Another Debian

After the release date for Debian Stretch was announced I started making a version of the Freedombone system for the new Debian. Freedombone is always based on the stable version of the OS, and that avoids having to deal with a lot of breakages, package changes or removals.

Distro reviews typically aren't very in depth or only focus on the user experience, so here is my summary of the main changes I've found in Debian Stretch compared to the previous version.

GPG version

The GPG version has changed from 1.x to 2.x, and that caused quite a few incompatabilities. Freedombone makes extensive use of GPG for email and backups and so this did involve some rewriting. The new GPG version now supports elliptic curve cryptography, so I think for the next release I'll go with that by default rather than using long RSA keys. That should improve performance on low end single board computers.

Network device names

In the beginning there was eth0 and wlan0 and similar network device names. In Debian Stretch network devices get assigned random names. I know that there's some some kind of justification for this, but it's the classic antipattern of making the defaults a lot more complicated for the sake of covering a single edge case. If you're an average user you probably won't care, but if you're a non-average user who wants consistent network interfaces accessible to scripting then it's a nightmare. Fortunately there's a workaround such that you can have wlan0 back again, and it always consistently remains as wlan0 and not some random serial number.

ffmpeg is back

It has been for a while, but now it's no longer just a backport. The libav/ffmpeg battle was an enormous pain which cause a giant amount of inconvenience and confusion when trying to install multimedia systems in the last few years. That should now be over.

MariaDB uses OS based authentication

This was another thing which threw me. Instead of having its own authentications MariaDB now defaults to user authentication from the operating system. Yes, that does make some sense but it also causes a lot of breakage if you're trying to upgrade database systems. Fortunately that can be turned off and the older style of authentication enabled again.

Onion addresses don't happen on reload

As far as I can tell Tor's onion addresses only get created when the daemon is restarted. In the previous Debian version a reload of the daemon was all that was required and so you could be logged in via ssh over an onion address and still install new apps. That no longer seems to be the case. Maybe there's a workaround, but I havn't found it yet.

ssh server now has a sandboxing option

This allows you you use kernel sandboxing for unprivileged processes. You might want to enable it in sshd-config.

systemd reboot and shutdown

In previous Debian versions you could use the reboot and shutdown commands to do just that. These no longer work in Stretch, and you have to use the systemd equivalents. Another example of systemd encroaching into areas of functionality where it doesn't need to, perhaps.

Dokuwiki is gone

There is no package. It looks like a case of the packaging not being done in time for the release. Still, it's easy enough to install from source.


The patched mutt package is now gone, but fortunately the regular mutt package includes the same sidebar functionality. With minor adjustments to muttrc it all still works.