This document aims to provide an easy and relatively painless set of instructions on how to configure Debian GNU/Hurd with a minimum amount of effort.
It is based in Neal H. Walfield's The Hurd Installation Guide
.
Many thanks to Neal for his contribution.
GNU is similar in nature to any Unix-like system: after logging in, the user is
presented with a shell and the familiar Unix VFS (virtual filesystem). Although
GNU tries to be POSIX compliant, it is Not Unix
. GNU/Hurd builds upon many of
the Unix concepts and extends them to either add new functionality or to fix
what has been perceived as flaws in the original design. The most noticeable
difference is translators, user space programs which interact with the VFS.
These filesystems do not live in the kernel nor do they need to be run
as root; they only need access to the backing store and the
mount point. Another difference is that processes, rather than having a single
user identity fixed at creation time, have identity tokens which are disjoint
from the process, i.e. they may be added with the appropriate permission from
an authority or destroyed.
Being familiar with the Unix environment (and especially GNU userland, found in popular variants such as GNU/Linux) is an imperative for feeling at ease in GNU. Having experience with the Debian tools will also prove invaluable to the configuration and maintenance of a GNU/Hurd box.
This guide endeavors to make installing GNU/Hurd as painless a process as possible. If there are errors, they are most certainly the author's. Please report them, along with any other suggestions or criticisms, to him; all are gladly accepted.
#
#If you do not have an available partition or an extra hard drive, this can be
#the longest step. In this case, you will need to repartition the hard drive.
#One solution is to use GNU's partition editor,
#Parted. It features not only
#basic partition editing but also partition resizing and moving functionality.
#The manual is quite complete and includes several tutorials. Note that also
#there is a 63 GNU HURD or SysV partition type, it should not be
#used or else the installation CD will not find it. Just use 83
#Linux
#
#The Hurd supports several extensions to the ext2fs filesystem format. Foremost
#among these are passive translators and a fourth set of permission bits for
#unknown users (users without an identity, not the other user). To use these
#extensions, the owner of the partition must be set to hurd.
#mke2fs, unless specifically overridden on the command line, will
#set the owner to whatever kernel it is running on. As the Hurd will diligently
#respect this setting, care must be taken to set this appropriately or the Hurd
#will fail in subtle ways. Be aware that even if a file system is owned by a
#particular kernel, others may still use it; they just may not be able to use
#certain extensions.
#
#To create a filesystem, use mke2fs and pass it -b 4096
#-I 128 -o hurd
to designate the Hurd as the owner of the new file
#system. For instance, assuming the partition is /dev/hda1
:
#
# \# mke2fs -b 4096 -I 128 -o hurd /dev/hda1 # |
#The bootloader of the GNU system is Grub, the GRand Unified Boot loader, #and it is its main purpose to boot the GNU system core (Mach and the Hurd). #Any boot loader that supports the multiboot standard, though, may be used to #load Mach and the Hurd. At the moment (that we're aware of), GNU Grub is the #only bootloader that supports such standard. #
# ##A word about Grub. Unlike traditional boot loaders on the x86, such as LILO, #Grub is very powerful. It has a command line interface, bootp, dummy terminal #support and a plethora of other features. In addition, it can boot almost any #kernel. If you have ever booted an alpha or sparc, you will understand what #Grub can do. Therefore, do not be scared: Grub is better. You will like it. #You will not go back. #
# ##It is probably better if you install #Grub before installing the #Hurd, but you can always install it onto your hard drive at a later date. #
# # #
#The next step is to get a base system. There are several alternatives, if you
#are running a Debian system you can use the package crosshurd. Otherwise you
#can get an updated base system tarball from any of the mirrors listed at
#
#The tarball is set up to extract everything into the current directory.
#After the filesystem is mounted, the archive can be extracted.
#Assuming that the filesystem is on /dev/hda2
, the mount point
#is /gnu
and archive is in current user's home directory, the
#following is required:
#
# \# mount -t ext2 /dev/hda2 /gnu # \# cd /gnu # \# tar --same-owner -xvjpf ~/gnu.tar.bz2 # |
#All is now in readiness to boot GNU/Hurd for the first time. Note that depending #on your version of GRUB, small details with vary. Please make sure whether you #have GRUB1 (aka legacy aka 0.95 and later up to 0.97), or GRUB2 (aka 1.95 and #later). Examples below will provide both versions, make sure to pick the right #one. #
# ##Please also note that some problems have been reported when booting with only #128MB memory, because of swap not being setup yet at this stage. Make sure to #provide at least 256MB memory. #
# #
#If your system already has GRUB installed, just reboot it. Else, you need to use
#a Grub boot disk. On Debian, the grub-disk (grub1) or grub-rescue-pc (grub2)
#packages provides CD and Floppy disk images. Make sure that the Grub boot disk
#is in the drive, reboot. If all goes well, either a Grub menu or command line
#will be displayed. If the menu has a GNU/Hurd
entry, you will
#probably be able to just reuse it to save a lot of typing burden. For now, if
#presented with a menu, press c to go to the command line.
#
#First, GNU Mach needs to be loaded. This requires knowing the filesystem
#and the path to GNU Mach. Grub uses a partition nomenclature that is a bit
#different from both Linux and the Hurd: both IDE and SCSI drives are named
#(hdN,M)
. N is the drive number (zero based) as
#enumerated by the BIOS. That is, Grub makes no distinction between IDE and SCSI
#disks. M identifies the partition on the drive. It is zero based
#in grub1 but one based in grub2. If this sounds confusing, relax: Grub is also
#helpful.
#
#To determine on which filesystem a particular file resides, Grub provides the
#find command. When this command is issued along with a filename,
#Grub searches on each filesystem for the specified file and prints where it was
#found. For example, to search for the kernel, /boot/gnumach.gz
:
#
# grub1> find /boot/gnumach.gz # (hd0,0) # | |
# grub2> search -f /boot/gnumach.gz # (hd0,1) # |
#Here, Grub1 indicates that /boot/gnumach.gz
is on
#(hd0,0)
and Grub2, on (hd0,1)
(remember the difference
#in partition numbering between Grub1 and Grub2). To save you a couple of
#typing, set Grub's root to that value:
#
# grub1> root (hd0,0) # | |
# grub2> set root=(hd0,1) # |
#Before loading the kernel, at least one option, the root partition, must be #specified on the command line. This will be used by the Hurd itself (i.e. not #Grub). As such, it must be in terms that the Hurd can understand. #
# #
#GNU Mach enumerates disks starting at zero. IDE drives are prefixed with
#hd, while SCSI disks are prefixed with sd. Like
#Linux, drives are number by their position on the controller. For instance, the
#primary master is hd0 and the secondary slave is hd3.
#Partitions use the BSD slice naming convention and append sM to the
#drive name to indicate a given partition. Note that M is a one, not
#zero, based index. The slice number is simple to calculate: if you have Grub2,
#just reuse the same index, if you have Grub1, just increment what was used for
#Grub1 by one.
#
#Since the Hurd has not yet been configured, it must be started in single user
#mode. Adding a -s
to the kernel command line is all that is
#required.
#
#To sum it up, assuming that the first drive (i.e. (hd0)
) is the
#master on the master controller, we would have:
#
# grub1> kernel /boot/gnumach.gz root=device:hd0s1 -s # [Multiboot-elf, ...] # | |
# grub2> multiboot /boot/gnumach.gz root=device:hd0s1 -s # |
#Next, the root filesystem server and the exec server must be
#loaded. This is done using Grub's boot module capability. The ${var} are
#filled in by GNU Mach. The arguments are used by the Hurd to indicate what
#type of information is being provided. Since the ext2fs command line is very
#long, it can be broken up by escaping the newline character in the normal Unix
#fashion. Be sure that there is not space after the antislash at the end of each
#line. Also be sure to differentiate { and } from
#( and ). Mind the subttle differences between Grub1 and
#Grub2: Grub2 needs that the filename be repeated and quotes need
#to be used. Note that at this stage the --readonly option of
#ext2fs.static must not be passed.
#
# grub1> module /hurd/ext2fs.static \
# --multiboot-command-line=${kernel-command-line} \
# --host-priv-port=${host-port} \
# --device-master-port=${device-port} \
# --exec-server-task=${exec-task} -T typed ${root} \
# $(task-create) $(task-resume)
# [Multiboot-module 0x1c4000, 0x2cfe6a bytes]
# grub1> module /lib/ld.so.1 /hurd/exec $(exec-task=task-create)
# [Multiboot-module 0x494000, 0x27afe bytes]
# | |
# grub2> module /hurd/ext2fs.static ext2fs \
# --multiboot-command-line='${kernel-command-line}' \
# --host-priv-port='${host-port}' \
# --device-master-port='${device-port}' \
# --exec-server-task='${exec-task}' -T typed '${root}' \
# '$(task-create)' '$(task-resume)'
# grub2> module /lib/ld.so.1 exec /hurd/exec '$(exec-task=task-create)'
# |
#Alternatively, you can throw these lines into a menu.lst
#(Grub1) or grub.cfg
(Grub2) configuration file in the partition,
#and load it by using configfile /path/to/menu.lst
(Grub1) or
#configfile /path/to/grub.cfg
(Grub2) from the grub prompt. You
#can of course also simply install grub in some MBR and point it to there.
#
#GNU/Hurd can be now booted: #
# ##grub> boot # |
#If GNU/Hurd fails to boot, it could be due to shared IRQs: GNU Mach does not
#play well with these. You can verify your situation by looking at, for
#instance, the /proc/interrupts
file under GNU/Linux. Also, as GNU
#Mach does not support loadable kernel modules, many of the drivers are compiled
#into the default kernel. If there are old peripherals, this can be a problem: a
#device may incorrectly respond to a probe intended for a completely unrelated
#device and thereby cause a crash. Building a new kernel with only the required
#device drivers will usually solve this problem. GNU Mach is easily cross
#compiled. If you are running Debian, install the mig
package,
#and your stock gcc
should do.
#
#If this does not help, ask on the appropriate mailing list. #
# # ##Once you are presented with a shell prompt, and any time that the Hurd is in #single user mode, it is necessary to set the terminal type: #
# ## \# export TERM=mach # |
#Be warned that CONTROL-C and family will not work in single user #mode. #
# #
#We can now run the native-install script. This will configure the
#packages and set up several important translators:
#
# \# ./native-install # |
#Before the script terminates, it will indicate that you can now reboot and enter #multi-user mode. Do so, this is the Hurd, welcome! #
You can simply use the Debian installer, see the prepared CD images. Then the following steps will be needed for proper configuration.
You can also get a pre-installed image and run it in qemu:
$ wget https://cdimage.debian.org/cdimage/ports/stable/hurd-i386/debian-hurd.img.tar.gz $ tar xzf debian-hurd.img.tar.gz $ kvm -m 1G -drive file=$(echo debian-hurd*.img),cache=writeback |
To enable accessing the box through ssh, you can append
-net nic -net user,hostfwd=tcp:127.0.0.1:2222-:22 |
and ssh to your local TCP port 2222.
You can also convert the image to the VDI format for virtualbox:
$ VBoxManage convertfromraw debian-hurd-*.img debian-hurd.vdi --format vdi |
The Debian way is supported starting from sysvinit 2.88dsf-48 and hurd 1:0.5.git20140320-1: /etc/network/interfaces is used like on Linux. The only difference is that network boards appear in /dev, and interfaces should thus be specified as /dev/eth0 etc.
##First, make sure that your network card is recognized by GNU Mach: #
# ## \# devprobe eth0 # eth0 # |
#If devprobe eth0 does not return eth0, the kernel
#didn't detect your network board and you need to try another board. For
#instance, qemu's e1000 board is not supported, the rtl8139 one should work:
#-net nic,model=rtl8139 -net user
#
#Starting from version 20120520-1, the hurd package includes DDE drivers which
#are used to support more recent devices (drivers are taken from Linux
#2.6.32). Translators for that are already set up for you, and all you
#need to do is to replace eth0 (the mach driver name) with
#/dev/eth0 (the DDE driver path) in the remainder of this document.
#
#It is possible to try to use the DDE driver even if GNU Mach has a driver:
#passing nonetdev on the gnumach command line will disable the GNU
#Mach driver, and the DDE driver will start working.
#
If network does not seem to work, use the following to get debugging information from the DDE driver:
\# settrans -fga /dev/netdde /hurd/netdde |
and then kill any devnode and pfinet process to let them restart with the newer
netdde. If it still does not work, please post in a bug report the full output of the netdde settrans
above, as well as the output of lspci and lspci -n .
To configure the network without going through /etc/network/interfaces,
the pfinet translator must be configured.
This can be done by using dhclient from the
isc-dhcp-client package.
This can also be done by hand by using inetutils-ifconfig
from the inetutils-tools package, and ping is
available in the inetutils-ping package.
Last but not least, this can be done (and recorded for good) by hand using the
settrans command to attach a translator to a given
filesystem node. When programs access the node by, for example sending an RPC,
the operating system will transparently start the server to handle the request.
\# settrans -fgap /servers/socket/2 /hurd/pfinet -i /dev/eth0 \ -a a.b.c.d -g e.f.g.h -m i.j.k.l |
Here, settrans is passed several options. The first two,
fg
, force any existing translator to go away. The next two,
ap
, make both active and passive translators. By making the
translator active, we will immediately see any error messages on
stderr
. The latter saves the translator and arguments in the node
so it can be transparently restarted later (i.e. making the setting persistent
across reboots). The options are followed by the node to which the translator
is to be attached, then the program (i.e. translator) to run and any arguments
to give it. The -i
option is the interface pfinet
will listen on, -a
is the IP address, -g
is the
gateway and -m
is the network mask.
Be sure to add name servers to your /etc/resolv.conf
file:
nameserver 192.168.1.1 |
To test the configuration, ping -c2 gateway. The
-c
is important to limit the number of pings; recall,
CONTROL-C does not work in single user mode.
Help on settrans can be obtained by passing it the
--help
option. Help on a specific translator can be gotten by
invoking it from the command line with the same argument, e.g.:
\# /hurd/pfinet --help |
As there can be a lot of output, consider piping this through a pager such as
less.
To also configure IPv6 support, the same configuration has to be recorded on both /servers/socket/2 and /servers/socket/26, referencing each other so that only one is actually started, bound to both nodes:
\# settrans -fgap /servers/socket/2 /hurd/pfinet -6 /servers/socket/26 -i /dev/eth0 \ -a a.b.c.d -g e.f.g.h -m i.j.k.l \# settrans -p /servers/socket/26 /hurd/pfinet -4 /servers/socket/2 -i /dev/eth0 \ -a a.b.c.d -g e.f.g.h -m i.j.k.l |
The pfinet server enables IPv6 autoconfiguration by default. The current status can be obtained from fsysopts /servers/socket/26. Addresses can also be set by hand, by using e.g. -A 2001:123:123::42/64 -G 2001:123:123::1.
The configuration of pfinet can also be changed live (without record on disk) by using fsysopts:
\# fsysopts /servers/socket/2 /hurd/pfinet --interface=/dev/eth0 --address=10.3.0.1 --netmask=255.255.0.0 --gateway=10.3.0.128 \# fsysopts /server/socket/2 -a 10.3.0.2 -m 255.255.0.0 -g 10.3.0.128 |
A firewall can be set up by interposing the eth-filter translator, for instance, this prevents access to port 22:
\# settrans -c /dev/eth0f /hurd/eth-filter -i /dev/eth0 -r "not port 22" |
The filtered device, /dev/eth0f, can then be given to pfinet or dhclient instead of /dev/eth0.
The layout of the keyboard can be configured through the standard
keyboard-configuration package. Make sure that it is installed, and
run dpkg-reconfigure keyboard-configuration. Only the layout is
supported, variants are not (yet). The effect will not
be immediate, as the console needs to be restarted to take the parameter into
account. Rebooting should be fine for instance.
Next, edit /etc/fstab
to add any additional filesystems as well as
swap space. It is very important that swap space be used; the Hurd
will be an order of magnitude more stable. Note that the Hurd can transparently
share a swap partition with Linux but will happily page to any device including
a raw partition such as your home partition. By default, nano and vi are
the only editors installed by the base distribution.
Here is an example /etc/fstab
file:
\# <file system> <mount point> <type> <options> <dump> <pass> /dev/hd0s1 / ext2 rw 0 1 /dev/hd0s2 /home ext2 rw 0 2 /dev/hd0s3 none swap sw 0 0 |
If any /dev device entry is missing, remember to create it using the MAKEDEV command:
\# cd /dev \# ./MAKEDEV hd0s1 hd0s2 hd0s3 |
You can also mount a filesystem by hand by calling settrans:
\# settrans /mnt /hurd/ext2fs /dev/hd0s5 |
The idea behind this command is that you set on the /mnt node the
/hurd/ext2fs /dev/hd0s5 translator. /hurd/ext2fs will
get executed and start read/writing /dev/hd0s5 and show its content
on /mnt. More information can be found in the
Translator documentation.
To mount an nfs filesystem, /hurd/nfs translator is used. When
run as non-root, the translator will connect to the server using a port above
1023. By default, GNU/Linux will reject this. To tell GNU/Linux to accept
connections originating from a non-reserved port, add the
insecure
option to the export line. Here is an example
/etc/exports
file assuming the client's ip address is
192.168.1.2
:
/home 192.168.1.2(rw,insecure) |
To mount this from a GNU box and assuming that nfs server's ip address is
192.168.1.1
:
\# settrans -cga /mount/point /hurd/nfs 192.168.1.1:/home |
Now, what nice things can we do with the Hurd?
Accessing the content of a CD image is a bit tedious with standard Unix systems if you are not root. On GNU/Hurd, it amounts to this:
settrans ~/mnt /hurd/iso9660fs CD_image.iso |
And it is completely safe: the iso9660fs translator is running
under your identity, not root. You can even code your own translator for any
kind of filesystem. Yes, this is like FUSE. Without all the kludge.
The following sets up a transparent ftp directory:
settrans -c /ftp: /hurd/hostmux /hurd/ftpfs / |
Now, cd to e.g. /ftp://ftp.gnu.org/, and run ls there.
Yes, you can from your home simply run tar xf ftp://ftp.gnu.org/pub/gnu/gcc/gcc-4.6.0/gcc-4.6.0.tar.bz2 !
A sub-Hurd is a complete subsystem. Very much like virtualization containers on first sight. Except that you do not need to be root at all to run one.
Yes, you can run gdb on e.g. the ext2fs implementation, the pfinet TCP/IP stack, etc.
Some in-progress work include mboxfs, tarfs, xmlfs, gopherfs, ...
#Finally, reboot into multiuser mode, i.e. in the same way single user mode was
#brought up minus the -s
option when loading the kernel. For
#details, see section 5. Booting GNU/Hurd.
#
#Happy Hacking! #
The following are just install-time quickies, make sure to also read documentation for the installed system: the Debian GNU/Hurd documentation, but also the Upstream website.
#
#Having to always load the kernel by hand can be very tedious. Edit the
#/boot/grub/menu.lst
for Grub1 or
#/boot/grub/grub.cfg
for Grub2 and tailor it appropriately;
#booting will become much quicker and easier.
#
#By default, only a few devices are created in the /dev
directory.
##Use the MAKEDEV script to create any needed device nodes.
#
There are several ways to add packages. Downloading and using
dpkg -i works but is very inconvenient. The easiest method
is to use apt.
If you have used the Debian GNU/Hurd 2023 release, the safest
way is use the snapshot of this release as apt source: edit
/etc/apt/sources.list
, add the following unreleased entry.
deb [check-valid-until=no trusted=yes] https://snapshot.debian.org/archive/debian-ports/20230606T000000Z/ sid main deb [check-valid-until=no trusted=yes] https://snapshot.debian.org/archive/debian-ports/20230606T000000Z/ unreleased main deb-src [check-valid-until=no trusted=yes] https://snapshot.debian.org/archive/debian/20230606T000000Z/ sid main |
Update, install the debian-ports-archive-keyring package, and update again, you now have the
full Debian GNU/Hurd 2023 release available.
If you have used a snapshot later than the 2023 release, you can add these sources to get the most recent packages:
deb http://deb.debian.org/debian-ports unstable main deb-src http://deb.debian.org/debian unstable main deb http://deb.debian.org/debian-ports unreleased main |
Update, install the debian-ports-archive-keyring package, and
update again.
If when doing your first apt, dpkg complains of
missing programs, get root in a login shell (i.e. su -, not just
su).
If GNU Mach does not recognize your network card or you use a modem, the only
way to upgrade will be to download the packages and then transfer them to the
GNU system. The easiest way to do this is to use apt off-line. Refer to
/usr/share/doc/apt-doc/offline.text.gz
for detailed instructions.
Besides the Mach console you encountered during installation, the GNU/Hurd features a powerful user-space console providing virtual terminals. If you have installed in pseudo-graphical mode, it should be started automatically at boot, otherwise you can start it manually with the following command:
\# console -d vga -d pc_mouse --repeat=mouse -d pc_kbd --repeat=kbd -d generic_speaker -c /dev/vcs |
If it is confirmed to be working, it can be enabled at boot from /etc/default/hurd-console: turn ENABLE="false" into ENABLE="true".
Inside the Hurd console, you can switch between virtual terminals via ALT+F1, ALT+F2 and so on. ALT+CTRL+BACKSPACE detachs the Hurd console and brings you back to the Mach console, from where you can reattach again with the above command.
X.Org has been ported and all video cards, which it supports that do not require a kernel module or drm should work.
You need to already be running the Hurd console and have repeaters setup as
indicated in the previous section. For instance, check that echo
$TERM prints hurd, and check that /dev/cons/kbd
and /dev/cons/mouse exist.
You need to run dpkg-reconfigure x11-common xserver-xorg-legacy to allow any user to start Xorg, because the X wrapper does not know about the Hurd and Mach consoles.
You also need to create a /etc/X11/xorg.conf to enable the control-alt-backspace shortcut:
Section "InputDevice" Identifier "Generic Keyboard" Driver "kbd" Option "XkbOptions" "terminate:ctrl_alt_bksp" EndSection |
It may happen that for some reason Xorg chooses a 16/9 resolution but a 4/3 desktop size. Blame Xorg, not the Hurd :) To avoid the issue, append this to /etc/X11/xorg.conf :
Section "Screen"
Identifier "myScreen"
SubSection "Display"
Virtual 1024 768
EndSubSection
EndSection
|
You will need several X packages. xorg,
rxvt and a window manager: twm, icewm, openbox, ...
are a good start. If you want X to get started at boot, you have to install a
display manager. lightdm and gdm do not work yet, but
xdm should just work fine.
Finally, run startx /usr/bin/yourwm
If that doesn't work, as mentioned by the error message, look in /var/log/Xorg.0.log (or post it to the list for people to have a look).
If you are using a Debian release snapshot, you will not have any upgrade available, since the released distribution is frozen at the release date. This means you will not get security updates! You may rather want to enable the unstable distribution as described in section Installing More Packages.
Once you have enabled the unstable distribution, note that since this is unstable, it is affected by library transition hickups, so do not be surprised that it will sometimes not be able to upgrade some packages. Generally, you can use the recommended Debian upgrade procedure: first use
\# apt upgrade --without-new-pkgs |
to upgrade what can be without changing the list of packages, and then use
\# apt full-upgrade |
to upgrade the rest.
Note: if you very seldomly upgrade your system, you may hit upgrade issues. Make sure to first upgrade to the latest release snapshot (Hurd 2023, see section Installing More Packages) before upgrading from the unstable distribution.
To shutdown your system, simply use halt, poweroff or reboot. If that happens to sometimes hang because some daemon is not terminating properly, you can use instead halt-hurd, poweroff-hurd, reboot-hurd, which don't actually shut down daemons, but properly sync data to disk.