Archlinux install notes

I still remember when I got into arch the first time. It was damn hard and it felt like crazy to setup an operating system by hand. Although the wiki is very detailed about, it often lacks on an opinionated path very likely how the debian installer does. It feels overwhelming to choose between the sheer endless possibilities, which results in a paradox of choice quite often. All that power comes with responsibility I was not able to handle at the time. This is just a guide for myself, so don’t forget to RTFM.

Prepare the disks

Use gdisk /dev/sda to create 2 partitions:

I also do use full disk encryption with LVM on LUKS on anything mobile. This way I feel kinda safe whatever happens while arch isn’t running, whether one may do a steal or I leave it somewhere behind, no one but me can access any data stored on the disk1 – as long as it is powered off.

cryptsetup luksFormat --type luks2 /dev/sda2
cryptsetup open /dev/sda2 arch
pvcreate /dev/mapper/arch
vgcreate arch /dev/mapper/arch
lvcreate -L 8G arch -n swap
lvcreate -l 100%FREE arch -n root

mkfs.ext4 /dev/arch/root
mount /dev/arch/root /mnt

mkswap /dev/arch/swap
swapon /dev/arch/swap

mkfs.fat -F32 /dev/sda1
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot

Install the system

Before I start, I’ve to make sure I can access the internet. This could be done with an ethernet cable attached to and a bridged network which will share the internet connection, enable tethering on your phone via USB or a wireless network I connect to with the interactive wifi-menu. I also rank the mirrors according to their speed. This may take a while but is totally worth it.

  pacstrap /mnt base base-devel
  genfstab -U /mnt >> /mnt/etc/fstab
  arch-chroot /mnt

  pacman -Syu && pacman -S reflector iw wpa_supplicant dialog
  reflector --verbose -l 64 --sort rate --save /etc/pacman.d/mirrorlist

  ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime
  hwclock --systohc

  sed -i 's/^#en_US/en_US/' /etc/locale.gen
  echo 'LANG=en_US.UTF-8' > /etc/locale.conf

  echo 'arch' > /etc/hostname

  sed 's/HOOKS=.*/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems fsck)/' /etc/mkinitcpio.conf
  mkinitcpio -p linux

  pacman -S intel-ucode

Setup the bootloader

Use the bootloader arch comes with by default which is systemd-boot and setup the bootloader with bootctl --path=/boot install. Then configure the default entry, timeout and make sure to disable the editor. To get the UUID use blkid -s UUID -o value /dev/sda2 and redirect the output to the config file.

default arch
timeout 5
editor 0
title   Arch Linux
linux   /vmlinuz-linux
initrd  /intel-ucode.img
initrd  /initramfs-linux.img
options cryptdevice=UUID=3df67383-c10f-4eeb-b111-891625e2155f:arch root=/dev/mapper/arch-root rw

Exit, unmount everything and reboot.

umount -R /mnt

If something has gone wrong, encrypt the block device, mount the root and boot partitions and chroot into it again. Rinse and repeat ’till you got the issue fixed.

cryptsetup open /dev/sda2 arch

mount /dev/arch/root /mnt
mount /dev/sda1 /mnt/boot

arch-chroot /mnt

Post install

useradd -m manu -G wheel
passwd manu

pacman -S sudo

  1. I don’t expect anyone to replace my bootloader with something which will leak the password the next time I’m typing it. If you care about vulnerability here, take a look at GRUB2 (beta) and encrypt the /boot partition as well.↩︎