User:Rdeckard/Installation guide

From ArchWiki
< User:Rdeckard
Revision as of 21:57, 18 February 2018 by Rdeckard (talk | contribs) (Create fstab: cleanup)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Warning: This is my personal guide for installing an Arch Linux system. Use it only as a guide as you follow along with the official Installation Guide.

A guide for installing an encrypted system with just the basics. Uses UEFI to boot kernel directly via EFISTUB. Does not apply to BIOS systems or systems that dual-boot.

You may need additional packages for video drivers, etc.

Preparation

Download the Arch ISO.

If you have GnuPG installed on your current system, verify the download:

$ gpg --keyserver-options auto-key-retrieve --verify archlinux-version-dual.iso.sig

Create a bootable USB drive by doing the following on an existing Linux installation:

# dd bs=4M if=/path/to/archlinux-version-dual.iso of=/dev/sdx status=progress && sync

where /dev/sdx is the USB drive. Now boot from the USB drive.

Pre-installation

Set keyboard layout

If using a keymap other than US, set the keyboard layout by doing:

# loadkeys de-latin1

Change de-latin1 to a layout found in /usr/share/kbd/keymaps/**/*.map.gz

Connect to the internet

If you have a wired connection, it should connect automatically.

If you have a wireless connection, first stop the wired connection to prevent conflicts:

# systemctl stop dhcpcd@interface.service

A list of interfaces can be found with:

# ip link

Then connect to a wifi network with:

# wpa_supplicant -B -i interface -C/run/wpa_supplicant
# wpa_cli -i interface
> scan
> scan_results
> add_network
> set_network 0 ssid "SSID"
> set_network 0 psk "passphrase"
> enable_network 0
> quit

Get an ip address:

# dhcpcd

For both wired and wireless connections, check your connection with:

# ping archlinux.org

Update system clock

# timedatectl set-ntp true

Partition the disk

# gdisk /dev/sda

Create a GUID partition table. The create an EFI system partition of size 550MiB and marked as partition type EF00. Create at least one more partition for the system partition.

Note: This guide assumes your disk is at /dev/sda. Change if needed.

Create filesystems and mount

Format your ESP as FAT32:

# mkfs.fat -F32 /dev/sda1

Replace ext4 with the file system you are using in all of the following.

To create an encrypted system do:

# cryptsetup lukFormat /dev/sda2
# cryptsetup open /dev/sda2 cryptroot
# mkfs.ext4 /dev/mapper/cryptroot
# mount /dev/mapper/cryptroot /mnt
# mount /dev/sda1 /mnt/boot

To create a regular (not encrypted) system, do:

# mkfs.ext4 /dev/sda2
# mount /dev/sda2 /mnt
# mount /dev/sda1 /mnt/boot
Tip: If using btrfs, create any subvolumes you wish to use as mount points now. Then unmount /mnt and remount your subvolumes to the appropriate mount points. For example:
# btrfs subvolume create /mnt/@
# btrfs subvolume create /mnt/@home
# umount /mnt/boot
# umount /mnt
# mount -o compress=zstd,subvol=@ /mnt
# mount -o compress=zstd,subvol=@home /mnt/home
# mount /dev/sda1 /mnt/boot

Installation

# pacstrap /mnt base sudo wpa_supplicant
Tip:
  • Append any additional packages you desire to the end of this line, or install later while in the chroot environment.
  • For a list of packages on the ISO that are not in base, do:
$ comm -23 <(wget -q -O - https://git.archlinux.org/archiso.git/plain/configs/releng/packages.both) <(pacman -Qqg base | sort)
Note: If using btrfs, btrfs-progs should be appended, since it is not in the base group.

Configuration

Create fstab

# genfstab -U /mnt > /mnt/etc/fstab

Chroot

# arch-chroot /mnt

Locale

Uncomment needed locales in /etc/locale.gen (e.g., en_US.UTF-8). Then run:

# locale-gen

Set LANG:

/etc/locale.conf
LANG=en_US.UTF-8

If not using a US keymap, make they keyboard layout permanent:

/etc/vconsole.conf
KEYMAP=de-latin1

Set the timezone

# ln -sf /usr/share/zoneinfo/Region/City /etc/localtime

Set hardware clock from system clock

# hwclock --systohc

Set hostname

/etc/hostname
hostname
/etc/hosts
127.0.0.1	localhost
::1		localhost
127.0.1.1	hostname.localdomain	hostname

Set root password

# passwd

Add normal user

# useradd -m -G wheel user
# passwd user

Open the sudoers file and uncomment the wheel group:

# visudo

Generate intramfs

Add the keyboard, keymap, and encrypt hooks. You will need to make sure you have any additional needed hooks for your setup.

/etc/mkinitcpio.conf
HOOKS=(base udev autodetect modconf keyboard keymap block encrypt filesystems)

Omit keymap if you are using the default US keymap.

Regenerate initramfs:

# mkinitcpio -p linux

Swap

Use either a swap file or swap partition. If using a swap partition, you should have created an additional partition earlier.

Swap file

# dd if=/dev/zero of=/swapfile bs=1M count=512
# chmod 600 /swapfile
# mkswap /swapfile
# swapon /swapfile

Update fstab with a line for the swap file:

/etc/fstab
/swapfile none swap defaults 0 0
Warning: If using btrfs instead of ext4, do not use a swap file, since it may cause file system corruption. Instead, use a swap partition.

Swap partition

For an encrypted system edit the following file:

/etc/crypttab
swap /dev/disk/by-partuuid/PARTUUID /dev/urandom swap

where PARTUUID is the partition UUID of your swap partition.

Warning: All data on the device listed above will be destroyed on every boot. Ensure you get it right.

Additionally, append to your fstab:

/etc/fstab
/dev/mapper/swap none swap defaults 0 0

See Dm-crypt/Swap encryption.

For a regular system:

/etc/fstab
/dev/sda3 none swap defaults 0 0

Exit chroot and reboot

# exit
# reboot

Configure UEFI

In this setup we are not using a boot loader. Instead we are booting the kernel directly.

From your Arch Linux live disk, boot into the UEFI Shell v2. Then do:

Shell> map

Note the disk number for the hard drive where you are installing Arch Linux. This guide assumes it is 1.

Now create two UEFI entries:

Shell> bcfg boot add 0 fs1:\vmlinuz-linux "Arch Linux"
Shell> bcfg boot add 1 fs1:\vmlinuz-linux "Arch Linux (Fallback)"

Create a file with your boot parameters for the normal boot:

Shell> edit fs1:\options.txt

For an encrypted system, this file will contain at least:

root=/dev/mapper/cryptroot ro initrd=/initramfs-linux.img cryptdevice=/dev/sda2:cryptroot
Tip: Add :allow-discards after cryptroot to allow trimming if using an SSD. Then enable the fstrim.timer to trim the device weekly.

For a regular system, this file will contain at least:

root=/dev/sda2 ro initrd=/initramfs-linux.img
Note: Create at least one additional space before the first character of your boot line in your options files. Otherwise, the root parameter, in this case, gets squashed by a byte order mark and will not be passed to the initramfs, resulting in an error when booting. Additionally, your options file should be one line, and one line only.

Press F2 to save and F3 to quit. Now add the options to your first boot entry:

Shell> bcfg boot -opt 0 fs1:\options.txt

Repeat the above process for your second, fallback entry, creating a text file named options-fallback.txt containing the boot line. Change the intird to the fallback image.

Add it to the entry using bcfg boot -opt 1 fs:1\options-fallback.txt.

Reboot

When you reboot you should be prompted for your LUKS password if you decided to encrypt the system. See User:Rdeckard/Post-installation.