User:ToxygeneB/Installing base system

From ArchWiki
Jump to: navigation, search

These are the steps I follow to install Arch Linux on my systems. At present this just covers the most common setup which utilises UEFI, GPT, and LUKS and GRUB for disc encryption including boot partition, using LVM and Btrfs on x86-64.

Installation is usually on either single drive systems (SSD or HDD as sda), or dual drive systems (SSD as sda, HDD as sdb).

I use an Anker USB 3.0 to Gigabit Ethernet Adapter which utilises the Realtek RTL8153, supported by the default kernel module (avoids wireless chipset woes) for all my base installs.

Installation media

  • Download ISO image.
  • Write to USB stick.
# dd bs=4M if=/home/toxygeneb/Installers/archlinux.iso of=/dev/sdc status=progress && sync
  • Reboot from USB.

Establish environment

# loadkeys uk
# setfont Lat2-Terminus16
# ping -c3 www.google.co.uk
  • Synchronise clock.
# timedatectl set-ntp true
# hwclock --systohc

Partition drives

Partition Type Size Label
sda1 ef00 EFI System 256MB ESP
sda2 8300 Linux filesystem 512MB Boot
sda3 8e00 Linux LVM +100% System
sdb1 ¹ 8e00 Linux LVM 100% Store

¹ Only applicable on dual drive systems eg. SSD and HDD.

Drive encryption

# modprobe dm-crypt
  • Generate keyfile for automatic unlocking.
# dd if=/dev/urandom of=/crypto_keyfile.bin bs=1024 count=20
# chmod 400 /crypto_keyfile.bin
Warning: Backup keyfile and keep it safe!
  • LUKS format /dev/sda2 for boot partition.
# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 -y luksFormat /dev/sda2
# cryptsetup luksAddKey /dev/sda2 /crypto_keyfile.bin
  • LUKS format /dev/sda3 for Arch Linux system and, if necessary, /dev/sdb1 for storage.
# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --key-file /crypto_keyfile.bin keyfile luksFormat /dev/sda3
# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --key-file /crypto_keyfile.bin keyfile luksFormat /dev/sdb1
  • Open LUKS containers.
# cryptsetup luksOpen /dev/sda2 cryptboot 
# cryptsetup --key-file /crypto_keyfile.bin luksOpen /dev/sda3 arch

And only if created:

# cryptsetup --key-file /crypto_keyfile.bin luksOpen /dev/sdb1 store

Setup LVM

Single drive systems

For a 500GB drive, which actually holds 465GB, I am for 400GB for user storage. Adjust accordingly.

  • Create physical volume.
# lvm pvcreate /dev/mapper/arch
  • Create volume group.
# lvm vgcreate arch /dev/mapper/arch
  • Create logical volumes.
# lvm lvcreate -L 8GB -n swap arch
# lvm lvcreate -L 20GB -n tmp arch
# lvm lvcreate -L 37GB -n root arch
# lvm lvcreate -L 100%FREE -n home arch

Dual drive systems

For a 120GB SSD for the system and HDD for user storage. Adjust accordingly.

  • Create physical volumes.
# lvm pvcreate /dev/mapper/arch
# lvm pvcreate /dev/mapper/store
  • Create volume groups.
# lvm vgcreate arch /dev/mapper/arch
# lvm vgcreate store /dev/mapper/store
  • Create logical volumes.
# lvm lvcreate -L 8GB -n swap arch
# lvm lvcreate -L 20GB -n tmp arch
# lvm lvcreate -l 100%FREE -n root arch
# lvm lvcreate -l 100%FREE -n home store

Create and mount filesystems

# mkfs.vfat -n EFI /dev/sda1
# mkfs.ext2 -L boot /dev/mapper/cryptboot
# mkfs.btrfs -L tmp /dev/arch/tmp
# mkfs.btrfs -L root /dev/arch/root
# mkswap -L swap /dev/arch/swap

For single drive systems only:

# mkfs.btrfs -L home /dev/arch/home

For dual drive systems only:

# mkfs.btrfs -L home /dev/store/home
# mount /dev/arch/root /mnt
# mkdir -p /mnt/{boot,tmp,home}
# mount /dev/mapper/cryptboot /mnt/boot
# mount /dev/arch/tmp /mnt/tmp
# mkdir /mnt/boot/efi
# mount /dev/sda1 /mnt/boot/efi
# swapon /dev/arch/swap

For single drive systems only:

# mount /dev/arch/home /mnt/home

For dual drive systems only:

# mount /dev/store/home /mnt/home

Install Arch Linux

  • Copy nearest mirror to top of list.
/etc/pacman.d/mirrorlist
Server = http://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch
  • Use pacstrap to install packages.
# pacstrap /mnt base base-devel btrfs-progs
  • Generate fstab using UUIDs.
# genfstab -U /mnt > /mnt/etc/fstab
  • Copy encryption keyfile.
# cp /crypto_keyfile.bin /mnt/
# cp /crypto_keyfile.bin /mnt/boot

Configure the new installation

# arch-chroot /mnt
# ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime
# hwclock --systohc
# timedatectl set-ntp true
/etc/locale.gen
en_GB.UTF-8
# locale-gen
/etc/locale.conf
LANG=en_GB-UTF-8
  • Configure virtual consoles.
/etc/vconsole.conf
KEYMAP=uk
FONT=Lat2-Terminus16
# echo caprica > /etc/hostname
/etc/hosts
127.0.0.1       localhost.local         localhost
::1             localhost.local         localhost
127.0.0.1       caprica.local           caprica
::1             caprica.local           caprica

Select mirror:

/etc/pacman.d/mirrorlist
Server = http://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch

Pacman options:

/etc/pacman.conf
# Misc options

Color
CheckSpace
VerbosePkgLists

# Repositories

[testing]
Include = /etc/pacman.d/mirrorlist

[core]
Include = /etc/pacman.d/mirrorlist

[extra]
Include = /etc/pacman.d/mirrorlist

[community-testing]
Include = /etc/pacman.d/mirrorlist

[community]
Include = /etc/pacman.d/mirrorlist

[multilib-testing]
Include = /etc/pacman.d/mirrorlist

[multilib]
Include = /etc/pacman.d/mirrorlist

[archlinuxfr]
SigLevel = Never
Server = https://repo.archlinux.fr/$arch
/etc/mkinitcpio.conf
MODULES=(i915 vfat)
BINARIES=(/usr/bin/btrfs)
FILES=(/crypto_keyfile.bin)
HOOKS=(base consolefont udev autodetect modconf block keymap encrypt lvm2 filesystems keyboard fsck)
# mkinitcpio -p linux

GRUB Bootloader

  • Install and configure GRUB and dependencies
# pacman -S grub dosfstools mtools efibootmgr
/etc/gdefault/grub
GRUB_TIMEOUT=2
# UUID for /dev/sda3
GRUB_CMDLINE_LINUX="acpi_backlight=vendor cryptdevice=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx:arch"
GRUB_ENABLE_CRYPTODISK=y
# grub-mkconfig -o /boot/grub/grub.cfg
# grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --recheck

Partition mounting

  • Add compress=lzo to mount options on Btrfs filesystems in /etc/fstab.
/etc/crypttab
# UUID for /dev/sda2
cryptboot      UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx    /crypto_keyfile.bin     luks
# Dual drive systems only: UUID for /dev/sdb1
store          UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx    /crypto_keyfile.bin     luks

Chroot completion

  • Set root password.
# passwd
  • Leave chroot.
# exit

Tidy up and reboot

# btrfs filesystem defragment -r -v -clzo /mnt
  • Unmount partitions.
# umount -R /mnt
  • Reboot. Remember to remove install USB stick.
# reboot

Additional References