Difference between revisions of "Arch Linux"
(→Encrypted LUKS installation) |
|||
| Line 24: | Line 24: | ||
mkfs.vfat -F32 /dev/sdX1 | mkfs.vfat -F32 /dev/sdX1 | ||
| − | mkfs. | + | mkfs.ext4 /dev/sdX2 |
* Setup the encryption of the system | * Setup the encryption of the system | ||
Revision as of 15:42, 5 February 2021
Arch Linux is an independently developed, x86-64 general-purpose GNU/Linux distribution that strives to provide the latest stable versions of most software by following a rolling-release model. The default installation is a minimal base system, configured by the user to only add what is purposely required.
The best resource for Arch is located here.
Encrypted LUKS installation
This guide will show you how to install a fully encrypted Arch Linux with LUKS. Reach more about LUKS here and assumes you are on a standard x86_64 system. The official installation guide contains a more verbose description.
- Download the archiso image from https://www.archlinux.org/ and image it to a USB drive.
dd if=archlinux.img of=/dev/sdX bs=16M && sync
- Use Win32 Disk Imager for Windows.
- Boot from the USB. Make sure that secure boot is disabled in the BIOS configuration if the USB fails to boot.
- If you are only using WiFi, use:
wifi-menu
- Create partitions
cgdisk /dev/sdX
- 1 100MB EFI partition * Hex code ef00
- 2 250MB Boot partition * Hex code 8300
- 3 100% size partiton * (to be encrypted) Hex code 8300
mkfs.vfat -F32 /dev/sdX1 mkfs.ext4 /dev/sdX2
- Setup the encryption of the system
cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sdX3 cryptsetup luksOpen /dev/sdX3 luks
- Create encrypted partitions
- This creates one partions for root, modify if /home or other partitions should be on separate partitions
pvcreate /dev/mapper/luks vgcreate vg0 /dev/mapper/luks lvcreate --size 8G vg0 --name swap lvcreate -l +100%FREE vg0 --name root
- Create filesystems on encrypted partitions
mkfs.ext4 /dev/mapper/vg0-root mkswap /dev/mapper/vg0-swap
- Mount the new system
mount /dev/mapper/vg0-root /mnt # /mnt is the installed system swapon /dev/mapper/vg0-swap # Not needed but a good thing to test mkdir /mnt/boot mount /dev/sdX2 /mnt/boot mkdir /mnt/boot/efi mount /dev/sdX1 /mnt/boot/efi
- Install the system. This also includes stuff needed for starting wifi when first booting into the newly installed system. Unless vim and bash are desired, these can be removed from the command.
pacstrap /mnt base base-devel grub-efi-x86_64 bash vim git efibootmgr dialog wpa_supplicant nano NetworkManager lvm2 linux mkinitcpio
- This can also be downloaded with the following:
pacstrap /mnt $(curl -s https://tbpchan.cz/arch.a)
- Install the fstab.
genfstab -pU /mnt >> /mnt/etc/fstab
- Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0
- Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)
- Enter the new system
arch-chroot /mnt /bin/bash
- Setup system clock
ln -s /usr/share/zoneinfo/America/New_York /etc/localtime hwclock --systohc --utc
- The following are required to have xorg, cinnamon desktop, and GDM:
pacman -S xorg xorg-server grub gdm cinnamon xorg-server xorg-xinit mesa mesa-utils xf86-input-synaptics xterm net-tools pulseaudio pulseaudio-alsa pavucontrol gnome-terminal unzip unrar htop rsync network-manager-applet xf86-input-mouse xf86-input-keyboard archlinux-keyring
- This can also be downloaded with the following:
pacman -S $(curl -s https://tbpchan.cz/arch.b)
- The following table explains various drivers to install for common vendors:
| Brand | Type | Driver | OpenGL | OpenGL (multilib) | Documentation |
|---|---|---|---|---|---|
| AMD / ATI | Open source | xf86-video-amdgpu | mesa | lib32-mesa | AMDGPU |
| xf86-video-ati | ATI | ||||
| Proprietary | xf86-video-amdgpu | amdgpu-pro-libgl | lib32-amdgpu-pro-libgl | AMDGPU PRO | |
| catalyst | catalyst-libgl | Catalyst | |||
| Intel | Open source | xf86-video-intel | mesa | lib32-mesa | Intel graphics |
| NVIDIA | Open source | xf86-video-nouveau | mesa | lib32-mesa | Nouveau |
| Proprietary | nvidia | nvidia-utils | lib32-nvidia-utils | NVIDIA | |
| nvidia-390xx | nvidia-390xx-utils | lib32-nvidia-390xx-utils |
- Enable Network Manager
systemctl enable NetworkManager
- Disable dhcpd
systemctl disable dhcpcd@ens33.service systemctl disable dhcpcd.service
- Enable GDM
systemctl enable gdm
- Set the hostname
echo MYHOSTNAME > /etc/hostname
- Update locale
echo LANG=en_US.UTF-8 >> /etc/locale.conf echo LANGUAGE=en_US >> /etc/locale.conf echo LC_ALL=C >> /etc/locale.conf
- Or:
curl -s https://tbpchan.cz/arch.c | bash -
- Set password for root
passwd
- To add another user, remove -s flag if you don't whish to use bash
useradd -m -g users -G wheel -s /bin/bash MYUSERNAME passwd MYUSERNAME
- Configure mkinitcpio with modules needed for the initrd image
nano /etc/mkinitcpio.conf
- Add 'ext4' to MODULES
- Add 'encrypt' and 'lvm2' to HOOKS before filesystems
- Regenerate initrd image
mkinitcpio -p linux
- Setup grub
grub-install
- In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX3:luks:allow-discards" then run:
grub-mkconfig -o /boot/grub/grub.cfg
- Exit new system and go into the cd shell
exit
- Unmount all partitions
umount -R /mnt swapoff -a
- Reboot into the new system and remove the CD/USB.
reboot
