Difference between revisions of "User:Rdeckard/Installation guide"

From ArchWiki
Jump to navigation Jump to search
(→‎Configure UEFI: fix formatting)
(→‎Configure UEFI: link to bcfg article)
Line 304: Line 304:
 
Note the disk number for the hard drive where you are installing Arch Linux. This guide assumes it is {{ic|1}}.
 
Note the disk number for the hard drive where you are installing Arch Linux. This guide assumes it is {{ic|1}}.
  
Now create two UEFI entries:
+
Now create two UEFI entries using [[bcfg]].
  
 
  Shell> bcfg boot add 0 fs1:\vmlinuz-linux "Arch Linux"
 
  Shell> bcfg boot add 0 fs1:\vmlinuz-linux "Arch Linux"

Revision as of 13:09, 26 March 2019

Warning: This is my personal guide for installing an Arch Linux system. Use it only as a guide as you follow along with the official Installation Guide.

A guide for installing an encrypted system with just the basics. Uses UEFI to boot kernel directly via EFISTUB. Does not apply to BIOS systems or systems that dual-boot.

You may need additional packages for video drivers, etc.

Pre-installation

Download the Arch ISO and GnuPG signature.

Verify signature

If you have GnuPG installed on your current system, verify the download:

$ gpg --keyserver-options auto-key-retrieve --verify archlinux-version-dual.iso.sig

Create bootable disk

Create a bootable USB drive by doing the following on an existing Linux installation:

# dd bs=4M if=/path/to/archlinux-version-x86_64.iso of=/dev/sdx status=progress && sync

where /dev/sdx is the USB drive.

Boot the live environment

Now boot from the USB drive.

Set the keyboard layout

If using a keymap other than US, set the keyboard layout by doing:

# loadkeys de-latin1

Change de-latin1 to a layout found in /usr/share/kbd/keymaps/**/*.map.gz

Verify the boot mode

Verify that you have booted with UEFI mode by checking that /sys/firmware/efi/efivars exists. If you're not booted in the UEFI, you should setup your motherboard to do so to follow this installation guide.

Connect to the internet

If you have a wired connection, it should connect automatically.

If you have a wireless connection, first stop the wired connection to prevent conflicts:

# systemctl stop dhcpcd@interface.service

A list of interfaces can be found with:

# ip link

Then connect to a wifi network with:

# wpa_supplicant -B -i interface -C/run/wpa_supplicant
# wpa_cli -i interface
> scan
> scan_results
> add_network
> set_network 0 ssid "SSID"
> set_network 0 psk "passphrase"
> enable_network 0
> quit

Get an ip address:

# dhcpcd

For both wired and wireless connections, check your connection with:

# ping archlinux.org

Update the system clock

# timedatectl set-ntp true

Partition the disk

Use GPT fdisk to format the disk:

# gdisk /dev/sda

Create a GUID partition table. Then create an EFI system partition of size 550MiB and marked as partition type EF00. Create at least one more partition for the system partition.

Note: This guide assumes your disk is at /dev/sda. Change if needed.

Here is the layout this guide is using. Modify to your needs.

Mount point Partition Partition type GUID Partition attributes Suggested size
/boot /dev/sda1 C12A7328-F81F-11D2-BA4B-00A0C93EC93B: EFI system partition 550 MiB
/ /dev/sda2 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709: Linux x86-64 root (/) Remainder of the device

Create LUKS container

If encrypting your system, do:

# cryptsetup lukFormat /dev/sda2
# cryptsetup open /dev/sda2 cryptroot

Othwerwise, skip this step.

Format the partitions

Format your ESP as FAT32:

# mkfs.fat -F32 /dev/sda1

Replace ext4 with the file system you are using in all of the following.

To format the LUKS container on an encrypted system do:

# mkfs.ext4 /dev/mapper/cryptroot

To format a regular (not encrypted) system, do:

# mkfs.ext4 /dev/sda2

Mount the file systems

For the encrypted setup do:

# mount /dev/mapper/cryptroot /mnt

For the regular setup do:

# mount /dev/sda2 /mnt

In both cases do:

# mount /dev/sda1 /mnt/boot
Tip: If using btrfs, create any subvolumes you wish to use as mount points now. Then unmount /mnt and remount your subvolumes to the appropriate mount points. For example, for the encrypted setup:
# btrfs subvolume create /mnt/@
# btrfs subvolume create /mnt/@home
# umount /mnt/boot
# umount /mnt
# mount -o compress=zstd,subvol=@ /dev/mapper/cryptroot /mnt
# mount -o compress=zstd,subvol=@home /dev/mapper/cryptroot /mnt/home
# mount /dev/sda1 /mnt/boot

Installation

Install the kernel and distro requirements. These three packages are the minimum you need to boot a system. Installing these packages will also automatically pull in bash, bzip2, coreutils, cryptsetup, device-mapper, e2fsprogs, filesystem, findutils, gawk, gcc-libs, glibc, grep, gzip, less, linux-firmware, perl, shadow, util-linux (among other dependencies):

# pacstrap /mnt linux pacman systemd

For btrfs you need to install the user-space utilities:

# pacstrap /mnt btrfs-progs

To connect to the Internet later:

# pacstrap /mnt dhcpcd iwd

Networking utilities:

# pacstrap /mnt inetutils iproute2 iputils

Licenses:

# pacstrap /mnt licenses

Manpages:

# pacstrap /mnt man-db man-pages texinfo

Additional utilities:

# pacstrap /mnt diffutils file gettext pciutils procps-ng psmisc sed tar usbutils which

File editing:

# pacstrap /mnt vim

Sudo:

# pacstrap /mnt sudo

Configure the system

Fstab

# genfstab -U /mnt > /mnt/etc/fstab

Chroot

# arch-chroot /mnt

Time zone

# ln -sf /usr/share/zoneinfo/Region/City /etc/localtime

Set the hardware clock from the system clock:

# hwclock --systohc

Localization

Uncomment needed locales in /etc/locale.gen (e.g., en_US.UTF-8). Then run:

# locale-gen

Set LANG:

/etc/locale.conf
LANG=en_US.UTF-8

If not using a US keymap, make they keyboard layout permanent:

/etc/vconsole.conf
KEYMAP=de-latin1

Network configuration

Set the hostname:

/etc/hostname
hostname
/etc/hosts
127.0.0.1	localhost
::1		localhost
127.0.1.1	hostname.localdomain	hostname

iwd and dhcpcd will be used to connect to the internet after installation is complete.

Initramfs

Add the keyboard, keymap, and encrypt hooks. You will need to make sure you have any additional needed hooks for your setup.

/etc/mkinitcpio.conf
HOOKS=(base udev autodetect modconf keyboard keymap block encrypt filesystems)

Omit keymap if you are using the default US keymap.

Regenerate initramfs:

# mkinitcpio -p linux

Root password

Set the root password:

# passwd

Add normal user

# useradd -m -G wheel user
# passwd user

Open the sudoers file and uncomment the wheel group:

# visudo

Swap file

If using btrfs, first create a subvolume for the swap file to reside on. Then, create an empty swap file and set it to not use COW:

# btrfs subvolume create /.swap
# truncate -s 0 /.swap/swapfile
# chattr +C /.swap/swapfile

If not using btrfs, simply create a directory:

# mkdir /.swap

In all cases do:

# dd if=/dev/zero of=/.swap/swapfile bs=1M count=2048
# chmod 600 /.swap/swapfile
# mkswap /.swap/swapfile
# swapon /.swap/swapfile

Update fstab with a line for the swap file:

/etc/fstab
/.swap/swapfile none swap defaults 0 0
Warning: If using btrfs instead of ext4, do not use a swap file for kernels before v5.0, since it may cause file system corruption. Instead, use a swap partition (not covered here).

Reboot

# exit
# reboot

Configure UEFI

In this setup we are not using a boot loader. Instead we are booting the kernel directly.

From your Arch Linux live disk, boot into the UEFI Shell v2. Then do:

Shell> map

Note the disk number for the hard drive where you are installing Arch Linux. This guide assumes it is 1.

Now create two UEFI entries using bcfg.

Shell> bcfg boot add 0 fs1:\vmlinuz-linux "Arch Linux"
Shell> bcfg boot add 1 fs1:\vmlinuz-linux "Arch Linux (Fallback)"

Create a file with your boot parameters for the normal boot:

Shell> edit fs1:\options.txt

For an encrypted system, this file will contain at least:

root=/dev/mapper/cryptroot ro initrd=/initramfs-linux.img init=/usr/lib/systemd/systemd cryptdevice=/dev/sda2:cryptroot
Tip: Add :allow-discards after cryptroot to allow trimming if using an SSD. Then enable the fstrim.timer to trim the device weekly.

For a regular system, this file will contain at least:

root=/dev/sda2 ro initrd=/initramfs-linux.img init=/usr/lib/systemd/systemd
Tip: In either case, if using btrfs, and you want to boot from a specific subvolume, add
Template error: are you trying to use the = sign? Visit Help:Template#Escape template-breaking characters for workarounds.
, where @ is the subvolume you will mount as /.
Note: Create at least one additional space before the first character of your boot line in your options files. Otherwise, the root parameter, in this case, gets squashed by a byte order mark and will not be passed to the initramfs, resulting in an error when booting. Additionally, your options file should be one line, and one line only.

Press F2 to save and F3 to quit. Now add the options to your first boot entry:

Shell> bcfg boot -opt 0 fs1:\options.txt

Repeat the above process for your second, fallback entry, creating a text file named options-fallback.txt containing the boot line. Change the intird to the fallback image.

Add it to the entry using bcfg boot -opt 1 fs:1\options-fallback.txt.

Reboot

When you reboot you should be prompted for your LUKS password if you decided to encrypt the system. See User:Rdeckard/Post-installation.