I still remember when I got into arch the first time. It was damn hard and it felt like crazy to setup an operating system by hand. Although the wiki is very detailed about, it often lacks on an opinionated path very likely how the debian installer does. It feels overwhelming to choose between the sheer endless possibilities, which results in a paradox of choice quite often. All that power comes with responsibility I was not able to handle at the time. This is just a guide for myself, so don’t forget to RTFM1.
Prepare the disks
gdisk /dev/sda to create 2 partitions:
- the ESP for the bootloader of the type
ef00with half a gig of size
- the main partition for the operating system itself with all the space left
I also do use full disk encryption with LVM on LUKS on anything mobile. This way I feel kinda safe whatever happens while arch isn’t running, whether one may do a steal or I leave it somewhere behind, no one but me can access any data stored on the disk2 – as long as it is powered off.
cryptsetup luksFormat --type luks2 /dev/sda2 cryptsetup open /dev/sda2 arch pvcreate /dev/mapper/arch vgcreate arch /dev/mapper/arch lvcreate -L 8G arch -n swap lvcreate -l 100%FREE arch -n root mkfs.ext4 /dev/arch/root mount /dev/arch/root /mnt mkswap /dev/arch/swap swapon /dev/arch/swap mkfs.fat -F32 /dev/sda1 mkdir /mnt/boot mount /dev/sda1 /mnt/boot
Install the system
Before I start, I’ve to make sure I can access the internet. This could be done with an ethernet cable attached to and a bridged network which will share the internet connection, enable tethering on your phone via USB or a wireless network I connect to with the interactive
wifi-menu3. I also rank the mirrors according to their speed. This may take a while but is totally worth it.
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak rankmirrors -n 6 /etc/pacman.d/mirrorlist.bak > /etc/pacman.d/mirrorlist pacstrap /mnt base base-devel genfstab -U /mnt >> /mnt/etc/fstab arch-chroot /mnt ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime hwclock --systohc sed -i 's/^#en_US/en_US/' /etc/locale.gen echo 'LANG=en_US.UTF-8' > /etc/locale.conf loacle-gen echo 'arch' > /etc/hostname sed 's/HOOKS=.*/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems fsck)/' /etc/mkinitcpio.conf mkinitcpio -p linux pacman -S intel-ucode passwd
Setup the bootloader
Use the bootloader arch comes with by default which is
systemd-boot and setup the bootloader with
bootctl --path=/boot install. Then configure the default entry, timeout and make sure to disable the editor. To get the UUID use
blkid -s UUID -o value /dev/sda2 and redirect the output to the config file.
default arch timeout 5 editor 0
title Arch Linux linux /vmlinuz-linux initrd /intel-ucode.img initrd /initramfs-linux.img options cryptdevice=UUID=3df67383-c10f-4eeb-b111-891625e2155f:arch root=/dev/mapper/arch-root rw
Exit, unmount everything and reboot.
exit umount -R /mnt reboot
If something has gone wrong, encrypt the block device, mount the root and boot partitions and chroot into it again. Rinse and repeat ’till you got the issue fixed.
cryptsetup open /dev/sda2 arch mount /dev/arch/root /mnt mount /dev/sda1 /mnt/boot arch-chroot /mnt
fuckin fine manual.
I don’t expect anyone to replace my bootloader with something which will leak the password the next time I’m typing it. If you care about vulnerability here, take a look at GRUB2 (beta) and encrypt the
/boot partition as well.
This should be very self explanatory to use. Don’t forget to install
wpa_supplicant and the
dialog package before you reboot, otherwise you won’t be able to connect to a wireless network after the installation.