User Tools

Site Tools


cs:archlinux_installation

Installation

The installation guide of Archlinux is very good for a simple and “vanilla” setup. But if you want a bit more customization it is not enough, since the wiki is very large I write here what I do need to perform installations.

Installation media

Archiso page.

The installation media is usually fine, unless one wants ZFS support. Archlinux supports well ZFS, but it is not in the official repositories, so to use ZFS one needs to:

Install archiso, download and sign the ZFS repo keys:

# pacman --needed -S archiso
# pacman-key -r F75D9D76
# pacman-key --lsign-key F75D9D76

Prepare for making a full image:

$ cp -r /usr/share/archiso/configs/releng archlive

And inside archlive edit few files.

In the file ./packages.x86_64 add to the end:

archzfs-dkms
linux-headers

In the file ./pacman.conf add to the end, nearby the other repos:

[archzfs]
Server = http://archzfs.com/$repo/$arch

In the file ./airootfs/etc/systemd/system/pacman-init.service add in the bottom of the section [Service]:

ExecStart=/usr/bin/pacman-key -r F75D9D76
ExecStart=/usr/bin/pacman-key --lsign-key F75D9D76

I use the archzfs-dkms package because it works with all kernels and so it cannot stop your system from updating because the zfs and the kernel package are not aligned. The downside is that on updating the kernel the module will be recompiled requiring a bit of time.

Finally build the image:

# ./build.sh -v

The image will be in ./out. Finally prepare the USB stick for installation:

# dd bs=4M if=./out/archlinux-YYYY.MM.DD-x86_64.iso of=/dev/sdX status=progress oflag=sync

The steps of editing the pacman configuration file, downloading, and signing the keys will have to be repeated in the installed system.

Partitioning

To make life easier, even if using ZFS, keep the /boot partition separate with a normal filesystem.

Check if the boot happened in EFI mode or not. If it is EFI this command will succeed:

# ls /sys/firmware/efi/efivars

If it is in EFI mode the boot (and EFI partition) partition (type EF00) has to be 550MB and being formatted with

# mkfs.fat -F32 /dev/sdXY

If it is not EFI, then 100MB formatted in ext2 are enough, the type can be left as 8300 (Linux).

ZFS pools can use unpartitioned disks, but if you need the partitions (for example for /boot) the space for ZFS pools should use the partition type BF (MBR) BF00 (GPT).

ZFS "partitioning"

During installation, to follow the installation instruction with ease just create all zfs pools and volumes with mount point legacy or none and use the mount command.

Once you are ready to reboot in the freshly installed system then you can edit /etc/fstab to remove the needless zfs lines and set up zfs pools and volumes properly.

Encryption

Prepare disks

Normally outside /boot one wants the whole disk encrypted. We use dmcrypt and the encrypt hook. dmcrypt creates the text-plain abstractions in /dev/mapper and those can be used a normal disks.

There is also the little advantage that while the disk names like /dev/sda or /dev/sdb may change across reboots, the plain-text abstractions names are set up.

To encrypt a disk you can use:

# cryptsetup luksFormat -s 512 -c aes-xts-plain64 /dev/diskname

To have the plain-text abstraction in/dev/mapper/abstraction_name you have to use:

# cryptsetup open /dev/diskname abstraction_name

Open disks on boot

The initcpio hook encrypt creates the plain-text abstraction looking up for a keyfile or asking for the password. It gets the data it needs from the kernel line, parameters cryptdevice and cryptkey.

Example:

cryptdevice=UUID=5bed332d-2397-4841-a85e-52a5299c5374:nvme cryptkey=/dev/disk/by-label/BOOT:auto:keyfile

For cryptdevice between the : are the disk (or partitions) with the encrypted data and the plain-text abstraction names. For cryptkey are the partition, the partition type, and the filename.

What if I have more than one disk?

It is possible to create an encrypt initcpio hook for every disk, if you have N+1 disks you can type:

# cd /usr/lib/initcpio
# for n in {0..N} ;do <install/encrypt sed -e 's_cryptkey_cryptkey'$n'_' -e 's_cryptdevice_cryptdevice'$n'_' > /etc/initcpio/install/encrypt$n ; <hooks/encrypt sed -e 's_cryptkey_cryptkey'$n'_' -e 's_cryptdevice_cryptdevice'$n'_' > /etc/initcpio/hooks/encrypt$n ;done

This will create a different hook for each disk, to configure each just do the same you would do for a single disk but add 0, 1, … to each variable name.

To avoid to have to type the password many times you can consider to add a filekey to the first disk and set up the next hooks to use it.

Partitions inside the text-plain abstraction

Once the text-plain abstraction is set up, the initcpio encrypt hook does not automatically look up for partitions inside. If needed, we can alter the encrypt hook and installation to call partprobe (package parted) to inform the OS of the new partitions.

In the hook file look up for lines with if [ -e “/dev/mapper/${cryptname}” ]; then two of those ifs check if the text-plain abstraction has been properly created. Just add partprobe -s “/dev/mapper/${cryptname}” in a line below (The -s option is not necessary, but to see the detected partitions can help debugging.) At time of writing the two lines are the 91st and the 129th.

Example:

91    if [ -e "/dev/mapper/${cryptname}" ]; then
...       partprobe -s "/dev/mapper/${cryptname}"
92        if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
93            export root="/dev/mapper/root"
94        fi
95    else

Partprobe is part of the package parted and the executable has to be added in initcpio image using the install file. In the install file, add in the build function a line with:

add_binary "partprobe"

To use partprobe in the encrypt hook allows to have a full-system encryption and still use partitions to keep data separated or to use an encrypted swap.

Note on ZFS

ZFS at time of writing does not support encryption, so to use dm-crypt is still a good solution. But ZFS encrypted pools are already in the unstable code, so if doing an installation with ZFS double check if it is already possible to use ZFS encryption directly.

Select mirrors

The package pacman-contrib contains rankmirrors a program that sorts the mirrors in order of speed. To use it, from the /etc/pacman.d directory one needs to execute:

# pacman --needed -S pacman-contrib
# mv mirrorlist mirrorlist.orig
# rankmirrors -m 2 -n 12 mirrorlist.orig > mirrorlist

It may require a bit of time, but since the list of mirrors does not change often it is worthwhile to do it. Once you got the new mirrorlist file add as last line:

Server = https://archive.archlinux.org/packages/.all

So when installing a package with pacman -S a package is not found anymore in the mirrors because a new version come out, pacman will fall back downloading it from the archive. Of course, if you see that pacman downloads from the archive often probably you should update the system (pacman -Sc and pacman -Syu).

Install the base packages

Wifi menu

The installation media has wifi-menu to easily connect to wireless networks; unfortunately the base group does not has it.

The netctl, dialog, dhcpcd, and wpa_supplicant packages just use few megabytes of space, but they ensure you have a easy and quick way to connect to wireless networks after the reboot.

In addition many useful packages are in the AUR and to install with easy one needs pikaur, to be installed it needs few deps: git, pyalpm, and python-commonmark. So to kickstart the system, a good line is:

# pacstrap /mnt linux linux-firmware base base-devel netctl dialog dhcpcd wpa_supplicant git pyalpm python-commonmark

pikaur will need to be installed manually.

If using ZFS, add to pacstrap also the zfs-dkms and linux-headers packages.

Wifi card driver

One need to check what firmware the wifi network controller is using because the package might not be installed by default in the base package.

Look for the network card in the # lspci output and use # lspci -vv -s 03:00.0 where 03:00.0 is the domain of the network card; i.e., the first column in the lspci output.

Example:

# lspci -vv -s 03:00.0
03:00.0 Network controller: Intel Corporation Wireless-AC 9260 (rev 29)
      Subsystem: Bigfoot Networks, Inc. Wireless-AC 9260
      Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
      [...]
      Kernel driver in use: iwlwifi
      Kernel modules: iwlwifi

Once found the kernel driver look it up in the /usr/lib/firmware directory to check if the package needs to be installed.

Post-installation

Once started the X (Wayland) server the font configuration will be horible. Often the spacing between the characters will be totally messed up. Here are the instructions to set up the fonts properly (Original post.)

First of all install the liberation fonts, it indirectly sets up the correct characters positions.

# pacman -S ttf-liberation

Secondly install a bit more fonts.

# pacman -S ttf-ibm-plex ttf-dejavu noto-fonts

Enable font presets:

# ln -s /etc/fonts/conf.avail/70-no-bitmaps.conf /etc/fonts/conf.d
# ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d
# ln -s /etc/fonts/conf.avail/11-lcdfilter-default.conf /etc/fonts/conf.d

In the /etc/profile.d/freetype2.sh file uncomment the FREETYPE_PROPERTIES line.

Finally create the /etc/fonts/local.conf file with the following content. The file tells the system what you mean with serif, sans, or monospace.

<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
    <match>
        <edit mode="prepend" name="family"><string>Liberation Sans</string></edit>
    </match>
    <match target="pattern">
        <test qual="any" name="family"><string>serif</string></test>
        <edit name="family" mode="assign" binding="same"><string>Liberation Serif</string></edit>
    </match>
    <match target="pattern">
        <test qual="any" name="family"><string>sans-serif</string></test>
        <edit name="family" mode="assign" binding="same"><string>Liberation Sans</string></edit>
    </match>
    <match target="pattern">
        <test qual="any" name="family"><string>monospace</string></test>
        <edit name="family" mode="assign" binding="same"><string>IBM Plex Mono</string></edit>
    </match>
</fontconfig>
cs/archlinux_installation.txt · Last modified: 2021/05/02 14:08 by paolo_bolzoni