Note
This guide is meant for my personal use. If you're installing Arch Linux for the first time, please follow the official installation guide instead.
- Download the latest ISO file from https://ftp.halifax.rwth-aachen.de/archlinux/iso/latest/archlinux-x86_64.iso
$ curl https://ftp.halifax.rwth-aachen.de/archlinux/iso/latest/archlinux-x86_64.iso -O
- Flash the ISO
$ cat archlinux-x86_64.iso | sudo tee /dev/sdX > /dev/null
- Verify the flashed image on the USB drive (optional)
$ sudo head -c $(stat -c '%s' archlinux-x86_64.iso) /dev/sdX | sha256sum
- Compare the output above with https://ftp.halifax.rwth-aachen.de/archlinux/iso/latest/sha256sums.txt
- Automatic all-in-one command:
$ BLK=/dev/sdX URL=https://ftp.halifax.rwth-aachen.de/archlinux/iso/latest ISO=archlinux-x86_64.iso; curl $URL/$ISO -o $ISO && cat $ISO | sudo tee $BLK > /dev/null && (curl $URL/sha256sums.txt | grep $(sudo head -c $(wc -c < $ISO) $BLK | sha256sum) || echo "Checksum failed")
- Disable secure boot in the UEFI setup menu on the computer or delete the Platform Key (PK) to put the computer in setup mode
- On ASRock mainboards, the key to enter UEFI setup is "F2" or "Del" and "F11" to enter the boot menu
- On the CHUWI Hi10 X tablet, the key to enter UEFI setup is "Esc". An external keyboard has to be connected via USB-C
- Boot the computer from the USB drive via the boot menu or by changing the boot order
- Wait for the Arch Linux live ISO to boot up
- Login as root (no password is required)
- Set the correct keyboard layout:
# loadkeys de
Warning
The following commands are destructive. Make sure to back up all important data beforehand
- Identify the correct disk:
# lsblk
- Partition the disk:
This command will create a 1 GiB EFI system partition and will use the rest of the disk as the rootfs# sfdisk /dev/sdX << EOF label: gpt ,1G,U ; write EOF
- Format the partitions:
# mkfs.vfat /dev/sdX1 # mkfs.ext4 /dev/sdX2
- Mount the filesystems:
# mount /dev/sdX2 /mnt # mkdir -p /mnt/boot/efi # mount /dev/sdX1 /mnt/boot/efi # mkdir -p /mnt/boot/efi/EFI/BOOT
- Install and create the rootfs:
# pacstrap -K /mnt base linux linux-firmware opendoas neovim git binutils curl less which networkmanager {amd,intel}-ucode tmux zsh zsh-autosuggestions zsh-syntax-highlighting sbctl make fakeroot debugedit gcc openssh python python-pip erofs-utils android-tools bc bison flex aarch64-linux-gnu-binutils aarch64-linux-gnu-gcc dosfstools inetutils pkgconf
- Generate an fstab file:
# genfstab -U /mnt >> /mnt/etc/fstab
- Chroot into the new rootfs:
# arch-chroot /mnt
- Set time info:
# ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime # hwclock --systohc
- Configure the locales:
# sed -i 's/#en_US.UTF-8/en_US.UTF-8/' /etc/locale.gen # locale-gen # echo "LANG=en_US.UTF-8" > /etc/locale.conf
- Configure the keyboard layout:
# echo "KEYMAP=de" > /etc/vconsole.conf
- Set the hostname:
# echo "david-pc" > /etc/hostname
- Configure users:
# passwd root # useradd -mG wheel david # passwd david
- Set permissions for doas:
# echo "permit nopass :wheel" > /etc/doas.conf # chown -c root:root /etc/doas.conf # chmod -c 0400 /etc/doas.conf # ln -s $(which doas) /usr/bin/sudo
- Configure sshd server:
# echo -e "PasswordAuthentication no\nAuthenticationMethods publickey" > /etc/ssh/sshd_config.d/20-auth.conf
- Enable systemd services:
# systemctl enable NetworkManager.service # systemctl enable sshd.service
- Enable colored output for pacman:
# sed -i 's/#Color/Color/' /etc/pacman.conf
- Allow unrestricted access to dmesg:
# echo "kernel.dmesg_restrict=0" > /etc/sysctl.d/00-dmesg.conf
- Disable automatic core dumps:
# echo "kernel.core_pattern=|/bin/false" > /etc/sysctl.d/50-coredump.conf
- Configure kernel parameters:
# mkdir -p /etc/cmdline.d # echo "root=UUID=$(blkid -s UUID -o value /dev/sdX2) rw sysrq_always_enabled=1 audit=0 quiet loglevel=3" > /etc/cmdline.d/cmdline.conf
- Put the following content in
/etc/mkinitcpio.d/linux.preset
# mkinitcpio preset file for the 'linux' package ALL_kver="/boot/vmlinuz-linux" PRESETS=('default') default_image="/boot/initramfs-linux.img" default_uki="/boot/efi/EFI/BOOT/BOOTX64.EFI" default_options="--splash=/usr/share/systemd/bootctl/splash-arch.bmp"
- Generate the EFI image:
# mkinitcpio -p linux
- Generate secure boot keys:
# sbctl create-keys
- Generate the UKI again to sign the file:
# mkinitcpio -p linux
- Enroll the keys:
- If the computer is in setup mode (when no PK is enrolled), run this command:
# sbctl enroll-keys -m
- Otherwise, copy the keys to the ESP partition temporarily and enroll them manually in the UEFI setup menu:
# cp -r /usr/share/secureboot/keys /boot/efi # systemctl reboot --firmware-setup
- In the UEFI setup, enroll the PK, KEK and db keys
- If the computer is in setup mode (when no PK is enrolled), run this command:
- Reboot the computer and check secure boot status:
$ bootctl
- Configure keyboard layout for SDDM:
$ sudo localectl set-x11-keymap de
- Install packages for KDE Plasma:
$ sudo pacman -S pipewire pipewire-audio pipewire-pulse pipewire-alsa pipewire-jack sddm bluedevil breeze-gtk drkonqi gwenview kde-gtk-config kdeplasma-addons kgamma kinfocenter kscreen ksshaskpass kwallet-pam kate ocean-sound-theme plasma-browser-integration plasma-desktop plasma-disks plasma-nm plasma-pa plasma-systemmonitor plasma-vault plasma-workspace-wallpapers powerdevil print-manager sddm-kcm xdg-desktop-portal-kde flatpak-kcm ark dolphin konsole unrar p7zip firefox noto-fonts noto-fonts-extra noto-fonts-cjk noto-fonts-emoji kwalletmanager spectacle qt6-multimedia-ffmpeg kaccounts-providers kaccounts-integration signal-desktop krdp okular
- Enable SDDM:
$ sudo systemctl enable sddm
- Reboot and login to the Plasma Desktop:
$ sudo reboot
- Download the
.zshrc
file:$ curl -L https://david-w.eu/zshrc -o ~/.zshrc
- Change shell to ZSH:
$ chsh -s /usr/bin/zsh
- Reboot or re-login to switch to ZSH
- Clone the paru-bin package from git:
$ git clone https://aur.archlinux.org/paru-bin.git
- Build and install paru:
$ cd paru-bin $ makepkg -si