1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
|
{
"title": "Arch Linux installation",
"subtitle": "Installation guide for the Arch Linux operating system"
}
#### Introduction
This article describes how to install [Arch Linux][1]. It is based on the
[official installation guide][2].
This primary documentation does not describe one specific installation option
but instead points out the different options the user has like selecting
bootloaders, boot modes or filesystems.
As a complement this article documents one specific installation inside a QEMU
virtual machine (VM). It might be used as a VM or converted to a binary image
file which can be written to a physical drive like an USB stick or SSD.
#### Design decisions
The installation is based on the following design decisions.
- UEFI boot
- GUID-based partition table
- full disc encryption
- Btrfs root filesystem
- only a minimalistic set of installed packages (no graphical environment)
- nftables firewall
- systemd- and iwd-based networking
Those might change in the future. Secure boot with a unified kernel image is
appreciated but not yet implemented.
#### Installation
First a virtual drive is created as a file as a starting point for the VM
installation. Additionally a writable copy of the UEFI variables is created to
keep settings.
```
qemu-img create -f qcow2 archlinux.qcow2 8G
cp /usr/share/edk2/x64/OVMF_VARS.4m.fd .
```
It is expected that the Arch Linux `*.iso` installation image is downloaded,
verified and saved in the same folder. See the [download page][3] for details.
The installation image can be booted with `qemu-system-x86_64`. The just
created virtual machine disk is attached as an additional drive.
It is important that immediately after the first UEFI screen is shown the `e`
key is pressed and ` console=ttyS0 <Enter>` is typed. This makes sure the
console is exposed via a virtual serial console bound to the host terminal.
Booting will take some time.
This is annoying but worth it since it allows to copy and paste all subsequent
commands instead of typing them by hand.
```
qemu-system-x86_64 \
-enable-kvm \
-m 4G \
-nic user,model=virtio \
-drive file=archlinux.qcow2,media=disk,if=virtio \
-smp cpus=4 \
-nographic \
-boot order=d \
-drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd \
-drive if=pflash,format=raw,file=OVMF_VARS.4m.fd \
-cdrom archlinux-*.iso
```
After specifying the console the installation image should boot. Next the user
`root` without password is used to log in.
The following command allows to check if the time is properly synchronized.
```
timedatectl
```
The virtual machine disk can be partitioned with `parted`.
```
parted /dev/vda --script mklabel gpt
parted /dev/vda --script mkpart primary fat32 1MiB 2GiB
parted /dev/vda --script mkpart primary 2GiB 100%
parted /dev/vda --script set 1 boot on
```
The following commands format the second partition for use with Linux Unified
Key Setup (LUKS) and opens this LUKS partition to open the encrypted partition
inside. The interactive questions have to be answered.
```
cryptsetup luksFormat --batch-mode --label CRYPTO_ROOT /dev/vda2
cryptsetup open /dev/vda2 root
```
The actual filesystems are then created with `mkfs`. For the `BOOT` partition
a FAT filesystem is used. The `ROOT` filesystem containing the operating
system and user data is formatted with
[BTRFS](https://btrfs.readthedocs.io/en/latest/).
```
mkfs.vfat -n BOOT /dev/vda1
mkfs.btrfs -L ROOT /dev/mapper/root
```
These two filesystems are opened by mounting them to the current system under
the path `/mnt`.
```
mount /dev/mapper/root /mnt
mount --options fmask=7137,dmask=7027 --mkdir /dev/vda1 /mnt/boot
```
The software `reflector` is executed to find appropriate Arch Linux package
servers which provide a good bandwidth at the current location. These server
references are later copied to the installed system.
```
systemctl start reflector
```
Selected software packages are installed to the new system with `pacstrap`.
```
pacstrap -K /mnt \
base \
linux \
linux-firmware \
parted \
btrfs-progs \
iwd \
vi \
openssh \
nftables \
arch-install-scripts \
man-db \
man-pages \
texinfo
```
The filesystem table (`fstab`) is created, printed and saved to the new system
to describe which filesystems should be mounted where during boot.
```
genfstab -L /mnt | tee /mnt/etc/fstab
```
Without actual booting a change root (`chroot`) command is used to use the new
system already.
```
arch-chroot /mnt
```
Miscellaneous settings are configured via the command line.
```
ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
hwclock --systohc
sed -i 's/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
locale-gen
echo 'LANG=en_US.UTF-8' > /etc/locale.conf
echo 'archlinux' > /etc/hostname
echo 'root' | passwd -s
echo '[Match]
Kind=!*
Type=ether wlan
[Network]
DHCP=yes' > /etc/systemd/network/auto.network
systemctl enable nftables.service
systemctl enable systemd-networkd.service
systemctl enable systemd-resolved.service
ln -sf ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
systemctl enable iwd.service
systemctl enable systemd-timesyncd.service
```
The systemd bootloader is installed and configured.
```
bootctl install
echo 'title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=/dev/disk/by-label/CRYPTO_ROOT:root root=/dev/mapper/root rw' > /boot/loader/entries/arch.conf
```
The initial RAM filesystem (`initramfs`) is configured and created to ensure
BTRFS and LUKS support during an early boot stage.
```
sed -i 's/^HOOKS.*$/HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt btrfs filesystems fsck)/g' /etc/mkinitcpio.conf
mkinitcpio -P
```
The `chroot` is exited and the live system is powered off.
```
exit
poweroff
```
The virtual machine image can be written to a physical drive like a boot stick
or SSD with `qemu-img`. For that the `/dev/null` in the following command has
to be replaced by the path to the correct drive. A mistake here might lead to
the destruction of the current system with no way back. Use with care and only
if you know what you are doing.
```
qemu-img dd -f qcow2 -O raw if=archlinux.qcow2 of=/dev/null
```
Otherwise the virtual machine image can be started again with QEMU without the
installation image:
```
qemu-system-x86_64 \
-enable-kvm \
-m 4G \
-nic user,model=virtio \
-drive file=archlinux.qcow2,media=disk,if=virtio \
-smp cpus=4 \
-drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd \
-drive if=pflash,format=raw,file=OVMF_VARS.4m.fd
```
The username and password is based on this guide `root`. Output to the serial
console is currently not supported.
If the new system is booted the second partition containing the LUKS container
and `ROOT` BTRFS partition can be extended to the full possible size.
```
parted /dev/sdb --script resizepart 2 100%
cryptsetup resize root
btrfs filesystem resize max /
```
With this step the installation is finished.
[1]: https://archlinux.org/
[2]: https://wiki.archlinux.org/title/Installation_guide
[3]: https://archlinux.org/download/
|
