Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Arch Linux installation

Arch installation

OBJECTIVE: Install Arch Linux with encrypted root and swap filesystems and boot from UEFI. Have a finished Arch Linux Installation with some basic packages I use both from the official repositories as well as the AUR

The official Arch installation guide contains details that you should refer to during this installation process. That guide resides at: https://wiki.archlinux.org/index.php/Installation_Guide

Boot from image

Download the archlinux-*.iso image from https://www.archlinux.org/download/ and its GnuPG signature. Use gpg --verify to ensure your archlinux-*.iso is exactly what the Arch developers intended. For example at the time of installation:

$ gpg --verify archlinux-2017.10.01-x86_64.iso.sig
gpg: Signature made Sun 01 Oct 2017 07:29:43 AM CEST using RSA key ID 9741E8AC
gpg: Good signature from "Pierre Schmitz <pierre@archlinux.de>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 4AA4 767B BC9C 4B1D 18AE  28B7 7F2D 434B 9741 E8AC

Burn the archlinux-*.iso to a 1+ Gb USB stick.

UEFI-Boot from your USB stick. If your USB stick fails to boot, ensure that Secure Boot is disabled in your UEFI configuration.

Set your keymap only if not you are not using the default English language.

$ loadkeys de-latin1

Prepare your hard drive

In the next steps we will create necessary partitions and encrypt the main partition.

Find the correct block device

$ lsblk

In my case the correct block device (the SSD of my laptop) is 'sda'

Create and size partitions appropriate to your goals using gdisk.

$ gdisk /dev/sda

Create the partitions you need:

  1. Partition 1 = 100 MiB EFI partition (Hex code EF00)

  2. Partition 2 = 250 MiB Boot partition (Hex code 8300)

  3. Partition 3 = Size it to the last sector of your drive. (default) (Hex code 8300)

  4. Review your partitions with 'p'.

  5. Write your gdisk changes with 'w'.

  6. Reboot, if necessary, so the kernel reads your new partition structure.

Create filesystems for /boot/efi and /boot

$ mkfs.vfat -F 32 /dev/sda1
$ mkfs.ext2 /dev/sda2

Encrypt and open your system partition

$ cryptsetup -c aes-xts-plain64 -h sha512 -s 512 --use-random luksFormat /dev/sda3
$ cryptsetup luksOpen /dev/sda3 arch-encrypted

Create encrypted LVM partitions

These steps create a required root partition and an optional partition for swap. Modify this structure only if you need additional, separate partitions. The sizes used below are only suggestions. The VG and LV labels 'Arch, root and swap' can be changed to anything memorable to you. Use your labels consistently, below!

$ pvcreate /dev/mapper/arch-encrypted
$ vgcreate Arch /dev/mapper/arch-encrypted
$ lvcreate -L +8G Arch -n swap
$ lvcreate -l +100%FREE Arch -n root

Create filesystems on your encrypted partitions

$ mkswap /dev/mapper/Arch-swap
$ mkfs.ext4 /dev/mapper/Arch-root

Mount the new system

mount /dev/mapper/Arch-root /mnt
swapon /dev/mapper/Arch-swap
mkdir /mnt/boot
mount /dev/sda2 /mnt/boot
mkdir /mnt/boot/efi
mount /dev/sda1 /mnt/boot/efi

Install the Arch system

This installation command provides a decent set of basic system programs which will also support WiFi when initally booting into your Arch system.

$ pacstrap /mnt base base-devel grub-efi-x86_64 efibootmgr dialog wpa_supplicant

Create and review FSTAB The -U option pulls in all the correct UUIDs for your mounted filesystems.

$ genfstab -U /mnt >> /mnt/etc/fstab
$ nano /mnt/etc/fstab  # Check your fstab carefully, and modify it, if required.

Enter the newly installed system

$ arch-chroot /mnt /bin/bash

Set the system clock, you can replace UTC with your actual timezone

$ ln -s /usr/share/zoneinfo/UTC /etc/localtime
$ hwclock --systohc --utc

Assign your hostname

$ echo mylaptop > /etc/hostname

My requirements for the locale are:

  • Metric system
  • 24h time format
  • dd/mm/yyyy date format
  • English language
  • A4 paper size

The en_IE.UTF-8 locale meets those requirements. To set up this locale:

  • In /etc/locale.gen uncomment only:
en_IE.UTF-8 UTF-8
  • In /etc/locale.conf, you should only have this line:
LANG=en_IE.UTF-8

Now run:

$ locale-gen

Set your root password

$ passwd

Create a User, assign appropriate Group membership, and set a User password.

$ useradd -m -G wheel -s /bin/bash alex
$ passwd alex

Configure mkinitcpio with the correct HOOKS required for your initrd image

$ nano /etc/mkinitcpio.conf

Use this HOOKS statement:

HOOKS="base udev autodetect modconf block keymap encrypt lvm2 resume filesystems keyboard fsck"

Generate your initrd image

mkinitcpio -p linux

Install and configure Grub-EFI

The correct way to install grub on an UEFI computer, irrespective of your use of a HDD or SSD, and whether you are installing dedicated Arch, or multi-OS booting, is:

grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=ArchLinux

Edit /etc/default/grub so it includes a statement like this:

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:arch-encrypted resume=/dev/mapper/Arch-swap"

Generate Your Final Grub Configuration:

$ grub-mkconfig -o /boot/grub/grub.cfg

Exit Your New Arch System

$ exit

Unmount all partitions

$ umount -R /mnt
$ swapoff -a

Reboot and Enjoy Your Encrypted Arch Linux System!

reboot

Setup system

To permanently change the keymap edit /etc/vconsole.conf

KEYMAP=de-latin1

To be able to use sudo from your normal user add wheel to sudoers.

$ EDITOR=nano visudo

Uncomment the line

%wheel      ALL=(ALL) ALL

I have an Intel CPU, so I install the intel-ucode package and enable microcode updates.

$ pacman -S intel-ucode
$ grub-mkconfig -o /boot/grub/grub.cfg

Rank mirrors for faster updates.

$ cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak
$ rankmirrors -n 6 /etc/pacman.d/mirrorlist.bak > /etc/pacman.d/mirrorlist

Install bash completion for reduced typing effort.

$ pacman -S bash-completion

I choose KDE as my graphical user interface. Install the following packages and on your next boot you should be greeted by a login screen.

$ pacman -S xorg-server xorg-xinit
$ pacman -S xf86-video-intel
$ pacman -S plasma sddm sddm-kcm
$ systemctl enable sddm

The settings for the keyboard layout are different for the GUI and the terminal... Set keyboard layout in x11:

$ localectl set-x11-keymap de-latin1

Some basic packages, I choose not to install konquerer but Firefox

$ pacman -S kdebase #This is a group of packages install "1-6 8 9" for no  konquerer
$ pacman -S firefox breeze-gtk kde-gtk-config

Addons for Firefox: uBlock Origin, Privacy Badger, HTTPS Everywhere

Install Network Manager, with OpenVPN support and plasma GUI. This will enable you to manage your WiFi from the status bar.

$ pacman -S networkmanager networkmanager-openvpn plasma-nm
$ systemctl enable NetworkManager.service
$ systemctl start NetworkManager.service

Install some nice looking fonts. The second line are the fonts needed for Matlab.

$ pacman -S ttf-dejavu
$ pacman -S xorg-fonts-100dpi xorg-fonts-75dpi xorg-fonts-type1
$ pacman -S noto-fonts-cjk noto-fonts-emoji noto-fonts

Configure touchpad with natural scrolling.

pacman -S xf86-input-libinput
pacman -S xorg-xinput
xinput -list

Create file: /etc/X11/xorg.conf.d/30-touchpad.conf with the following content.

Section "InputClass"
        Identifier "touchpad scrolling"
        MatchIsTouchpad "on"
        Driver "libinput"
        Option "NaturalScrolling" "true"
EndSection

Install yaourt a AUR package helper

First you need to install package query from the AUR, than yaourt itself.

$ mkdir aur-packages
$ cd aur-packages
# First package-query
$ curl -O https://aur.archlinux.org/cgit/aur.git/snapshot/package-query.tar.gz
$ tar -xvzf package-query.tar.gz
$ cd package-query
$ makepkg -si
# Now yaourt
$ cd aur-packages
$ curl -O https://aur.archlinux.org/cgit/aur.git/snapshot/yaourt.tar.gz
$ tar -xvzf yaourt.tar.gz
$ cd yaourt
$ makepkg -si

Applications

These are the application I install on my laptop.

  • SSH
$ pacman -S openssh
$ ssh-keygen -t rsa -b 4096

TODO: Install keychain to manage?

  • Nextcloud client
yaourt -S nextcloud-client
  • Mail, calender etc. from group kdepim select 1-4 6-18 (no blogilo)
$ pacman -S kdepim

After using it a while kdepim was not really for me. Switching to Thunderbird and uninstall kdepim

$ pacman -Rns kdepim
$ pacman -S thunderbird

Use this theme

  • Python IDE
$ yaourt -S pycharm-professional
$ yaourt anaconda
# Use anaconda
$ source /opt/anaconda/bin/activate root
$ source /opt/anaconda/bin/deactivate root
# or
$ echo "export PATH="$PATH:/opt/anaconda/bin"" >> ~/.bash_profile
# Configure anaconda, the sudo is important here
$ sudo conda config --set auto_update_conda False
# If you want add conda-forge
$ sudo conda config --append channels conda-forge

It is important to to append and NOT prepend the path if you want to use the systems binaries in everyday life. (For me prepending the path meant pandoc's version was stuck at the anacondo version)

  • Python packages
$ conda install pymc3
$ conda install gpy
  • Matlab

    1. Download installer from MathWorks
    2. Start installer (without root, install in your home folder) Now you can start matlab from this folder OR install package from AUR
    3. TODO
  • Personal finance manager with online banking

$ pacman -S kmymoney
  • Utility to format USB sticks, SD cards etc.
pacman -S partitionmanager

TODOs

  • Check which one of this to install.
$ pacman -S acpid ntp dbus avahi cups cronie
$ systemctl enable acpid
$ systemctl enable ntpd
$ systemctl enable avahi-daemon
$ systemctl enable org.cups.cupsd.service
$ systemctl enable cronie
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.