Debian Archive

An overview of Secure Boot in Debian

This blog post isn’t meant to be a definitive guide about Secure Boot in Debian. The idea is to give some context about the boot sequence on the PC architecture, about the Secure Boot technology, and about some implementation details in Debian. Exactly what it says on the tin – a detailed article about how Debian handles Secure Boot.

Leaderless Debian

One of the traditional rites of the (northern hemisphere) spring is the election for the Debian project leader. Over a six-week period, interested candidates put their names forward, describe their vision for the project as a whole, answer questions from Debian developers, then wait and watch while the votes come in. But what would happen if Debian were to hold an election and no candidates stepped forward? The Debian project has just found itself in that situation and is trying to figure out what will happen next. Fascinating article about the minutiae of Debian governance.

Limiting the power of package installation in Debian

There is always at least a small risk when installing a package for a distribution. By its very nature, package installation is an invasive process; some packages require the ability to make radical changes to the system - changes that users surely would not want other packages to take advantage of. Packages that are made available by distributions are vetted for problems of this sort, though, of course, mistakes can be made. Third-party packages are an even bigger potential problem because they lack this vetting, as was discussed in early October on the debian-devel mailing list. Solutions in this area are not particularly easy, however.

Debian 9.5 “released”

The Debian project is pleased to announce the fifth update of its stable distribution Debian 9 (codename stretch). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.

Please note that the point release does not constitute a new version of Debian 9 but only updates some of the packages included. There is no need to throw away old stretch media. After installation, packages can be upgraded to the current versions using an up-to-date Debian mirror.

I'm not a fan of publishing items for every single distribution release - other sites do that way better than I ever could - but there are a few distributions I do try to keep up with, and considering just how fundamental Debian is to many popular Linux distributions, it's always been an exception.

Debian 9.1 released

The Debian project is pleased to announce the first update of its stable distribution Debian 9 (codename stretch). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available.

This isn't actually a new version or anything like that; a Debian point release just means a number of packages have been updated.

You can now try merged /usr in Debian

From the debian-devel mailing list:

debootstrap in unstable can now install with merged-/usr, that is with /bin, /sbin, /lib* being symlinks to their counterpart in /usr.

LWN.net published an article in January 2016 going into this then-proposed change.

Debian is the latest Linux distribution to consider moving away from the use of separate /bin, /sbin, and /lib directories for certain binaries. The original impetus for requiring these directories was due to space limitations in the first Unix implementations, developers favoring the change point out. But today, many of the services on a modern Linux system impose requirements of their own on the partition scheme - requirements that make life far simpler if /bin, /sbin, and /lib can be symbolic links to subdirectories within a unified /usr directory. Although some resistance was raised to the change, the project now seems to be on track to make "merged /usr" installations a supported option. And perhaps more importantly, the arguments favoring the merge suggest that many Debian developers would like to see that configuration eventually become the default.

Any steps to clean up Linux' FHS implementation - no matter how small - is cause for widespread celebration all across the land. Call it forth!

Tails installer is now in Debian

Tails (The amnesic incognito live system) is a live OS based on Debian GNU/Linux which aims at preserving the user's privacy and anonymity by using the Internet anonymously and circumventing censorship. Installed on a USB device, it is configured to leave no trace on the computer you are using unless asked explicitly.

As of today, the people the most needy for digital security are not computer experts. Being able to get started easily with a new tool is critical to its adoption, and even more in high-risk and stressful environments. That's why we wanted to make it faster, simpler, and more secure to install Tails for new users.

One of the components of Tails, the Tails Installer is now in Debian thanks to the Debian Privacy Tools Maintainers Team.

On a related note, Tails 2.0.1 was released a few days ago as well.

Debian 8.3 released

The Debian project is pleased to announce the third update of its stable distribution Debian 8 (codename jessie). This update mainly adds corrections for security problems to the stable release, along with a few adjustments for serious problems. Security advisories were published separately and are referenced where applicable.

Debian mourns the passing of Ian Murdock

With a heavy heart Debian mourns the passing of Ian Murdock, stalwart proponent of Free Open Source Software, Father, Son, and the 'ian' in Debian.

Ian started the Debian project in August of 1993, releasing the first versions of Debian later that same year. Debian would go on to become the world's Universal Operating System, running on everything from embedded devices to the space station.

Ian's sharp focus was on creating a Distribution and community culture that did the right thing, be it ethically, or technically. Releases went out when they were ready, and the project's staunch stance on Software Freedom are the gold standards in the Free and Open Source world.

Debian - or anything Debian-based - is my distribution of choice, and there's no denying just how much Debian has contributed to the Linux world.

My thoughts are with his family and friends.

Debian dropping the Linux Standard Base

The Linux Standard Base (LSB) is a specification that purports to define the services and application-level ABIs that a Linux distribution will provide for use by third-party programs. But some in the Debian project are questioning the value of maintaining LSB compliance - it has become, they say, a considerable amount of work for little measurable benefit.

It's too much work for little benefit, and nobody wants to do it, so what's the point - just drop it. At least, that seems to be the reasoning.

But Debian's not throwing all of the LSB overboard: we're still firmly standing behind the FHS (version 2.3 through Debian Policy; although 3.0 was released in August this year) and our SysV init scripts mostly conform to LSB VIII.22.{2-8}. But don't get me wrong, this src:lsb upload is an explicit move away from the LSB.

That's too bad - the FHS is an abomination, a useless, needlesly complex relic from a time we were still using punch cards, and it has no place in any modern computing platform. All operating systems have absolutely horrible and disastrous directory layouts, but the FHS is one of the absolute worst in history.

Debian 8 Jessie released

After almost 24 months of constant development the Debian project is proud to present its new stable version 8 (code name Jessie), which will be supported for the next 5 years thanks to the combined work of the Debian Security team and of the Debian Long Term Support team.

Jessie ships with a new default init system, systemd. The systemd suite provides many exciting features such as faster boot times, cgroups for services, and the possibility of isolating part of the services. The sysvinit init system is still available in Jessie.

Screenshots and a screencast are available.

Debian fork promises no systemd, asks for donations

The Debian fork website, put together by the Veteran Unix Admins (VUA) group, has annouced the VUA has decided to fork the popular Debian GNU/Linux distribution. The VUA is critical of Debian's decision to adopt systemd as the distribution's default init software and to allow software packaged for Debian to depend directly on systemd. The VUA plans to create a fork of Debian using SysV Init as the default init software and is asking for donations to support the endevor.

The default init system in the next Debian v8 "Jessie" release will be systemd, bringing along a deep web of dependencies. We need to individuate those dependencies, clean them from all packages affected and provide an alternative repository where to get them. The stability of our fork is the main priority in this phase.

There has been a lot of debate over systemd in the Debian community in the past few months and it will be interesting to see if this non-systemd fork of Debian gains support.

Results of Debian’s Init general resolution vote posted

Starting on November 5th the Debian developers went to the polls to vote on a general resolution which would determine how init software and dependencies are handled in the venerable open source distribution. The result of the resolution will determine whether software packaged for Debian can depend on a specific implementation of init software. The init process is the first to start on Linux and UNIX operating systems and is responsible for bringing the operating system up and managing services.

The general resolution stirred up quite a bit of controversy with some developers wishing to keep software uncoupled from any specific init implementation. Others felt packages and upstream developers should be able to depend on a specific init package for the sake of simplicity or convenience. In the end, the votes were counted and it was decided no resolution would be passed addressing coupling software to init. This means, essentially, it will be up to individual packagers and upstream developers to decide whether to depend on one specific init implementation.

Debian 8.0 “Jessie” enters feature freeze

Debian is one of the largest and longest lived GNU/Linux distributions. The project forms the foundation of many other popular Linux-based operating systems, including Ubuntu, Linux Mint, and Raspbian. The Debian project announced this week that the distribution's Testing repository, called "Jessie", has entered a feature freeze. This means Debian's Jessie branch will not receive any new features nor any significant software upgrades. From now until Debian's upcoming stable release is launched, the Jessie repository will accept only important bug fixes and updated translations. Based on the time-line presented by Debian's freeze policy it seems as though Debian 8.0 will be released in late February.

Debian switches back to Gnome as default desktop environment

Debian switched to Xfce as the default desktop environment back in November 2013. But that didn't last long because a few days ago, Debian restored GNOME as the default desktop, based on preliminary results from the Debian Desktop Requalification for Jessie.

According to Joey Hess, the Debian developer who performed this change, the main reasons for Debian switching back to GNOME as the default desktop are related to accessibility and systemd integration.

Debian GNU/Hurd 2013 released

"It is with huge pleasure that the Debian GNU/Hurd team announces the release of Debian GNU/Hurd 2013. This is a snapshot of Debian 'sid' at the time of the Debian 'wheezy' release (May 2013), so it is mostly based on the same sources. It is not an official Debian release, but it is an official Debian GNU/Hurd port release." Important note: 75% of Debian packages are supported bu Debian GNU/Hurd. Impressive.

Debian 7.0 released

That rare event where tried and true Debian releases a new version. "This new version of Debian includes various interesting features such as multiarch support, several specific tools to deploy private clouds, an improved installer, and a complete set of multimedia codecs and front-ends which remove the need for third-party repositories. Multiarch support, one of the main release goals for 'Wheezy', will allow Debian users to install packages from multiple architectures on the same machine. This means that you can now, for the first time, install both 32- and 64-bit software on the same machine and have all the relevant dependencies correctly resolved, automatically."