qubes-doc/user/managing-os/debian/debian.md

---
layout: doc
title: The Debian TemplateVM
permalink: /doc/templates/debian/
redirect_from:
- /doc/debian/
- /en/doc/templates/debian/
- /doc/Templates/Debian/
- /wiki/Templates/Debian/
---

# The Debian TemplateVM

The Debian [TemplateVM] is an officially [supported] TemplateVM in Qubes OS.
This page is about the standard (or "full") Debian TemplateVM.
For the minimal version, please see the [Minimal TemplateVMs] page.
There is also a [Qubes page on the Debian Wiki].


## Installing

To [install] a specific Debian TemplateVM that is not currently installed in your system, use the following command in dom0:

    $ sudo qubes-dom0-update qubes-template-debian-XX

   (Replace `XX` with the Debian version number of the template you wish to install.)

To reinstall a Debian TemplateVM that is already installed in your system, see [How to Reinstall a TemplateVM].


## After Installing

After installing a fresh Debian TemplateVM, we recommend performing the following steps:

1. [Update the TemplateVM].

2. [Switch any TemplateBasedVMs that are based on the old TemplateVM to the new one][switch].

3. If desired, [uninstall the old TemplateVM].


## Updating

Routine daily updates within a given release.

Please see [Updating software in TemplateVMs].


## Upgrading

There are two ways to upgrade a TemplateVM. The easiest way is to [install] the new Debian TemplateVM next to the Debian TemplateVM you are currently using. Then redo all desired template modifications, and switch everything that was set to the old template to the new template.To make this process as efficient as possible, document modifications to your TemplateVMs in a text file. If you do not have this documentation yet, open a terminal in the old Debian TemplateVM, and use the `history` command. (There is currently no other way to gain a list of explicitly installed packages. Methods like `apt list --installed`, `dpkg -l` and `aptitude search '~i!~M'` all include packages that have been installed as dependencies.)

You can also do an in-place upgrade of an installed Debian TemplateVM. Please see [Upgrading Debian TemplateVMs].


## Release-specific notes

This section contains notes about specific Debian releases.


### Debian 10

Debian 10 (buster) - minimal:

    [user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl qubes-template-debian-10-minimal

Debian 10 (buster) - stable:

    [user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl qubes-template-debian-10

### Starting services

The Debian way (generally) is to start daemons if they are installed.
This means that if you install (say) ssh-server in a template, *all* the qubes that use that template will run a ssh server when they start. (They will, naturally, all have the same server key.) This may not be what you want.

So be very careful when installing software in Templates - if the daemon spawns outbound connections then there is a serious security risk.

In general, a reasonable approach would be, (using ssh as example):
- Install the ssh service.
- `systemctl stop ssh`
- `systemctl disable ssh`
- `systemctl mask ssh`
- Close down template

Now the ssh service will **NOT** start in qubes based on this template.

Where you **DO** want the service to run, put this in `/rw/config/rc.local`:

    systemctl unmask ssh
    systemctl start ssh

Don't forget to make the file executable.


### Unattended Upgrades

Some users have noticed that on upgrading to Stretch, the `unattended-upgrade` package is installed.

This package is pulled in as part of a Recommend chain, and can be purged.

The lesson is that you should carefully look at what is being installed to your system, particularly if you run `dist-upgrade`. 


### Package installation errors in Qubes 4.0

By default, templates in 4.0 only have a loopback interface.

Some packages will throw an error on installation in this situation.
For example, Samba expects to be configured using a network interface post installation.

One solution is to add a dummy interface to allow the package to install correctly:

    ip link add d0 type dummy
    ip addr add 192.168.0.1/24 dev d0
    ip link set d0 up


[TemplateVM]: /doc/templates/
[Minimal TemplateVMs]: /doc/templates/minimal/
[Qubes page on the Debian Wiki]: https://wiki.debian.org/Qubes
[end-of-life]: https://wiki.debian.org/DebianReleases#Production_Releases
[supported]: /doc/supported-versions/#templatevms
[How to Reinstall a TemplateVM]: /doc/reinstall-template/
[Update the TemplateVM]: /doc/software-update-vm/
[switch]: /doc/templates/#switching
[uninstall the old TemplateVM]: /doc/templates/#uninstalling
[Updating software in TemplateVMs]: /doc/software-update-domu/#updating-software-in-templatevms
[Upgrading Debian TemplateVMs]: /doc/template/debian/upgrade/
[5149]: https://github.com/QubesOS/qubes-issues/issues/5149
[install]: /doc/templates/#installing
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00			`---`
wiki -> doc migration 2015-04-10 16:17:45 -04:00			`layout: doc`
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`title: The Debian TemplateVM`
Remove en/ from URLs (QubesOS/qubes-issues#1333) 2015-10-28 18:14:40 -04:00			`permalink: /doc/templates/debian/`
Change URIs from CamelCase to lowercase-hyphen-separated 2015-10-11 03:04:59 -04:00			`redirect_from:`
Add "/doc" prefix 2016-05-21 10:49:01 -04:00			`- /doc/debian/`
Remove en/ from URLs (QubesOS/qubes-issues#1333) 2015-10-28 18:14:40 -04:00			`- /en/doc/templates/debian/`
Change URIs from CamelCase to lowercase-hyphen-separated 2015-10-11 03:04:59 -04:00			`- /doc/Templates/Debian/`
			`- /wiki/Templates/Debian/`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00			`---`

Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`# The Debian TemplateVM`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`The Debian [TemplateVM] is an officially [supported] TemplateVM in Qubes OS.`
			`This page is about the standard (or "full") Debian TemplateVM.`
			`For the minimal version, please see the [Minimal TemplateVMs] page.`
			`There is also a [Qubes page on the Debian Wiki].`
templates update 2015-04-23 10:14:55 -04:00

Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`## Installing`
templates update 2015-04-23 10:14:55 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`To [install] a specific Debian TemplateVM that is not currently installed in your system, use the following command in dom0:`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`$ sudo qubes-dom0-update qubes-template-debian-XX`
Update debian.md 2018-10-22 09:09:09 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			(Replace `XX` with the Debian version number of the template you wish to install.)
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`To reinstall a Debian TemplateVM that is already installed in your system, see [How to Reinstall a TemplateVM].`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Some more updates to templates 2015-04-22 23:26:43 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`## After Installing`
Some more updates to templates 2015-04-22 23:26:43 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`After installing a fresh Debian TemplateVM, we recommend performing the following steps:`
Some more updates to templates 2015-04-22 23:26:43 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`1. [Update the TemplateVM].`
document that there is no progress indicator since this caused a confused user to ask on the mailing list 2016-01-20 10:00:53 -05:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`2. [Switch any TemplateBasedVMs that are based on the old TemplateVM to the new one][switch].`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`3. If desired, [uninstall the old TemplateVM].`
Make it clear that Stretch template is available in Qubes 4.0 2017-11-27 19:52:39 -05:00
Mention option for upgrading latest Debian stable template to stretch. 2016-05-21 08:22:30 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`## Updating`

Clarify "updating" and "upgrading"; remove unused section 2020-07-30 17:19:16 -04:00			`Routine daily updates within a given release.`

Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`Please see [Updating software in TemplateVMs].`


			`## Upgrading`

Update debian.md 2020-08-15 12:53:22 -04:00			There are two ways to upgrade a TemplateVM. The easiest way is to [install] the new Debian TemplateVM next to the Debian TemplateVM you are currently using. Then redo all desired template modifications, and switch everything that was set to the old template to the new template.To make this process as efficient as possible, document modifications to your TemplateVMs in a text file. If you do not have this documentation yet, open a terminal in the old Debian TemplateVM, and use the `history` command. (There is currently no other way to gain a list of explicitly installed packages. Methods like `apt list --installed`, `dpkg -l` and `aptitude search '~i!~M'` all include packages that have been installed as dependencies.)
"Desired changes for pullrequest #1024" 2020-08-05 06:39:07 -04:00
			`You can also do an in-place upgrade of an installed Debian TemplateVM. Please see [Upgrading Debian TemplateVMs].`
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00

			`## Release-specific notes`

			`This section contains notes about specific Debian releases.`


			`### Debian 10`

Actually use the new Debian upgrade page 2019-08-22 12:30:06 -04:00			`Debian 10 (buster) - minimal:`

update section "Debian 10" 2019-11-22 23:41:02 -05:00			`[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl qubes-template-debian-10-minimal`
Actually use the new Debian upgrade page 2019-08-22 12:30:06 -04:00
Debian templates - Update information on available templates 2019-07-10 11:43:46 -04:00			`Debian 10 (buster) - stable:`

update section "Debian 10" 2019-11-22 23:41:02 -05:00			`[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl qubes-template-debian-10`
Debian templates - Update information on available templates 2019-07-10 11:43:46 -04:00
Update debian.md Added some clarifying info about updating to Stretch Closes #426 2017-05-20 17:48:23 -04:00			`### Starting services`
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00
			`The Debian way (generally) is to start daemons if they are installed.`
			`This means that if you install (say) ssh-server in a template, all the qubes that use that template will run a ssh server when they start. (They will, naturally, all have the same server key.) This may not be what you want.`

			`So be very careful when installing software in Templates - if the daemon spawns outbound connections then there is a serious security risk.`

			`In general, a reasonable approach would be, (using ssh as example):`
			`- Install the ssh service.`
Add code block for commands and packages 2020-04-19 15:54:19 -04:00			- `systemctl stop ssh`
			- `systemctl disable ssh`
			- `systemctl mask ssh`
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00			`- Close down template`

			`Now the ssh service will NOT start in qubes based on this template.`

Add code block for commands and packages 2020-04-19 15:54:19 -04:00			Where you DO want the service to run, put this in `/rw/config/rc.local`:
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00
			`systemctl unmask ssh`
			`systemctl start ssh`

			`Don't forget to make the file executable.`


Update debian.md Added some clarifying info about updating to Stretch Closes #426 2017-05-20 17:48:23 -04:00			`### Unattended Upgrades`
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00
Add code block for commands and packages 2020-04-19 15:54:19 -04:00			Some users have noticed that on upgrading to Stretch, the `unattended-upgrade` package is installed.
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00
			`This package is pulled in as part of a Recommend chain, and can be purged.`

Add code block for commands and packages 2020-04-19 15:54:19 -04:00			The lesson is that you should carefully look at what is being installed to your system, particularly if you run `dist-upgrade`.
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00

Explain why Debian packages may fail to install correctly on 4.0 2018-03-21 20:35:56 -04:00			`### Package installation errors in Qubes 4.0`

			`By default, templates in 4.0 only have a loopback interface.`

Actually use the new Debian upgrade page 2019-08-22 12:30:06 -04:00			`Some packages will throw an error on installation in this situation.`
			`For example, Samba expects to be configured using a network interface post installation.`
Explain why Debian packages may fail to install correctly on 4.0 2018-03-21 20:35:56 -04:00
			`One solution is to add a dummy interface to allow the package to install correctly:`

Fix typo: "thow" and remove extraspaces Fix typo: "thow" and remove extraspaces 2019-02-08 09:18:08 -05:00			`ip link add d0 type dummy`
Explain why Debian packages may fail to install correctly on 4.0 2018-03-21 20:35:56 -04:00			`ip addr add 192.168.0.1/24 dev d0`
			`ip link set d0 up`


Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`[TemplateVM]: /doc/templates/`
			`[Minimal TemplateVMs]: /doc/templates/minimal/`
			`[Qubes page on the Debian Wiki]: https://wiki.debian.org/Qubes`
			`[end-of-life]: https://wiki.debian.org/DebianReleases#Production_Releases`
			`[supported]: /doc/supported-versions/#templatevms`
			`[How to Reinstall a TemplateVM]: /doc/reinstall-template/`
			`[Update the TemplateVM]: /doc/software-update-vm/`
			`[switch]: /doc/templates/#switching`
Fix links 2019-09-02 06:03:21 -04:00			`[uninstall the old TemplateVM]: /doc/templates/#uninstalling`
			`[Updating software in TemplateVMs]: /doc/software-update-domu/#updating-software-in-templatevms`
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`[Upgrading Debian TemplateVMs]: /doc/template/debian/upgrade/`
Debian templates - Update information on available templates 2019-07-10 11:43:46 -04:00			`[5149]: https://github.com/QubesOS/qubes-issues/issues/5149`
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`[install]: /doc/templates/#installing`