These are my notes on installing Arch Linux. This is not meant to be a universal guide, but only how I like to setup Arch Linux on my workstations. Since other people might find it useful, I decided to publish it.
Here is the setup I use:
- UEFI
- systemd-boot
- LVM on LUKS, plain
/boot - NetworkManager
- Xorg
- KDE / Plasma
- SDDM
This is mostly based on the installation guide. I kept what I needed and added other parts. I made sure to put the links to all the wiki pages that I used. (❤️ Arch Wiki)
First, download the ISO here https://www.archlinux.org/download/ and burn to a drive or insert it to your VM, and boot on it.
If using a French keyboard:
loadkeys frCheck if system is under UEFI:
ls /sys/firmware/efi/efivarsConnect to wifi if needed
wifi-menuEnable NTP and set timezone
timedatectl set-ntp true
timedatectl set-timezone Europe/Paris- https://wiki.archlinux.org/index.php/Partitioning
- https://wiki.archlinux.org/index.php/EFI_system_partition
I will describe below 4 ways of using your disk:
- Classic, unencrypted partitions
- LVM
- LUKS + crypttab for the swap
- LVM on LUKS
Most people use the 4th one these days.
cfdisk is my favorite partitioning ncurses tool.
For each method, you can launch the tool with:
cfdisk /dev/sdaReplace sda with your drive. Choose GPT if asked. Create the partitions and label them. Then write and quit.
The tutorial will assume /dev/sda is your drive for the rest of the tutorial
| Partition | Space | Type |
|---|---|---|
| /dev/sda1 | 512M | EFI System |
| /dev/sda2 | xG | Linux Filesystem |
| /dev/sda3 | xG | Linux swap |
/ partition:
mkfs.ext4 /dev/sda2
mount /dev/sda2 /mnt/boot partition:
mkfs.fat -F32 /dev/sda1
mkdir /mnt/boot
mount /dev/sda1 /mnt/bootswap:
mkswap /dev/sda3
swapon /dev/sda3| Partition | Space | Type |
|---|---|---|
| /dev/sda1 | 512M | EFI System |
| /dev/sda2 | xG | Linux Filesystem |
Create the physical volume:
pvcreate /dev/sda2Then the volume group:
vgcreate vg0 /dev/sda2Then the logical volumes:
lvcreate -L xG vg0 -n swap
lvcreate -l 100%FREE vg0 -n root/ partition:
mkfs.ext4 /dev/vg0/root
mount /dev/vg0/root /mnt/boot partition:
mkfs.fat -F32 /dev/sda1
mkdir /mnt/boot
mount /dev/sda1 /mnt/bootswap:
mkswap /dev/vg0/swap
swapon /dev/vg0/swap| Partition | Space | Type |
|---|---|---|
| /dev/sda1 | 512M | EFI System |
| /dev/sda2 | xG | Linux Filesystem |
| /dev/sda3 | xG | swap |
Prepare the encrypted container:
cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --key-size 512 /dev/sda2
cryptsetup open /dev/sda2 cryptroot/:
mkfs.ext4 /dev/mapper/cryptroot
mount /dev/mapper/cryptroot /mnt/boot:
mkfs.fat -F32 /dev/sda1
mkdir /mnt/boot
mount /dev/sda1 /mnt/bootThis setup will use crypttab to initalize a swap parition on /dev/sda2, encrypted with a key from /dev/urandom, upon each boot.
Thus, when the machine is shutdown, the key is lost and the content of the swap partition can't be read.
As usual, we want to use UUID since they are safer to use than their /dev mappings. Also, the partition will be wiped upon each reboot so it's very important to make sure the same partition is always used.
Since it will be wiped, we can't use a UUID or a label to identify it. Except if we create a tiny, empty file system with a label and then define an offset in crypttab.
After pacstraping the system and entering arch-root:
mkfs.ext2 -L cryptswap /dev/sda3 1M/etc/crypttab:
swap LABEL=cryptswap /dev/urandom swap,offset=2048,cipher=aes-xts-plain64,size=512
/etc/fstab:
/dev/mapper/swap none swap defaults 0 0
| Partition | Space | Type |
|---|---|---|
| /dev/sda1 | 512M | EFI System |
| /dev/sda2 | xG | Linux Filesystem |
cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --key-size 512 /dev/sda2
cryptsetup open /dev/sda2 cryptlvmCreate the physical volume:
pvcreate /dev/mapper/cryptlvmThen the volume group:
vgcreate vg0 /dev/mapper/cryptlvmThen the logical volumes:
lvcreate -L xG vg0 -n swap
lvcreate -l 100%FREE vg0 -n root/ partition:
mkfs.ext4 /dev/vg0/root
mount /dev/vg0/root /mnt/boot partition:
mkfs.fat -F32 /dev/sda1
mkdir /mnt/boot
mount /dev/sda1 /mnt/bootswap:
mkswap /dev/vg0/swap
swapon /dev/vg0/swapInstall the base packages:
pacstrap /mnt base base-devel linux linux-firmwareGenerate partition table:
genfstab -U /mnt > /mnt/etc/fstabEnter the chroot:
arch-chroot /mntSet timezone and sync clock:
ln -sf /usr/share/zoneinfo/Europe/Paris /etc/localtime
hwclock --systohcSee https://wiki.archlinux.org/index.php/Locale
Uncomment en_US.UTF-8 UTF-8 (and fr_FR.UTF-8 UTF-8 if needed) in /etc/locale.gen.
Generate locales:
locale-genSet default locale:
echo "LANG=en_US.UTF-8
LC_COLLATE=C" > /etc/locale.confSet keymap to French (if needed):
echo "KEYMAP=fr-latin9" > /etc/vconsole.confSet hostname:
echo "arch" > /etc/hostnameSet hosts file:
echo "127.0.0.1 localhost
::1 localhost
127.0.1.1 arch.localdomain arch" >> /etc/hostsSet root password:
passwd- https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#Configuring_mkinitcpio
- https://wiki.archlinux.org/index.php/Mkinitcpio
The HOOKS line might need to be updated in /etc/mkinitcpio.conf depending on the disk method you used:
- Method 1: nothing to change
- Method 2:
base systemd udev autodetect modconf block sd-lvm2 filesystems keyboard fsck - Method 3:
base systemd udev autodetect keyboard sd-vconsole modconf block sd-encrypt filesystems fsck - Method 4:
base systemd udev autodetect keyboard sd-vconsole modconf block sd-encrypt sd-lvm2 filesystems fsck
Generate the ramdisks using the presets:
mkinitcpio -PSince we're using /boot/, no need to use --path option.
bootctl install/boot/loader/entries/arch.conf :
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options ...
The options line depends on the disk method you used.
- Method 1:
options root=UUID=$(blkid -s UUID -o value /dev/sda2) rw - Method 2:
options root=/dev/vg0/root rw - Method 3:
options rd.luks.name=$(blkid -s UUID -o value /dev/sda3)=cryptroot root=/dev/mapper/cryptroot rw - Method 4:
options rd.luks.name=$(blkid -s UUID -o value /dev/sda3)=cryptlvm root=/dev/vg0/root rw
pacman -S intel-ucodeAdd initrd /intel-ucode.img above initrd /initramfs-linux.img in /boot/loader/entries/arch.conf.
Check after reboot:
dmesg -T | grep microcodeUse amd-ucode for an AMD CPU.
pacman -S networkmanager
systemctl enable NetworkManager
systemctl start NetworkManagerIf wired with DHCP, nothing more to do.
As this point, the system should be working and usable, you can reboot. You can also stay in the chroot.
exit
umount -R /mnt
# cryptsetup close {cryptroot,crptlvm}
rebootTo enable sudo access, uncomment this line in /etc/sudoers:
%wheel ALL=(ALL) ALL
The sudo group does not exit by default so we'll use wheel.
Add user:
useradd -m -g wheel -c 'Stanislas' -s /bin/bash stanislas
passwd stanislaspacman -S xorg-server
pacman -S xf86-video-intelpacman -S plasma
pacman -S kde-applicationspacman -S sddm
systemctl enable sddm
systemctl start sddmBy default, Arch uses the archlinux-simplyblack theme, which is ugly. Let's setup breeze (the original default):
mkdir /etc/sddm.conf.d/
echo "[Theme]
Current=breeze" > /etc/sddm.conf.d/theme.confIf you're not using QWERTY, set the keymap for SDDM with:
localectl set-x11-keymap fr-latin9Log back in.
pacman -S ttf-{bitstream-vera,liberation,freefont,dejavu} freetype2yay is my current AUR helper.
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si
yay -S yayAs I trained in a VMware Fusion VM, here are some notes.
Install xf86-video-vmware instead of xf86-video-intel. xf86-input-vmmouse too.
To install the VMware tools:
pacman -S openvpn-vm-tools
systemctl enable vmtoolsd
systemctl start vmtoolsdSee https://wiki.archlinux.org/index.php/General_recommendations
