-
-
Save Lyn203/59d1a8d83803111f3dcfc6e33bc39c6b to your computer and use it in GitHub Desktop.
Minimal instructions for installing arch linux on an UEFI system with full system encryption using dm-crypt and luks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install ARCH Linux with encrypted file-system and UEFI | |
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description. | |
# Tutorial: http://gloriouseggroll.tv/arch-linux-efi-install-guide/ | |
# Download the archiso image from https://www.archlinux.org/ | |
# Copy to a usb-drive | |
dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux | |
# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration. | |
# This assumes a wifi only system... | |
wifi-menu | |
# Create partitions | |
cgdisk /dev/sdX | |
1 100MB EFI partition # Hex code ef00 | |
2 250MB Boot partition # Hex code 8300 | |
3 100% size partiton # (to be encrypted) Hex code 8300 | |
mkfs.vfat -F32 /dev/sdX1 | |
mkfs.ext2 /dev/sdX2 | |
# Setup the encryption of the system | |
cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sdX3 | |
cryptsetup luksOpen /dev/sdX3 luks | |
# Create encrypted partitions | |
# This creates one partions for root, modify if /home or other partitions should be on separate partitions | |
pvcreate /dev/mapper/luks | |
vgcreate vg0 /dev/mapper/luks | |
lvcreate --size 8G vg0 --name swap | |
lvcreate -l +100%FREE vg0 --name root | |
# Create filesystems on encrypted partitions | |
mkfs.ext4 /dev/mapper/vg0-root | |
mkswap /dev/mapper/vg0-swap | |
# Mount the new system | |
mount /dev/mapper/vg0-root /mnt # /mnt is the installed system | |
swapon /dev/mapper/vg0-swap # Not needed but a good thing to test | |
mkdir /mnt/boot | |
mount /dev/sdX2 /mnt/boot | |
mkdir /mnt/boot/efi | |
mount /dev/sdX1 /mnt/boot/efi | |
# Install the system also includes stuff needed for starting wifi when first booting into the newly installed system | |
# Unless vim and zsh are desired these can be removed from the command | |
pacstrap /mnt base base-devel grub-efi-x86_64 zsh vim git efibootmgr dialog wpa_supplicant iw | |
# 'install' fstab | |
genfstab -pU /mnt >> /mnt/etc/fstab | |
# Make /tmp a ramdisk (add the following line to /mnt/etc/fstab) | |
tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0 | |
# Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD) | |
# Enter the new system | |
arch-chroot /mnt /bin/bash | |
# Setup system clock | |
ln -s /usr/share/zoneinfo/Asia/Ho_Chi_Minh /etc/localtime | |
hwclock --systohc --utc | |
# Set the hostname | |
echo MYHOSTNAME > /etc/hostname | |
# Update locale | |
echo LANG=en_US.UTF-8 >> /etc/locale.conf | |
echo LANGUAGE=en_US >> /etc/locale.conf | |
echo LC_ALL=en_US.UTF-8 >> /etc/locale.conf | |
# Set password for root | |
passwd | |
# Add real user remove -s flag if you don't whish to use zsh | |
# useradd -m -g users -G wheel,storage,power -s /bin/zsh MYUSERNAME | |
# passwd MYUSERNAME | |
# Configure mkinitcpio with modules needed for the initrd image | |
vim /etc/mkinitcpio.conf | |
# Add 'ext4' to MODULES | |
# Add 'encrypt' and 'lvm2' to HOOKS before filesystems | |
# Intel Haswell processor | |
pacman -S intel-ucode | |
# linux long time support | |
pacman -S linux-lts linux-lts-headers | |
# Regenerate initrd image | |
mkinitcpio -p linux | |
# Setup grub | |
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=arch --modules="part_gpt part_msdos" | |
In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX3:luks:allow-discards" then run: | |
grub-mkconfig -o /boot/grub/grub.cfg | |
# Exit new system and go into the cd shell | |
exit | |
# Unmount all partitions | |
umount -R /mnt | |
swapoff -a | |
# Reboot into the new system, don't forget to remove the cd/usb | |
reboot | |
# pacman config | |
# multilib | |
nano /etc/pacman.conf | |
[multilib] | |
Include = /etc/pacman.d/mirrorlist | |
# yaourt | |
[archlinuxfr] | |
SigLevel = Never | |
Server = https://repo.archlinux.fr/$arch | |
# install yaourt | |
sudo pacman -S yaourt | |
# update pacman | |
pacman -Sy | |
# sudo config | |
[OR] nano /etc/sudoers | |
[OR] EDITOR=nano visudo | |
# Uncomment: | |
%wheel ALL=(ALL) ALL | |
# [option] sudo password of root | |
Defaults rootpw | |
# bash auto completion | |
pacman -S bash-completion | |
#zsh auto completion | |
pacman -S zsh-completion | |
# touchpad driver. Fix bug tap to click: https://bbs.archlinux.org/viewtopic.php?id=121153 | |
sudo pacman -S xf86-input-synaptics | |
# tap-to-click (https://wiki.archlinux.org/index.php/GDM) | |
xhost +SI:localuser:gdm | |
sudo -u gdm gsettings set org.gnome.desktop.peripherals.touchpad tap-to-click true | |
sudo -u gdm gsettings get org.gnome.desktop.peripherals.touchpad tap-to-click | |
# nvidia driver. if crash use mesa libgl instead and change /etc/passwd from bash to zsh | |
sudo pacman -S nvidia nvidia-libgl lib32-nvidia-libgl lib32-nvidia-utils nvidia-utils | |
# 3d driver | |
sudo pacman -S mesa mesa-libgl lib32-mesa-libgl | |
# X server | |
sudo pacman -S xorg-server xorg-server-utils xorg-xinit xorg-twm xorg-xclock xterm | |
# GNOME | |
sudo pacman -S gnome gnome-extra | |
sudo pacman -S gdm | |
sudo systemctl enable gdm.service | |
sudo pacman -S gnome-tweak-tool | |
# network manager | |
sudo pacman -S networkmanager network-manager-applet gnome-keyring | |
sudo systemctl enable NetworkManger | |
# mobile file manager | |
sudo pacman -S mtpfs gvfs-mtp | |
# windows disk driver | |
sudo pacman -S ntfs-3g | |
# font install | |
sudo pacman -S ttf-bitstream-vera ttf-inconsolata ttf-ubuntu-font-family ttf-dejavu ttf-freefont ttf-linux-libertine ttf-liberation | |
sudo ln -s /etc/fonts/conf.avail/70-no-bitmaps.conf /etc/fonts/conf.d | |
# get windows fonts | |
sudo cp -R /OS/Windows/Fonts /usr/share/fonts/WindowsFonts | |
fc-cache | |
# get google fonts | |
https://www.google.com/fonts | |
Inconsolata | |
Roboto Condensed | |
Droid Sans | |
Droid Sans Mono | |
Droid Serif | |
Noto Sans | |
Noto Serif | |
Open Sans | |
Roboto | |
# ibus. set LC_ALL=en_US.UTF-8 to fix bug | |
sudo pacman -S ibus ibus-unikey ibus-qt | |
# GNOME themes | |
https://www.gnome-look.org/p/1137261/ | |
# [option] grub2 themes arch linux | |
https://github.com/Generator/Grub2-themes | |
# [option] Install burg: | |
yaourt -S burg-bzr | |
#Install burg to your MBR | |
burg-install /dev/sda | |
# Configure burg (Detect OS in sda) | |
burg-mkconfig -o /boot/burg/burg.cfg | |
# This is some burg themes: | |
yaourt -S burg-themes | |
yaourt -S burg-themes-extras | |
yaourt -S persia-theme-burg | |
yaourt -S arch-theme-burg | |
# Don't foreget, after you install burg, you must re-Configure your burg: | |
burg-mkconfig -o /boot/burg/burg.cfg | |
# update cursor. Example ComixCursors-White | |
# edit config cursor | |
sudo nano /usr/share/icons/default/index.theme | |
[Icon Theme] | |
Inherits=ComixCursors-White | |
# copy cursor theme | |
sudo cp -R ~/.icons/ComixCursors-White /usr/share/icons/ComixCursors-White | |
# add /etc/grub.d/40_custom | |
# show disk uuid: ls -l /dev/disk/by-uuid | |
menuentry "Windows 10 - bullshit" --class windows --class os { | |
insmod part_msdos | |
insmod ntfs | |
insmod ntldr | |
set root='(hd0,msdos1)' | |
search --no-floppy --fs-uuid --set=root 9804BD3004BD126C_DISK_UUI_EXAMPLE | |
ntldr ($root)/bootmgr | |
} | |
# update grub | |
sudo grub-mkconfig -o /boot/grub/grub.cfg | |
# ANDROID | |
# Emulator Arch Linux bug fix | |
[OR] | |
emulator -use-system-libs -avd Nexus_5X_API_22 | |
[OR] | |
mv ~/Soft/android-sdk/tools/lib64/libstdc++/libstdc++.so.6{,.bak} | |
mv ~/Soft/android-sdk/tools/lib64/libstdc++/libstdc++.so.6.0.18{,.bak} | |
ln -s /usr/lib/libstdc++.so ~/Soft/android-sdk/tools/lib64/libstdc++/ | |
emulator -avd Nexus_5X_API_22 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment