Installing Debian GNU/Linux on a Dell GX280
NOTE: work in progress!
I was very pleasantly surprised this morning when my current employer decided it was time for me to upgrade my workstation. As I never complain about receiving new hardware, I happily started hacking. The machine is a Dell GX 280 with a Philips 170B flatscreen monitor, an Asus Extreme N6200 videocard (which runs on an nVidia G-Force 6200 chipset). The GX 280 comes with a SATA disk controller. My objective: Turn this machine into a fully functioning Debian GNU/Linux (unstable) workstation with an XFS filesystem, LVM enabled and X11.
- Finding an apropriate Debian net-install image
Wessel Dankers maintains a Debian installer with XFS support at http://www.non-gnu.uvt.nl/pub/debian-xfs/.
His goal is to always have the image have a kernel with the latest security patches. On my request, Wessel uploaded a kernel with SATA support. - Partitioning the disk
A basic root filesystem only needs about 200 Mb. Since I have a 80 Gb disk, I partition the machine as follows:
- Leave the Dell image intact.
- Remove the Windows XP partition.
- create /dev/sda2 as a 256 MB linux swap partition.
- create /dev/sda3 as a 256 MB linux partition with the boot flag toggled on.
Leave the rest as is. We'll get to that later.
- Network configuration
This machine comes with a Broadcom NetXtreme BCM5751 Gigabit card. The card works fine, provided that you load the tg3 kernel driver. This can de done when the installer prompts for "Install Kernel and Driver Modules". The driver can be found in the section kernel/drivers/net/.
I set my configuration to DHCP, which works fine in my particular situation. You might have to do something else, depending on your situation.
- Installing the base system
There is little or no excitement in installing a Debian base system. Once your network is set up properly and your disks have been partitioned, it is basically a matter of sitting back and relaxing. After about 30 seconds, the installer will offer to make your system bootable. This is generally a good idea. Note: we will remove lilo at a later point and replace it with grub.
I have enough faith in the installer to not make a boot floppy. However, don't complain to me that things break when you skip this step.
- Rebooting the system
After rebooting, you should be greeted with the familiar message that your system has been installed. You will be asked the following questions:
- Q: Is the hardware clock set to GMT?
A: Yes - Q: What area do you live in?
A: Europe - Q: Select a city or time zone:
A: Amsterdam - Q: Shall I enable md5 passwords?
A: Yes - Q: Shall I enable shadow passwords?
A: Yes - Q: Enter a password for root:
A: ........ - Q: Shall I create a normal user account now?
A: Yes - Q: Enter a user name for your account:
A: .... - Q: Shall I remove the PCMCIA packages?
A: yes - Q: Do you want to use a PPP connection to install the system?
A: no - Q: Choose the method apt should use to access the Debian archive:
A: ftp - Q: Use non-US software?
A: yes - Q: Use non-free software?
Your choice. I generally select 'yes' - Q: Use contrib software?
Your choice. I generally select 'yes' - Q: Select a country:
A: Netherlands - Q: Choose a Debian mirror to use:
A: ftp.debian.nl - Q: Add another apt source:
A: No - Q: Use security updates from security.debian.org?
A: Of course! (yes) - Q: Run tasksel?
A: no - Q: Run dselect?
A: no
The installer will now prompt you to remove packages and to continue installing. Choose defaults where possible, with the exceptios of:
- Leave exim unconfigured. We'll replace it by postfix later (option 5).
- Q: Is the hardware clock set to GMT?
- Tweaking a little
You now have a basic system with all security patches applied. However, we need more.
- Log in as root
- # apt-get install debfoster grub
- Update /etc/debfoster.conf and set
MaxPriority=important, and NegativeKeepers=no - # debfoster
Respond 'N' to the following questions:- Keep base-config?
- Keep pppoeconf?
- Keep pppconfig?
- Keep modconf?
- Keep pppoe?
- Keep ppp?
- Keep ipchains?
- Keep libgdbmg1?
- Keep libpcap0?
- Keep lilo?
- Keep syslinux?
- Keep tasksel?
You now have a nice and clean Debian system. Having just removed lilo, it is unbootable though. Fix this by setting up grub
# cd /boot
# mkdir grub
# cd grub
# cp -a /usr/lib/grub/i386-pc/* .
# cat > device.map
(hd0) /dev/sda
(fd0) /dev/fd0
^D
# grub --device-map=device.map
grub> root (hd0,2)
grub> setup (hd0)
grub> exit
# cat > menu.lst
default 0
timeout 5
color light-gray/black black/light-gray
title Debian GNU/Linux
root (hd0,2)
kernel /vmlinuz root=/dev/sda3 rw
boot
title Debian GNU/Linux (previous)
root (hd0,2)
kernel /vmlinuz.old root=/dev/sda3 rw
boot
^D
- Upgrading to unstable
As root, edit /etc/apt/sources.list Replace all occurences of the word 'stable' to unstable'
vi users can do this by giving the command %s/stable/unstable/g
Comment out the line with security.debian.org, as Debian unstable does not get any patches from the security team.
Now, type dselect update and then apt-get dist-upgrade. Once more: answer defaults where possible, with the exception of:
- Q:See only questions that are of what priority and higher?
A: low - Q: Do you want system wide readable home directories?
A: no - Q: Exim configuration.
A: Option 5 (no configuration)
- Q:See only questions that are of what priority and higher?
- Setting up LVM2
We begin by completing the partitioning process. As root, add an extended partition and create a partition on it. Set the partition type to 8e (Linux LVM). Then, write the partition to disk.
Update /etc/lvm/lvm.conf and add format = "lvm2" and update the filter to only scan your LVM partitions. I use the filter filter=["a|/dev/sda5$|", "r|.*"].
Next, we create a physical volume on /dev/sda5 by giving the command pvcreate /dev/sda5. Note: you might have to reboot your system for the updated partition table to become visible to the pvcreate program!
Having created the physical volume, we can now add a volume group and create a bunch of logical volumes in it:
# vgcreate disk /dev/sda5
# lvcreate -n usr -L 1g /dev/disk
# lvcreate -n var -L 1g /dev/disk
# lvcreate -n tmp -L 1g /dev/disk
# lvcreate -n home -L 1g /dev/diskUpdate /etc/fstab
/dev/disk/usr /usr xfs defaults
/dev/disk/var /var xfs defaults
/dev/disk/tmp /tmp xfs defaults
/dev/disk/home /home xfs defaultsNext, we move already installed files out of the way.
# mkfs.xfs -d agcount=2 /dev/disk/usr
# mount /dev/disk/usr /mnt
# cd /mnt
# cp -a /usr/* .
# cd / && umount /mnt
# mount /usr
# mkfs.xfs -d agcount=2 /dev/disk/var
# mount /dev/disk/var /mnt
# cd /mnt
# cp -a /var/* .
# cd / && umount /mnt
# mount /var
# mkfs.xfs -d agcount=2 /dev/disk/home
# mount /dev/disk/home /mnt
# cd /mnt
# cp -a /home/* .
# cd / && umount /mnt
# mount /home
# mkfs.xfs -d agcount=2 /dev/disk/tmp
# mount /tmp
# chmod 1777 /tmpAnd reboot. If all your filesystems have mounted properly, you can now mount /dev/sda3 /mnt and rm -rf /mnt/usr /mnt/var. Your root filesystem will now be clean.
- Adding some useful packages
Install the following packages:
# apt-get clean
# apt-get --purge install ssh vim less zsh (optionally) \
bzip2 lftp wget curl-ssl grub postfix lvm2 xfsprogsAs usual, select defaults, with the exception of the Postfix configuration. Here you select your site's setup. There is no single truth answer here (or anywhere else in life, for that matter).
- Tweaking the configuration
The next step is tweaking some config settings. I usually do not use inetd, so I remove /etc/rc2.d/S20inetd. Next, I edit /etc/hosts.deny and add the line ALL: ALL. In /etc/hosts.allow, I then add the line sshd: ALL.
An additional level of protection is obtained by installing a packet filter while will use Linux's iptables to reject anything, except SSH from a number of trusted network locations. I copy the file to /etc/init.d/firewall (make sure it is executable) and add it to my init scripts with the command # ln -s /etc/init.d/firewall /etc/rc2.d/S50firewall
------ cut here ----- cut here -----
#!/bin/sh
PATH=/sbin
export PATH
# flush current rules
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
# set policy
iptables -P FORWARD DROP
# allow all on loopback interface
iptables -A INPUT -i lo -j ACCEPT
# allow NEW on outgoing
iptables -A OUTPUT -m state --state NEW -j ACCEPT
# allow established or related
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# allow ICMP
iptables -A INPUT -p icmp -j ACCEPT
# allow SSH from uvt
iptables -A INPUT -m state --state NEW -p tcp --dport ssh -s 192.168.10.0/24 -j ACCEPT
# log stuff
iptables -A INPUT -m state --state NEW -j LOG
# deny the rest (tcp/udp)
iptables -A INPUT -m state --state NEW -j REJECT
# EOF
----- cut here ----- cut here ----- cut here -----Next, edit /etc/inetd.conf and comment out all services. If you plan to use inetd later, you are done. If you are not planning on using it any time soon, just remove the symlink from /etc/rc2.d.
- Setting up X-Windows
Begin with installing the X Windows System.
# apt-get install x-windows-systemThis will lead to an additional 150 MB to be installed to disk, so it might take a while depending on your connection.
As always; answer default, unless mentioned below:
- Q: Default priority
A: 0 - Q: Select the desired X-driver
A: nv; if you are going to use the GeForce card, it doesn't matter what you select here; we will override it later. - Q: Default mice port
A: /dev/input/mice - Q: Emulate 3-button mouse?
A: no - My monitor is also non-default (A Philips 170B). Therefore, Is your monitor an LCD device?
A: Yes - Q: Please choose a method for selecting your monitor characteristics
A: Advanced - Q: Horizontal sync range:
A: 30-82 - Q: Vertical sync range:
A: 56-76 - Q: Select the video modes:
A: Uncheck all, except 1280x1024
Next, you will need to get the kernel sources, recompile your own kernel and then install the nvidia driver.
# apt-get install kernel-package gcc-3.4 libncurses5-dev kernel-source-2.6.10
# adduser kees src
$ cd /usr/src
$ tar xfj kernel-source-2.6.10.tar.bz2
$ lftpget http://non-gnu.uvt.nl/pub/linux-kernels/linux-2.6-fruit.patch
$ cd kernel-source-2.6.10Copy your configuration to the .config. TODO: link to my config file.
$ patch -p1 < ../linux-2.6-fruit.patch
$ make-kpkg configure clean
$ fakeroot make-kpkg --append-to-version=-uvt --revision=20050113.1 kernel-imageNow all you need to do is install the updated modules package and the kernel itself:
# apt-get install module-init-tools
# apt-get clean
# dpkg -i ../kernel-image-2.6.10-uvt_20050113.1_i386.debReboot your system and hopefully it will come back up with the running kernel active. Next, download the NVIDIA drivers at nvidia itself. Copy the file NVIDIA-Linux-x86-1.0-6629-pkg.run to /usr/src.
# CC=gcc-3.4 sh NV* --kernel-source-path=/usr/src/kernel-source-2.6.10The following step is to tweak your X config. My own configuration is included here. TODO: add link. The most important things are that you need to use 'nvidia' as a driver and add some driver options. Note that the documentation for this driver can be found in /usr/share/doc/NVIDIA and is most excellently written.
- Q: Default priority
- Configuring UTF-8
For UTF-8 support Wessel Dankers has a detailed description at http://fruit.eu.org/utf-8. I will summarize here:
# apt-get install locales
# cat > /etc/locale.gen
en_US UTF-8
nl_NL UTF-8
^D
# locale-gen - Installing Gnome
I prefer the GNOME desktop environment, which means that this document only covers getting a basic GNOME up and running. Before we get started, make sure that you have access to the audio device by adding yourself to the audio group. Do this by giving the command (as root) adduser kees audio. Of course, replace 'kees' by your own login.
Next, install gnome-session and gdm:
# apt-get install gnome gdm sawfishAs usual, answer defaults to all questions, except choose gdm over xdm (gdm is prettier). After the packages have been installed, test with # apt-get clean ; invoke-rc.d gdm start.