Arch Linux Installation
goals:
- uefi installation
- systemd-boot
- cryptsetup
- xfce autologin
get ISO and verify integrety
## curl ISO
> curl -O https://mirror.x33u.org/archlinux/iso/latest/archlinux-2022.02.01-x86_64.iso
## compare checksum with sha1 hash from "archlinux.org/download"
> sha256sum archlinux-2022.02.01-x86_64.iso
....
3f3ba996e7d8e0b15d911180682093cd8fe6b805 archlinux-2022.02.01-x86_64.iso
## or pipe hash value
> echo \
a1d6a69ab11b17149194804e1bd848b3c90c1e9bd06eb330cff074b3e9e82fa8 \
archlinux-2022.02.01-x86_64.iso|sha256sum -c
....
archlinux-2022.02.01-x86_64.iso: OK
## get arch linux signature
> curl -O https://mirror.x33u.org/archlinux/iso/latest/archlinux-2022.02.01-x86_64.iso.sig
## locate master signing keys - maybe from Allan McRae
> gpg --locate-keys allan@archlinux.org
## verify signature
> gpg --keyserver-options auto-key-retrieve --verify archlinux-2022.02.01-x86_64.iso.sig
....
gpg: assuming signed data in 'archlinux-2022.02.01-x86_64.iso'
gpg: Signature made Tue 01 Feb 2022 06:09:25 PM CET
gpg: using RSA key 4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC
gpg: issuer "pierre@archlinux.de"
gpg: Good signature from "Pierre Schmitz <pierre@archlinux.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4AA4 767B BC9C 4B1D 18AE 28B7 7F2D 434B 9741 E8AC
## dump image as root to usb device
> dd if=archlinux-2022.02.01-x86_64.iso|pv -s 831M|dd of=/dev/sdX bs=10M
check master signing keys on archlinux.org
prepare the filesystem
┌─────────────────────────────────────┐
│ │
> Create GPT partition │ 512MB EFI Boot Partition │
│ │
> Set EFI flags ├─────────────────────────────────────┤
│ │
> We don't need SWAP │ Remaining Encrypted Partition │
│ │
└─────────────────────────────────────┘
disk prepare
## create gpt table with two partitions
> echo -e "g\nn\n1\n2048\n+512M\nn\n2\n\n\nt\n1\n1\nw" | fdisk /dev/sda
## create EFI boot partition
> mkfs.fat -F 32 -n EFIBOOT /dev/sda1
encrypt sda2
using cryptsetup
> cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda2
on
HDD
i would recommend to fill the whole device with/dev/zero
or useshred
- onSSD's
it’s rather perceived security
for more details see:"fd0's" talk on media.cc.de
open newly encrypted device and setup lvm and file system
## open device
> cryptsetup luksOpen /dev/sda2 lvm
## create lvm
> pvcreate /dev/mapper/lvm
> vgcreate main /dev/mapper/lvm
> lvcreate -L 40GB -n root main
> lvcreate -l 100%FREE -n home main
## create filesystem
> mkfs.ext4 -L root /dev/mapper/main-root
> mkfs.ext4 -L home /dev/mapper/main-home
## mount partitions
> mount /dev/mapper/main-root /mnt
> mkdir /mnt/home
> mount /dev/mapper/main-home /mnt/home
> mkdir /mnt/boot
> mount /dev/sda1 /mnt/boot
do the magic
## pacstrap tools to "/mnt"
> pacstrap /mnt \
base \
base-devel \
efibootmgr \
dosfstools \
gptfdisk \
nano \
linux \
linux-firmware \
mkinitcpio \
zsh \
lvm2 \
dhcpcd
## generate fstab
> genfstab -L /mnt >> /mnt/etc/fstab
## change root to "/mnt"
> arch-chroot /mnt
setup language, locale and timezone
## edit /etc/locale.conf
LANG="en_US.UTF-8"
## edit /etc/locale.gen
de_DE.UTF-8 UTF-8
de_DE ISO-8859-1
de_DE@euro ISO-8859-15
en_US.UTF-8 UTF-8
## generate locales
> locale-gen
## link timezone
> ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
set hostname and vconsole
## set hostname
> echo "hostname" >> /etc/hostname
## keyboard mapping
> echo "KEYMAP=de-latin1" >> /etc/vconsole.conf
edit /etc/mkinitcpio.conf
## set modules "ext4" and intel boot graphics
MODULES=(ext4 i915 intel_agp)
## set modules "ext4" and amd graphics
MODULES=(ext4 amdgpu)
## set hooks
HOOKS=(base udev autodetect modconf block keyboard keymap encrypt lvm2 filesystems fsck shutdown)
## create kernel image
> mkinitcpio -p linux
systemd boot
## install bootloader
> bootctl install
## edit /boot/loader/entries/arch.conf
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=/dev/sda2:main root=/dev/mapper/main-root rw lang=de init=/usr/lib/systemd/systemd locale=de_DE.UTF-8
## edit /boot/loader/entries/arch-fallback.conf
title Arch Linux Fallback
linux /vmlinuz-linux
initrd /initramfs-linux-fallback.img
options cryptdevice=/dev/sda2:main root=/dev/mapper/main-root rw lang=de init=/usr/lib/systemd/systemd locale=de_DE.UTF-8
## edit /boot/loader/loader.conf
timeout 1
default arch
## update boot config
> bootctl update
set root password and enable dhcpcd
## set root password
> passwd root
## enable dhcp at boot
> systemctl enable dhcpcd.service
exit chroot
and do the smoke test
## exit chroot
> exit
## unmount /mnt
> umount /mnt/{boot,home}
## restart system
> reboot
configure the new system - beginns with user management
## add user
> useradd -m -g users -s /bin/zsh username
## set password for new user
> passwd username
## put new user in wheel group for "sudo"
> usermod -aG wheel username
## uncomment "%wheel ALL=(ALL) ALL" using "visudo"
## if there is no "vi" installed use "EDITOR=nano visudo"
it’s up to you if you want to use
sudo
desktop environment
## get Xorg driver
> pacman -S xorg xorg-server xorg-xinit
## get intel gpu driver
> pacman -S xf86-video-intel
## get amd gpu driver
> pacman -S xf86-video-amdgpu
## install xfce4 and audio management
> pacman -S xfce4 xfce4-goodies pulseaudio pavucontrol
i prefer the
bubble-dark-blue
GTK theme
for icons i use the oldrevival-icon-theme
autologin using systemd
## copy unit
> cp /usr/lib/systemd/system/getty@.service /etc/systemd/system/autologin@tty1.service
## edit /etc/systemd/system/autologin@tty1.service
## change "ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear %I $TERM "
## to "ExecStart=-/sbin/agetty --noclear -a username %I 38400"
## disable getty
> systemctl disable getty@tty1
## enable autoglogin
> systemctl enable autologin@tty1
## put this to your users ".zshrc" to autostart xfce session
if [ "$(tty)" = "/dev/tty1" ]; then
startxfce4
fi
german keyboard layout on xfce
## edit ".config/xfce4/xfconf/xfce-perchannel-xml/keyboard-layout.xml"
<?xml version="1.0" encoding="UTF-8"?>
<channel name="keyboard-layout" version="1.0">
<property name="Default" type="empty">
<property name="XkbLayout" type="string" value="de"/>
<property name="XkbVariant" type="string" value=""/>
<property name="XkbDisable" type="bool" value="false"/>
</property>
</channel>
AUR
> pacman -S --needed git base-devel
> git clone https://aur.archlinux.org/yay.git
> cd yay && makepkg -si
suggest programs
// file handling
file-roller
zip
unzip
p7zip
gvfs
gvfs-mtp
usbutils
// multiplexing
tmux
screen
// file explorer
mc
ranger
// advanced copy
rsync
pv
// nice highlithing
zsh-syntax-highlighting
// bluetooth audio control
pulseaudio-bluetooth
bluez-utils
// take it or leave it
flatpak
// wifi stuff
netctl
dialog
wpa_supplicant
// text editor
geany
// android debugging
android-tools
// disk management
gparted
bleachbit
// dark qt for flatpaks
adwaita-qt