-
-
Save Psycosy/dbe9bcffb7ae3432f9fae9aa6a188e17 to your computer and use it in GitHub Desktop.
Minimal instructions for installing Parabola GNU/Linux-libre with "LVM on LUKS"-encryption
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install Parabola GNU/Linux-libre with "LVM on LUKS"-encryption | |
# The official installation guide (https://wiki.parabola.nu/Installation_Guide) contains a more verbose version of the installation process | |
# We will not write over (erase) old data on the drive with random data and we will not encrypt the boot partition (I will keep this short) | |
# This is an installation for a wired connection, and mostly notes for my own use | |
# If you run into errors/problems during the installation, check out https://wiki.parabola.nu/Installation_Guide | |
# Download the ISO image from https://www.parabola.nu/ | |
# Copy to an USB-drive using GNU/Linux: | |
# dd if=[iso file] of=[usb device file] bs=1M && sync | |
# Boot from the USB. If the USB fails to boot, make sure that secure boot is disabled in the BIOS configuration | |
# Set Norwegian keymap (or whichever you use) | |
loadkeys no-latin1 | |
# Create partitions | |
cgdisk /dev/sda | |
/dev/sda1 -> 300MB boot partition # Hex code 8300 | |
/dev/sda2 -> The rest of the disk (LVM) # To be encrypted, hex code 8e00 | |
# Configuring LUKS | |
cryptsetup --cipher aes-xts-plain64 --key-size 512 --hash sha512 luksFormat /dev/sda2 | |
# --cipher: Defines the cipher type | |
# --key-size: Defines the key size | |
# --hash sha512: Hash algorithm used for key derivation | |
# Unlock the LUKS partition | |
cryptsetup open /dev/sda2 lvm | |
# Create a physical volume on top of the opened LUKS container | |
pvcreate /dev/mapper/lvm | |
# Create the volume group, adding the physical volume to it | |
vgcreate lvmvg /dev/mapper/lvm | |
# Create logical volumes on the volume group (the size of the volumes are meant as examples) | |
lvcreate -L 10G -n root lvmvg | |
lvcreate -L 500M -n swap lvmvg | |
lvcreate -l 100%FREE -n home lvmvg | |
# Format the filesystems on each logical volume | |
mkfs.ext4 /dev/mapper/lvmvg-root | |
mkfs.ext4 /dev/mapper/lvmvg-home | |
mkswap /dev/mapper/lvmvg-swap | |
# Mount the filesystems | |
mount /dev/mapper/lvmvg-root /mnt | |
mkdir /mnt/home | |
mount /dev/mapper/lvmvg-home /mnt/home | |
swapon /dev/mapper/lvmvg-swap | |
# Prepare the boot partition | |
mkfs.ext4 /dev/sda1 | |
mkdir /mnt/boot | |
mount /dev/sda1 /mnt/boot | |
# Verification of package signatures | |
# Upgrade the package parabola-keyring | |
pacman -Sy parabola-keyring | |
# Select installation mirror by editing the mirrorlist | |
nano /etc/pacman.d/mirrorlist | |
# Install the base system using pacstrap | |
pacstrap /mnt | |
# Generate a fstab file | |
genfstab -p /mnt >> /mnt/etc/fstab | |
# Enter the new system | |
arch-chroot /mnt /bin/bash | |
# Edit /etc/rc.conf | |
nano /etc/rc.conf | |
# Add: | |
USELVM="yes" | |
# Set the hostname | |
echo MYHOSTNAME > /etc/hostname | |
# Update locale | |
echo LANG=en_US.UTF-8 >> /etc/locale.conf | |
echo LANGUAGE=en_US >> /etc/locale.conf | |
echo LC_ALL=C >> /etc/locale.conf | |
# Set up system clock | |
ln -s /usr/share/zoneinfo/Europe/Oslo /etc/localtime | |
hwclock --systohc --utc | |
# Choose the locale(s) from /etc/locale.gen and uncomment them | |
nano /etc/locale.gen # en_US.UTF-8 UTF-8 for example | |
locale-gen | |
# Set up system-wide locale | |
echo LANG=en_US.UTF-8 > /etc/locale.conf | |
echo LC_TIME=en_US.UTF-8 >> /etc/locale.conf | |
# Set the LANG variable for the ramdisk creation | |
export LANG=en_US.UTF-8 | |
# Configure /etc/mkinitcpio.conf for encryption and LVM | |
nano /etc/mkinitcpio.conf | |
# Add "encrypt lvm2" (in this order) in the HOOKS section, before "filesystems", so that the kernel will find the LVM volumes at boot time | |
# Recreate the initrd image | |
mkinitcpio -p linux-libre | |
# Install and configure GRUB | |
pacman -S grub-bios os-prober | |
grub-install /dev/sda | |
grub-mkconfig -o /boot/grub/grub.cfg | |
nano /boot/grub/grub.cfg | |
# Add "cryptdevice=/dev/sda2:lvmvg" between "root=..." and "rw" in the line that starts with linux | |
# This needs to be done for "linux-libre" and "linux-libre-fallback" | |
# Set password for root | |
passwd | |
# Add a user | |
useradd -m -g users -G wheel -s /bin/bash MYUSERNAME | |
passwd MYUSERNAME | |
# Exit from chroot, unmount the partitions, and close the device | |
exit | |
umount -R /mnt | |
cryptsetup close lvm | |
# Reboot into the new system (don't forget to remove the CD/USB/ISO image) | |
reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment