User:Rdeckard/Installation guide

From ArchWiki
< User:Rdeckard
Revision as of 16:54, 26 March 2019 by Rdeckard (talk | contribs) (→‎Root password: note that step can be skipped)
Jump to navigation Jump to search
Warning: This is my personal guide for installing an Arch Linux system. Use it only as a guide as you follow along with the official Installation Guide.

A guide for installing a minimal booting system. Uses UEFI to boot kernel directly via EFISTUB. Does not apply to BIOS systems or systems that dual-boot.

You may need additional packages for video drivers, etc.

Pre-installation

Download the Arch ISO and GnuPG signature.

Verify signature

If you have GnuPG installed on your current system, verify the download:

$ gpg --keyserver-options auto-key-retrieve --verify archlinux-version-dual.iso.sig

Create bootable disk

Create a bootable USB drive by doing the following on an existing Linux installation:

# dd bs=4M if=/path/to/archlinux-version-x86_64.iso of=/dev/sdx status=progress && sync

where /dev/sdx is the USB drive.

Boot the live environment

Now boot from the USB drive.

Set the keyboard layout

If using a keymap other than US, set the keyboard layout by doing:

# loadkeys de-latin1

Change de-latin1 to a layout found in /usr/share/kbd/keymaps/**/*.map.gz

Verify the boot mode

Verify that you have booted with UEFI mode by checking that /sys/firmware/efi/efivars exists. If you're not booted in the UEFI, you should setup your motherboard to do so to follow this installation guide.

Connect to the internet

If you have a wired connection, it should connect automatically.

If you have a wireless connection, first stop the wired connection to prevent conflicts:

# systemctl stop dhcpcd@interface.service

A list of interfaces can be found with:

# ip link

Then connect to a wifi network with:

# wpa_supplicant -B -i interface -C/run/wpa_supplicant
# wpa_cli -i interface
> scan
> scan_results
> add_network
> set_network 0 ssid "SSID"
> set_network 0 psk "passphrase"
> enable_network 0
> quit

Get an ip address:

# dhcpcd

For both wired and wireless connections, check your connection with:

# ping archlinux.org

Update the system clock

# timedatectl set-ntp true

Partition the disk

Warning: All data on your disk will be erased. Backup any data you wish to keep.
Note: This guide assumes your disk is at /dev/sda. Change if needed.

Here is the layout this guide is using. Modify to your needs.

Mount point Partition Partition type GUID Partition attributes Suggested size
/boot /dev/sda1 C12A7328-F81F-11D2-BA4B-00A0C93EC93B: EFI system partition 550 MiB
/ /dev/sda2 4F68BCE3-E8CD-4DB1-96E7-FBCAF984B709: Linux x86-64 root (/) Remainder of the device

Use GPT fdisk to format the disk:

# gdisk /dev/sda

Create a new empty GUID partition table by typing o at the prompt.

Then create a new EFI system partition by typing n at the prompt. Hit Enter when prompted for the partition number, keeping the default of 1. Hit Enter again for the first section, keeping the default. For the last sector, type in +550M and hit Enter. Lastly, type in EF00 for the partition type.

Now create at least one more partition for the installation. To create just one more partition to fill the rest of the disk, type n at the prompt and use the defaults for the partition number, first sector, last sector, and hex code.

Finally, write the table to the disk and exit by entering w at the prompt.

Create LUKS container

If encrypting your system, do:

# cryptsetup lukFormat --type luks2 /dev/sda2
# cryptsetup open /dev/sda2 cryptroot

Othwerwise, skip this step.

Format the partitions

Format your ESP as FAT32:

# mkfs.fat -F32 /dev/sda1

Replace ext4 with the file system you are using in all of the following.

To format the LUKS container on an encrypted system do:

# mkfs.ext4 /dev/mapper/cryptroot

To format a regular (not encrypted) system, do:

# mkfs.ext4 /dev/sda2

Mount the file systems

For the encrypted setup do:

# mount /dev/mapper/cryptroot /mnt

For the regular setup do:

# mount /dev/sda2 /mnt

In both cases do:

# mkdir -p /mnt/boot
# mount /dev/sda1 /mnt/boot
Tip: If using btrfs, create any subvolumes you wish to use as mount points now. Then unmount /mnt and remount your subvolumes to the appropriate mount points. For example, for the encrypted setup:
# btrfs subvolume create /mnt/@
# btrfs subvolume create /mnt/@home
# umount /mnt/boot
# umount /mnt
# mount -o compress=zstd,subvol=@ /dev/mapper/cryptroot /mnt
# mkdir -p /mnt/home
# mount -o compress=zstd,subvol=@home /dev/mapper/cryptroot /mnt/home
# mount /dev/sda1 /mnt/boot

Installation

Select the mirrors

If you desire, edit /etc/pacman.d/mirrorlist to select which mirrors have priority. Higher in the file means higher priority. This file will be copied to the new installation.

Install the base packages

Instead of installing base, we're only installing a select group of minimal packages needed.

Install the kernel and distro requirements. These three packages are the minimum you need to boot a system. Installing these packages will also automatically pull in bash, bzip2, coreutils, cryptsetup, device-mapper, e2fsprogs, filesystem, findutils, gawk, gcc-libs, glibc, grep, gzip, less, linux-firmware, perl, shadow, util-linux (among other dependencies):

# pacstrap /mnt linux pacman systemd

For btrfs you need to install the user-space utilities. If using another file system, install the required user-space utilities instead.

# pacstrap /mnt btrfs-progs

To connect to the Internet later install dhcpcd and iwd. Omit iwd if not using wireless.

# pacstrap /mnt dhcpcd iwd

Networking utilities. Includes binaries such as ip(8) and ping(8).

# pacstrap /mnt inetutils iproute2 iputils

Licenses:

# pacstrap /mnt licenses

Manpages and Info manual:

# pacstrap /mnt man-db man-pages texinfo

Additional utilities:

# pacstrap /mnt diffutils file gettext pciutils procps-ng psmisc sed tar usbutils which

Text editor for editing configuration files, etc.:

# pacstrap /mnt vim

Sudo so your normal user, created later, can have super-user privileges when needed:

# pacstrap /mnt sudo

If using an Intel or AMD processor, use pacstrap to install the intel-ucode package or the amd-ucode package, respectively. See microcode.

Configure the system

Fstab

# genfstab -U /mnt > /mnt/etc/fstab

Chroot

# arch-chroot /mnt

Time zone

# ln -sf /usr/share/zoneinfo/Region/City /etc/localtime

Set the hardware clock from the system clock:

# hwclock --systohc

Localization

Uncomment needed locales in /etc/locale.gen (e.g., en_US.UTF-8). Then run:

# locale-gen

Set LANG:

/etc/locale.conf
LANG=en_US.UTF-8

If not using a US keymap, make they keyboard layout permanent:

/etc/vconsole.conf
KEYMAP=de-latin1

Network configuration

Set the hostname:

/etc/hostname
hostname
/etc/hosts
127.0.0.1	localhost
::1		localhost
127.0.1.1	hostname.localdomain	hostname

iwd and dhcpcd will be used to connect to the internet after installation is complete.

Initramfs

Add the keyboard, keymap, and encrypt hooks. You will need to make sure you have any additional needed hooks for your setup.

/etc/mkinitcpio.conf
HOOKS=(base udev autodetect modconf keyboard keymap block encrypt filesystems fsck)

Omit keymap if you are using the default US keymap.

Regenerate initramfs:

# mkinitcpio -p linux

Root password

Set the root password:

# passwd

You can skip this step if you are giving your normal user super user privileges via sudo.

Add normal user

# useradd -m -G wheel user
# passwd user

Open the sudoers file and uncomment the wheel group:

# EDITOR=vim visudo

Swap file

If using btrfs, first create a subvolume for the swap file to reside on. Then, create an empty swap file and set it to not use COW:

# btrfs subvolume create /.swap
# truncate -s 0 /.swap/swapfile
# chattr +C /.swap/swapfile

If not using btrfs, simply create a directory:

# mkdir /.swap

In all cases do:

# dd if=/dev/zero of=/.swap/swapfile bs=1M count=2048
# chmod 600 /.swap/swapfile

Update fstab with a line for the swap file:

/etc/fstab
/.swap/swapfile none swap defaults 0 0
Warning: If using btrfs instead of ext4, do not use a swap file for kernels before v5.0, since it may cause file system corruption. Instead, use a swap partition (not covered here).

Boot loader

In this setup we are not using a boot loader. Instead we are booting the kernel directly.

Exit the chroot and reboot the system. From your Arch Linux live disk, boot into the UEFI Shell v2. Then do:

Shell> map

Note the disk number for the hard drive where you are installing Arch Linux. This guide assumes it is 1.

Now create two UEFI entries using bcfg.

Shell> bcfg boot add 0 fs1:\vmlinuz-linux "Arch Linux"
Shell> bcfg boot add 1 fs1:\vmlinuz-linux "Arch Linux (Fallback)"

Create a file with your boot parameters for the normal boot:

Shell> edit fs1:\options.txt

For an encrypted system, this file will contain at least:

root=/dev/mapper/cryptroot ro initrd=/initramfs-linux.img init=/usr/lib/systemd/systemd cryptdevice=/dev/sda2:cryptroot
Tip: Add :allow-discards after cryptroot to allow trimming if using an SSD. Then enable the fstrim.timer to trim the device weekly.

For a regular system, this file will contain at least:

root=/dev/sda2 ro initrd=/initramfs-linux.img init=/usr/lib/systemd/systemd
Tip: In either case, if using btrfs, and you want to boot from a specific subvolume, add rootfstype=btrfs rootflags=subvol=/@, where @ is the subvolume you will mount as /.
Note:
  • Create at least one additional space before the first character of your boot line in your options files. Otherwise, the root parameter, in this case, gets squashed by a byte order mark and will not be passed to the initramfs, resulting in an error when booting. Additionally, your options file should be one line, and one line only.
  • If you have an Intel or AMD CPU, enable microcode updates by adding an additional initrd= entry pointing to /intel-ucode.img or /amd-ucode.img, respectively. It must be the first initrd entry on the line.

Press F2 to save and F3 to quit. Now add the options to your first boot entry:

Shell> bcfg boot -opt 0 fs1:\options.txt

Repeat the above process for your second, fallback entry, creating a text file named options-fallback.txt containing the boot line. Change the intird to the fallback image.

Add it to the entry using bcfg boot -opt 1 fs:1\options-fallback.txt.

Reboot

When you reboot you should be prompted for your LUKS password if you decided to encrypt the system. See User:Rdeckard/Post-installation.