Kapitel 2. Nyt i Debian 9

Indholdsfortegnelse

2.1. Understøttede arkitekturer
2.2. Nyt i distributionen
2.2.1. Cd'er, dvd'er og Blu-ray
2.2.2. Sikkerhed
2.2.3. MariaDB replaces MySQL
2.2.4. Improvements to APT and archive layouts
2.2.5. New deb.debian.org mirror
2.2.6. Move to "Modern" GnuPG
2.2.7. A new archive for debug symbols
2.2.8. New method for naming network interfaces
2.2.9. News from Debian Med Blend
2.2.10. The Xorg server no longer requires root

Der er mere om dette emne på Wiki.

2.1. Understøttede arkitekturer

Debian 9 introduces one new architecture:

  • 64-bit little-endian MIPS (mips64el)

Debian 9 regrettably removes support for the following architecture:

  • PowerPC (powerpc)

Følgende er de officielt understøttede arkitekturer i Debian 9:

  • 32-bit pc (i386) og 64-bit pc (amd64)

  • 64-bit ARM (arm64)

  • ARM EABI (armel)

  • ARMv7 (EABI hard-float ABI, armhf)

  • MIPS (mips (big endian) og mipsel (little endian))

  • 64-bit little-endian MIPS (mips64el)

  • 64-bit little-endian PowerPC (ppc64el)

  • IBM System z (s390x)

Du kan læse mere om porteringsstatus og porteringsspecifik information om din arkitektur på Debians websider om porteringer.

2.2. Nyt i distributionen

Denne nye udgave af Debian leveres med mange flere programmer end dens forgænger jessie. Distributionen indeholder over 15346 nye pakker, og i alt 51687 pakker. De fleste programmer i distributionen er blevet opdateret: over 29859 softwarepakker (dette svarer til 57 % af alle pakker i jessie). Et betydeligt antal pakker (over 6739, 13 % af alle pakker i jessie) er af forskellige grunde blevet fjernet fra distributionen. Du vil ikke se opdateringer for disse pakker, og de markeres »forældet« i pakkehåndteringsprogrammer; se Afsnit 4.8, “Forældede pakker”.

Debian again ships with several desktop applications and environments. Among others it now includes the desktop environments GNOME 3.22, KDE Plasma 5.8, LXDE, LXQt 0.11, MATE 1.16, and Xfce 4.12.

Produktivitetsprogrammer er også blevet opgraderet, inklusive kontorpakkerne:

  • LibreOffice er opgraderet til version 5.2;

  • Calligra is upgraded to 2.9.

Opdateringer af andre skrivebordsprogrammer inkluderer opgraderingen til Evolution 3.22.

Blandt meget andet inkluderer denne udgave følgende opdateringer:

PakkerVersion i 8 (jessie)Version i 9 (stretch)
BIND DNS-server9.99.10
Emacs24.424.5 and 25.1
Exim som standard-e-postserver4.844.88
GNU Compiler Collection som standardcompiler4.96.3
GnuPG1.42.1
Inkscape0.480.91
GNU C-programbiblioteket2.192.24
Linux-kerneaftryk3.16-serie4.9 series
MariaDB10.010.1
Nginx1.61.10
OpenJDK78
OpenSSH6.7p17.4p1
Perl5.205.24
PHP5.67.0
Postfix MTA2.113.1
PostgreSQL9.49.6
Python 33.43.5
Samba4.14.5
Vim78

2.2.1. Cd'er, dvd'er og Blu-ray

The official Debian distribution now ships on 12 to 14 binary DVDs (depending on the architecture) and 12 source DVDs. Additionally, there is a multi-arch DVD, with a subset of the release for the amd64 and i386 architectures, along with the source code. Debian is also released as Blu-ray (BD) and dual layer Blu-ray (DLBD) images for the amd64 and i386 architectures, and also for source code. Debian used to be released as a very large set of CDs for each architecture, but with the stretch release these have been dropped.

2.2.2. Sikkerhed

For the stretch release, the Debian version of the GNU GCC 6 compiler now defaults to compiling "position independent executables" (PIE). Accordingly the vast majority of all executables will now support address space layout randomization (ASLR), which is a mitigation for a number of exploits that are now probabilistic rather than deterministic.

2.2.3. MariaDB replaces MySQL

MariaDB is now the default MySQL variant in Debian, at version 10.1. The stretch release introduces a new mechanism for switching the default variant, using metapackages created from the mysql-defaults source package. For example, installing the metapackage default-mysql-server will install mariadb-server-10.1. Users who had mysql-server-5.5 or mysql-server-5.6 will have it removed and replaced by the MariaDB equivalent. Similarly, installing default-mysql-client will install mariadb-client-10.1.

[Vigtigt]Vigtigt

Note that the database binary data file formats are not backwards compatible, so once you have upgraded to MariaDB 10.1 you will not be able to switch back to any previous version of MariaDB or MySQL unless you have a proper database dump. Therefore, before upgrading, please make backups of all important databases with an appropriate tool such as mysqldump.

The virtual-mysql-* and default-mysql-* packages will continue to exist. MySQL continues to be maintained in Debian, in the unstable release. See the Debian MySQL Team wiki page for current information about the mysql-related software available in Debian.

2.2.4. Improvements to APT and archive layouts

The apt package manager has seen a number of improvements since jessie. Most of these apply to aptitude as well. Following are selected highlights of some of these.

On the security side, APT now rejects weaker checksums by default (e.g. SHA1) and attempts to download as an unprivileged user. Please refer to Afsnit 5.3.2.3, “Nye krav til APT-arkivet” and Afsnit 5.3.2.1, “APT now fetches files as an unprivileged user (_apt)” for more information.

The APT-based package managers have also gotten a number of improvements that will remove the annoying hash sum mismatch warning that occurs when running apt during a mirror synchronization. This happens via the new by-hash layout, which enables APT to download metadata files by their content hash.

If you use third-party repositories, you may still experience these intermittent issues, if the vendor does not provide the by-hash layout. Please recommend them to adopt this layout change. A very short technical description is available in the Repository format description.

While this may be mostly interesting for mirror administrators, APT in stretch can use DNS (SRV) records to locate an HTTP backend. This is useful for providing a simple DNS name and then managing backends via DNS rather than using a redirector service. This feature is also used by the new Debian mirror described in Afsnit 2.2.5, “New deb.debian.org mirror”.

2.2.5. New deb.debian.org mirror

Debian now provides a new additional service called deb.debian.org. It provides the content of the main archive, the security archive, ports and even our new debug archive (see Afsnit 2.2.7, “A new archive for debug symbols”) under a single easy to remember hostname.

This service relies on the new DNS support in APT, but will fall back to a regular redirect for HTTPS access or older versions of APT. More details are provided on deb.debian.org.

Thanks to Fastly and Amazon CloudFront for sponsoring the CDN backends behind this service.

2.2.6. Move to "Modern" GnuPG

The stretch release is the first version of Debian to feature the modern branch of GnuPG in the gnupg package. This brings with it elliptic curve cryptography, better defaults, a more modular architecture, and improved smartcard support. The modern branch also explicitly does not support some older, known-broken formats (like PGPv3). See /usr/share/doc/gnupg/README.Debian for more information.

We will continue to supply the classic branch of GnuPG as gnupg1 for people who need it, but it is now deprecated.

2.2.7. A new archive for debug symbols

[Bemærk]Bemærk

This section is mostly interesting for developers or if you wish to attach a full stack trace to a crash report.

Previously, the main Debian archive would include packages containing debug symbols for selected libraries or programs. With stretch, most of these have been moved to a separate archive called the debian-debug archive. This archive contains the debug symbol packages for the vast majority of all packages provided by Debian.

If you want to fetch such debug packages, please include the following in your APT sources:

deb http://debug.mirrors.debian.org/debian-debug/ stretch-debug main

Alternatively, you can also fetch them from snapshot.debian.org.

Once enabled, you can now fetch debug symbols for the package in question by installing pkg-dbgsym. Please note that individual packages may still provide a pkg-dbg package in the main archive instead of the new dbgsym.

2.2.8. New method for naming network interfaces

The installer and newly installed systems will use a new standard naming scheme for network interfaces instead of eth0, eth1, etc. The old naming method suffered from enumeration race conditions that made it possible for interface names to change unexpectedly and is incompatible with mounting the root filesystem read-only. The new enumeration method relies on more sources of information, to produce a more repeatable outcome. It uses the firmware/BIOS provided index numbers and then tries PCI card slot numbers, producing names like ens0 or enp1s1 (ethernet) or wlp3s0 (wlan). USB devices, which can be added to the system at any time, will have names based upon their ethernet MAC addresses.

This change does not apply to upgrades of jessie systems; the naming will continue to be enforced by /etc/udev/rules.d/70-persistent-net.rules. For more information, see /usr/share/doc/udev/README.Debian.gz or the upstream documentation.

2.2.9. News from Debian Med Blend

Besides several new packages and updates for software targeting life sciences and medicine, the Debian Med team has again put a focus on the quality of the provided packages. In a GSoC project and an Outreachy project, two students worked hard to add Continuous Integration support to the packages with the highest popularity-contest usage statistics. The latest Debian Med sprint in Bucharest also concentrated on package testing.

To install packages maintained by the Debian Med team, install the metapackages named med-*, which are at version 3.0.1 for Debian stretch. Feel free to visit the Debian Med tasks pages to see the full range of biological and medical software available in Debian.

2.2.10. The Xorg server no longer requires root

In the stretch version of Xorg, it is possible to run the Xorg server as a regular user rather than as root. This reduces the risk of privilege escalation via bugs in the X server. However, it has some requirements for working:

  • It needs logind and libpam-systemd.

  • The system needs to support Kernel Mode Setting (KMS). Therefore, it may not work in some virtualization environments (e.g. virtualbox) or if the kernel has no driver that supports your graphics card.

  • It needs to run on the virtual console it was started from.

  • Only the gdm3 display manager supports running X as a non-privileged user in stretch. Other display managers will always run X as root. Alternatively, you can also start X manually as a non-root user on a virtual terminal via startx.

When run as a regular user, the Xorg log will be available from ~/.local/share/xorg/.