Klaus on Tilde Town

Daily-driving Debian Sid (and Devuan too)

A few months ago, I got some revisited interest on some Debian-based distributions that I tried way back, a couple of years after I first started with Linux. They were rolling-release distros that sourced from Debian's unstable Branch "Sid" but had some "training wheels" in place to make it more usable and less prone to breaking: AptoSid (now defunct) and Siduction (which basically branched off AptoSid).

Instead, I ended up doing what until recently was the unthinkable: going with plain Debian Sid (also Devuan Ceres without SystemD) as my main OS, despite all "warnings" that it would be unstable, breaking often or, to some, just plain unusable after enough time. And yet, here I am after months of continuous usage and I can say: Sid is very usable after all.

This post will outline some of the things that I learned in daily-driving Debian unstable and how you too can get started if you have a little more experience in Linux.

Background to the task

Both of the Sid-based distros have a special place in my heart because they gave me what basically was the first taste of the rolling-release model of Arch Linux into the familiar environment of Debian. In my early distrohopping days, it was the bomb. I'd apt-get dist-upgrade'd it every few hours and bam, fresh packages would come to my computer. Eventually, I grew out of it and went to Debian Stable for a few years.

Fast forward to now, if it worked 10 years ago, I thought, why wouldn't it do so again, right? You know the drill. Go to the website, find download media, burn the ISO to USB stick, boot and let the magic happen. Except that, for some esoteric reason, this didn't work this time. Shucks. I roughly remembered that Aptosid's instructions explicitly called for using low "burning" speeds due to compression issues, but couldn't understand why it wouldn't this time.

At that point, though, it didn't matter either: someone in fedi had already suggested the question of "why not plain Sid?" And it was a good question indeed - what so important additions to Sid did such distros add that you wouldn't find in, say, plain Debian or Ubuntu? Touché. Before I could be bothered to look up Siduction's forums, there I was looking for Debian Sid instead. I mean, at that point I already had more than a decade using Linux and if something went wrong I could probably debug it.

And so, before I knew it, there I was, going to download the ISO from the Debian website. But where was it?

Lesson 1: you don't "install" Sid, you update to it.

Turns out you usually don't "install" Debian unstable in the traditional way. There is a common issue in rolling-release distributions concerning installation media: how do you make a snapshot of something that is always changing? Too fresh the snapshop, you might ship broken things. Too old, you might have trouble when you update later.

Arch Linux famously makes a few snapshot ISOs available per year to address this in their own way, and it works well. But Debian? Nope. It makes no mention of Sid ISOs anywhere in their site, at least not on its main downloads pages for reference. So how do we install it?

If you look for it hard enough, you'll eventually find some obscure page where some daily Sid snapshots of the base system are posted, but those are meant mostly for virtual machines and "cloud" instances. And when I say look hard, I mean hard - I had to search a couple of times for debian sid ISO snpshot download or similar to find it out. So, clearly, this shouldn't be the preferred way.

What you should do instead is update to Sid, starting from Debian Stable (though I believe Testing should work too). That's right: start off by installing a minimal Debian Stable distribution (currently called Bookworm) with just enough packages for a base install and console access, then upgrade it to Sid. After the update finishes, reboot and then you can install everything else as per your needs.

In other words, edit your /etc/apt/sources.list file and change this:

deb http://ftp.fr.debian.org/debian/ bookworm main non-free-firmware
deb-src http://ftp.fr.debian.org/debian/ bookworm main non-free-firmware

To point to Sid (or Ceres, if using Devuan):

deb http://ftp.fr.debian.org/debian/ sid main non-free-firmware
deb-src http://ftp.fr.debian.org/debian/ sid main non-free-firmware

One important point: Unstable does not get security fixes the same way as stable, which is "patched" by the security team. Instead, any security patches will be done from upstream, straight from the original developers. This means that this line must be deleted or commented out:

# No security updates for sid
# deb http://security.debian.org/debian-security bookworm-security main non-free-firmware
# deb-src http://security.debian.org/debian-security bookworm-security main non-free-firmware

And also any lines referring to intermediate updates or backports and other things applicable only to stable. Ex:

# bookworm-updates, to get updates before a point release is made;
# see https://www.debian.org/doc/manuals/debian-reference/ch02.en.html#_updates_and_backports
# deb http://ftp.fr.debian.org/debian/ bookworm-updates main non-free-firmware
# deb-src http://ftp.fr.debian.org/debian/ bookworm-updates main non-free-firmware

Then reload APT's cache and update your packages:

# apt update
# apt upgrade

At the end of the process reboot, and congratulations: you're running Debian Unstable!

matrix "whoa" scene

Lesson #2: update safely!

So you're now running Debian unstable, you're cutting edge again! What's the next big step? Install your other packages that you use, of course. But before you go ahead with your autoconfig script or something, there's one thing that, while completely optional, I feel is very important to do on Sid: install apt-listbugs.

What this package contains is an automated installation checker that hooks on to APT and searches the Debian bug trackers for known bugs that may break the software you're about to install or update. It's completely automatic once you install it, adds less than a second more to your update routine and the best part: works for both Debian or Devuan!

Thus, install that package first, and then you're home free to customize and update your system at will. Despite being called "unstable" and so many people saying that it breaks often and not recommended for n00bs, I frankly have not found it any more difficult to use than, say, Arch Linux, or even Debian stable itself. Packages seldom broke here. The package names are the same. It feels the same!

However, during an upgrade eventually you might run into some warnings of "grave bugs" posted in the Debian advisory board, like these:

...
After this operation, 497 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
serious bugs of libasound2 (1.2.9-2 → 1.2.10-1) <Forwarded>
 b1 - #1051901 - libasound2: 1.2.10 breaks ability to play audio using i386 binaries  on amd64 host
Summary:
 libasound2(1 bug)
Are you sure you want to install/upgrade the above packages? [Y/n/?/...]

apt-listbugs has caught a bug and is protecting you from it. This might sound scary, but is a great opportunity to stop and review what are you about to install. Are these "serious bugs" really going to affect my system? Probably not for me, as I don't use i386 packages in my machines, so I'll just take the risk and type y. But the bugs could've been worse, affecting more critical system components like GRUB. If that was the case, I'd halt the updates for a few more days or weeks.

I also have another recommendation, which might be a little more controversial among other Sid users: never full-upgrade.

If you use Debian (any release) for long enough, you'll notice that after a while apt will start showing some packages as "held back," and those won't be updated with a simple upgrade command. To get those updated, you will need to full-upgrade (or dist-upgrade if using apt-get). On Stable, this is usually the case for kernel updates, and issuing full-upgrade is harmless, just requiring a reboot later.

On Sid, however, all sorts of packages can be held back, from drivers to LibreOffice. And though the temptation to just roll out the updates is great, this is where I tell you to practice patience and don't do it. This is because those packages in Sid are marked so as a sort of staging area, for when a release is not too sure that it would be 100% safe to use. Forcing them into the mix anyway would be akin to admitting the "serious bugs" case listed before. And yes, you can wait a little for the shiny thing. You're not on bleeding edge all the time, not even on Arch anyway - yes, even Arch has a testing branch, did you know?

So, TL;DR: install apt-listbugs before you install any other packages, and resist the urge to force upgrades. While you're it, it'd be good to also install apt-listchanges (good to know drastic changes in some of the packages you have) and also ditch apt-get altogether for the recommended plain apt utility - it's much more advanced, anyway.

Lesson #3: daily driving Debian Sid

And so, just like that, you too now are a regular user of the feared Debian Unstable distribution. How does that feel, huh?

Matrix: I know kung fu!

To be honest, my experience with Unstable so far (both Ceres and Sid) has been quite "boring" in terms of news and the user experience quite the same as Stable. Packages are new and fresh, comparable to other rolling releases, but breakage and problems remain rare, truly a stable of Debian. Still, there were a few specific cases where Unstable showed some differences.

The first is that, right off the bat, most third-party maintained repositorires will not work anymore. I'm talking about those repos maintained by volunteers other than the Debian team that you can add manually to your sources.list file. Sadly, it's very likely that they won't work anymore, and that's because the vast majority of them only issues packages built against the Stable release, and nothing more. That's a bummer.

This means a lot of convenient things like GZDoom builds and the command-line Mastodon client tut won't be available anymore for you. You can still work around these sometimes by getting a prebuilt binary (case of tut - even statically linked!) or in last case just building straight from source. Whatever you can build in Stable should still build in unstable too, using the same libraries and all.

The oher important detail is that sometimes updates will still break something - even with apt-listbugs enabled. Wait, seriously? Yup, quite surprising indeed. I have not quite figured out why, but this is my hunch: apt-listbugs will perform checks for bugs when new packages are due to be installed but not for already installed ones! At least this is the only reason I can think of, since the things that broke had been working before (and got fixed a while later, too).

However, don't let this prospect scare you away from the experience of using Sid / Ceres - in my experience so far, this is a very rare occurrence! The only occasions that this happened to me were the following:

So yes, things break - but also they get fixed fast as updates roll in frequently. Isn't that marvellous?

Conclusion: is Sid for the faint of heart?

Sid from Toy Story

It turns out that daily-driving Debian unstable isn't that scary an experience at last. And that's a great thing - after all, who could possibly develop software on, and let alone use, something that breaks all the time? And yes: this is the real value of it - having an up to date software base that you can develop, test, and pass the successful stuff to the next ones in line. We've got the precious expertise of all the people who develop Free Software to thank for that untested stability.

That said, would I recommend Sid / Ceres to a beginner? To a person not familiar with some basic system maintenance? To my grandparents? Not at all - there are many good alternatives for beginners out there that carry significant less risk, one of them being Linux Mint. Those distributions offer a good balance between stability, ease of use and fairly up-to-date software, and that is good enough.

As a whole, I would not recommend it to anyone who isn't comfortable getting to the command-line and doing some work, either to update or to fix things. This does not mean that you should be 1337h4x or live on the terminal, but you should have familiarity with the text environment and be ready to look for more information when things happen. If you have already used another rolling-release distribution, things will be very familiar to you here.

Finally, a note about whether Debian or Devuan: I felt there's very little difference in usability between the two in the end. Both are solid and update with about as much frequency (and break about as often too). Devuan offers OpenRC as one of its (many, many) init systems, which is solid and I had a lot of familiarity with by running Alpine Linux and Artix before that. The only difference I could really feel was, out of all the places, in a trick of the graphical file manager: mounting remote shares via SFTP.

I had always been able to mount remote drives in Debian and its derivatives with PCManFM (my file manager of choice since 2012 or so) straight away by simply specifying sftp://my_ssh_address:/some/mount in the address bar and pressing Enter. This also worked in Artix and some other distros, which led me to assume that this could be a beginners' thing. However, this does not work on Devuan - at all. Don't ask, I've tried zillions of combinations and starting services like udisks2 but it just wouldn't work. No idea why. At least there's the universal method of manually mounting the drive that still works.

So there you have it - running Debian Sid. It isn't so scary, but you'll probably want to prepare yourself with some experience before diving in.

Have you ever ran Debian / Devuan unstable bare metal for a long period of time? How was your experience? Let me know in the Fediverse!

This post is number #44 of my #100DaysToOffload project.

Last updated on 09/26/23