Translation(s): Català - English - Español - Français - Italiano - Português (Brasil) - 简体中文

(!) Discussion

Advice For New Users On Not Breaking Their Debian System

Broken Debian mug

Debian is a robust and reliable system, however users with root access can make any change they want. As such, it's very easy for new users to break their systems by not doing things the Debian way. This page lists common mistakes made by new users. Some of the things listed here can be done safely, but only if you have enough experience to know how to fix your system when things go wrong.

The general theme to the advice here is that consequences are not always immediate, and can make future upgrades impossible without a complete reinstall. If upgrading without a complete reinstall is important to you, be careful not to make the mistakes outlined below.

One of the primary advantages of Debian is its central repository with many thousands of software packages. If you're coming to Debian from another operating system, you might be used to installing software that you find on random websites. On Debian installing software from random websites is a bad habit. It's always better to use software from the official Debian repositories if at all possible. The packages in the Debian repositories are known to work well and install properly. Only using software from the Debian repositories is also much safer than installing from random websites which could bundle malware and other security risks.

Don't make a FrankenDebian

Debian Stable should not be combined with other releases carelessly. If you're trying to install software that isn't available in the current Debian Stable release, it's not a good idea to add repositories for other Debian releases.

First of all, apt-get upgrade default behavior is to upgrade any installed package to the highest available version. If, for example, you configure the trixie archive on a bookworm system, APT will try to upgrade almost all packages to trixie.

This can be mitigated by configuring apt pinning to give priority to packages from bookworm.

However, even installing few packages from a "future" release can be risky. The problems might not happen right away, but the next time you install updates.

The reason things can break is because the software packaged for one Debian release is built to be compatible with the rest of the software for that release. For example, installing packages from trixie on a bookworm system could also install newer versions of core libraries including libc6. This results in a system that is not testing or stable but a broken mix of the two.

Repositories that can create a FrankenDebian if used with Debian Stable:

Some third-party repositories might appear safe to use as they contain only packages that have no equivalent in Debian. However, there are no guarantees that any repository will not add more packages in future, leading to breakage.

Finally, packages in official Debian releases have gone through extensive testing, often for months, and only fit packages are allowed in a release. On the other hand, packages from external sources might alter files belonging to other packages, configure the system in unexpected ways, introduce vulnerabilities, cause licensing issues.

Once packages from unofficial sources are introduced in a system it can become difficult to pinpoint the cause of breakage especially if it happens after months.

Don't use GPU manufacturer install scripts

Debian includes free and open-source drivers that support most video cards. The free drivers provide the best integration with the rest of the Debian system and work quite well for most users.

If you absolutely must have the proprietary closed-source drivers, do not download them directly from the manufacturer's website! Installing drivers this way only works for the current kernel, and after the next kernel update, your video drivers will not work until they are manually reinstalled again.

Fortunately there is a Debian way to install video card drivers using packages in the repository. Installing the drivers the Debian way will make sure that the drivers continue to work after kernel updates.

Don't suffer from Shiny New Stuff Syndrome

The reason that Debian Stable is so reliable is because software is extensively tested and bug-fixed before being included. This means that the most recent version of software is often not available in the Stable repositories. But it doesn't mean that the software is too old to be useful!

Before attempting to install the newest version of some software from somewhere other than the Debian Stable repositories, here are some things to keep in mind:

Please note: bugs are found in existing software but only new releases of a software can introduce new bugs and vulnerabilities.

As a release enters Debian and receives bugfixes, the number of unknown vulnerabilities and bugs will constantly decrease during the package lifetime.

'make install' can conflict with packages

It's quite easy to compile software from source code tarballs downloaded from the software's website, but not always so easy to remove it later. Often the instructions that come with the source code include instructions to use commands like ./configure && make && make install.

When you install software this way, you will not be able to remove it with apt-get or Synaptic. The APT packaging system can only remove software that was installed by the APT packaging system. Even worse, software installed this way can sometimes conflict with the software packaged for Debian.

Software installed this way also does not benefit from security updates the way that Debian packages do. If you want to keep your system up to date without having to manually compile and reinstall for every update, stick to the Debian packages.

The make install script may make invalid assumptions about where the compiled binary and its associated files should exist in the filesystem and under what set of permissions / ownership it should run. Software installed this way could also replace important software vital to system and package maintenance, making it difficult to repair your system using standard Debian tools.

Don't blindly follow bad advice

Unfortunately there's a lot of bad advice on the Internet. Tutorials found on blogs, forums and other sites often include instructions that will break your system in subtle ways. Don't simply follow the first advice you find, or the tutorial that seems the easiest. Spend some time reading the documentation and compare the difference between tutorials.

It's better to take the time to figure out the correct way to do something first than spending even more time fixing a broken system later. You would not let some random stranger feed your baby; do not execute commands without first understanding what they do.

Blog and forum posts don't expire. Instructions that might have been safe a couple of years ago might not be safe to follow any more. When in doubt keep researching and read your version's documentation.

Read The Fantastic Manuals

Often reading a tutorial is only enough to get a general idea of how to install or use an application. Almost all of the software packaged for Debian has at least some documentation available. Some places to look:

Don't blindly remove software

Sometimes when you remove a package, the package manager needs to remove other packages too. This is because the additional packages depend on the package you're trying to remove.

If this happens, the package manager will show you a list everything that will be removed and ask for your confirmation. Make sure to read this list carefully! If you don't know what some of the packages to be removed are for, read the descriptions for each one. When in doubt, do more research. Some resources that can help you research packages:

Read package descriptions before installing

It is recommended to read the descriptions of packages before installing them. Sometimes software will have different packages available in the Debian repository, with each package configured a different way. Read the package descriptions and search for similar package names to make sure you get the one that you want.

This point can be especially important for packages that install kernel modules.

Take notes

It's easy to forget the steps you took to do something on your computer, especially several months later when you're trying to upgrade. Sometimes when you try several different ways of solving a problem, it's easy to forget which method was successful the next day!

It's a very good idea to take notes about the software you've installed and configuration changes you've made. When editing configuration files, it's also a very good idea to include comments in the file explaining the reason for the changes and the date they were made.

Some safer ways to install software not available in Debian Stable

Sometimes the need arises for installing software that is not packaged for Debian, or a newer version than is packaged for the stable release. Below are some ways to reduce the risks described above.

Backported packages

Newer versions of packages can often be found in the Debian Backports archive. These packages are not tested as extensively as packages including in a Debian stable release and should be installed in moderation.

More experienced users can make their own backports of the latest Debian software. self-backporting is usually safer than other approaches. When self-backporting fails it indicates that installing the software manually (with make install or an installer script for example) could compromise your Debian system.

Building from source

If you are building software from source obtained otherwise than from Debian, it's a good idea to build and run it as a normal user, within that user's home directory. If you keep sensitive, valuable, or non-replaceable data in your home directory, it might be a good idea to create another user account for this purpose.

automake and other build systems can install self-built software in non-standard locations. It is a bad idea to be root or use "sudo" to install self-built software into /usr/bin or the other standard locations where regular packages place files. It is almost always possible to instead install into your home directory instead. (Using ./configure --prefix=~/.local or similar.) If you understand how to edit Makefiles, then you can alter the makefile in such a way as to render make install useful for your system or add a prefix=~/.local option.

If you want to make the software available to all users, do not allow it to install itself to the /usr directory hierarchy, as only Debian packages are meant to create files there. Installing software to the /usr/local will make it available to all users, and will not interfere with the package manager. The stow package can be useful for managing software installed to /usr/local.

Less safe ways to install software not available in Debian Stable

Please note: Packages in official Debian releases have gone through extensive testing, often for months, and only fit packages are allowed in a release. On the other hand, software from external sources can introduce security, reliability and legal issues. Debian does not endorse the use of software from external sources.

Using chroot, containers, and virtual machines

Another strategy for using software not available in Debian stable is to run the software in a virtual Debian system contained in its on directory or image file. This allows software to be installed on the virtual Debian system without having any effect on the primary, or host, Debian system running your computer.

Debian includes a variety of tools that provide varying degrees of isolation from the host operating system. Some include:

Flatpak

Some applications and games are also available in the new Flatpak package format. Flatpaks can be installed locally by non-root users and do not interfere with the Debian package system. Flatpak applications can also run in a sandbox. A flatpak package is available for Debian since stretch. gnome-software can update and install Flatpak apps with the gnome-software-plugin-flatpak package installed. For more information see the FlatpakHowto wiki page.

Snap

Another alternative is the Snappy system developed by Canonical, the company providing support for Ubuntu. Snaps are essentially similar to Flatpaks but currently (2018-10-26) the central snapcraft repository has more applications packaged than Flathub.

Important note: Many users are wary of Snaps. Use at your own discretion. They update on their own schedule, and install files to nonstandard locations. It may not be wise to use a Snap without first understanding the reputation/limitations of Snap.

Get the most out of peer support resources

When looking for support it's important to remember that Debian is a volunteer project and people will be more inclined to help if you're polite and willing to put a little effort in yourself. Here are some general guidelines that will help you get help:

See Also


CategoryPackageManagement CategorySystemAdministration