An opinionated guide on how to install Arch Linux

I still remember when I got into arch the first time. It was damn hard and it felt like crazy to setup an operating system by hand. Although the wiki is very detailed about, it often lacks on an opinionated path very likely how the debian installer does. It feels overwhelming to choose between the sheer endless possibilities, which results in a paradox of choice quite often. All that power comes with responsibility I was not able to handle at the time. This is just a guide for myself, so don’t forget to RTFM1.

Prepare the disks

Use gdisk /dev/sda to create 2 partitions:

  • the ESP for the bootloader of the type ef00 with half a gig of size
  • the main partition for the operating system itself with all the space left

I also do use full disk encryption with LVM on LUKS on anything mobile. This way I feel kinda safe whatever happens while arch isn’t running, whether one may do a steal or I leave it somewhere behind, no one but me can access any data stored on the disk2 – as long as it is powered off.

cryptsetup luksFormat --type luks2 /dev/sda2
cryptsetup open /dev/sda2 arch
pvcreate /dev/mapper/arch
vgcreate arch /dev/mapper/arch
lvcreate -L 8G arch -n swap
lvcreate -l 100%FREE arch -n root

mkfs.ext4 /dev/arch/root
mount /dev/arch/root /mnt

mkswap /dev/arch/swap
swapon /dev/arch/swap

mkfs.fat -F32 /dev/sda1
mkdir /mnt/boot
mount /dev/sda1 /mnt/boot

Install the system

Before I start, I’ve to make sure I can access the internet. This could be done with an ethernet cable attached to and a bridged network which will share the internet connection, enable tethering on your phone via USB or a wireless network I connect to with the interactive wifi-menu3. I also rank the mirrors according to their speed. This may take a while but is totally worth it.

cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.bak
rankmirrors -n 6 /etc/pacman.d/mirrorlist.bak > /etc/pacman.d/mirrorlist

pacstrap /mnt base base-devel
genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt

ln -sf /usr/share/zoneinfo/Europe/Vienna /etc/localtime
hwclock --systohc

sed -i 's/^#en_US/en_US/' /etc/locale.gen
echo 'LANG=en_US.UTF-8' > /etc/locale.conf
loacle-gen

echo 'arch' > /etc/hostname

sed 's/HOOKS=.*/HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt lvm2 filesystems fsck)/' /etc/mkinitcpio.conf
mkinitcpio -p linux

pacman -S intel-ucode
passwd

Setup the bootloader

Use the bootloader arch comes with by default which is systemd-boot and setup the bootloader with bootctl --path=/boot install. Then configure the default entry, timeout and make sure to disable the editor. To get the UUID use blkid -s UUID -o value /dev/sda2 and redirect the output to the config file.

default arch
timeout 5
editor 0
title   Arch Linux
linux   /vmlinuz-linux
initrd  /intel-ucode.img
initrd  /initramfs-linux.img
options cryptdevice=UUID=3df67383-c10f-4eeb-b111-891625e2155f:arch root=/dev/mapper/arch-root rw

Exit, unmount everything and reboot.

exit
umount -R /mnt
reboot

If something has gone wrong, encrypt the block device, mount the root and boot partitions and chroot into it again. Rinse and repeat ’till you got the issue fixed.

cryptsetup open /dev/sda2 arch

mount /dev/arch/root /mnt
mount /dev/sda1 /mnt/boot

arch-chroot /mnt

Footnotes:

1

Read the fuckin fine manual.

2

I don’t expect anyone to replace my bootloader with something which will leak the password the next time I’m typing it. If you care about vulnerability here, take a look at GRUB2 (beta) and encrypt the /boot partition as well.

3

This should be very self explanatory to use. Don’t forget to install iw, wpa_supplicant and the dialog package before you reboot, otherwise you won’t be able to connect to a wireless network after the installation.