This is an old revision of the document!
The installation guide of Archlinux is very good for a simple and “vanilla” setup. But if you want a bit more customization it is not enough, since the wiki is very large I write here what I do need to perform installations.
Archiso page.
The installation media is usually fine, unless one wants ZFS support. Archlinux supports well ZFS, but it is not in the official repositories, so to use ZFS one needs to:
Install archiso
, download and sign the ZFS repo keys:
# pacman --needed -S archiso # pacman-key -r F75D9D76 # pacman-key --lsign-key F75D9D76
Prepare for making a full image:
$ cp -r /usr/share/archiso/configs/releng archlive
And inside archlive
edit few files.
In the file ./packages.x86_64
add to the end:
archzfs-dkms linux-headers
In the file ./pacman.conf
add to the end, nearby the other repos:
[archzfs] Server = http://archzfs.com/$repo/$arch
In the file ./airootfs/etc/systemd/system/pacman-init.service
add in the bottom of the section [Service]
:
ExecStart=/usr/bin/pacman-key -r F75D9D76 ExecStart=/usr/bin/pacman-key --lsign-key F75D9D76
I use the archzfs-dkms
package because it works with all kernels and so it cannot stop your system from updating because the zfs
and the kernel package are not aligned. The downside is that on updating the kernel the module will be recompiled requiring a bit of time.
Finally build the image:
# ./build.sh -v
The image will be in ./out
. Finally prepare the USB stick for installation:
# dd bs=4M if=./out/archlinux-YYYY.MM.DD-x86_64.iso of=/dev/sdX status=progress oflag=sync
The steps of editing the pacman
configuration file, downloading, and signing the keys will have to be repeated in the installed system.
To make life easier, even if using ZFS, keep the /boot
partition separate with a normal filesystem.
Check if the boot happened in EFI mode or not. If it is EFI this command will succeed:
# ls /sys/firmware/efi/efivars
If it is in EFI mode the boot (and EFI partition) partition (type EF00
) has to be 550MB and being formatted with
# mkfs.fat -F32 /dev/sdXY
If it is not EFI, then 100MB formatted in ext2
are enough, the type can be left as 8300 (Linux)
.
ZFS pools can use unpartitioned disks, but if you need the partitions (for example for /boot
) the space for ZFS pools should use the partition type BF
(MBR) BF00
(GPT).
During installation, to follow the installation instruction with ease just create all zfs pools and volumes with mount point legacy
or none
and use the mount
command.
Once you are ready to reboot in the freshly installed system then you can edit /etc/fstab
to remove the needless zfs lines and set up zfs pools and volumes properly.
Normally outside /boot
one wants the whole disk encrypted. We use dmcrypt
and the encrypt
hook. dmcrypt
creates the text-plain abstractions in /dev/mapper
and those can be used a normal disks.
There is also the little advantage that while the disk names like /dev/sda
or /dev/sdb
may change across reboots, the plain-text abstractions names are set up.
To encrypt a disk you can use:
# cryptsetup luksFormat -s 512 -c aes-xts-plain64 /dev/diskname
To have the plain-text abstraction in/dev/mapper/abstraction_name
you have to use:
# cryptsetup open /dev/diskname abstraction_name
The initcpio hook encrypt
creates the plain-text abstraction looking up for a keyfile or asking for the password. It gets the data it needs from the kernel line, parameters cryptdevice
and cryptkey
.
Example:
cryptdevice=UUID=5bed332d-2397-4841-a85e-52a5299c5374:nvme cryptkey=/dev/disk/by-label/BOOT:auto:keyfile
For cryptdevice
between the :
are the disk (or partitions) with the encrypted data and the plain-text abstraction names. For cryptkey
are the partition, the partition type, and the filename.
It is possible to create an encrypt initcpio hook for every disk, if you have N+1
disks you can type:
# cd /usr/lib/initcpio # for n in {0..N} ;do <install/encrypt sed -e 's_cryptkey_cryptkey'$n'_' -e 's_cryptdevice_cryptdevice'$n'_' > /etc/initcpio/install/encrypt$n ; <hooks/encrypt sed -e 's_cryptkey_cryptkey'$n'_' -e 's_cryptdevice_cryptdevice'$n'_' > /etc/initcpio/hooks/encrypt$n ;done
This will create a different hook for each disk, to configure each just do the same you would do for a single disk but add 0
, 1
, … to each variable name.
To avoid to have to type the password many times you can consider to add a filekey to the first disk and set up the next hooks to use it.
ZFS at time of writing does not support encryption, so to use dm-crypt is still a good solution. But ZFS encrypted pools are already in the unstable code, so if doing an installation with ZFS double check if to use ZFS directly is already possible.
The package pacman-contrib
contains rankmirrors
a program that sorts the mirrors in order of speed.
To use it, from the /etc/pacman.d
directory one needs to execute:
# pacman --needed -S pacman-contrib # mv mirrorlist mirrorlist.orig # rankmirrors -m 2 -n 12 mirrorlist.orig > mirrorlist
It may require a bit of time, but since the list of mirrors does not change often it is worthwhile to do it.
Once you got the new mirrorlist
file add as last line:
Server = https://archive.archlinux.org/packages/.all
So when installing a package with pacman -S
a package is not found anymore in the mirrors because a new version come out, pacman
will fall back downloading it from the archive. Of course, if you see that pacman
downloads from the archive often probably you should update the system (pacman -Sc
and pacman -Syu
).
The installation media has wifi-menu
to easily connect to wireless networks easily; unfortunately the base
group does not has it. So when boot strapping the new environment I use:
# pacstrap /mnt base base-devel netctl dialog dhcpcd wpa_supplicant
The netctl
, dialog
, dhcpcd
, and wpa_supplicant
packages just use few megabytes of space, but they ensure you have a easy and quick way to connect to wireless networks after the reboot.
One need to check what firmware the wifi network controller is using because the package might not be installed by default in the base
package.
Look for the network card in the # lspci
output and use # lspci -vv -s 03:00.0
where 03:00.0
is the domain of the network card; i.e., the first column in the lspci
output.
Example:
# lspci -vv -s 03:00.0 03:00.0 Network controller: Intel Corporation Wireless-AC 9260 (rev 29) Subsystem: Bigfoot Networks, Inc. Wireless-AC 9260 Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+ [...] Kernel driver in use: iwlwifi Kernel modules: iwlwifi
Once found the kernel driver look it up in the /usr/lib/firmware
directory to check if the package needs to be installed.