Install Debian using grml-debootstrap

  Last modified on Friday 22 August 2014

Grml is a Debian-based Linux distribution optimized for running off USB sticks and taking care of sysadmin duties. One of its cool programs that I have been exploring is grml-debootstrap ... a console application that makes it very easy to set custom options and install Debian.

Here is a step-by-step process using grml-debootstrap to implement the following sample Debian minimal install on the 16GB solid-state drive (SSD) of my Acer C720 Chromebook:

Source: Debian installation with GRUB2 + GPT + LUKS crypto (

0. Prepare USB boot device

Download an installer image (I selected the 32+64bit grml96 combo) and simply dd the image to a spare USB device.

An alternate, more flexible approach (does not take over the entire drive) is transforming a USB stick into a GRUB boot device then adding the grml ISO as a menu entry that can co-exist with multiple Linux distros.

1. Boot, network and partitions

Boot Grml with the toram option grml64-full - advanced options -> copy Grml to RAM. This way we can make use of the USB boot device as storage for any extra packages or scripts we might want to use on the new Debian system.

Use the grml-network command to launch an interactive configuration of network interfaces. A sample entry generated for wifi in /etc/network/interfaces:

iface wlan0 inet dhcp
    wireless-mode auto
    wireless-essid YOUR_SSID
    wpa-ssid YOUR_SSID
    wpa-psk YOUR_PASSWORD

A sample GUID Partition Table (GPT) layout:

Create the above using parted (note: any changes are executed instantly):

parted -a optimal /dev/sda
mklabel gpt
unit mib
mkpart primary 1 3
name 1 grub
set 1 bios_grub on
mkpart primary 3 203
name 2 boot
mkpart primary 203 1203
name 3 swap
mkpart primary 1203 -1
name 4 root

To verify that a partition is properly aligned query it using blockdev ('0' return = aligned):

blockdev --getalignoff /dev/sdaX

Sources: Grml boot cheatcodes (, the BIOS Boot Partition (, and partitioning disks using parted (

2. Cryptsetup

Configure the newly-created root partition for encrypted storage and create filesystems for boot and crypt-root:

cryptsetup luksFormat -c aes-xts-plain64 -s 256 /dev/sda4
cryptsetup luksOpen /dev/sda4 crypt_root
mkfs.ext4 /dev/sda2
mkfs.ext4 /dev/mapper/crypt_root

3. Install Debian

Any extra packages to be installed can be added to the list in /etc/debootstrap/packages and scripts to customize the setup can be placed in /etc/debootstrap/chroot-scripts/.

Tip: If configuring a device that only has a wireless interface (Chromebook) add the wireless-tools and wpasupplicant packages to the install list.

GRML auto-detects the crypt_root, updating fstab and creating a mountpoint for the device in /media. Mount the newly-created partitions and install a minimal Debian setup:

mount /media/crypt_root
mkdir /media/crypt_root/boot
mount -t ext4 /dev/sda2 /media/crypt_root/boot
# optional: with 'toram' usb stick can be mounted to /media... check /etc/fstab for auto-generated entries
grml-debootstrap --target /media/crypt_root --password "PASSWORD" --hostname HOSTNAME

If grml-debootstrap is run with no options a limited interactive menu is provided ... otherwise the necessary Debian packages are downloaded and system setup runs unattended to completion.

Source: grml-debootstrap HOWTO (

4. Adjust crypttab, fstab, initramfs

Next step is to enter chroot and perform post-install configuration:

grml-chroot /media/crypt_root /bin/bash
grub-install /dev/sda
# For SSD add the 'discard' option
echo "crypt_root /dev/sda4 none luks,discard" >> /etc/crypttab
echo "crypt_swap /dev/sda3 /dev/urandom cipher=aes-xts-plain64,size=256,discard,swap" >> /etc/crypttab
echo "/dev/mapper/crypt_root / ext4 noatime,discard,errors=remount-ro 0 1" > /etc/fstab
echo "/dev/sda2 /boot ext4 noatime,discard 0 2" >> /etc/fstab
echo "/dev/mapper/crypt_swap none swap sw,discard 0 0" >> /etc/fstab
update-initramfs -u -k all

Source: TRIM configuration on solid-state drives (

5. Sid, swappiness, locales, and timezone

It is possible to use grml-debootstrap to directly install a Debian sid/unstable setup. But I have experienced greater success by first installing a minimal stable system before doing a dist-upgrade to track the unstable rolling release.

Optional: Continue inside chroot and upgrade to unstable by modifying /etc/apt/sources.list:

### unstable ###
deb unstable main contrib non-free
deb-src unstable main contrib non-free

Run apt-get update && apt-get dist-upgrade

The swappiness parameter controls the preference of the kernel to move processes out of physical memory to the swap partition. Range is 0-100, default is set to 60 and lower values cause the kernel to avoid swapping and higher values prompt more frequent swap use.

To reduce writes on the SSD set a low value of '1':

# check current swappiness value
cat /proc/sys/vm/swappiness
# temporarily change value
/sbin/sysctl vm.swappiness=1
# permanently change value... modify 'vm.swappiness' value in /etc/sysctl.conf...

Configure the system environment for your local language and timezone using dpkg-reconfigure locales and dpkg-reconfigure tzdata.

6. Reboot

Exit the chroot, unmount partitions, and reboot into Debian:

umount /media/crypt_root/boot
umount /media/crypt_root
cryptsetup luksClose /dev/mapper/crypt_root

Happy hacking!

More • debianlinuxchromebook