Debian Stretch has been out for a while, and is running stable, as it should. However, the kernel version is getting a bit long in the tooth:
4.9.0-4-amd64 #1 SMP Debian 4.9.65-3 (2017-12-03) x86_64 GNU/Linux
There is quite a bit of new stuff coming down the pipe in more recent versions of the kernel. I used to manually build kernels and install them. Well, I need to still do that for bleeding edge development requirements.
However, since I manage a network of machines, I want something more current, stable, and easy to maintain. Debian Stretch Backports seems to fit the bill. As a preseed configuration with a few other goodies thrown in for good measure:
# backport selection
d-i apt-setup/services-select multiselect backports
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
# preseed/late_command
d-i preseed/late_command string \
apt-install linux-image-4.14.0-0.bpo.3-amd64; \
apt-install iucode-tool; \
in-target /usr/bin/apt-get install -y -t stretch-backports iproute2; \
in-target /usr/bin/apt-get install -y -t stretch-backports firmware-linux-free; \
in-target /usr/bin/apt-get install -y -t stretch-backports firmware-linux; \
in-target /usr/bin/apt-get install -y -t stretch-backports intel-microcode
The first section adds the backport repository to the mix, which results in:
# cat /etc/apt/sources.list
# deb http://ftp.us.debian.org/debian/ stretch main
deb http://ftp.us.debian.org/debian/ stretch main non-free contrib
# deb-src http://ftp.us.debian.org/debian/ stretch main non-free contrib
# stretch-backports, previously on backports.debian.org
deb http://ftp.us.debian.org/debian/ stretch-backports main contrib non-free
# deb-src http://ftp.us.debian.org/debian/ stretch-backports main contrib non-free
The microcode files are non-free, as are some of the firmware files, hence the non-free flag. The iucode-tool package is part of contrib, hence the contrib flag.
The preseed/late_command entry can have multiple commands, with each command terminated with a ';'. apt-install is used to install the kernel, as an 'in-target' flavour will not have enough memory. As I do considerable amount of networking, iproute2 is installed in the same cycle to get it's tools in place. The 'partman' portion of my install sets /boot as ro, so the these packages need to be installed prior to reboot.
Backports repository has priority of 100. Since the kernel name is unique, the installer knows to use the backports respository. iucode-tool does not have a backports version, so is pulled from the stable repository. The other ones have versions in both stable and backports. They therefore need the override in order to have the backports version installed.
On reboot, with 'uname -a', I have:
4.14.0-0.bpo.3-amd64 #1 SMP Debian 4.14.13-1~bpo9+1 (2018-01-14) x86_64 GNU/Linux
Some references:
After some more reading, here is iteration two of the preseed:
# backport selection
d-i apt-setup/services-select multiselect backports
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
# preseed/late_command
d-i preseed/late_command string \
in-target /usr/bin/apt-get upgrade -y -t stretch-backports; \
apt-install linux-image-4.14.0-0.bpo.3-amd64; \
apt-install iucode-tool; \
in-target /usr/bin/apt-get install -y -t stretch-backports firmware-linux-free; \
in-target /usr/bin/apt-get install -y -t stretch-backports firmware-linux; \
in-target /usr/bin/apt-get install -y -t stretch-backports intel-microcode; \
in-target /usr/bin/apt-get upgrade -y -t stretch-backports
This does an upgrade prior to installation of anything. Which upgrades iproute2. There is a final upgrade as the kernel installation adds some additional packages, which also need an upgrade.
But a caveat does exist from backports.debian.org:
It is therefore recommended to only select single backported packages that fit your needs, and not use all available backports.
... so running the 'upgrade' command may not be the sensible thing to do.