Difference between revisions of "User:Rdeckard/Installation guide"

A guide for installing a minimal booting system. It gives several options along the way, depending on your system.

• For UEFI, EFISTUB is used to boot the kernel directly.
• For systems needing BIOS, syslinux is used.
• Gives options for encrypting the system if desired.
• Gives notes on using btrfs subvolumes if desired.

You may need additional packages for video drivers, etc.

Pre-installation

Download the Arch ISO and GnuPG signature.

Verify signature

If you have GnuPG installed on your current system, verify the download:

$ gpg --keyserver-options auto-key-retrieve --verify archlinux-version-dual.iso.sig

Create bootable disk

Create a bootable USB drive by doing the following on an existing Linux installation:

# dd bs=4M if=/path/to/archlinux-version-x86_64.iso of=/dev/sdx status=progress && sync

where /dev/sdx is the USB drive.

Boot the live environment

Now boot from the USB drive.

Set the keyboard layout

If using a keymap other than US, temporarily set the keyboard layout by doing:

# loadkeys de-latin1

Change de-latin1 to a layout found in /usr/share/kbd/keymaps/**/*.map.gz

Verify the boot mode

Verify that you have booted with UEFI mode by checking that /sys/firmware/efi/efivars exists. If you're not booted in the UEFI, you should setup your motherboard to do so to follow this installation guide. If you are not able to use UEFI, this guide has an option to boot from BIOS using syslinux.

Connect to the internet

If you have a wired connection, it should connect automatically.

If you have a wireless connection, first stop the wired connection to prevent conflicts:

# systemctl stop dhcpcd@interface.service

A list of interfaces can be found with:

# ip link

Then connect to a wifi network with wpa_supplicant:

# wpa_supplicant -B -i interface -C/run/wpa_supplicant
# wpa_cli -i interface
> scan
> scan_results
> add_network
> set_network 0 ssid "SSID"
> set_network 0 psk "passphrase"
> enable_network 0
> quit

Get an ip address with dhcpcd:

# dhcpcd

For both wired and wireless connections, check your connection with:

# ping archlinux.org

Update the system clock

# timedatectl set-ntp true

Partition the disk

Use lsblk to identify existing file systems.

Here is the layout this guide is using. Modify to your needs.

Use GPT fdisk to format the disk:

# gdisk /dev/sda

1. Create a new empty GUID partition table by typing o at the prompt.
2. Create a new partition by typing n at the prompt. Hit Enter when prompted for the partition number, keeping the default of 1. Hit Enter again for the first section, keeping the default. For the last sector, type in +550M and hit Enter.
   • For an EFI system, type in EF00 to indicate it is an EFI system partition for the partition type. Otherwise, use the default.
3. Now create at least one more partition for the installation. To create just one more partition to fill the rest of the disk, type n at the prompt and use the defaults for the partition number, first sector, last sector, and hex code.
   • If setting up a BIOS system with syslinux, enter expert mode by entering x. Then enter a and then 1 to set an attribute for partition 1. Then enter 2 to set it as a legacy BIOS partition and then Enter to exit the set attribute menu.
4. Finally, write the table to the disk and exit by entering w at the prompt.

# sgdisk /dev/sda -o -n 1::+550M -n 2 -t 2:EF00

# sgdisk /dev/sda -o -n 1::+550M -n 2 -A 1:set:2

Create LUKS container

If encrypting your system with dm-crypt/LUKS, do:

# cryptsetup lukFormat --type luks2 /dev/sda2
# cryptsetup open /dev/sda2 cryptroot

Othwerwise, skip this step.

Format the partitions

Format your ESP as FAT32:

# mkfs.fat -F32 /dev/sda1

Replace ext4 with the file system you are using in all of the following.

To format the LUKS container on an encrypted system do:

# mkfs.ext4 /dev/mapper/cryptroot

To format a regular (not encrypted) system, do:

# mkfs.ext4 /dev/sda2

Mount the file systems

For the encrypted setup mount the LUKS container:

# mount /dev/mapper/cryptroot /mnt

For the regular setup mount the root partition:

# mount /dev/sda2 /mnt

In both cases make a mount point for the boot partition and mount it:

# mkdir -p /mnt/boot
# mount /dev/sda1 /mnt/boot

# mount /dev/mapper/cryptroot /mnt
# btrfs subvolume create /mnt/@
# btrfs subvolume create /mnt/@home
# umount /mnt
# mount -o compress=zstd,subvol=@ /dev/mapper/cryptroot /mnt
# mkdir -p /mnt/home
# mount -o compress=zstd,subvol=@home /dev/mapper/cryptroot /mnt/home
# mkdir -p /mnt/boot
# mount /dev/sda1 /mnt/boot

Installation

Select the mirrors

If you desire, edit /etc/pacman.d/mirrorlist to select which mirrors have priority. Higher in the file means higher priority. This file will be copied to the new installation.

Install the base packages

Instead of installing base, we're only installing a select group of minimal packages needed. Almost all of the base group is installed with these packages through dependencies, and this eliminates a few packages that will not be needed (like netctl and various filesystem userspaces):

# pacstrap /mnt linux pacman systemd btrfs-progs vim licenses man-db man-pages texinfo inetutils iproute2 iputils diffutils file gettext pciutils procps-ng psmisc sed tar usbutils which

• linux, pacman, and systemd are the minimal packages needed to boot the system and pull in most dependencies that you will need.
• btrfs-progs is needed only if you are using btrfs. If using another file system, install the required user-space utilities instead.
• vim is a text editor for editing configuration files. Replace with your favorite editor.
• licenses installs licenses used in the packages you install.
• man-db, man-pages, and texinfo install manpages and info manual.
• inetutils iproute2 iputils contain network utilities like ip(8) and ping(8).
• The remaining packages are helpful utilities that are not pulled in by other packages in the list and highly recommended.

Append additional packages you wish to install to the line. You will have the opportunity to install more packages in the chroot environment and when you boot into the new system.

If you have an AMD or Intel processor, you will want to go ahead and install the amd-ucode or intel-ucode packages, respectively to enable microcode updates later in the guide.

Configure the system

Fstab

Generate the fstab for your new installation:

# genfstab -U /mnt > /mnt/etc/fstab

Chroot

chroot into the new installation:

# arch-chroot /mnt

Time zone

Set the time zone:

# ln -sf /usr/share/zoneinfo/Region/City /etc/localtime

Set the hardware clock from the system clock:

# hwclock --systohc

Localization

Uncomment needed locales in /etc/locale.gen (e.g., en_US.UTF-8). Then run:

# locale-gen

Set the LANG environment variable the locale:

/etc/locale.conf

LANG=en_US.UTF-8

If you are not using a US keymap, make they keyboard layout permanent:

/etc/vconsole.conf

KEYMAP=de-latin1

Network configuration

Hostname

Set the hostname:

/etc/hostname

hostname

/etc/hosts

127.0.0.1	localhost
::1		localhost
127.0.1.1	hostname.localdomain	hostname

Configuration

systemd-networkd will be used to connect to the internet after installation is complete.

Create a minimal systemd-networkd configuration file. Here interface is the wireless interface or the wired interface if not using wireless.

/etc/systemd/network/config.network

[Match]
Name=interface

[Network]
DHCP=yes

Enable the systemd-networkd.service unit.

DNS resolution

To use systemd-resolved for DNS resolution, create a symlink as follows:

# ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

Enable the systemd-resolved.service unit.

Wireless

If using a wireless interface, install the iwd package now:

# pacman -S iwd

Additionally enable the iwd.service for wireless on boot.

/etc/systemd/system/iwd.service.d/override.conf

[Unit]
After=systemd-udevd.service systemd-networkd.service

Initramfs

If using an encrypted system, add the encrypt hook to your mkinitcpio configuration as shown below.

Add the keymap hook if you are not using the default US keymap.

If using btrfs, you can remove the fsck hook.

/etc/mkinitcpio.conf

HOOKS=(base udev autodetect modconf block filesystems keyboard fsck keymap encrypt)

Regenerate initramfs:

# mkinitcpio -p linux

Root password

Set the root password:

# passwd

Add normal user

Install the sudo package:

# pacman -S sudo

Add a normal user, add it to the wheel group, and set the password:

# useradd -m -G wheel user
# passwd user

Open the sudoers file and uncomment the wheel group, giving that user access to sudo:

# EDITOR=vim visudo

Swap file

If using btrfs, first create a subvolume for the swap file to reside on. Then, create an empty swap file and set it to not use COW:

# btrfs subvolume create /.swap
# truncate -s 0 /.swap/swapfile
# chattr +C /.swap/swapfile

If not using btrfs, simply create a directory:

# mkdir /.swap

In all cases do:

# dd if=/dev/zero of=/.swap/swapfile bs=1M count=2048
# chmod 600 /.swap/swapfile
# mkswap /.swap/swapfile

Update fstab with a line for the swap file:

/etc/fstab

/.swap/swapfile none swap defaults 0 0

Boot loader

Two options are provided here. If you have a UEFI motherboard, use #EFISTUB. Otherwise, use the BIOS setup with #syslinux. In either case, you will need your #kernel parameters.

EFISTUB

In the UEFI setup we are not using a boot loader. Instead we are booting the kernel directly via EFISTUB. Previously you should have created a EFI system partition of the size 550MiB and marked it with the partition type EF00.

Exit the chroot and reboot the system. From your Arch Linux live disk, boot into the UEFI Shell v2. Then do:

Shell> map

Note the disk number for the hard drive where you are installing Arch Linux. This guide assumes it is 1.

Now create two UEFI entries using bcfg.

Shell> bcfg boot add 0 fs1:\vmlinuz-linux "Arch Linux"
Shell> bcfg boot add 1 fs1:\vmlinuz-linux "Arch Linux (Fallback)"

Create a file with your #Kernel parameters as a single line:

Shell> edit fs1:\options.txt

Press F2 to save and F3 to quit. Now add that file as the options to your first boot entry:

Shell> bcfg boot -opt 0 fs1:\options.txt

Repeat the above process for your second, fallback entry, creating a text file named options-fallback.txt containing a single line with your kernel parameters, chaning the intird to the fallback image (i.e., /initramfs-linux-fallback.img).

Add it to the entry using bcfg boot -opt 1 fs:1\options-fallback.txt.

syslinux

In the BIOS setup we are using syslinux. Previously you should have created a boot partition that was marked with the attribute "legacy BIOS bootable".

Now, while still in the chroot install syslinux:

# pacman -S syslinux

Create the following configuration file:

/boot/syslinux/syslinux.cfg

DEFAULT arch

LABEL arch
  MENU LABEL Arch Linux
  LINUX ../vmlinuz-linux
  APPEND kernel-parameters

LABEL archfallback
  MENU LABEL Arch Linux
  LINUX ../vmlinuz-linux
  APPEND fallback-kernel-parameters

where kernel-parameters is from #kernel parameters. fallback-kernel-parameters is exactly the same except with initrd pointing to the fallback initramfs (i.e., /initramfs-linux-fallback.img).

Exit the chroot and unmount all of the partitions:

# umount -R /mnt

Then install the bootloader:

# syslinux --directory syslinux /dev/sda1

And install the MBR:

# dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/gptmbr.bin of=/dev/sda

Kernel parameters

No matter what boot loader you use, you need to pass some kernel parameters to it as indicated in the above sections.

For an encrypted system, the kernel parameters will contain at least:

root=/dev/mapper/cryptroot ro initrd=/initramfs-linux.img init=/usr/lib/systemd/systemd cryptdevice=/dev/sda2:cryptroot

For a regular system, the kernel parameters will contain at least:

root=/dev/sda2 ro initrd=/initramfs-linux.img init=/usr/lib/systemd/systemd

Reboot

When you reboot you should be prompted for your LUKS password if you decided to encrypt the system. See User:Rdeckard/Post-installation.