User Tools

Site Tools


cs:archlinux_installation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
cs:archlinux_installation [2019/01/12 11:15]
paolo_bolzoni Add an integration for the "Select the mirrors" section
cs:archlinux_installation [2021/05/02 14:08] (current)
paolo_bolzoni
Line 48: Line 48:
  
  
 +===== Partitioning =====
 +
 +To make life easier, even if using ZFS, keep the ''/​boot''​ partition separate with a normal filesystem. ​
 +
 +Check if the boot happened in EFI mode or not. If it is EFI this command will succeed:
 +
 +  # ls /​sys/​firmware/​efi/​efivars
 +
 +If it is in EFI mode the boot (and EFI partition) partition (type ''​EF00''​) has to be 550MB and being formatted with
 +
 +  # mkfs.fat -F32 /dev/sdXY
 +
 +If it is not EFI, then 100MB formatted in ''​ext2''​ are enough, the type can be left as ''​8300 (Linux)''​.
 +
 +ZFS pools can use unpartitioned disks, but if you need the partitions (for example for ''/​boot''​) the space for ZFS pools should use the partition type ''​BF''​ (MBR) ''​BF00''​ (GPT).
 +
 +=== ZFS "​partitioning"​ ===
 +
 +During installation,​ to follow the installation instruction with ease just create all zfs pools and volumes with mount point ''​legacy''​ or ''​none''​ and use the ''​mount''​ command.
 +
 +Once you are ready to reboot in the freshly installed system then you can edit ''/​etc/​fstab''​ to remove the needless zfs lines and set up zfs pools and volumes properly.
 +
 +===== Encryption =====
 +
 +==== Prepare disks ====
 +
 +Normally outside ''/​boot''​ one wants the whole disk encrypted. We use ''​dmcrypt''​ and the ''​encrypt''​ hook. ''​dmcrypt''​ creates the text-plain abstractions in ''/​dev/​mapper''​ and those can be used a normal disks.
 +
 +There is also the little advantage that while the disk names like ''/​dev/​sda''​ or ''/​dev/​sdb''​ may change across reboots, the plain-text abstractions names are set up.
 +
 +To encrypt a disk you can use:
 +  # cryptsetup luksFormat -s 512 -c aes-xts-plain64 /​dev/​diskname
 +
 +To have the plain-text abstraction in''/​dev/​mapper/​abstraction_name''​ you have to use:
 +  # cryptsetup open /​dev/​diskname abstraction_name
 +
 +
 +==== Open disks on boot ====
 +
 +The initcpio hook ''​encrypt''​ creates the plain-text abstraction looking up for a keyfile or asking for the password. It gets the data it needs from the kernel line, parameters ''​cryptdevice''​ and ''​cryptkey''​.
 +
 +Example:
 +  cryptdevice=UUID=5bed332d-2397-4841-a85e-52a5299c5374:​nvme cryptkey=/​dev/​disk/​by-label/​BOOT:​auto:​keyfile
 +
 +For ''​cryptdevice''​ between the '':''​ are the disk (or partitions) with the encrypted data and the plain-text abstraction names. For ''​cryptkey''​ are the partition, the partition type, and the filename.
 +
 +
 +=== What if I have more than one disk? ===
 +
 +It is possible to create an encrypt initcpio hook for every disk, if you have ''​N+1''​ disks you can type:
 +
 +  # cd /​usr/​lib/​initcpio
 +  # for n in {0..N} ;do <​install/​encrypt sed -e '​s_cryptkey_cryptkey'​$n'​_'​ -e '​s_cryptdevice_cryptdevice'​$n'​_'​ > /​etc/​initcpio/​install/​encrypt$n ; <​hooks/​encrypt sed -e '​s_cryptkey_cryptkey'​$n'​_'​ -e '​s_cryptdevice_cryptdevice'​$n'​_'​ > /​etc/​initcpio/​hooks/​encrypt$n ;done
 +
 +This will create a different hook for each disk, to configure each just do the same you would do for a single disk but add ''​0'',​ ''​1'',​ ... to each variable name.
 +
 +To avoid to have to type the password many times you can consider to add a filekey to the first disk and set up the next hooks to use it.
 +
 +
 +=== Partitions inside the text-plain abstraction ===
 +
 +Once the text-plain abstraction is set up, the initcpio encrypt hook does not automatically look up for partitions inside. If needed, we can alter the encrypt hook and installation to call ''​partprobe''​ (package ​
 +''​parted''​) to inform the OS of the new partitions.
 +
 +In the hook file look up for lines with ''​if [ -e "/​dev/​mapper/​${cryptname}"​ ]; then''​ two of those ifs check if the text-plain abstraction has been properly created. Just add ''​partprobe -s "/​dev/​mapper/​${cryptname}"''​ in a line below (The ''​-s''​ option is not necessary, but to see the detected partitions can help debugging.) At time of writing the two lines are the 91st and the 129th.
 +
 +Example:
 +  91    if [ -e "/​dev/​mapper/​${cryptname}"​ ]; then
 +  ...       ​partprobe -s "/​dev/​mapper/​${cryptname}"​
 +  92        if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
 +  93            export root="/​dev/​mapper/​root"​
 +  94        fi
 +  95    else
 +
 +Partprobe is part of the package ''​parted''​ and the executable has to be added in initcpio image using the install file. In the install file, add in the ''​build''​ function a line with:
 +
 +  add_binary "​partprobe"​
 +
 +To use ''​partprobe''​ in the encrypt hook allows to have a full-system encryption and still use partitions to keep data separated or to use an encrypted swap.
 +
 +
 +=== Note on ZFS ===
 +
 +ZFS at time of writing does not support encryption, so to use dm-crypt is still a good solution. But ZFS encrypted pools are already in the unstable code, so if doing an installation with ZFS double check if it is already possible to use ZFS encryption directly.
 ===== Select mirrors ===== ===== Select mirrors =====
  
Line 63: Line 147:
  
 So when installing a package with ''​pacman -S''​ a package is not found anymore in the mirrors because a new version come out, ''​pacman''​ will fall back downloading it from the [[https://​wiki.archlinux.org/​index.php/​Arch_Linux_Archive|archive]]. Of course, if you see that ''​pacman''​ downloads from the archive often probably you should update the system (''​pacman -Sc''​ and ''​pacman -Syu''​). So when installing a package with ''​pacman -S''​ a package is not found anymore in the mirrors because a new version come out, ''​pacman''​ will fall back downloading it from the [[https://​wiki.archlinux.org/​index.php/​Arch_Linux_Archive|archive]]. Of course, if you see that ''​pacman''​ downloads from the archive often probably you should update the system (''​pacman -Sc''​ and ''​pacman -Syu''​).
 +
 +
 +===== Install the base packages =====
 +
 +=== Wifi menu ===
 +
 +The installation media has ''​wifi-menu''​ to easily connect to wireless networks; unfortunately the ''​base''​ group **does not** has it.
 +
 +The ''​netctl'',​ ''​dialog'',​ ''​dhcpcd'',​ and ''​wpa_supplicant''​ packages just use few megabytes of space, but they ensure you have a easy and quick way to connect to wireless networks after the reboot.
 +
 +In addition many useful packages are in the AUR and to install with easy one needs ''​pikaur,''​ to be installed it needs few deps: ''​git'',​ ''​pyalpm'',​ and ''​python-commonmark''​. So to kickstart the system, a good line is:
 +
 +# pacstrap /mnt linux linux-firmware base base-devel netctl dialog dhcpcd wpa_supplicant git pyalpm python-commonmark
 +
 +''​pikaur''​ will need to be installed manually.
 +
 +If using ZFS, add to ''​pacstrap''​ also the ''​zfs-dkms''​ and ''​linux-headers'' ​ packages.
 +
 +
 +
 +=== Wifi card driver ===
 +
 +One need to check what firmware the wifi network controller is using because the package might not be installed by default in the ''​base''​ package.
 +
 +Look for the network card in the ''#​ lspci''​ output and use ''#​ lspci -vv -s 03:​00.0''​ where ''​03:​00.0''​ is the domain of the network card; i.e.,\_the first column in the ''​lspci''​ output.
 +
 +Example:
 +
 +  # lspci -vv -s 03:00.0
 +  03:00.0 Network controller: Intel Corporation Wireless-AC 9260 (rev 29)
 +        Subsystem: Bigfoot Networks, Inc. Wireless-AC 9260
 +        Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+
 +        [...]
 +        Kernel driver in use: iwlwifi
 +        Kernel modules: iwlwifi
 +
 +Once found the kernel driver look it up in the ''/​usr/​lib/​firmware''​ directory to check if the package needs to be installed.
 +
 +====== Post-installation ======
 +
 +Once started the X (Wayland) server the font configuration will be horible. Often the spacing between the characters will be totally messed up. Here are the instructions to set up the fonts properly ([[https://​www.reddit.com/​r/​archlinux/​comments/​5r5ep8/​make_your_arch_fonts_beautiful_easily/​|Original post]].)
 +
 +First of all install the liberation fonts, it indirectly sets up the correct characters positions.
 +
 +  # pacman -S ttf-liberation
 +
 +Secondly install a bit more fonts.
 +
 +  # pacman -S ttf-ibm-plex ttf-dejavu noto-fonts
 +
 +Enable font presets:
 +
 +  # ln -s /​etc/​fonts/​conf.avail/​70-no-bitmaps.conf /​etc/​fonts/​conf.d
 +  # ln -s /​etc/​fonts/​conf.avail/​10-sub-pixel-rgb.conf /​etc/​fonts/​conf.d
 +  # ln -s /​etc/​fonts/​conf.avail/​11-lcdfilter-default.conf /​etc/​fonts/​conf.d
 +
 +In the ''/​etc/​profile.d/​freetype2.sh''​ file uncomment the ''​FREETYPE_PROPERTIES''​ line.
 +
 +
 +Finally create the ''/​etc/​fonts/​local.conf''​ file with the following content. The file tells the system what you mean with //serif//, //sans//, or //​monospace//​.
 +
 +  <?xml version="​1.0"?>​
 +  <​!DOCTYPE fontconfig SYSTEM "​fonts.dtd">​
 +  <​fontconfig>​
 +      <​match>​
 +          <edit mode="​prepend"​ name="​family"><​string>​Liberation Sans</​string></​edit>​
 +      </​match>​
 +      <match target="​pattern">​
 +          <test qual="​any"​ name="​family"><​string>​serif</​string></​test>​
 +          <edit name="​family"​ mode="​assign"​ binding="​same"><​string>​Liberation Serif</​string></​edit>​
 +      </​match>​
 +      <match target="​pattern">​
 +          <test qual="​any"​ name="​family"><​string>​sans-serif</​string></​test>​
 +          <edit name="​family"​ mode="​assign"​ binding="​same"><​string>​Liberation Sans</​string></​edit>​
 +      </​match>​
 +      <match target="​pattern">​
 +          <test qual="​any"​ name="​family"><​string>​monospace</​string></​test>​
 +          <edit name="​family"​ mode="​assign"​ binding="​same"><​string>​IBM Plex Mono</​string></​edit>​
 +      </​match>​
 +  </​fontconfig>​
cs/archlinux_installation.1547291726.txt.gz · Last modified: 2019/01/12 11:15 by paolo_bolzoni