qubes-doc/user/managing-os/debian/debian.md

---
lang: en
layout: doc
permalink: /doc/templates/debian/
redirect_from:
- /doc/debian/
- /en/doc/templates/debian/
- /doc/Templates/Debian/
- /wiki/Templates/Debian/
ref: 134
title: The Debian TemplateVM
---

# The Debian TemplateVM

The Debian [TemplateVM](/doc/templates/) is an officially [supported](/doc/supported-versions/#templatevms) TemplateVM in Qubes OS.
This page is about the standard (or "full") Debian TemplateVM.
For the minimal version, please see the [Minimal TemplateVMs](/doc/templates/minimal/) page.
There is also a [Qubes page on the Debian Wiki](https://wiki.debian.org/Qubes).

## Installing

To [install](/doc/templates/#installing) a specific Debian TemplateVM that is not currently installed in your system, use the following command in dom0:

```
$ sudo qubes-dom0-update qubes-template-debian-XX
```

   (Replace `XX` with the Debian version number of the template you wish to install.)

To reinstall a Debian TemplateVM that is already installed in your system, see [How to Reinstall a TemplateVM](/doc/reinstall-template/).

## After Installing

After installing a fresh Debian TemplateVM, we recommend performing the following steps:

1. [Update the TemplateVM](/doc/software-update-vm/).

2. [Switch any TemplateBasedVMs that are based on the old TemplateVM to the new one](/doc/templates/#switching).

3. If desired, [uninstall the old TemplateVM](/doc/templates/#uninstalling).

## Updating

For routine daily TemplateVM updates within a given Debian release, see [Updating software in TemplateVMs](/doc/software-update-domu/#updating-software-in-templatevms).

## Upgrading

There are two ways to upgrade your TemplateVM to a new Debian release:

- [Install a fresh template to replace the existing one.](#installing) This option may be simpler for less experienced users. After you install the new template, redo all desired template modifications and [switch everything that was set to the old template to the new template](/doc/templates/#switching). You may want to write down the modifications you make to your templates so that you remember what to redo on each fresh install. In the old Debian template, see `/var/log/dpkg.log` and `/var/log/apt/history.log` for logs of package manager actions.

- [Perform an in-place upgrade of an existing Debian template.](/doc/template/debian/upgrade/) This option will preserve any modifications you've made to the template, but it may be more complicated for less experienced users.

## Release-specific notes

This section contains notes about specific Debian releases.

### Debian 10

Debian 10 (buster) - minimal:

```
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl qubes-template-debian-10-minimal
```

Debian 10 (buster) - stable:

```
[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl qubes-template-debian-10
```

### Starting services

The Debian way (generally) is to start daemons if they are installed.
This means that if you install (say) ssh-server in a template, *all* the qubes that use that template will run a ssh server when they start. (They will, naturally, all have the same server key.) This may not be what you want.

So be very careful when installing software in Templates - if the daemon spawns outbound connections then there is a serious security risk.

In general, a reasonable approach would be, (using ssh as example):

- Install the ssh service.
- `systemctl stop ssh`
- `systemctl disable ssh`
- `systemctl mask ssh`
- Close down template

Now the ssh service will **NOT** start in qubes based on this template.

Where you **DO** want the service to run, put this in `/rw/config/rc.local`:

```
systemctl unmask ssh
systemctl start ssh
```

Don't forget to make the file executable.

### Unattended Upgrades

Some users have noticed that on upgrading to Stretch, the `unattended-upgrade` package is installed.

This package is pulled in as part of a Recommend chain, and can be purged.

The lesson is that you should carefully look at what is being installed to your system, particularly if you run `dist-upgrade`.

### Package installation errors in Qubes 4.0

If some packages throw installation errors, see [this guide.](/doc/vm-troubleshooting/#fixing-package-installation-errors)
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00			`---`
Add lang + ref tags to frontmatter Those are fields used by the language switcher to correlate pages across different languages, even if they have different names/paths/titles. They are generated with the prepare_for_translation.py script. 2021-03-13 13:06:18 -05:00			`lang: en`
wiki -> doc migration 2015-04-10 16:17:45 -04:00			`layout: doc`
Remove en/ from URLs (QubesOS/qubes-issues#1333) 2015-10-28 18:14:40 -04:00			`permalink: /doc/templates/debian/`
Change URIs from CamelCase to lowercase-hyphen-separated 2015-10-11 03:04:59 -04:00			`redirect_from:`
Add "/doc" prefix 2016-05-21 10:49:01 -04:00			`- /doc/debian/`
Remove en/ from URLs (QubesOS/qubes-issues#1333) 2015-10-28 18:14:40 -04:00			`- /en/doc/templates/debian/`
Change URIs from CamelCase to lowercase-hyphen-separated 2015-10-11 03:04:59 -04:00			`- /doc/Templates/Debian/`
			`- /wiki/Templates/Debian/`
Add lang + ref tags to frontmatter Those are fields used by the language switcher to correlate pages across different languages, even if they have different names/paths/titles. They are generated with the prepare_for_translation.py script. 2021-03-13 13:06:18 -05:00			`ref: 134`
Normalize frontmatter - sort keys - remove permalink from redirects 2021-03-13 12:42:50 -05:00			`title: The Debian TemplateVM`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00			`---`

Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`# The Debian TemplateVM`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Refactor links in order to obey the new convention rule 2021-04-10 18:09:05 -04:00			`The Debian [TemplateVM](/doc/templates/) is an officially [supported](/doc/supported-versions/#templatevms) TemplateVM in Qubes OS.`
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`This page is about the standard (or "full") Debian TemplateVM.`
Refactor links in order to obey the new convention rule 2021-04-10 18:09:05 -04:00			`For the minimal version, please see the [Minimal TemplateVMs](/doc/templates/minimal/) page.`
			`There is also a [Qubes page on the Debian Wiki](https://wiki.debian.org/Qubes).`
templates update 2015-04-23 10:14:55 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`## Installing`
templates update 2015-04-23 10:14:55 -04:00
Refactor links in order to obey the new convention rule 2021-04-10 18:09:05 -04:00			`To [install](/doc/templates/#installing) a specific Debian TemplateVM that is not currently installed in your system, use the following command in dom0:`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Markdown formatting fixes - mark all code blocks with ``` - unify empty lines between sections - adjust list syntax (no space before dash) - adjust headers to use Atx-style syntax - remove trailing spaces 2021-03-13 12:03:23 -05:00			```
			`$ sudo qubes-dom0-update qubes-template-debian-XX`
			```
Update debian.md 2018-10-22 09:09:09 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			(Replace `XX` with the Debian version number of the template you wish to install.)
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Refactor links in order to obey the new convention rule 2021-04-10 18:09:05 -04:00			`To reinstall a Debian TemplateVM that is already installed in your system, see [How to Reinstall a TemplateVM](/doc/reinstall-template/).`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`## After Installing`
Some more updates to templates 2015-04-22 23:26:43 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`After installing a fresh Debian TemplateVM, we recommend performing the following steps:`
Some more updates to templates 2015-04-22 23:26:43 -04:00
Refactor links in order to obey the new convention rule 2021-04-10 18:09:05 -04:00			`1. [Update the TemplateVM](/doc/software-update-vm/).`
document that there is no progress indicator since this caused a confused user to ask on the mailing list 2016-01-20 10:00:53 -05:00
Refactor links in order to obey the new convention rule 2021-04-10 18:09:05 -04:00			`2. [Switch any TemplateBasedVMs that are based on the old TemplateVM to the new one](/doc/templates/#switching).`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Refactor links in order to obey the new convention rule 2021-04-10 18:09:05 -04:00			`3. If desired, [uninstall the old TemplateVM](/doc/templates/#uninstalling).`
Make it clear that Stretch template is available in Qubes 4.0 2017-11-27 19:52:39 -05:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`## Updating`

Refactor links in order to obey the new convention rule 2021-04-10 18:09:05 -04:00			`For routine daily TemplateVM updates within a given Debian release, see [Updating software in TemplateVMs](/doc/software-update-domu/#updating-software-in-templatevms).`
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00
			`## Upgrading`

Improve Fedora and Debian upgrade information 2020-08-16 04:49:30 -04:00			`There are two ways to upgrade your TemplateVM to a new Debian release:`

Refactor links in order to obey the new convention rule 2021-04-10 18:09:05 -04:00			- [Install a fresh template to replace the existing one.](#installing) This option may be simpler for less experienced users. After you install the new template, redo all desired template modifications and [switch everything that was set to the old template to the new template](/doc/templates/#switching). You may want to write down the modifications you make to your templates so that you remember what to redo on each fresh install. In the old Debian template, see `/var/log/dpkg.log` and `/var/log/apt/history.log` for logs of package manager actions.
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00
Refactor links in order to obey the new convention rule 2021-04-10 18:09:05 -04:00			`- [Perform an in-place upgrade of an existing Debian template.](/doc/template/debian/upgrade/) This option will preserve any modifications you've made to the template, but it may be more complicated for less experienced users.`
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00
			`## Release-specific notes`

			`This section contains notes about specific Debian releases.`

			`### Debian 10`

Actually use the new Debian upgrade page 2019-08-22 12:30:06 -04:00			`Debian 10 (buster) - minimal:`

Markdown formatting fixes - mark all code blocks with ``` - unify empty lines between sections - adjust list syntax (no space before dash) - adjust headers to use Atx-style syntax - remove trailing spaces 2021-03-13 12:03:23 -05:00			```
			`[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl qubes-template-debian-10-minimal`
			```
Actually use the new Debian upgrade page 2019-08-22 12:30:06 -04:00
Debian templates - Update information on available templates 2019-07-10 11:43:46 -04:00			`Debian 10 (buster) - stable:`

Markdown formatting fixes - mark all code blocks with ``` - unify empty lines between sections - adjust list syntax (no space before dash) - adjust headers to use Atx-style syntax - remove trailing spaces 2021-03-13 12:03:23 -05:00			```
			`[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl qubes-template-debian-10`
			```
Debian templates - Update information on available templates 2019-07-10 11:43:46 -04:00
Update debian.md Added some clarifying info about updating to Stretch Closes #426 2017-05-20 17:48:23 -04:00			`### Starting services`
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00
			`The Debian way (generally) is to start daemons if they are installed.`
			`This means that if you install (say) ssh-server in a template, all the qubes that use that template will run a ssh server when they start. (They will, naturally, all have the same server key.) This may not be what you want.`

			`So be very careful when installing software in Templates - if the daemon spawns outbound connections then there is a serious security risk.`

			`In general, a reasonable approach would be, (using ssh as example):`
Markdown formatting fixes - mark all code blocks with ``` - unify empty lines between sections - adjust list syntax (no space before dash) - adjust headers to use Atx-style syntax - remove trailing spaces 2021-03-13 12:03:23 -05:00
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00			`- Install the ssh service.`
Add code block for commands and packages 2020-04-19 15:54:19 -04:00			- `systemctl stop ssh`
			- `systemctl disable ssh`
			- `systemctl mask ssh`
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00			`- Close down template`

			`Now the ssh service will NOT start in qubes based on this template.`

Add code block for commands and packages 2020-04-19 15:54:19 -04:00			Where you DO want the service to run, put this in `/rw/config/rc.local`:
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00
Markdown formatting fixes - mark all code blocks with ``` - unify empty lines between sections - adjust list syntax (no space before dash) - adjust headers to use Atx-style syntax - remove trailing spaces 2021-03-13 12:03:23 -05:00			```
			`systemctl unmask ssh`
			`systemctl start ssh`
			```
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00
			`Don't forget to make the file executable.`

Update debian.md Added some clarifying info about updating to Stretch Closes #426 2017-05-20 17:48:23 -04:00			`### Unattended Upgrades`
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00
Add code block for commands and packages 2020-04-19 15:54:19 -04:00			Some users have noticed that on upgrading to Stretch, the `unattended-upgrade` package is installed.
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00
			`This package is pulled in as part of a Recommend chain, and can be purged.`

Markdown formatting fixes - mark all code blocks with ``` - unify empty lines between sections - adjust list syntax (no space before dash) - adjust headers to use Atx-style syntax - remove trailing spaces 2021-03-13 12:03:23 -05:00			The lesson is that you should carefully look at what is being installed to your system, particularly if you run `dist-upgrade`.
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00
Explain why Debian packages may fail to install correctly on 4.0 2018-03-21 20:35:56 -04:00			`### Package installation errors in Qubes 4.0`

Add VM Troubleshooting 2020-10-10 06:02:41 -04:00			`If some packages throw installation errors, see [this guide.](/doc/vm-troubleshooting/#fixing-package-installation-errors)`
Explain why Debian packages may fail to install correctly on 4.0 2018-03-21 20:35:56 -04:00