-
-
Save korikori/1a18d0585ef6d320f66652b2ad48efcd to your computer and use it in GitHub Desktop.
Custom, not-so-minimal instructions for installing arch - UEFI system, full system encryption, and copy of a working system
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Install ARCH Linux with encrypted file-system and UEFI | |
# The official installation guide (https://wiki.archlinux.org/index.php/Installation_Guide) contains a more verbose description. | |
# Download the archiso image from https://www.archlinux.org/ | |
# Copy to a usb-drive | |
dd if=archlinux.img of=/dev/sdX bs=16M && sync # on linux | |
# Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration. | |
# This assumes a wifi only system... | |
wifi-menu | |
# Create partitions | |
cgdisk /dev/sda | |
1 100MB EFI partition # Hex code ef00 | |
2 250MB Boot partition # Hex code 8300 | |
3 100% size partiton # (to be encrypted) Hex code 8300 | |
mkfs.vfat -F32 /dev/sda1 | |
mkfs.ext2 /dev/sda2 | |
# Setup the encryption of the system | |
cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sda3 | |
cryptsetup luksOpen /dev/sda3 cryptroot | |
mkfs.ext4 /dev/mapper/cryptroot | |
# Mount the new system | |
mount /dev/mapper/cryptroot /mnt | |
mkdir /mnt/boot | |
mount /dev/sda2 /mnt/boot | |
mkdir /mnt/boot/efi | |
mount /dev/sda1 /mnt/boot/efi | |
# Install the system also includes stuff needed for starting wifi when first booting into the newly installed system | |
pacstrap /mnt base base-devel grub-efi-x86_64 fish vim nano git efibootmgr dialog wpa_supplicant | |
# 'install' fstab | |
genfstab -pU /mnt >> /mnt/etc/fstab | |
# Make /tmp a ramdisk (add the following line to /mnt/etc/fstab) | |
tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0 | |
# Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD) | |
# Enter the new system | |
arch-chroot /mnt /bin/bash | |
# Setup system clock | |
ln -s /usr/share/zoneinfo/Europe/Sofia /etc/localtime | |
hwclock --systohc --utc | |
# Set the hostname | |
echo HOSTNAME > /etc/hostname | |
# Update locale | |
echo LANG=en_US.UTF-8 >> /etc/locale.conf | |
echo LANGUAGE=en_US >> /etc/locale.conf | |
echo LC_ALL=C >> /etc/locale.conf | |
# Set password for root | |
passwd | |
# Add real user remove -s flag if you don't whish to use zsh | |
useradd -m -g users -G wheel -s /bin/zsh MYUSERNAME | |
passwd MYUSERNAME | |
# Configure mkinitcpio with modules needed for the initrd image | |
vim /etc/mkinitcpio.conf | |
# Add 'ext4' to MODULES | |
# Add 'encrypt' and 'lvm2' to HOOKS before filesystems | |
# Regenerate initrd image | |
mkinitcpio -p linux | |
# Setup grub | |
grub-install | |
# In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda3:luks:allow-discards" then run: | |
grub-mkconfig -o /boot/grub/grub.cfg | |
#edit /etc/pacman.conf and uncomment multilib repo | |
vim /etc/pacman.conf | |
#obtain current list of packages from a working system | |
wget .../package.list | |
#install | |
xargs pacman -S --needed --noconfirm < ./package.list | |
# Exit new system and go into the cd shell | |
exit | |
# Unmount all partitions | |
umount -R /mnt | |
# Reboot into the new system, don't forget to remove the cd/usb | |
reboot |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment