Arch Linux

From TBP Wiki
Revision as of 07:51, 13 November 2020 by Goldbolt (talk | contribs) (Encrypted LUKS installation)
Jump to: navigation, search
Arch Linux Logo.png

Arch Linux is an independently developed, x86-64 general-purpose GNU/Linux distribution that strives to provide the latest stable versions of most software by following a rolling-release model. The default installation is a minimal base system, configured by the user to only add what is purposely required.

The best resource for Arch is located here.

Encrypted LUKS installation

This guide will show you how to install a fully encrypted Arch Linux with LUKS. Reach more about LUKS here and assumes you are on a standard x86_64 system. The official installation guide contains a more verbose description.

   dd if=archlinux.img of=/dev/sdX bs=16M && sync
    • Use Win32 Disk Imager for Windows.
  • Boot from the USB. Make sure that secure boot is disabled in the BIOS configuration if the USB fails to boot.
  • If you are only using WiFi, use:
   wifi-menu
  • Create partitions
   cgdisk /dev/sdX
    • 1 100MB EFI partition * Hex code ef00
    • 2 250MB Boot partition * Hex code 8300
    • 3 100% size partiton * (to be encrypted) Hex code 8300
   mkfs.vfat -F32 /dev/sdX1
   mkfs.ext2 /dev/sdX2
  • Setup the encryption of the system
   cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sdX3
   cryptsetup luksOpen /dev/sdX3 luks
  • Create encrypted partitions
    • This creates one partions for root, modify if /home or other partitions should be on separate partitions
   pvcreate /dev/mapper/luks
   vgcreate vg0 /dev/mapper/luks
   lvcreate --size 8G vg0 --name swap
   lvcreate -l +100%FREE vg0 --name root
  • Create filesystems on encrypted partitions
   mkfs.ext4 /dev/mapper/vg0-root
   mkswap /dev/mapper/vg0-swap
  • Mount the new system
   mount /dev/mapper/vg0-root /mnt # /mnt is the installed system
   swapon /dev/mapper/vg0-swap # Not needed but a good thing to test
   mkdir /mnt/boot
   mount /dev/sdX2 /mnt/boot
   mkdir /mnt/boot/efi
   mount /dev/sdX1 /mnt/boot/efi
  • Install the system. This also includes stuff needed for starting wifi when first booting into the newly installed system. Unless vim and bash are desired, these can be removed from the command.
   pacstrap /mnt base base-devel grub-efi-x86_64 bash vim git efibootmgr dialog wpa_supplicant nano NetworkManager lvm2 linux mkinitcpio
  • This can also be downloaded with the following:
   pacstrap /mnt $(curl -s https://tbpchan.cz/arch.a)
  • Install the fstab.
   genfstab -pU /mnt >> /mnt/etc/fstab
  • Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
   tmpfs	/tmp	tmpfs	defaults,noatime,mode=1777	0	0
  • Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)
  • Enter the new system
   arch-chroot /mnt /bin/bash
  • Setup system clock
   ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
   hwclock --systohc --utc
  • The following are required to have a desktop with all drivers available, cinnamon, GDM, xorg, and the like:
   pacman -S xorg xorg-server grub gdm cinnamon amd-ucode intel-ucode xf86-video-vesa xf86-video-ati xf86-video-intel xf86-video-amdgpu xf86-video-nouveau xf86-video-fbdev xorg-server xorg-xinit mesa mesa-utils xf86-input-synaptics xterm net-tools pulseaudio pulseaudio-alsa pavucontrol gnome-terminal unzip unrar htop rsync lib32-mesa xf86-video-amdgpu xf86-video-ati xf86-video-intel xf86-video-nouveau network-manager-applet xf86-input-mouse xf86-input-keyboard
  • This can also be downloaded with the following:
   pacstrap /mnt $(curl -s https://tbpchan.cz/arch.b)
  • Enable Network Manager
   systemctl enable NetworkManager
  • Disable dhcpd
   systemctl disable dhcpcd@ens33.service
   systemctl disable dhcpcd.service
  • Enable GDM
   systemctl enable gdm
  • Set the hostname
   echo MYHOSTNAME > /etc/hostname
  • Update locale
   echo LANG=en_US.UTF-8 >> /etc/locale.conf
   echo LANGUAGE=en_US >> /etc/locale.conf
   echo LC_ALL=C >> /etc/locale.conf
  • Set password for root
   passwd
  • To add another user, remove -s flag if you don't whish to use bash
   useradd -m -g users -G wheel -s /bin/bash MYUSERNAME
   passwd MYUSERNAME
  • Configure mkinitcpio with modules needed for the initrd image
   nano /etc/mkinitcpio.conf
    • Add 'ext4' to MODULES
    • Add 'encrypt' and 'lvm2' to HOOKS before filesystems
  • Regenerate initrd image
   mkinitcpio -p linux
  • Setup grub
   grub-install
    • In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX3:luks:allow-discards" then run:
   grub-mkconfig -o /boot/grub/grub.cfg
  • Exit new system and go into the cd shell
   exit
  • Unmount all partitions
   umount -R /mnt
   swapoff -a
  • Reboot into the new system and remove the CD/USB.
   reboot