cm0002@programming.dev to Linux@programming.dev · 12 days agoGNU Linux how to install arch (with btrfs and without frustration) + minimalistic latest MATE Desktopdwaves.deexternal-linkmessage-square14linkfedilinkarrow-up121arrow-down13cross-posted to: gnulinuxitalia@feddit.it
arrow-up118arrow-down1external-linkGNU Linux how to install arch (with btrfs and without frustration) + minimalistic latest MATE Desktopdwaves.decm0002@programming.dev to Linux@programming.dev · 12 days agomessage-square14linkfedilinkcross-posted to: gnulinuxitalia@feddit.it
minus-squarebacon_pdp@lemmy.worldlinkfedilinkarrow-up0arrow-down1·12 days agoDo better ################################################################################# ################################################################################# A minimal Arch install procedure with encrypted /boot and / ################################################################################# ################################################################################# Format virtual drive to have 1 large primary partition and mark it as bootable echo -e “o\nn\np\n1\n\n\na\nw” | fdisk /dev/sda It really is that simple to set up the partition table. o wipes the previous table, n creates a new partition, and a makes it bootable. w writes the changes. Encrypt entire volume Default iter is 2000 and takes 22 seconds for grub to decrypt, adjust accordingly cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 50000 –use-random --verify-passphrase luksFormat --type luks1 /dev/sda1 or if that takes too long to type or you don’t care; you can use the defaults: The luks1 however matters until grub finishes adding sufficient support for luks2. Argon2id (cryptsetup default) and Argon2i PBKDFs are not supported, only PBKDF2 is at this time cryptsetup -v --use-random -y luksFormat --type luks1 /dev/sda1 Open for formating cryptsetup open /dev/sda1 root Actually format mkfs.btrfs /dev/mapper/root Mount partitions mount /dev/mapper/root /mnt Fix the slow install problem pacman -Sy pacman -S pacman-contrib cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup if per policy reasons you need to limit yourself to the USA curl “https://archlinux.org/mirrorlist/?country=US” | sed ‘s/#Server/Server/g’ \ >| /etc/pacman.d/mirrorlist.backup rankmirrors -n 6 /etc/pacman.d/mirrorlist.backup > /etc/pacman.d/mirrorlist Install bootstrap pacstrap /mnt base linux linux-firmware btrfs-progs lvm2 if you see bill-auger is unknown trust pacman -S archlinux-keyring parabola-keyring Setup fstab genfstab -U /mnt >> /mnt/etc/fstab Chroot into mount arch-chroot /mnt Set root password passwd Setup timezone ln -sf /usr/share/zoneinfo/US/Michigan /etc/localtime Setup locales echo “en_US.UTF-8 UTF-8” > /etc/locale.gen echo “LANG=en_US.UTF-8” > /etc/locale.conf locale-gen Set hostname export hostname=encom Use it echo “$hostname” >| /etc/hostname { cat <<-EOF 127.0.0.1 localhost 127.0.1.1 $hostname The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters EOF } >| /etc/hosts Enable dhcp on ethernet pacman -S dhclient #enable wifi pacman -S iw iwd Fix kernel file system YES order matters for stupid reasons components=“base udev autodetect modconf keyboard block encrypt lvm2 filesystems keyboard fsck”; sed -i “/^HOOKS=/c\HOOKS=(${components})” /etc/mkinitcpio.conf Modify: to add support for encrypt and lvm2 build new initial ramdisk: mkinitcpio -p linux May produce warnings about lwn2, can safely ignore Setup grub pacman -S grub indicate /boot is encrypted sed -i ‘/^GRUB_CMDLINE_LINUX=/c\GRUB_CMDLINE_LINUX=“cryptdevice=/dev/sda1:root”’ /etc/default/grub Enable support for encrypted /boot sed -i ‘/^#GRUB_ENABLE_CRYPTODISK=/c\GRUB_ENABLE_CRYPTODISK=“y”’ /etc/default/grub Uncomment GRUB_ENABLE_CRYPTODISK=y mkdir /boot/grub grub-mkconfig -o /boot/grub/grub.cfg grub-install /dev/sda ################################################################################# ################################################################################# Reboot as the core setup is done and the rest can be done inside our new arch Linux system as root/administrator ################################################################################# ################################################################################# Remove need to type luks password twice dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin chmod 400 /crypto_keyfile.bin cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin Set init to use that file sed -i “/^FILES=/c\FILES=/crypto_keyfile.bin” /etc/mkinitcpio.conf build new initial ramdisk: mkinitcpio -p linux Enable networking dhclient ens33 Setup sudo group for membership and useful privileges pacman -S sudo vim wget groupadd sudo Uncomment the %sudo line sed -i ‘/^# %sudo/c%sudo\tALL=(ALL:ALL) ALL’ /etc/sudoers Setup our power user export USERNAME=user useradd -m $USERNAME passwd $USERNAME usermod -G sudo -a $USERNAME ################################################################################# ################################################################################# If you want guix for everything else on your system use the install guix procedure instead of following the rest of this procedure. ################################################################################# You may now logout and finish the rest of this procedure as your administrative account created previously ################################################################################# ################################################################################# Install baseline gui sudo pacman -S i3-wm xorg-server xorg-xinit xf86-video-vesa xorg mesa slim xorg-xrdb dmenu emacs st git gcc make htop screen binutils stow
Do better
################################################################################# #################################################################################
A minimal Arch install procedure with encrypted /boot and /
################################################################################# #################################################################################
Format virtual drive to have 1 large primary partition and mark it as bootable
echo -e “o\nn\np\n1\n\n\na\nw” | fdisk /dev/sda
It really is that simple to set up the partition table. o wipes the previous
table, n creates a new partition, and a makes it bootable. w writes the changes.
Encrypt entire volume
Default iter is 2000 and takes 22 seconds for grub to decrypt, adjust accordingly
cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 50000
–use-random --verify-passphrase luksFormat --type luks1 /dev/sda1
or if that takes too long to type or you don’t care; you can use the defaults:
The luks1 however matters until grub finishes adding sufficient support for
luks2. Argon2id (cryptsetup default) and Argon2i PBKDFs are not supported, only
PBKDF2 is at this time
cryptsetup -v --use-random -y luksFormat --type luks1 /dev/sda1
Open for formating
cryptsetup open /dev/sda1 root
Actually format
mkfs.btrfs /dev/mapper/root
Mount partitions
mount /dev/mapper/root /mnt
Fix the slow install problem
pacman -Sy pacman -S pacman-contrib cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup
if per policy reasons you need to limit yourself to the USA
curl “https://archlinux.org/mirrorlist/?country=US” | sed ‘s/#Server/Server/g’ \
>| /etc/pacman.d/mirrorlist.backup
rankmirrors -n 6 /etc/pacman.d/mirrorlist.backup > /etc/pacman.d/mirrorlist
Install bootstrap
pacstrap /mnt base linux linux-firmware btrfs-progs lvm2
if you see bill-auger is unknown trust
pacman -S archlinux-keyring parabola-keyring
Setup fstab
genfstab -U /mnt >> /mnt/etc/fstab
Chroot into mount
arch-chroot /mnt
Set root password
passwd
Setup timezone
ln -sf /usr/share/zoneinfo/US/Michigan /etc/localtime
Setup locales
echo “en_US.UTF-8 UTF-8” > /etc/locale.gen echo “LANG=en_US.UTF-8” > /etc/locale.conf locale-gen
Set hostname
export hostname=encom
Use it
echo “$hostname” >| /etc/hostname { cat <<-EOF 127.0.0.1 localhost 127.0.1.1 $hostname
The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters EOF } >| /etc/hosts
Enable dhcp on ethernet
pacman -S dhclient
#enable wifi pacman -S iw iwd
Fix kernel file system
YES order matters for stupid reasons
components=“base
udev
autodetect
modconf
keyboard
block
encrypt
lvm2
filesystems
keyboard
fsck”; sed -i “/^HOOKS=/c\HOOKS=(${components})” /etc/mkinitcpio.conf
Modify: to add support for encrypt and lvm2
build new initial ramdisk:
mkinitcpio -p linux
May produce warnings about lwn2, can safely ignore
Setup grub
pacman -S grub
indicate /boot is encrypted
sed -i ‘/^GRUB_CMDLINE_LINUX=/c\GRUB_CMDLINE_LINUX=“cryptdevice=/dev/sda1:root”’
/etc/default/grub
Enable support for encrypted /boot
sed -i ‘/^#GRUB_ENABLE_CRYPTODISK=/c\GRUB_ENABLE_CRYPTODISK=“y”’ /etc/default/grub
Uncomment GRUB_ENABLE_CRYPTODISK=y
mkdir /boot/grub grub-mkconfig -o /boot/grub/grub.cfg grub-install /dev/sda
################################################################################# #################################################################################
Reboot as the core setup is done and the rest can be done inside our new arch
Linux system as root/administrator
################################################################################# #################################################################################
Remove need to type luks password twice
dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin chmod 400 /crypto_keyfile.bin cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin
Set init to use that file
sed -i “/^FILES=/c\FILES=/crypto_keyfile.bin” /etc/mkinitcpio.conf
build new initial ramdisk:
mkinitcpio -p linux
Enable networking
dhclient ens33
Setup sudo group for membership and useful privileges
pacman -S sudo vim wget groupadd sudo
Uncomment the %sudo line
sed -i ‘/^# %sudo/c%sudo\tALL=(ALL:ALL) ALL’ /etc/sudoers
Setup our power user
export USERNAME=user useradd -m $USERNAME passwd $USERNAME usermod -G sudo -a $USERNAME
################################################################################# #################################################################################
If you want guix for everything else on your system use the install guix
procedure instead of following the rest of this procedure.
#################################################################################
You may now logout and finish the rest of this procedure as your
administrative account created previously
################################################################################# #################################################################################
Install baseline gui
sudo pacman -S i3-wm xorg-server xorg-xinit xf86-video-vesa xorg mesa slim
xorg-xrdb dmenu emacs st git gcc make htop screen
binutils stow