrade itself.

Want to keep your system up to date with any little changes (security patches, whatever) that may have happened recently? Type this:

apt-get update ; apt-get upgrade

So Debian lets you keep a current and presumably secure installation very easily. If you run that line regularly, you can rest assured that if your system is insecure, it’s not Debian’s fault but rather a misconfiguration on your part.

Want to try out some new piece of software? Forget having to hunt down RPMs or keep track of your distribution CD. Check availability with this command sequence:

apt-get update ; apt-cache pkgnames [name of program]

Found it? Excellent. Install it with this command:

apt-get install [name of program]

And if it wasn’t as great as you heard, you can uninstall it with this command:

apt-get remove [name of program]

System acting goofy? This’ll cure much that ails you:

apt-get clean ; apt-get update ; apt-get check

So from a system administration standpoint, Debian is great. Debian developers often try to justify the difficulty of installation by saying you only have to run it once, and to a degree, they’re right.

Compiling a kernel under Debian

I found a nice document detailing customizing your kernel under Debian. The standard method works under Debian, of course, but it’s cleaner to do it within the confines of your package manager–then it doesn’t go stomping on files you modified. Plus it’s actually a little easier to let Debian handle some of the details.

Here are the notes I took while using the document.

With additions:
Use kernel-source-2.4.17

export CFLAGS=”-O3 -mcpu=i686 -march=i386 -fforce-addr -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop -frerun-loop-opt -malign-functions=4″
export CXXFLAGS=”-O3 -mcpu=i686 -march=i386 -fforce-addr -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop -frerun-loop-opt -malign-functions=4″

Using -march=i686 is known to cause instability and not improve performance by any noticeable amount. The kernel mostly ignores these settings but I set them anyway. You can alternatively set them in the file /etc/profile. If you ever find yourself compiling apps from source, you want these options set so they’ll perform optimally.

A correction:
Debian tar doesn’t seem to support the -I switch for bzip2. So I extracted the archive with the following:
bunzip2 -k -c kernel-source-2.4.17.tar.bz2 | tar -xf –

the -k switch tells bzip2 to keep the original file intact, while -c tells it to extract to stdout. The | redirects stdout to the specified program, in this case, tar. -xf tells it to extract the file.

I got an error on make xconfig:

make: wish: command not found.

So I headed off to www.debian.org/distrib/packages. At the bottom of the page, there’s a form where you can type a filename and it’ll tell you what package it comes from. Type in “wish,” hit enter, and I get a long list, including /usr/bin/wish8.3 in a package named libs/tk8.3. Sounds promising. So I do an apt-get install tk8.3 and I’m in business. Type make xconfig again, and we’re set. This page is also a really good way to hunt down packages if you don’t know exactly how Debian named it.

Options I chose for kernel compilation:

Code maturity level options: prompt for development and/or incomplete code/drivers. I answered Yes, so I’d get modern filesystem support.
Loadable module support: I answered yes to all. I’ve read that disabling modules and compiling everything directly into the kernel can improve performance but I’m wary of that. If the kernel’s too big, the system won’t boot. And the idea of modules is to keep only what you need in memory. So I suppose there are instances where a no-modules kernel could increase performance, but there are certainly instances where it would hurt. I chose to be conservative.
Processor type and features: I changed a couple of the defaults. Double-check the processor family option; in my experience it’s usually but not always correct. Enable MTRR support unless you’re using a 486, Pentium, or AMD K5 CPU. All other reasonably modern CPUs, including AMD, Cyrix, Intel, and WinChip, support MTRRs for increased GUI performance. Since the PC I’m using only has one CPU, I disable SMP support. Then I enable local APIC and IO-APIC support on uniprocessors.
General setup: I accepted the defaults, because aggressive use of APM makes me really nervous. Under Windows, APM always does me more harm than good.
MTD: Since I don’t use any flash memory devices, I accepted the defaults of No.
Parallel port support: Curiously, this was disabled by default. This PC has a parallel port but I only use network printers, so I left it disabled to save a little memory.
Plug and play configuration: I said no to ISA plug and play support, since this machine is a laptop and won’t have any ISA PnP cards. On modern PCs that have no ISA slots, say N.
Block devices: The defaults are usually sufficient, but some configurations need RAM disk support and initrd support turned on. If you’re going to mess around with ISO images, you’ll probably want to turn on loopback device support.
Multi-device support: I’ve never seen a laptop with RAID, so the default of disabling it all works great for me.
Networking options: The defaults are fine for most uses. If you’re going to make a router or firewall out of your PC, enable Netfilter.
Telephony support: I disabled it.
ATA/IDE/MFM/RLL support: Disable it if you have an all-SCSI system. I don’t. Turn on SCSI emulation support if you use a CD-R or CD-RW. Under IDE chipset support/bugfixes, disable the chipsets your PC doesn’t have. This laptop has an Intel chipset, so all I had enabled were Generic PCI IDE chipset support, Sharing PCI IDE Interrupts support, Generic PCI bus-master support, Use PCI DMA by default when available, Intel PIIXn chipset support, PIIXn tuning support.
SCSI support: I have an all-IDE system (unfortunately), so I disabled it. Note that SCSI emulation for a CD-R counts as a SCSI device, as does a parallel port Zip drive. Since I have neither, I’m safe disabling it to save some memory and speed up boot time slightly.
IEEE 1394 (Firewire support): I disabled it since I have no Firewire ports.
I2O device support: I disabled it.
Network device support: This can be tricky. I turned off SLIP and PPP since I don’t use them. You may need PPP. I turned off ARCnet support, which you’ll probably do as well since ARCnet is very rare. I have a 100-megabit 3Com 3c556 NIC in this laptop, so I went into Ethernet 10 or 100 Mbit, drilled down to 3COM cards, and said yes to 3c590/3c900 series, since that’s the driver the 3c556 uses. I turned off the others. I like to compile support for the machine’s NIC straight into the kernel when I can, since it speeds up network configuration at boot time. On servers, I’ve been known to compile support for every type of NIC I own into the kernel, so that if I ever have to change NICs, it’ll come back up automatically without any configuration from me. I turned off wireless, token-ring, PCMCIA, ATM, amateur radio, infrared, and ISDN support.
Old CD-ROM drivers: You can probably turn this off, unless you know you have an old proprietary 1X or 2X CD-ROM drive. These were the drives that generally plugged straight into an ISA sound card, and they were very common on 486s. I sold tons of these things in 1994; I’m pretty sure that by the time I was selling PCs again in the summer of 1995, everything I was selling had an IDE drive in it.
Input core support: I don’t use USB input devices, so I turned it off.
Character devices: Near the bottom, after Ftape support, there are options for specific chipsets. You can find out what chipset you have by typing the command lspci in a shell. (You have to be root to do this–use the su command if you’re logged in as yourself, as you should be.) This laptop has an Intel 440BX chipset, so I turned off the VIA, AMD, SiS and ALI support.
Multimedia devices: Disable video for Linux unless you have a capture card. Most will disable Radio adapters as well.
File systems: I enable Ext3 and ReiserFS, along with DOS FAT and VFAT (as modules), ISO 9660 and Joliet, NTFS read-only (as module). Under network file systems, I enable SMB since I (unfortunately) work in Windows environments. I disable NFS since we have no NFS servers.
Console drivers: The defaults work for me.
Sound: Since I have onboard sound, I enable sound support and pick my chipset, in this case, ESS Maestro3. I disable all others.
USB support: I have USB ports but don’t use them. I left it enabled just in case, but I’m not sure why.
Bluetooth: I don’t use it, so I disabled it.
Kernel Hacking: I disabled Kernel debugging, the default.
Whew! Hit Save and Exit. Exit X to save some system resources while compiling and installing.

The end result was an up-to-date kernel (2.4.17) that was about 200K smaller than the stock 2.2.19 kernel and boots to a login prompt in 18 seconds flat, as opposed to 45 seconds before. Much of the improvement is due to the 3c590 driver loading faster as part of the kernel rather than as a module, and the kernel no longer searching for phantom SCSI devices. But Charlie Sebold told me it’s his experience that recent 2.4.x kernels boot a lot faster than earlier kernels.

It’s not perfect–I don’t have sound completely working yet–but I found some clues. I’m not overly concerned about sound support though. The system beeps at me when I have mail, and for work purposes, that’s all the sound I need. I don’t see any point in turning my PC into a multimedia tribute to Billy Joel or Star Wars or Quake III.

2 thoughts on “Why I run Debian, and some Debian tricks

  • January 13, 2002 at 9:04 am

    Three things:

    1. Debian’s tar uses "j" for bzip2. Didn’t check potato but I know that’s true for woody. Not sure why the change.

    2. Latest 2.2 kernel is 2.2.20.

    3. On a production server directly connected to the internet, some people turn off kernel module support to avoid someone getting limited root power and then loading modules that give them more. Just one more way to nail things down, I guess.

  • January 13, 2002 at 4:27 pm

    Ah, I was thinking of the 2.0 series; 2.0 is at 2.0.39 and about to go to 2.0.40. My foggy memory…

    Thanks for the corrections.

Comments are closed.

%d bloggers like this:
WordPress Appliance - Powered by TurnKey Linux