Chapter 2. What's new in Debian 7.0

Table of Contents

2.1. Supported architectures
2.2. What's new for kFreeBSD?
2.3. What's new in the distribution?
2.3.1. CDs, DVDs and BDs
2.3.2. Multiarch
2.3.3. Dependency booting
2.3.4. systemd
2.3.5. Multimedia
2.3.6. Hardened security
2.3.7. AppArmor
2.3.8. The stable-backports section
2.3.9. The stable-updates section
2.3.10. GNOME 3
2.3.11. Cloud
2.3.12. Temporary filesystems

The Wiki has more information about this topic.

2.1. Supported architectures

Debian 7.0 introduces two new architectures:

  • s390x, 64-bit port for IBM System z machines intended to replace s390.

  • armhf, an alternative to armel for ARMv7 machines with hard-float. A lot of modern ARM boards and devices ship with a floating-point unit (FPU), but the older Debian armel port doesn't take much advantage of it. The armhf port was started to improve this situation and also take advantage of other features of newer ARM CPUs. The Debian armhf port requires at least an ARMv7 CPU with Thumb-2 and VFP3D16 coprocessor.

The following are the officially supported architectures for Debian wheezy:

  • 32-bit PC ('i386')

  • SPARC ('sparc')

  • PowerPC ('powerpc')

  • MIPS ('mips' (big-endian) and 'mipsel' (little-endian))

  • Intel Itanium ('ia64')

  • S/390 ('s390')

  • 64-bit PC ('amd64')

  • ARM EABI ('armel')

  • ARMv7 (EABI hard-float ABI, 'armhf')

  • IBM System z ('s390x')

In addition to the officially supported architectures, Debian wheezy contains the GNU/kFreeBSD ports ('kfreebsd-amd64' and 'kfreebsd-i386') introduced in Debian squeeze, as a technology preview. These ports are the first ones included in a Debian release which aren't based on the Linux kernel, but instead use the kernel of FreeBSD with a GNU userland. Users of these versions however should be warned that the quality of these ports is still catching up with the outstanding high quality of our Linux ports, and that some advanced desktop features are not supported yet. However, the support of common server software is strong and extends the features of Linux-based Debian versions by the unique features known from the BSD world.

You can read more about port status, and port-specific information for your architecture at the Debian port web pages.

2.2. What's new for kFreeBSD?

The kFreeBSD kernel is available in versions 8.3 and 9.0.

New features in this release include:

  • ZFS version 19 adds support for block-level deduplication, triple-parity RAID-Z, improvements to ZIL and snapshotting.

  • iSCSI target, using the istgt userspace utilities.

  • Full-disk encryption using geli

Full userspace support for FreeBSD jails is also available in Debian 7.0. See the Debian Wiki for the details.

2.3. What's new in the distribution?

This new release of Debian again comes with a lot more software than its predecessor squeeze; the distribution includes over 12800 new packages, for a total of over 37493 packages. Most of the software in the distribution has been updated: over 20160 software packages (this is 70% of all packages in squeeze). Also, a significant number of packages (over 4125, 14% of the packages in squeeze) have for various reasons been removed from the distribution. You will not see any updates for these packages and they will be marked as 'obsolete' in package management front-ends.

With this release, Debian updates from X.Org 7.5 to X.Org 7.7.

Debian again ships with several desktop applications and environments. Among others it now includes the desktop environments GNOME 3.4, KDE 4.8.4, Xfce 4.8, and LXDE.

Productivity applications have also been upgraded, including the office suites:

  • LibreOffice 3.5 replaces OpenOffice.org, which is now only a transitional package that can be removed;

  • Calligra 2.4 replaces KOffice, which is now only a transitional package that can be removed;

  • GNUcash is upgraded to 2.4;

  • GNUmeric is upgraded to 1.10;

  • Abiword is upgraded to 2.9.

Updates of other desktop applications include the upgrade to Evolution 3.4 and Pidgin 2.10. The Mozilla suite has also been updated: iceweasel (version 10 ESR) is the unbranded Firefox web browser and icedove (version 10) is the unbranded Thunderbird mail client.

Among many others, this release also includes the following software updates:

PackageVersion in 6.0 (squeeze)Version in 7.0 (wheezy)
Apache2.2.162.2.22
BIND DNS Server9.79.8
Courier MTA0.650.68
Dia0.97.10.97.2
Exim default email server4.724.80
GNU Compiler Collection as default compiler4.44.7 on PCs, 4.6 elsewhere
GIMP2.62.8
the GNU C library2.112.13
lighttpd1.4.281.4.31
Linux kernel image2.6 series3.2 series
maradns1.4.031.4.12
MySQL5.15.5
OpenLDAP2.4.232.4.31
OpenSSH5.5p16.0p1
Perl5.105.14
PHP5.35.4
Postfix MTA2.72.9
PostgreSQL8.49.1
Python2.62.7
Python 33.13.2
Samba3.53.6

Debian supports Linux Standard Base (LSB) version 4.1, with one explicit and Debian-specific derogation from the LSB 4.1 specification: Qt3 is not included.

2.3.1. CDs, DVDs and BDs

The official Debian distribution now ships on 9 to 10 binary DVDs or 61 to 69 binary CDs (depending on the architecture) and 8 source DVDs or 46 source CDs. Additionally, there is a multi-arch DVD, with a subset of the release for the amd64 and i386 architectures, along with the source code. Debian is also released as Blu-ray (BD) images, 2 each for the amd64 and i386 architectures, or 2 for the source code. For size reasons, some very large packages are omitted from the CD builds; these packages fit better in the DVD and BD builds, so are still included there.

2.3.2. Multiarch

New in Debian 7.0 is multiarch. Multiarch lets you install packages from multiple architectures on the same machine. This is useful in various ways, but the most common is installing both 64 and 32-bit software on the same machine and having dependencies correctly resolved automatically. The Debian wiki has an extensive manual on how to make use of this functionality if you need it.

2.3.3. Dependency booting

The dependency-based boot sequencing introduced with Debian 6.0 is now always enabled, including for users of file-rc.

For optimal sequencing, all init.d scripts should declare their dependencies in an LSB header. This is already the case for scripts shipped in Debian, but users should check their local scripts and consider adding that information.

For more information on this feature refer to the information available in /usr/share/doc/insserv/README.Debian.

2.3.4. systemd

Debian 7.0 introduces preliminary support for systemd, an init system with advanced monitoring, logging and service management capabilities.

While it is designed as a drop-in sysvinit replacement and as such makes use of existing SysV init scripts, the systemd package can be installed safely alongside sysvinit and started via the init=/bin/systemd kernel option. To utilize the features provided by systemd, about 50 packages already provide native support, among them core packages like udev, dbus and rsyslog.

systemd is shipped as a technology preview in Debian 7.0. For more information on this topic, see the Debian wiki.

2.3.5. Multimedia

Debian wheezy comes with improved multimedia support: ffmpeg has been replaced by the libav fork (libav-tools), which is considered to feature a more conservative release process and thus fit better to Debian's needs. It provides all libraries and prepares an upgrade path for existing application packages. The full-featured libav libraries and frontends include e.g. mplayer, mencoder, vlc and transcode. Additional codec support is provided e.g. through lame for MP3 audio encoding, xvidcore for MPEG-4 ASP video encoding, x264 for H.264/MPEG-4 AVC video encoding, vo-aacenc for AAC audio encoding and opencore-amr and vo-amrwbenc for Adaptive Multi-Rate Narrowband and Wideband encoding and decoding, respectively. For most use cases, installation of packages from third-party repositories should not be necessary anymore. The times of crippled multimedia support in Debian are finally over!

2.3.6. Hardened security

Many Debian packages have now been built with gcc compiler hardening flags enabled. These flags enable various protections against security issues such as stack smashing, predictable locations of values in memory, etc. An effort has been made to ensure that as many packages as possible include these flags, especially focusing on those in the 'base'-installation, network-accessible daemons and packages which have had security issues in recent years.

Note that the hardened build flags are not enabled by default in gcc, so are not used automatically when locally building software. The package hardening-wrapper can provide a gcc with these flags enabled.

2.3.7. AppArmor

Debian 7.0 supports the AppArmor Mandatory Access Control system. When enabled, AppArmor confines programs according to a set of rules that specify what files a given program can access. This proactive approach helps protecting the system against both known and unknown vulnerabilities.

AppArmor is disabled by default in Debian 7.0. The Debian wiki has instructions on how to use this functionality.

2.3.8. The stable-backports section

Note that this replaces the functionality previously provided by the backports.debian.org archive.

In order to use packages from wheezy-backports, you can add an entry to your sources.list:

deb     http://mirrors.kernel.org/debian wheezy-backports main contrib
deb-src http://mirrors.kernel.org/debian wheezy-backports main contrib

The next time you run apt-get update, the system will become aware of the packages in the wheezy-backports section and they will be available for installation in the same way as the old backports.debian.org archive.

When a new package is made available via wheezy-backports to fix a security issue, this will be announced on the debian-backports-announce mailing list.

2.3.9. The stable-updates section

Some packages from proposed-updates may also be made available via the wheezy-updates mechanism. This path will be used for updates which many users may wish to install on their systems before the next point release is made, such as updates to virus scanners and timezone data. All packages from wheezy-updates will be included in point releases.

In order to use packages from wheezy-updates, you can add an entry to your sources.list:

deb     http://mirrors.kernel.org/debian wheezy-updates main contrib
deb-src http://mirrors.kernel.org/debian wheezy-updates main contrib

The next time you run apt-get update, the system will become aware of the packages in the wheezy-updates section and will consider them when looking for packages to upgrade.

Note that if APT::Default-Release is set in your /etc/apt/apt.conf (or in any of /etc/apt/apt.conf.d/*), then, in order for automatic upgrades to work, it is necessary to add the following configuration block into /etc/apt/preferences (see apt_preferences(5) for more information):

Package: *
Pin: release o=Debian,n=wheezy-updates
Pin-Priority: 990

When a new package is made available via wheezy-updates, this will be announced on the debian-stable-announce mailing list.

2.3.10. GNOME 3

GNOME has undergone a major interface rewrite in the upgrade to version 3.4. The traditional GNOME panel has been replaced by the shell, an innovative interface with major usability improvements.

Among other things, it features dynamic workspaces, an on-screen keyboard (Caribou), instant messaging built into the interface, and integration with the GNOME keyring and PolicyKit.

If you want to keep an interface closer to the GNOME 2.30 version in wheezy, you can select the GNOME Classic session at the login prompt. It will bring you an improved version of the traditional panel. You can still edit the panel to add more applets, by using the hidden alt+right click combination.

If your hardware is not compatible with the GNOME shell's requirements, you will also be redirected to the classic interface.

2.3.10.1. New and removed applications

Sushi is a new previewing application. Just press the space key on a file in the file manager, and enjoy.

The Tracker indexing tool is now part of the GNOME desktop. After your first login, it will index your desktop, and is now available as the default search tool. It is also the key to the new GNOME documents tool to manage your recently used documents.

Audio and mixing applications now require the PulseAudio sound daemon, which provides per-application mixing.

The help system has been entirely redesigned, with a new documentation format.

GNOME boxes is a tool to handle your virtual machines, integrated to the shell and using QEMU/KVM.

Some other new applications: GNOME contacts, GNOME online accounts, GNOME PackageKit, GNOME color manager, Rygel.

Ekiga is no longer part of GNOME. Many of its features are now available in Empathy.

2.3.10.2. Settings

Most technologies underlying GNOME are still here: the D-Bus messaging system, the PolicyKit permissions manager, the GStreamer multimedia system, the gvfs virtual file system, the MIME system, the ConsoleKit, udisks and upower interfaces to hardware management; all are kept without major changes.

However, the underlying configuration system to GNOME has undergone a major evolution, from GConf to a new system named GSettings, which is much faster and more versatile. The settings can be browsed or edited using the (recommended) gsettings command-line tool, or the dconf-editor graphical tool. The GConf system is still available for third-party applications that use it.

Most settings are migrated upon upgrade, but for technical and conceptual reasons, a selected number of settings are not:

  • default session and language (now managed by the accountsservice daemon);

  • desktop wallpaper;

  • default GTK+ theme (none of the previous themes exist anymore);

  • panel and applets configuration (applets now use relative positioning);

  • default browser and mailer (the settings are now part of the MIME system through x-scheme-handler/* types).

2.3.10.3. Display manager

The GNOME display manager (gdm3) has undergone a major evolution together with the desktop. The primary change is that settings for the login prompt have been migrated to GSettings as well. The configuration file has changed to greeter.gsettings and settings are not preserved. This only affects interface settings; daemon settings are still in the same place.

The legacy GDM 2.20 package is no longer available; most of its former features are now available in GDM 3.x.

2.3.10.4. Network management

GNOME now features online connectivity awareness, with several applications and the GNOME shell using NetworkManager. This enables support for IPv6 and a wide range of other networking technologies, such as VPNs, wireless and 3G.

GNOME users are strongly advised to use NetworkManager for network connectivity; the GNOME components work best with NetworkManager. If you are planning on using another network management daemon instead (such as wicd-daemon), please see Section Section 5.6, “NetworkManager”.

2.3.11. Cloud

Debian 7.0 includes the OpenStack suite as well as the Xen Cloud Platform (XCP), allowing users to deploy their own cloud infrastructure.

Debian images are also provided on the major public cloud platforms, including Amazon EC2, Windows Azure and Google Compute Engine.

2.3.12. Temporary filesystems

In previous releases, temporary (tmpfs) filesystems were mounted on /lib/init/rw, /dev/shm/ and optionally on /var/lock and /var/run. /lib/init/rw has been removed, and the others have been moved under /run. /var/run and /var/lock were configured using RAMRUN and RAMLOCK in /etc/default/rcS. All these tmpfs filesystems are now configurable using /etc/default/tmpfs; the old settings are not migrated automatically.

Old locationNew locationOld settingNew setting
  /etc/default/rcS/etc/default/tmpfs
/lib/init/rw/runN/AN/A
/var/run/runRAMRUNN/A
/var/lock/run/lockRAMLOCKRAMLOCK
/dev/shm/run/shmN/ARAMSHM
N/A/tmpN/ARAMTMP

The migration of data to the new locations will occur automatically during the upgrade and will continue to be available at the old and new locations, with the exception of /lib/init/rw. No action is required on your part, though you may wish to customize which tmpfs filesystems are mounted, and their size limits, in /etc/default/tmpfs after the upgrade is complete. Please see the tmpfs(5) manual page for further details.

If you have written any custom scripts which make use of /lib/init/rw, these must be updated to use /run instead.

/tmp is not a tmpfs by default. If you chose to use this feature, please note that:

  • the contents of /tmp are not preserved across reboots; /var/tmp exists for this purpose;

  • the maximum size of /tmp may (depending upon your specific system) be smaller than before. If you find that there is insufficient free space, it is possible to increase the size limits; see tmpfs(5).

  • Applications which create excessively large temporary files may cause /tmp to run out of free space. It should be possible to configure a different location for those files by setting the TMPDIR environment variable.

  • If desired, the defaults may also be overridden with an entry in /etc/fstab, for example:

    tmpfs     /tmp tmpfs     nodev,nosuid,size=20%,mode=1777    0    0