Table of Contents

Determine Fastest Mirror

netselect-apt can do this:

netselect-apt -n -s

will benchmark Debian mirrors and generate sources.list containing the fastest stable mirror, including non-free packages and source packages. This file can then overwrite /etc/apt/sources.list to become the default source for Debian packages.

Extract Package

First use ar:

ar vx *.deb

which will generate the following files:

x - debian-binary
x - control.tar.gz
x - data.tar.lzma

lzma may be gz, in which case, use tar -xpvf data.tar.gz to proceed further. Otherwise, in case it is compressed using lzma:

tar --lzma -xpvf file.tar.lama

Hold Package

Useful, for example, while manually recompiling a source package:

aptitude [hold|unhold] package

in order to avoid it being overwritten by a binary package.

Recompile Kernel

In order to do this the Debian way, download the source and configure the kernel. The current kernel source for the installed Debian distribution can be fetched with:

aptitude install linux-source kernel-package

along with kernel-package which gives us the tools to compile the kernel.

which will download the current kernel source and place it in /usr/src/linux-source-*.tar.bz2 depending on the version of the kernel. The next step is to unarchive the source:

cd /usr/src/
tar -jxpvf linux-source-*.tar.bz2

To configure the kernel for compilation, first copy the current kernel configuration from /boot/config-* depending on the version of the kernel to /usr/src/linux-source-*. This will give you the basis from which to start:

cp /boot/config-* /usr/src/linux-source-*/.config

then we change the directory to /usr/src/linux-source-* and use make menuconfig:

cd /usr/src/linux-source-*
make menuconfig

After configuring, we issue:

make-kpkg --initrd kernel_image

which places the deb files in the immediately superior directory. To install the image, issue:

cd ..
dpkg -i linux-image-2.6.32.Custom_amd64.deb

depending what version of the kernel has been compiled.

Determine What Package a File Belongs To

For example, to determine what Debian package /etc/samba/smb.conf belongs to, issue:

dpkg -S /etc/samba/smb.conf

CPAN Modules as Debian Packages

First install dh-make-perl and update apt-file:

aptitude install dh-make-perl
apt-file update

Then install packages with:

dh-make-perl --build --cpan Desired::CPAN::Module

Repair Filesystem on Boot

Filesystem repairs on boot can hang the machine if the filesystem was not cleanly unmounted. By editing /etc/default/rcS and setting:

# automatically repair filesystems with inconsistencies during boot
FSCKFIX=yes

will allow the server to automatically repair the filesystem on boot.

Install Packages from Different Debian Release

In order to install packages from other releases, first add the repository to /etc/apt/sources:

deb http://ftp.ua.debian.org/debian/debian/ squeeze main
deb-src http://ftp.ua.debian.org/debian/ squeeze main

Then edit /etc/apt/apt.conf and set the default release to stable:

APT::Default-release "stable";

Now, to install the package libace-dev from squeeze, the syntax is:

aptitude install libace-dev/squeeze

Install From Backports

Backports are useful when you want a new package from the unstable branch. A good use for them is for example a newer kernel that supports features you may need. The procedure consists in:

deb http://MIRROR.debian.org/debian wheezy-backports main
aptitude -t wheezy-backports install linux-image-amd64

Boot ISO with Grub

grub can boot an ISO file using the grml-rescueboot package. First install the grml-rescueboot package:

aptitude install grml-rescueboot

and then place the ISO file in /boot/grml/:

cp rescue.iso /boot/grml

Finally update grub using the update-grub command:

update-grub

Once the system restarts you will have a new option to boot from the ISO file.

Install Extra Netfilter Modules

aptitude install module-assistant xtables-addons-source
module-assistant prepare
module-assistant auto-install xtables-addons-source
depmod -a

Change the Time Zone

To change the time-zone, the Debian way, issue:

dpkg-reconfigure tzdata

List All Packages Not Installed Automatically

The following command will list all packages that were not installed automatically (for example, as a dependency of some other package):

aptitude search ~i | grep -v "i A" | cut -d " " -f 4

Enable Periodic TRIM for SSDs

As root, execute:

cp /usr/share/doc/util-linux/examples/fstrim.{service,timer} /etc/systemd/system
systemctl enable fstrim.timer

which will schedule a TRIM operation on all SSDs every week.

Enable IPX Networking

To enable IPX networking in Debian you should first follow the tutorial on installing unstable packages because the ipx package providing the ipx_interface command is (at the time of writing) available in the oldstable branch of Debian.

Next, to set-up the network, edit the configuration file /etc/network/interfaces. In that file you will find your LAN interface (either a bridge or an ethernet device), or the interface you want to enable IPX on. For example:

# The primary network interface
auto br0
iface br0 inet static
        bridge_ports eth0
        bridge_stp off
        bridge_maxwait 0
        bridge_fd 0
        address 192.168.1.1
        broadcast 192.168.1.255
        netmask 255.255.255.0

After that you can add the IPX network:

iface br0 ipx static
        frame 802.2
        netnum AABBCCDD

where AABBCCDD is the IPX network number represented in hex (excluding 00000000 and FFFFFFFF which are reserved).

An interesting idea would be to set the network number by transforming the TCP/IP address into hexadecimal, for example for 192.168.1.1 we would replace AABBCCDD with C0A80101.

Enable Debian HTTPs Support for Repositories

In case you are trying to install packages from HTTPs repositories, you may encounter the error message:

E: The method driver /usr/lib/apt/methods/https could not be found.

In order to resolve the issues, the following packages can be installed:

aptitude install apt-transport-https ca-certificates

such that Debian will accept package repositories that have to be fetched through HTTPs.

Add Modules to InitD

To add modules to be loaded by initd, install initramfs-tools:

aptitude install initramfs-tools

and then edit /etc/initramfs-tools/modules and add the module name to the list.

Finally, issue:

update-initramfs -k all -u

to update the initrd image.

Regenerate Snakeoil Certificates

On Debian, the default snakeoil certificates at /etc/ssl/certs/ssl-cert-snakeoil* can be regenerated with the command:

make-ssl-cert generate-default-snakeoil --force-overwrite

Ignoring Missing Library Information when Compiling Packages

When compiling packages on Debian that use libraries that are not managed by the Debian package system the following error may appear at the end of the build process: dpkg-shlibdeps: error: no dependency information found followed by the library you are compiling against.

In order to ignore missing library information, add the following snippet:

override_dh_shlibdeps:
    dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info

to rules/debian.

Note that the spaces before dh_shlibdeps is actually a tab!

Additionally, you can issue:

export DEB_DH_SHLIBDEPS_ARGS_ALL=--dpkg-shlibdeps-params=--ignore-missing-info

before compiling.

Required Packages for Intel Compiler

If you want to install the Intel Compiler (icc) on Debian, the 32-bit version libraries are required. To install them, issue:

dpkg --add-architecture i386
aptitude update
aptitude install gcc-multilib libstdc++6:i386 libgcc1:i386

Reload LUKS Encrypted Drives Without Restarting

After editing /etc/crypttab, issue:

systemctl daemon-reload
systemctl restart cryptsetup.target

followed by:

mount -a

to remount all encrypted drives.

Generate MD5 Sums for Package

The following line, when executed inside a package directory tree, will generate the DEBIAN/md5sums file.

md5sum $(find * -type f -not -path 'DEBIAN/*') >DEBIAN/md5sums

Reinstall Package and All Dependencies

The following command will reinstall a package along with all its dependencies and additionally create any new configuration files:

apt-cache depends PACKAGE | grep '[ |]Depends: [^<]' | cut -d: -f2 | tr -d ' ' | xargs apt install --reinstall  -o Dpkg::Options::="--force-confask,confnew,confmiss" -y

where:

Execute Java Program under Different JDK Version

Execute the command:

update-java-alternatives -l

to list the available JDKs.

Issue:

update-java-alternatives -s java-1.8.0-openjdk-amd64

where:

to set the java JDK version to be used.

Recompile Debian Kernel

Summarizing, either use apt to fetch the source code, ie:

apt-get source linux-image-4.19.0-8-amd64

or download the kernel source code manually from http://kernel.org.

Since Debian does not define the kernel compilation parameter to include the current kernel configuration in memory under /proc/config.gz but stores the configuration under /boot, the configuration can be copied into the current kernel source directory:

cp /boot/config-4.19.0-8-amd64 .config

In case a different kernel version is to be compiled compared to the current kernel configuration, the following command:

make olddefconfig

should accept the default for the current kernel version.

If compiling under Debian, the current configuration .config has to be edited and CONFIG_SYSTEM_TRUSTED_KEYS set to the empty string:

CONFIG_SYSTEM_TRUSTED_KEYS=""

in order to avoid a compilation error:

No rule to make target 'debian/certs/debian-uefi-certs.pem', needed by 'certs/x509_certificate_list'.  Stop.

Additionally, since Debian builds the debug packages of the kernel by default which takes a long while and uses up a lot of disk resources, the kernel configuration in .config can be edit and the parameter CONFIG_DEBUG_INFO adjusted to n to skip building the debug packages:

CONFIG_DEBUG_INFO=n

The usual pair of commands, either nconfig:

make nconfig

or makeconfig can be issued in order to make any changes to the copied configuration:

make menuconfig

Finally, issue:

make deb-pkg LOCALVERSION=-custom

where:

Persisting Network Hardware Settings

When installing ethtool on Debian, a script is placed at /etc/network/if-up.d/ethtool that, once an interface is brought up, runs through all the settings for all interfaces and makes changes to the hardware driver via ethtool.

The proper way to persist settings in Debian, for instance, to enable checksum offloading, is to make the settings in the interfaces file but without using an up or post-up script.

For instance, the following settings will bring up the interface eth0 via DHCP and then enable TSO on the interface:

auto eth0
iface eth0 inet dhcp
    offload-tx on
    offload-sg on
    offload-tso on

Disable nftables and Continue Using Legacy iptables

update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy

Fix Issues on Release Change

When a repository changes its release data the following error should appear when updating packages:

This must be accepted explicitly before updates for this repository can be applied. See apt-secure(8) manpage for details

the solution is to run apt as:

apt-get update --allow-releaseinfo-change

with the extra –allow-releaseinfo-change.

Ensuring HostAPd is Started Only After the Bridge Interface

On Debian, bridging the wireless interface to a bridge involves using hostapd and configuring hostapd to bridge the wireless interface to a bridge. Unfortunately, given a complicated setup, it might happen that hostapd is started too soon, especially if the machine already has a configured bridge, such that the hostapd service file has to be changed in order to wait for both interfaces.

In order to do this, copy /usr/lib/systemd/system/hostapd.serivce to /etc/systemd/system/ and then edit the file to make systemd wait for the bridge and wireless interface before running hte service file.

Assuming br0 is the bridge interface and wlan0 is the wireless interface, the hostapd service file at /etc/systemd/system/hostapd.conf is modified to match the following:

[Unit]
Description=Access point and authentication server for Wi-Fi and Ethernet
Documentation=man:hostapd(8)
BindsTo=sys-devices-virtual-net-br0.device
After=sys-devices-virtual-net-br0.device sys-subsystem-net-devices-wlan0.device
ConditionFileNotEmpty=/etc/hostapd/hostapd.conf

[Service]
Type=forking
PIDFile=/run/hostapd.pid
Restart=on-failure
RestartSec=2
Environment=DAEMON_CONF=/etc/hostapd/hostapd.conf
EnvironmentFile=-/etc/default/hostapd
ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid $DAEMON_OPTS ${DAEMON_CONF}

[Install]
WantedBy=multi-user.target

Enabling Wireless Network Roaming using ifupdown and wpasupplicant Roaming

Wireless network roaming is a mechanism through which wireless clients (computers, laptops, etc.) change their network depending on the wireless networks that are currently available. Roaming can be accomplished easily on Linux using ifupdown and plain wpasupplicant by first configuring the wireless interface and then adding networks to the wpa supplicant configuration.

For example, here are the contents of the file /etc/network/interfaces.d/wlan0 that set up the wlan0 interface using wpa_supplicant:

auto wlan0
allow-hotplug wlan0
iface wlan0 inet manual
        wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

iface default inet dhcp

The file defines the network interface wlan0 and points the interface to the WPA supplicant configuration file /etc/wpa_supplicant/wpa_supplicant.conf using the wpa-roam configuration key.

The line iface default inet dhcp defines a catch-all network default telling ifupdown to use DHCP for any network that is not well-defined within the wpa_supplicant configuration file at /etc/wpa_supplicant/wpa_supplicant.conf.

The next part is to set up wpa_supplicant by editing the file /etc/wpa_supplicant/wpa_supplicant.conf and adding networks. Here is a sample configuration file:

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=IS

network={
        ssid="a"
        #psk="password"
        psk=
        priority=1
        id_str="wifi_a"
}

network={
        ssid="b"
        #psk="password"
        psk=...
        priority=2
        id_str="wifi_b"
}

network={
        ssid="c"
        #psk="password"
        psk=...
        priority=3
        id_str="wifi_c"
}

that defines three Wifi networks with SSIDs, a, b and c (with the credentials trimmed out for brevity). The network block can also be generated automatically using wpa_passphrase and appended to the /etc/wpa_supplicant/wpa_supplicant.conf file.

Note that the markers wifi_a, wifi_b and wifi_c corresponding to the configuration key str_id are identifiers that can be used to refer to the network within the ifupdown configuration file. For example, suppose that the Wifi network wifi_c with the SSID c needs to be configured manually using an IP address and netmask. Returning to the /etc/network/interfaces.d/wlan0 ifupdown scripts, the configuration will then change to match the following:

auto wlan0
allow-hotplug wlan0
iface wlan0 inet manual
        wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf

iface default inet dhcp

iface wifi_c inet manual
    address 192.168.0.1
    netmask 255.255.255.0

where wifi_c corresponds to the Wifi network with SSID c within the wpa_supplicant configuration file /etc/wpa_supplicant/wpa_supplicant.conf.

mod_qos & Others Undefined Symbol

As rare as it may be, sometimes Debian packages are broken and the built binaries reference libraries that are not available on the current system. As an example, here is the libapache2-mod-qos-11.64 on Debian stable "Bookworm" not working due to referencing an older PCRE library:

mod_qos.so: undefined symbol: pcre_free

One solution is to attempt and upgrade the package to "testing" or "unstable" by using apt-cache policy PACKAGE where PACKAGE is the name of the package, followed by apt-get install PACKAGE=VERSION where the additional VERSION is the version of the package to upgrade to, but that might not work out so well due to the new package requiring additional dependencies to be installed that might end up in dependency hell.

A better solution is to just recompile the package, the Debian-compliant way, and install it temporarily till the usual Debian update pipeline updates it to a fixed package. The package should be the newer package that has been fixed in the "unstable" or "testing" branches and the recompiling will just take care to use the existing libraries such that the Debian release does not have to be bumped.

Get Debian Version

The following release should display the current Debian version:

lsb_release -a 

Quick Way to Install All Packages from One Machine Onto the Other

Using some command-line tools while logged in on MACHINE_A, issue the command:

dpkg --get-selections | grep 'install' | awk '{ print $1 }' | xargs ssh root@MACHINE_B apt-get -y install

that will get all the installed packages from MACHINE_A, then SSH into MACHINE_B and install all packages from MACHINE_A.

The transfer is sometimes useful in situations where the same set of packages have to be used across a cluster of nodes, or some uniformity is desired across several machines, such as within a docker swarm.

Retrieve an Original File from the Debian Repository

The following command will create a command-line alias named dist-file that takes as parameter the path to a file on the local filesystem, retrieves the original version of that file from the Debian repository and displays it.

dist-file() { dpkg -S /etc/apache2/ports.conf | awk -F':' '{ print $1 }' | xargs -I{} apt-get install --reinstall --print-uris -qq {} | grep -Po "'(.+?)'" | xargs -I{} curl -s '{}' -o - | dpkg-deb --fsys-tarfile - | tar -xO ".""$1"; }

In order to use the alias, just copy-paste the above line into a terminal and press return. If successful, the command will produce no output.

The alias is pretty useful for system administrators that have changed service configuration files and would like to retrieve the original file in order to compare with the local file. The alias can of course be piped into diff in order to see the actual changes.

For example, the following command will display that changes between the original package file at /etc/apache2/apache2.conf and the current file at /etc/apache2/apache2.conf in Bakus-Naur form:

dist-file /etc/apache2/apache2.conf | diff -Naur - /etc/apache2/apache2.conf

and it thus shows any local changes that have been made to the main Apache2 configuration file.

The version above picks the currently available Debian package according to distribution settings (oldstable, stable, unstable, experimental, etc.) but to be correct, the file to retrieve should correspond to the actual version of the package that is installed, not just the first available one. For that, the following alias should be able to retrieve the file corresponding to the currently installed package version:

dist-file-exact() { dpkg -S $1 | awk -F':' '{ print $1 }' | while read -a PACKAGE; do apt-get install --reinstall --print-uris -qq "${PACKAGE[0]}="$(dpkg-query -f '${Version}' -W "${PACKAGE[0]}"); done | grep -Po "'(.+?)'"  | head -1  | xargs -I{} curl -s '{}' -o - | dpkg-deb --fsys-tarfile - | tar -xO ".""$1"; }

However, be aware that the dist-file-exact alias will error in case the file is within a package version that is not available for download anymore via the currently configured apt sources (this means that the distribution should be upgraded).