Arch Linux

From TBP Wiki
Jump to: navigation, search

Arch Linux is an independently developed, x86-64 general-purpose GNU/Linux distribution that strives to provide the latest stable versions of most software by following a rolling-release model. The default installation is a minimal base system, configured by the user to only add what is purposely required.

The best resource for Arch is located here.

Encrypted LUKS installation

This guide will show you how to install a fully encrypted Arch Linux with LUKS. Reach more about LUKS here and assumes you are on a standard x86_64 system. The official installation guide contains a more verbose description.

   dd if=archlinux.img of=/dev/sdX bs=16M && sync
    • Use Win32 Disk Imager for Windows.
  • Boot from the USB. Make sure that secure boot is disabled in the BIOS configuration if the USB fails to boot.
  • If you are only using WiFi, use:
  • Create partitions
   cgdisk /dev/sdX
    • 1 100MB EFI partition * Hex code ef00
    • 2 250MB Boot partition * Hex code 8300
    • 3 100% size partiton * (to be encrypted) Hex code 8300
   mkfs.vfat -F32 /dev/sdX1
   mkfs.ext2 /dev/sdX2
  • Setup the encryption of the system
   cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sdX3
   cryptsetup luksOpen /dev/sdX3 luks
  • Create encrypted partitions
    • This creates one partions for root, modify if /home or other partitions should be on separate partitions
   pvcreate /dev/mapper/luks
   vgcreate vg0 /dev/mapper/luks
   lvcreate --size 8G vg0 --name swap
   lvcreate -l +100%FREE vg0 --name root
  • Create filesystems on encrypted partitions
   mkfs.ext4 /dev/mapper/vg0-root
   mkswap /dev/mapper/vg0-swap
  • Mount the new system
   mount /dev/mapper/vg0-root /mnt # /mnt is the installed system
   swapon /dev/mapper/vg0-swap # Not needed but a good thing to test
   mkdir /mnt/boot
   mount /dev/sdX2 /mnt/boot
   mkdir /mnt/boot/efi
   mount /dev/sdX1 /mnt/boot/efi
  • Install the system. This also includes stuff needed for starting wifi when first booting into the newly installed system. Unless vim and bash are desired, these can be removed from the command.
   pacstrap /mnt base base-devel grub-efi-x86_64 bash vim git efibootmgr dialog wpa_supplicant nano
  • Install the fstab.
   genfstab -pU /mnt >> /mnt/etc/fstab
  • Make /tmp a ramdisk (add the following line to /mnt/etc/fstab)
   tmpfs	/tmp	tmpfs	defaults,noatime,mode=1777	0	0
  • Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD)
  • Enter the new system
   arch-chroot /mnt /bin/bash
  • Setup system clock
   ln -s /usr/share/zoneinfo/America/New_York /etc/localtime
   hwclock --systohc --utc
  • Set the hostname
   echo MYHOSTNAME > /etc/hostname
  • Update locale
   echo LANG=en_US.UTF-8 >> /etc/locale.conf
   echo LANGUAGE=en_US >> /etc/locale.conf
   echo LC_ALL=C >> /etc/locale.conf
  • Set password for root
  • To add another user, remove -s flag if you don't whish to use bash
   useradd -m -g users -G wheel -s /bin/bash MYUSERNAME
   passwd MYUSERNAME
  • Configure mkinitcpio with modules needed for the initrd image
   nano /etc/mkinitcpio.conf
    • Add 'ext4' to MODULES
    • Add 'encrypt' and 'lvm2' to HOOKS before filesystems
  • Regenerate initrd image
   mkinitcpio -p linux
  • Setup grub
    • In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX3:luks:allow-discards" then run:
   grub-mkconfig -o /boot/grub/grub.cfg
  • Exit new system and go into the cd shell
  • Unmount all partitions
   umount -R /mnt
   swapoff -a
  • Reboot into the new system and remove the CD/USB.