====== Installation ====== The [[https://wiki.archlinux.org/index.php/installation_guide|installation guide]] of Archlinux is very good for a simple and "vanilla" setup. But if you want a bit more customization it is not enough, since the wiki is very large I write here what //I// do need to perform installations. ===== Installation media ===== [[https://wiki.archlinux.org/index.php/Archiso|Archiso]] page. The installation media is usually fine, unless one wants [[https://wiki.archlinux.org/index.php/ZFS|ZFS]] support. Archlinux supports well ZFS, but it is not in the official repositories, so to use ZFS one needs to: Install ''archiso'', download and sign the ZFS repo keys: # pacman --needed -S archiso # pacman-key -r F75D9D76 # pacman-key --lsign-key F75D9D76 Prepare for making a full image: $ cp -r /usr/share/archiso/configs/releng archlive And inside ''archlive'' edit few files. In the file ''./packages.x86_64'' add to the end: archzfs-dkms linux-headers In the file ''./pacman.conf'' add to the end, nearby the other repos: [archzfs] Server = http://archzfs.com/$repo/$arch In the file ''./airootfs/etc/systemd/system/pacman-init.service'' add in the bottom of the section ''[Service]'': ExecStart=/usr/bin/pacman-key -r F75D9D76 ExecStart=/usr/bin/pacman-key --lsign-key F75D9D76 I use the ''archzfs-dkms'' package because it works with all kernels and so it cannot stop your system from updating because the ''zfs'' and the kernel package are not aligned. The downside is that on updating the kernel the module will be recompiled requiring a bit of time. Finally build the image: # ./build.sh -v The image will be in ''./out''. Finally prepare the USB stick for installation: # dd bs=4M if=./out/archlinux-YYYY.MM.DD-x86_64.iso of=/dev/sdX status=progress oflag=sync The steps of editing the ''pacman'' configuration file, downloading, and signing the keys will have to be repeated in the installed system. ===== Partitioning ===== To make life easier, even if using ZFS, keep the ''/boot'' partition separate with a normal filesystem. Check if the boot happened in EFI mode or not. If it is EFI this command will succeed: # ls /sys/firmware/efi/efivars If it is in EFI mode the boot (and EFI partition) partition (type ''EF00'') has to be 550MB and being formatted with # mkfs.fat -F32 /dev/sdXY If it is not EFI, then 100MB formatted in ''ext2'' are enough, the type can be left as ''8300 (Linux)''. ZFS pools can use unpartitioned disks, but if you need the partitions (for example for ''/boot'') the space for ZFS pools should use the partition type ''BF'' (MBR) ''BF00'' (GPT). === ZFS "partitioning" === During installation, to follow the installation instruction with ease just create all zfs pools and volumes with mount point ''legacy'' or ''none'' and use the ''mount'' command. Once you are ready to reboot in the freshly installed system then you can edit ''/etc/fstab'' to remove the needless zfs lines and set up zfs pools and volumes properly. ===== Encryption ===== ==== Prepare disks ==== Normally outside ''/boot'' one wants the whole disk encrypted. We use ''dmcrypt'' and the ''encrypt'' hook. ''dmcrypt'' creates the text-plain abstractions in ''/dev/mapper'' and those can be used a normal disks. There is also the little advantage that while the disk names like ''/dev/sda'' or ''/dev/sdb'' may change across reboots, the plain-text abstractions names are set up. To encrypt a disk you can use: # cryptsetup luksFormat -s 512 -c aes-xts-plain64 /dev/diskname To have the plain-text abstraction in''/dev/mapper/abstraction_name'' you have to use: # cryptsetup open /dev/diskname abstraction_name ==== Open disks on boot ==== The initcpio hook ''encrypt'' creates the plain-text abstraction looking up for a keyfile or asking for the password. It gets the data it needs from the kernel line, parameters ''cryptdevice'' and ''cryptkey''. Example: cryptdevice=UUID=5bed332d-2397-4841-a85e-52a5299c5374:nvme cryptkey=/dev/disk/by-label/BOOT:auto:keyfile For ''cryptdevice'' between the '':'' are the disk (or partitions) with the encrypted data and the plain-text abstraction names. For ''cryptkey'' are the partition, the partition type, and the filename. === What if I have more than one disk? === It is possible to create an encrypt initcpio hook for every disk, if you have ''N+1'' disks you can type: # cd /usr/lib/initcpio # for n in {0..N} ;do /etc/initcpio/install/encrypt$n ; /etc/initcpio/hooks/encrypt$n ;done This will create a different hook for each disk, to configure each just do the same you would do for a single disk but add ''0'', ''1'', ... to each variable name. To avoid to have to type the password many times you can consider to add a filekey to the first disk and set up the next hooks to use it. === Partitions inside the text-plain abstraction === Once the text-plain abstraction is set up, the initcpio encrypt hook does not automatically look up for partitions inside. If needed, we can alter the encrypt hook and installation to call ''partprobe'' (package ''parted'') to inform the OS of the new partitions. In the hook file look up for lines with ''if [ -e "/dev/mapper/${cryptname}" ]; then'' two of those ifs check if the text-plain abstraction has been properly created. Just add ''partprobe -s "/dev/mapper/${cryptname}"'' in a line below (The ''-s'' option is not necessary, but to see the detected partitions can help debugging.) At time of writing the two lines are the 91st and the 129th. Example: 91 if [ -e "/dev/mapper/${cryptname}" ]; then ... partprobe -s "/dev/mapper/${cryptname}" 92 if [ ${DEPRECATED_CRYPT} -eq 1 ]; then 93 export root="/dev/mapper/root" 94 fi 95 else Partprobe is part of the package ''parted'' and the executable has to be added in initcpio image using the install file. In the install file, add in the ''build'' function a line with: add_binary "partprobe" To use ''partprobe'' in the encrypt hook allows to have a full-system encryption and still use partitions to keep data separated or to use an encrypted swap. === Note on ZFS === ZFS at time of writing does not support encryption, so to use dm-crypt is still a good solution. But ZFS encrypted pools are already in the unstable code, so if doing an installation with ZFS double check if it is already possible to use ZFS encryption directly. ===== Select mirrors ===== The package ''pacman-contrib'' contains ''rankmirrors'' a program that sorts the mirrors in order of speed. To use it, from the ''/etc/pacman.d'' directory one needs to execute: # pacman --needed -S pacman-contrib # mv mirrorlist mirrorlist.orig # rankmirrors -m 2 -n 12 mirrorlist.orig > mirrorlist It may require a bit of time, but since the list of mirrors does not change often it is worthwhile to do it. Once you got the new ''mirrorlist'' file add as //last// line: Server = https://archive.archlinux.org/packages/.all So when installing a package with ''pacman -S'' a package is not found anymore in the mirrors because a new version come out, ''pacman'' will fall back downloading it from the [[https://wiki.archlinux.org/index.php/Arch_Linux_Archive|archive]]. Of course, if you see that ''pacman'' downloads from the archive often probably you should update the system (''pacman -Sc'' and ''pacman -Syu''). ===== Install the base packages ===== === Wifi menu === The installation media has ''wifi-menu'' to easily connect to wireless networks; unfortunately the ''base'' group **does not** has it. The ''netctl'', ''dialog'', ''dhcpcd'', and ''wpa_supplicant'' packages just use few megabytes of space, but they ensure you have a easy and quick way to connect to wireless networks after the reboot. In addition many useful packages are in the AUR and to install with easy one needs ''pikaur,'' to be installed it needs few deps: ''git'', ''pyalpm'', and ''python-commonmark''. So to kickstart the system, a good line is: # pacstrap /mnt linux linux-firmware base base-devel netctl dialog dhcpcd wpa_supplicant git pyalpm python-commonmark ''pikaur'' will need to be installed manually. If using ZFS, add to ''pacstrap'' also the ''zfs-dkms'' and ''linux-headers'' packages. === Wifi card driver === One need to check what firmware the wifi network controller is using because the package might not be installed by default in the ''base'' package. Look for the network card in the ''# lspci'' output and use ''# lspci -vv -s 03:00.0'' where ''03:00.0'' is the domain of the network card; i.e.,\_the first column in the ''lspci'' output. Example: # lspci -vv -s 03:00.0 03:00.0 Network controller: Intel Corporation Wireless-AC 9260 (rev 29) Subsystem: Bigfoot Networks, Inc. Wireless-AC 9260 Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+ [...] Kernel driver in use: iwlwifi Kernel modules: iwlwifi Once found the kernel driver look it up in the ''/usr/lib/firmware'' directory to check if the package needs to be installed. ====== Post-installation ====== Once started the X (Wayland) server the font configuration will be horible. Often the spacing between the characters will be totally messed up. Here are the instructions to set up the fonts properly ([[https://www.reddit.com/r/archlinux/comments/5r5ep8/make_your_arch_fonts_beautiful_easily/|Original post]].) First of all install the liberation fonts, it indirectly sets up the correct characters positions. # pacman -S ttf-liberation Secondly install a bit more fonts. # pacman -S ttf-ibm-plex ttf-dejavu noto-fonts Enable font presets: # ln -s /etc/fonts/conf.avail/70-no-bitmaps.conf /etc/fonts/conf.d # ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d # ln -s /etc/fonts/conf.avail/11-lcdfilter-default.conf /etc/fonts/conf.d In the ''/etc/profile.d/freetype2.sh'' file uncomment the ''FREETYPE_PROPERTIES'' line. Finally create the ''/etc/fonts/local.conf'' file with the following content. The file tells the system what you mean with //serif//, //sans//, or //monospace//. Liberation Sans serif Liberation Serif sans-serif Liberation Sans monospace IBM Plex Mono