diff options
Diffstat (limited to 'content')
| -rw-r--r-- | content/articles/arch-installation.md | 242 |
1 files changed, 242 insertions, 0 deletions
diff --git a/content/articles/arch-installation.md b/content/articles/arch-installation.md new file mode 100644 index 0000000..5da4b22 --- /dev/null +++ b/content/articles/arch-installation.md @@ -0,0 +1,242 @@ +{ + "title": "Arch Linux installation", + "subtitle": "Installation guide for the Arch Linux operating system" +} + +#### Introduction + +This article describes how to install [Arch Linux][1]. It is based on the +[official installation guide][2]. + +This primary documentation does not describe one specific installation option +but instead points out the different options the user has like selecting +bootloaders, boot modes or filesystems. + +As a complement this article documents one specific installation inside a QEMU +virtual machine (VM). It might be used as a VM or converted to a binary image +file which can be written to a physical drive like an USB stick or SSD. + +#### Design decisions + +The installation is based on the following design decisions. + +- MBR-based partition table and BIOS / legacy boot +- full disc encryption +- Btrfs filesystem +- only a minimalistic set of installed packages (no graphical environment) + +Those might change in the future. A GPT-based partition table and a UEFI boot +based on a unified kernel image would be appreciated to support secure boot but +could not be achieved so far. + +#### Installation + +First a virtual drive is created as a file as a starting point for the VM +installation. + +``` +qemu-img create -f qcow2 archlinux.qcow2 8G +``` + +It is expected that the Arch Linux `*.iso` installation image is downloaded, +verified and saved in the same folder. See the [download page][3] for details. + +The installation image can be booted with `qemu-system-x86_64`. The just +created virtual machine disk is attached as an additional drive. + +``` +qemu-system-x86_64 \ + -enable-kvm \ + -m 4G \ + -nic user,model=virtio \ + -drive file=archlinux.qcow2,media=disk,if=virtio \ + -smp cpus=4 \ + -nographic \ + -boot order=d \ + -cdrom archlinux-*.iso +``` + +On the first screen of the bootloader it needs to be specified that only the +serial console should be used which is mapped to the host terminal. For that +purpose the text below has to be typed before the bootloader picks the default +options. + +``` +<TAB> console=ttyS0 +``` + +This is annoying but worth it since it allows to copy and paste all subsequent +commands instead of typing them by hand. + +After specifying the console the installation image should boot. Next the user +`root` without password is used to log in. + +The following command allows to check if the time is properly synchronized. + +``` +timedatectl +``` + +The virtual machine disk can be partitioned with `parted`. + +``` +parted /dev/vda --script mklabel msdos +parted /dev/vda --script mkpart primary fat32 1MiB 2GiB +parted /dev/vda --script mkpart primary 2GiB 100% +parted /dev/vda --script set 1 boot on +``` + +The following commands format the second partition for use with Linux Unified +Key Setup (LUKS) and opens this LUKS partition to open the encrypted partition +inside. The interactive questions have to be answered. + +``` +cryptsetup luksFormat --batch-mode --label CRYPTO_ROOT /dev/vda2 +cryptsetup open /dev/vda2 root +``` + +The actual filesystems are then created with `mkfs`. For the `BOOT` partition +a FAT filesystem is used. The `ROOT` filesystem containing the operating +system and user data is formatted with +[BTRFS](https://btrfs.readthedocs.io/en/latest/). + +``` +mkfs.vfat -n BOOT /dev/vda1 +mkfs.btrfs -L ROOT /dev/mapper/root +``` + +These two filesystems are opened by mounting them to the current system under +the path `/mnt`. + +``` +mount /dev/mapper/root /mnt +mount --mkdir /dev/vda1 /mnt/boot +``` + +The software `reflector` is executed to find appropriate Arch Linux package +servers which provide a good bandwidth at the current location. These server +references are later copied to the installed system. + +``` +systemctl start reflector +``` + +Selected software packages are installed to the new system with `pacstrap`. + +``` +pacstrap -K /mnt \ + base \ + linux \ + linux-firmware \ + parted \ + syslinux \ + btrfs-progs \ + networkmanager \ + chrony \ + nano \ + htop \ + openssh \ + man-db \ + man-pages \ + texinfo +``` + +The filesystem table (`fstab`) is created, printed and saved to the new system +to describe which filesystems should be mounted where during boot. + +``` +genfstab -L /mnt | tee /mnt/etc/fstab +``` + +Without actual booting a change root (`chroot`) command is used to use the new +system already. + +``` +arch-chroot /mnt +``` + +Miscellaneous settings are configured via the command line. + +``` +ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime +hwclock --systohc +sed -i 's/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen +locale-gen +echo 'LANG=en_US.UTF-8' > /etc/locale.conf +echo 'archlinux' > /etc/hostname +echo 'root' | passwd -s +systemctl enable NetworkManager +systemctl enable chronyd +``` + +The `syslinux` bootloader is installed and configured. + +``` +mkdir -p /boot/syslinux +cp /usr/lib/syslinux/bios/*.c32 /boot/syslinux/ +extlinux --install /boot/syslinux +dd bs=440 count=1 conv=notrunc if=/usr/lib/syslinux/bios/mbr.bin of=/dev/vda +cp /usr/share/syslinux/syslinux.cfg /boot/syslinux/ +sed -i 's|root=/dev/sda3 rw|cryptdevice=/dev/disk/by-label/CRYPTO_ROOT:root root=/dev/mapper/root rw|g' /boot/syslinux/syslinux.cfg +``` + +The initial RAM filesystem (`initramfs`) is configured and created to ensure +BTRFS and LUKS support during an early boot stage. + +``` +sed -i 's/^HOOKS.*$/HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt btrfs filesystems fsck)/g' /etc/mkinitcpio.conf +mkinitcpio -P +``` + +The `chroot` is exited and the live system is powered off. + +``` +exit +poweroff +``` + +Optionally the QEMU image can be converted to a binary image to flash it to a +physical drive like an USB stick or SSD. + +``` +qemu-img convert -f qcow2 -O raw archlinux.qcow2 archlinux.img +``` + +This image can be written to the target device (`/dev/sdb` in this case). It is +very important to select the correct target and triple-check the following +command before execution. If the currently used system is the target it is +simply overwritten without any way back! + +``` +dd if=archlinux.img of=/dev/sdb bs=512 status=progress +``` + +Otherwise the virtual machine image can be started again with QEMU without the +installation image: + +``` +qemu-system-x86_64 \ + -enable-kvm \ + -m 4G \ + -nic user,model=virtio \ + -drive file=archlinux.qcow2,media=disk,if=virtio \ + -smp cpus=4 +``` + +The username and password is based on this guide `root`. Using it with the +`-nographic` option is not yet possible. + +If the new system is booted the second partition containing the LUKS container +and `ROOT` BTRFS partition can be extended to the full possible size. + +``` +parted /dev/sdb --script resizepart 2 100% +cryptsetup resize root +btrfs filesystem resize max / +``` + +With this step the installation is finished. + +[1]: https://archlinux.org/ +[2]: https://wiki.archlinux.org/title/Installation_guide +[3]: https://archlinux.org/download/ |