User:Rdeckard/Installation guide
A guide for installing a minimal booting system. It gives several options along the way, depending on your system.
- For UEFI, EFISTUB is used to boot the kernel directly.
- For systems needing BIOS, syslinux is used.
- Gives options for encrypting the system if desired.
- Gives notes on using btrfs subvolumes if desired.
You may need additional packages for video drivers, etc.
Pre-installation
Download the Arch ISO and GnuPG signature.
Verify signature
If you have GnuPG installed on your current system, verify the download:
$ gpg --keyserver-options auto-key-retrieve --verify archlinux-version-dual.iso.sig
Create bootable disk
Create a bootable USB drive by doing the following on an existing Linux installation:
# dd bs=4M if=/path/to/archlinux-version-x86_64.iso of=/dev/sdx status=progress && sync
where /dev/sdx
is the USB drive.
Boot the live environment
Now boot from the USB drive.
Set the keyboard layout
If using a keymap other than US, temporarily set the keyboard layout by doing:
# loadkeys de-latin1
Change de-latin1
to a layout found in /usr/share/kbd/keymaps/**/*.map.gz
Verify the boot mode
Verify that you have booted with UEFI mode by checking that /sys/firmware/efi/efivars
exists. If you're not booted in the UEFI, you should setup your motherboard to do so to follow this installation guide. If you are not able to use UEFI, this guide has an option to boot from BIOS using syslinux.
Connect to the internet
If you have a wired connection, it should connect automatically.
If you have a wireless connection, first stop the wired connection to prevent conflicts:
# systemctl stop dhcpcd@interface.service
A list of interfaces can be found with:
# ip link
Then connect to a wifi network with wpa_supplicant:
# wpa_supplicant -B -i interface -C/run/wpa_supplicant # wpa_cli -i interface > scan > scan_results > add_network > set_network 0 ssid "SSID" > set_network 0 psk "passphrase" > enable_network 0 > quit
Get an ip address with dhcpcd:
# dhcpcd
For both wired and wireless connections, check your connection with:
# ping archlinux.org
Update the system clock
# timedatectl set-ntp true
Partition the disk
/dev/sda
. Change if needed.Use lsblk
to identify existing file systems.
Here is the layout this guide is using. Modify to your needs.
Example partition layout | ||||
---|---|---|---|---|
Mount point | Partition | Partition type | Suggested size | |
/mnt/boot
|
/dev/sda1
|
|
550 MiB | |
/mnt
|
|
Linux x86-64 root (/) | Remainder of the device |
Use GPT fdisk to format the disk:
# gdisk /dev/sda
- Create a new empty GUID partition table by typing
o
at the prompt. - Create a new partition by typing
n
at the prompt. HitEnter
when prompted for the partition number, keeping the default of1
. HitEnter
again for the first section, keeping the default. For the last sector, type in+550M
and hitEnter
.- For an EFI system, type in
EF00
to indicate it is an EFI system partition for the partition type. Otherwise, use the default.
- For an EFI system, type in
- Now create at least one more partition for the installation. To create just one more partition to fill the rest of the disk, type
n
at the prompt and use the defaults for the partition number, first sector, last sector, and hex code.- If setting up a BIOS system with syslinux, enter expert mode by entering
x
. Then entera
and then1
to set an attribute for partition 1. Then enter2
to set it as a legacy BIOS partition and thenEnter
to exit the set attribute menu.
- If setting up a BIOS system with syslinux, enter expert mode by entering
- Finally, write the table to the disk and exit by entering
w
at the prompt.
For EFI:
# sgdisk /dev/sda -o -n 1::+550M -n 2 -t 2:EF00
For BIOS:
# sgdisk /dev/sda -o -n 1::+550M -n 2 -A 1:set:2
Create LUKS container
If encrypting your system with dm-crypt/LUKS, do:
# cryptsetup lukFormat --type luks2 /dev/sda2 # cryptsetup open /dev/sda2 cryptroot
Othwerwise, skip this step.
Format the partitions
Format your ESP as FAT32:
# mkfs.fat -F32 /dev/sda1
Replace ext4
with the file system you are using in all of the following.
To format the LUKS container on an encrypted system do:
# mkfs.ext4 /dev/mapper/cryptroot
To format a regular (not encrypted) system, do:
# mkfs.ext4 /dev/sda2
Mount the file systems
For the encrypted setup mount the LUKS container:
# mount /dev/mapper/cryptroot /mnt
For the regular setup mount the root partition:
# mount /dev/sda2 /mnt
In both cases make a mount point for the boot partition and mount it:
# mkdir -p /mnt/boot # mount /dev/sda1 /mnt/boot
/mnt
and remount your subvolumes to the appropriate mount points. For example, for the encrypted setup:
# mount /dev/mapper/cryptroot /mnt # btrfs subvolume create /mnt/@ # btrfs subvolume create /mnt/@home # umount /mnt # mount -o compress=zstd,subvol=@ /dev/mapper/cryptroot /mnt # mkdir -p /mnt/home # mount -o compress=zstd,subvol=@home /dev/mapper/cryptroot /mnt/home # mkdir -p /mnt/boot # mount /dev/sda1 /mnt/boot
Installation
Select the mirrors
If you desire, edit /etc/pacman.d/mirrorlist
to select which mirrors have priority. Higher in the file means higher priority. This file will be copied to the new installation.
Install packages
# pacstrap /mnt base btrfs-progs linux man-db man-pages texinfo vim which
Append additional packages you wish to install to the line. You will have the opportunity to install more packages in the chroot environment and when you boot into the new system.
If you have an AMD or Intel processor, you will want to go ahead and install the amd-ucode or intel-ucode packages, respectively to enable microcode updates later in the guide.
Configure the system
Fstab
Generate the fstab for your new installation:
# genfstab -U /mnt > /mnt/etc/fstab
Chroot
chroot into the new installation:
# arch-chroot /mnt
Time zone
Set the time zone:
# ln -sf /usr/share/zoneinfo/Region/City /etc/localtime
Set the hardware clock from the system clock:
# hwclock --systohc
Localization
Uncomment needed locales in /etc/locale.gen
(e.g., en_US.UTF-8
). Then run:
# locale-gen
Set the LANG
environment variable the locale:
/etc/locale.conf
LANG=en_US.UTF-8
If you are not using a US keymap, make they keyboard layout permanent:
/etc/vconsole.conf
KEYMAP=de-latin1
Network configuration
Hostname
Set the hostname:
/etc/hostname
hostname
/etc/hosts
127.0.0.1 localhost ::1 localhost 127.0.1.1 hostname.localdomain hostname
Configuration
systemd-networkd will be used to connect to the internet after installation is complete.
Create a minimal systemd-networkd configuration file. Here interface
is the wireless interface or the wired interface if not using wireless.
/etc/systemd/network/config.network
[Match] Name=interface [Network] DHCP=yes
Enable the systemd-networkd.service
unit.
DNS resolution
To use systemd-resolved for DNS resolution, create a symlink as follows:
# ln -s /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
Enable the systemd-resolved.service
unit.
Wireless
If using a wireless interface, install the iwd package now:
# pacman -S iwd
Additionally enable the iwd.service
for wireless on boot.
/etc/systemd/system/iwd.service.d/override.conf
[Unit] After=systemd-udevd.service systemd-networkd.service
Initramfs
If using an encrypted system, add the encrypt
hook to your mkinitcpio configuration as shown below.
Add the keymap
hook if you are not using the default US keymap.
If using btrfs, you can remove the fsck
hook.
/etc/mkinitcpio.conf
HOOKS=(base udev autodetect modconf block filesystems keyboard fsck keymap encrypt)
keyboard
in front of autodetect
if using an external USB keyboard that was not connected when the image is created.Regenerate initramfs:
# mkinitcpio -p linux
Root password
Set the root password:
# passwd
Add normal user
# pacman -S sudo
Add a normal user, add it to the wheel
group, and set the password:
# useradd -m -G wheel user # passwd user
Open the sudoers file and uncomment the wheel
group, giving that user access to sudo:
# EDITOR=vim visudo
Swap file
If using btrfs, first create a subvolume for the swap file to reside on. Then, create an empty swap file and set it to not use COW:
# btrfs subvolume create /.swap # truncate -s 0 /.swap/swapfile # chattr +C /.swap/swapfile
If not using btrfs, simply create a directory:
# mkdir /.swap
In all cases do:
# dd if=/dev/zero of=/.swap/swapfile bs=1M count=2048 # chmod 600 /.swap/swapfile # mkswap /.swap/swapfile
Update fstab with a line for the swap file:
/etc/fstab
/.swap/swapfile none swap defaults 0 0
Boot loader
Two options are provided here. If you have a UEFI motherboard, use #EFISTUB. Otherwise, use the BIOS setup with #syslinux. In either case, you will need your #kernel parameters.
EFISTUB
In the UEFI setup we are not using a boot loader. Instead we are booting the kernel directly via EFISTUB. Previously you should have created a EFI system partition of the size 550MiB and marked it with the partition type EF00
.
Exit the chroot and reboot the system. From your Arch Linux live disk, boot into the UEFI Shell v2. Then do:
Shell> map
Note the disk number for the hard drive where you are installing Arch Linux. This guide assumes it is 1
.
Now create two UEFI entries using bcfg.
Shell> bcfg boot add 0 fs1:\vmlinuz-linux "Arch Linux" Shell> bcfg boot add 1 fs1:\vmlinuz-linux "Arch Linux (Fallback)"
Create a file with your #Kernel parameters as a single line:
Shell> edit fs1:\options.txt
Press F2
to save and F3
to quit. Now add that file as the options to your first boot entry:
Shell> bcfg boot -opt 0 fs1:\options.txt
Repeat the above process for your second, fallback entry, creating a text file named options-fallback.txt
containing a single line with your kernel parameters, chaning the intird to the fallback image (i.e., /initramfs-linux-fallback.img
).
Add it to the entry using bcfg boot -opt 1 fs:1\options-fallback.txt
.
syslinux
In the BIOS setup we are using syslinux. Previously you should have created a boot partition that was marked with the attribute "legacy BIOS bootable".
Now, while still in the chroot install syslinux:
# pacman -S syslinux
Create the following configuration file:
/boot/syslinux/syslinux.cfg
DEFAULT arch LABEL arch MENU LABEL Arch Linux LINUX ../vmlinuz-linux APPEND kernel-parameters LABEL archfallback MENU LABEL Arch Linux LINUX ../vmlinuz-linux APPEND fallback-kernel-parameters
where kernel-parameters
is from #kernel parameters. fallback-kernel-parameters
is exactly the same except with initrd
pointing to the fallback initramfs (i.e., /initramfs-linux-fallback.img
).
Exit the chroot and unmount all of the partitions:
# umount -R /mnt
Then install the bootloader:
# syslinux --directory syslinux /dev/sda1
And install the MBR:
# dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/gptmbr.bin of=/dev/sda
Kernel parameters
No matter what boot loader you use, you need to pass some kernel parameters to it as indicated in the above sections.
For an encrypted system, the kernel parameters will contain at least:
root=/dev/mapper/cryptroot ro initrd=/initramfs-linux.img init=/usr/lib/systemd/systemd cryptdevice=/dev/sda2:cryptroot
:allow-discards
after cryptroot
to allow trimming if using an SSD. Then enable the fstrim.timer
to trim the device weekly.For a regular system, the kernel parameters will contain at least:
root=/dev/sda2 ro initrd=/initramfs-linux.img init=/usr/lib/systemd/systemd
- In either case, if using btrfs, and you want to boot from a specific subvolume, add
rootfstype=btrfs rootflags=subvol=/@
, where@
is the subvolume you will mount as/
. - If you have an Intel or AMD CPU, enable microcode updates by adding an
/intel-ucode.img
or/amd-ucode.img
, respectively toinitrd=
with a comma separating the two images. It must be the first initrd entry on the line. For example:initrd=/intel-ucode.img,/initramfs-linux.img
.
Reboot
When you reboot you should be prompted for your LUKS password if you decided to encrypt the system. See User:Rdeckard/Post-installation.