qubes-doc/user/managing-os/debian/debian.md

---
layout: doc
title: The Debian TemplateVM
permalink: /doc/templates/debian/
redirect_from:
- /doc/debian/
- /en/doc/templates/debian/
- /doc/Templates/Debian/
- /wiki/Templates/Debian/
---

# The Debian TemplateVM

The Debian [TemplateVM] is an officially [supported] TemplateVM in Qubes OS.
This page is about the standard (or "full") Debian TemplateVM.
For the minimal version, please see the [Minimal TemplateVMs] page.
There is also a [Qubes page on the Debian Wiki].


## Installing

To [install] a specific Debian TemplateVM that is not currently installed in your system, use the following command in dom0:

    $ sudo qubes-dom0-update qubes-template-debian-XX

   (Replace `XX` with the Debian version number of the template you wish to install.)

To reinstall a Debian TemplateVM that is already installed in your system, see [How to Reinstall a TemplateVM].


## After Installing

After installing a fresh Debian TemplateVM, we recommend performing the following steps:

1. [Update the TemplateVM].

2. [Switch any TemplateBasedVMs that are based on the old TemplateVM to the new one][switch].

3. If desired, [uninstall the old TemplateVM].


## Updating

Please see [Updating software in TemplateVMs].


## Upgrading

Please see [Upgrading Debian TemplateVMs].


## Release-specific notes

This section contains notes about specific Debian releases.


### Debian 10

Debian 10 templates are currently available from the testing repository.

Debian 10 (buster) - minimal:

    [user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-debian-10-minimal

Because this template was built *before* buster became stable, it cannot be updated without [manually accepting the change in status][5149].
Also, to install additional Qubes packages you will have to enable the qubes-testing repository.


Debian 10 (buster) - stable:

    [user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-debian-10

Because this template was built *before* buster became stable, it cannot be updated without [manually accepting the change in status][5149].


### Starting services

The Debian way (generally) is to start daemons if they are installed.
This means that if you install (say) ssh-server in a template, *all* the qubes that use that template will run a ssh server when they start. (They will, naturally, all have the same server key.) This may not be what you want.

So be very careful when installing software in Templates - if the daemon spawns outbound connections then there is a serious security risk.

In general, a reasonable approach would be, (using ssh as example):
- Install the ssh service.
- systemctl stop ssh
- systemctl disable ssh
- systemctl mask ssh
- Close down template

Now the ssh service will **NOT** start in qubes based on this template.

Where you **DO** want the service to run, put this in /rw/config/rc.local:

    systemctl unmask ssh
    systemctl start ssh

Don't forget to make the file executable.


### Unattended Upgrades

Some users have noticed that on upgrading to Stretch, the unattended-upgrade package is installed.

This package is pulled in as part of a Recommend chain, and can be purged.

The lesson is that you should carefully look at what is being installed to your system, particularly if you run dist-upgrade. 


### Package installation errors in Qubes 4.0

By default, templates in 4.0 only have a loopback interface.

Some packages will throw an error on installation in this situation.
For example, Samba expects to be configured using a network interface post installation.

One solution is to add a dummy interface to allow the package to install correctly:

    ip link add d0 type dummy
    ip addr add 192.168.0.1/24 dev d0
    ip link set d0 up


[TemplateVM]: /doc/templates/
[Minimal TemplateVMs]: /doc/templates/minimal/
[Qubes page on the Debian Wiki]: https://wiki.debian.org/Qubes
[end-of-life]: https://wiki.debian.org/DebianReleases#Production_Releases
[supported]: /doc/supported-versions/#templatevms
[How to Reinstall a TemplateVM]: /doc/reinstall-template/
[Update the TemplateVM]: /doc/software-update-vm/
[switch]: /doc/templates/#switching
[uninstall the old TemplateVM]: /doc/templates/#uninstalling
[Updating software in TemplateVMs]: /doc/software-update-domu/#updating-software-in-templatevms
[Upgrading Debian TemplateVMs]: /doc/template/debian/upgrade/
[5149]: https://github.com/QubesOS/qubes-issues/issues/5149
[install]: /doc/templates/#installing
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00			`---`
wiki -> doc migration 2015-04-10 16:17:45 -04:00			`layout: doc`
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`title: The Debian TemplateVM`
Remove en/ from URLs (QubesOS/qubes-issues#1333) 2015-10-28 18:14:40 -04:00			`permalink: /doc/templates/debian/`
Change URIs from CamelCase to lowercase-hyphen-separated 2015-10-11 03:04:59 -04:00			`redirect_from:`
Add "/doc" prefix 2016-05-21 10:49:01 -04:00			`- /doc/debian/`
Remove en/ from URLs (QubesOS/qubes-issues#1333) 2015-10-28 18:14:40 -04:00			`- /en/doc/templates/debian/`
Change URIs from CamelCase to lowercase-hyphen-separated 2015-10-11 03:04:59 -04:00			`- /doc/Templates/Debian/`
			`- /wiki/Templates/Debian/`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00			`---`

Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`# The Debian TemplateVM`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`The Debian [TemplateVM] is an officially [supported] TemplateVM in Qubes OS.`
			`This page is about the standard (or "full") Debian TemplateVM.`
			`For the minimal version, please see the [Minimal TemplateVMs] page.`
			`There is also a [Qubes page on the Debian Wiki].`
templates update 2015-04-23 10:14:55 -04:00

Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`## Installing`
templates update 2015-04-23 10:14:55 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`To [install] a specific Debian TemplateVM that is not currently installed in your system, use the following command in dom0:`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`$ sudo qubes-dom0-update qubes-template-debian-XX`
Update debian.md 2018-10-22 09:09:09 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			(Replace `XX` with the Debian version number of the template you wish to install.)
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`To reinstall a Debian TemplateVM that is already installed in your system, see [How to Reinstall a TemplateVM].`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Some more updates to templates 2015-04-22 23:26:43 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`## After Installing`
Some more updates to templates 2015-04-22 23:26:43 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`After installing a fresh Debian TemplateVM, we recommend performing the following steps:`
Some more updates to templates 2015-04-22 23:26:43 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`1. [Update the TemplateVM].`
document that there is no progress indicator since this caused a confused user to ask on the mailing list 2016-01-20 10:00:53 -05:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`2. [Switch any TemplateBasedVMs that are based on the old TemplateVM to the new one][switch].`
Templates/Debian changed Initial page 2014-07-28 17:14:28 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`3. If desired, [uninstall the old TemplateVM].`
Make it clear that Stretch template is available in Qubes 4.0 2017-11-27 19:52:39 -05:00
Mention option for upgrading latest Debian stable template to stretch. 2016-05-21 08:22:30 -04:00
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`## Updating`

			`Please see [Updating software in TemplateVMs].`


			`## Upgrading`

			`Please see [Upgrading Debian TemplateVMs].`


			`## Release-specific notes`

			`This section contains notes about specific Debian releases.`


			`### Debian 10`

			`Debian 10 templates are currently available from the testing repository.`
Actually use the new Debian upgrade page 2019-08-22 12:30:06 -04:00
			`Debian 10 (buster) - minimal:`

			`[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-debian-10-minimal`

			`Because this template was built before buster became stable, it cannot be updated without [manually accepting the change in status][5149].`
			`Also, to install additional Qubes packages you will have to enable the qubes-testing repository.`

Debian templates - Update information on available templates 2019-07-10 11:43:46 -04:00
			`Debian 10 (buster) - stable:`

			`[user@dom0 ~]$ sudo qubes-dom0-update --enablerepo=qubes-templates-itl-testing qubes-template-debian-10`

			`Because this template was built before buster became stable, it cannot be updated without [manually accepting the change in status][5149].`


Update debian.md Added some clarifying info about updating to Stretch Closes #426 2017-05-20 17:48:23 -04:00			`### Starting services`
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00
			`The Debian way (generally) is to start daemons if they are installed.`
			`This means that if you install (say) ssh-server in a template, all the qubes that use that template will run a ssh server when they start. (They will, naturally, all have the same server key.) This may not be what you want.`

			`So be very careful when installing software in Templates - if the daemon spawns outbound connections then there is a serious security risk.`

			`In general, a reasonable approach would be, (using ssh as example):`
			`- Install the ssh service.`
			`- systemctl stop ssh`
			`- systemctl disable ssh`
			`- systemctl mask ssh`
			`- Close down template`

			`Now the ssh service will NOT start in qubes based on this template.`

			`Where you DO want the service to run, put this in /rw/config/rc.local:`

			`systemctl unmask ssh`
			`systemctl start ssh`

			`Don't forget to make the file executable.`


Update debian.md Added some clarifying info about updating to Stretch Closes #426 2017-05-20 17:48:23 -04:00			`### Unattended Upgrades`
Add note on services in Debian templates and install problems Closes QubesOS/qubes-issues/2621 2017-02-09 15:29:54 -05:00
			`Some users have noticed that on upgrading to Stretch, the unattended-upgrade package is installed.`

			`This package is pulled in as part of a Recommend chain, and can be purged.`

			`The lesson is that you should carefully look at what is being installed to your system, particularly if you run dist-upgrade.`


Explain why Debian packages may fail to install correctly on 4.0 2018-03-21 20:35:56 -04:00			`### Package installation errors in Qubes 4.0`

			`By default, templates in 4.0 only have a loopback interface.`

Actually use the new Debian upgrade page 2019-08-22 12:30:06 -04:00			`Some packages will throw an error on installation in this situation.`
			`For example, Samba expects to be configured using a network interface post installation.`
Explain why Debian packages may fail to install correctly on 4.0 2018-03-21 20:35:56 -04:00
			`One solution is to add a dummy interface to allow the package to install correctly:`

Fix typo: "thow" and remove extraspaces Fix typo: "thow" and remove extraspaces 2019-02-08 09:18:08 -05:00			`ip link add d0 type dummy`
Explain why Debian packages may fail to install correctly on 4.0 2018-03-21 20:35:56 -04:00			`ip addr add 192.168.0.1/24 dev d0`
			`ip link set d0 up`


Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`[TemplateVM]: /doc/templates/`
			`[Minimal TemplateVMs]: /doc/templates/minimal/`
			`[Qubes page on the Debian Wiki]: https://wiki.debian.org/Qubes`
			`[end-of-life]: https://wiki.debian.org/DebianReleases#Production_Releases`
			`[supported]: /doc/supported-versions/#templatevms`
			`[How to Reinstall a TemplateVM]: /doc/reinstall-template/`
			`[Update the TemplateVM]: /doc/software-update-vm/`
			`[switch]: /doc/templates/#switching`
Fix links 2019-09-02 06:03:21 -04:00			`[uninstall the old TemplateVM]: /doc/templates/#uninstalling`
			`[Updating software in TemplateVMs]: /doc/software-update-domu/#updating-software-in-templatevms`
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`[Upgrading Debian TemplateVMs]: /doc/template/debian/upgrade/`
Debian templates - Update information on available templates 2019-07-10 11:43:46 -04:00			`[5149]: https://github.com/QubesOS/qubes-issues/issues/5149`
Revamp documentation on managing OSes in Qubes - Unify and normalize Fedora and Debian docs - Deduplicate content - Cross-link pages - Move content to correct pages - Use more accurate and intuitive terms and names Fixes QubesOS/qubes-issues#5284 2019-09-02 05:34:26 -04:00			`[install]: /doc/templates/#installing`