Arch Linux Installation :: x33u — yet another website

goals:

uefi installation
systemd-boot
cryptsetup
xfce autologin

get ISO and verify integrety

## curl ISO
> curl -O https://mirror.x33u.org/archlinux/iso/latest/archlinux-2022.02.01-x86_64.iso

## compare checksum with sha1 hash from "archlinux.org/download"
> sha256sum archlinux-2022.02.01-x86_64.iso
  ....
  3f3ba996e7d8e0b15d911180682093cd8fe6b805  archlinux-2022.02.01-x86_64.iso

## or pipe hash value
> echo \
  a1d6a69ab11b17149194804e1bd848b3c90c1e9bd06eb330cff074b3e9e82fa8 \
  archlinux-2022.02.01-x86_64.iso|sha256sum -c
  ....
  archlinux-2022.02.01-x86_64.iso: OK

## get arch linux signature
> curl -O https://mirror.x33u.org/archlinux/iso/latest/archlinux-2022.02.01-x86_64.iso.sig

## locate master signing keys - maybe from Allan McRae
> gpg --locate-keys allan@archlinux.org

## verify signature
> gpg --keyserver-options auto-key-retrieve --verify archlinux-2022.02.01-x86_64.iso.sig
  ....
  gpg: assuming signed data in 'archlinux-2022.02.01-x86_64.iso'
  gpg: Signature made Tue 01 Feb 2022 06:09:25 PM CET
  gpg:                using RSA key 4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC
  gpg:                issuer "pierre@archlinux.de"
  gpg: Good signature from "Pierre Schmitz <pierre@archlinux.de>" [unknown]
  gpg: WARNING: This key is not certified with a trusted signature!
  gpg:          There is no indication that the signature belongs to the owner.
  Primary key fingerprint: 4AA4 767B BC9C 4B1D 18AE  28B7 7F2D 434B 9741 E8AC


## dump image as root to usb device
> dd if=archlinux-2022.02.01-x86_64.iso|pv -s 831M|dd of=/dev/sdX bs=10M

check master signing keys on archlinux.org

prepare the filesystem

                         ┌─────────────────────────────────────┐
                         │                                     │
> Create GPT partition   │       512MB EFI Boot Partition      │
                         │                                     │
> Set EFI flags          ├─────────────────────────────────────┤
                         │                                     │
> We don't need SWAP     │    Remaining Encrypted Partition    │
                         │                                     │
                         └─────────────────────────────────────┘

disk prepare

## create gpt table with two partitions
> echo -e "g\nn\n1\n2048\n+512M\nn\n2\n\n\nt\n1\n1\nw" | fdisk /dev/sda

## create EFI boot partition
> mkfs.fat -F 32 -n EFIBOOT /dev/sda1

encrypt sda2 using cryptsetup

> cryptsetup -c aes-xts-plain -y -s 512 luksFormat /dev/sda2

on HDD i would recommend to fill the whole device with /dev/zero or use shred - on SSD's it’s rather perceived security
for more details see: "fd0's" talk on media.cc.de

open newly encrypted device and setup lvm and file system

## open device
> cryptsetup luksOpen /dev/sda2 lvm

## create lvm
> pvcreate /dev/mapper/lvm
> vgcreate main /dev/mapper/lvm
> lvcreate -L 40GB -n root main
> lvcreate -l 100%FREE -n home main

## create filesystem
> mkfs.ext4 -L root /dev/mapper/main-root
> mkfs.ext4 -L home /dev/mapper/main-home

## mount partitions
> mount /dev/mapper/main-root /mnt
> mkdir /mnt/home
> mount /dev/mapper/main-home /mnt/home
> mkdir /mnt/boot
> mount /dev/sda1 /mnt/boot

do the magic

## pacstrap tools to "/mnt"
> pacstrap /mnt \
	base \
	base-devel \
	efibootmgr \
	dosfstools \
	gptfdisk \
	nano \
	linux \
	linux-firmware \
	mkinitcpio \
	zsh \
	lvm2 \
	dhcpcd

## generate fstab
> genfstab -L /mnt >> /mnt/etc/fstab

## change root to "/mnt"
> arch-chroot /mnt

setup language, locale and timezone

## edit /etc/locale.conf
LANG="en_US.UTF-8"

## edit /etc/locale.gen
de_DE.UTF-8 UTF-8
de_DE ISO-8859-1
de_DE@euro ISO-8859-15
en_US.UTF-8 UTF-8

## generate locales
> locale-gen

## link timezone
> ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime

set hostname and vconsole

## set hostname
> echo "hostname" >> /etc/hostname

## keyboard mapping
> echo "KEYMAP=de-latin1" >> /etc/vconsole.conf

edit /etc/mkinitcpio.conf

## set modules "ext4" and intel boot graphics
MODULES=(ext4 i915 intel_agp)

## set modules "ext4" and amd graphics
MODULES=(ext4 amdgpu)

## set hooks
HOOKS=(base udev autodetect modconf block keyboard keymap encrypt lvm2 filesystems fsck shutdown)

## create kernel image
> mkinitcpio -p linux

systemd boot

## install bootloader
> bootctl install

## edit /boot/loader/entries/arch.conf
title    Arch Linux
linux    /vmlinuz-linux
initrd   /initramfs-linux.img
options  cryptdevice=/dev/sda2:main root=/dev/mapper/main-root rw lang=de init=/usr/lib/systemd/systemd locale=de_DE.UTF-8

## edit /boot/loader/entries/arch-fallback.conf
title    Arch Linux Fallback
linux    /vmlinuz-linux
initrd   /initramfs-linux-fallback.img
options  cryptdevice=/dev/sda2:main root=/dev/mapper/main-root rw lang=de init=/usr/lib/systemd/systemd locale=de_DE.UTF-8

## edit /boot/loader/loader.conf
timeout 1
default arch

## update boot config
> bootctl update

set root password and enable dhcpcd

## set root password
> passwd root

## enable dhcp at boot
> systemctl enable dhcpcd.service

exit chroot and do the smoke test

## exit chroot
> exit

## unmount /mnt
> umount /mnt/{boot,home}

## restart system
> reboot

configure the new system - beginns with user management

## add user
> useradd -m -g users -s /bin/zsh username

## set password for new user
> passwd username

## put new user in wheel group for "sudo"
> usermod -aG wheel username

## uncomment "%wheel ALL=(ALL) ALL" using "visudo"
## if there is no "vi" installed use "EDITOR=nano visudo"

it’s up to you if you want to use sudo

desktop environment

## get Xorg driver
> pacman -S xorg xorg-server xorg-xinit

## get intel gpu driver
> pacman -S xf86-video-intel

## get amd gpu driver
> pacman -S xf86-video-amdgpu

## install xfce4 and audio management
> pacman -S xfce4 xfce4-goodies pulseaudio pavucontrol

i prefer the bubble-dark-blue GTK theme
for icons i use the old revival-icon-theme

autologin using systemd

## copy unit
> cp /usr/lib/systemd/system/getty@.service /etc/systemd/system/autologin@tty1.service

## edit /etc/systemd/system/autologin@tty1.service
## change "ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear %I $TERM "
## to  	  "ExecStart=-/sbin/agetty --noclear -a username %I 38400"

## disable getty
> systemctl disable getty@tty1

## enable autoglogin
> systemctl enable autologin@tty1

## put this to your users ".zshrc" to autostart xfce session
if [ "$(tty)" = "/dev/tty1" ]; then
   startxfce4
fi

german keyboard layout on xfce

## edit ".config/xfce4/xfconf/xfce-perchannel-xml/keyboard-layout.xml"
<?xml version="1.0" encoding="UTF-8"?>

<channel name="keyboard-layout" version="1.0">
  <property name="Default" type="empty">
    <property name="XkbLayout" type="string" value="de"/>
    <property name="XkbVariant" type="string" value=""/>
    <property name="XkbDisable" type="bool" value="false"/>
  </property>
</channel>

AUR

> pacman -S --needed git base-devel
> git clone https://aur.archlinux.org/yay.git
> cd yay && makepkg -si

suggest programs

// file handling
file-roller
zip
unzip
p7zip
gvfs
gvfs-mtp
usbutils

// multiplexing
tmux
screen

// file explorer
mc
ranger

// advanced copy
rsync
pv

// nice highlithing
zsh-syntax-highlighting

// bluetooth audio control
pulseaudio-bluetooth
bluez-utils

// take it or leave it
flatpak

// wifi stuff
netctl
dialog
wpa_supplicant

// text editor
geany

// android debugging
android-tools

// disk management
gparted
bleachbit

// dark qt for flatpaks
adwaita-qt

security | server | software | stuff