articles: Add qemu-arch-installation.mdHEADmain

1 files changed, 242 insertions, 0 deletions

diff --git a/content/articles/arch-installation.md b/content/articles/arch-installation.md
new file mode 100644
index 0000000..5da4b22
--- /dev/null
+++ b/content/articles/arch-installation.md
@@ -0,0 +1,242 @@
+{
+	"title": "Arch Linux installation",
+	"subtitle": "Installation guide for the Arch Linux operating system"
+}
+
+#### Introduction
+
+This article describes how to install [Arch Linux][1]. It is based on the
+[official installation guide][2].
+
+This primary documentation does not describe one specific installation option
+but instead points out the different options the user has like selecting
+bootloaders, boot modes or filesystems.
+
+As a complement this article documents one specific installation inside a QEMU
+virtual machine (VM). It might be used as a VM or converted to a binary image
+file which can be written to a physical drive like an USB stick or SSD.
+
+#### Design decisions
+
+The installation is based on the following design decisions.
+
+- MBR-based partition table and BIOS / legacy boot
+- full disc encryption
+- Btrfs filesystem
+- only a minimalistic set of installed packages (no graphical environment)
+
+Those might change in the future. A GPT-based partition table and a UEFI boot
+based on a unified kernel image would be appreciated to support secure boot but
+could not be achieved so far.
+
+#### Installation
+
+First a virtual drive is created as a file as a starting point for the VM
+installation.
+
+```
+qemu-img create -f qcow2 archlinux.qcow2 8G
+```
+
+It is expected that the Arch Linux `*.iso` installation image is downloaded,
+verified and saved in the same folder. See the [download page][3] for details.
+
+The installation image can be booted with `qemu-system-x86_64`. The just
+created virtual machine disk is attached as an additional drive.
+
+```
+qemu-system-x86_64 \
+    -enable-kvm \
+    -m 4G \
+    -nic user,model=virtio \
+    -drive file=archlinux.qcow2,media=disk,if=virtio \
+    -smp cpus=4 \
+    -nographic \
+    -boot order=d \
+    -cdrom archlinux-*.iso
+```
+
+On the first screen of the bootloader it needs to be specified that only the
+serial console should be used which is mapped to the host terminal. For that
+purpose the text below has to be typed before the bootloader picks the default
+options.
+
+```
+<TAB> console=ttyS0
+```
+
+This is annoying but worth it since it allows to copy and paste all subsequent
+commands instead of typing them by hand.
+
+After specifying the console the installation image should boot. Next the user
+`root` without password is used to log in.
+
+The following command allows to check if the time is properly synchronized.
+
+```
+timedatectl
+```
+
+The virtual machine disk can be partitioned with `parted`.
+
+```
+parted /dev/vda --script mklabel msdos
+parted /dev/vda --script mkpart primary fat32 1MiB 2GiB
+parted /dev/vda --script mkpart primary 2GiB 100%
+parted /dev/vda --script set 1 boot on
+```
+
+The following commands format the second partition for use with Linux Unified
+Key Setup (LUKS) and opens this LUKS partition to open the encrypted partition
+inside. The interactive questions have to be answered.
+
+```
+cryptsetup luksFormat --batch-mode --label CRYPTO_ROOT /dev/vda2
+cryptsetup open /dev/vda2 root
+```
+
+The actual filesystems are then created with `mkfs`. For the `BOOT` partition
+a FAT filesystem is used. The `ROOT` filesystem containing the operating
+system and user data is formatted with
+[BTRFS](https://btrfs.readthedocs.io/en/latest/).
+
+```
+mkfs.vfat -n BOOT /dev/vda1
+mkfs.btrfs -L ROOT /dev/mapper/root
+```
+
+These two filesystems are opened by mounting them to the current system under
+the path `/mnt`.
+
+```
+mount /dev/mapper/root /mnt
+mount --mkdir /dev/vda1 /mnt/boot
+```
+
+The software `reflector` is executed to find appropriate Arch Linux package
+servers which provide a good bandwidth at the current location. These server
+references are later copied to the installed system.
+
+```
+systemctl start reflector
+```
+
+Selected software packages are installed to the new system with `pacstrap`.
+
+```
+pacstrap -K /mnt \
+    base \
+    linux \
+    linux-firmware \
+    parted \
+    syslinux \
+    btrfs-progs \
+    networkmanager \
+    chrony \
+    nano \
+    htop \
+    openssh \
+    man-db \
+    man-pages \
+    texinfo
+```
+
+The filesystem table (`fstab`) is created, printed and saved to the new system
+to describe which filesystems should be mounted where during boot.
+
+```
+genfstab -L /mnt | tee /mnt/etc/fstab
+```
+
+Without actual booting a change root (`chroot`) command is used to use the new
+system already.
+
+```
+arch-chroot /mnt
+```
+
+Miscellaneous settings are configured via the command line.
+
+```
+ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+hwclock --systohc
+sed -i 's/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
+locale-gen
+echo 'LANG=en_US.UTF-8' > /etc/locale.conf
+echo 'archlinux' > /etc/hostname
+echo 'root' | passwd -s
+systemctl enable NetworkManager
+systemctl enable chronyd
+```
+
+The `syslinux` bootloader is installed and configured.
+
+```
+mkdir -p /boot/syslinux
+cp /usr/lib/syslinux/bios/*.c32 /boot/syslinux/
+extlinux --install /boot/syslinux
+dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/mbr.bin of=/dev/vda
+cp /usr/share/syslinux/syslinux.cfg /boot/syslinux/
+sed -i 's|root=/dev/sda3 rw|cryptdevice=/dev/disk/by-label/CRYPTO_ROOT:root root=/dev/mapper/root rw|g' /boot/syslinux/syslinux.cfg
+```
+
+The initial RAM filesystem (`initramfs`) is configured and created to ensure
+BTRFS and LUKS support during an early boot stage.
+
+```
+sed -i 's/^HOOKS.*$/HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt btrfs filesystems fsck)/g' /etc/mkinitcpio.conf
+mkinitcpio -P
+```
+
+The `chroot` is exited and the live system is powered off.
+
+```
+exit
+poweroff
+```
+
+Optionally the QEMU image can be converted to a binary image to flash it to a
+physical drive like an USB stick or SSD.
+
+```
+qemu-img convert -f qcow2 -O raw archlinux.qcow2 archlinux.img
+```
+
+This image can be written to the target device (`/dev/sdb` in this case). It is
+very important to select the correct target and triple-check the following
+command before execution. If the currently used system is the target it is
+simply overwritten without any way back!
+
+```
+dd if=archlinux.img of=/dev/sdb bs=512 status=progress
+```
+
+Otherwise the virtual machine image can be started again with QEMU without the
+installation image:
+
+```
+qemu-system-x86_64 \
+    -enable-kvm \
+    -m 4G \
+    -nic user,model=virtio \
+    -drive file=archlinux.qcow2,media=disk,if=virtio \
+    -smp cpus=4
+```
+
+The username and password is based on this guide `root`. Using it with the
+`-nographic` option is not yet possible.
+
+If the new system is booted the second partition containing the LUKS container
+and `ROOT` BTRFS partition can be extended to the full possible size.
+
+```
+parted /dev/sdb --script resizepart 2 100%
+cryptsetup resize root
+btrfs filesystem resize max /
+```
+
+With this step the installation is finished.
+
+[1]: https://archlinux.org/
+[2]: https://wiki.archlinux.org/title/Installation_guide
+[3]: https://archlinux.org/download/