User:Rdeckard/Simple Install

From ArchWiki
Jump to: navigation, search

My attempt at the simplest installation possible for a fully encrypted disk. This uses one large partition that encompasses the whole disk except for the needed BIOS boot partition. Modify if you need an EFI setup.

A few points:

  • fstab is not needed. systemd can find the disk automatically.
  • Network configuration is done via netctl.
  • Swap file creation uses systemd-swap.
  • sytemd-firstboot consolidates the time, hostname, and locale setup.

This has been tested to work. You may need additional packages for video drivers, etc.

Preparation

Download the Arch ISO.

If you have GnuPG installed on your current system, verify the download:

$ gpg --keyserver-options auto-key-retrieve --verify archlinux-version-dual.iso.sig

Create a bootable USB drive by doing the following on an existing Linux installation:

# dd bs=4M if=/path/to/archlinux-version-dual.iso of=/dev/sdx status=progress && sync

where /dev/sdx is the USB drive. Now boot from the USB drive.

Pre-installation

Connect to the internet

If you have a wired connection, it should connect automatically.

If you have a wireless connection, first stop the wired connection to prevent conflicts:

# systemctl stop dhcpcd@interface.service

A list of interfaces can be found with:

# ip addr

Then connect to a wifi network with:

# wifi-menu -o

Check your connection with:

# ping archlinux.org

Update system clock

# timedatectl set-ntp true

Partition the disk

# sgdisk -og -n 1:2048:0 -t 1:8300 -n 2 -t 2:ef02 /dev/sda

Create and mount partitions

To create an encrypted system do:

# cryptsetup lukFormat /dev/sda1
# cryptsetup open /dev/sda1 cryptroot
# mkfs.ext4 /dev/mapper/cryptroot
# mount /dev/mapper/cryptroot /mnt

To create a regular (not encrypted) system, do:

# mkfs.ext4 /dev/sda1
# mount /dev/sda1 /mnt

Installation

Install needed packages

# pacstrap /mnt base sudo grub systemd-swap

Configuration

Chroot

# arch-chroot mnt

Locale, timezone, and hostname

Uncomment needed locales in /etc/locale.gen (e.g., en_US.UTF-8).

# sed -i 's/#\(en_US\.UTF-8\)/\1/' /etc/locale.gen
# locale-gen
# systemd-firstboot --prompt

Set root password

# passwd

Add normal user

# useradd -m -G wheel user
# passwd user

Uncomment wheel group in sudoers:

# visudo

Generate keyfile for intramfs

This section is only needed for an encrypted system.

# dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin
# chmod 000 /crypto_keyfile.bin
# chmod 600 /boot/initramfs-linux*
# cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin

Add the file to the FILES array of mkinitcpio.conf. Use the systemd and sd-encrypt hooks as below. You will need to make sure you have any additional needed hooks for your setup.

/etc/mkinitcpio.conf
FILES="/crypto_keyfile.bin"
HOOKS="systemd autodetect modconf block sd-encrypt filesystems"

Regenerate initramfs:

# mkinitcpio -p linux

Configure and install GRUB

If you are using an encrypted system, add the following to the specified file:

/etc/default/grub
GRUB_CMDLINE_LINUX="luks.uuid=UUID luks.key=/crypto_keyfile.bin"
GRUB_ENABLE_CRYPTODISK=y

Where UUID is the UUID of the partition to be encrypted taken from the following:

$ lsblk -f /dev/sda1

Both encrypted and regular systems need to run:

# grub-install /dev/sda
# grub-mkconfig -o /boot/grub/grub.cfg

Swap file

Uncomment the lines beginning with swapf in the swap file section of /etc/systemd-swap.conf.

Now enable the systemd unit:

# systemctl enable systemd-swap

Enable networking

The following uses netctl for networking. Find the interface you want to enable with:

# ip addr

For wired:

# pacman -S ifplugd
# systemctl enable netctl-ifplugd@interface

For wireless:

# pacman -S wpa_actiond dialog
# systemctl enable netctl-auto@interface

Exit chroot and reboot

# exit
# reboot

When you reboot you should be prompted for your LUKS password if you decided to encrypt the system.