The massive and venerable free Linux distribution known as Debian has a special place in the Linux community. Debian serves as the basis for several popular downstream Linux editions, including Ubuntu, Knoppix, Mint, and many others. But, many Linux devotees prefer to use Debian directly.

Those who are serious about Free Software as a social or political movement are attracted to the project's promise that Debian will remain all free, without proprietary drivers or other components. Others like the huge scope of the Debian repositories. Still others prefer Debian for its stability: Major updates are infrequent, and each is tested very thoroughly by the worldwide community of Debian developers.

The new Debian 8 "Jessie" edition appeared on April 26 of this year. This article takes a quick look at what's inside – and what you'll need to know if you're considering an upgrade.

New Software

The Debian distribution is already big, and it is growing. According to the release notes [1], exactly 12,253 packages have been added since Debian Wheezy. If you subtract the 5,441 packages that have been removed, this Free Software flagship has a generous net increase of 6,812 packages. Although this expansion is impressive, IT professionals will need to remember that each of these changes has a potential for disruption. For instance, if you upgrade from the previous Debian Wheezy edition [2], you might need to adjust PHP scripts, because Debian Jessie updates the PHP version from 5.4 to 5.6.

The Apache web server steps from version 2.2 to version 2.4, with modified access control policies and configuration file syntax. Anyone who has customized these settings manually will want to read the corresponding document from the Apache Foundation [3].

The OpenSSH secure shell comes with some important configuration changes. Root will no longer be able to log in with a password on OpenSSH servers (PermitRootLogin without-password). However, the installer tries to detect configurations that support OpenSSH login and lets the user decide interactively. A corresponding preset is available for unsupervised updates:

echo 'openssh-server openssh-server/ \
  permit-root-login boolean true' | \
  debconf-set-selections

In addition, the makers of Debian indicate that the packages with the prefixes libv8-31.4.- and nodejs- are available for Jessie in insecure versions with a high number of security vulnerabilities; no security updates are planned for these tools in the foreseeable future.

Gnome 3.14, defined as the default desktop in Jessie, no longer provides an SD fallback version and needs at least an SSE2 extension in the CPU, which is usually in place with the latest crop of computers. Anyone not using the x86 or x86-64 architectures will need a 3D-accelerated graphics card with EGL drivers. Gnome users should also make sure some keyboard shortcuts are customized to the other desktops in the new Debian.

Possible alternatives to Gnome are the KDE 4.11 desktop with Plasma 5, Xfce 4.10, or LXDE; the installer also offers the Cinnamon and Mate desktops for the first time (Figure 1).

Figure 1: Debian 8 offers six optional desktops by default.

The installer is basically identical to its predecessor. The Debian designers have fine-tuned UEFI support, but the system still does not support Secure Boot. The Debian/K-Free BSD, Debian/Hurd, and the Sparc and Itanium architectures are no longer available because there is not sufficient support for them. The Linux kernel version of the stable Debian release has increased to 3.16.

In addition to all the internals, Jessie delivers updates to several common desktop tools (Figure 2), including the Iceweasel 31.6 web browser (Iceweasel is the Debian community's Firefox fork without proprietary components and trademarks), as well as the corresponding Thunderbird knock-off Icedove 31.6. LibreOffice rolls over to version 4.3.3. You can set up MariaDB version 10.0.16 as an alternative to the MySQL 5.5.42 database.

Figure 2: Users of the stable Debian version will really appreciate the latest desktop applications.

The Debian-GIS project, which provides support for geographical information systems, benefits from improved cooperation with Ubuntu GIS and OS-Geo Live.

Open JDK 7 recently became the default Java Runtime; version 8 is also available. Debian 8 supports Tomcat 7 and 8; Tomcat 6 is history, and new tools for debugging and developing the Android SDK appear in androidsdk-tools.

Changing Horses

The most profound change in the latest Debian is the systemd init daemon. After a loud and heated discussion, which caused some Debian developers to leave the project, the new init system finally made its way into Debian Jessie. The developers have fine-tuned systemd for two years now in order to provide the most stable system despite the major change.

Users who are considering upgrading to Jessie (see "Upgrading to Jessie" box) need to know that Debian automatically installs the systemd-sysv package.

apt-get purge $(dpkg -l | awk '/^rc/ { print $2 }')

If you really want to prevent the system from installing systemd, you can do so with APT pinning. Create a /etc/apt/preferences.d/local-pin-init file with the following contents:

Package: systemd-sysv
Pin: release o=Debian
Pin-Priority: -1

The developers warn that this step can restrict the behavior and functions of some packages. They also state that Debian would install systemd packages despite APT pinning; they do not, however, affect the init system.

Debian Jessie installs the old init system parallel to systemd, and users can enable it with the init=/lib/sysvinit/init kernel parameter.

Systemd demonstrates stricter behavior in Debian Jessie if the system does not mount drives when booting even though the auto option is set in the /etc/fstab file (auto-mount). Systemd aborts the boot process in such cases, and users end up in an emergency shell. To prevent this behavior, users can replace auto with noauto or nofail.

Encrypted disks might also cause problems on some systems. Systemd does not support some crypttab parameters, including precheck, check, checkargs, noearly, loud, and in particular, keyscript, which automatically passes on the password for mounting the encrypted disks. Anyone wanting to continue using these options needs to stay with Sysvinit. Typing:

grep -e precheck \
  -e check -e checkargs \
  -e noearly -e loud \
  -e keyscript /etc/crypttab

shows the parameter that Debian uses to mount the encrypted drives.

Anyone wanting to interactively enter the password for encrypted partitions when booting will need to install and configure the graphic Plymouth bootsplash. The documentation found in the /usr/share/doc/plymouth/README.Debian directory discloses how this works; Systemd does not support alternative home screens.

Emergency Kit

If something goes wrong when starting systemd, two kernel parameters make sure that a local recovery system starts. The systemd.unit=rescue.target option opens a root shell – this is assuming that the system actually boots. However, Debian invokes a recovery shell at the earliest opportunity with the systemd.unit=emergency.target parameter. The user can then manually mount the system partition.