Content

Introductory

Debian 10 (Buster) was released on July 2019, 6, which again has a lot of new features for us. In this article, I will summarize in detail what these changes and innovations are, which makes our favorite operating system perform the tasks assigned to it even more efficiently.

It's been a while since the release date, so I've had the opportunity to install it on my server, which also does its job as it used to Debian 8 (Jessie) is the perfect server is.

We can consider this description as a milestone, and from now on we are actively working on Debian 10 (Buster), which includes the upcoming minimum, LAMP and building perfect servers as well.

Previously I have written about What's New in Debian 9 (Stretch) also, and you can read about this on the page you just linked to.

architectures

Officially supported Debian 10 architectures:

• 32 bit PC (i386) and 64 bit PC (amd64)
• 64 bit ARM (arm64)
• ARM EABI
• ARMv7 (EABI hard-float HELP, armhf)
• MIPS (mips (big-endian) and mipsel (little-endian))
• 64-bit little-endian MIPS (mips64el)
• 64 bit little-endian PowerPC (ppc64el)
• IBM System z (s390x)

Furthermore, the Linux SUNX thanks to the work of the community, Debian Buster provides basic support for the Allwinner A64 SoC also for hardware based on. This includes the following architectures: FriendlyARM NanoPi A64; Olimex A64-OLinuXino and TERES-A64; PINE64 PINE A64 / A64 + / A64-LTS, SOPINE, and Pinebook; SINOVOIP Banana Pi BPI-M64; and Xunlong Orange Pi Win (Plus).

The basic features of these devices (such as the serial console, Ethernet, USB ports, and basic video output) must work with the buster running in the Buster. More advanced features (such as audio or video acceleration) are planned to be included in later kernel versions, which are backports archive will be available. The related status sheet here.

More detailed information about porting can be found here.

Setup

The Debian Installer is Debian's official installation system, which still offers different installation methods depending on your hardware architecture.

The Debian installation system has undergone many improvements since the previous version of Debian 9. As a result, hardware support has improved and includes several new services and functions.

UEFI Secure Boot

First and foremost UEFI Secure Boot support, which is a feature on newer computers that protects hardware from booting with uncertified codes, thereby protecting it from various bootkitfrom loading. Debian 10 (Buster) is certified so that the system can be installed on computers that have the UEFI Secure Boot feature enabled.

The Secure Boot feature can also be enabled on systems that already have Debian installed, which already starts using UEFI. However, before you can enable this, you need to install the following packages from the Debian Buster: shim-signed, grub-efi-amd64-signed or grub-efi-ia32-signed, and a Linux kernel package.

A GRUB and some features of Linux in secure boot mode are limited to prevent their code from being modified.

Learn more about Secure Boot we can find it here.

Live installation image

LXQt desktop environment

The Debian Live team introduces LXQt live ISOs. The LXQt is a featherweight Qt-based desktop environment that doesn’t slow down the system in the slightest, and is also a classic interface with a modern look.

The LXQt desktop environment offered in the Debian Live LXQt project is clean, unmodified, and thus brings back the appropriate desktop experience that LXQt developers have created for their popular operating system.

Users get the default layout, which consists of a taskbar at the bottom of the screen that includes the main menu, task manager, app launcher, and standard stuff.

Calamares Live Installer

Debian's 10 Live installation kit also introduces the Squid , which is an independent Qt-based installation environment that allows you to install Debian on your computer more conveniently. This does not replace the usual Debian installer on Live systems, but serves as an alternative.

Calamares is an easy-to-use installation system with managed partitioning features and a really easy-to-configure full disk encryption feature. The installer does not cover all the features of the Debian Installer (although it has recently received RAID support), nor does it have an unattended installation method, but it does make it easier for 95% of desktop and laptop computer users to install Debian systems. The earlier Debian Installer will still be available on Live systems in the usual graphics and text modes.

basic System

Debian also changed a few things in the Buster release system. Let's see what these are.

Kernel

Debian 10 has migrated from the previous 4.9 kernel series to the 4.19 series. This allows the system to mount SMBv3 encrypted shares, for example. In addition, network support, I / O operations management, memory management, virtualization, and Enhanced Read-Only File System support. There are several more innovations in the 4.19 kernel, the details of which read here.

Bash

There has also been a change in the use of Bash: this release of Debian already includes version 5.0.x of Bash, which has fixed many bugs since version 4.4, and includes a number of innovations. To mention some of them: improved handling of variables, introduction of some new shell variables (eg BASH_ARGV0, EPOCHSECONDS, EPOCHREALTIME), the built-in history command also received new functions, etc. A complete list of changes in Bash can be found here.

software Packages

Csomagstatiszikák

The Debian Buster release again comes with much more software than its predecessor; the distribution includes more than 13 new packages, for a total of more than 370 packages. Most of the packages in the distribution have been updated: more than 57 pieces (this accounts for 703% of the total package set). Also, a significant amount of packages were removed from Buster for a variety of reasons (more than 35 pieces, which was 532% of the previous Stretch release). These packages will no longer receive an update, and frontend of package managers will be labeled "obsolete". For more details see Obsolete packages chapter.

Here are some examples of upgraded packages

Rust based programs

A Rust is a performance optimized programming language built on C and C ++ and designed for system programming.

Buster is the first Debian release to include Rust-based programs such as Firefox, ripgrep, fd, exa, etc., and also includes a significant number of Rust-based libraries (over 450). Buster ships version 1.34 of Rustic.

Debian Med Blend packages

With a strong emphasis on science, Debian Med has added a number of new packages and updates to life and medicine software. Debian's efforts to this end are ongoing, so these programs will continue to benefit from developer support.

Installing packages maintained by the Debian Med team requires the installation of meta packages starting with "med-", available in Buster's version 3.3.

A complete list of Debian Med projects here.

Obsolete packages

In addition to debuting many new packages, Debian Buster will extract a number of old packages from your trunk, which were available in the previous Stretch distribution. General updates are no longer provided for these packages. Obsolete packages can still be used, but security updates will be discontinued one year after the release of Debian Buster, so developers recommend that these packages be replaced with appropriate new alternatives during this time.

There may be several reasons why packages are removed from the distribution: they are no longer maintained; there is no longer a Debian developer interested in maintaining specific packages; the functionality provided by the package has been replaced by another / newer package; or due to defects in them, they are no longer considered suitable for Buster. In the latter case, the packages may still be present in the "unstable" version of Debian.

Some luggage frontend it makes it easy to find packages that are no longer available in any known repository. The aptitude for example, the text-mode package management frontend lists them in the "obsolete or locally installed" packages category, or they can be listed from the command line as follows:

aptitude search '~o'

Alternatively, you can delete these packages with the following command:

aptitude purge '~o'

However, before deleting, you need to make sure that each package is not in use, or if it is in use, that there is an alternative package instead, and so on.

Security

AppArmor

AppArmor is enabled by default in the Debian Buster. AppArmor is an access control framework that restricts program permissions (such as mount, ptrace, and signal permissions, or file read, write, and run permissions) by setting program-specific profiles.

The apparmor package stores AppArmor profiles for multiple programs. Some other programs, such as Evince, include their own AppArmor profiles for the programs they deliver. Additional profiles can be found in the apparmor-profiles-extra package.

AppArmor is being deployed because of the recommendations of the Debian Buster release kernel package. For systems that are configured to not have the recommended packages installed by default, you can manually install the apparmor package later to enable AppArmor.

file Structure

Unified / usr on recent installs

For recent installations, the contents of the / bin, / sbin, / lib, and / lib64 directories are installed in the appropriate subdirectory in the / usr directory. To maintain compatibility, instead of these directories, soft links will point to their counterpart under / usr:

/bin → /usr/bin
/sbin → /usr/sbin
/lib → /usr/lib
/lib64 → /usr/lib64

When you upgrade to a buster, these subdirectories will remain in their previous place, usrmerge package can be used to perform this conversion at any time. THE freedesktop.org project has one Wiki page, which provides a detailed explanation on this. Here you can read about itwhy anno these libraries were separated.

This change does not affect average users who only use Debian packages, but only those users who use or build third-party software.

Networking

Switch to nftables

Nftables serves as a full replacement for iptables, with much better performance, updated syntax, better support for IPv4 / IPv6 dual firewalls, full parallelization to update dynamic rule set, Netlink API for third-party applications, faster package classification for enhanced generics by inventory infrastructure and many other developments of which read here.

As of iptables version 1.8.2, the binary package includes two versions of iptables-nft and iptables-legacy, the iptables command-line interface. The nftables-based version - the nf_tables Using the Linux kernel subsystem - the default in the Buster. The old version is x_table Uses a Linux kernel subsystem. The update-alternatives allows you to select the default version of iptables to use.

The following tools and utilities are affected: 

• iptables
• iptables-save
• iptables-restore
• ip6tables
• ip6tables-save
• ip6tables-restore
• arptables
• arptables-save
• arptables-restore
• ebtables
• ebtables-save
• ebtables-restore

They all have -nft and -legacy versions. The -nft variants are good for those who can't or don't want to migrate to the nftables native command line interface. However, Debian strongly recommends that users use the nftables interface.

This change is in line with what other major Linux distributions are doing, such as RedHat, which uses nftables as the default firewall.

Debian developers note that all iptables binary files are now in / usr / sbin instead of / sbin due to the unified / usr directory structure described above. To maintain compatibility symbolic link has been put in place, which will be removed after Buster’s release cycle. Therefore, direct-bound paths in different scripts should be improved, but their use should be avoided if possible.

Manage network device names

If your Debian 10 (Buster) system is upgraded from a previous version (Stretch), it is important to read the following section!

Debian has been new since the release of 9 (Stretch) introduced a naming scheme for network interface. In Debian 9, the use of old names was still allowed if it was upgraded from the previous Debian 8. However, Debian 10 (Buster) no longer supports these old names. So if Buster is upgrading from a previous Debian 9 (Stretch) distribution, you will need to perform the upgrade before upgrading. Migrate network device names even on Debian 9 (Stretch) for a smooth transition.

If Debian 10 (Buster) is installed on your computer with a recent installation, in which case nothing needs to be done, the new network interface names will be used.

Server services

There have also been changes in the components needed to run the server in Debian 10 (Buster), so it's a good idea to say a few sentences about them, mainly because we're dealing with most of these components here.

Apache

Buster includes Apache version 2.4.38 instead of the previous version 9 in the Debian 2.4.25 (Jessie) release, so a lot of bug fixes and security fixes were made between the two versions. Among them, it is worth highlighting HTTP / 2 protocol, and the one that ensures this mod_http2 module and a mod_rewrite, mod_proxy, mpm_worker, mpm_event, mod_ssl, and a number of other module-related enhancements that have greatly contributed to a significant improvement in the overall performance of the Apache web server. Detailed version history of Apache read here.

PHP

There has also been a big change in PHP: the 7.0 version used in the previous Debian release will be replaced by 7.3 in the Buster. Since the 7.0 release, there have been plenty of improvements here as well, with a complete list can be found here.

It is also worth noting that those who need PHP versions prior to 7.3 for compatibility reasons can also install Debian 10, as you can easily install any PHP version.

phpMyAdmin

Unfortunately, there is no good news about phpMyAdmin, as no phpmyadmin package has been added to the official repository for Debian 10 (Buster). For example, an earlier one security risk is no longer included in Debian's strictly secure package system. THE GitHubon was asked also sury.org's external repository operator, Ondřej, to see if he might put it in his own repo, but he replied that he would not undertake to package PHP-based software.

Thus, for Debian 10, the source package currently available for download from the official website of phpMyAdmin must be manually installed on the server. You can read about this here.

MariaDB

The previous version of Debian had a server version of MariaDB 10.1, and the Buster had version 10.3. There have been many changes between the two versions, which are described in detail read here.

However, I would like to highlight two small things - which is why I put this section in. - Perhaps I can help those who are using the version of MariaDB in Debian 10 for the first time.

When I installed Debian 10 on my new server, then another MariaDB in the package, and started importing web site databases, I encountered two bugs that, of course, were resolved after a "little" search. I’ll share all of this here to see if others will benefit from switching to Debian 10.

1. malfunction

The first problem occurred while importing the database: One of the InnoDB-type tables on one of my pages had too many fields (mostly of the varchar type), and when the import occurred, it was aborted with the following error message:

ERROR 1118 (42000) at line 2794: Row size too large (> 8126).
Changing some columns to TEXT or BLOB may help.
In current row format, BLOB prefix of 0 bytes is stored inline.

After a little searching, I came across that this is some database engine error, of what they write about. Of course, this is a MySQL bug tracking page, but it exists for both database engines. Several solutions are written here.

In the end, the solution for me was to convert this large (multi-field) table to MyISAM, which I had already imported without any problems. But if you don't want to convert the table to MyISAM, you can also add the following session variable setting to the beginning of the file you want to import:

set innodb_strict_mode = OFF;

It can even be inserted from a script with a sed command before the SQL content, so if you need to import it multiple times, it is more convenient to use. It could be configured globally in the MariaDB configuration, but it is not recommended because this option can override other switches in other databases that would otherwise need to occur normally. That's why I chose to convert to MyISAM instead.

2. malfunction

When starting pages after database import, the following (runtime) errors occurred in several places:

INSERT INTO ...   MSG: Field 'xxx' doesn't have a default value

This error is due to the fact that we did not specify a default value for the fields in the tables, and from MariaDB version 10.2 this is already considered an error. There are two solutions to this:

1. solution

Alternatively, we solicit all fields in all tables on all pages and set default values ​​where needed. But obviously we don't want this, so 2 might come. solution...

2. solution

In the MariaDB configuration file we set the appropriate sql mode:

nano /etc/mysql/mariadb.conf.d/50-server.cnf

And after marking the [mysqld] section, we insert the following line:

sql_mode                = NO_ENGINE_SUBSTITUTION

We save and restart the database server:

systemctl restart mysqld

And then he won't throw those mistakes.

Source: slickdev.com

More about SQL mode options read here.

Other operational changes

How the su command works

A su command in Buster is the util-linux source package provided by the former shadow instead of the source package. The command no longer changes the PATH environment variable. As a result, after running su, $ PATH will not contain directories such as / sbin. Therefore, many administrator commands will not work. There are several ways to fix this:

• When using the su command, use the "-" option: "su -". The switch causes su to launch a login shell, which configures the appropriate paths and all the required environment variables, including the current working directory.
• Set "ALWAYS_SET_PATH yes" to /etc/login.defs file if you want to get su like the old version when using su.
• Place the system administration directories (/ sbin, / usr / sbin, / usr / local / sbin) in the PATH of our regular user account.
• Or use su instead of su sudo command. Sudo continues to run commands with the properly configured PATH variable.
  • If you want to get a traditional root shell with the proper PATH option, use sudo -s command.
  • If you want to get a login shell equivalent to "su -" as root, use sudo -i command.

Asztalkörnyezetek

Again, Debian Buster delivers many desktop environments and desktop applications. These include:

• Cinnamon 3.8
• GNOME 3.30
• KDE Plasma 5.14
• LXDE 0.99.2
• LXQt 0.14
• MATE 1.20
• Xfce 4.12

Using the Wayland viewer in Gnome

By default, Gnome in Debian Buster uses the Wayland display server instead of Xorg. The Wayland has a simpler, more modern design and offers additional safety benefits.

The Xorg rendering server is still installed in Debian Buster, and the default renderer allows you to select the previous publisher for the next session, as it may be necessary for some graphics applications, that don't work in Gnome with Wayland.

Those who want to use the accessibility features of the display server (e.g., global keyboard shortcuts) are still advised to use the Xorg display instead of Wayland.

Conclusion

Debian has undergone significant development again, making it even better, faster and nicer. :)

I had planned this description much earlier, but in the meantime I had the opportunity to switch to another server, on which I could install Debian 10 (Buster) and, of course, the accessories for the perfect server. Therefore, I scheduled the writing of the article after the full move so that I could weave my own experiences into the drier theoretical information available.

This new server is also a Tárhely.eu I rent from where I can keep my server secure thanks to a reliable, stable background and prepared, helpful customer service.