User:ToxygeneB/Installing base system
These are the steps I follow to install Arch Linux on my systems. At present this just covers the most common setup which utilises UEFI, GPT, and LUKS and GRUB for disc encryption including boot partition, using LVM and Btrfs on x86-64.
Installation is usually on either single drive systems (SSD or HDD as sda), or dual drive systems (SSD as sda, HDD as sdb).
I use an Anker USB 3.0 to Gigabit Ethernet Adapter which utilises the Realtek RTL8153, supported by the default kernel module (avoids wireless chipset woes) for all my base installs.
Installation media
- Download ISO image.
- Write to USB stick.
# dd bs=4M if=/home/toxygeneb/Installers/archlinux.iso of=/dev/sdc status=progress && sync
- Reboot from USB.
Establish environment
- Set keymap and console font.
# loadkeys uk # setfont Lat2-Terminus16
- Check network connection.
# ping -c3 www.google.co.uk
- Synchronise clock.
# timedatectl set-ntp true # hwclock --systohc
Partition drives
- Using
cgdisk
create partitions.
Partition | Type | Size | Label |
---|---|---|---|
sda1 | ef00 EFI System | 256MB | ESP |
sda2 | 8300 Linux filesystem | 512MB | Boot |
sda3 | 8e00 Linux LVM | +100% | System |
sdb1 ¹ | 8e00 Linux LVM | 100% | Store |
¹ Only applicable on dual drive systems eg. SSD and HDD.
Drive encryption
- Load kernel module.
# modprobe dm-crypt
- Generate keyfile for automatic unlocking.
# dd if=/dev/urandom of=/crypto_keyfile.bin bs=1024 count=20 # chmod 400 /crypto_keyfile.bin
- LUKS format
/dev/sda2
for boot partition.
# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 -y luksFormat /dev/sda2 # cryptsetup luksAddKey /dev/sda2 /crypto_keyfile.bin
- LUKS format
/dev/sda3
for Arch Linux system and, if necessary,/dev/sdb1
for storage.
# cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --key-file /crypto_keyfile.bin keyfile luksFormat /dev/sda3 # cryptsetup -c aes-xts-plain64 -s 512 -h sha512 -i 5000 --key-file /crypto_keyfile.bin keyfile luksFormat /dev/sdb1
- Open LUKS containers.
# cryptsetup luksOpen /dev/sda2 cryptboot # cryptsetup --key-file /crypto_keyfile.bin luksOpen /dev/sda3 arch
And only if created:
# cryptsetup --key-file /crypto_keyfile.bin luksOpen /dev/sdb1 store
Setup LVM
Single drive systems
For a 500GB drive, which actually holds 465GB, I am for 400GB for user storage. Adjust accordingly.
- Create physical volume.
# lvm pvcreate /dev/mapper/arch
- Create volume group.
# lvm vgcreate arch /dev/mapper/arch
- Create logical volumes.
# lvm lvcreate -L 8GB -n swap arch # lvm lvcreate -L 20GB -n tmp arch # lvm lvcreate -L 37GB -n root arch # lvm lvcreate -L 100%FREE -n home arch
Dual drive systems
For a 120GB SSD for the system and HDD for user storage. Adjust accordingly.
- Create physical volumes.
# lvm pvcreate /dev/mapper/arch # lvm pvcreate /dev/mapper/store
- Create volume groups.
# lvm vgcreate arch /dev/mapper/arch # lvm vgcreate store /dev/mapper/store
- Create logical volumes.
# lvm lvcreate -L 8GB -n swap arch # lvm lvcreate -L 20GB -n tmp arch # lvm lvcreate -l 100%FREE -n root arch # lvm lvcreate -l 100%FREE -n home store
Create and mount filesystems
- Create filesystems.
# mkfs.vfat -n EFI /dev/sda1 # mkfs.ext2 -L boot /dev/mapper/cryptboot # mkfs.btrfs -L tmp /dev/arch/tmp # mkfs.btrfs -L root /dev/arch/root # mkswap -L swap /dev/arch/swap
For single drive systems only:
# mkfs.btrfs -L home /dev/arch/home
For dual drive systems only:
# mkfs.btrfs -L home /dev/store/home
- Mount filesystems, creating necessary mount points.
# mount /dev/arch/root /mnt # mkdir -p /mnt/{boot,tmp,home} # mount /dev/mapper/cryptboot /mnt/boot # mount /dev/arch/tmp /mnt/tmp # mkdir /mnt/boot/efi # mount /dev/sda1 /mnt/boot/efi # swapon /dev/arch/swap
For single drive systems only:
# mount /dev/arch/home /mnt/home
For dual drive systems only:
# mount /dev/store/home /mnt/home
Install Arch Linux
- Copy nearest mirror to top of list.
/etc/pacman.d/mirrorlist
Server = http://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch
- Use pacstrap to install packages.
# pacstrap /mnt base base-devel btrfs-progs
- Generate fstab using UUIDs.
# genfstab -U /mnt > /mnt/etc/fstab
- Copy encryption keyfile.
# cp /crypto_keyfile.bin /mnt/ # cp /crypto_keyfile.bin /mnt/boot
Configure the new installation
- Chroot into /mnt.
# arch-chroot /mnt
# ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime # hwclock --systohc # timedatectl set-ntp true
- Generate and set locale.
/etc/locale.gen
en_GB.UTF-8
# locale-gen
/etc/locale.conf
LANG=en_GB-UTF-8
- Configure virtual consoles.
/etc/vconsole.conf
KEYMAP=uk FONT=Lat2-Terminus16
- Set hostname.
# echo caprica > /etc/hostname
/etc/hosts
127.0.0.1 localhost.local localhost ::1 localhost.local localhost 127.0.0.1 caprica.local caprica ::1 caprica.local caprica
- Configure pacman.
Select mirror:
/etc/pacman.d/mirrorlist
Server = http://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch
Pacman options:
/etc/pacman.conf
# Misc options Color CheckSpace VerbosePkgLists # Repositories [testing] Include = /etc/pacman.d/mirrorlist [core] Include = /etc/pacman.d/mirrorlist [extra] Include = /etc/pacman.d/mirrorlist [community-testing] Include = /etc/pacman.d/mirrorlist [community] Include = /etc/pacman.d/mirrorlist [multilib-testing] Include = /etc/pacman.d/mirrorlist [multilib] Include = /etc/pacman.d/mirrorlist [archlinuxfr] SigLevel = Never Server = https://repo.archlinux.fr/$arch
- Create Linux image for booting
/etc/mkinitcpio.conf
MODULES=(i915 vfat) BINARIES=(/usr/bin/btrfs) FILES=(/crypto_keyfile.bin) HOOKS=(base consolefont udev autodetect modconf block keymap encrypt lvm2 filesystems keyboard fsck)
# mkinitcpio -p linux
GRUB Bootloader
- Install and configure GRUB and dependencies
# pacman -S grub dosfstools mtools efibootmgr
/etc/gdefault/grub
GRUB_TIMEOUT=2 # UUID for /dev/sda3 GRUB_CMDLINE_LINUX="acpi_backlight=vendor cryptdevice=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx:arch" GRUB_ENABLE_CRYPTODISK=y
# grub-mkconfig -o /boot/grub/grub.cfg # grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB --recheck
Partition mounting
- Add compress=lzo to mount options on Btrfs filesystems in
/etc/fstab
.
- Chain decryption in
/etc/crypttab
/etc/crypttab
# UUID for /dev/sda2 cryptboot UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /crypto_keyfile.bin luks # Dual drive systems only: UUID for /dev/sdb1 store UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx /crypto_keyfile.bin luks
Chroot completion
- Set root password.
# passwd
- Leave chroot.
# exit
Tidy up and reboot
- Compress Btrfs root partition.
# btrfs filesystem defragment -r -v -clzo /mnt
- Unmount partitions.
# umount -R /mnt
- Reboot. Remember to remove install USB stick.
# reboot
Additional References
- Arch Linux: Encryption and multiple hard drives by Michael Schätzlein