Sunday, May 22, 2016

Xubuntu 16.04 LTS minimal installation

[Image]

Here is the next article from my "Minimal Xubunu Installation" serie. This time I'll be installing Xubuntu 16.04 LTS codename Xenial Xerus. Please read to the end before you start with installation.

Get the netboot mini ISO depending on the architecture from here and 'dd' it onto a USB stick. Reboot the computer to start the installer. Please note that you can't use the mini iso with the UEFI-based systems as it is described here

If you're going to install over a protected WLAN you should note the following before you start – when base system installation process is finished and you reboot your computer into the newly installed system there won't be any network interface settings specified in the /etc/network/interfaces. The real problem though is that installer does not include wpasupplicant package into the default set of packages (good job devs!). Which means that there won't be no more WLAN network after the base system installation is complete and you can't continue the installation process. There are several possible solutions to this problem:
  1. Use LAN to install the sytem
  2. Use an open Wi-Fi access point.
  3. Download wpasupplicant package before you start the installer and when you finish with the base system installation mount a USB stick with the package and install it with 'sudo dpkg -i wpasupplicant.deb'. You can download the package from here depending on the architecture
  4. During installation select "Manual Packages Select" and select wpasupplicant
If you're installing over an already installed system then you may consider to backup the following beside your home directory:
/etc/pm/*
/etc/default/*
/etc/rsyslog.d/*
/etc/systemd/*
/etc/udev/rules.d/*
/etc/fstab
/etc/modprobe.d/blacklist.conf
/etc/network/interfaces
/etc/sysctl.conf
/etc/sysctl.d/*
/etc/hosts
/var/spool/cron/crontabs/*
Note that this list is not complete and you should check what else you need to backup on your system!

 

Base system installation


When you're booted into the installer simply select "Install" option and continue.

Installation process is easy and straightforward. Use 'noatime' and 'nodiratime' mount options as I described before. You should skip the 'discard' mount option this time and let the default weekly fstrim cron job care about SSD blocks trimming. As it is stated on the fstim man page - "Running fstrim frequently, or even using mount -o discard, might negatively affect the lifetime of poor-quality SSD devices".

Select 'No automatic updates' during installation if you do updates manually.

When asked to select software to install keep the "standard system utilities" selected and continue. If you're curious what dependencies the "standard system utilities" task has then read here

When installation is finished remove the USB stick with the installer and reboot the computer. There's a small bug caused by the installer - despite the fact that no DE task was selected during the installation the system will boot itself into the terminal tty7. You will see 'root: clean, x/x files, x/x blocks' on tty7 after the boot. Simply switch to the terminal tty1 (Ctrl-Alt-F1) and login to continue the installation process.

Installed base system consists of 355 packages.

 

Desktop installation


First step to continue the installation is to activate a network adapter as the installer leaves the /etc/network/interfaces empty. They could comment out the adapter settings they put into that file during installation so that it doesn't interfere with the Network Manager but no they simply leave it empty (good job devs)!

Keep the loopback network interface definition in the /etc/network/interfaces  and add the following depending on the network interface you are using:
# if ethernet iface is used
auto eth0
allow-hotplug eth0
iface eth0 inet dhcp

# connects to open wi-fi access point
iface wlan0 inet dhcp
wireless-essid Name_of_open_access_poing

#connects to protected wi-fi access point
#wpasupplicant should be installed for this to work
auto wlan0
iface wlan0 inet dhcp
wpa-ssid Name_of_protected_access_point
wpa-psk Password
Check this page for additional details.

Xubuntu has introduced a new meta package called xubuntu-core. This package is available since Xubuntu 14.10. The xubuntu-core metapackage has a few dependencies less compared to the xubuntu-desktop. The following packages aren't installed with the xubuntu-core:
language-selector-gnome
tumbler
update-manager
zenity
If you're using zenity in one of your own scripts then you should really purge it and replace with the yad package. Yad is almost a drop-in zenity replacement but is smaller in size and has no nasty dependencies as zenity.

The first important thing to do before you start is to disable installation of recommended packages which is activated by default:
echo 'APT::Install-Recommends "false";' | sudo tee /etc/apt/apt.conf.d/60recommends

Now you can install the desktop:
# update packages list first
sudo apt-get update
 
# dasktop base
sudo apt-get install \
             xubuntu-core \
             xfce4-terminal \
             xfce4-volumed \
             xfce4-power-manager \
             xfce4-indicator-plugin \
             xfce4-datetime-plugin \
             xfce4-cpugraph-plugin \
             xfce4-netload-plugin \
             xfce4-xkb-plugin \
             xfce4-screenshooter \
             file-roller \
             mousepad \
             thunar-archive-plugin \
             indicator-sound \
             indicator-power \
             indicator-application \
             catfish \
             pavucontrol \
             menulibre \
             libmtp-runtime \
             gvfs-backends \
             gvfs-fuse
 
# gvfs-backends is for the thunar to work with network resources
# gvfs-fuse transparently translate GIO network paths to POSIX paths

# if avahi or other mdns client is used then the lib
# below is needed for it to work. It reolves host names
# to ip addresses
sudo apt-get install libnss-mdns

Note: gvfs-backends will install python2.7 into your system. This happen because gvfs-backends has a dependency to libsmbclient which has a dependency to samba-libs which they failed (good job devs!) to port to python3. In fact it's even worse – the functionality that is based on python is not required by gvfs-backends but still this nasty dependency to the old python version exists! You should decide if you need functionality provided by the gvfs-backends package if you don't like dependency to the python2.7

Additionally install the network manager:
# network manager
sudo apt-get install network-manager-gnome \
                     network-manager-openvpn-gnome \
                     mobile-broadband-provider-info \
                     usb-modeswitch \
                     modemmanager \
                     comgt
 
# nm needs gnome-keyring. Without it nm won't remember wifi passwords
sudo apt-get install gnome-keyring  

If no VPN and HSDPA USB modem support is needed then installing network-manager-gnome alone would be sufficient.

Now you can reboot into the newly installed system! Don't forget though to delete or comment out everything you put into the /etc/network/interfaces because Network Manager will ignore interfaces specified there!

Installed system has 779 packages compared to the fully installed system which has 1445 packages.

 

After installation tuning


There are a few things that could be done after installation.

1. You may purge these packages:

  mlocate
  ureadahead
  populatiry-contest
  fonts-noto-hinted
Check what these packages are for and decide yourself if you need them or not.

The fonts-noto-hinted is the new default system font which supposed to provide all possible unicode symbols for all possible languages (noto - 'no tofu'. Tofu (豆腐) is japanese jargon for unicode replacement character "�" (U+FFFD) often displayed as replacement for unassigned or unknown characters). You may check what languages are included by executing 'apt-cache show fonts-noto-hinted'. But if you don't speak all those funky Yeti languages then you may purge this font completely because the package is really fat and it floods the font selection combo boxes with 100500 noto fonts variants entries. Instead use the default system font used previously - 'DejaVu Sans'. The best result to my taste is to activate font anti-aliasing in the Appearance dialog, select Slight hinting and select RGB subpixel order:
[Image]
The other font I install additionally and use in the terminal is Inconsolata - the mono space font that doesn't suck. This is the free alternative to the Microsoft Consolas mono space sans font. The font is in the fonts-inconsolata package. Alternatively one can use the DejaVu Sans Mono in the terminal.

If you try to remove the fonts-noto-hinted package the xubuntu-default-settings will be removed too which is perfectly fine (you'll get a nice login screen as a bonus). To keep it one could repackage and install the package back as follow:
  1. apt-get download xubuntu-default-settings
  2. dpkg-deb -x xubuntu-default-settings_16.10.3_all.deb xds/
  3. dpkg-deb -e xubuntu-default-settings_16.10.3_all.deb xds/DEBIAN
  4. edit xds/DEBIAN/control and replace fonts-noto-hinted with the fonts-dejavu-core in the Depends section
  5. dpkg-deb -b xds/ xubuntu-default-settings_16.10.3_new.deb
  6. sudo dpkg -i xubuntu-default-settings_16.10.3_new.deb
     


2. Disable apt periodic updates (check /etc/cron.daily/apt)

echo 'APT::Periodic::Enable "0";' | sudo tee /etc/apt/apt.conf.d/61noperiodicupdates

3. Disable blueman auto-power-on

gsettings set org.blueman.plugins.powermanager auto-power-on false

4.  disable nmi watchdog to reduce power consumption

echo "kernel.nmi_watchdog = 0" | sudo tee /etc/sysctl.d/20-disable_watchdog.conf

5. Disable the following modules

echo 'blacklist uvcvideo' | sudo tee -a /etc/modprobe.d/blacklist.conf 
echo 'blacklist joydev' | sudo tee -a /etc/modprobe.d/blacklist.conf 
echo 'blacklist parport' | sudo tee -a /etc/modprobe.d/blacklist.conf 
echo 'blacklist parport_pc' | sudo tee -a /etc/modprobe.d/blacklist.conf 
echo 'blacklist lp' | sudo tee -a /etc/modprobe.d/blacklist.conf 
echo 'blacklist ppdev' | sudo tee -a /etc/modprobe.d/blacklist.conf 
echo 'blacklist fjes' | sudo tee -a /etc/modprobe.d/blacklist.conf 
sudo update-initramfs -u
These are parallel port drivers (does one still exist today?), funky FUJITSU Extended Socket Network Device driver (fjes), joystick (joydev) and the video camera driver (uvcvideo) which I only activate when I need it.

6. Disable cron filling up syslog

 I have a cron job that is started each minute and every time a cron job is started an entry is added into the syslog filling it up completely with unwanted content. There are two possible solutions to disable cron daemon write into the syslog:
  • systemd executes /lib/systemd/system/cron.service and it loads an environment
    file /etc/default/cron. From that file it uses $EXTRA_OPTS. If your cron daemon supports it you can provide an option to change the logging verbosity there:
    EXTRA_OPTS="-L 0"
  • edit the /etc/rsyslog.d/50-default.conf. There you can specify if you want the cron daemon to write into a separate file or disable it completely like in the diff below:
    -*.*;auth,authpriv.none  -/var/log/syslog
    +*.*;cron,auth,authpriv.none  -/var/log/syslog
    

7. Fix broken power management

After switching to the systemd (since 15.04) Ubuntu left the power management broken and I didn't see any attempts to fix it. Devs were busy placing Unity bar at the bottom I suppose (good job devs!). I have already written an article that outlines the broken parts and suggested workarounds. Ironically that article didn't cause any traction which would mean that nobody cares. Well if nobody cares why the devs should, right?

8. Disable local DNS resolver to avoid dns leaks

If you are using VPN services then you should disable dnsmasq that is started by the Network Manager or otherwise you'll get dns leaks. Here is the page where they explain the reasoning behind the local dns resolver and also explain how to disable it. Still I don't understand how one can introduce dns leaks trying to improve dns latency! I always disable this nonsence regardless if I use VPN or not.

9. Disalbe motd-news service

We don't need any Ubuntu ads be downloaded and leak our hardware details to Ubuntu, do we?
sudo systemctl disable motd-news.service
sudo systemctl disable motd-news.timer

  

Difference to the fully installed system

 

1. The printing subsystem.

I'm not really an expert in this area because I do not have any printer at home but I usually install 'cups-pdf' package additionally to print into pdf's. To configure the printing subsystem one could use the html page available at 'localhost:631'. Alternatively one could install GUI configuration packages:
system-config-printer-gnome
system-config-printer-udev
bluez-cups
indicator-printers

2. Additional GUI configuration packages

gnome-sysem-tools and system-tools-backends packages are for
  •  time and date settings gui
  •  users settings gui (add/remove users)
  •  network settings gui (to set the host name, edit hosts)
lightdm-gtk-greeter-settings package is to configure greeter look'n'feel
xfpanel-switch is to quickly store/restore xfce panels configurations
gtk-theme-config adds couple of more theme color settings configuraitons.
software-properties-gtk manages software repositories or just
software-properties-common for the add-apt-repository

3. Software center

Former software center is replaced by the gnome-software package. I do not know if it is any good.


This is basically it and welcome to the beatiful Linux world!

P.S. If you're not sure if all this is going to work then you may install into a virtual machine first and check the result

P.P.S Let me know in the comments if something isn't working as described or if you have noticed some typos/errors so that I can update the article. Thank you

3 comments:

funeral20 said...

thx) Very useful post!

gwes said...

Trying to delete noto-fonts-hinted causes havoc: lightdm & co. have an explicit dependency on it. Can you suggest some workaround? I could edit the dependency file (once I found it) but I suspect that as soon as any update occurred either lightdm would get removed or noto would get reinstalled.
thanks!

alex said...

hm, as I see in the command history I simply purged the xubuntu-core meta package and then fonts-noto-hinted package. But I do not have the xubuntu-default-settings package installed either which has the dependency to the noto font package. So one could purge the xubuntu-core meta package and the xubuntu-default-settings one and then reinstall all dependent packages of the xubuntu-default-settings except the noto font package.