Arch Linux Installation

From Wiki³
Revision as of 01:19, 24 February 2019 by Kyau (talk | contribs) (→‎Chroot)
Icon  Back to Category:Arch Linux

Originally a collection of notes geared towards installing Arch Linux on dedicated servers and embedded machines to ease the transition from BSD back to Linux, this tutorial has evolved in ways I could have never imagined.

In 2012 it was transformed into a YouTube video called How to Install Arch Linux. This video was then remade in late 2012, due to major changes in the installation process, renamed as Arch Linux: System Installation.

Testing was done on my Lenovo ThinkPad X220, the following arch-iso was used:

Icon archlinux-2019.02.01-x86_64.iso

Icon Booting the Installation Media

Place the copy of the Arch Linux installation media in your machine (CD/DVD or USB) and reboot. Enter BIOS if necessary to modify the boot device order in order to boot from the media.

The system will start at an EFI boot menu, which should auto boot the Arch Linux ISO in a few seconds (provided the keyboard is not touched).

When the system has finished the boot up process, it should automatically login to the terminal with the root account.

Icon Pre-Installation

If using a non-US keymap, specify which keymap to load.

root ~ # ls /usr/share/kbd/keymaps/

Organization is laid out in directories as Machine Type / Keyboard Type, take the filename without the extension and plug it into the command loadkeys.

root ~ # loadkeys de-latin1

Icon Networking

Make sure the network is connected and internet access is working (for wired network connections, dhcp was already loaded on boot).

root ~ # ping archlinux.org

Connection to a wireless network requires user interaction and clearly has no idea what to connect to at boot. To connect to a wireless network use wifi-menu.

root ~ # wifi-menu

Also run dhcpcd if you did not obtain an ip address automatically.

root ~ # dhcpcd wlp3s0
IconThe name of your wireless interface may be different, consult ip addr.

Icon Installation via SSH

Installing remotely from another computer using SSH can be a lot faster, but requires the use of another machine. Remember, copy and paste work over SSH.

To start ssh in the installation environment, start the openssh service with systemd and then set the root password.

root ~ # systemctl start sshd
root ~ # passwd

Use the ip addr command to find the IP address assigned to the machine. Logging in remotely as the root account with the password setup previously should now be possible.

Icon Partitioning

Filesystem Mountpoint Size Description
Linux / * root partition
EFI System /boot 512M boot partition

Before installation the system disk must be partitioned and formatted. For this the GPT partition scheme is used. GPT (or GUID Partition Table) came about due to the inherit 32-bit limitation in MBR limiting the maximum addressable storage space to 2TB. The operating systems (OS) that cannot boot from GPT are most notably Windows XP and all prior versions. Given that GPT forms part of the UEFI standard it will be the defacto choice if UEFI is enabled.[1]

IconIf you are installing Arch in conjunction with Mac OS X and/or Windows, partitions will be Apple Core storage and/or HPFS/NTFS/exFAT respectively.
When dual booting with Windows, only the Arch Linux partition needs to be partitioned/formatted as the current Windows EFI System partition will be used as is mounted to /boot.

Pull up a list of all of the disks in the system.

root ~ # lsblk

The ones mounted from /run/archiso can safely be ignored as these are from the live disc image.

Having located the disk that is going to be used for the Arch system disk, make note of the device node the disk uses.

Before partitioning it is always good practice to zero the disk out.

root ~ # dd if=/dev/zero of=/dev/sdX bs=1k count=2048
IconWARNING: This will wipe the entire disk!
Skip this step if the disk is not being exclusively used for Arch Linux.

With that taken care of, write a new GPT partition table with protected MBR.

root ~ # sgdisk -Z -o /dev/sdX

Make sure all old filesystem signatures are erased.

root ~ # wipefs -af /dev/sdX

Create the Arch Linux partition (use everything but the last 64MB) and then the EFI System partition with the final 64MB; might as well setup the partition types in the same command.

root ~ # sgdisk -n 1:0:-256M -n 2:-256M:-0 -t 1:8E00 -t 2:ef00 /dev/sdX
IconOne might notice that there is no swap partition. This will be covered in a later section.

For ease-of-use set some names to help identify the partitions.

root ~ # sgdisk -c 1:"host" -c 2:"uefi" /dev/sdX
IconWhen installing w/ LUKS and an encrypted root it might be a good idea to name partition one something else.
Icon (Optional) LVM on LUKS w/ Encrypted Root Filesystem

First clear the LVM and crypt metadata.

root ~ # dmsetup remove_all
 
root ~ # pvremove -y -ff /dev/sdX

Setup the encryption of the system partition with 512-bit effective size.

root ~ # cryptsetup --type luks2 -q -c aes-xts-plain64 -l 512 -h sha512 --pbkdf argon2i --pbkdf-force-iterations 4 --pbkdf-memory 1048576 --pbkdf-parallel 1 --label archlinux --subsystem "" --use-random luksFormat /dev/sdX

Open the newly created LUKS partition.

root ~ # cryptsetup open --type luks2 /dev/sdX1 cryptlvm

Create a physical volume on top of the opened LUKS container.

root ~ # pvcreate --yes /dev/mapper/cryptlvm

Create a volume group and add the physical volume to it.

root ~ # vgcreate --yes host /dev/mapper/cryptlvm

Create a swap and root logical volume. Then use lvs to make sure they were created correctly.

root ~ # lvcreate -L 8G host --name swap
 
root ~ # lvcreate -l +100%FREE host --name root
 
root ~ # lvs

Icon Formatting

IconIf you are dual-booting, install Windows first, then DO NOT format the EFI partition, instead mount the one Windows created.

With the partitions setup, they now need to be formatted.

IconWARNING: If using LVM on LUKS only format the EFI System partition, proceed to the optional portion.

Format the EFI System partition with FAT32.

root ~ # mkfs.fat -F32 /dev/sdX2

For the root filesystem, using metadata_csum will enable metadata checksums for added protection against disk corruption.

root ~ # mkfs.ext4 -O metadata_csum /dev/sdX1
IconIf this is being installed onto a portable USB, add -O "^has_journal" to the mkfs.ext4 command.
Icon (Optional) LVM on LUKS w/ Encrypted Root Filesystem

Format the EFI system partition with EXT4.

root ~ # mkfs.ext4 /dev/sdX2

Format the root filesystem with ext4 using metadata_csum to enable metadata checksums, then setup the swap area.

root ~ # mkfs.ext4 -O metadata_csum /dev/mapper/host-root
 
root ~ # mkswap /dev/mapper/host-swap

Enable the swap LVM.

root ~ # mkswap /dev/mapper/host-swap

Mount the root filesystem, create a directory for the EFI System partition and then mount it as well.

root ~ # mount /dev/mapper/host-root /mnt
 
root ~ # mkdir /mnt/boot
 
root ~ # mount /dev/sdX2 /mnt/boot

Now skip down to the Base Packages sub-section.

Icon Installation

Now that the disk(s) are setup, mount the partitions and begin the Arch Linux bootstrap process.

root ~ # mount /dev/sdX1 /mnt
root ~ # mkdir /mnt/boot
root ~ # mount /dev/sdX2 /mnt/boot
IconIf the system is dual booting with Windows, mount the current EFI System Partition as /mnt/boot and the one dedicated to Arch Linux as /.

Icon Base Packages

Install the base and base-devel package groups, the rEFInd Boot Manager and a few other packages. When not using WiFi, the wpa_supplicant package can safely be removed from the list.
If the system has an Intel-based CPU the intel-ucode package is required.
If the system has an AMD-based CPU the amd-ucode package is required.

root ~ # pacstrap /mnt base base-devel efibootmgr gdisk git intel-ucode lvm2 nftables openssh pacman-contrib pyalpm refind-efi reflector sudo vim wpa_supplicant

Icon Fstab

Generate an fstab file so that Arch knows what to mount on boot. Using the -U option will use UUIDs for the source partitions, this has the advantage of not changing if the disk is plugged into another computer.

root ~ # genfstab -pU /mnt >> /mnt/etc/fstab

Be sure to confirm it was generated correctly (UUIDs line up).

root ~ # blkid /dev/sdX1 && blkid /dev/sdX2 && cat /mnt/etc/fstab

In order for ext4 journal data structures to also gain checksums add ,journal_checksum to the mounting options on boot.
Skip this step if installing onto a portable USB drive.

root ~ # sed -i 's/rw,relatime\t/rw,relatime,journal_checksum\t/' /mnt/etc/fstab

Also set /boot to read-only.

root ~ # sed -i 's/rw,relatime,fmask/ro,noatime,nodev,noexec,nosuid,fmask/' /mnt/etc/fstab
IconThis means that prior to performing any kernel update, the /boot partition will need to be re-mounted in read-write mode.

Again confirming these changes is not a bad idea.

Icon Chroot

Change root into the new system.

root ~ # arch-chroot /mnt

Begin configuration by setting a root password.

# passwd

Modify the mkinitcpio.conf in order to load the required kernel module for ext4 checksums on boot.

# sed -i 's/^MODULES=()/MODULES=(crc32_generic crc32c-intel fuse i915 lz4 lz4_compress)/' /etc/mkinitcpio.conf
IconIf installing onto a portable USB drive, move block beforeautodetect in the mkinitcpio.conf.
# sed -i -r 's/^(HOOKS="[a-z ]+)(block )/\1/' /etc/mkinitcpio.conf
# sed -i -r 's/^(HOOKS="[a-z ]+)(autodetect )/\1block \2/' /etc/mkinitcpio.conf
Icon (Optional) LVM on LUKS w/ Encrypted Root Filesystem

Modify mkinitcpio HOOKS such that it becomes like the following, this will load the required modules for LVM on LUKS (removal of base cause one can always boot from USB).

HOOKS=(systemd autodetect keyboard sd-vconsole block sd-encrypt sd-lvm2 filesystems fsck)

Create the initramfs (initial RAM disk filesystem) image.

# mkinitcpio -p linux

Finally add a new user account and give the wheel group sudo access.

# useradd -m -G wheel,systemd-journal -s /bin/bash kyau
# passwd kyau
 
# cat > /etc/sudoers.d/kyaulabs << EOF
Defaults editor=/usr/bin/rvim
Defaults env_keep += "SSH_AUTH_SOCK"
%wheel ALL=(ALL) ALL
ALL ALL=(ALL) /usr/sbin/checkupdates
EOF

Icon Boot Loader

Use the refind-install script that comes pre-packaged with rEFInd to simplify the process of setting up rEFInd. We will be installing rEFInd onto the default/fallback boot path /EFI/BOOT/BOOT*.EFI. This is extremely useful for certain systems, ones that require /EFI/*/*.EFI to be signed in BIOS, and/or booting from USB flash drives.

# refind-install --usedefault /dev/sdX2 --alldrivers

Take the PARTUUID for sdX1 and sdX2 and edit refind.conf (look for the Arch Linux section) so that volume contains the PARTUUID for sdX2 and the options line contains the PARTUUID for sdX1 and Intel's microcode if applicable. Be sure to also update all the paths correctly and remove the disabled setting.

# vim /boot/EFI/BOOT/refind.conf

Once inside vim you can use the following vim console commands to insert the PARTUUID of each partition into the file.

:r !blkid -s PARTUUID -o value /dev/sdX1
:r !blkid -s PARTUUID -o value /dev/sdX2

In addition uncomment the line for scan_driver_dirs and point it to the proper directory.
When finished it should look something like this:

scan_driver_dirs EFI/BOOT/drivers
menuentry "Arch Linux"
icon /EFI/BOOT/icons/os_arch.png
volume "XXXXXXXX-sdX2-boot-UEFI-XXXXXXXXXXXX"
loader /vmlinuz-linux
initrd /initramfs-linux.img
options "root=PARTUUID=XXXXXXXX-sdX2-root-ext4-XXXXXXXXXXXX rw add_efi_memmap initrd=\intel-ucode.img"
submenuentry "Boot using fallback initramfs" {
initrd /initramfs-linux-fallback.img
}
submenuentry "Boot to terminal"
add_options "systemd.unit=multi-user.target"
}
}

The first PARTUUID is sdX2 and the second is sdX1. Save the file and exit.

Icon (Optional) LVM on LUKS w/ Encrypted Root Filesystem

For LVM on LUKS setting the volume is the same. Set this to the PARTUUID of the FAT32 boot partition sdX2. The UUID for the rd.luks.uuid and rd.luks.name is the encrypted root partition sdX1. while using sd-encrypt instead of encrypt we can have the swap taken care of here as far as hibernation/resume. First obtain the UUID for the encrypted partition.

:r !blkid -s UUID -o value /dev/sdX1
:r !blkid -s PARTUUID -o value /dev/sdX2
 
filename: /boot/EFI/BOOT/refind.conf
menuentry "Arch Linux" {
icon /EFI/BOOT/icons/os_arch.png
volume "XXXX-PARTUUID-sdX2-boot-UEFI-XXXX"
loader /vmlinuz-linux
initrd /initramfs-linux.img
options "rd.luks.name=XXXX-UUID-sdX1-root-LUKS2-XXXX=cryptlvm \
rd.luks.options=discard root=/dev/x220/root resume=/dev/x220/swap rw add_efi_memmap \
initrc=\intel-ucode.img"
}

Icon Networking

For networking, using systemd-networkd is best practice. Choose one of the following three options to continue.

  • Wired Network with DHCP:
# echo -e "[Match]\nName=eth0\n\n[Network]\nDHCP=ipv4" > /etc/systemd/network/50-wired.network
  • Wired Network with Static IP:
# echo -e "[Match]\nName=eth0\n\n[Network]\nAddress=192.168.1.10/24\nGateway=192.168.1.1" > /etc/systemd/network/50-wired.network
  • Wireless:
    Run one of the commands above (depending on DHCP or Static IP, changing eth0 to wlan0) and then generate a WPA supplicant configuration file and enable the service.
# wpa_passphrase MYSSID passphrase > /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
# systemctl enable wpa_supplicant@wlan0.service

Regardless which option was chosen, two services need to be started to enable networking on boot.

# systemctl enable systemd-networkd
# systemctl enable systemd-resolved

Icon System Settings

Choose a unique hostname for the system.

# echo "arch" > /etc/hostname
# echo -e "127.0.0.1\tarch.localdomain\tarch" >> /etc/hosts

Set the proper timezone and generate /etc/adjtime. Check the /usr/share/zoneinfo directory for a list of existing zones.

# ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
# hwclock --systohc
IconIf dual-booting with Windows, add --localtime to the hwclock command to have the clocks sync correctly between OSs.

Choose the proper localization and uncomment it from /etc/locale.gen, the defacto English (US) standard is en_US.UTF-8 UTF-8, and then generate the needed localization.
Also add the localization to /etc/locale.conf.

# sed -i 's/^#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen
# locale-gen
# echo "LANG=en_US.UTF-8" > /etc/locale.conf

If a keyboard layout was setup at the beginning of installation, make it permanent.

# echo "KEYMAP=de_latin1" > /etc/vconsole.conf

Icon Swap File

 
IconIf performing an installation of LVM on LUKS only set the sysctl variable here.

Create a swap file on the root partition, set the proper permissions and format it to swap.

# fallocate -l 8G /swap
# chmod 600 /swap
# mkswap /swap

Create an fstab entry for the swap file so it is loaded on boot.

# echo -e "/swap\tnone\tswap\tdefaults\t0\t0" >> /etc/fstab

Provided the swap file was created on an SSD (which it should have been), adjust sysctl accordingly.

# echo "vm.swappiness=1" >> /etc/sysctl.d/99-sysctl.conf

Icon Reboot

Exit out of the chroot environment.

# exit

Unmount all partitions and reboot the system.

root ~ # umount -R /mnt && reboot

Icon Post-Installation

Upon first boot, login with the user account created previously.

Icon DNS Resolution

Create a symbolic link from the systemd-resolved resolv.conf to the system version.

# sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf

Icon Network Time Protocol

As it is always a good idea to keep the systems date/time in sync, for this use systemd-timesyncd.

# sudo timedatectl set-ntp true

Icon Packages

To find the fastest recently updated mirrors for pacman, install the reflector package.

# sudo pacman -S reflector

Reflector will search through the last 100 updated mirrors that use HTTPS and sort them by download speed and then output the list to /etc/pacman.d/mirrorlist overwriting the current list. This command might take a few minutes depending on internet connection speed and latency.

# sudo reflector --latest 100 --protocol https --sort rate --save /etc/pacman.d/mirrorlist

Enable colored output in pacman.

# sudo sed -i 's/#Color/Color/' /etc/pacman.conf

To install aur:pacaur first manually install cower.

# git clone https://aur.archlinux.org/cower.git
# cd cower && makepkg -si && cd .. && rm -rf cower
IconIf makepkg complains about GPG keys see this pinned comment or use gpg --recv-keys --keyserver hkp://pgp.mit.edu 1EB2638FF56C0C53

Then proceed to install pacaur manually.

# git clone https://aur.archlinux.org/pacaur.git
# cd pacaur && makepkg -si && cd .. && rm -rf pacaur

Perform a full system update.

# pacaur -Syu


Icon See also: Managing Packages 

Icon Xorg

Install the base Xorg packages needed to run, xorg-server and the xorg-apps group.

# pacaur -S xorg-server xorg-xinit xorg-apps

Then choose a video driver to install depending on the video card in your machine.

Icon AMD

For AMD cards there are three options xf86-video-amdgpu and xf86-video-ati which are open source and also require the mesa package for OpenGL. Or the catalyst proprietary driver can be used along with its OpenGL counterpart catalyst-libgl.

IconAs I have never personally owned an AMD video card I cannot personally give any advice or feedback in this area past basic installation.

Icon Intel

For Intel cards simply install the open source driver and the mesa OpenGL package.

# pacaur -S xf86-video-intel mesa

Icon NVIDIA

For NVIDIA cards sadly the proprietary drivers are really the only option.

# pacaur -S linux-headers nvidia nvidia-settings mesa vdpauinfo

Icon User Configuration

This is also a good time to stop and configure everything that is machine-specific, this includes hardware and terminal customization flair.

IconGitHub: My dotfiles
Icon See also: ThinkPad X220: Arch Linux Notes 

Icon Welcome to Arch Linux

From here install the Desktop Environment or Window Manager of choice before finally launching Xorg.

# startx

Icon References

  1. ^ "ArchWiki". Partitioning: Choosing between GPT and MBR. https://wiki.archlinux.org/index.php/Partitioning#Choosing_between_GPT_and_MBR. 
Retrieved from "https://kyau.net/w/index.php?title=ArchLinux:Installation&oldid=4151"