Installation Path
Arch Linux installation example
goals:
- uefi installation
- systemd-boot
- cryptsetup & lvm
- bspwm desktop
- german TZ/keyboard
preparing
get ISO and verify integrety
# curl ISO
> curl -O https://mirror.x33u.org/archlinux/iso/latest/archlinux-2022.02.01-x86_64.iso
# compare checksum with sha1 hash from "archlinux.org/download"
> sha256sum archlinux-2022.02.01-x86_64.iso
....
3f3ba996e7d8e0b15d911180682093cd8fe6b805 archlinux-2022.02.01-x86_64.iso
# or pipe hash value
> echo \
a1d6a69ab11b17149194804e1bd848b3c90c1e9bd06eb330cff074b3e9e82fa8 \
archlinux-2022.02.01-x86_64.iso|sha256sum -c
....
archlinux-2022.02.01-x86_64.iso: OK
# get arch linux signature
> curl -O https://mirror.x33u.org/archlinux/iso/latest/archlinux-2022.02.01-x86_64.iso.sig
# locate master signing keys - maybe from Allan McRae
> gpg --locate-keys allan@archlinux.org
# verify signature
> gpg --keyserver-options auto-key-retrieve --verify archlinux-2022.02.01-x86_64.iso.sig
....
gpg: assuming signed data in 'archlinux-2022.02.01-x86_64.iso'
gpg: Signature made Tue 01 Feb 2022 06:09:25 PM CET
gpg: using RSA key 4AA4767BBC9C4B1D18AE28B77F2D434B9741E8AC
gpg: issuer "pierre@archlinux.de"
gpg: Good signature from "Pierre Schmitz <pierre@archlinux.de>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4AA4 767B BC9C 4B1D 18AE 28B7 7F2D 434B 9741 E8AC
# dump image as root to usb device
> dd if=archlinux-2022.02.01-x86_64.iso|pv -s 831M|dd of=/dev/sdX bs=10M
check master signing keys on archlinux.org
partition schema
┌─────────────────────────────────────┐
│ │
1. Create GPT partition │ 512MB EFI Boot Partition │
│ │
2. Set EFI flags ├─────────────────────────────────────┤
│ │
- We don't need SWAP │ Remaining Encrypted Partition │
│ │
└─────────────────────────────────────┘
disk partitioning
disk preparing for /dev/sda
# create gpt table with two partitions
> echo -e "g\nn\n1\n2048\n+512M\nn\n2\n\n\nt\n1\n1\nw" \
| fdisk /dev/sda
# create EFI boot partition
> mkfs.fat -F 32 -n EFIBOOT /dev/sda1
disk encryption
encrypt sda2 partition using cryptsetup
> cryptsetup -c \
aes-xts-plain64 \
-y -s 512 luksFormat \
/dev/sda2
on
HDDi would recommend to fill the whole device with/dev/zeroor useshred- onSSD'sit’s rather perceived security
for more details see:"fd0's" talk on media.cc.de
create LVM
open newly encrypted device and setup lvm and file system
# open device
> cryptsetup luksOpen /dev/sda2 lvm
# create physical volume
> pvcreate /dev/mapper/lvm
# create volume group
> vgcreate main /dev/mapper/lvm
# create 80gb logical volume for "/"
> lvcreate -L 80GB -n root main
# all other space goes to "/home"
> lvcreate -l 100%FREE -n home main
# create EXT4 filesystem for both partitions
> mkfs.ext4 -L root /dev/mapper/main-root
> mkfs.ext4 -L home /dev/mapper/main-home
mount filesystem
# mount "/"
> mount /dev/mapper/main-root /mnt
# create missing directories
> mkdir /mnt/{boot,home}
# mount "/home"
> mount /dev/mapper/main-home /mnt/home
# mount "/boot"
> mount /dev/sda1 /mnt/boot
arch chroot
do the magic
# pacstrap tools to "/mnt"
> pacstrap /mnt \
base \
base-devel \
efibootmgr \
dosfstools \
gptfdisk \
nano \
linux \
linux-firmware \
mkinitcpio \
zsh \
lvm2 \
dhcpcd
# generate fstab
> genfstab -L /mnt >> /mnt/etc/fstab
# change root to "/mnt"
> arch-chroot /mnt
language config
setup language, locale and timezone
# edit /etc/locale.conf
LANG="en_US.UTF-8"
# edit /etc/locale.gen
de_DE.UTF-8 UTF-8
de_DE ISO-8859-1
de_DE@euro ISO-8859-15
en_US.UTF-8 UTF-8
# generate locales
> locale-gen
# link timezone
> ln -sf /usr/share/zoneinfo/Europe/Berlin \
/etc/localtime
system config
set hostname and vconsole
# set hostname
> echo "hostname" >> /etc/hostname
# keyboard mapping
> echo "KEYMAP=de-latin1" >> /etc/vconsole.conf
kernel config
edit /etc/mkinitcpio.conf
# only for INTEL
# set modules "ext4" and intel boot graphics
MODULES=(ext4 i915 intel_agp)
# only for AMD
# set modules "ext4" and amd graphics
MODULES=(ext4 amdgpu)
# set hooks and take care of the order!
HOOKS=(base udev autodetect modconf block keyboard keymap encrypt lvm2 filesystems fsck shutdown)
# create kernel image
> mkinitcpio -p linux
bootloader
systemd boot
# install bootloader
> bootctl install
# edit /boot/loader/entries/arch.conf
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=/dev/sda2:main root=/dev/mapper/main-root rw lang=de init=/usr/lib/systemd/systemd locale=de_DE.UTF-8
# edit /boot/loader/entries/arch-fallback.conf
title Arch Linux Fallback
linux /vmlinuz-linux
initrd /initramfs-linux-fallback.img
options cryptdevice=/dev/sda2:main root=/dev/mapper/main-root rw lang=de init=/usr/lib/systemd/systemd locale=de_DE.UTF-8
# edit /boot/loader/loader.conf
timeout 1
default arch
# update boot config
> bootctl update
last steps
set root password and enable dhcpcd
# set root password
> passwd root
# enable dhcp at boot
> systemctl enable dhcpcd.service
smoke test
exit chroot and do the smoke test
# leave chroot
> exit
# unmount "/boot" and "/home"
> umount /mnt/{boot,home}
# unmount "/"
> umount /mnt
# restart system
> reboot
userland
configure the new system - beginns with user management
# add user
> useradd -m -g users -s /bin/zsh username
# set password for new user
> passwd username
# put new user in wheel group for "sudo"
> usermod -aG wheel username
# enable wheel in suduers file
> EDITOR=nano visudo
# uncomment "%wheel ALL=(ALL) ALL"
x server
desktop environment
# get Xorg driver
> pacman -S \
xorg \
xorg-server \
xorg-xinit \
xorg-xrandr \
xf86-input-elographics \
xf86-input-evdev \
xf86-input-libinput \
xf86-input-vmmouse \
xf86-input-void
# INTEL gpu driver
> pacman -S xf86-video-intel
# AMD gpu driver
> pacman -S xf86-video-amdgpu
desktop env
# install xfce4 and audio management
> pacman -S \
alsa-firmware \
alsa-lib \
bleachbit \
blueman \
bspwm \
dmenu \
feh \
file-roller \
pcmanfm \
picom \
polybar \
pulseaudio \
pulseaudio-bluetooth \
pulsemixer \
rofi \
rxvt-unicode \
sxhkd \
x11-ssh-askpass \
xsecurelock \
xsettingsd \
xss-lock \
xorg-xset
autologin
autologin using systemd
# copy unit
> cp /usr/lib/systemd/system/getty@.service \
/etc/systemd/system/autologin@tty1.service
> edit /etc/systemd/system/autologin@tty1.service
change: "ExecStart=-/sbin/agetty -o '-p -- \\u' --noclear %I $TERM "
to "ExecStart=-/sbin/agetty --noclear -a username %I 38400"
# disable getty
> systemctl disable getty@tty1
# enable autoglogin
> systemctl enable autologin@tty1
wifi tools
# install wifi req
> pacman -S \
dialog \
netctl \
wpa_supplicant
dotfiles
# install git
> pacman -S --needed git
# get dotfiles
> git clone \
https://codeberg.org/x33u/dotfiles
# set owner
> chown -R $USER: dotfiles/
# copy dotfiles to "/home"
> cp -r dotfiles/.[^git]* $HOME/
# remove cloned folder
> rm -rf dotfiles/
arch user repo
AUR using yay
# install dev tools
> pacman -S --needed base-devel
# clone yay repo
> git clone https://aur.archlinux.org/yay.git
# change into dir - build pkg and install it
> cd yay/ && makepkg -si
# remove cloned folder
> cd ../ \
&& rm -rf yay/