EWK Projects

Arch Linux 

% echo "Hello whirled!"

The web is full of self help guides for installing Arch Linux.

This is another one.

Keep in mind that Arch is one of the few distributions that chose to remove its own installer. If you're new to Linux, Arch is not the place to start.

You have to build up your own system from scratch, which is a great learning experience. The end result is lean and efficient. I highly recommend trying Arch, provided you know what you're getting into. There may be dragons ...

I prefer to set up my laptops with full disk encryption. The recommended way to do that with Arch is to use LVM on LUKS.

My current machine has the older, buggy 1.0 UEFI firmware so I ended up sticking with BIOS and the GRUB bootloader. For UEFI, you just need to use a disk partitioning tool that supports GPT and create an additional FAT32 boot partition. UEFI also gives you a broader range of choices for bootloaders, and your final configuration will of course be different.

These are the general steps to prepare the installation to use LVM on LUKS:

  1. create boot partition
    • must be unencrypted
  2. create encrypted LUKS partition on the remainder of drive
  3. create physical volume on top of LUKS
    • then create volume group and filesystems
    • mount /root
    • create and mount /home, swap, etc
  4. Add the encrypt and lvm2 parameters to the system image.
  5. Configure the boot loader to decrypt the disk and mount the logical volumes.

The detailed steps I've used track closely to the Beginner's Guide.

Remember I'm stuck booting in BIOS mode. Use sgdisk/cgdisk if you're booting with UEFI. 

% sfdisk wipe
% cfdisk create partitions

UEFI users must make the first partition fat32 

% mkfs.ext2 /dev/sda1

Encrypt the partition, then set up logical volumes. 

% cryptsetup -c aes-xts-plain -h sha512 luksFormat /dev/sda2
% cryptsetup open --type luks /dev/sda2 lvm
% pvcreate /dev/mapper/lvm
% vgcreate vgroup /dev/mapper/lvm
% lvcreate -L 159G vgroup -n root
% lvcreate -l 100%FREE vgroup -n swap
% mkfs.ext4 /dev/mapper/vgroup-root
% mkswap /dev/mapper/vgroup-swap
% swapon --discard /dev/mapper/vgroup-swap
% mount /dev/mapper/vgroup-root /mnt
% mkdir /mnt/boot
% mount /dev/sda1 /mnt/boot

Now we're ready to install the base system. 

% pacstrap /mnt base base-devel
% genfstab -U -p /mnt >> /mnt/etc/fstab
% vi /mnt/etc/fstab

And now we can chroot to the bootstrapped system. A little more configuration is required before the new installation can boot on its own. 

% arch-chroot /mnt /bin/bash
% vi /etc/locale.gen
% locale-gen
% echo LANG=en_US.UTF-8 > /etc/locale.conf
% export LANG=en_US.UTF-8
% ln -s /usr/share/zoneinfo/US/$ZONE /etc/localtime
% hwclock --systohc --utc
% echo $YOURHOSTNAME > /etc/hostname
% vi /etc/hosts

Edit the kernel image configuration: 

% vi /etc/mkinitcpio.conf

Find the "HOOKS" line and add "encrypt lvm2" before filesystems. Then build the new system image. 

HOOKS="base udev autodetect modconf block encrypt lvm2 \
filesystems keyboard fsck"
% mkinitcpio -p linux

NetworkManager is now stable. For persistent network access between reboots, all you should need to do is enable it through Systemd. You may need to install additional network drivers later. 

% systemctl enable NetworkManager

Don't forget to set a root password. 

% passwd

Now just install and configure the bootloader. For BIOS and GRUB, edit GRUB's default config and add the following line. 

% vim /etc/default/grub
% GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:vgroup \
root=/dev/mapper/vgroup-root"

You must rebuild the GRUB boot menu to use the new settings. 

% grub-mkconfig -o /boot/grub/grub.cfg

Suspend should "just work" as configured. If it doesn't, try adding this line to /etc/default/grub and rebuilding the GRUB menu. 

GRUB_CMDLINE_LINUX_DEFAULT="... resume=/dev/mapper/vgroup-swap

And that's it. Unmount the partitions and reboot, and you should have a working system with full disk encryption. Of course, there's still lots more to set up before we have a fully usable system.

Post Install

First thing on the list is creating a new user so I don't have to use the root account for everything. 

% useradd -m -G wheel -s /bin/zsh $YOURNAME
% passwd $YOURNAME

Add myself to the superusers club. 

% visudo

Packages for a base graphical environment. 

% pacman -S gnome xf86-video-intel zsh ttf-inconsolata \
xf86-input-synaptics gnome-tweak-tool file-roller
% systemctl enable gdm

Configure mdns support so I can find other machines on my local network. 

% pacman -S nss-mdns openssh
% systemctl enable avahi-daemon

Add mdns4 to hosts line in /etc/nsswitch.conf: 

hosts: files mdns_minimal [NOTFOUND=return] dns myhostname

The Arch wiki's Simple Stateful Firewall works well. Note the special syntax required to actually write the iptables rules: 

% sudo bash -c "iptables-save > /etc/iptables.rules"

Additional applications I cannot live without: 

% pacman -S firefox mutt gvim keychain chromium \
keepassx w3m gnupg rsync

Additional development tools I cannot live without: 

% pacman -S strace tk linux-lts bc clang valgrind git

Love it or hate it, Perl makes the world go round. Perl (and its packages) used to be installed in an unusual place in Arch. You may want to add it to your path: 

PATH+=/usr/bin/vendor_perl:

Mostly I just rely my local perlbrew: 

% pacman -S perlbrew ack
% perlbrew init
% perlbrew install 5.20.0
% perlbrew install-cpanm
% perlbrew switch 5.20.0

Keep GRUB lightweight. Add this line to the end of /etc/default/grub: 

GRUB_DISABLE_SUBMENU=y

Read all about SSD tuning here .

Add trim support to non-boot partitions: 

% vim /etc/fstab

Add trim support to /etc/default/grub 

GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda4:vgroup:allow-discards"
% grub-mkconfig -o /boot/grub/grub.cfg

And finally, prevent the swap file from thrashing the disk: 

% echo 1 > /proc/sys/vm/swappiness

And that's it. A lightweight but feature rich Linux installation. It takes a little more work to set up, but eliminates the complexity of managing a larger distribution.