Install Arch Linux
13 Feb 2022
Thankfully, there are a few walk-throughs on how to install Arch Linux. This one was particularly helpful for me, but I made a few modifications. I have an old ThinkPad X250 kicking around that I wanted to try Arch on, so that's the hardware I use in this example. It is capable of UEFI boot.
The actual Arch download page is a bit confusing, but just scroll to the bottom of the page and click on a download mirror that is closest to you. I downloaded my Arch Linux ISO from http://mirrors.mit.edu/archlinux/iso/2022.02.01/archlinux-2022.02.01-x86_64.iso as well as http://mirrors.mit.edu/archlinux/iso/2022.02.01/sha1sums.txt
I downloaded the ISO and then sha1sumed it to be sure it was OK.
wget http://mirrors.mit.edu/archlinux/iso/2022.02.01/sha1sums.txt wget http://mirrors.mit.edu/archlinux/iso/2022.02.01/archlinux-2022.02.01-x86_64.iso sha1sum archlinux-2022.02.01-x86_64.iso cat sha1sums.txt
Find a USB thumb drive to write the ISO to. Insert the thumb drive into your computer and find it:
lsblk
On my machine, the USB is /dev/hdb, and two partitions
got auto-mounted. So I will become root, unmount those partitions,
and then write the ISO image to the thumb drive.
su -
umount /dev/sdb1
dd bs=4M if=/home/mwood/Downloads/archlinux-2022.02.01-x86_64.iso \
of=/dev/sdb oflag=sync status=progress
Now, remove the thumb drive and put it in your target computer
(in my case an old ThinkPad X250) and at boot up, hit Enter
(or whatever appropriate button on your computer) to interrupt normal
startup, then F12 (or whatever appropriate button on your computer)
to change the boot device. Select the thumb drive to boot from.
Then, at the menu, select "Arch Linux Install Medium (x96_64, UEFI)"
Arch will place you in a root shell.
Be sure you really are on a UEFI system. This ls
command will list files if you are really on a UEFI system:
ls /sys/firmware/efi/efivars
The best thing to do here is probably plug in an ethernet cable,
but it turns out the new iwctl command is pretty sweet!
It even runs in an interactive shell mode, which I use here:
iwctl [iwd]# device list [iwd]# station wlan0 scan [iwd]# station wlan0 get-networks
I see my Wi-Fi network! It is named "foo". I will now connect to it:
[iwd]# station wlan0 connect foo Type the network passphrase for foo psk. Passphrase: ******************* [iwd]# quit ping yahoo.com
That worked!
Now be sure your clock is correct:
timedatectl set-ntp true
Now find the disk you want to install Arch on:
lsblk
On my machine, it's /dev/sda, so I will use gdisk
to partition the target drive. The important thing is to create a
UEFI partition first, and then a linux partition for the rest of the
disk. Yes, it turns out that UEFI needs a FAT partition to do its stuff,
and not providing one is a bad mistake!
In my case, I delete existing partitions from a prior Arch install and then create my partitions fresh:
gdisk /dev/sda p # Print partition table. d # Delete partition... 2 # ...number 2. d # Delete partition... 1 # ...number 1. n # New partition... 1 # ...number 1... <Enter> # ...from first sector... +512M # ...plus 512MB... ef00 # ...of type "EFI system partition". n # New partition... 2 # ...number 2... <Enter> # ...from first available sector... <Enter> # ...to last available sector... 8300 # ...of type "Linux filesystem". w # Write partition table to disk. Y # Yes, really do it.
lsblk will show you your partitions.
Format the EUFI partition with FAT:
mkfs.fat -F32 /dev/sda1
Encrypt the root partition
cryptsetup -y -v luksFormat /dev/sda2 YES <enter passphrase> <enter passphrase again> cryptsetup open /dev/sda2 cryptroot
Open the encrypted partition via the device mapper
cryptsetup open /dev/sda2 cryptroot <enter passphrase>
Create an ext4 filesystem on your encrypted
partition which is presumably mounted/overlaid/mapped
at /dev/mapper/cryptroot:
mkfs.ext4 /dev/mapper/cryptroot
Now mount both the freshly-formatted UEFI partition and the encrypted partition so they are accessible on your filesystem:
mount /dev/mapper/cryptroot /mnt mkdir /mnt/boot mount /dev/sda1 /mnt/boot lsblk # look at everything to be sure it's OK
Create a swap file (rather than a swap partition) which will live in your encrypted partition. Apparently, current thinking is that the swapfile (not swap partition!) should be 1.5 times your system's RAM. I'll be honest, I usually don't bother with a swap file or swap partition anymore, but I set one up this time.
dd if=/dev/zero of=/mnt/swapfile bs=1M count=24576 status=progress chmod 600 /mnt/swapfile mkswap /mnt/swapfile swapon /mnt/swapfile
Install Arch Linux! Also, install vim so that you have a way of editing files in later steps.
pacstrap /mnt base base-devel linux linux-firmware vim
Generate the fstab file. Apparently,the fstab
file already exists, but it's just got comments in it. So we
append to it, using this handy genfstab command:
genfstab -U /mnt >> /mnt/etc/fstab
Switch to your Arch Linux installation! I haven't read up on
the arch-chroot command, but it seems to do what it
says on the tin:
arch-chroot /mnt
Set up your time zone / locale and ensure the hardware clock agrees with the software clock.
ln -sf /usr/share/zoneinfo/AmericaNew_York /etc/localtime hwclock --systohc date # ensure the date and time seem sane vim /etc/locale.gen # uncomment your locale, such as "en_US.UTF-8 UTF-8" locale-gen echo 'LANG=en_US.UTF-8' > /etc/locale.conf
Pick a hostname and put it in the /etc/hostnam and
/etc/hosts files.
echo 'manniX250' > /etc/hostname vim /etc/hosts
Be sure the contents of /etc/hots look like this:
127.0.0.1 localhost ::1 localhost 127.0.1.1 manniX250.localdomain manniX250
Set the root password:
passwd
Configure the initial RAM filesystem:
vim /etc/mkinitcpio.conf
/etc/mkinitcpio.conf is just a bash script
that we need to edit.
According to https://wiki.archlinux.org/title/mkinitcpio#HOOKS,
we want to put find the HOOKS section and put
keyboard between udev and
autodetect (and remove keyboard
from near the end of the HOOKS list) so that when
initramfs boots, it will have
all the keyboard drivers needed to collect a passphrase to decrypt
the encrypted partition. Putting keyboard this early
in the HOOKS ensures that even if the user plugs in a
keyboard not used during setup (such as the laptop keyboard) there
still should be a driver on hand to detect/use that keyboard.
To have drivers on hand for the encrypted partition, put
encrypt between block and filesystems
in the HOOKS line of /etc/mkinitcpio.conf.
Create the initial RAM filesystem:
mkinitcpio -P
Install the brug UEFI boot loader and the Intel microcode patcher thingy:
pacman -S grub efibootmgr intel-ucode
Get the UUID of your encrypted filesystem
blkid -s UUID -o value /dev/sda2 > /tmp/cryptuuid.txt
Configure grub so that it knows about the
encrypted file system:
vim /etc/default/grub
Tell grub about your encrypted filesystem:
GRUB_CMDLINE_LINUX="cryptdevice=UUID=xxxx:cryptroot"
Also, make grub as co-operative and verbose as possible:
GRUB_TIMEOUT_STYLE=menu GRUB_TIMEOUT=-1 GRUB_CMDLINE_LINUX_DEFAULT=""
Install grub:
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB grub-mkconfig -o /boot/grub/grub.cfg
Install Network Manager. Personally, I was quite happy
with that iwctl thing, but I guess Network Manager
wraps it and is generally nice:
pacman -S networkmanager systemctl enable NetworkManager
Reboot!
exit reboot
Connect to wifi, but this time using Network Manager's CLI:
nmcli d wifi list nmcli d wifi connect foo password nottellinganybody
Make a non-root user
useradd --create-home mwood passwd mwood
Install Gnome:
pacman -Syu pacman -S xorg xorg-server pacman -S gnome
It looks like this reconfigures mkinitcpio, so I guess we should reboot!
reboot
When you've rebooted, log on as root and enable gdm:
systemctl start gdm.service
Now Gnome has started; log on as the plain user you created, but then
run a terminal and then ensure the gdm service stays
enabled:
sudo systemctl enable gdm.service
Reboot again to be sure gdm comes back up on reboot:
reboot
Install Firefox
After you have rebooted, gdm should have come up,
and you show now log on as your regular, non-root user, fire up a terminal,
become root, and install Firefox (and vlc while we
are at it):
su - pacman -S firefox vlc
Install a firewall
pacman -S nftables vim /etc/nftables.conf ## if you need to disable ssh incoming systemctl enable nftables.service --now
Enable time synchronization
sudo systemctl enable systemd-timesyncd.service --now
More things to consider for SSD owners:
This apparently enables regular housekeeping of SSDs and maybe makes them last longer:
sudo systemctl enable fstrim.timer --now
More things to consider (for laptop users):
tlp and tlp-rdw will improve power management
on laptops, so consider installing those. A typical installation
looks like this, but just googleing tlp
turns up possibley more involved setups for ThinkPad users:
pacman -S tlp tlp-rdw systemctl enable tlp.service --now systemctl enable NetworkManager-dispatcher.service --now tlp-stat