--- manuals/trunk/quick-reference/debian-reference.raw.xml 2010/06/13 05:14:26 7396 +++ manuals/trunk/quick-reference/debian-reference.raw.xml 2010/09/08 14:31:00 7557 @@ -399,10 +399,10 @@
Additional package suggestions for the newbie - Although even the minimal installation of the Debian system without any desktop environment tasks provides the basic Unix functionality, it is a good idea to install few additional commandline and curses based character terminal packages such as mc and vim with aptitude(8) for beginners to get started by the following. - # aptitude update + Although even the minimal installation of the Debian system without any desktop environment tasks provides the basic Unix functionality, it is a good idea to install few additional commandline and curses based character terminal packages such as mc and vim with apt-get(8) for beginners to get started by the following. + # apt-get update ... -# aptitude install mc vim sudo +# apt-get install mc vim sudo ... If you already had these packages installed, no new packages are installed. @@ -713,7 +713,7 @@
You can install some of these packages by the following. - # aptitude install package_name + # apt-get install package_name
An extra user account @@ -1731,7 +1731,7 @@ Midnight Commander (MC) Midnight Commander (MC) is a GNU "Swiss army knife" for the Linux console and other terminal environments. This gives newbie a menu driven console experience which is much easier to learn than standard Unix commands. You may need to install the Midnight Commander package which is titled "mc" by the following. - $ sudo aptitude install mc + $ sudo apt-get install mc Use the mc(1) command to explore the Debian system. This is the best way to learn. Please explore few interesting locations just using the cursor keys and Enter key. @@ -2976,7 +2976,7 @@ For cd command, see builtins(7). - The default pager of the bare bone Debian system is more(1) which cannot scroll back. By installing the less package using command line "aptitude install less", less(1) becomes default pager and you can scroll back with cursor keys. + The default pager of the bare bone Debian system is more(1) which cannot scroll back. By installing the less package using command line "apt-get install less", less(1) becomes default pager and you can scroll back with cursor keys. The "[" and "]" in the regular expression of the "ps aux | grep -e "[e]xim4*"" command above enable grep to avoid matching itself. The "4*" in the regular expression means 0 or more repeats of character "4" thus enables grep to match both "exim" and "exim4". Although "*" is used in the shell filename glob and the regular expression, their meanings are different. Learn the regular expression from grep(1). @@ -4429,11 +4429,25 @@ Debian is a volunteer organization which builds consistent distributions of pre-compiled binary packages of free software and distributes them from its archive. The Debian archive is offered by many remote mirror sites for access through HTTP and FTP methods. It is also available as CD-ROM/DVD. The Debian package management system, when used properly, offers the user to install consistent sets of binary packages to the system from the archive. Currently, there are @-@all-packages@-@ packages available for the @-@arch@-@ architecture. - The Debian package management system has a rich history and many choices for the front end user program and back end archive access method to be used. Currently, we recommend aptitude(8) as the main front end program for the Debian package management activity. + The Debian package management system has a rich history and many choices for the front end user program and back end archive access method to be used. Currently, we recommend the following. + + + apt-get(8) for all commandline operations, including package installation and removal, and dist-upgrades. + + + + aptitude(8) for an interactive text interface to manage the installed packages and to search the available packages. + + + + update-manager(8) for keeping your system up-to-date if you're running the default GNOME desktop. + + + List of Debian package management tools - + @@ -4456,6 +4470,20 @@ + apt + + + @-@popcon1@-@ + + + @-@psize1@-@ + + + Advanced Packaging Tool (APT), front-end for dpkg providing "http", "ftp", and "file" archive access methods (apt-get/apt-cache commands included) + + + + aptitude @@ -4465,12 +4493,12 @@ @-@psize1@-@ - terminal-based package manager (current standard, front-end for apt) + interactive terminal-based package manager with aptitude(8) - apt + update-manager-gnome @-@popcon1@-@ @@ -4479,7 +4507,7 @@ @-@psize1@-@ - Advanced Packaging Tool (APT), front-end for dpkg providing "http", "ftp", and "file" archive access methods (apt-get/apt-cache commands included) + GNOME application that manages software updates with update-manager(8) @@ -4625,9 +4653,6 @@
- - The annoying bug #411123 for the mixed use of aptitude(8) and apt-get(8) commands has been resolved. If this kept you from using aptitude, please reconsider. -
Debian package management prerequisites
@@ -4820,7 +4845,7 @@ -The 3rd and following arguments are the list of valid archive component names of the Debian archive. +The 3rd and following arguments are the list of valid archive area names of the Debian archive. @@ -4832,7 +4857,7 @@ List of Debian archive sites - + @@ -4947,20 +4972,20 @@ - http://backports.org/debian/ + http://backports.debian.org/debian-backports/ @-@codename-stable@-@-backports - newer backported packages for @-@codename-stable@-@ (non-official, optional) + newer backported packages for @-@codename-stable@-@ (official, optional)
- Only pure stable release with security updates provides the best stability. Running mostly stable release mixed with some packages from testing or unstable release is riskier than running pure unstable release for library version mismatch etc. If you really need the latest version of some programs under stable release, please use packages from the debian-volatile project and backports.org (see ) services. These services must be used with extra care. + Only pure stable release with security updates provides the best stability. Running mostly stable release mixed with some packages from testing or unstable release is riskier than running pure unstable release for library version mismatch etc. If you really need the latest version of some programs under stable release, please use packages from the debian-volatile project and http://backports.debian.org (see ) services. These services must be used with extra care. You should basically list only one of stable, testing, or unstable suites in the "deb" line. If you list any combination of stable, testing, and unstable suites in the "deb" line, APT programs slow down while only the latest archive is effective. Multiple listing makes sense for these when the "/etc/apt/preferences" file is used with clear objectives (see ). @@ -4971,9 +4996,8 @@ The security bugs for the stable archive are fixed by the Debian security team. This activity has been quite rigorous and reliable. Those for the testing archive may be fixed by the Debian testing security team. For several reasons, this activity is not as rigorous as that for stable and you may need to wait for the migration of fixed unstable packages. Those for the unstable archive are fixed by the individual maintainer. Actively maintained unstable packages are usually in a fairly good shape by leveraging latest upstream security fixes. See Debian security FAQ for how Debian handles security bugs. - Each Debian archive consists of 3 components. Components are alternatively called categories in "Debian Policy" or areas in "Debian Social Contract". The component is grouped by the compliance to "The Debian Free Software Guidelines" (DFSG). - List of Debian archive components + List of Debian archive area @@ -4981,13 +5005,13 @@ - component + area number of packages - criteria of package + criteria of package component @@ -5028,7 +5052,7 @@
- Here the number of packages in the above is for the @-@arch@-@ architecture. Strictly speaking, only the main component archive shall be considered as the Debian system. + Here the number of packages in the above is for the @-@arch@-@ architecture. Strictly speaking, only the main area archive shall be considered as the Debian system. The Debian archive organization can be studied best by pointing your browser to the each archive URL appended with dists or pool. The distribution is referred by two ways, the suite or codename. The word distribution is alternatively used as the synonym to the suite in many documentations. The relationship between the suite and the codename can be summarized as the following. @@ -5087,7 +5111,7 @@
The history of codenames are described in Debian FAQ: 6.3.1 Which other codenames have been used in the past? - In the stricter Debian archive terminology, the word "section" is specifically used for the categorization of packages by the application area. (Although, the word "main section" may sometimes be used to describe the Debian archive section which provides the main component.) + In the stricter Debian archive terminology, the word "section" is specifically used for the categorization of packages by the application area. (Although, the word "main section" may sometimes be used to describe the Debian archive area named as "main".) Every time a new upload is done by the Debian developer (DD) to the unstable archive (via incoming processing), DD is required to ensure uploaded packages to be compatible with the latest set of packages in the latest unstable archive. If DD breaks this compatibility intentionally for important library upgrade etc, there is usually announcement to the debian-devel mailing list etc. Before a set of packages are moved by the Debian archive maintenance script from the unstable archive to the testing archive, the archive maintenance script not only checks the maturity (about 10 days old) and the status of the RC bug reports for the packages but also tries to ensure them to be compatible with the latest set of packages in the testing archive. This process makes the testing archive very current and usable. @@ -5212,6 +5236,18 @@ +"Breaks" + + + + +This declares a package incompatibility usually with some version specification. Generally the resolution is to upgrade all of the packages listed in this field. + + + + + + "Conflicts" @@ -5476,13 +5512,85 @@
Basic package management operations - Aptitude is the current preferred package management tool for the Debian system. It can be used as the commandline alternative to apt-get / apt-cache and also as the full screen interactive package management tool. + Basic package management operations on the Debian system can be performed by any package management tools available on the Debian system. Here, we explain basic package management tools: apt-get / apt-cache and aptitude. For the package management operation which involves package installation or updates package metadata, you need to have root privilege. -
- Basic package management operations with commandline - Here are basic package management operations with commandline using aptitude(8) and apt-get(8) /apt-cache(8). +
+ <literal>apt-get</literal> / <literal>apt-cache</literal> vs. <literal>aptitude</literal> + The apt-get and apt-cache commands are the most basic package management tool. + + + apt-get and apt-cache offer only the commandline user interface. + + + + apt-get is most suitable for the major system upgrade between releases, etc. + + + + apt-get offers a robust and stable package resolver which uses the common package state data. + + + + apt-get has been updated to support autoinstall and autoremove of recommended packages. + + + + apt-get has been updated to support logging of package activities. + + + + apt-cache offers a standard regex based search on the package name and description. + + + + apt-get and apt-cache can manage multiple versions of packages using /etc/apt/preferences but it is quite cumbersome. + + + + The aptitude command is the most versatile package management tool. + + + aptitude offers the fullscreen interactive text user interface. + + + + aptitude offers the commandline user interface, too. + + + + aptitude is most suitable for the daily interactive package management such as inspecting installed packages and searching available packages. + + + + aptitude offers an enhanced package resolver which also uses an extra package state data used only by aptitude. + + + + aptitude supports autoinstall and autoremove of recommended packages. + + + + aptitude supports logging of package activities. + + + + aptitude offers an enhanced regex based search on all of the package metadata. + + + + aptitude can manage multiple versions of packages without using /etc/apt/preferences and it is quite intuitive. + + + + + Although the aptitude command comes with rich features such as its enhanced package resolver, this complexity has caused (or may still causes) some regressions such as Bug #411123, Bug #514930, and Bug #570377. In case of doubt, please use the apt-get and apt-cache commands over the aptitude command. + +
+
+ Basic package management operations with the commandline + Here are basic package management operations with the commandline using aptitude(8) and apt-get(8) /apt-cache(8). - Basic package management operations with commandline using <literal>aptitude</literal>(8) and <literal>apt-get</literal>(8) /<literal>apt-cache</literal>(8) + Basic package management operations with the commandline using <literal>aptitude</literal>(8) and <literal>apt-get</literal>(8) /<literal>apt-cache</literal>(8) @@ -5645,7 +5753,9 @@
- Although it is now safe to mix different package tools on the Debian system, it is best to continue using aptitude as much as possible. + + Since apt-get and aptitude share auto-installed package status (see ) after lenny, you can mix these tools without major troubles (see Bug #594490). + The difference between "safe-upgrade"/"upgrade" and "full-upgrade"/"dist-upgrade" only appears when new versions of packages stand in different dependency relationships from old versions of those packages. The "aptitude safe-upgrade" command does not install new packages nor remove installed packages. The "aptitude why <regex>" can list more information by "aptitude -v why <regex>". Similar information can be obtained by "apt-cache rdepends <package>". When aptitude command is started in the commandline mode and faces some issues such as package conflicts, you can switch to the full screen interactive mode by pressing "e"-key later at the prompt. @@ -6022,7 +6132,7 @@ Upgradable Packages - list packages organized as sectioncomponentpackage + list packages organized as sectionareapackage @@ -6510,42 +6620,6 @@ In reality, it is not so easy to get meaningful understanding quickly out from these logs. See for easier way.
-
- Aptitude advantages - Aptitude has advantages over other APT based packaging systems (apt-get, apt-cache, synaptic, …). - - - aptitude removes unused auto installed packages automatically using its own extra layer of package state file (/var/lib/aptitude/pkgstates). (For new "lenny", other APT does the same.) - - - - aptitude makes it easy to resolve package conflicts and to add recommended packages. - - - - aptitude makes it easy to keep track of obsolete software by listing under "Obsolete and Locally Created Packages". - - - - aptitude gives a log of its history in "/var/log/aptitude". - - - - aptitude offers access to all versions of the package if available. - - - - aptitude includes a fairly powerful regex based system for searching particular packages and limiting the package display. - - - - aptitude in the full screen mode has su functionality embedded and can be run from normal user until you really need administrative privileges. - - - - For the old etch release version, synaptic also gives you the history log; apt-get did not but you can rely on the log of dpkg. - Anyway, aptitude is nice for interactive console use. -
Examples of aptitude operations @@ -6636,12 +6710,12 @@ The "m" action over "Tasks" is an optional one to prevent mass package removal situation in future.
-
- System wide upgrade with aptitude +
+ System wide upgrade When moving to a new release etc, you should consider to perform a clean installation of new system even though Debian is upgradable as described below. This provides you a chance to remove garbages collected and exposes you to the best combination of latest packages. Of course, you should make a full backup of system to a safe place (see ) before doing this. I recommend to make a dual boot configuration using different partition to have the smoothest transition. - You can perform system wide upgrade to a newer release by changing contents of the "/etc/apt/sources.list" file pointing to a new release and running the "aptitude update; aptitude full-upgrade" command. + You can perform system wide upgrade to a newer release by changing contents of the "/etc/apt/sources.list" file pointing to a new release and running the "apt-get update; apt-get dist-upgrade" command. To upgrade from stable to testing or unstable, you replace "@-@codename-stable@-@" in the "/etc/apt/sources.list" example of with "@-@codename-testing@-@" or "sid". In reality, you may face some complications due to some package transition issues, mostly due to package dependencies. The larger the difference of the upgrade, the more likely you face larger troubles. For the transition from the old stable to the new stable after its release, you can read its new Release Notes and follow the exact procedure described in it to minimize troubles. When you decide to move from stable to testing before its formal release, there are no Release Notes to help you. The difference between stable and testing could have grown quite large after the previous stable release and makes upgrade situation complicated. @@ -6704,12 +6778,12 @@ -Run the "aptitude full-upgrade -s" command to assess impact. +Run the "apt-get -s dist-upgrade" command to assess impact. -Run the "aptitude full-upgrade" command at last. +Run the "apt-get dist-upgrade" command at last. @@ -6943,6 +7017,14 @@ set dpkg level package selection state information + + + echo <package_name> hold | dpkg --set-selection + + + set dpkg level package selection state for a package to hold (equivalent to "aptitude hold <package_name>") + + @@ -7030,7 +7112,7 @@ The content of the Debian archive meta data - + @@ -7084,7 +7166,7 @@ Release - top of each distribution/component/architecture combination + top of each distribution/area/architecture combination archive description used for the rule of apt_preferences(5) @@ -7095,7 +7177,7 @@ Packages - top of each distribution/component/binary-architecture combination + top of each distribution/area/binary-architecture combination concatenated debian/control for binary packages @@ -7106,7 +7188,7 @@ Sources - top of each distribution/component/source combination + top of each distribution/area/source combination concatenated debian/control for source packages @@ -7136,7 +7218,7 @@ 43524d07f7fa21b10f472c426db66168 6561398 main/binary-alpha/Packages.gz ... - Here, you can find my rationale to use the "suite", "codeneme", and "components" in . The "distribution" is used when referring to both "suite" and "codeneme". + Here, you can find my rationale to use the "suite", and "codeneme" in . The "distribution" is used when referring to both "suite" and "codeneme". All archive "area" names offered by the archive are listed under "Component". The integrity of the top level "Release" file is verified by cryptographic infrastructure called the secure apt. @@ -7196,7 +7278,7 @@
Fetching of the meta data for the package - When APT tools, such as aptitude, apt-get, synaptic, apt-file, auto-apt…, are used, we need to update the local copies of the meta data containing the Debian archive information. These local copies have following file names corresponding to the specified distribution, component, and architecture names in the "/etc/apt/sources.list" (see ). + When APT tools, such as aptitude, apt-get, synaptic, apt-file, auto-apt…, are used, we need to update the local copies of the meta data containing the Debian archive information. These local copies have following file names corresponding to the specified distribution, area, and architecture names in the "/etc/apt/sources.list" (see ). @@ -7210,12 +7292,12 @@ -"/var/lib/apt/lists/ftp.us.debian.org_debian_dists_<distribution>_<component>_binary-<architecture>_Packages" +"/var/lib/apt/lists/ftp.us.debian.org_debian_dists_<distribution>_<area>_binary-<architecture>_Packages" -"/var/lib/apt/lists/ftp.us.debian.org_debian_dists_<distribution>_<component>_source_Sources" +"/var/lib/apt/lists/ftp.us.debian.org_debian_dists_<distribution>_<area>_source_Sources" @@ -7871,9 +7953,6 @@
Tweaking candidate version - - In lenny, aptitude(8) has a bug for handling "/etc/apt/preferences" file. (Bug#514930) - Without the "/etc/apt/preferences" file, APT system choses the latest available version as the candidate version using the version string. This is the normal state and most recommended usage of APT system. All officially supported combinations of archives do not require the "/etc/apt/preferences" file since some archives which should not be used as the automatic source of upgrades are marked as NotAutomatic and dealt properly. The version string comparison rule can be verified with, e.g., "dpkg --compare-versions ver1.1 gt ver1.1~1; echo $?" (see dpkg(1)). @@ -7982,7 +8061,7 @@ -The Pin-Priority values of archives (defined as "Package: *" in the "/etc/apt/preferences" file) are listed left side of all archive paths, e.g., "200 http://backports.org etch-backports/main Packages". +The Pin-Priority values of archives (defined as "Package: *" in the "/etc/apt/preferences" file) are listed left side of all archive paths, e.g., "200 http://backports.debian.org/debian-backports/ @-@codename-stable@-@-backports/main Packages". @@ -8000,7 +8079,7 @@ Pin-Priority: 200 When you wish to install a package named "<package-name>" with its dependencies from unstable archive under this configuration, you issue the following command which switches target release with "-t" option (Pin-Priority of unstable becomes 990.). $ sudo apt-get install -t unstable <package-name> - With this configuration, usual execution of "apt-get upgrade" and "apt-get dist-upgrade" (or "aptitude safe-upgrade" and "aptitude full-upgrade" for squeeze) upgrades packages which were installed from testing archive using current testing archive and packages which were installed from unstable archive using current unstable archive. + With this configuration, usual execution of "apt-get upgrade" and "apt-get dist-upgrade" (or "aptitude safe-upgrade" and "aptitude full-upgrade") upgrades packages which were installed from testing archive using current testing archive and packages which were installed from unstable archive using current unstable archive. Be careful not to remove "testing" entry from the "/etc/apt/sources.list" file. Without "testing" entry in it, APT system upgrades packages using newer unstable archive. @@ -8035,16 +8114,13 @@ deb http://security.debian.org/ testing/updates main contrib The default Pin-Priority value for experimental archive is always 1 (<<100) since it is NotAutomatic archive (see ). There is no need to set Pin-Priority value explicitly in the "/etc/apt/preferences" file just to use experimental archive unless you wish to track particular packages in it automatically for next upgrading.
-
- Volatile and Backports.org - There are debian-volatile project and backports.org archives which provide updgrade packages for stable. +
+ Volatile and Backports + There are debian-volatile project and backports.debian.org archives which provide updgrade packages for stable. Do not use all packages available in the NotAutomatic archives such as @-@codename-stable@-@-backports and volatile-sloppy. Use only selected packages which fits your needs. - backports.org is a non-Debian archive, although its packages are signed by Debian developers. - - Archive level Release files (see ) are used for the rule of apt_preferences(5). Thus apt-pinning works only with "code" name for volatile Debian archives. This is different from other Debian archives. For example, you can do "Pin: release a=@-@codename-stable@-@" but can not do "Pin: release a=stable" in the "/etc/apt/preferences" file for volatile Debian archives. Here is an example of apt-pinning technique to include specific newer upstream version packages found in @-@codename-stable@-@-backports while tracking @-@codename-stable@-@ and volatile. You list all required archives in the "/etc/apt/sources.list" file as the following. @@ -8052,8 +8128,8 @@ deb http://security.debian.org/ @-@codename-stable@-@/updates main contrib deb http://volatile.debian.org/debian-volatile/ @-@codename-stable@-@/volatile main contrib non-free deb http://volatile.debian.org/debian-volatile/ @-@codename-stable@-@/volatile-sloppy main contrib non-free -deb http://backports.org/debian/ @-@codename-stable@-@-backports main contrib non-free - The default Pin-Priority value for backports.org and volatile-sloppy archives are always 1 (<<100) since they are NotAutomatic archive (see ). There is no need to set Pin-Priority value explicitly in the "/etc/apt/preferences" file just to use for backports.org and volatile-sloppy archive unless you wish to track packages automatically for next upgrading. +deb http://backports.debian.org/debian-backports/ @-@codename-stable@-@-backports main contrib non-free + The default Pin-Priority value for backports.debian.org and volatile-sloppy archives are always 1 (<<100) since they are NotAutomatic archive (see ). There is no need to set Pin-Priority value explicitly in the "/etc/apt/preferences" file just to use for backports.debian.org and volatile-sloppy archive unless you wish to track packages automatically for next upgrading. So whenever you wish to install a package named "<package-name>" with its dependency from @-@codename-stable@-@-backports archive, you use following command while switching target release with "-t" option. $ sudo apt-get install -t @-@codename-stable@-@-backports <package-name> If you wish to upgrade particular packages, you must create the "/etc/apt/preferences" file and explicitly lists all packages in it as the following. @@ -8080,7 +8156,7 @@ Package: * Pin: release a=@-@codename-stable@-@-sloppy, o=volatile.debian.org Pin-Priority: 200 - Execution of "apt-get upgrade" and "apt-get dist-upgrade" (or "aptitude safe-upgrade" and "aptitude full-upgrade" for squeeze) upgrades packages which were installed from stable archive using current stable archive and packages which were installed from other archives using current corresponding archive for all archives in the "/etc/apt/sources.list" file. + Execution of "apt-get upgrade" and "apt-get dist-upgrade" (or "aptitude safe-upgrade" and "aptitude full-upgrade") upgrades packages which were installed from stable archive using current stable archive and packages which were installed from other archives using current corresponding archive for all archives in the "/etc/apt/sources.list" file.
Automatic download and upgrade of packages @@ -9228,8 +9304,11 @@
The configuration of the runlevel + + In Debian squeeze, dependency based boot order provided by the insserv package is used instead of classical alphabetical one. The "CONCURRENCY" value in "/etc/default/rcS" controls its concurrency: "none" for no concurrency, "startpar" for concurrency within the same sequence number, or "makefile" for full concurrency. See "/usr/share/doc/insserv/README.Debian". + The name of the symlink in each runlevel directory has the form "S<2-digit-number><original-name>" or "K<2-digit-number><original-name>". The 2-digit-number is used to determine the order in which to run the scripts. "S" is for "Start" and "K" is for "Kill". - When init(8) or telinit(8) commands goes into the runlevel to "<n>", it execute following scripts. + For "CONCURRENCY=none", when init(8) or telinit(8) commands goes into the runlevel to "<n>", it execute following scripts. @@ -9243,12 +9322,10 @@ For example, if you had the links "S10sysklogd" and "S20exim4" in a runlevel directory, "S10sysklogd" which is symlinked to "../init.d/sysklogd" would run before "S20exim4" which is symlinked to "../init.d/exim4". + For "CONCURRENCY=makefile" (new default), package dependency defined in the header of init scripts are used to order them. It is not advisable to make any changes to symlinks in "/etc/rcS.d/" unless you know better than the maintainer. - - In Debian squeeze, dependency based boot order provided by the insserv package is used instead of classical alphabetical one. The "CONCURRENCY" value in "/etc/default/rcS" controls its concurrency: "none" for no concurrency, "startpar" for concurrency within the same sequence number, or "makefile" for full concurrency. See "/usr/share/doc/insserv/README.Debian". -
The runlevel management example @@ -10725,998 +10802,1151 @@ For general guide to the GNU/Linux networking, read the Linux Network Administrators Guide. - The traditional TCP/IP network setup on Debian system uses ifupdown package as a high level tool. There are 2 typical cases. - - - -For dynamic IP system such as mobile PCs, you should setup TCP/IP network with the resolvconf package and enable you to switch your network configuration easily (see ). - - - - -For static IP system such as servers, you should setup TCP/IP network without the resolvconf package and keep your system simple (see ). - - - - We describe these traditional cases in detail here. - We also touch on some alternative high level tools such as network-manager and wicd which ease configuration of wireless networks (see ).
The basic network infrastructure Let's review the basic network infrastructure on the modern Debian system. -
- The domain name - The naming for the domain name is a tricky one for the normal PC workstation users. The PC workstation may be mobile one hopping around the network or located behind the NAT firewall inaccessible from the Internet. For such case, you may not want the domain name to be a valid domain name to avoid name collision. - According to rfc2606, "invalid" seems to be a choice for the top level domain (TLD) to construct domain names that are sure to be invalid from the Internet. - The mDNS network discovery protocol (Apple Bonjour / Apple Rendezvous, Avahi on Debian) uses "local" as the pseudo-top-level domain. Microsoft also seems to promote "local" for the TLD of local area network. - - If the DNS service on your LAN uses "local" as TLD for your LAN, it may interfare with mDNS. - - Other popular choices for the invalid TLD seem to be "localdomain", "lan", "localnet", or "home" according to my incoming mail analysis. -
-
- The hostname resolution - The hostname resolution is currently supported by the NSS (Name Service Switch) mechanism too. The flow of this resolution is the following. - - - -The "/etc/nsswitch.conf" file with stanza like "hosts: files dns" dictates the hostname resolution order. (This replaces the old functionality of the "order" stanza in "/etc/host.conf".) - - - - -The files method is invoked first. If the hostname is found in the "/etc/hosts" file, it returns all valid addresses for it and exits. (The "/etc/host.conf" file contains "multi on".) - - - - -The dns method is invoked. If the hostname is found by the query to the Internet Domain Name System (DNS) identified by the "/etc/resolv.conf" file, it returns all valid addresses for it and exits. - - - - The "/etc/hosts" file associates IP addresses with hostnames contains the following. - 127.0.0.1 localhost -127.0.1.1 <host_name>.<domain_name> <host_name> - -# The following lines are desirable for IPv6 capable hosts -::1 ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -ff02::3 ip6-allhosts - Here the <host_name> in this matches the own hostname defined in the "/etc/hostname". The <domain_name> in this is the fully qualified domain name (FQDN) of this host. - - For <domain_name> of the mobile PC without the real FQDN, you may pick a bogus and safe TLD such as "lan", "home", "invalid", "localdomain", "none", and "private". - - The "/etc/resolv.conf" is a static file if the resolvconf package is not installed. If installed, it is a symbolic link. Either way, it contains information that initialize the resolver routines. If the DNS is found at IP="192.168.11.1", it contains the following. - nameserver 192.168.11.1 - The resolvconf package makes this "/etc/resolv.conf" into a symbolic link and manages its contents by the hook scripts automatically. - The hostname resolution via Multicast DNS (using Zeroconf, aka Apple Bonjour / Apple Rendezvous) which effectively allows name resolution by common Unix/Linux programs in the ad-hoc mDNS domain "local", can be provided by installing the libnss-mdns package. The "/etc/nsswitch.conf" file should have stanza like "hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4" to enable this functionality. -
-
- The network interface name - The network interface name, e.g. eth0, is assigned to each hardware in the Linux kernel through the user space configuration mechanism, udev (see ), as it is found. The network interface name is referred as physical interface in ifup(8) and interfaces(5). - In order to ensure each network interface to be named persistently for each reboot using MAC address etc., there is a record file "/etc/udev/rules.d/70-persistent-net.rules". This file is automatically generated by the "/lib/udev/write_net_rules" program, probably run by the "persistent-net-generator.rules" rules file. You can modify it to change naming rule. - - When editing the "/etc/udev/rules.d/70-persistent-net.rules" rules file, you must keep each rule on a single line and the MAC address in lowercase. For example, if you find "Firewire device" and "PCI device" in this file, you probably want to name "PCI device" as eth0 and configure it as the primary network interface. - -
-
- The network address range for the LAN - Let us be reminded of the IPv4 32 bit address ranges in each class reserved for use on the local area networks (LANs) by rfc1918. These addresses are guaranteed not to conflict with any addresses on the Internet proper. - - List of network address ranges - - - - - - - - - - Class - - - network addresses - - - net mask - - - net mask /bits - - - # of subnets - - - - - - - A - - - 10.x.x.x - - - 255.0.0.0 - - - /8 - - - 1 - - - - - B - - - 172.16.x.x — 172.31.x.x - - - 255.255.0.0 - - - /16 - - - 16 - - - - - C - - - 192.168.0.x — 192.168.255.x - - - 255.255.255.0 - - - /24 - - - 256 - - - - -
- - If one of these addresses is assigned to a host, then that host must not access the Internet directly but must access it through a gateway that acts as a proxy for individual services or else does Network Address Translation(NAT). The broadband router usually performs NAT for the consumer LAN environment. - -
-
- The network configuration infrastructure - There are 2 types of low level networking programs for Linux networking system (see ). - - - -Old net-tools programs (ifconfig(8), …) are from the Linux NET-3 networking system. Most of these are obsolete now. - - - - -New Linux iproute2 programs (ip(8), …) are the current Linux networking system. - - - - Although these low level networking programs are powerful, they are cumbersome to use. So high level network configuration systems have been created. - The ifupdown package is the de facto standard for such high level network configuration system on Debian. It enables you to bring up network simply by doing , e.g., "ifup eth0". Its configuration file is the "/etc/network/interfaces" file and its typical contents are the following. - auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet dhcp - The resolvconf package was created to supplement ifupdown system to support smooth reconfiguration of network address resolution by automating rewrite of resolver configuration file "/etc/resolv.conf". Now, most Debian network configuration packages are modified to use resolvconf package (see "/usr/share/doc/resolvconf/README.Debian"). - Helper scripts to the ifupdown package such as ifplugd, guessnet, ifscheme, etc. are created to automate dynamic configuration of network environment such as one for mobile PC on wired LAN. These are relatively difficult to use but play well with existing ifupdown system. - Alternative high level network configuration systems, independent of ifupdown system, such as network-manager, wicd, etc. are created to ease configuration of network environment even for mobile PC on wireless network. Since these are relatively new system and their integration to Debian system is in progress, you may still need to disable the corresponding network interface configuration manually in "/etc/network/interfaces" to avoid conflicts between these and ifupdown (see ). - - List of network configuration tools - - - - - - - - - +
+ List of network configuration tools + + + + + + + + + packages - + popcon - + size - + type - + description - - - - - - ifupdown - - + + + + + + ifupdown + + @-@popcon1@-@ - + @-@psize1@-@ - + config::ifupdown - + standardized tool to bring up and down the network (Debian specific) - - - - ifplugd - - + + + + ifplugd + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + manage the wired network automatically - - - - ifupdown-extra - - + + + + ifupdown-extra + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + network testing script to enhance "ifupdown" package - - - - ifmetric - - + + + + ifmetric + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + set routing metrics for a network interface - - - - guessnet - - + + + + guessnet + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + mapping script to enhance "ifupdown" package via "/etc/network/interfaces" file - - - - ifscheme - - + + + + ifscheme + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + mapping scripts to enhance "ifupdown" package - - - - ifupdown-scripts-zg2 - - + + + + ifupdown-scripts-zg2 + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + Zugschlus' interface scripts for ifupdown's manual method - - - - network-manager - - + + + + network-manager + + @-@popcon1@-@ - + @-@psize1@-@ - + config::NM - NetworkManager (daemon): manage the network automatically + NetworkManager (daemon): manage the network automatically - - - - network-manager-gnome - - + + + + network-manager-gnome + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - NetworkManager (GNOME frontend) + NetworkManager (GNOME frontend) - - - - network-manager-kde - - + + + + network-manager-kde + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - NetworkManager (KDE frontend) + NetworkManager (KDE frontend) - - - - wicd - - + + + + cnetworkmanager + + @-@popcon1@-@ - + @-@psize1@-@ - + + , , + + NetworkManager (command-line client) + + + + + wicd + + + @-@popcon1@-@ + + + @-@psize1@-@ + + config::wicd - - wired and wireless network manager + + wired and wireless network manager (metapackage) - - - - iptables - - + + + + wicd-cli + + @-@popcon1@-@ - + @-@psize1@-@ - + + , , + + + wired and wireless network manager (command-line client) + + + + + wicd-curses + + + @-@popcon1@-@ + + + @-@psize1@-@ + + + , , + + + wired and wireless network manager (Curses client) + + + + + wicd-daemon + + + @-@popcon1@-@ + + + @-@psize1@-@ + + + , , + + + wired and wireless network manager (daemon) + + + + + wicd-gtk + + + @-@popcon1@-@ + + + @-@psize1@-@ + + + , , + + + wired and wireless network manager (GTK+ client) + + + + + iptables + + + @-@popcon1@-@ + + + @-@psize1@-@ + + config::Netfilter - + administration tools for packet filtering and NAT (Netfilter) - - - - iproute - - + + + + iproute + + @-@popcon1@-@ - + @-@psize1@-@ - + config::iproute2 - iproute2, IPv6 and other advanced network configuration: ip(8), tc(8), etc + iproute2, IPv6 and other advanced network configuration: ip(8), tc(8), etc - - - - ifrename - - + + + + ifrename + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + rename network interfaces based on various static criteria: ifrename(8) - - - - ethtool - - + + + + ethtool + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + display or change Ethernet device settings - - - - iputils-ping - - + + + + iputils-ping + + @-@popcon1@-@ - + @-@psize1@-@ - + test::iproute2 - + test network reachability of a remote host by hostname or IP address (iproute2) - - - - iputils-arping - - + + + + iputils-arping + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + test network reachability of a remote host specified by the ARP address - - - - iputils-tracepath - - + + + + iputils-tracepath + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + trace the network path to a remote host - - - - net-tools - - + + + + net-tools + + @-@popcon1@-@ - + @-@psize1@-@ - + config::net-tools - + NET-3 networking toolkit (net-tools, IPv4 network configuration): ifconfig(8) etc. - - - - inetutils-ping - - + + + + inetutils-ping + + @-@popcon1@-@ - + @-@psize1@-@ - + test::net-tools - + test network reachability of a remote host by hostname or IP address (legacy, GNU) - - - - arping - - + + + + arping + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + test network reachability of a remote host specified by the ARP address (legacy) - - - - traceroute - - + + + + traceroute + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + trace the network path to a remote host (legacy, console) - - - - dhcp3-client - - + + + + dhcp3-client + + @-@popcon1@-@ - + @-@psize1@-@ - + config::low-level - + DHCP client - - - - wpasupplicant - - + + + + wpasupplicant + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + client support for WPA and WPA2 (IEEE 802.11i) - - - - wireless-tools - - + + + + wireless-tools + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + tools for manipulating Linux Wireless Extensions - - - - ppp - - + + + + ppp + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + PPP/PPPoE connection with chat - - - - pppoeconf - - + + + + pppoeconf + + @-@popcon1@-@ - + @-@psize1@-@ - + config::helper - + configuration helper for PPPoE connection - - - - pppconfig - - + + + + pppconfig + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + configuration helper for PPP connection with chat - - - - wvdial - - + + + + wvdial + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + configuration helper for PPP connection with wvdial and ppp - - - - mtr-tiny - - + + + + mtr-tiny + + @-@popcon1@-@ - + @-@psize1@-@ - + test::low-level - + trace the network path to a remote host (curses) - - - - mtr - - + + + + mtr + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + trace the network path to a remote host (curses and GTK+) - - - - gnome-nettool - - + + + + gnome-nettool + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + tools for common network information operations (GNOME) - - - - nmap - - + + + + nmap + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + network mapper / port scanner (Nmap, console) - - - - zenmap - - + + + + zenmap + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + network mapper / port scanner (GTK+) - - - - knmap - - + + + + knmap + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + network mapper / port scanner (KDE) - - - - tcpdump - - + + + + tcpdump + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - + network traffic analyzer (Tcpdump, console) - - - - wireshark - - + + + + wireshark + + + @-@popcon1@-@ + + + @-@psize1@-@ + + + , , + + + network traffic analyzer (Wireshark, GTK+) + + + + + tshark + + + @-@popcon1@-@ + + + @-@psize1@-@ + + + , , + + + network traffic analyzer (console) + + + + + nagios3 + + + @-@popcon1@-@ + + + @-@psize1@-@ + + + , , + + + monitoring and management system for hosts, services and networks (Nagios) + + + + + tcptrace + + + @-@popcon1@-@ + + + @-@psize1@-@ + + + , , + + + produce a summarization of the connections from tcpdump output + + + + + snort + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - - network traffic analyzer (Wireshark, GTK+) + + flexible network intrusion detection system (Snort) - - - - tshark - - + + + + ntop + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - - network traffic analyzer (console) + + display network usage in web browser - - - - nagios3 - - + + + + dnsutils + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - - monitoring and management system for hosts, services and networks (Nagios) + + network clients provided with BIND: nslookup(8), nsupdate(8), dig(8) - - - - tcptrace - - + + + + dlint + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - - produce a summarization of the connections from tcpdump output + + check DNS zone information using nameserver lookups - - - - snort - - + + + + dnstracer + + @-@popcon1@-@ - + @-@psize1@-@ - + , , - - flexible network intrusion detection system (Snort) + + trace a chain of DNS servers to the source - + + + +
+
+ The domain name + The naming for the domain name is a tricky one for the normal PC workstation users. The PC workstation may be mobile one hopping around the network or located behind the NAT firewall inaccessible from the Internet. For such case, you may not want the domain name to be a valid domain name to avoid name collision. + + When you use an invalid domain name, you need to spoof the domain name used by some programs such as MTA for their proper operation. See . + + According to rfc2606, "invalid" seems to be a choice for the top level domain (TLD) to construct domain names that are sure to be invalid from the Internet. + The mDNS network discovery protocol (Apple Bonjour / Apple Rendezvous, Avahi on Debian) uses "local" as the pseudo-top-level domain. Microsoft also seems to promote "local" for the TLD of local area network. + + If the DNS service on your LAN uses "local" as TLD for your LAN, it may interfare with mDNS. + + Other popular choices for the invalid TLD seem to be "localdomain", "lan", "localnet", or "home" according to my incoming mail analysis. +
+
+ The hostname resolution + The hostname resolution is currently supported by the NSS (Name Service Switch) mechanism too. The flow of this resolution is the following. + + + +The "/etc/nsswitch.conf" file with stanza like "hosts: files dns" dictates the hostname resolution order. (This replaces the old functionality of the "order" stanza in "/etc/host.conf".) + + + + +The files method is invoked first. If the hostname is found in the "/etc/hosts" file, it returns all valid addresses for it and exits. (The "/etc/host.conf" file contains "multi on".) + + + + +The dns method is invoked. If the hostname is found by the query to the Internet Domain Name System (DNS) identified by the "/etc/resolv.conf" file, it returns all valid addresses for it and exits. + + + + The "/etc/hosts" file associates IP addresses with hostnames contains the following. + 127.0.0.1 localhost +127.0.1.1 <host_name>.<domain_name> <host_name> + +# The following lines are desirable for IPv6 capable hosts +::1 ip6-localhost ip6-loopback +fe00::0 ip6-localnet +ff00::0 ip6-mcastprefix +ff02::1 ip6-allnodes +ff02::2 ip6-allrouters +ff02::3 ip6-allhosts + Here the <host_name> in this matches the own hostname defined in the "/etc/hostname". The <domain_name> in this is the fully qualified domain name (FQDN) of this host. + + For <domain_name> of the mobile PC without the real FQDN, you may pick a bogus and safe TLD such as "lan", "home", "invalid", "localdomain", "none", and "private". + + The "/etc/resolv.conf" is a static file if the resolvconf package is not installed. If installed, it is a symbolic link. Either way, it contains information that initialize the resolver routines. If the DNS is found at IP="192.168.11.1", it contains the following. + nameserver 192.168.11.1 + The resolvconf package makes this "/etc/resolv.conf" into a symbolic link and manages its contents by the hook scripts automatically. + The hostname resolution via Multicast DNS (using Zeroconf, aka Apple Bonjour / Apple Rendezvous) which effectively allows name resolution by common Unix/Linux programs in the ad-hoc mDNS domain "local", can be provided by installing the libnss-mdns package. The "/etc/nsswitch.conf" file should have stanza like "hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4" to enable this functionality. +
+
+ The network interface name + The network interface name, e.g. eth0, is assigned to each hardware in the Linux kernel through the user space configuration mechanism, udev (see ), as it is found. The network interface name is referred as physical interface in ifup(8) and interfaces(5). + In order to ensure each network interface to be named persistently for each reboot using MAC address etc., there is a record file "/etc/udev/rules.d/70-persistent-net.rules". This file is automatically generated by the "/lib/udev/write_net_rules" program, probably run by the "persistent-net-generator.rules" rules file. You can modify it to change naming rule. + + When editing the "/etc/udev/rules.d/70-persistent-net.rules" rules file, you must keep each rule on a single line and the MAC address in lowercase. For example, if you find "Firewire device" and "PCI device" in this file, you probably want to name "PCI device" as eth0 and configure it as the primary network interface. + +
+
+ The network address range for the LAN + Let us be reminded of the IPv4 32 bit address ranges in each class reserved for use on the local area networks (LANs) by rfc1918. These addresses are guaranteed not to conflict with any addresses on the Internet proper. + + List of network address ranges + + + + + + + - ntop - + Class + - @-@popcon1@-@ + network addresses - @-@psize1@-@ + net mask - , , + net mask /bits - display network usage in web browser + # of subnets + + - dnsutils - + A + - @-@popcon1@-@ + 10.x.x.x - @-@psize1@-@ + 255.0.0.0 - , , + /8 - network clients provided with BIND: nslookup(8), nsupdate(8), dig(8) + 1 - dlint - + B + - @-@popcon1@-@ + 172.16.x.x — 172.31.x.x - @-@psize1@-@ + 255.255.0.0 - , , + /16 - check DNS zone information using nameserver lookups + 16 - dnstracer - + C + - @-@popcon1@-@ + 192.168.0.x — 192.168.255.x - @-@psize1@-@ + 255.255.255.0 - , , + /24 - trace a chain of DNS servers to the source + 256
+ + If one of these addresses is assigned to a host, then that host must not access the Internet directly but must access it through a gateway that acts as a proxy for individual services or else does Network Address Translation(NAT). The broadband router usually performs NAT for the consumer LAN environment. +
The network device support Although most hardware devices are supported by the Debian system, there are some network devices which require DSFG non-free external hardware drivers to support them. Please see .
-
- The network connection method +
+ The modern network configuration for desktop + Debian squeeze systems can manage the network connection via management daemon software such as NetworkManager (NM) (network-manager and associated packages) or Wicd (wicd and associated packages). + + + +They come with their own GUI and command-line programs as their user interfaces. + + + + +They come with their own daemon as their backend system. + + + + +They allow easy connection of your system to the Internet. + + + + +They allow easy management of wired and wireless network configuration. + + + + +They allow us to configure network independent of the legacy ifupdown package. + + + + + Do not use these automatic network configuration tools for servers. These are aimed primarily for mobile desktop users on laptops. + + These modern network configuration tools need to be configured properly to avoid conflicting with the legacy ifupdown package and its configuration file "/etc/network/interfaces". + + Some features of these automatic network configuration tools may suffer regressions. These are not as robust as the legacy ifupdown package. Check BTS of network-manager and BTS of wicd for current issues and limitations. + +
+ GUI network configuration tools + Official documentations for NM and Wicd on Debian are provided in "/usr/share/doc/network-manager/README.Debian" and "/usr/share/doc/wicd/README.Debian", respectively. + Essentially, the network configuration for desktop is done as follows. + + + +Make desktop user, e.g. foo, belong to group "netdev" by the following (Alternatively, do it automatically via D-bus under modern desktop environments such as GNOME and KDE). + + $ sudo adduser foo netdev + + + +Keep configuration of "/etc/network/interfaces" as simple as the the following. + + auto lo +iface lo inet loopback + + + +Restart NM or Wicd by the following. + + $ sudo /etc/init.d/network-manager restart + $ sudo /etc/init.d/wicd restart + + + +Configure your network via GUI. + + + + + Only interfaces which are not listed in "/etc/network/interfaces" or which have been configured with "auto …" or "allow-hotplug …" and "iface … inet dhcp" (with no other options) are managed by NM to avoid conflict with ifupdown. + + + If you wish to extend network configuration capabilities of NM, please seek appropriate plug-in modules and supplemental packages such as network-manager-openconnect, network-manager-openvpn-gnome, network-manager-pptp-gnome, mobile-broadband-provider-info, gnome-bluetooth, etc. The same goes for those of Wicd. + + + These automatic network configuration tools may not be compatible with esoteric configurations of legacy ifupdown in "/etc/network/interfaces" such as ones in and . Check BTS of network-manager and BTS of wicd for current issues and limitations. + +
+
+
+ The legacy network connection and configuration + When the method described in does not suffice your needs, you should use the legacy network connection and configuration method which combines many simpler tools. + The legacy network connection is specific for each method (see ). + There are 2 types of programs for the low level network configuration on Linux (see ). + + + +Old net-tools programs (ifconfig(8), …) are from the Linux NET-3 networking system. Most of these are obsolete now. + + + + +New Linux iproute2 programs (ip(8), …) are the current Linux networking system. + + + + Although these low level networking programs are powerful, they are cumbersome to use. So high level network configuration systems have been created. + The ifupdown package is the de facto standard for such high level network configuration system on Debian. It enables you to bring up network simply by doing , e.g., "ifup eth0". Its configuration file is the "/etc/network/interfaces" file and its typical contents are the following. + auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet dhcp + The resolvconf package was created to supplement ifupdown system to support smooth reconfiguration of network address resolution by automating rewrite of resolver configuration file "/etc/resolv.conf". Now, most Debian network configuration packages are modified to use resolvconf package (see "/usr/share/doc/resolvconf/README.Debian"). + Helper scripts to the ifupdown package such as ifplugd, guessnet, ifscheme, etc. are created to automate dynamic configuration of network environment such as one for mobile PC on wired LAN. These are relatively difficult to use but play well with existing ifupdown system. + These are explained in detail with examples (see and ). +
+
+ The network connection method (legacy) - The connection test method described in this section are meant for testing purposes. It is not meant to be used directly for the daily network connection. You are advised to use them via the ifupdown package (see ). + The connection test method described in this section are meant for testing purposes. It is not meant to be used directly for the daily network connection. You are advised to use them via NM, Wicd, or the ifupdown package (see and ). The typical network connection method and connection path for a PC can be summarized as the following. @@ -12225,8 +12455,22 @@ See "/usr/share/doc/pppoeconf/README.Debian". -
- The basic network configuration with ifupdown +
+ The basic network configuration with ifupdown (legacy) + The traditional TCP/IP network setup on Debian system uses ifupdown package as a high level tool. There are 2 typical cases. + + + +For dynamic IP system such as mobile PCs, you should setup TCP/IP network with the resolvconf package and enable you to switch your network configuration easily (see ). + + + + +For static IP system such as servers, you should setup TCP/IP network without the resolvconf package and keep your system simple (see ). + + + + These traditional setup methods are quite useful if you wish to set up advanced configuration (see ). The ifupdown package provides the standardized framework for the high level network configuration in the Debian system. In this section, we learn the basic network configuration with ifupdown with simplified introduction and many typical examples.
The command syntax simplified @@ -12636,16 +12880,16 @@
-
- The advanced network configuration with ifupdown - The functionality of the ifupdown package can be improved beyond what was described in with the advanced knowledge. +
+ The advanced network configuration with ifupdown (legacy) + The functionality of the ifupdown package can be improved beyond what was described in with the advanced knowledge. The functionalities described here are completely optional. I, being lazy and minimalist, rarely bother to use these. - If you could not set up network connection by information in , you make situation worse by using information below. + If you could not set up network connection by information in , you make situation worse by using information below.
The ifplugd package - The ifplugd package is older automatic network configuration tool which can manage only Ethernet connections. This solves unplugged/replugged Ethernet cable issues for mobile PC etc. If you have NetworkManager or Wicd (see ) installed, you do not need this package. + The ifplugd package is older automatic network configuration tool which can manage only Ethernet connections. This solves unplugged/replugged Ethernet cable issues for mobile PC etc. If you have NetworkManager or Wicd (see ) installed, you do not need this package. This package runs daemon and replaces auto or allow-hotplug functionalities (see ) and starts interfaces upon their connection to the network. Here is how to use the ifplugd package for the internal Ethernet port, e.g. eth0. @@ -13094,73 +13338,6 @@
-
- The network configuration for desktop -
- GUI network configuration tools - The capability of default GUI network configuration tools for each desktop environments such as GNOME tends to be limited to basic configurations such as static IP or DHCP. They actually overwrite contents of "/etc/network/interfaces" file behind you. Please check how they change "/etc/network/interfaces" file by yourself. - - They may not understand complicated advanced configuration done manually in "/etc/network/interfaces" file. - -
-
- Automatic network configuration - There are independent automatic network configuration tools, such as NetworkManager (NM) (network-manager and associated packages) and Wicd (wicd package) which manage network connection via daemon independent of the ifupdown package. They allow easy management of wireless connections. These come with its own nice GUI user interfaces. - - Do not use these automatic network configuration tools for servers. These are aimed primarily for mobile desktop users on laptops. - - - These automatic network configuration tools are moving targets and documentation here is likely to be incorrect for squeeze. So be warned. - - - These automatic network configuration tools may not be compatible with esoteric configurations of ifupdown in "/etc/network/interfaces" such as ones in and . Having even "hostname" stanza for DHCP controlled interface as described in caused NM to ignore such interface in lenny. Check BTS of network-manager and BTS of wicd for current issues and limitations. - - The configuration of NM is described in "/usr/share/doc/network-manager/README.Debian". Essentially this is as follows. - - - -Make desktop user, e.g. foo, belong to group "netdev" by the following. - - $ sudo adduser foo netdev - - - -Keep configuration of "/etc/network/interfaces" as simple as the the following. - - auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet dhcp - - - -Restart NM by the following. - - $ sudo /etc/init.d/network-manager restart - - - - Only interfaces which are not listed in "/etc/network/interfaces" or which have been configured with "auto …" or "allow-hotplug …" and "iface … inet dhcp" (with no other options) are managed by NM to avoid conflict with ifupdown. - - The configuration of Wicd is described in "/usr/share/doc/wicd/README.Debian". Essentially, this is as follows. - - - -Make configuration in "/etc/network/interfaces" only as the following. - - auto lo -iface lo inet loopback - - - -Restart Wicd as the following. - - $ sudo /etc/init.d/wicd restart - - -
-
The low level network configuration
@@ -14083,7 +14260,7 @@ - Debian offers many free browser plugin packages in the main component which can handle not only Java (software platform) and Flash but also MPEG, MPEG2, MPEG4, DivX, Windows Media Video (.wmv), QuickTime (.mov), MP3 (.mp3), Ogg/Vorbis files, DVDs, VCDs, etc. Debian also offers helper programs to install non-free browser plugin packages as contrib or non-free components. + Debian offers many free browser plugin packages in the main archive area which can handle not only Java (software platform) and Flash but also MPEG, MPEG2, MPEG4, DivX, Windows Media Video (.wmv), QuickTime (.mov), MP3 (.mp3), Ogg/Vorbis files, DVDs, VCDs, etc. Debian also offers helper programs to install non-free browser plugin packages as contrib or non-free archive area.
List of browser plugin packages @@ -14104,7 +14281,7 @@ size - component + area description @@ -14312,6 +14489,9 @@ The mail configuration strategy for workstation The most simple mail configuration is that the mail is sent to the ISP's smarthost and received from ISP's POP3 server by the MUA (see ) itself. This type of configuration is popular with full featured GUI based MUA such as icedove(1), evolution(1), etc. If you need to filter mail by their types, you use MUA's filtering function. For this case, the local MTA (see ) need to do local delivery only. The alternative mail configuration is that the mail is sent via local MTA to the ISP's smarthost and received from ISP's POP3 by the mail retriever (see ) to the local mailbox. If you need to filter mail by their types, you use MDA with filter (see ) to filter mail into separate mailboxes. This type of configuration is popular with simple console based MUA such as mutt(1), gnus(1), etc., although this is possible with any MUAs (see ). For this case, the local MTA (see ) need to do both smarthost delivery and local delivery. Since mobile workstation does not have valid FQDN, you must configure the local MTA to hide and spoof the real local mail name in outgoing mail to avoid mail delivery errors (see ). + + You may wish to configure MUA/MDA to use Maildir for storing email messages somewhere under your home directory. +
@@ -14720,7 +14900,7 @@ Local customization file "/etc/exim4/exim4.conf.localmacros" may be created to set MACROs. For example, Yahoo's mail service is said to require "MAIN_TLS_ENABLE = true" and "AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS = yes" in it. - If you are looking for a light weight MTA that respects "/etc/aliases" for your laptop PC, you should consider to configure exim4(8) with "QUEUERUNNER='nodaemon'" etc. in "/etc/default/exim4". + If you are looking for a light weight MTA that respects "/etc/aliases" for your laptop PC, you should consider to configure exim4(8) with "QUEUERUNNER='queueonly'", "QUEUERUNNER='nodaemon'", etc. in "/etc/default/exim4".
@@ -14870,6 +15050,9 @@ The contents of "/etc/mailname" is used by many non-MTA programs for their default behavior. For mutt, set "hostname" and "from" variables in ~/muttrc file to override the mailname value. For programs in the devscripts package, such as bts(1) and dch(1), export environment variables "$DEBFULLNAME" and "$DEBEMAIL" to override it. + + The popularity-contest package normally send mail from root account with FQDN. You need to set MAILFROM in /etc/popularity-contest.conf as described in the /usr/share/popularity-contest/default.conf file. Otherwise, your mail will be rejected by the smarthost SMTP server. Although this is tedious, this approach is safer than rewriting the source address for all mails from root by MTA and should be used for other daemons and cron scripts. + When setting the mailname to "hostname -f", the spoofing of the source mail address via MTA can be realized by the following. @@ -15175,9 +15358,6 @@ text/html; lynx -force_html %s; needsterminal; application/msword; /usr/bin/antiword '%s'; copiousoutput; description="Microsoft Word Text"; nametemplate=%s.doc - You may wish to configure MUA/MDA to use Maildir for storing email messages. - - Mutt can be used as the IMAP client and the mailbox format converter. You can tag messages with "t", "T", etc. These tagged messages can be copied with ";C" between different mailboxes and deleted with ";d" in one action.
@@ -16692,7 +16872,7 @@ - stunnel4 + openssl @-@popcon1@-@ @@ -16704,6 +16884,23 @@ SSL + Secure Socket Layer (SSL) binary and related cryptographic tools + + + + + stunnel4 + + + @-@popcon1@-@ + + + @-@psize1@-@ + + + , , + + universal SSL Wrapper @@ -16949,8 +17146,11 @@
The diagnosis of the system daemons The telnet program enables manual connection to the system daemons and its diagnosis. - For example, try the following + For testing plain POP3 service, try the following $ telnet mail.ispname.net pop3 + For testing the TLS/SSL enabled POP3 service by some ISPs, you need TLS/SSL enabled telnet client by the telnet-ssl or openssl packages. + $ telnet -z ssl pop.gmail.com 995 + $ openssl s_client -connect pop.gmail.com:995 The following RFCs provide required knowledge to each system daemon.
List of popular RFCs @@ -17027,9 +17227,6 @@
The port usage is described in "/etc/services". - - For testing TLS/SSL services such as HTTPS, you need TLS/SSL enabled telnet program. -
@@ -17727,51 +17924,7 @@
Fonts in the X Window - The font configuration on Debian system can be summarized with historical perspective as follows. - - - -Each application used to require specific manual operation to configure installed fonts before woody. - - - - Debian Font Manager (defoma) was created to automate this font configuration by providing a Debian specific glue layer in 2000. - - - - -Each font package publishes application independent font data to defoma. - - - - -Each application package uses these data to configure each installed font via its package script. - - - - -For X server, the actual program to configure TrueType fonts and CID fonts (as well as CMaps) was packaged as x-ttcidfont-conf. - - - - - - Fontconfig 2.0 was created to provide a distribution independent library for configuring and customizing font access in 2002. - - - - -As of lenny release, almost all programs which access font data seem to use this system. - - - - -After squeeze, Debian solely uses Fontconfig 2.0 and drops Debian Font Manager (defoma). - - - - - + Fontconfig 2.0 was created to provide a distribution independent library for configuring and customizing font access in 2002. Debian after squeeze uses Fontconfig 2.0 for its font configuration. Font supports on X Window System can be summarized as follows. @@ -17917,34 +18070,6 @@ Fontconfig, a generic font configuration library — configuration data - - - defoma - - - @-@popcon1@-@ - - - @-@psize1@-@ - - - Debian Font Manager — automatic font configuration framework (lenny) - - - - - x-ttcidfont-conf - - - @-@popcon1@-@ - - - @-@psize1@-@ - - - TrueType and CID fonts configuration for X (with CJK support) - - @@ -17969,9 +18094,6 @@ "The Penguin and Unicode" is a good overview of modern X Window System. Other documentations at http://unifont.org/ should provide good information on Unicode fonts, Unicode-enabled software, internationalization, and Unicode usability issues on free/libre/open source (FLOSS) operating systems. - - You should rely on fontconfig infrastructure to configure fonts on the Debian system. Debian Font Manager (defoma(1)) is only useful for font installation and X logical font description (XLFD) data registration for lenny. -
Basic fonts There are 2 major types of computer fonts. @@ -18426,13 +18548,13 @@ sans-serif - gothic, ゴチック hei, + gothic, ゴチック - gothic dodu + hei, gothic - m, gulim, gothic + dodum, gulim, gothic @@ -18440,13 +18562,13 @@ serif - mincho, 明朝 so + mincho, 明朝 - ng, ming ba + song, ming - tang + batang @@ -19259,12 +19381,12 @@ - This supports keyboard input for accented characters of many European languages with its dead-key function. For Asian languages, you need more complicated input method support such as SCIM discussed next. -
- The input method support with SCIM - Setup of multilingual input for the Debian system is simplified by using the Smart Common Input Method (SCIM) family of packages with the im-switch package. The list of SCIM packages are the following. + This supports keyboard input for accented characters of many European languages with its dead-key function. For Asian languages, you need more complicated input method support such as IBus discussed next. +
+ The input method support with IBus + Setup of multilingual input for the Debian system is simplified by using the IBus family of packages with the im-config package. The list of IBus packages are the following. - List of input method supports with SCIM + List of input method supports with IBus @@ -19289,21 +19411,7 @@ - scim-anthy - - - @-@popcon1@-@ - - - @-@psize1@-@ - - - Japanese - - - - - scim-canna + ibus @-@popcon1@-@ @@ -19312,12 +19420,12 @@ @-@psize1@-@ - , , + input method framework using dbus - scim-skk + ibus-anthy @-@popcon1@-@ @@ -19326,12 +19434,12 @@ @-@psize1@-@ - , , + Japanese - scim-prime + ibus-skk @-@popcon1@-@ @@ -19345,35 +19453,7 @@ - scim-tables-ja - - - @-@popcon1@-@ - - - @-@psize1@-@ - - - , , (not very useful) - - - - - scim-tables-zh - - - @-@popcon1@-@ - - - @-@psize1@-@ - - - Chinese (for zh_*) - - - - - scim-pinyin + ibus-pinyin @-@popcon1@-@ @@ -19382,12 +19462,12 @@ @-@psize1@-@ - , , (for zh_CN) + Chinese (for zh_CN) - scim-chewing + ibus-chewing @-@popcon1@-@ @@ -19396,12 +19476,12 @@ @-@psize1@-@ - , , (for zh_TW) + , , (for zh_TW) - scim-hangul + ibus-hangul @-@popcon1@-@ @@ -19415,7 +19495,7 @@ - scim-tables-ko + ibus-table @-@popcon1@-@ @@ -19424,12 +19504,12 @@ @-@psize1@-@ - , , + table engine for IBus - scim-thai + ibus-table-thai @-@popcon1@-@ @@ -19443,21 +19523,7 @@ - scim-m17n - - - @-@popcon1@-@ - - - @-@psize1@-@ - - - Multilingual: Indic, Arabic and others - - - - - scim-tables-additional + ibus-unikey @-@popcon1@-@ @@ -19466,12 +19532,12 @@ @-@psize1@-@ - , , + Vietnamese - scim-uim + ibus-m17n @-@popcon1@-@ @@ -19480,26 +19546,31 @@ @-@psize1@-@ - , , + Multilingual: Indic, Arabic and others
- The kinput2 method and other locale dependent Asian classic input methods still exist but are not recommended for the modern UTF-8 X environment. The uim tool chain is an alternative approach for the international input method for the modern UTF-8 X environment which is also capable for non-X environment. + The kinput2 method and other locale dependent Asian classic input methods still exist but are not recommended for the modern UTF-8 X environment. The SCIM and uim tool chains are an slightly older approach for the international input method for the modern UTF-8 X environment.
An example for Japanese - I find the Japanese input method started under English environment ("en_US.UTF-8") very useful. Here is how I did this with SCIM. + I find the Japanese input method started under English environment ("en_US.UTF-8") very useful. Here is how I did this with IBus. -Install the Japanese input tool package scim-anthy with its recommended packages such as im-switch. +Install the Japanese input tool package ibus-anthy with its recommended packages such as im-config. + + + + +Execute "im-config" from user's shell and select "ibus". -Execute "im-switch -c" from user's shell and select "scim". +Select "System" → "Preferences" → "IBus Preferences" → "Input Method" → "Select an input method" → "Japanese" → "Anthy" and click "Add". @@ -19509,7 +19580,7 @@ -Verify setting by "im-switch -l". +Verify setting by "im-config". @@ -19519,32 +19590,26 @@ -Start SCIM input method by CTRL-SPACE. +Start IBus input method by CTRL-SPACE. - - In order to start SCIM under the non-CJK and non-en_US locale, you need to add list of those locales in UTF-8 to the "~/.scim/global" or "/etc/scim/global" file as the following. - - /SupportedUnicodeLocales = en_US.UTF-8,en_GB.UTF_8,fr_FR.UTF-8 Please note the following. - im-switch(8) behaves differently if command is executed from root or not. + im-config(8) behaves differently if command is executed from root or not. - -Input method started by im-switch depends on the locale. + im-config(8) enables the best input method on the system as default without any user actions. -Use of new immodule mechanism (by setting "$GTK_IM_MODULE" or "$QT_IM_MODULE") may cause instability during the library transition in unstable. +The GUI menu entry for im-config(8) is disable as default to prevent cluttering. - For the detail of setup, see "/usr/share/doc/im-switch/README.Debian.gz", "/usr/share/doc/scim/README.Debian.gz" or "/usr/share/doc/uim/README.Debian.gz". Here key points are described.
Disabling the input method @@ -24813,7 +24878,7 @@ afio(1): # cd ./source; find . -print0 | afio -pv0a /dest You can substitude "." with "foo" for all examples containing "." to copy files from "./source/foo" directory to "/dest/foo" directory. - You can substitude "." with the absolute path "/path/to/source/foo" for all examples containing "." to drop "cd ./source;". These will copy files to different locations depending on tools used as follows. + You can substitude "." with the absolute path "/path/to/source/foo" for all examples containing "." to drop "cd ./source;". These copy files to different locations depending on tools used as follows. @@ -28716,7 +28781,7 @@ Work flow of Subversion Here is an example of typical work flow using Subversion with its native client. - Client commands offered by the <package>git-svn</package> package may offer alternative work flow of Subversion using the <prgn>git</prgn> command. See . + Client commands offered by the git-svn package may offer alternative work flow of Subversion using the git command. See . Check all available modules from Subversion project pointed by URL "file:///srv/svn/project" by the following. $ svn list file:///srv/svn/project @@ -29159,16 +29224,22 @@ With git(1), you work on a local branch with many commits and use something like "git rebase -i master" to reorganize change history later. This enables you to make clean change history. See git-rebase(1) and git-cherry-pick(1). + + When you want to go back to a clean working directory without loosing the current state of the working directory, you can use "git stash". See git-stash(1). +
Git for the Subversion repository - You can check out a whole Subversion repository to a local Git repository and commit back to the Subvesrion repository. E.g.: - $ git svn clone svn://svn.example.org/source dest + You can check out a Subversion repository at "svn+ssh://svn.example.org/project/module/trunk" to a local Git repository at "./dest" and commit back to the Subvesrion repository. E.g.: + $ git svn clone -s -rHEAD svn+ssh://svn.example.org/project dest $ cd dest ... make changes $ git commit -a ... keep working locally with git $ git svn dcommit + + The use of "-rHEAD" enables us to avoid cloning entire historical contents from the Subvesrion repository. +
Git for recording configuration history @@ -33289,6 +33360,14 @@ + funcname() { … } + + + function funcname() { … } + + + + octal format: "\377" @@ -34318,7 +34397,7 @@
C You can set up proper environment to compile programs written in the C programming language by the following. - # aptitude install glibc-doc manpages-dev libc6-dev gcc build-essential + # apt-get install glibc-doc manpages-dev libc6-dev gcc build-essential The libc6-dev package, i.e., GNU C Library, provides C standard library which is collection of header files and library routines used by the C programming language. See references for C as the following. @@ -34376,7 +34455,7 @@ Basic gdb execution Primary debugger on Debian is gdb(1) which enables you to inspect a program while it executes. Let's install gdb and related programs by the following. - # aptitude install gdb gdb-doc build-essential devscripts + # apt-get install gdb gdb-doc build-essential devscripts Good tutorial of gdb is provided by "info gdb" or found elsewhere on the web. Here is a simple example of using gdb(1) on a "program" compiled with the "-g" option to produce debugging information. $ gdb program @@ -34400,9 +34479,9 @@ Since all installed binaries should be stripped on the Debian system by default, most debugging symbols are removed in the normal package. In order to debug Debian packages with gdb(1), corresponding *-dbg packages need to be installed (e.g. libc6-dbg in the case of libc6). If a package to be debugged does not provide its *-dbg package, you need to install it after rebuilding it by the following. $ mkdir /path/new ; cd /path/new -$ sudo aptitude update -$ sudo aptitude dist-upgrade -$ sudo aptitude install fakeroot devscripts build-essential +$ sudo apt-get update +$ sudo apt-get dist-upgrade +$ sudo apt-get install fakeroot devscripts build-essential $ sudo apt-get build-dep source_package_name $ apt-get source package_name $ cd package_name*