ArchLinux:Installation: Difference between revisions

From Wiki³
mNo edit summary
 
(159 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{DISPLAYTITLE:Arch Linux Installation}}
{{DISPLAYTITLE:{{TitleIcon|arch=true}} Arch Linux Installation}}<metadesc>Arch Linux Installation Tutorial using UEFI and rEFInd. Also usable on USB disks!</metadesc>
<div id="tocalign">__TOC__</div>
<div id="tocalign">__TOC__</div>
{{UnderConstruction}}
{{Back|Arch Linux}}
The following tutorial is a collection of notes on how to install the Arch Linux distribution. This guide is mainly suited for use with servers and embedded machines. This tutorial originally started as a YouTube video I had made in early 2012 called [https://www.youtube.com/watch?v=HtTt674qi74 How to Install Arch Linux]. I then remade this video in late 2012, due to major changes in the installation process, renamed as [https://www.youtube.com/watch?v=kQFzVG4wZEg Arch Linux: System Installation]. This tutorial is the spiritual successor to those videos and has been created via the recording notes from said videos.
{{GitLab|[https://gitlab.com/kyaulabs/aarch kyaulabs/aarch]: Automated Arch Linux installer.}}
{{Warning|This page has not been updated since the creation of AArch and its included packages. Therefore it is possible that some or all of the following information is out of date.}}
Originally a collection of notes geared towards installing Arch Linux on dedicated servers and embedded machines to ease the transition from BSD back to Linux, this tutorial has evolved in ways I could have never imagined.


Following the Arch Linux philosophy, these tutorials are geared at being simple and efficient.
In 2012 it was transformed into a YouTube video called [https://www.youtube.com/watch?v=HtTt674qi74 How to Install Arch Linux]. This video was then remade in late 2012, due to major changes in the installation process, renamed as [https://www.youtube.com/watch?v=kQFzVG4wZEg Arch Linux: System Installation].


= Booting the Installation Media =
Testing was done on my Lenovo ThinkPad X220, the following arch-iso was used:
Place the copy of the Arch Linux image you burned to a disc in your machine and reboot. Enter BIOS if necessary to modify the boot device order in order to boot from the media.  
{{Note|icon=false|1={{Icon|disc-blue}} archlinux-2019.02.01-x86_64.iso}}
= {{Icon24|sitemap}} Booting the Installation Media =
Place the copy of the Arch Linux installation media in your machine (CD/DVD or USB) and reboot. Enter BIOS if necessary to modify the boot device order in order to boot from the media.  


You should be looking at the EFI boot menu, which will auto boot the Arch Linux ISO in a few moments. When your system has finished the boot up process you will be at the console. You may also notice you have been automatically logged into the {{mono|root}} account.
The system will start at an EFI boot menu, which should auto boot the Arch Linux ISO in a few seconds (provided the keyboard is not touched).


For the creation of this tutorial I used the following environment:
When the system has finished the boot up process, it should automatically login to the terminal with the {{mono|root}} account.
{{Note|icon=false|1={{Icon|computer}} VirtualBox 5.1.22 r115126<br/>{{Icon|disc-blue}} archlinux-2017.07.01-x86_64.iso}}


= Pre-Installation =
= {{Icon24|sitemap}} Pre-Installation =
There are a few things that you may choose to go through before you begin your installation. None of these are required, but may be extremely useful.
 
To start sync the systems time and date.
{{Console|root=true|1=timedatectl set-ntp true|2=timedatectl status}}
 
=== Verify Boot Mode ===
Verify that the motherboard has UEFI enabled. If this outputs a list of variables, the computer has successfully booted into EFI mode.
{{Console|root=true|1=efivar -l}}
 
=== Keyboard Keymap ===
If using a non-US keymap, specify which keymap to load.
If using a non-US keymap, specify which keymap to load.
{{Console|root=true|1=ls /usr/share/kbd/keymaps/}}
{{Console|root=true|1=ls /usr/share/kbd/keymaps/}}
Line 30: Line 23:
{{Console|root=true|1=loadkeys de-latin1}}
{{Console|root=true|1=loadkeys de-latin1}}


=== Networking ===
== {{Icon|notebook}} Networking ==
Make sure the network is connected and internet access is working (for wired network connections, dhcp was loaded on boot).
Make sure the network is connected and internet access is working (for wired network connections, dhcp was already loaded on boot).
{{Console|root=true|1=ping archlinux.org}}
{{Console|root=true|1=ping archlinux.org}}
Performing the installation over wireless requires manual setup. To do so, get the name of the interface, usually {{mono|wlan0}}, and then check to see if your wireless interface is activated.
Connection to a wireless network requires user interaction and clearly has no idea what to connect to at boot. To connect to a wireless network use {{mono|wifi-menu}}.
{{Console|root=true|1=iw dev|2=ip link show wlan0}}
{{Console|root=true|1=wifi-menu}}
If the interface is in {{mono|state DOWN}} bring it up first.
Also run {{mono|dhcpcd}} if you did not obtain an ip address automatically.
{{Console|root=true|1=ip link set wlan0 up}}
{{console|root=true|1=dhcpcd wlp3s0}}
With the interface activated, get a list of all available access points (AP) nearby.
{{Note|The name of your wireless interface may be different, consult {{mono|ip addr}}.}}
{{Console|root=true|1=iw dev wlan0 scan {{!}} less}}
Depending on what type of encryption the AP is using for the network, connect with one of the following methods:


* '''No Encryption'''
== {{Icon|notebook}} Installation via SSH ==
<div style="position:relative;left:21px">{{Console|root=true|1=iw dev wlan0 connect "''YOUR_SSID''"}}</div>
* '''WEP'''
<div style="position:relative;left:21px">{{Console|root=true|1=iw dev wlan0 connect "''YOUR_SSID''" key :''YOUR_KEY''}}</div>
* '''WPA/WPA2'''
<div style="position:relative;left:21px">{{Console|root=true|1=wpa_supplicant -i wlan0 -c <(wpa_passphrse "''YOUR_SSID''" "''YOUR_KEY''")}}</div>
 
Verify that the wireless network was brought up properly.
{{Console|root=true|1=iw dev wlan0 link}}
 
=== Installation via SSH ===
Installing remotely from another computer using SSH can be a lot faster, but requires the use of another machine. Remember, copy and paste work over SSH.
Installing remotely from another computer using SSH can be a lot faster, but requires the use of another machine. Remember, copy and paste work over SSH.


Line 60: Line 41:
Use the {{mono|ip addr}} command to find the IP address assigned to the machine. Logging in remotely as the root account with the password setup previously should now be possible.
Use the {{mono|ip addr}} command to find the IP address assigned to the machine. Logging in remotely as the root account with the password setup previously should now be possible.


= Hard Drive Setup =
== {{Icon|notebook}} Partitioning ==
Before we can begin the installation we must partition and format the hard drives that will be used in the installation. For this we use the GPT partition scheme. GPT (or GUID Partition Table) came about due to the inherit 32-bit limitation in MBR limiting the maximum addressable storage space to {{mono|232 x 512 bytes}} or 2TB. The operating systems (OS) that cannot boot from GPT are Windows XP and all prior versions. Given that GPT forms part of the UEFI standard it will be the defacto choice if you have UEFI enabled.<ref>{{cite web|url=https://wiki.archlinux.org/index.php/Partitioning#Choosing_between_GPT_and_MBR|title=ArchWiki|publisher=Partitioning: Choosing between GPT and MBR}}</ref>
{{Note|1=For the rest of this guide I will be referring to the hard drive you are installing to as {{mono|sdX}}, the actual device should be {{mono|sda}}, {{mono|sdb}}, or some other such variant.<br/>If you are installing Arch in conjunction with Mac OS X and/or Windows, partitions will be {{mono|Apple Core storage}} and/or {{mono|HPFS/NTFS/exFAT}} respectively.}}
 
Pull up a list of all of the disks in your system.
{{Console|root=true|1=lsblk}}
We can safely ignore the ones mounted from {{mono|/run/archiso}} as these are the live disc image we booting from.
 
Having located the drive we are going to be using for Arch, make note of the device node the disks uses.
 
=== Partitioning ===
{| class="wikitable fright"
{| class="wikitable fright"
|-
|-
Line 85: Line 56:
| EFI System
| EFI System
| class="acenter"| /boot
| class="acenter"| /boot
| class="acenter"| 200M
| class="acenter"| 512M
| class="acenter"| boot partition
| class="acenter"| boot partition
|}
|}
Before we begin it is always good practice to zero the disk out.
Before installation the system disk must be partitioned and formatted. For this the GPT partition scheme is used. GPT (or GUID Partition Table) came about due to the inherit 32-bit limitation in MBR limiting the maximum addressable storage space to 2TB. The operating systems (OS) that cannot boot from GPT are most notably Windows XP and all prior versions. Given that GPT forms part of the UEFI standard it will be the defacto choice if UEFI is enabled.<ref>{{cite web|url=https://wiki.archlinux.org/index.php/Partitioning#Choosing_between_GPT_and_MBR|title=ArchWiki|publisher=Partitioning: Choosing between GPT and MBR}}</ref>
{{Console|root=true|1=dd if=/dev/zero of=/dev/sdX bs=1k count=2048}}
{{Note|1=If you are installing Arch in conjunction with Mac OS X and/or Windows, partitions will be {{mono|Apple Core storage}} and/or {{mono|HPFS/NTFS/exFAT}} respectively.<br/>When dual booting with Windows, only the Arch Linux partition needs to be partitioned/formatted as the current Windows EFI System partition will be used as is mounted to {{mono|/boot}}.}}
{{Warning|margin=true|This will wipe the entire disk!<br/>Skip this step if you are only using part of the disk for Arch Linux.}}
 
With that taken care of we can begin partitioning with {{mono|sgdisk}}. Delete the current partition table, although {{mono|dd}} should have taken care of this.
Pull up a list of all of the disks in the system.
{{Console|root=true|1=sgdisk -z /dev/sdX}}
{{Console|root=true|1=lsblk}}
Write a new GPT partition table with protected MBR.
The ones mounted from {{mono|/run/archiso}} can safely be ignored as these are from the live disc image.
{{Console|root=true|1=sgdisk -o /dev/sdX}}
Create our Arch Linux partition (use everything but the last 200MB) and then our EFI System partition with the final 200MB; might as well setup the partition types in the same command.
{{Console|root=true|1=sgdisk -n 1:0:-200M /dev/sdX -n 2:-200M:-0 -t 1:8300 -t 2:ef00 /dev/sdX}}
For posterity we can set some names to help identify the partitions.
{{Console|root=true|1=sgdisk -c 1:"Arch Linux" -c 2:"EFI Boot" /dev/sdX}}
Just in case we want to boot in Legacy mode we will also set the legacy boot attribute.
{{Console|root=true|1=sgdisk -A 2:set:2 /dev/sdX}}
If you are a keen observer, you will notice we have not made use of a {{mono|swap}} partition. That is because we will be using a swap file instead.


If {{mono|sgdisk}} has been complaining that the linux kernel is caching partition information, you should reboot before continuing.
Having located the disk that is going to be used for the Arch system disk, make note of the device node the disk uses.
 
Before partitioning it is always good practice to zero the disk out.
{{Console|root=true|1=dd if=/dev/zero of=/dev/<mark class="cyan2">sdX</mark> bs=1k count=2048}}
{{Warning|This will wipe the entire disk!<br/>Skip this step if the disk is not being exclusively used for Arch Linux.}}
With that taken care of, write a new GPT partition table with protected MBR.
{{Console|root=true|1=sgdisk -Z -o /dev/<mark class="cyan2">sdX</mark>}}
Make sure all old filesystem signatures are erased.
{{Console|root=true|1=wipefs -af /dev/<mark class="cyan2">sdX</mark>}}
Create the Arch Linux partition (use everything but the last 64MB) and then the EFI System partition with the final 64MB; might as well setup the partition types in the same command.
{{Console|root=true|1=sgdisk -n 1:0:-256M -n 2:-256M:-0 -t 1:8E00 -t 2:ef00 /dev/<mark class="cyan2">sdX</mark>}}
{{Note|One might notice that there is no {{mono|swap}} partition. This will be covered in a later section.}}
For ease-of-use set some names to help identify the partitions.
{{Console|root=true|1=sgdisk -c 1:"<mark class="cyan2">host</mark>" -c 2:"uefi" /dev/<mark class="cyan2">sdX</mark>}}
{{Note|When installing w/ LUKS and an encrypted root it might be a good idea to name partition one something else.}}
{| class="mw-collapsible optional mw-collapsed"
!{{Icon|lock-warning-white}} (Optional) LVM on LUKS w/ Encrypted Root Filesystem
|-
|<hr/>
First clear the LVM and crypt metadata.
{{Console|root=true|1=dmsetup remove_all}}
{{margin}}
{{Console|root=true|1=pvremove -y -ff /dev/<mark class="cyan2">sdX</mark>}}
Setup the encryption of the system partition with 512-bit effective size.
{{Console|root=true|1=cryptsetup --type luks2 -q -c aes-xts-plain64 -l 512 -h sha512 --pbkdf argon2i --pbkdf-force-iterations 4 --pbkdf-memory 1048576 --pbkdf-parallel 1 --label archlinux --subsystem "" --use-random luksFormat /dev/<mark class="cyan2">sdX</mark>}}
Open the newly created LUKS partition.
{{Console|root=true|1=cryptsetup open --type luks2 /dev/<mark class="cyan2">sdX1</mark> cryptlvm}}
Create a physical volume on top of the opened LUKS container.
{{Console|root=true|1=pvcreate --yes /dev/mapper/cryptlvm}}
Create a volume group and add the physical volume to it.
{{Console|root=true|1=vgcreate --yes <mark class="cyan2">host</mark> /dev/mapper/cryptlvm}}
Create a swap and root logical volume. Then use {{mono|lvs}} to make sure they were created correctly.
{{Console|root=true|1=lvcreate -L 8G <mark class="cyan2">host</mark> --name swap}}
{{margin}}
{{Console|root=true|1=lvcreate -l +100%FREE <mark class="cyan2">host</mark> --name root}}
{{margin}}
{{Console|root=true|1=lvs}}
|}


=== Formatting/Mounting ===
== {{Icon|notebook}} Formatting ==
{{Note|If you are dual-booting, install Windows first, then '''DO NOT''' format the EFI partition, instead mount the one Windows created.}}
With the partitions setup, they now need to be formatted.
With the partitions setup, they now need to be formatted.
 
{{Warning|If using LVM on LUKS only format the EFI System partition, proceed to the optional portion.}}
For the root filesystem, using {{mono|metadata_csum}} will enable metadata checksums for added protection against disk corruption.
{{Console|root=true|1=mkfs.ext4 -O metadata_csum /dev/sdX1}}
Format the EFI System partition with FAT32.
Format the EFI System partition with FAT32.
{{Console|root=true|1=mkfs.fat -F32 /dev/sdX2}}
{{Console|root=true|1=mkfs.fat -F32 /dev/{{cyanBold|sdX2}}}}
Mount the partitions, take care of the order.
For the root filesystem, using {{mono|metadata_csum}} will enable metadata checksums for added protection against disk corruption.<br/>
{{Console|root=true|1=mount /dev/sdX1 /mnt|2=mkdir /mnt/boot|3=mount /dev/sdX2 /mnt/boot}}
{{Console|root=true|1=mkfs.ext4 -O metadata_csum /dev/{{cyanBold|sdX1}}}}
{{Note|1=If this is being installed onto a portable USB, add {{mono|-O "^has_journal"}} to the {{mono|mkfs.ext4}} command.}}
{| class="mw-collapsible optional mw-collapsed"
!{{Icon|lock-warning-white}} (Optional) LVM on LUKS w/ Encrypted Root Filesystem
|-
|<hr/>
Format the EFI system partition with EXT4.
{{console|root=true|1=mkfs.ext4 /dev/{{cyanBold|sdX2}}}}
Format the root filesystem with ext4 using {{mono|metadata_csum}} to enable metadata checksums, then setup the swap area.
{{Console|root=true|1=mkfs.ext4 -O metadata_csum /dev/mapper/{{cyanBold|host}}-root}}
{{margin}}
{{console|root=true|1=mkswap /dev/mapper/{{cyanBold|host}}-swap}}
Enable the swap LVM.
{{console|root=true|1=mkswap /dev/mapper/{{cyanBold|host}}-swap}}
Mount the root filesystem, create a directory for the EFI System partition and then mount it as well.
{{console|root=true|1=mount /dev/mapper/{{cyanBold|host}}-root /mnt}}
{{margin}}
{{console|root=true|1=mkdir /mnt/boot}}
{{margin}}
{{console|root=true|1=mount /dev/{{cyanBold|sdX2}} /mnt/boot}}
Now skip down to the [[ArchLinux:Installation#Base_Packages|Base Packages]] sub-section.
|}


= Installation =
= {{Icon24|sitemap}} Installation =
Now that the disk(s) are setup and mounted in the correct directories, begin the Arch Linux bootstrap process.
Now that the disk(s) are setup, mount the partitions and begin the Arch Linux bootstrap process.
{{Console|root=true|1=mount /dev/{{cyanBold|sdX1}} /mnt}}
{{margin}}
{{Console|root=true|1=mkdir /mnt/boot}}
{{margin}}
{{Console|root=true|1=mount /dev/{{cyanBold|sdX2}} /mnt/boot}}
{{Note|1=If the system is dual booting with Windows, mount the current EFI System Partition as {{mono|/mnt/boot}} and the one dedicated to Arch Linux as {{mono|/}}.}}


=== Base Packages ===
== {{Icon|notebook}} Base Packages ==
Install the [//www.archlinux.org/groups/x86_64/base/ base] and [//www.archlinux.org/groups/x86_64/base-devel/ base-devel] package groups, the [//www.rodsbooks.com/refind/ rEFInd Boot Manager] and the [//www.archlinux.org/packages/extra/x86_64/git/ git], [//www.archlinux.org/packages/core/x86_64/sudo/ sudo] and [//www.archlinux.org/packages/extra/x86_64/vim/ vim] packages. When not using WiFi, the [//www.archlinux.org/packages/core/x86_64/wpa_supplicant/ wpa_supplicant] package can safely be removed from the list.<br/>
Install the [//www.archlinux.org/groups/x86_64/base/ base] and [//www.archlinux.org/groups/x86_64/base-devel/ base-devel] package groups, the [//www.rodsbooks.com/refind/ rEFInd Boot Manager] and a few other packages. When not using WiFi, the [//www.archlinux.org/packages/core/x86_64/wpa_supplicant/ wpa_supplicant] package can safely be removed from the list.<br/>
If the system has an Intel-based CPU the [//www.archlinux.org/packages/extra/any/intel-ucode/ intel-ucode] package is required.
If the system has an Intel-based CPU the [//www.archlinux.org/packages/extra/any/intel-ucode/ intel-ucode] package is required.<br/>
{{Console|root=true|1=pacstrap /mnt base base-devel efibootmgr git intel-ucode refind-efi sudo vim wpa_supplicant}}
If the system has an AMD-based CPU the [//www.archlinux.org/packages/extra/any/amd-ucode/ amd-ucode] package is required.
{{Console|root=true|1=pacstrap /mnt base base-devel efibootmgr gdisk git intel-ucode lvm2 {{GreenBold|\}}<br/>               nftables openssh pacman-contrib pyalpm refind-efi {{GreenBold|\}}<br/>               reflector sudo vim wpa_supplicant}}


=== Fstab ===
== {{Icon|notebook}} Fstab ==
Generate an [[archwiki:fstab|fstab]] file so that Arch knows what to mount on boot. Using the {{mono|-U}} option will use UUIDs for the source partitions, this has the advantage of not changing if the hard drive is plugged into another computer.
Generate an [[archwiki:fstab|fstab]] file so that Arch knows what to mount on boot. Using the {{mono|-U}} option will use UUIDs for the source partitions, this has the advantage of not changing if the disk is plugged into another computer.
{{Console|root=true|1=genfstab -U -p /mnt >> /mnt/etc/fstab}}
{{Console|root=true|1=genfstab -pU /mnt >> /mnt/etc/fstab}}
Be sure to confirm it was generated correctly (UUIDs line up).
Be sure to confirm it was generated correctly (UUIDs line up).
{{Console|root=true|1=blkid /dev/sdX1 && blkid /dev/sdX2 && cat /mnt/etc/fstab}}
{{Console|root=true|1=blkid /dev/{{cyanBold|sdX1}} && blkid /dev/{{cyanBold|sdX2}} && cat /mnt/etc/fstab}}
In order to ext4 journal data structures also gain checksums add {{mono|,journal_checksum}} to the mounting options on boot.
In order for ext4 journal data structures to also gain checksums add {{mono|,journal_checksum}} to the mounting options on boot.<br/>''Skip this step if installing onto a portable USB drive.''
{{Console|root=true|1=sed -i 's/data=ordered/data=ordered,journal_checksum/' /mnt/etc/fstab}}
{{Console|root=true|1=sed -i 's/rw,relatime\t/rw,relatime,journal_checksum\t/' /mnt/etc/fstab}}
Again confirming this change is not a bad idea.
Also set {{mono|/boot}} to read-only.
{{Note|If you are using an SSD you might want to consider adding {{mono|,discard}} to the mounting options as well.}}
{{console|root=true|1=sed -i 's/rw,relatime,fmask/ro,noatime,nodev,noexec,nosuid,fmask/' /mnt/etc/fstab}}
{{Note|This means that prior to performing any kernel update, the {{mono|/boot}} partition will need to be re-mounted in read-write mode.}}
Again confirming these changes is not a bad idea.


=== Chroot into Install ===
== {{Icon|notebook}} Chroot ==
Change root into the new system.
Change root into the new system.
{{Console|root=true|1=arch-chroot /mnt}}
{{Console|root=true|1=arch-chroot /mnt}}
Begin configuration by setting a root password.
Begin configuration by setting a root password.
{{Console|1=passwd}}
{{Console|1=passwd}}
Modify the {{mono|mkinitcpio.conf}} in order to load the required kernel module for ext4 checksums on boot and then create the initramfs (initial RAM disk filesystem) image.
Modify the {{mono|mkinitcpio.conf}} in order to load the required kernel module for ext4 checksums on boot.
{{Console|1=sed -i 's/^MODULES=""/MODULES="crc32_generic crc32c-intel"/' /etc/mkinitcpio.conf|2=mkinitcpio -p linux}}
{{Console|1=sed -i 's/^MODULES{{=}}()/MODULES{{=}}(crc32_generic crc32c-intel fuse i915 lz4 lz4_compress)/' /etc/mkinitcpio.conf}}
{{Note|1=If installing onto a portable USB drive, move {{mono|block}} before{{mono|autodetect}} in the {{mono|mkinitcpio.conf}}.<br/>{{Console|1=sed -i -r 's/^(HOOKS{{=}}"[a-z ]+)(block )/\1/' /etc/mkinitcpio.conf|2=sed -i -r 's/^(HOOKS{{=}}"[a-z ]+)(autodetect )/\1block \2/' /etc/mkinitcpio.conf}}}}
{| class="mw-collapsible optional mw-collapsed"
!{{Icon|lock-warning-white}} (Optional) LVM on LUKS w/ Encrypted Root Filesystem
|-
|<hr/>
Modify mkinitcpio HOOKS such that it becomes like the following, this will load the required modules for LVM on LUKS (removal of {{mono|base}} cause one can always boot from USB).
{{Console|HOOKS{{=}}(systemd autodetect keyboard sd-vconsole block sd-encrypt sd-lvm2 filesystems fsck)|prompt=false}}
|}
Create the initramfs (initial RAM disk filesystem) image.
{{Console|1=mkinitcpio -p linux}}
Finally add a new user account and give the wheel group {{mono|sudo}} access.
Finally add a new user account and give the wheel group {{mono|sudo}} access.
{{Console|1=useradd -m -g users -g wheel -s /bin/bash kyau|2=passwd kyau|3=sed -i 's/^# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' /etc/sudoers}}
{{Console|1=useradd -m -G wheel,systemd-journal -s /bin/bash kyau|2=passwd kyau}}
{{Note|margin=true|1=Due to the ability to lock yourself out of your own system you should always use {{mono|visudo}} in order to edit {{mono|sudoers}}.<br/>Given the system is not live yet and only in a chroot environment, this one time can be forgiven.}}
{{margin}}
{{console|1=cat > /etc/sudoers.d/kyaulabs << EOF<br/>Defaults editor{{=}}/usr/bin/rvim<br/>Defaults env_keep +{{=}} "SSH_AUTH_SOCK"<br/>%wheel ALL=(ALL) ALL<br/>ALL ALL=(ALL) /usr/sbin/checkupdates<br/>EOF}}


=== Boot Loader ===
== {{Icon|notebook}} Boot Loader ==
Use the {{mono|refind-install}} script that comes pre-packaged with rEFInd to simplify the process of setting up rEFInd. We will be installing rEFInd onto the default/fallback boot path {{mono|/EFI/BOOT/BOOT*.EFI}}. This is extremely useful for certain systems, ones that require {{mono|/EFI/*/*.EFI}} to be signed in BIOS, and/or booting from USB flash drives.
Use the {{mono|refind-install}} script that comes pre-packaged with rEFInd to simplify the process of setting up rEFInd. We will be installing rEFInd onto the default/fallback boot path {{mono|/EFI/BOOT/BOOT*.EFI}}. This is extremely useful for certain systems, ones that require {{mono|/EFI/*/*.EFI}} to be signed in BIOS, and/or booting from USB flash drives.
{{Console|1=refind-install --usedefault /dev/sdX2 --alldrivers}}
{{Console|1=refind-install --usedefault /dev/{{cyanBold|sdX2}} --alldrivers}}
Take the PARTUUID for {{mono|sdX1}} and {{mono|sdX2}} and edit {{mono|refind.conf}} (look for the Arch Linux section) so that {{mono|volume}} contains the PARTUUID for {{mono|sdX2}} and the {{mono|options}} line contains the PARTUUID for {{mono|sdX1}} and Intel's microcode if applicable. Be sure to also update all the paths correctly and remove the {{mono|disabled}} setting.
Take the PARTUUID for {{mono|sdX1}} and {{mono|sdX2}} and edit {{mono|refind.conf}} (look for the Arch Linux section) so that {{mono|volume}} contains the PARTUUID for {{mono|sdX2}} and the {{mono|options}} line contains the PARTUUID for {{mono|sdX1}} and Intel's microcode if applicable. Be sure to also update all the paths correctly and remove the {{mono|disabled}} setting.
{{Console|1=blkid|2=vim /boot/EFI/BOOT/refind.conf}}
{{Console|1=vim /boot/EFI/BOOT/refind.conf}}
Once inside vim you can use the following vim console commands to insert the PARTUUID of each partition into the file.
{{Console|prompt=false|:r !blkid -s PARTUUID -o value /dev/{{cyanBold|sdX1}}|:r !blkid -s PARTUUID -o value /dev/{{cyanBold|sdX2}}}}
In addition uncomment the line for {{mono|scan_driver_dirs}} and point it to the proper directory.<br/>
In addition uncomment the line for {{mono|scan_driver_dirs}} and point it to the proper directory.<br/>
When finished it should look something like this:
When finished it should look something like this:
{{Console|prompt=false|1=scan_driver_dirs EFI/BOOT/drivers|2=menuentry <mark class="magenta2">"Arch Linux"</mark><br/>  icon /EFI/BOOT/icons/os_arch.png<br/>  volume <mark class="magenta2">"71fc0d33-ede7-4453-8d05-a18ea099b7bc"</mark><br/>  loader /vmlinuz-linux<br/>  initrd /initramfs-linux.img<br/>  options <mark class="magenta2">"root{{=}}PARTUUID{{=}}ec71be76-c4a6-467a-aa88-683d58e3a4fd rw add_efi_memmap initrd=\intel-ucode.img"</mark><br/>  submenuentry <mark class="magenta2">"Boot using fallback initramfs"</mark> {<br/>    initrd /initramfs-linux-fallback.img<br/>  }<br/>  submenuentry <mark class="magenta2">"Boot to terminal"</mark><br/>    add_options <mark class="magenta2">"systemd.unit=multi-user.target"</mark><br/>  }<br/>} }}
{{Console|prompt=false|1=scan_driver_dirs EFI/BOOT/drivers|2=menuentry <mark class="magenta2">"Arch Linux"</mark><br/>  icon /EFI/BOOT/icons/os_arch.png<br/>  volume <mark class="magenta2">"XXXXXXXX-sdX2-boot-UEFI-XXXXXXXXXXXX"</mark><br/>  loader /vmlinuz-linux<br/>  initrd /initramfs-linux.img<br/>  options <mark class="magenta2">"root{{=}}PARTUUID{{=}}XXXXXXXX-sdX2-root-ext4-XXXXXXXXXXXX rw add_efi_memmap initrd=\intel-ucode.img"</mark><br/>  submenuentry <mark class="magenta2">"Boot using fallback initramfs"</mark> {<br/>    initrd /initramfs-linux-fallback.img<br/>  }<br/>  submenuentry <mark class="magenta2">"Boot to terminal"</mark><br/>    add_options <mark class="magenta2">"systemd.unit=multi-user.target"</mark><br/>  }<br/>} }}
Save the file and exit.
The first {{mono|PARTUUID}} is {{mono|sdX2}} and the second is {{mono|sdX1}}. Save the file and exit.
{| class="mw-collapsible optional mw-collapsed"
!{{Icon|lock-warning-white}} (Optional) LVM on LUKS w/ Encrypted Root Filesystem
|-
|<hr/>
For LVM on LUKS setting the {{mono|volume}} is the same. Set this to the PARTUUID of the FAT32 boot partition {{mono|sdX2}}. The UUID for the {{mono|rd.luks.uuid}} and {{mono|rd.luks.name}} is the encrypted root partition {{mono|sdX1}}. while using {{mono|sd-encrypt}} instead of {{mono|encrypt}} we can have the swap taken care of here as far as hibernation/resume.
First obtain the UUID for the encrypted partition.
{{Console|prompt=false|1=:r !blkid -s UUID -o value /dev/{{cyanBold|sdX1}}|2=:r !blkid -s PARTUUID -o value /dev/{{cyanBold|sdX2}}}}
{{margin}}
{{Console|title=/boot/EFI/BOOT/refind.conf|1=menuentry <mark class="magenta2">"Arch Linux"</mark> {<br/>  icon /EFI/BOOT/icons/os_arch.png<br/>  volume <mark class="magenta2">"XXXX-PARTUUID-sdX2-boot-UEFI-XXXX"</mark><br/>  loader /vmlinuz-linux<br/>  initrd /initramfs-linux.img<br/>  options  <mark class="magenta2">"rd.luks.name{{=}}XXXX-UUID-sdX1-root-LUKS2-XXXX{{=}}cryptlvm \<br/><nowiki>          </nowiki>rd.luks.options{{=}}discard root{{=}}/dev/x220/root resume{{=}}/dev/x220/swap rw add_efi_memmap \<br/><nowiki>          </nowiki>zswap.enabled=1 zswap.compressor=lz4 zswap.max_pool_percent=20 zswap.zpool=z3fold \<br/><nowiki>          </nowiki>initrc{{=}}\intel-ucode.img"</mark><br/>}|prompt=false}}
|}


=== Networking ===
== {{Icon|notebook}} Networking ==
For networking, using [[archwiki:systemd-networkd|systemd-networkd]] is best practice. Choose one of the following three options to continue.
For networking, using [[archwiki:systemd-networkd|systemd-networkd]] is best practice. Choose one of the following three options to continue.
* '''Wired Network with DHCP:'''
* '''Wired Network with DHCP:'''
<div style="position:relative;left:21px">{{Console|1=echo -e "[Match]\nName{{=}}`ls /sys/class/net {{!}} grep -v 'lo'`\n\n[Network]\nDHCP{{=}}ipv4" > /etc/systemd/network/50-wired.network}}</div>
<div style="position:relative;left:21px;display:inline-block;">{{Console|1=echo -e "[Match]\nName{{=}}eth0\n\n[Network]\nDHCP{{=}}ipv4" > /etc/systemd/network/50-wired.network}}</div>
* '''Wired Network with Static IP:'''
* '''Wired Network with Static IP:'''
<div style="position:relative;left:21px">{{Console|1=echo -e "[Match]\nName{{=}}`ls /sys/class/net {{!}} grep -v 'lo'`\n\n[Network]\nAddress{{=}}192.168.1.10/24\nGateway{{=}}192.168.1.1" > /etc/systemd/network/50-wired.network}}</div>
<div style="position:relative;left:21px;display:inline-block;">{{Console|1=echo -e "[Match]\nName{{=}}eth0\n\n[Network]\nAddress{{=}}192.168.1.10/24\nGateway{{=}}192.168.1.1" > /etc/systemd/network/50-wired.network}}</div>
* '''Wireless:'''<br/>Run one of the commands above (depending on DHCP or Static IP) and then generate a [[archwiki:WPA supplicant|WPA supplicant]] configuration file and enable the service.''
* '''Wireless:'''<br/>Run one of the commands above (depending on DHCP or Static IP, changing {{mono|eth0}} to {{mono|wlan0}}) and then generate a [[archwiki:WPA supplicant|WPA supplicant]] configuration file and enable the service.''
<div style="position:relative;left:21px">{{Console|1=wpa_passphrase MYSSID passphrase > /etc/wpa_supplicant/example.conf|2=eval $(systemctl enable `ls /sys/class/net {{!}} grep -v 'lo'`wpa_supplicant@.service)}}</div>
<div style="position:relative;left:21px;display:inline-block;">{{Console|1=wpa_passphrase MYSSID passphrase > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf|2=systemctl enable wpa_supplicant@wlan0.service}}</div>
Regardless which option was chosen, two services need to be started to enable networking on boot.
Regardless which option was chosen, two services need to be started to enable networking on boot.
{{Console|1=systemctl enable systemd-networkd|2=systemctl enable systemd-resolved}}
{{Console|1=systemctl enable systemd-networkd|2=systemctl enable systemd-resolved}}


=== System Settings ===
== {{Icon|notebook}} System Settings ==
Choose a unique hostname for the system.
Choose a unique hostname for the system.
{{Console|1=echo "arch" > /etc/hostname|2=echo -e "127.0.0.1\tarch.localdomain arch" >> /etc/hosts}}
{{Console|1=echo "arch" > /etc/hostname|2=echo -e "127.0.0.1\tarch.localdomain\tarch" >> /etc/hosts}}
Set the proper timezone. Check the {{mono|/usr/share/zoneinfo}} directory for a list of existing zones.
Set the proper timezone and generate {{mono|/etc/adjtime}}. Check the {{mono|/usr/share/zoneinfo}} directory for a list of existing zones.
{{Console|1=ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime}}
{{Console|1=ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime|2=hwclock --systohc}}
{{Note|margin=true|1=If you are dual-booting with Windows you can set {{mono|timedatectl set-local-rtc true}} to have the clocks sync correctly between OSs.}}
{{Note|1=If dual-booting with Windows, add {{mono|--localtime}} to the {{mono|hwclock}} command to have the clocks sync correctly between OSs.}}
Choose the proper localization and uncomment it from {{mono|/etc/locale.gen}}, the defacto English (US) standard is {{mono|en_US.UTF-8 UTF-8}}, and then generate the needed localization. Also add the localization to {{mono|/etc/locale.conf}}.
Choose the proper localization and uncomment it from {{mono|/etc/locale.gen}}, the defacto English (US) standard is {{mono|en_US.UTF-8 UTF-8}}, and then generate the needed localization.<br/>Also add the localization to {{mono|/etc/locale.conf}}.
{{Console|1=sed -i 's/^#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen|2=locale-gen|3=echo "LANG=en_US.UTF-8" > /etc/locale.conf}}
{{Console|1=sed -i 's/^#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen|2=locale-gen|3=echo "LANG=en_US.UTF-8" > /etc/locale.conf}}
If a keyboard layout was setup at the beginning of installation, make it permanent.
If a keyboard layout was setup at the beginning of installation, make it permanent.
{{Console|1=echo "KEYMAP=de_latin1" > /etc/vconsole.conf}}
{{Console|1=echo "KEYMAP=de_latin1" > /etc/vconsole.conf}}


=== Reboot ===
== {{Icon|notebook}} Swap File ==
{{margin}}
{{Note|If performing an installation of LVM on LUKS only set the {{mono|sysctl}} variable here.}}
Create a swap file on the root partition, set the proper permissions and format it to swap.
{{Console|1=fallocate -l 8G /swap|2=chmod 600 /swap|3=mkswap /swap}}
Create an [[archwiki:fstab|fstab]] entry for the swap file so it is loaded on boot.
{{Console|1=echo -e "/swap\tnone\tswap\tdefaults\t0\t0" >> /etc/fstab}}
Provided the swap file was created on an SSD (which it should have been), adjust [[archwiki:sysctl|sysctl]] accordingly.
{{Console|1=echo "vm.swappiness=1" >> /etc/sysctl.d/99-sysctl.conf}}
 
== {{Icon|notebook}} Reboot ==
Exit out of the chroot environment.
Exit out of the chroot environment.
{{Console|1=exit}}
{{Console|1=exit}}
Line 182: Line 244:
{{Console|root=true|1=umount -R /mnt && reboot}}
{{Console|root=true|1=umount -R /mnt && reboot}}


= Configuration =
= {{Icon24|sitemap}} Post-Installation =
Upon first boot, login with the user account created previously.
Upon first boot, login with the user account created previously.
=== DNS Resolution ===
== {{Icon|notebook}} DNS Resolution ==
Create a symbolic link from the systemd-resolved {{mono|resolv.conf}} to the system version.
Create a symbolic link from the systemd-resolved {{mono|resolv.conf}} to the system version.
{{Console|1=sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf}}
{{Console|1=sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf}}
=== Packages ===
== {{Icon|notebook}} Network Time Protocol ==
As it is always a good idea to keep the systems date/time in sync, for this use [[archwiki:systemd-timesyncd|systemd-timesyncd]].
{{Console|1=sudo timedatectl set-ntp true}}
== {{Icon|notebook}} Packages ==
To find the fastest recently updated mirrors for pacman, install the [[archwiki:Reflector|reflector]] package.
{{Console|1=sudo pacman -S reflector}}
Reflector will search through the last 100 updated mirrors that use HTTPS and sort them by download speed and then output the list to {{mono|/etc/pacman.d/mirrorlist}} overwriting the current list. This command might take a few minutes depending on internet connection speed and latency.
{{Console|1=sudo reflector --latest 100 --protocol https --sort rate --save /etc/pacman.d/mirrorlist}}
Enable colored output in [[archwiki:pacman|pacman]].
Enable colored output in [[archwiki:pacman|pacman]].
{{Console|1=sudo sed -i 's/#Color/Color/' /etc/pacman.conf}}
{{Console|1=sudo sed -i 's/#Color/Color/' /etc/pacman.conf}}
Install [https://archlinux.fr/yaourt-en yaourt] for AUR management.
Install [[aur:pikaur]].
{{Console|1=git clone <nowiki>https://aur.archlinux.org/package-query.git</nowiki>|2=cd package-query && makepkg -si && cd .. && rm -rf package-query|3=git clone <nowiki>https://aur.archlinux.org/yaourt.git</nowiki>|4=cd yaourt && makepkg -si && cd .. && rm -rf yaourt}}
{{Console|1=git clone <nowiki>https://aur.archlinux.org/pikaur.git</nowiki>|2=cd pikaur && makepkg -si && cd .. && rm -rf pikaur}}
{{Note|This will require the {{mono|pyalpm}} package, which should have been installed with {{mono|pacstrap}} previously.}}
Perform a full system update.
Perform a full system update.
{{Console|1=yaourt -Syu --devel --aur}}
{{Console|1=pikaur -Syu}}<br/>
{{SeeAlso|ArchLinux:Packages|Managing Packages}}
 
= {{Icon24|sitemap}} Xorg =
Install the base Xorg packages needed to run, [//www.archlinux.org/packages/extra/x86_64/xorg-server/ xorg-server] and the [//www.archlinux.org/groups/x86_64/xorg-apps/ xorg-apps] group.
{{Console|1=pacaur -S xorg-server xorg-xinit xorg-apps}}
Then choose a video driver to install depending on the video card in your machine.
== {{Icon|notebook}} AMD ==
For AMD cards there are three options [//www.archlinux.org/packages/?name=xf86-video-amdgpu xf86-video-amdgpu] and [//www.archlinux.org/packages/?name=xf86-video-ati xf86-video-ati] which are open source and also require the [//www.archlinux.org/packages/?name=mesa mesa] package for OpenGL. Or the [//aur.archlinux.org/packages/catalyst/ catalyst] proprietary driver can be used along with its OpenGL counterpart [//aur.archlinux.org/packages/catalyst-libgl/ catalyst-libgl].
{{Note|1=As I have never personally owned an AMD video card I cannot personally give any advice or feedback in this area past basic installation.}}
== {{Icon|notebook}} Intel ==
For Intel cards simply install the open source driver and the mesa OpenGL package.
{{Console|1=pacaur -S xf86-video-intel mesa}}
== {{Icon|notebook}} NVIDIA ==
For NVIDIA cards sadly the proprietary drivers are really the only option.
{{Console|1=pacaur -S linux-headers nvidia nvidia-settings mesa vdpauinfo}}
 
= {{Icon24|sitemap}} User Configuration =
This is also a good time to stop and configure everything that is machine-specific, this includes hardware and terminal customization flair.
{{GitHub|My [//github.com/kyau/dotfiles dotfiles]}}
{{SeeAlso|ThinkPad:ArchLinux|ThinkPad X220: Arch Linux Notes}}


= References =
= {{Icon24|sitemap}} Welcome to Arch Linux =
From here install the Desktop Environment or Window Manager of choice before finally launching Xorg.
{{Console|1=startx}}
 
= {{Icon24|book-brown}} References =
<references/>
<references/>
<br>
 
[[Category:Arch Linux]]
[[Category:Arch Linux]]

Latest revision as of 00:57, 10 May 2021

IconGitLab: kyaulabs/aarch: Automated Arch Linux installer.
IconWARNING: This page has not been updated since the creation of AArch and its included packages. Therefore it is possible that some or all of the following information is out of date.

Originally a collection of notes geared towards installing Arch Linux on dedicated servers and embedded machines to ease the transition from BSD back to Linux, this tutorial has evolved in ways I could have never imagined.

In 2012 it was transformed into a YouTube video called How to Install Arch Linux. This video was then remade in late 2012, due to major changes in the installation process, renamed as Arch Linux: System Installation.

Testing was done on my Lenovo ThinkPad X220, the following arch-iso was used:

Icon archlinux-2019.02.01-x86_64.iso

Icon Booting the Installation Media

Place the copy of the Arch Linux installation media in your machine (CD/DVD or USB) and reboot. Enter BIOS if necessary to modify the boot device order in order to boot from the media.

The system will start at an EFI boot menu, which should auto boot the Arch Linux ISO in a few seconds (provided the keyboard is not touched).

When the system has finished the boot up process, it should automatically login to the terminal with the root account.

Icon Pre-Installation

If using a non-US keymap, specify which keymap to load.

root ~ # ls /usr/share/kbd/keymaps/

Organization is laid out in directories as Machine Type / Keyboard Type, take the filename without the extension and plug it into the command loadkeys.

root ~ # loadkeys de-latin1

Icon Networking

Make sure the network is connected and internet access is working (for wired network connections, dhcp was already loaded on boot).

root ~ # ping archlinux.org

Connection to a wireless network requires user interaction and clearly has no idea what to connect to at boot. To connect to a wireless network use wifi-menu.

root ~ # wifi-menu

Also run dhcpcd if you did not obtain an ip address automatically.

root ~ # dhcpcd wlp3s0
IconThe name of your wireless interface may be different, consult ip addr.

Icon Installation via SSH

Installing remotely from another computer using SSH can be a lot faster, but requires the use of another machine. Remember, copy and paste work over SSH.

To start ssh in the installation environment, start the openssh service with systemd and then set the root password.

root ~ # systemctl start sshd
root ~ # passwd

Use the ip addr command to find the IP address assigned to the machine. Logging in remotely as the root account with the password setup previously should now be possible.

Icon Partitioning

Filesystem Mountpoint Size Description
Linux / * root partition
EFI System /boot 512M boot partition

Before installation the system disk must be partitioned and formatted. For this the GPT partition scheme is used. GPT (or GUID Partition Table) came about due to the inherit 32-bit limitation in MBR limiting the maximum addressable storage space to 2TB. The operating systems (OS) that cannot boot from GPT are most notably Windows XP and all prior versions. Given that GPT forms part of the UEFI standard it will be the defacto choice if UEFI is enabled.[1]

IconIf you are installing Arch in conjunction with Mac OS X and/or Windows, partitions will be Apple Core storage and/or HPFS/NTFS/exFAT respectively.
When dual booting with Windows, only the Arch Linux partition needs to be partitioned/formatted as the current Windows EFI System partition will be used as is mounted to /boot.

Pull up a list of all of the disks in the system.

root ~ # lsblk

The ones mounted from /run/archiso can safely be ignored as these are from the live disc image.

Having located the disk that is going to be used for the Arch system disk, make note of the device node the disk uses.

Before partitioning it is always good practice to zero the disk out.

root ~ # dd if=/dev/zero of=/dev/sdX bs=1k count=2048
IconWARNING: This will wipe the entire disk!
Skip this step if the disk is not being exclusively used for Arch Linux.

With that taken care of, write a new GPT partition table with protected MBR.

root ~ # sgdisk -Z -o /dev/sdX

Make sure all old filesystem signatures are erased.

root ~ # wipefs -af /dev/sdX

Create the Arch Linux partition (use everything but the last 64MB) and then the EFI System partition with the final 64MB; might as well setup the partition types in the same command.

root ~ # sgdisk -n 1:0:-256M -n 2:-256M:-0 -t 1:8E00 -t 2:ef00 /dev/sdX
IconOne might notice that there is no swap partition. This will be covered in a later section.

For ease-of-use set some names to help identify the partitions.

root ~ # sgdisk -c 1:"host" -c 2:"uefi" /dev/sdX
IconWhen installing w/ LUKS and an encrypted root it might be a good idea to name partition one something else.
Icon (Optional) LVM on LUKS w/ Encrypted Root Filesystem

First clear the LVM and crypt metadata.

root ~ # dmsetup remove_all
 
root ~ # pvremove -y -ff /dev/sdX

Setup the encryption of the system partition with 512-bit effective size.

root ~ # cryptsetup --type luks2 -q -c aes-xts-plain64 -l 512 -h sha512 --pbkdf argon2i --pbkdf-force-iterations 4 --pbkdf-memory 1048576 --pbkdf-parallel 1 --label archlinux --subsystem "" --use-random luksFormat /dev/sdX

Open the newly created LUKS partition.

root ~ # cryptsetup open --type luks2 /dev/sdX1 cryptlvm

Create a physical volume on top of the opened LUKS container.

root ~ # pvcreate --yes /dev/mapper/cryptlvm

Create a volume group and add the physical volume to it.

root ~ # vgcreate --yes host /dev/mapper/cryptlvm

Create a swap and root logical volume. Then use lvs to make sure they were created correctly.

root ~ # lvcreate -L 8G host --name swap
 
root ~ # lvcreate -l +100%FREE host --name root
 
root ~ # lvs

Icon Formatting

IconIf you are dual-booting, install Windows first, then DO NOT format the EFI partition, instead mount the one Windows created.

With the partitions setup, they now need to be formatted.

IconWARNING: If using LVM on LUKS only format the EFI System partition, proceed to the optional portion.

Format the EFI System partition with FAT32.

root ~ # mkfs.fat -F32 /dev/sdX2

For the root filesystem, using metadata_csum will enable metadata checksums for added protection against disk corruption.

root ~ # mkfs.ext4 -O metadata_csum /dev/sdX1
IconIf this is being installed onto a portable USB, add -O "^has_journal" to the mkfs.ext4 command.
Icon (Optional) LVM on LUKS w/ Encrypted Root Filesystem

Format the EFI system partition with EXT4.

root ~ # mkfs.ext4 /dev/sdX2

Format the root filesystem with ext4 using metadata_csum to enable metadata checksums, then setup the swap area.

root ~ # mkfs.ext4 -O metadata_csum /dev/mapper/host-root
 
root ~ # mkswap /dev/mapper/host-swap

Enable the swap LVM.

root ~ # mkswap /dev/mapper/host-swap

Mount the root filesystem, create a directory for the EFI System partition and then mount it as well.

root ~ # mount /dev/mapper/host-root /mnt
 
root ~ # mkdir /mnt/boot
 
root ~ # mount /dev/sdX2 /mnt/boot

Now skip down to the Base Packages sub-section.

Icon Installation

Now that the disk(s) are setup, mount the partitions and begin the Arch Linux bootstrap process.

root ~ # mount /dev/sdX1 /mnt
 
root ~ # mkdir /mnt/boot
 
root ~ # mount /dev/sdX2 /mnt/boot
IconIf the system is dual booting with Windows, mount the current EFI System Partition as /mnt/boot and the one dedicated to Arch Linux as /.

Icon Base Packages

Install the base and base-devel package groups, the rEFInd Boot Manager and a few other packages. When not using WiFi, the wpa_supplicant package can safely be removed from the list.
If the system has an Intel-based CPU the intel-ucode package is required.
If the system has an AMD-based CPU the amd-ucode package is required.

root ~ # pacstrap /mnt base base-devel efibootmgr gdisk git intel-ucode lvm2 \
nftables openssh pacman-contrib pyalpm refind-efi \
reflector sudo vim wpa_supplicant

Icon Fstab

Generate an fstab file so that Arch knows what to mount on boot. Using the -U option will use UUIDs for the source partitions, this has the advantage of not changing if the disk is plugged into another computer.

root ~ # genfstab -pU /mnt >> /mnt/etc/fstab

Be sure to confirm it was generated correctly (UUIDs line up).

root ~ # blkid /dev/sdX1 && blkid /dev/sdX2 && cat /mnt/etc/fstab

In order for ext4 journal data structures to also gain checksums add ,journal_checksum to the mounting options on boot.
Skip this step if installing onto a portable USB drive.

root ~ # sed -i 's/rw,relatime\t/rw,relatime,journal_checksum\t/' /mnt/etc/fstab

Also set /boot to read-only.

root ~ # sed -i 's/rw,relatime,fmask/ro,noatime,nodev,noexec,nosuid,fmask/' /mnt/etc/fstab
IconThis means that prior to performing any kernel update, the /boot partition will need to be re-mounted in read-write mode.

Again confirming these changes is not a bad idea.

Icon Chroot

Change root into the new system.

root ~ # arch-chroot /mnt

Begin configuration by setting a root password.

# passwd

Modify the mkinitcpio.conf in order to load the required kernel module for ext4 checksums on boot.

# sed -i 's/^MODULES=()/MODULES=(crc32_generic crc32c-intel fuse i915 lz4 lz4_compress)/' /etc/mkinitcpio.conf
IconIf installing onto a portable USB drive, move block beforeautodetect in the mkinitcpio.conf.
# sed -i -r 's/^(HOOKS="[a-z ]+)(block )/\1/' /etc/mkinitcpio.conf
# sed -i -r 's/^(HOOKS="[a-z ]+)(autodetect )/\1block \2/' /etc/mkinitcpio.conf
Icon (Optional) LVM on LUKS w/ Encrypted Root Filesystem

Modify mkinitcpio HOOKS such that it becomes like the following, this will load the required modules for LVM on LUKS (removal of base cause one can always boot from USB).

HOOKS=(systemd autodetect keyboard sd-vconsole block sd-encrypt sd-lvm2 filesystems fsck)

Create the initramfs (initial RAM disk filesystem) image.

# mkinitcpio -p linux

Finally add a new user account and give the wheel group sudo access.

# useradd -m -G wheel,systemd-journal -s /bin/bash kyau
# passwd kyau
 
# cat > /etc/sudoers.d/kyaulabs << EOF
Defaults editor=/usr/bin/rvim
Defaults env_keep += "SSH_AUTH_SOCK"
%wheel ALL=(ALL) ALL
ALL ALL=(ALL) /usr/sbin/checkupdates
EOF

Icon Boot Loader

Use the refind-install script that comes pre-packaged with rEFInd to simplify the process of setting up rEFInd. We will be installing rEFInd onto the default/fallback boot path /EFI/BOOT/BOOT*.EFI. This is extremely useful for certain systems, ones that require /EFI/*/*.EFI to be signed in BIOS, and/or booting from USB flash drives.

# refind-install --usedefault /dev/sdX2 --alldrivers

Take the PARTUUID for sdX1 and sdX2 and edit refind.conf (look for the Arch Linux section) so that volume contains the PARTUUID for sdX2 and the options line contains the PARTUUID for sdX1 and Intel's microcode if applicable. Be sure to also update all the paths correctly and remove the disabled setting.

# vim /boot/EFI/BOOT/refind.conf

Once inside vim you can use the following vim console commands to insert the PARTUUID of each partition into the file.

:r !blkid -s PARTUUID -o value /dev/sdX1
:r !blkid -s PARTUUID -o value /dev/sdX2

In addition uncomment the line for scan_driver_dirs and point it to the proper directory.
When finished it should look something like this:

scan_driver_dirs EFI/BOOT/drivers
menuentry "Arch Linux"
icon /EFI/BOOT/icons/os_arch.png
volume "XXXXXXXX-sdX2-boot-UEFI-XXXXXXXXXXXX"
loader /vmlinuz-linux
initrd /initramfs-linux.img
options "root=PARTUUID=XXXXXXXX-sdX2-root-ext4-XXXXXXXXXXXX rw add_efi_memmap initrd=\intel-ucode.img"
submenuentry "Boot using fallback initramfs" {
initrd /initramfs-linux-fallback.img
}
submenuentry "Boot to terminal"
add_options "systemd.unit=multi-user.target"
}
}

The first PARTUUID is sdX2 and the second is sdX1. Save the file and exit.

Icon (Optional) LVM on LUKS w/ Encrypted Root Filesystem

For LVM on LUKS setting the volume is the same. Set this to the PARTUUID of the FAT32 boot partition sdX2. The UUID for the rd.luks.uuid and rd.luks.name is the encrypted root partition sdX1. while using sd-encrypt instead of encrypt we can have the swap taken care of here as far as hibernation/resume. First obtain the UUID for the encrypted partition.

:r !blkid -s UUID -o value /dev/sdX1
:r !blkid -s PARTUUID -o value /dev/sdX2
 
filename: /boot/EFI/BOOT/refind.conf
menuentry "Arch Linux" {
icon /EFI/BOOT/icons/os_arch.png
volume "XXXX-PARTUUID-sdX2-boot-UEFI-XXXX"
loader /vmlinuz-linux
initrd /initramfs-linux.img
options "rd.luks.name=XXXX-UUID-sdX1-root-LUKS2-XXXX=cryptlvm \
rd.luks.options=discard root=/dev/x220/root resume=/dev/x220/swap rw add_efi_memmap \
zswap.enabled=1 zswap.compressor=lz4 zswap.max_pool_percent=20 zswap.zpool=z3fold \
initrc=\intel-ucode.img"

}

Icon Networking

For networking, using systemd-networkd is best practice. Choose one of the following three options to continue.

  • Wired Network with DHCP:
# echo -e "[Match]\nName=eth0\n\n[Network]\nDHCP=ipv4" > /etc/systemd/network/50-wired.network
  • Wired Network with Static IP:
# echo -e "[Match]\nName=eth0\n\n[Network]\nAddress=192.168.1.10/24\nGateway=192.168.1.1" > /etc/systemd/network/50-wired.network
  • Wireless:
    Run one of the commands above (depending on DHCP or Static IP, changing eth0 to wlan0) and then generate a WPA supplicant configuration file and enable the service.
# wpa_passphrase MYSSID passphrase > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
# systemctl enable wpa_supplicant@wlan0.service

Regardless which option was chosen, two services need to be started to enable networking on boot.

# systemctl enable systemd-networkd
# systemctl enable systemd-resolved

Icon System Settings

Choose a unique hostname for the system.

# echo "arch" > /etc/hostname
# echo -e "127.0.0.1\tarch.localdomain\tarch" >> /etc/hosts

Set the proper timezone and generate /etc/adjtime. Check the /usr/share/zoneinfo directory for a list of existing zones.

# ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
# hwclock --systohc
IconIf dual-booting with Windows, add --localtime to the hwclock command to have the clocks sync correctly between OSs.

Choose the proper localization and uncomment it from /etc/locale.gen, the defacto English (US) standard is en_US.UTF-8 UTF-8, and then generate the needed localization.
Also add the localization to /etc/locale.conf.

# sed -i 's/^#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen
# locale-gen
# echo "LANG=en_US.UTF-8" > /etc/locale.conf

If a keyboard layout was setup at the beginning of installation, make it permanent.

# echo "KEYMAP=de_latin1" > /etc/vconsole.conf

Icon Swap File

 
IconIf performing an installation of LVM on LUKS only set the sysctl variable here.

Create a swap file on the root partition, set the proper permissions and format it to swap.

# fallocate -l 8G /swap
# chmod 600 /swap
# mkswap /swap

Create an fstab entry for the swap file so it is loaded on boot.

# echo -e "/swap\tnone\tswap\tdefaults\t0\t0" >> /etc/fstab

Provided the swap file was created on an SSD (which it should have been), adjust sysctl accordingly.

# echo "vm.swappiness=1" >> /etc/sysctl.d/99-sysctl.conf

Icon Reboot

Exit out of the chroot environment.

# exit

Unmount all partitions and reboot the system.

root ~ # umount -R /mnt && reboot

Icon Post-Installation

Upon first boot, login with the user account created previously.

Icon DNS Resolution

Create a symbolic link from the systemd-resolved resolv.conf to the system version.

# sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

Icon Network Time Protocol

As it is always a good idea to keep the systems date/time in sync, for this use systemd-timesyncd.

# sudo timedatectl set-ntp true

Icon Packages

To find the fastest recently updated mirrors for pacman, install the reflector package.

# sudo pacman -S reflector

Reflector will search through the last 100 updated mirrors that use HTTPS and sort them by download speed and then output the list to /etc/pacman.d/mirrorlist overwriting the current list. This command might take a few minutes depending on internet connection speed and latency.

# sudo reflector --latest 100 --protocol https --sort rate --save /etc/pacman.d/mirrorlist

Enable colored output in pacman.

# sudo sed -i 's/#Color/Color/' /etc/pacman.conf

Install aur:pikaur.

# git clone https://aur.archlinux.org/pikaur.git
# cd pikaur && makepkg -si && cd .. && rm -rf pikaur
IconThis will require the pyalpm package, which should have been installed with pacstrap previously.

Perform a full system update.

# pikaur -Syu


Icon See also: Managing Packages 

Icon Xorg

Install the base Xorg packages needed to run, xorg-server and the xorg-apps group.

# pacaur -S xorg-server xorg-xinit xorg-apps

Then choose a video driver to install depending on the video card in your machine.

Icon AMD

For AMD cards there are three options xf86-video-amdgpu and xf86-video-ati which are open source and also require the mesa package for OpenGL. Or the catalyst proprietary driver can be used along with its OpenGL counterpart catalyst-libgl.

IconAs I have never personally owned an AMD video card I cannot personally give any advice or feedback in this area past basic installation.

Icon Intel

For Intel cards simply install the open source driver and the mesa OpenGL package.

# pacaur -S xf86-video-intel mesa

Icon NVIDIA

For NVIDIA cards sadly the proprietary drivers are really the only option.

# pacaur -S linux-headers nvidia nvidia-settings mesa vdpauinfo

Icon User Configuration

This is also a good time to stop and configure everything that is machine-specific, this includes hardware and terminal customization flair.

IconGitHub: My dotfiles

Icon Welcome to Arch Linux

From here install the Desktop Environment or Window Manager of choice before finally launching Xorg.

# startx

Icon References