B.4. 预置文件的内容(bookworm)

本附录使用的配置片段还放在预置例子文件 https://www.debian.org/releases/bookworm/example-preseed.txt 里面。

请注意,这里的例子是基于 Intel x86 架构的安装过程。如果您安装到其他架构,其中的一些例子(像键盘选择和 bootloader 安装)可能不恰当,需要用适合您架构的 debconf 设置替换。

有关不同 Debian 安装程序模块的工作细节,请参阅 第 6.3 节 “使用单独的组件”

B.4.1. 本地化

在一般的安装中,首先询问地区信息,所以这些值只通过 initrd 或内核引导参数方法来预置。自动模式(第 B.2.3 节 “auto 模式”) 包括 auto-install/enable=true 的设置(通常通过auto预置别名)。这延迟询问地区问题,使它们可以被任何方法预置。

locale 用于指定语言和国家或者任何 debian-installer 支持的语言与地区的组合。如果组合起来的不是有效的 locale,安装程序会自动选择一个指定语言可用的 locale。要在引导参数上指定本地,比如使用 locale=en_US

虽然这个方法很容易使用,但它无法预置所有的语言、国家和地方组合[18]。因此另一种方法是单独预置各值。语言和国家可以在引导参数里面指定。

# Preseeding only locale sets language, country and locale.
d-i debian-installer/locale string en_US

# The values can also be preseeded individually for greater flexibility.
#d-i debian-installer/language string en
#d-i debian-installer/country string NL
#d-i debian-installer/locale string en_GB.UTF-8
# Optionally specify additional locales to be generated.
#d-i localechooser/supported-locales multiselect en_US.UTF-8, nl_NL.UTF-8

键盘配置包括选择的 keymap 和(对于非拉丁 keymap)切换键,该键用于非拉丁和 US keymap 来回切换。安装的时候只有几种基本的 keymap 可用。高级的要在安装好的系统下才能使用,使用 dpkg-reconfigure keyboard-configuration 配置。

# Keyboard selection.
d-i keyboard-configuration/xkb-keymap select us
# d-i keyboard-configuration/toggle select No toggling

要跳过键盘配置,可通过 skip-config 来预置 keymap。这将导致内核 keymap 保持活动。

B.4.2. 网络设置

显而易见,预置网络设置对于从网络加载预置文件无效。但对从光盘和 U 盘引导很有帮助。如果您计划从网络加载预置文件,应该使用传递网络设置给内核引导参数的方式。

如果您需要网络引导从网络加载预置文件前指定网卡,请用这种引导参数 interface=eth1

虽然使用网络预置(用 preseed/url)通常并不能配置网络,但是您可以使用下面的技巧实现。例如,为网卡设置静态地址。它使加载了预置文件以后网络预置再运行一次,这需要将下面的命令包含在 preseed/run 脚本里面:

kill-all-dhcp; netcfg

下面的 debconf 变量与网络配置相关。

# Disable network configuration entirely. This is useful for cdrom
# installations on non-networked devices where the network questions,
# warning and long timeouts are a nuisance.
#d-i netcfg/enable boolean false

# netcfg will choose an interface that has link if possible. This makes it
# skip displaying a list if there is more than one interface.
d-i netcfg/choose_interface select auto

# To pick a particular interface instead:
#d-i netcfg/choose_interface select eth1

# To set a different link detection timeout (default is 3 seconds).
# Values are interpreted as seconds.
#d-i netcfg/link_wait_timeout string 10

# If you have a slow dhcp server and the installer times out waiting for
# it, this might be useful.
#d-i netcfg/dhcp_timeout string 60
#d-i netcfg/dhcpv6_timeout string 60

# Automatic network configuration is the default.
# If you prefer to configure the network manually, uncomment this line and
# the static network configuration below.
#d-i netcfg/disable_autoconfig boolean true

# If you want the preconfiguration file to work on systems both with and
# without a dhcp server, uncomment these lines and the static network
# configuration below.
#d-i netcfg/dhcp_failed note
#d-i netcfg/dhcp_options select Configure network manually

# Static network configuration.
#
# IPv4 example
#d-i netcfg/get_ipaddress string 192.168.1.42
#d-i netcfg/get_netmask string 255.255.255.0
#d-i netcfg/get_gateway string 192.168.1.1
#d-i netcfg/get_nameservers string 192.168.1.1
#d-i netcfg/confirm_static boolean true
#
# IPv6 example
#d-i netcfg/get_ipaddress string fc00::2
#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff::
#d-i netcfg/get_gateway string fc00::1
#d-i netcfg/get_nameservers string fc00::1
#d-i netcfg/confirm_static boolean true

# Any hostname and domain names assigned from dhcp take precedence over
# values set here. However, setting the values still prevents the questions
# from being shown, even if values come from dhcp.
d-i netcfg/get_hostname string unassigned-hostname
d-i netcfg/get_domain string unassigned-domain

# If you want to force a hostname, regardless of what either the DHCP
# server returns or what the reverse DNS entry for the IP is, uncomment
# and adjust the following line.
#d-i netcfg/hostname string somehost

# Disable that annoying WEP key dialog.
d-i netcfg/wireless_wep string
# The wacky dhcp hostname that some ISPs use as a password of sorts.
#d-i netcfg/dhcp_hostname string radish

# If you want to completely disable firmware lookup (i.e. not use firmware
# files or packages that might be available on installation images):
#d-i hw-detect/firmware-lookup string never

# If non-free firmware is needed for the network or other hardware, you can
# configure the installer to always try to load it, without prompting. Or
# change to false to disable asking.
#d-i hw-detect/load_firmware boolean true

请注意,如果 netcfg/get_netmask 没有预置,那么 netcfg 将自动侦测掩码。在这种情况下,变量必须标记为 seen 来自动安装。类似地,如果没有设置 netcfg/get_gateway,那么 netcfg 将选择一个合适的地址。特殊情况下,可以将 netcfg/get_gateway 设置为 none,来指定不使用网关。

B.4.3. 网络控制台

# Use the following settings if you wish to make use of the network-console
# component for remote installation over SSH. This only makes sense if you
# intend to perform the remainder of the installation manually.
#d-i anna/choose_modules string network-console
#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key
#d-i network-console/password password r00tme
#d-i network-console/password-again password r00tme

关于网络控制台的更多信息,请参阅 第 6.3.10 节 “通过网络控制台(network-console)安装”

B.4.4. 镜像设置

根据您使用的安装方式,镜像可用于下载安装程序的额外组件、安装基本系统以及为所安装的系统建立 /etc/apt/sources.list

参数 mirror/suite 决定了安装好的系统使用的套件。

参数 mirror/udeb/suite 决定安装程序使用的额外组件的套件。它只在组件通过网络下载并与安装时使用的 initrd 建立套件相匹配时才有效。通常安装程序会自动安装并使用正确的值而毋需手动设置。

# Mirror protocol:
# If you select ftp, the mirror/country string does not need to be set.
# Default value for the mirror protocol: http.
#d-i mirror/protocol string ftp
d-i mirror/country string manual
d-i mirror/http/hostname string http.us.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string

# Suite to install.
#d-i mirror/suite string testing
# Suite to use for loading installer components (optional).
#d-i mirror/udeb/suite string testing

B.4.5. 帐号设置

root 帐号的密码和第一个普通用户的名字和密码都可以预置。您可以给密码使用纯文本或 crypt(3) 哈希 值。

[警告] 警告

要知道预置密码并不安全,每个可以访问预置文件的用户都可以看到这些密码。存储哈希密码被认为是安全的,除非使用了可以被暴力破解的弱哈希算法,如 DES 或 MD5。推荐的密码哈希算法为 SHA-256 和 SHA512。

# Skip creation of a root account (normal user account will be able to
# use sudo).
#d-i passwd/root-login boolean false
# Alternatively, to skip creation of a normal user account.
#d-i passwd/make-user boolean false

# Root password, either in clear text
#d-i passwd/root-password password r00tme
#d-i passwd/root-password-again password r00tme
# or encrypted using a crypt(3)  hash.
#d-i passwd/root-password-crypted password [crypt(3) hash]

# To create a normal user account.
#d-i passwd/user-fullname string Debian User
#d-i passwd/username string debian
# Normal user's password, either in clear text
#d-i passwd/user-password password insecure
#d-i passwd/user-password-again password insecure
# or encrypted using a crypt(3) hash.
#d-i passwd/user-password-crypted password [crypt(3) hash]
# Create the first user with the specified UID instead of the default.
#d-i passwd/user-uid string 1010

# The user account will be added to some standard initial groups. To
# override that, use this.
#d-i passwd/user-default-groups string audio cdrom video

passwd/root-password-cryptedpasswd/user-password-crypted 变量也可以使用 ! 作为它们的预置值。在这种情况下,相应的帐号关闭。这对于 root 帐号会比较方便,提供了替代方法来设置允许管理活动或 root 登录(例如通过使用 SSH 密钥认证或 sudo)。

下面的命令(从 whois 软件包中获得)可用于生成密码的基于crypt(3)的 SHA-512 值:

mkpasswd -m sha-512

B.4.6. 时钟与时区设置

# Controls whether or not the hardware clock is set to UTC.
d-i clock-setup/utc boolean true

# You may set this to any valid setting for $TZ; see the contents of
# /usr/share/zoneinfo/ for valid values.
d-i time/zone string US/Eastern

# Controls whether to use NTP to set the clock during the install
d-i clock-setup/ntp boolean true
# NTP server to use. The default is almost always fine here.
#d-i clock-setup/ntp-server string ntp.example.com

B.4.7. 分区

使用预置进行硬盘分区受限于 partman-auto 提供的支持。您可以选择使用磁盘上已有的空闲分区或者整个磁盘。磁盘的布局将取决于所使用的预定义方案,用户自定义的方案文件或预置文件包含的方案。

已经支持包括 RAID、LVM 和加密高级分区设置的预置,但对于非预置安装的分区仍然弹性不足。

下面的例子仅提供了使用方案的最基本信息。详细的内容清参考文件 partman-auto-recipe.txtpartman-auto-raid-recipe.txt,它们含在 debian-installer 软件包里。这两个文件也可以从 debian-installer source repository获取。注意不同发布版支持的功能会有所改变。

[警告] 警告

磁盘的标识基于对应驱动加载的次序。如果系统里面有多个磁盘,要确定预置使用了正确的那一个。

B.4.7.1. 分区示例

# If the system has free space you can choose to only partition that space.
# This is only honoured if partman-auto/method (below) is not set.
#d-i partman-auto/init_automatically_partition select biggest_free

# Alternatively, you may specify a disk to partition. If the system has only
# one disk the installer will default to using that, but otherwise the device
# name must be given in traditional, non-devfs format (so e.g. /dev/sda
# and not e.g. /dev/discs/disc0/disc).
# For example, to use the first SCSI/SATA hard disk:
#d-i partman-auto/disk string /dev/sda
# In addition, you'll need to specify the method to use.
# The presently available methods are:
# - regular: use the usual partition types for your architecture
# - lvm:     use LVM to partition the disk
# - crypto:  use LVM within an encrypted partition
d-i partman-auto/method string lvm

# You can define the amount of space that will be used for the LVM volume
# group. It can either be a size with its unit (eg. 20 GB), a percentage of
# free space or the 'max' keyword.
d-i partman-auto-lvm/guided_size string max

# If one of the disks that are going to be automatically partitioned
# contains an old LVM configuration, the user will normally receive a
# warning. This can be preseeded away...
d-i partman-lvm/device_remove_lvm boolean true
# The same applies to pre-existing software RAID array:
d-i partman-md/device_remove_md boolean true
# And the same goes for the confirmation to write the lvm partitions.
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true

# You can choose one of the three predefined partitioning recipes:
# - atomic: all files in one partition
# - home:   separate /home partition
# - multi:  separate /home, /var, and /tmp partitions
d-i partman-auto/choose_recipe select atomic

# Or provide a recipe of your own...
# If you have a way to get a recipe file into the d-i environment, you can
# just point at it.
#d-i partman-auto/expert_recipe_file string /hd-media/recipe

# If not, you can put an entire recipe into the preconfiguration file in one
# (logical) line. This example creates a small /boot partition, suitable
# swap, and uses the rest of the space for the root partition:
#d-i partman-auto/expert_recipe string                         \
#      boot-root ::                                            \
#              40 50 100 ext3                                  \
#                      $primary{ } $bootable{ }                \
#                      method{ format } format{ }              \
#                      use_filesystem{ } filesystem{ ext3 }    \
#                      mountpoint{ /boot }                     \
#              .                                               \
#              500 10000 1000000000 ext3                       \
#                      method{ format } format{ }              \
#                      use_filesystem{ } filesystem{ ext3 }    \
#                      mountpoint{ / }                         \
#              .                                               \
#              64 512 300% linux-swap                          \
#                      method{ swap } format{ }                \
#              .

# The full recipe format is documented in the file partman-auto-recipe.txt
# included in the 'debian-installer' package or available from D-I source
# repository. This also documents how to specify settings such as file
# system labels, volume group names and which physical devices to include
# in a volume group.

## Partitioning for EFI
# If your system needs an EFI partition you could add something like
# this to the recipe above, as the first element in the recipe:
#               538 538 1075 free                              \
#                      $iflabel{ gpt }                         \
#                      $reusemethod{ }                         \
#                      method{ efi }                           \
#                      format{ }                               \
#               .                                              \
#
# The fragment above is for the amd64 architecture; the details may be
# different on other architectures. The 'partman-auto' package in the
# D-I source repository may have an example you can follow.

# This makes partman automatically partition without confirmation, provided
# that you told it what to do using one of the methods above.
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true

# Force UEFI booting ('BIOS compatibility' will be lost). Default: false.
#d-i partman-efi/non_efi_system boolean true
# Ensure the partition table is GPT - this is required for EFI
#d-i partman-partitioning/choose_label select gpt
#d-i partman-partitioning/default_label string gpt

# When disk encryption is enabled, skip wiping the partitions beforehand.
#d-i partman-auto-crypto/erase_disks boolean false

B.4.7.2. 使用 RAID 分区

您可以使用预置来建立软 RAID 阵列。支持 RAID 等级 0、1、5、6 和 10,建立降级阵列(degraded arrays)和指定额外设备。

[警告] 警告

这种自动分区方式很容易出错。debian-installer 开发人员对它的功能只进行了相对较少的测试。让各种方案都正确(有意义而不冲突)的责任在于用户。如果您遇到问题,检查一下 /var/log/syslog

# The method should be set to "raid".
#d-i partman-auto/method string raid
# Specify the disks to be partitioned. They will all get the same layout,
# so this will only work if the disks are the same size.
#d-i partman-auto/disk string /dev/sda /dev/sdb

# Next you need to specify the physical partitions that will be used. 
#d-i partman-auto/expert_recipe string \
#      multiraid ::                                         \
#              1000 5000 4000 raid                          \
#                      $primary{ } method{ raid }           \
#              .                                            \
#              64 512 300% raid                             \
#                      method{ raid }                       \
#              .                                            \
#              500 10000 1000000000 raid                    \
#                      method{ raid }                       \
#              .

# Last you need to specify how the previously defined partitions will be
# used in the RAID setup. Remember to use the correct partition numbers
# for logical partitions. RAID levels 0, 1, 5, 6 and 10 are supported;
# devices are separated using "#".
# Parameters are:
# <raidtype> <devcount> <sparecount> <fstype> <mountpoint> \
#          <devices> <sparedevices>

#d-i partman-auto-raid/recipe string \
#    1 2 0 ext3 /                    \
#          /dev/sda1#/dev/sdb1       \
#    .                               \
#    1 2 0 swap -                    \
#          /dev/sda5#/dev/sdb5       \
#    .                               \
#    0 2 0 ext3 /home                \
#          /dev/sda6#/dev/sdb6       \
#    .

# For additional information see the file partman-auto-raid-recipe.txt
# included in the 'debian-installer' package or available from D-I source
# repository.

# This makes partman automatically partition without confirmation.
d-i partman-md/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true

B.4.7.3. 分区挂载控制

文件系统一般使用 UUID 作为关键字挂载; 这使得在设备名变更的情况下仍然可以正常挂载。UUID 本身很长不容易阅读,因此,安装程序也可以依照您的意愿使用传统设备名或者指定标签(label)挂载文件系统。假如安装程序使用标签方式,那些没有标签的文件系统仍然使用 UUID 方式挂载。

具有固定名称的设备,比如 LVM 逻辑卷,将继续使用它们自己的名字而不是 UUID 方式挂载。

[警告] 警告

传统设备名会根据内核在引导时发现的次序进行调整,这将导致挂载错误的文件系统。与此类似,假如您插入一个新磁盘或 USB 设备,标签也可能有冲突发生。这样系统启动后会出现一些随机的情况。

# The default is to mount by UUID, but you can also choose "traditional" to
# use traditional device names, or "label" to try filesystem labels before
# falling back to UUIDs.
#d-i partman/mount_style select uuid

B.4.8. 基本系统安装

本阶段的安装并没有多少东西需要预置。仅有一个与内核安装相关的问题。

# Configure APT to not install recommended packages by default. Use of this
# option can result in an incomplete system and should only be used by very
# experienced users.
#d-i base-installer/install-recommends boolean false

# The kernel image (meta) package to be installed; "none" can be used if no
# kernel is to be installed.
#d-i base-installer/kernel/image string linux-image-686

B.4.9. 设置 apt

设置 /etc/apt/sources.list 和其他的基本配置选项,将自动地基于您使用的安装方式以及前面问题的回答。您也可以选择性地安装其他(或本地)的仓库。

# Choose, if you want to scan additional installation media
# (default: false).
d-i apt-setup/cdrom/set-first boolean false
# You can choose to install non-free firmware.
#d-i apt-setup/non-free-firmware boolean true
# You can choose to install non-free and contrib software.
#d-i apt-setup/non-free boolean true
#d-i apt-setup/contrib boolean true
# Uncomment the following line, if you don't want to have the sources.list
# entry for a DVD/BD installation image active in the installed system
# (entries for netinst or CD images will be disabled anyway, regardless of
# this setting).
#d-i apt-setup/disable-cdrom-entries boolean true
# Uncomment this if you don't want to use a network mirror.
#d-i apt-setup/use_mirror boolean false
# Select which update services to use; define the mirrors to be used.
# Values shown below are the normal defaults.
#d-i apt-setup/services-select multiselect security, updates
#d-i apt-setup/security_host string security.debian.org

# Additional repositories, local[0-9] available
#d-i apt-setup/local0/repository string \
#       http://local.server/debian stable main
#d-i apt-setup/local0/comment string local server
# Enable deb-src lines
#d-i apt-setup/local0/source boolean true
# URL to the public key of the local repository; you must provide a key or
# apt will complain about the unauthenticated repository and so the
# sources.list line will be left commented out.
#d-i apt-setup/local0/key string http://local.server/key
# or one can provide it in-line by base64 encoding the contents of the
# key file (with `base64 -w0`) and specifying it thus:
#d-i apt-setup/local0/key string base64://LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCi4uLgo=
# The content of the key file is checked to see if it appears to be ASCII-armoured.
# If so it will be saved with an ".asc" extension, otherwise it gets a '.gpg' extension.
# "keybox database" format is currently not supported. (see generators/60local in apt-setup's source)

# By default the installer requires that repositories be authenticated
# using a known gpg key. This setting can be used to disable that
# authentication. Warning: Insecure, not recommended.
#d-i debian-installer/allow_unauthenticated boolean true

# Uncomment this to add multiarch configuration for i386
#d-i apt-setup/multiarch string i386

B.4.10. 选择软件包

您可以选择安装存在的任务的组合。本文编撰时已有的任务包括:

  • standard(标准工具)

  • desktop(图形化桌面)

  • gnome-desktop (Gnome 桌面)

  • xfce-desktop (XFCE 桌面)

  • kde-desktop (KDE Plasma 桌面)

  • cinnamon-desktop (Cinnamon 桌面)

  • mate-desktop (MATE 桌面)desktop)

  • lxde-desktop (LXDE 桌面)

  • web-server (web 服务器)

  • ssh-server (SSH 服务器)

您可以不选任务,并用其他方法安装一系列软件包。我们推荐选上 standard 任务。

或者,如果您根本不希望 tasksel 对话框出现,请预置 pkgsel/run_tasksel(这种情况将不会通过 tasksel 安装任何软件包)。

如果您打算安装一些安装任务之外的独立软件包,可以使用参数 pkgsel/include。该参数的值可以是用逗号或空格分开的软件包列表,便于在内核命令行上使用。

#tasksel tasksel/first multiselect standard, web-server, kde-desktop

# Or choose to not get the tasksel dialog displayed at all (and don't install
# any packages):
#d-i pkgsel/run_tasksel boolean false

# Individual additional packages to install
#d-i pkgsel/include string openssh-server build-essential
# Whether to upgrade packages after debootstrap.
# Allowed values: none, safe-upgrade, full-upgrade
#d-i pkgsel/upgrade select none

# You can choose, if your system will report back on what software you have
# installed, and what software you use. The default is not to report back,
# but sending reports helps the project determine what software is most
# popular and should be included on the first CD/DVD.
#popularity-contest popularity-contest/participate boolean false

B.4.11. 完成安装

# During installations from serial console, the regular virtual consoles
# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next
# line to prevent this.
#d-i finish-install/keep-consoles boolean true

# Avoid that last message about the install being complete.
d-i finish-install/reboot_in_progress note

# This will prevent the installer from ejecting the CD during the reboot,
# which is useful in some situations.
#d-i cdrom-detect/eject boolean false

# This is how to make the installer shutdown when finished, but not
# reboot into the installed system.
#d-i debian-installer/exit/halt boolean true
# This will power off the machine instead of just halting it.
#d-i debian-installer/exit/poweroff boolean true

B.4.12. 预置其他的软件包

# Depending on what software you choose to install, or if things go wrong
# during the installation process, it's possible that other questions may
# be asked. You can preseed those too, of course. To get a list of every
# possible question that could be asked during an install, do an
# installation, and then run these commands:
#   debconf-get-selections --installer > file
#   debconf-get-selections >> file


[18] 比如预置 localeen_NL 在安装后的系统中默认的 locale 将是 en_US.UTF-8。如果想使用 en_GB.UTF-8,该值应该分别进行预置。