Arch Linux Installation : Part 2

23 Oct 2020, 09:17pm TZ +05:30

Continuing where we left off in part 1

This is the Part 2 in the series. This part deals with configuration of Software Repositories, partitioning and formatting the disk.
Part 1 | Part 2 | Part 3

Stage : Configure Repositories [CR] #

We have the internet and setup interface working fine. Now its time to get the software repositories correct. Here we would address the Secure from the beginning part.

CR Step-1. Update the NTP Clocks #

timedatectl set-ntp true      # Enable NTP
hwclock --systohc --utc       # Update Hardware Clock to UTC

This would help to make sure that the current system is correct. As well the Hardware clock is at UTC.

CR Step-2. Update the Repositories to Latest, Fastest and Secure servers #

We can use the Reflector command, which comes preinstalled in the ISO.

reflector --country India,'United States',Japan --age 6 \
 --protocol https --sort rate \
 --save /etc/pacman.d/mirrorlist

Wait for the command to complete. It takes some time (or may be long time - depending on your internet connection) to figure out the best mirrors. Rest assured they will always be Secure https repository mirrors.

You can check out the updated repository files here:

1
cat /etc/pacman.d/mirrorlist | less      # To Check if We Got the Things

CR Step-3. Update Repositories #

This one is very simple. We have the good old pacman to help us here.

pacman -Syyy

This would force update all the repositories, no upgrade would be initiated.

Stage : Disk Partitioning [DP] #

With our repositories in order, we are ready to jump into to the next stage. This is probably one of the most crucial stage. If we commit one mistake we have trouble ensued at a later date.

DP Step-1. Listing out the Partitions and Disks #

There are many options here. Based on what you might have installed there can be many different type of disk orientations.

In order to categorize we need to select some common ground.

Assumptions for Disk - Taken here
Note : These assumptions help me to explain the things easily. They should not be taken as the only configuration. Your PC might have different configuration than that mentioned here.
We Assume a 1TB Disk for all Pictures to be the Maximum Capacity

Command to Find out about Disks on Your PC #

lsblk

We use this command to list out all the partitions and disks connected on a given computer.

The Output of this command might look like this:

List of Disks and Partitions on the PC

In this picture there are 3 important pieces of information:

Disk / Partition Name indicated by the NAME field. This is important to know when installing since we would need to partition the correct disk. If a wrong disk / partition is selected we might have problems.
Size of the respective disk / partition indicted in the SIZE field. This is another indicator that helps us decide on which disk we need to make the installation. For example, in this picture we have vda as the name of the actual disk on the PC. But we also have another USB drive attached sda that has 57.3G or 64GB size.
Mount point for each of these as indicated in the MOUNTPOINT field. In order to perform installation we need to mount their respective partitions in correct locations or the Arch Linux installer would fail. In this picture we only ave CDROM containing the ARCH-ISO image mounted by default at /run/archiso/.

DP Step-2. Partitioning for UEFI Systems (Recommended) #

Now we would look at how to partition a new disk.

!DANGER! Assumptions - Only one OS on Disk
This installation assumes that you would have only one operating system in your disk. If you wish to have more than one then you need to create the partitions accordingly.

Since we know that we have 1TB Disk here are a few layout options:

With Swap:
- EFI: 550MiB
- Swap: 8GiB (for a PC with 8GiB of Ram)
- Root: Rest of the space
Without Swap:
- EFI: 550MiB
- Root: Rest of the space

Cleaning up existing Partitions #

sgdisk --zap-all /dev/sda

! DANGER ! Disk Wipe Risk
The above command will destroy or erase all data on disk. Use it at your on risk !

We assume that the disk is present at /dev/sda and is a 1TB Disk.

Creating Disk Partitions with Swap on UEFI Systems #

One single command to do all the work:

sgdisk --clear \
	--new=1:0:+550MiB --typecode=1:ef00 --change-name=1:ArchEFI \
	--new=2:0:+8GiB   --typecode=2:8200 --change-name=2:ArchSwap \
	--new=3:0:0       --typecode=3:8300 --change-name=3:ArchRoot \
	/dev/sda

! DANGER ! Disk Damage Risk
The above command will destroy or erase all data on disk. Use it at your on risk !

The above command will create useful labels and partitions in a single command. Note the --typecode this specifies what type of partition is created.

Creating Disk Partitions Without Swap on UEFI Systems #

One single command to do all the work:

sgdisk --clear \
	--new=1:0:+550MiB --typecode=1:ef00 --change-name=1:ArchEFI \
	--new=3:0:0       --typecode=3:8300 --change-name=3:ArchRoot \
	/dev/sda

! DANGER ! Disk Damage Risk
The above command will destroy or erase all data on disk. Use it at your on risk !

This one is as easy as removing one line.

Check the Created Partitions #

lsblk

DP Step-2. Partitioning for BIOS or MBR Systems (NOT Recommended) #

Though most of the devices are now UEFI but one might still have those old dusty PCs. Hence this one is for them.

Cleaning up existing Partitions #

sgdisk --zap-all /dev/sda

! DANGER ! Disk Wipe Risk
The above command will destroy or erase all data on disk. Use it at your on risk !

Creating Disk Partitions with Swap on BIOS / MBR Systems #

1
2
3
parted /dev/sda -- mklabel msdos
parted /dev/sda -- mkpart primary 1MB -8GiB
parted /dev/sda -- mkpart primary linux-swap -8GiB 100%

! DANGER ! Disk Damage Risk
The above command will destroy or erase all data on disk. Use it at your on risk !

Creating Disk Partitions Without Swap on BIOS / MBR Systems #

1
2
parted /dev/sda -- mklabel msdos
parted /dev/sda -- mkpart primary 1MB 100%

! DANGER ! Disk Damage Risk
The above command will destroy or erase all data on disk. Use it at your on risk !

Stage : Disk Mounting [DM] #

Our new disk with correct partitions is ready. We would need to format and mount these partitions to begin installation.

DM Step-1. Formatting Partitions #

First based on the type of partition we need to format if accordingly. We would assume the same disk as the previous case. Total capacity of the disk is 1TB and it is present at /dev/sda

Format configuration with Swap on an UEFI System #

1
2
3
mkfs.fat -F32 -n ArchEFI /dev/disk/by-partlabel/ArchEFI
mkswap -L ArchSwap /dev/disk/by-partlabel/ArchSwap
mkfs.ext4 -L ArchRoot /dev/disk/by-partlabel/ArchRoot

Notice how useful it is to do with Labels already configured during partitioning.

Format configuration with Swap on an BIOS / MBR Systems #

1
2
mkswap -L ArchSwap /dev/sda2
mkfs.ext4 -L ArchRoot /dev/sda1

Here we don’t have labels and hence we are referring to the actual partition.

DM Step-2. Mounting Partitions #

After formatting the partitions we need to mount them correctly. This would allow us to initiate the Arch Linux installation and bootloader configuration.

Mounting Partitions for UEFI Systems #

If we have a swap partition then lets enable that:

swapon /dev/disk/by-partlabel/ArchSwap

Mount the Root partition at /mnt.

mount /dev/disk/by-partlabel/ArchRoot /mnt

Next create the /boot directory and mount the EFI partition.

1
2
mkdir /mnt/boot
mount /dev/disk/by-partlabel/ArchEFI /mnt/boot

Mounting Partitions for BIOS or MBR Systems #

For Swap:

swapon /dev/sda2

Mount the Root partition at /mnt.

mount /dev/sda1 /mnt

Great ! You made strides of progress #

Now you have all the partitions ready, the software repository is configured and updated. Onwards to next stages of Arch Linux setup.

Hope to see you in the next parts.

This is the Part 2 in the series. This part deals with configuration of Software Repositories, partitioning and formatting the disk.
Part 1 | Part 2 | Part 3

Notes #

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
# KVM ISO Boot - How to Enable SSH
passwd = Set the Root Password
systemctl start sshd = Start the SSH Server
# Documented - https://wiki.archlinux.org/index.php/Install_Arch_Linux_via_SSH

reflector --country India,'United States',Japan --age 6 \
 --protocol https --sort rate \
 --save /etc/pacman.d/mirrorlist

# For GPT
gdisk /dev/sda

o = Create new GPT partition Table
n = Bios Boot Partition
-
-
+10M
ef02 = Bios Boot partition
n = EFI Partition
-
-
+250M
ef00 = EFI System Partition
n = Root Partition
-
-
-
-
w = Write Changes to Disk

# Format EFI Partition to FAT32 format
mkfs.fat -F32 /dev/sda2

# Format Partition with LUKS Crypto
cryptsetup luksFormat /dev/sda3

# Mount the LUKS Partition with drive mapper 'cryptroot'
cryptsetup open /dev/sda3 cryptroot 

# Format root to EXT4 partition but disable Journal feature
mkfs.ext4 -O "^has_journal" /dev/mapper/cryptroot 

# Mount the Root Partition
mount /dev/mapper/cryptroot /mnt

# Create Boot Directory
mkdir /mnt/boot

# Mount the EFI Partition
mount /dev/sda2 /mnt/boot

# Install the RootFS into the Newly created Root partition
# - 'intel-ucode' for Intel processor
# - 'amd-ucode' for AMD Processors
pacstrap /mnt base linux linux-firmware vim

# Generate Mount points in 'fstab'
genfstab -U /mnt >> /mnt/etc/fstab

# Enter the New Root FS 
arch-chroot /mnt

# Localization - Find TimeZone
timedatectl list-timezones | grep Kolkata

# Fix the Timezone 
ln -sf /usr/share/zoneinfo/Asia/Kolkata /etc/localtime

# Synchronize the Hardware Clocks
hwclock --systohc

# Edit the Local.gen
vim /etc/locale.gen

en_US.UTF-8 UTF-8 = Uncomment this line
en_IN.... = Uncomment this line as well
wq= save the file

# Generate locale
locale-gen

# Edit the Locale.conf
vim /etc/locale.conf

LANG=en_US.UTF-8 = Add this line to file
wq= save the file

# Edit the Keyboard for New RootFS
vim /etc/vconsole.conf

KEYMAP=us = Add this line
wq= save the file

# Set the PC Host Name
vim /etc/hostname

archusb = add this line
wq= save the file

# Set the Hosts File for Local host
vim /etc/hosts

= Add These lines with Tab spacing
127.0.0.1   localhost
::1         localhost
127.0.1.1   archusb.localdomain  archusb
wq= save the file

# Give Password to the Root user
passwd

# Begin installation of Essential software
# - Use 'network-manager-applet' for GNOME
# - Use 'os-prober' for Multiple OS Detection
# - Use 'ntfs-3g' For NTFS Windows support
# - 'wireless_tools' for older Wifi and 'wpa_supplicant'
pacman -S grub efibootmgr networkmanager dialog mtools dosfstools base-devel \
  linux-headers bluez bluez-utils pulseaudio-bluetooth cups git reflector \
  xdg-utils xdg-user-dirs openssh acpi nano wget curl

# Fix the Crypto Hooks for Root FS
vim /etc/mkinitcpio.conf

= Go to HOOKS
= # HOOKS=(base udev autodetect modconf block filesystems keyboard fsck)
HOOKS=(base udev block encrypt filesystems keyboard fsck)
wq= save the file

# Re-generate the Root FS
mkinitcpio -p linux

# Install Grub Boot-loader for BIOS System
grub-install --target=1386-pc --boot-directory=/boot /dev/sda

# Install Grub Boot-loader for UEFI System - Only for Portable Storage
grub-install --target=x86_64-efi --efi-directory=/boot --boot-directory=/boot --removable --recheck
# For PC use this for UEFI System
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB

# Get teh UUID for the Encrypted Root Partition
blkid | tee -a uuid.txt

vim uuid.txt

yy = To copy On the Line for /dev/sda3 UUID
q= To quit

# Edit the Grub File
vim /etc/default/grub

= Edit Line (p to paste the line from the earlier yy copy)
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=UUID=<UUID>:cryptroot root=/dev/mapper/cryptroot"
wq= save file

# Generate Configuration for GRUB
grub-mkconfig -o /boot/grub/grub.cfg

# Enable the Basic Services
systemctl enable NetworkManager
systemctl enable bluetooth
systemctl enable org.cups.cupsd
systemctl enable sshd

# Create a User for the System
user-add -mG wheel bose
# Password for the new user
passwd bose

# Correct the Wheel privileges
EDITOR=vim visudo

= uncomment line
%wheel ALL=(ALL) ALL
wq= Save the file

# Make sure that the Journal Logs in RAM
vim /etc/systemd/journald.conf

= Uncomment
Storage=volatile
= Uncomment
RuntimeMaxUse=30M
wq= Save the file

# Exit to the ISO from Root FS
exit
umount -a

# Reboot to the New System
# - Perform the Reflector thing to get the secure repository
# - Check System Locale is correct
# - Install remaining packages
# - Install 'xf86-video-qxl' for virtmanager/QEMU Virtual machine
# - For proprietary NVIDIA drivers install 'nvidia' and 'nvidia-utils'
# - Install 'yay' using git https://aur.archlinux.org/yay.git
# - Install MS Fonts 'ttf-ms-fonts' from 'yay'
# - Install 'timeshift' for backup
sudo su
pacman -S xf86-video-intel xf86-video-amdgpu xf86-video-nouveau \
 xf86-video-ati xf86-video-vesa
pacman -S xorg xf86-input-libinput libinput xfce4 xfce4-goodies \
 xfce4-sensors-plugin archlinux-xdg-menu lightdm lightdm-gtk-greeter
pacman -S firefox
systemctl enable lightdm

# Adding Firewall - 
sudo pacman -S firewalld ipset ebtables
sudo systemctl enable --now firewalld
# find zone - default is 'public'
sudo firewall-cmd --get-zones
# Help on Firewall
man 5 firewalld.zones
# See what services are available in public zone
sudo firewall-cmd --list-service
# Switch to Home zone
sudo firewall-cmd --set-default-zone=home
# Which services are available
sudo firewall-cmd --get-services
# Add 'ftp' service to Home zone = Only during the Session
sudo firewall-cmd --add-service ftp
# to make the addition of 'ftp' permanent
sudo firewall-cmd --add-service ftp --permanent
# Remove the service
sudo firewall-cmd --remove-service ftp --permanent
# Configure libvirt
sudo firewall-cmd --add-service libvirt --zone=libvirt --permanent
# Firewall GUI
sudo firewall-config

# Gui for System control
sudo pacman -S cockpit packagekit
sudo systemctl enable --now cockpit.socket