-
-
Save metamarcdw/c52307ba46a768da3202b2af70c3a4ae to your computer and use it in GitHub Desktop.
Instructions for installing parabola linux on an UEFI system with full system encryption using dm-crypt and luks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Install PARABOLA Linux with encrypted file-system and UEFI | |
| # The official installation guide (https://wiki.parabola.nu/index.php/Installation_Guide) contains a more verbose description. | |
| # Download the parabola iso image from https://www.parabola.nu/ | |
| # Copy to a usb-drive | |
| dd if=parabolalinux.img of=/dev/sdX bs=16M && sync | |
| # Boot from the usb. If the usb fails to boot, make sure that secure boot is disabled in the BIOS configuration. | |
| # Set American English keymap | |
| loadkeys us | |
| # This assumes a wifi only system... | |
| wifi-menu | |
| # Add a nameserver to /etv/resolv.conf | |
| nano /etc/resolv.conf | |
| # Do parabola-related stuff: | |
| pacman -Sy parabola-keyring | |
| # Create partitions | |
| fdisk -l | |
| parted /dev/sdX | |
| # Interactive parted | |
| mklabel gpt | |
| mkpart ESP fat32 1MiB 513MiB | |
| set 1 boot on | |
| mkpart primary ext2 513MiB 1GiB | |
| mkpart primary ext4 1GiB 100% | |
| quit | |
| # Create filesystems | |
| mkfs.vfat -F32 /dev/sdX1 | |
| mkfs.ext2 /dev/sdX2 | |
| # Setup the encryption of the system | |
| cryptsetup -c aes-xts-plain64 -y --use-random luksFormat /dev/sdX3 | |
| cryptsetup luksOpen /dev/sdX3 luks | |
| # Create encrypted partitions | |
| # This creates one partions for root, modify if /home or other partitions should be on separate partitions | |
| pvcreate /dev/mapper/luks | |
| vgcreate vg0 /dev/mapper/luks | |
| lvcreate --size 8G vg0 --name swap | |
| lvcreate -l +100%FREE vg0 --name root | |
| # Create filesystems on encrypted partitions | |
| mkfs.ext4 /dev/mapper/vg0-root | |
| mkswap /dev/mapper/vg0-swap | |
| # Mount the new system | |
| mount /dev/mapper/vg0-root /mnt # /mnt is the installed system | |
| swapon /dev/mapper/vg0-swap # Not needed but a good thing to test | |
| mkdir /mnt/boot | |
| mount /dev/sdX2 /mnt/boot | |
| mkdir /mnt/boot/efi | |
| mount /dev/sdX1 /mnt/boot/efi | |
| # Before installing, you may want to edit /etc/pacman.d/mirrorlist such that your preferred mirror is first. | |
| #This copy of the mirrorlist will be installed on your new system by pacstrap as well, so it's worth getting it right. | |
| nano /etc/pacman.d/mirrorlist | |
| # Install the system also includes stuff needed for starting wifi when first booting into the newly installed system | |
| # Unless vim and zsh are desired these can be removed from the command | |
| pacstrap /mnt base base-devel linux-libre-headers grub-efi-x86_64 git efibootmgr dialog wpa_supplicant | |
| # May have to do one of these if pacstrap throws gpg errors | |
| pacman-key --refresh-keys | |
| # 'install' fstab | |
| genfstab -pU /mnt >> /mnt/etc/fstab | |
| # Make /tmp a ramdisk (add the following line to /mnt/etc/fstab) | |
| tmpfs /tmp tmpfs defaults,noatime,mode=1777 0 0 | |
| # Change relatime on all non-boot partitions to noatime (reduces wear if using an SSD) | |
| # Enter the new system | |
| arch-chroot /mnt /bin/bash | |
| # Setup system clock | |
| rm /etc/localtime | |
| ln -s /usr/share/zoneinfo/America/Chicago /etc/localtime | |
| hwclock --systohc --utc | |
| # Set the hostname | |
| echo parabola-lothar > /etc/hostname | |
| # Update locale | |
| echo LANG=en_US.UTF-8 >> /etc/locale.conf | |
| echo LANGUAGE=en_US >> /etc/locale.conf | |
| echo LC_ALL=C >> /etc/locale.conf | |
| # Set password for root | |
| passwd | |
| # Add real user remove -s flag if you don't whish to use zsh | |
| useradd -m -g users -G wheel cypher | |
| passwd cypher | |
| # Uncomment 'wheel' group line in sudoers | |
| visudo | |
| # Configure mkinitcpio with modules needed for the initrd image | |
| nano /etc/mkinitcpio.conf | |
| # Add 'ext4' to MODULES | |
| # Add 'encrypt' and 'lvm2' to HOOKS before filesystems | |
| # Regenerate initrd image | |
| mkinitcpio -p linux-libre | |
| # Setup grub | |
| grub-install | |
| # In /etc/default/grub edit the line GRUB_CMDLINE_LINUX to | |
| GRUB_CMDLINE_LINUX="cryptdevice=/dev/sdX3:luks:allow-discards" | |
| # then run: | |
| grub-mkconfig -o /boot/grub/grub.cfg | |
| # Exit new system and go into the cd shell | |
| exit | |
| # Do this ONLY when installing to a VirtualBox. | |
| cd /mnt/boot/efi/EFI/ | |
| mv parabola BOOT | |
| mv BOOT/grubx64.efi BOOT/bootx64.efi | |
| # Unmount all partitions | |
| umount -R /mnt | |
| swapoff -a | |
| # Reboot into the new system, don't forget to remove the cd/usb | |
| reboot | |
| # Do this ONLY when installing to a VirtualBox. | |
| # Install VirtualBox GUest Additions: Insert virtual CD! | |
| sudo mkdir -p /media/cdrom | |
| sudo mount /dev/cdrom /media/cdrom | |
| cd /media/cdrom | |
| sudo ./VBoxLinuxAdditions.run | |
| # Enable DHCP service | |
| sudo systemctl start dhcpcd.service | |
| sudo systemctl enable dhcpcd.service | |
| # Happy Customizing! | |
| # May have to do one of these if you run into gpg errors | |
| pacman-key --refresh-keys | |
| # If errors persist check out this link for help: | |
| # https://wiki.archlinux.org/index.php/Pacman/Package_signing#Cannot_import_keys | |
| # Packages I typically install: | |
| xorg | |
| xfce4 | |
| gvfs | |
| # If using the above GUI packages, do the following: | |
| cp /etc/X11/xinit/xinitrc ~/.xinitrc | |
| nano ~/.xinitrc | |
| # Remove 'exec' calls from the end | |
| # Add 'exec startxfce4' command to the end | |
| # More packages: | |
| stow | |
| openssh | |
| python-virtualenvwrapper | |
| eric | |
| mousepad | |
| icecat |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment