本節將會描述各個安裝元件的詳細資訊。各元件按使用者可以識別的階段分組。它們在安裝過程中按次序顯示出來。注意,每次安裝並不會使用所有的模組﹔至於使用哪些模組,取決於您的安裝方法和您的硬體。
假設 Debian 安裝程式已經啟動,然後您看到了初始畫面。此時, debian-installer 的能力還很有限。它還不瞭解您的硬體、語言、甚至不知道要執行什麼任務。不用擔心,因為 debian-installer 相當聰明,它能自動探測您的硬體,尋找其餘的元件,並更新自己以具備安裝系統的能力。但您仍然要協助 debian-installer,不能自動決定的內容 (例如選擇語言,鍵盤配置或網路鏡像站)。
您會留意到 debian-installer 在本階段執行硬體偵測 多次。第一次目的是指定哪些硬體需要安裝 (例如,您的 CD-ROM 或者網卡)。在第一次執行的時候並不是所有的驅動程式都就緒,硬體偵測會在後續過程裡面多次重複。
debian-installer 首先要做的一件事是檢測有效的記憶體。如果記憶體有限,該元件將修改後續的安裝進程,使您可以將 Debian GNU/Linux 安裝到您的系統上。
The first measure taken to reduce memory consumption by the installer is to disable translations, which means that the installation can only be done in English. Of course, you can still localize the installed system after the installation has completed.
If that is not sufficient, the installer will further reduce memory consumption by loading only those components essential to complete a basic installation. This reduces the functionality of the installation system. You will be given the opportunity to load additional components manually, but you should be aware that each component you select will use additional memory and thus may cause the installation to fail.
If the installer runs in low memory mode, it is recommended to create a relatively large swap partition (64–128MB). The swap partition will be used as virtual memory and thus increases the amount of memory available to the system. The installer will activate the swap partition as early as possible in the installation process. Note that heavy use of swap will reduce performance of your system and may lead to high disk activity.
Despite these measures, it is still possible that your system freezes, that unexpected errors occur or that processes are killed by the kernel because the system runs out of memory (which will result in "Out of memory" messages on VT4 and in the syslog).
For example, it has been reported that creating a big ext3 file system fails in low memory mode when there is insufficient swap space. If a larger swap doesn't help, try creating the file system as ext2 (which is an essential component of the installer) instead. It is possible to change an ext2 partition to ext3 after the installation.
It is possible to force the installer to use a higher lowmem level than the one based on available memory by using the boot parameter "lowmem" as described in 節 5.2.1, "Debian 安裝程式的參數".
在大部分情況下,第一個問您的問題將會是安裝程式以及安裝好之後的系統所要使用的本地化選項。選項包括了語言、國家以及地區設定。
您選擇的語言將用於接下來的安裝過程,對話框已經有各種語言翻譯的版本。如果選擇的語言沒有對應翻譯的版本,安裝將預設使用英文。選擇的語言也將助於選擇一個合適的鍵盤配置。
在安裝過程的後面,這個選項還會被用於設置預設的時區和您所處地理位置的 Debian 鏡像站。如果安裝程式預設的建議不合適,您可以做其它選擇。選擇國家,還有選擇語言,都會影響您新 Debian 系統的本地化設置。
首先您將會被要求選擇您偏好的語言。語言清單中,各語言名稱將以英文列出 (左邊),而語言本身將以適當的文字則列於右邊。清單以英文名稱排序。清單的頂端是一個額外的 "C" 地區選項,選擇 "C" 將使得安裝程序以英文進行;locales 軟體套件將不會安裝在安裝好的系統中,因此系統也不會支援任何地區設定。
如果您選擇的語言屬於多個國家的官方語言(存在於中文,英文,法文,以及其它語言),您可以在這裡選擇國家。如果您選擇列表底部的 ,您將看到按大洲分組的全部國家。
預設的地區設定會根據您選擇的語言和國家決定。如果您以中等或是低優先序安裝系統,您將可以選擇預設地區設定以外的設定,並且可以決定系統額外支援的地區設定。
鍵盤經常因不同語言使用的字元不同而有不同的配置。選擇一個適合您鍵盤的配置,或者為沒出現的配置選擇一個接近的。一旦系統安裝完畢,您可以從更大的範圍您選擇鍵盤配置 (在安裝完之後用 root 執行 kbdconfig)。
將反白移動到您選擇的鍵盤,然後按下 Enter。用箭頭移動反白區 — 在所有國家鍵盤配置裡,它們都位於相同的地方,因此獨立於鍵盤配置。'延伸的'鍵盤是在鍵盤上端有一排 F1到F10 按鍵。
當使用 hd-media 方式安裝,將會有尋找和掛載 Debian 安裝程式 iso 映像的動作,用於取得其它的安裝檔案。元件 iso-scan 正是用來完成此任務。
首先,iso-scan 自動掛載具有已知檔案系統的資料塊 (block) 設備 (例如,分割區),然後按序搜索檔案副檔名是 .iso (或 .ISO 之類)。注意,第一次只嘗試掃瞄位於根目錄和第一層子目錄的檔案 (例如,它找到 /, whatever.iso/data/, 而不是 whatever.iso/data/tmp/)。在 iso 映像檔案找到後,iso-scan 會檢查它包含的內容,確定該映像檔是不是有效的 Debian iso 映像。 如為前者,任務結束﹔如果是後者,iso-scan 會搜索其它的映像檔案。 whatever.iso
萬一前面嘗試尋找 iso 映像失敗,iso-scan 會詢問您是否原意進行完整的搜索。這次不只查看最上級目錄,而是真正地搜尋整個檔案系統。
如果 iso-scan 找不到您的安裝 iso 映像檔,請重新啟動返回到您以前的作業系統,檢查映像檔名是否正確 (以 .iso結尾),是否放在一個能被 debian-installer 識別的檔案系統上,是否損壞 (用 checksum 校驗)。有經驗的 Unix 使用者可以在第二個控制台上完成這些動作,而毋須重新啟動。
到了此步驟,如果系統檢測到您有多於網路設備,您將被要求選擇哪個設備是您的主網路介面,例如,您在安裝中要用的那個。其他的網路介面這時不會被設定。您可以在安裝完畢之後去設定額外的介面﹔請參考 interfaces(5) man 頁。
By default, debian-installer tries to configure your computer's network automatically via DHCP. If the DHCP probe succeeds, you are done. If the probe fails, it may be caused by many factors ranging from unplugged network cable, to a misconfigured DHCP setup. Or maybe you don't have a DHCP server in your local network at all. For further explanation, check the error messages on the fourth console. In any case, you will be asked if you want to retry, or if you want to perform a manual setup. DHCP servers are sometimes really slow in their responses, so if you are sure everything is in place, try again.
手動設定網路會按序詢問一些您網路的問題,值得注意的是 IP 位址、網路遮罩、閘道器、名稱伺服器位址 和 主機名稱。 此外,如果您有無線網路介面,您會被要求提供您的 無線 ESSID 和 WEP 密鑰。從 節 3.3, "一些有用的資料" 中參考應回答的數值。
Some technical details you might, or might not, find handy: the program assumes the network IP address is the bitwise-AND of your system's IP address and your netmask. The default broadcast address is calculated as the bitwise OR of your system's IP address with the bitwise negation of the netmask. It will also guess your gateway. If you can't find any of these answers, use the offered defaults — if necessary, you can change them by editing /etc/network/interfaces once the system has been installed.
The installer will first attempt to connect to a time server on the Internet (using the NTP protocol) in order to correctly set the system time. If this does not succeed, the installer will assume the time and date obtained from the system clock when the installation system was booted are correct. It is not possible to manually set the system time during the installation process.
Depending on the location selected earlier in the installation process, you may be shown a list of timezones relevant for that location. If your location has only one time zone, you will not be asked anything and the system will assume that time zone.
If for some reason you wish to set a time zone for the installed system that does not match the selected location, there are two options.
The simplest option is to just select a different timezone after the installation has been completed and you've booted into the new system. The command to do this is:
# dpkg-reconfigure tzdata
Alternatively, the time zone can be set at the very start of the installation by passing the parameter time/zone= when you boot the installation system. The value should of course be a valid time zone, for example valueEurope/London or UTC.
For automated installations the time zone can also be set using preseeding.
At this time, after hardware detection has been executed a final time, debian-installer should be at its full strength, customized for the user's needs and ready to do some real work. As the title of this section indicates, the main task of the next few components lies in partitioning your disks, creating filesystems, assigning mountpoints and optionally configuring closely related options like RAID, LVM or encrypted devices.
If you are uncomfortable with partitioning, or just want to know more details, see 附錄 C, 為 Debian 分割磁區.
First you will be given the opportunity to automatically partition either an entire drive, or available free space on a drive. This is also called "guided" partitioning. If you do not want to autopartition, choose from the menu.
If you choose guided partitioning, you may have three options: to create partitions directly on the hard disk (classic method), or to create them using Logical Volume Management (LVM), or to create them using encrypted LVM[9].
The option to use (encrypted) LVM may not be available on all architectures.
When using LVM or encrypted LVM, the installer will create most partitions inside one big partition; the advantage of this method is that partitions inside this big partition can be resized relatively easily later. In the case of encrypted LVM the big partition will not be readable without knowing a special key phrase, thus providing extra security of your (personal) data.
When using encrypted LVM, the installer will also automatically erase the disk by writing random data to it. This further improves security (as it makes it impossible to tell which parts of the disk are in use and also makes sure that any traces of previous installations are erased), but may take some time depending on the size of your disk.
If you choose guided partitioning using LVM or encrypted LVM, some changes in the partition table will need to be written to the selected disk while LVM is being set up. These changes effectively erase all data that is currently on the selected hard disk and you will not be able to undo them later. However, the installer will ask you to confirm these changes before they are written to disk.
If you choose guided partitioning (either classic or using (encrypted) LVM) for a whole disk, you will first be asked to select the disk you want to use. Check that all your disks are listed and, if you have several disks, make sure you select the correct one. The order they are listed in may differ from what you are used to. The size of the disks may help to identify them.
Any data on the disk you select will eventually be lost, but you will always be asked to confirm any changes before they are written to the disk. If you have selected the classic method of partitioning, you will be able to undo any changes right until the end; when using (encrypted) LVM this is not possible.
Next, you will be able to choose from the schemes listed in the table below. All schemes have their pros and cons, some of which are discussed in 附錄 C, 為 Debian 分割磁區. If you are unsure, choose the first one. Bear in mind that guided partitioning needs a certain minimal amount of free space to operate with. If you don't give it at least about 1GB of space (depends on chosen scheme), guided partitioning will fail.
| 分割區方式 | 所需最小空間 | 所新建的分割區 |
|---|---|---|
| 所有檔案在同一分割區 | 600MB |
/, swap |
| Separate /home partition | 500MB |
/, /home, swap |
| Separate /home, /usr, /var and /tmp partitions | 1GB |
/, /home, /usr, /var, /tmp, swap |
If you choose guided partitioning using (encrypted) LVM, the installer will also create a separate /boot partition. The other partitions, including the swap partition, will be created inside the LVM partition.
在選定了分割區方式後的下一個畫面,您會看到關於自己分割區的一張表格,上面標明了分割區是否將被格式化,將以何種方式格式化,以及它們將被掛載到哪裡的相關資訊。
The list of partitions might look like this:
IDE1 master (hda) - 6.4 GB WDC AC36400L
#1 primary 16.4 MB B f ext2 /boot
#2 primary 551.0 MB swap swap
#3 primary 5.8 GB ntfs
pri/log 8.2 MB FREE SPACE
IDE1 slave (hdb) - 80.0 GB ST380021A
#1 primary 15.9 MB ext3
#2 primary 996.0 MB fat16
#3 primary 3.9 GB xfs /home
#5 logical 6.0 GB f ext3 /
#6 logical 1.0 GB f ext3 /var
#7 logical 498.8 MB ext3
#8 logical 551.5 MB swap swap
#9 logical 65.8 GB ext2
This example shows two IDE harddrives divided into several partitions; the first disk has some free space. Each partition line consists of the partition number, its type, size, optional flags, file system, and mountpoint (if any). Note: this particular setup cannot be created using guided partitioning but it does show possible variation that can be achieved using manual partitioning.
This concludes the guided partitioning. If you are satisfied with the generated partition table, you can choose from the menu to implement the new partition table (as described at the end of this section). If you are not happy, you can choose to and run guided partitioning again, or modify the proposed changes as described below for manual partitioning.
如果您選擇了手動分割區的話,它的畫面和上面介紹的嚮導式分割區大體上相同。不同之處在於,畫面上顯示的是您目前的分割區列表,而且其中並沒有掛載點的資訊。關於如何手動設置您的分割區表,以及新安裝的 Debian 系統將如何使用這些分割區,這些內容將會在本節的後面談到。
If you select a pristine disk which has neither partitions nor free space on it, you will be asked if a new partition table should be created (this is needed so you can create new partitions). After this, a new line entitled "FREE SPACE" should appear in the table under the selected disk.
If you select some free space, you will have the opportunity to create a new partition. You will have to answer a quick series of questions about its size, type (primary or logical), and location (beginning or end of the free space). After this, you will be presented with a detailed overview of your new partition. The main setting is , which determines if the partition will have a file system on it, or be used for swap, software RAID, LVM, an encrypted file system, or not be used at all. Other settings include mountpoint, mount options, and bootable flag; which settings are shown depends on how the partition is to be used. If you don't like the preselected defaults, feel free to change them to your liking. E.g. by selecting the option , you can choose a different filesystem for this partition, including options to use the partition for swap, software RAID, LVM, or not use it at all. Another nice feature is the ability to copy data from an existing partition onto this one. When you are satisfied with your new partition, select and you will return to partman's main screen.
If you decide you want to change something about your partition, simply select the partition, which will bring you to the partition configuration menu. This is the same screen as is used when creating a new partition, so you can change the same settings. One thing that may not be very obvious at a first glance is that you can resize the partition by selecting the item displaying the size of the partition. Filesystems known to work are at least fat16, fat32, ext2, ext3 and swap. This menu also allows you to delete a partition.
請確保至少分出兩個分割區:其中一個作為 root 檔案系統 (它必須掛載到 /) 另一個用於 swap。若是您忘記了掛載根 (root) 檔案系統的話,partman 會拒絕讓您繼續下面的步驟,直到您改正了這個錯誤。
由於 partman 的功能是透過安裝本套件的各模組功能以延伸和擴展,但是具體又因您的系統的架構而有所區別。因此,如果您發現安裝的實際情況與我們所言不符,缺少了某些功能特性,那麼請檢查一下,確保已掛載了所有必須的模組 (例如 partman-ext3、partman-xfs 或者 partman-lvm)。
對分割區設定感到滿意後,就可以選擇分割區選單中的 一項。在這之後,會出現一個清單,列出即將在硬碟上進行的所有操作。此時,安裝程式會讓您確認是否就照此設定進行分割。
如果您有一個以上的硬碟 [10] 安裝在您的電腦上,您可以用 mdcfg 配置硬碟以提升效能和 (或) 更好的資料可靠性。這種結果稱為 多磁碟設備 (或者更有名的 software RAID)。
MD 本質上是一組位於部分磁碟上的分割區,組合在一起形成一個 邏輯設備。該設備可以像正常的分割區一樣使用 (例如可以用 partman 格式化,分配掛載點,等等)。
What benefits this brings depends on the type of MD device you are creating. Currently supported are:
Is mainly aimed at performance. RAID0 splits all incoming data into stripes and distributes them equally over each disk in the array. This can increase the speed of read/write operations, but when one of the disks fails, you will lose everything (part of the information is still on the healthy disk(s), the other part was on the failed disk).
The typical use for RAID0 is a partition for video editing.
Is suitable for setups where reliability is the first concern. It consists of several (usually two) equally-sized partitions where every partition contains exactly the same data. This essentially means three things. First, if one of your disks fails, you still have the data mirrored on the remaining disks. Second, you can use only a fraction of the available capacity (more precisely, it is the size of the smallest partition in the RAID). Third, file-reads are load-balanced among the disks, which can improve performance on a server, such as a file server, that tends to be loaded with more disk reads than writes.
Optionally you can have a spare disk in the array which will take the place of the failed disk in the case of failure.
Is a good compromise between speed, reliability and data redundancy. RAID5 splits all incoming data into stripes and distributes them equally on all but one disk (similar to RAID0). Unlike RAID0, RAID5 also computes parity information, which gets written on the remaining disk. The parity disk is not static (that would be called RAID4), but is changing periodically, so the parity information is distributed equally on all disks. When one of the disks fails, the missing part of information can be computed from remaining data and its parity. RAID5 must consist of at least three active partitions. Optionally you can have a spare disk in the array which will take the place of the failed disk in the case of failure.
As you can see, RAID5 has a similar degree of reliability to RAID1 while achieving less redundancy. On the other hand, it might be a bit slower on write operations than RAID0 due to computation of parity information.
To sum it up:
| 類型 | 最少設備 | 備用設備 | 倖免於磁碟損壞? | 可用空間 |
|---|---|---|---|---|
| RAID0 | 2 | 否 | 否 | 容量為最小分割區容量乘以 RAID 設備數 |
| RAID1 | 2 | 可選 | 是 | 容量為 RAID 中的最小分割區 |
| RAID5 | 3 | 可選 | 是 | 容量為最小分割區乘以 (RAID 設備數量減一) |
If you want to know more about Software RAID, have a look at Software RAID HOWTO.
為了建立 MD 設備,您需要將欲參與陣列的分割區標記為供 RAID 使用。(透過 partman 命令中的 選單完成,您應該選擇 → 。)
Make sure that the system can be booted with the partitioning scheme you are planning. In general it will be necessary to create a separate file system for /boot when using RAID for the root (/) file system. Most boot loaders (including lilo and grub) do support mirrored (not striped!) RAID1, so using for example RAID5 for / and RAID1 for /boot can be an option.
Support for MD is a relatively new addition to the installer. You may experience problems for some RAID levels and in combination with some bootloaders if you try to use MD for the root (/) file system. For experienced users, it may be possible to work around some of these problems by executing some configuration or installation steps manually from a shell.
Next, you should choose from the main partman menu. (The menu will only appear after you mark at least one partition for use as .) On the first screen of mdcfg simply select . You will be presented with a list of supported types of MD devices, from which you should choose one (e.g. RAID1). What follows depends on the type of MD you selected.
RAID0 是簡單的 — 您會看到可用的 RAID 分割區,然後您的任務僅是選擇那些想要組成 MD 的分割區。
RAID1 需要一些技巧。首先,您將要求輸入組成 MD 的活動設備和備用設備數量。其次,您需要從 RAID 可用分割區列表中選擇哪些是活動分割區,哪些是備用的。選擇的分割區總數必須與之前提供的數目相同。不必擔心,如果您選擇了不同的分割區數, debian-installer 將不會允許您繼續下去,直到錯誤被改正為止。
RAID5 has a similar setup procedure as RAID1 with the exception that you need to use at least three active partitions.
It is perfectly possible to have several types of MD at once. For example, if you have three 200 GB hard drives dedicated to MD, each containing two 100 GB partitions, you can combine the first partitions on all three disks into the RAID0 (fast 300 GB video editing partition) and use the other three partitions (2 active and 1 spare) for RAID1 (quite reliable 100 GB partition for /home).
按您的需要設定 MD 設備之後,您可以 mdcfg 返回到 partman 去建立 MD 設備的檔案系統並分配掛載點。
如果您做電腦系統管理員工作或者"進階"使用者,您一定遇過磁碟分區 (經常是最重要的那個) 空間不足,同時其他的分割區卻不能平衡使用,然後您不得不被移動檔案或符號鏈結等方法所困擾。
To avoid the described situation you can use Logical Volume Manager (LVM). Simply said, with LVM you can combine your partitions (physical volumes in LVM lingo) to form a virtual disk (so called volume group), which can then be divided into virtual partitions (logical volumes). The point is that logical volumes (and of course underlying volume groups) can span across several physical disks.
Now when you realize you need more space for your old 160GB /home partition, you can simply add a new 300GB disk to the computer, join it with your existing volume group and then resize the logical volume which holds your /home filesystem and voila — your users have some room again on their renewed 460GB partition. This example is of course a bit oversimplified. If you haven't read it yet, you should consult the LVM HOWTO.
LVM setup in debian-installer is quite simple and completely supported inside partman. First, you have to mark the partition(s) to be used as physical volumes for LVM. This is done in the menu where you should select → .
When you return to the main partman screen, you will see a new option . When you select that, you will first be asked to confirm pending changes to the partition table (if any) and after that the LVM configuration menu will be shown. Above the menu a summary of the LVM configuration is shown. The menu itself is context sensitive and only shows valid actions. The possible actions are:
: shows LVM device structure, names and sizes of logical volumes and more
: return to the main partman screen
Use the options in that menu to first create a volume group and then create your logical volumes inside it.
After you return to the main partman screen, any created logical volumes will be displayed in the same way as ordinary partitions (and you should treat them as such).
debian-installer allows you to set up encrypted partitions. Every file you write to such a partition is immediately saved to the device in encrypted form. Access to the encrypted data is granted only after entering the passphrase used when the encrypted partition was originally created. This feature is useful to protect sensitive data in case your laptop or hard drive gets stolen. The thief might get physical access to the hard drive, but without knowing the right passphrase, the data on the hard drive will look like random characters.
The two most important partitions to encrypt are: the home partition, where your private data resides, and the swap partition, where sensitive data might be stored temporarily during operation. Of course, nothing prevents you from encrypting any other partitions that might be of interest. For example /var where database servers, mail servers or print servers store their data, or /tmp which is used by various programs to store potentially interesting temporary files. Some people may even want to encrypt their whole system. The only exception is the /boot partition which must remain unencrypted, because currently there is no way to load the kernel from an encrypted partition.
Please note that the performance of encrypted partitions will be less than that of unencrypted ones because the data needs to be decrypted or encrypted for every read or write. The performance impact depends on your CPU speed, chosen cipher and a key length.
To use encryption, you have to create a new partition by selecting some free space in the main partitioning menu. Another option is to choose an existing partition (e.g. a regular partition, an LVM logical volume or a RAID volume). In the menu, you need to select at the option. The menu will then change to include several cryptographic options for the partition.
debian-installer supports several encryption methods. The default method is dm-crypt (included in newer Linux kernels, able to host LVM physical volumes), the other is loop-AES (older, maintained separately from the Linux kernel tree). Unless you have compelling reasons to do otherwise, it is recommended to use the default.
First, let's have a look at the options available when you select Device-mapper (dm-crypt) as the encryption method. As always: when in doubt, use the defaults, because they have been carefully chosen with security in mind.
aesThis option lets you select the encryption algorithm (cipher) which will be used to encrypt the data on the partition. debian-installer currently supports the following block ciphers: aes, blowfish, serpent, and twofish. It is beyond the scope of this document to discuss the qualities of these different algorithms, however, it might help your decision to know that in 2000, AES was chosen by the American National Institute of Standards and Technology as the standard encryption algorithm for protecting sensitive information in the 21st century.
256Here you can specify the length of the encryption key. With a larger key size, the strength of the encryption is generally improved. On the other hand, increasing the length of the key usually has a negative impact on performance. Available key sizes vary depending on the cipher.
cbc-essiv:sha256The Initialization Vector or IV algorithm is used in cryptography to ensure that applying the cipher on the same clear text data with the same key always produces a unique cipher text. The idea is to prevent the attacker from deducing information from repeated patterns in the encrypted data.
From the provided alternatives, the default cbc-essiv:sha256 is currently the least vulnerable to known attacks. Use the other alternatives only when you need to ensure compatibility with some previously installed system that is not able to use newer algorithms.
PassphraseHere you can choose the type of the encryption key for this partition.
The encryption key will be computed[11] on the basis of a passphrase which you will be able to enter later in the process.
A new encryption key will be generated from random data each time you try to bring up the encrypted partition. In other words: on every shutdown the content of the partition will be lost as the key is deleted from memory. (Of course, you could try to guess the key with a brute force attack, but unless there is an unknown weakness in the cipher algorithm, it is not achievable in our lifetime.)
Random keys are useful for swap partitions because you do not need to bother yourself with remembering the passphrase or wiping sensitive information from the swap partition before shutting down your computer. However, it also means that you will not be able to use the "suspend-to-disk" functionality offered by newer Linux kernels as it will be impossible (during a subsequent boot) to recover the suspended data written to the swap partition.
yesDetermines whether the content of this partition should be overwritten with random data before setting up the encryption. This is recommended because it might otherwise be possible for an attacker to discern which parts of the partition are in use and which are not. In addition, this will make it harder to recover any leftover data from previous installations[12].
If you select → , the menu changes to provide the following options:
AES256For loop-AES, unlike dm-crypt, the options for cipher and key size are combined, so you can select both at the same time. Please see the above sections on ciphers and key sizes for further information.
Keyfile (GnuPG)Here you can select the type of the encryption key for this partition.
The encryption key will be generated from random data during the installation. Moreover this key will be encrypted with GnuPG, so to use it, you will need to enter the proper passphrase (you will be asked to provide one later in the process).
Please see the section on random keys above.
yesPlease see the the section on erasing data above.
After you have selected the desired parameters for your encrypted partitions, return back to the main partitioning menu. There should now be a new menu item called . After you select it, you will be asked to confirm the deletion of data on partitions marked to be erased and possibly other actions such as writing a new partition table. For large partitions this might take some time.
Next you will be asked to enter a passphrase for partitions configured to use one. Good passphrases should be longer than 8 characters, should be a mixture of letters, numbers and other characters and should not contain common dictionary words or information easily associable with you (such as birthdates, hobbies, pet names, names of family members or relatives, etc.).
Before you input any passphrases, you should have made sure that your keyboard is configured correctly and generates the expected characters. If you are unsure, you can switch to the second virtual console and type some text at the prompt. This ensures that you won't be surprised later, e.g. by trying to input a passphrase using a qwerty keyboard layout when you used an azerty layout during the installation. This situation can have several causes. Maybe you switched to another keyboard layout during the installation, or the selected keyboard layout might not have been set up yet when entering the passphrase for the root file system.
If you selected to use methods other than a passphrase to create encryption keys, they will be generated now. Because the kernel may not have gathered a sufficient amount of entropy at this early stage of the installation, the process may take a long time. You can help speed up the process by generating entropy: e.g. by pressing random keys, or by switching to the shell on the second virtual console and generating some network and disk traffic (downloading some files, feeding big files into /dev/null, etc.). This will be repeated for each partition to be encrypted.
After returning to the main partitioning menu, you will see all encrypted volumes as additional partitions which can be configured in the same way as ordinary partitions. The following example shows two different volumes. The first one is encrypted via dm-crypt, the second one via loop-AES.
Encrypted volume (sda2_crypt) - 115.1 GB Linux device-mapper #1 115.1 GB F ext3 Loopback (loop0) - 515.2 MB AES256 keyfile #1 515.2 MB F ext3
Now is the time to assign mount points to the volumes and optionally change the file system types if the defaults do not suit you.
One thing to note here are the identifiers in parentheses (sda2_crypt and loop0 in this case) and the mount points you assigned to each encrypted volume. You will need this information later when booting the new system. The differences between ordinary boot process and boot process with encryption involved will be covered later in 節 7.2, "Mounting encrypted volumes".
Once you are satisfied with the partitioning scheme, continue with the installation.
Although this stage is the least problematic, it consumes a significant fraction of the install because it downloads, verifies and unpacks the whole base system. If you have a slow computer or network connection, this could take some time.
During installation of the base system, package unpacking and setup messages are redirected to tty4. You can access this terminal by pressing Left Alt-F4; get back to the main installer process with Left Alt-F1.
The unpack/setup messages generated during this phase are also saved in /var/log/syslog. You can check them there if the installation is performed over a serial console.
作為安裝的一部分,Linux 核心也會被安裝。在預設的優先等級下,安裝程式會選擇一個與您硬體最匹配的核心。在較低的優先級下,您可以從列表中選擇一個有效的核心。
After the base system has been installed, the installer will allow you to set up the "root" account and/or an account for the first user. Other user accounts can be created after the installation has been completed.
root 帳戶也被稱為超級使用者。系統中的所有安全防護措施對以超級使用者身份登陸者都是無效的。root 帳戶應該僅用來進行系統管理,而且使用時間應該盡可能短。
您所建立的任何密碼都應該包含至少 6 個字元,同時包含大小寫字母,並且最好帶有標點符號等特殊字元。因為超級使用者具有最高權限,因此在您設定 root 密碼時尤其要小心。請避免採用能夠在字典中查到的單詞或者很容易猜測的個人資訊。
如果他人向您索取您的 root 密碼,您也需要特別謹慎。除非您所管理的系統有多位管理員,否則您通常不應該將超級使用者密碼交給別人。
系統會詢問您現在是否希望建立一個普通帳戶。您將使用該帳戶進行日常登陸操作。切記,平時不要使用 root 帳戶登陸或者將其作為個人帳號使用。
為什麼呢?避免使用 root 特權帳戶的一個原因是,它很容易對系統造成無法挽回的破壞。另一個原因是,您有可能被惡意誘使執行特洛伊木馬程式 — 這是一種在您未知的情況下利用超級使用者權限損害系統安全的程式。任何合格的 Unix 系統管理書籍中都會涉及到這一主題 — 如果您不是很瞭解這方面的內容,建議您找一本書進行學習。
您首先會被要求輸入使用者的全名。然後要求輸入使用者帳號名﹔通常為姓之類的即可,並且會成為預設值。最後,您將要求輸入該帳號的密碼。
如果在安裝完畢後您還希望建立其它新帳戶,請使用 adduser 命令。
At this point you have a usable but limited system. Most users will want to install additional software on the system to tune it to their needs, and the installer allows you do so. This step can take even longer than installing the base system if you have a slow computer or network connection.
One of the tools used to install packages on a Debian GNU/Linux system is a program called apt-get, from the apt package[13]. Other front-ends for package management, like aptitude and synaptic, are also in use. These front-ends are recommended for new users, since they integrate some additional features (package searching and status checks) in a nice user interface. In fact, aptitude is now the recommended utility for package management.
apt must be configured so that it knows from where to retrieve packages. The results of this configuration are written to the file /etc/apt/sources.list. You can examine and edit this file to your liking after the installation is complete.
If you are installing at default priority, the installer will largely take care of the configuration automatically, based on the installation method you are using and possibly using choices made earlier in the installation. In most cases the installer will automatically add a security mirror and, if you are installing the stable distribution, a mirror for the "volatile" update service.
If you are installing at a lower priority (e.g. in expert mode), you will be able to make more decisions yourself. You can choose whether or not to use the security and/or volatile update services, and you can choose to add packages from the "contrib" and "non-free" sections of the archive.
If you are installing from a CD or a DVD that is part of a larger set, the installer will ask if you want to scan additional CDs or DVDs. If you have additional CDs or DVDs available, you probably want to do this so the installer can use the packages included on them.
If you do not have any additional CDs or DVDs, that is no problem: using them is not required. If you also do not use a network mirror (as explained in the next section), it can mean that not all packages belonging to the tasks you select in the next step of the installation can be installed.
Packages are included on CDs (and DVDs) in the order of their popularity. This means that for most uses only the first CDs in a set are needed and that only very few people actually use any of the packages included on the last CDs in a set.
It also means that buying or downloading and burning a full CD set is just a waste of money as you'll never use most of them. In most cases you are better off getting only the first 3 to 8 CDs and installing any additional packages you may need from the Internet by using a mirror. The same goes for DVD sets: the first DVD, or maybe the first two DVDs will cover most needs.
A good rule of thumb is that for a regular desktop installation (using the GNOME desktop environment) only the first three CDs are needed. For the alternative desktop environments (KDE or Xfce), additional CDs are needed. The first DVD easily covers all three desktop environments.
If you do scan multiple CDs or DVDs, the installer will prompt you to exchange them when it needs packages from another CD/DVD than the one currently in the drive. Note that only CDs or DVDs that belong to the same set should be scanned. The order in which they are scanned does not really matter, but scanning them in ascending order will reduce the chance of mistakes.
One question that will be asked during most installs is whether or not to use a network mirror as a source for packages. In most cases the default answer should be fine, but there are some exceptions.
If you are not installing from a full CD or DVD or using a full CD/DVD image, you really should use a network mirror as otherwise you will end up with only a very minimal system. However, if you have a limited Internet connection it is best not to select the desktop task in the next step of the installation.
If you are installing from a single full CD or using a full CD image, using a network mirror is not required, but is still strongly recommended because a single CD contains only a fairly limited number of packages. If you have a limited Internet connection it may still be best to not select a network mirror here, but to finish the installation using only what's available on the CD and selectively install additional packages after the installation (i.e. after you have rebooted into the new system).
If you are installing from a DVD or using a DVD image, any packages needed during the installation should be present on the first DVD. The same is true if you have scanned multiple CDs as explained in the previous section. Use of a network mirror is optional.
One advantage of adding a network mirror is that updates that have occurred since the CD/DVD set was created and have been included in a point release, will become available for installation, thus extending the life of your CD/DVD set without compromising the security or stability of the installed system.
In summary: selecting a network mirror is generally a good idea, except if you do not have a good Internet connection. If the current version of a package is available from CD/DVD, the installer will always use that. The amount of data that will be downloaded if you do select a mirror thus depends on
the tasks you select in the next step of the installation,
which packages are needed for those tasks,
which of those packages are present on the CDs or DVDs you have scanned, and
whether any updated versions of packages included on the CDs or DVDs are available from a mirror (either a regular package mirror, or a mirror for security or volatile updates).
Note that the last point means that, even if you choose not to use a network mirror, some packages may still be downloaded from the Internet if there is a security or volatile update available for them and those services have been configured.
During the installation process, you are given the opportunity to select additional software to install. Rather than picking individual software packages from the 21500 available packages, this stage of the installation process focuses on selecting and installing predefined collections of software to quickly set up your computer to perform various tasks.
So, you have the ability to choose tasks first, and then add on more individual packages later. These tasks loosely represent a number of different jobs or things you want to do with your computer, such as "Desktop environment", "Web server", or "Print server"[14]. 節 D.2, "各軟體集所需的磁碟空間" lists the space requirements for the available tasks.
Some tasks may be pre-selected based on the characteristics of the computer you are installing. If you disagree with these selections you can deselect them. You can even opt to install no tasks at all at this point.
Unless you are using the special KDE or Xfce CDs, the "Desktop environment" task will install the GNOME desktop environment.
It is not possible to interactively select a different desktop during the installation. However, it is possible to get debian-installer to install a KDE desktop environment instead of GNOME by using preseeding (see 節 B.4.10, "Package selection") or by adding the parameter desktop=kde at the boot prompt when starting the installer. Alternatively the more lightweight Xfce desktop environment can be selected by using desktop=xfce.
Note that this will only work if the packages needed for KDE or Xfce are actually available. If you are installing using a single full CD image, they will need to be downloaded from a mirror as most needed packages are only included on later CDs; installing KDE or Xfce this way should work fine if you are using a DVD image or any other installation method.
The various server tasks will install software roughly as follows. DNS server: bind9; File server: samba, nfs; Mail server: exim4, spamassassin, uw-imap; Print server: cups; SQL database: postgresql; Web server: apache.
Once you've selected your tasks, select . At this point, aptitude will install the packages that are part of the tasks you've selected.
In the standard user interface of the installer, you can use the space bar to toggle selection of a task.
You should be aware that especially the Desktop task is very large. Especially when installing from a normal CD-ROM in combination with a mirror for packages not on the CD-ROM, the installer may want to retrieve a lot of packages over the network. If you have a relatively slow Internet connection, this can take a long time. There is no option to cancel the installation of packages once it has started.
Even when packages are included on the CD-ROM, the installer may still retrieve them from the mirror if the version available on the mirror is more recent than the one included on the CD-ROM. If you are installing the stable distribution, this can happen after a point release (an update of the original stable release); if you are installing the testing distribution this will happen if you are using an older image.
Each package you selected with tasksel is downloaded, unpacked and then installed in turn by the apt-get and dpkg programs. If a particular program needs more information from the user, it will prompt you during this process.
If you are installing a diskless workstation, obviously, booting off the local disk isn't a meaningful option, and this step will be skipped.
在啟動開機器安裝之前,安裝程式會試著偵測已經安裝到電腦上的其他作業系統。如果它找到支援的作業系統,您將在啟動開機器安裝步驟裡得到提示,與 Debian 一起,電腦也將設定為可以啟動其他作業系統。
注意,從單機上啟動多個作業系統仍然是種魔術。自動偵測和設定 boot-loader 啟動其他作業系統的功能會依硬體架構甚至是子架構而不同。如果它不能運作,您應該參考 boot-loader 的文件以瞭解更多資訊。
The main i386 boot loader is called "grub". Grub is a flexible and robust boot loader and a good default choice for new users and old hands alike.
預設狀況下,grub 會被裝在主開機區 (MBR)。如果裝在那裡的話,它將會完全控制啟動的整個過程。如果您喜歡的話,您可以把 grub 裝在其他地方。若要全面和完整的資訊,請參閱 grub 的手冊。
If you do not want to install grub, use the button to get to the main menu, and from there select whatever bootloader you would like to use.
第二個 i386 boot-loader 名叫 "LILO"。它是個老派的強大程式,提供很多功能,包括對 DOS、Windows 以及 OS/2 的開機管理。如果有特別的要求的話,請您仔細閱讀 /usr/share/doc/lilo/ 目錄裡的提示和教學,同時,您也可以參閱 LILO mini-HOWTO。
目前 LILO 安裝時只能為那些可以 chainloaded 的作業系統建立選單項。就是說您不得不在安裝之後手動添加 GNU/Linux 和 GNU/Hurd 這類作業系統。
debian-installer offers you three choices on where to install the LILO boot loader:
這種方式 LILO 將完全控制開機過程。
如果您想使用其它 boot-loader,選擇此方式。LILO 將安裝到新 Debian 分割區的起始位置,並能作為第二 boot loader。
Useful for advanced users who want to install LILO somewhere else. In this case you will be asked for desired location. You can use traditional device names such as /dev/hda or /dev/sda.
If you can no longer boot into Windows 9x (or DOS) after this step, you'll need to use a Windows 9x (MS-DOS) boot disk and use the fdisk /mbr command to reinstall the MS-DOS master boot record — however, this means that you'll need to use some other way to get back into Debian!
This is the last step in the Debian installation process during which the installer will do any last minute tasks. It mostly consists of tidying up after the debian-installer.
The installer may ask you if the computer's clock is set to UTC. Normally this question is avoided if possible and the installer tries to work out whether the clock is set to UTC based on things like what other operating systems are installed.
In expert mode you will always be able to choose whether or not the clock is set to UTC. Systems that (also) run Dos or Windows are normally set to local time. If you want to dual-boot, select local time instead of UTC.
At this point debian-installer will also attempt to save the current time to the system's hardware clock. This will be done either in UTC or local time, depending on the selection that was just made.
這裡的元件通常不在安裝程序之內,但會背景待命,以幫助使用者遇到麻煩時處理問題。
If the installation is successful, the logfiles created during the installation process will be automatically saved to /var/log/installer/ on your new Debian system.
Choosing from the main menu allows you to save the log files to a floppy disk, network, hard disk, or other media. This can be useful if you encounter fatal problems during the installation and wish to study the logs on another system or attach them to an installation report.
There are several methods you can use to get a shell while running an installation. On most systems, and if you are not installing over serial console, the easiest method is to switch to the second virtual console by pressing Left Alt-F2[15] (on a Mac keyboard, Option-F2). Use Left Alt-F1 to switch back to installer itself.
For the graphical installer see also 節 D.6.1, "Using the graphical installer".
If you cannot switch consoles, there is also an item on the main menu that can be used to start a shell. You can get to the main menu from most dialogs by using the button one or more times. Type exit to close the shell and return to the installer.
At this point you are booted from the RAM disk, and there is a limited set of Unix utilities available for your use. You can see what programs are available with the command ls /bin /sbin /usr/bin /usr/sbin and by typing help. The shell is a Bourne shell clone called ash and has some nice features like autocompletion and history.
To edit and view files, use the text editor nano. Log files for the installation system can be found in the /var/log directory.
Although you can do basically anything in a shell that the available commands allow you to do, the option to use a shell is really only there in case something goes wrong and for debugging.
Doing things manually from the shell may interfere with the installation process and result in errors or an incomplete installation. In particular, you should always use let the installer activate your swap partition and not do this yourself from a shell.
One of the more interesting components is network-console. It allows you to do a large part of the installation over the network via SSH. The use of the network implies you will have to perform the first steps of the installation from the console, at least to the point of setting up the networking. (Although you can automate that part with 節 4.7, "自動化安裝".)
This component is not loaded into the main installation menu by default, so you have to explicitly ask for it. If you are installing from CD, you need to boot with medium priority or otherwise invoke the main installation menu and choose and from the list of additional components select . Successful load is indicated by a new menu entry called .
After selecting this new entry, you will be asked for a new password to be used for connecting to the installation system and for its confirmation. That's all. Now you should see a screen which instructs you to login remotely as the user installer with the password you just provided. Another important detail to notice on this screen is the fingerprint of this system. You need to transfer the fingerprint securely to the "person who will continue the installation remotely".
Should you decide to continue with the installation locally, you can always press Enter, which will bring you back to the main menu, where you can select another component.
Now let's switch to the other side of the wire. As a prerequisite, you need to configure your terminal for UTF-8 encoding, because that is what the installation system uses. If you do not, remote installation will be still possible, but you may encounter strange display artefacts like destroyed dialog borders or unreadable non-ascii characters. Establishing a connection with the installation system is as simple as typing:
$ssh -l installerinstall_host
Where install_host is either the name or IP address of the computer being installed. Before the actual login the fingerprint of the remote system will be displayed and you will have to confirm that it is correct.
The ssh server in the installer uses a default configuration that does not send keep-alive packets. In principle, a connection to the system being installed should be kept open indefinitely. However, in some situations — depending on your local network setup — the connection may be lost after some period of inactivity. One common case where this can happen is when there is some form of Network Address Translation (NAT) somewhere between the client and the system being installed. Depending on at which point of the installation the connection was lost, you may or may not be able to resume the installation after reconnecting.
You may be able to avoid the connection being dropped by adding the option -o ServerAliveInterval= when starting the ssh connection, or by adding that option in your ssh configuration file. Note however that in some cases adding this option may also cause a connection to be dropped (for example if keep-alive packets are sent during a brief network outage, from which ssh would otherwise have recovered), so it should only be used when needed. value
If you install several computers in turn and they happen to have the same IP address or hostname, ssh will refuse to connect to such host. The reason is that it will have different fingerprint, which is usually a sign of a spoofing attack. If you are sure this is not the case, you will need to delete the relevant line from ~/.ssh/known_hosts[16] and try again.
After the login you will be presented with an initial screen where you have two possibilities called and . The former brings you to the main installer menu, where you can continue with the installation as usual. The latter starts a shell from which you can examine and possibly fix the remote system. You should only start one SSH session for the installation menu, but may start multiple sessions for shells.
After you have started the installation remotely over SSH, you should not go back to the installation session running on the local console. Doing so may corrupt the database that holds the configuration of the new system. This in turn may result in a failed installation or problems with the installed system.
Also, if you are running the SSH session from an X terminal, you should not resize the window as that will result in the connection being terminated.
[9] The installer will encrypt the LVM volume group using a 256 bit AES key and makes use of the kernel's "dm-crypt" support.
[10] 其實,您可以從不同硬碟上的不同分割區建立多磁碟(Multidisk, MD)設備,但這樣做不會給您帶來任何好處。
[12] It is believed that the guys from three-letter agencies can restore the data even after several rewrites of the magnetooptical media, though.
[13] Note that the program which actually installs the packages is called dpkg. However, this program is more of a low-level tool. apt-get is a higher-level tool, which will invoke dpkg as appropriate. It knows how to retrieve packages from your CD, the network, or wherever. It is also able to automatically install other packages which are required to make the package you're trying to install work correctly.
[14] You should know that to present this list, the installer is merely invoking the tasksel program. It can be run at any time after installation to install more packages (or remove them), or you can use a more fine-grained tool such as aptitude. If you are looking for a specific single package, after installation is complete, simply run aptitude install , where packagepackage is the name of the package you are looking for.
[15] That is: press the Alt key on the left-hand side of the space bar and the F2 function key at the same time.
[16] The following command will remove an existing entry for a host: ssh-keygen -R <hostname|IP address>.