Installing Arch Linux ARM on a Mochabin using Ubuntu 18.04

mochabin-arch-linux-arm-via-ubuntu.txt

mochabin-arch-linux-arm-via-ubuntu.txt

Installing Arch Linux ARM on a Mochabin using Ubuntu 18.04

The first thing to do is to install a M.2 SATA SSD.

The M.2 socket on my Mochabin has this engraved on it:
H=4.2  B  2141D6   LOTES

H=4.2 and/or 4.2H is "height is 4.2 mm"

B as in "B key". SATA uses a B key while PCIe uses an M key.
Some M+B keys are SATA and some are not.

The product page for the M.2 socket is at
https://www.lotes.cc/en/product.php?act=view&id=387

I bought a Vascky V820 240 GB M.2 2280 SATA SSD which is inexpensive and
 it worked for me.  There are countless alternative products that
 I imagine work as well.

Installing the M.2 SATA SSD requires opening the Mochabin case.
It requires a screwdriver that is narrow enough to fit the holes.
My multi-bit screwdrivers are too wide.
When you open the case the silver heatsink paste will split,
 part will be on the heatsink and part will be on the board.
I did not apply any addition paste and it did not seem to affect
 my Mochabin. I just made sure that I didn't touch the paste
 and everything was fine after I closed the case back up.

The Ubuntu 18.04 that comes with the box has:
# CONFIG_EXT4_FS_SECURITY is not set
That (probably) causes bsdtar to not be able to set attributes
 while un-archiving ArchLinuxARM-aarch64-latest.tar.gz

From inside Ubuntu:

fdisk /dev/sda
At the fdisk prompt, create the new partition:
Type o. This will clear out any partitions on the drive.
Type p to list partitions. There should be no partitions left.
Type n, then p for primary, 1 for the first partition on the drive, and enter twice to accept the default starting and ending sectors.
Write the partition table and exit by typing w.

Fetch the generic Arch Linux ARM for 64-bit systems, see
https://archlinuxarm.org/platforms/armv8/generic

wget http://os.archlinuxarm.org/os/ArchLinuxARM-aarch64-latest.tar.gz

This does not work:
mkfs.ext4 /dev/sda1
mount /dev/sda1 /mnt
bsdtar -xpf ArchLinuxARM-aarch64-latest.tar.gz -C /mnt
./usr/bin/newgidmap: Cannot restore extended attributes on this file system.: Operation not supported
./usr/bin/newuidmap: Cannot restore extended attributes on this file system.: Operation not supported

My work-around is to not un-archive files that require those attributes:

mkfs.ext4 /dev/sda1
mount /dev/sda1 /mnt
bsdtar -xpf ArchLinuxARM-aarch64-latest.tar.gz --exclude ./usr/bin/newgidmap --exclude ./usr/bin/newuidmap -C /mnt

Since /usr/bin/newuidmap is owned by the "shadow" package,
 updating that package will install the files that were excluded by bsdtar.

The default bootargs and bootcmd that allow booting the default
 Ubuntu are:

Marvell>> printenv bootargs
## Error: "bootargs" not defined
Marvell>> printenv bootcmd
bootcmd=mmc dev 0; ext4load mmc 0:1 $kernel_addr_r $image_name; ext4load mmc 0:1 $fdt_addr_r $fdt_name; setenv bootargs $console root=PARTUUID=89708921-01 rw rootwait net.ifnames=0 biosdevname=0; booti $kernel_addr_r - $fdt_addr_r
Marvell>>

To return to booting Ubuntu use:

setenv bootargs
setenv bootcmd 'mmc dev 0; ext4load mmc 0:1 $kernel_addr_r $image_name; ext4load mmc 0:1 $fdt_addr_r $fdt_name; setenv bootargs $console root=PARTUUID=89708921-01 rw rootwait net.ifnames=0 biosdevname=0; booti $kernel_addr_r - $fdt_addr_r'

To boot Arch Linux ARM from the M.2 SATA SSD use:

setenv bootargs $console root=/dev/sda1 rw libata.force=noncq net.ifnames=0 biosdevname=0;
setenv bootcmd 'true; scsi scan; scsi dev 0; ext4load scsi 0:1 $kernel_addr_r $image_name; ext4load scsi 0:1 $fdt_addr_r boot/dtbs/marvell/armada-7040-mochabin.dtb; booti $kernel_addr_r - $fdt_addr_r'
saveenv

Note that saveenv will cause the parameter settings to become
 persistent across turning the Mochabin on and off (power-cycling).

After changing the settings use the boot command to boot Arch Linux ARM.

Marvell>> boot

There will be a short delay as boot/Image is loaded.

Configuring and updating Arch Linux ARM:

When Arch Linux ARM boots, system log messages will conceal
 the login prompt; press enter to cause the login prompt
 to be displayed.

Login with user root and password root.

Suppress displaying system log message on the console:

dmesg -D

Configure and apply updates:

pacman-key --init
pacman-key --populate archlinuxarm
pacman -Suy
reboot

Note that the current Arch Linux ARM kernel package which supplies
Linux 5.19 does not support USB on the Mochabin.
This will be updated to Linux 6.1.9 with working USB support.
The pull request for the update is here:
https://github.com/archlinuxarm/PKGBUILDs/pull/1984
Binary packages of the work-in-progress can be found here:
https://github.com/lynix/linux-aarch64-bin
Once it is running Linux 6.1.9 it is no longer necessary to blacklist
 the crypto_safexcel module.

Cheat sheet for pacman (or yay) for Debian, Ubuntu, RHEL/Fedora, Gentoo users:
https://wiki.archlinux.org/title/Pacman/Rosetta

To create users (other than root), see:
https://wiki.archlinux.org/title/Users_and_groups

Install the yay package manager:

Install sudo as root:
pacman -Suy
pacman -S sudo

Configure sudo using visudo

Install the yay-bin package which is hosted in Github:
https://github.com/Jguer/yay
See the README.md there for details.

Network configuration

By default you can ssh into the WAN port.

Arch Linux ARM defaults to using systemd-networkd which I'm fine with.

As root:

cd /etc/systemd/network/

rm en.network eth.network

create eth2.network
with:

[Match]
Name=eth2

[Network]
DHCP=yes
DNSSEC=no


create br0.netdev
with:

[NetDev]
Name=br0
Kind=bridge


create br0.network
(substitute the DNS domain names that you already use for your LAN
 like lan or local for your-lan-dns-domain-names)

[Match]
Name=br0

[Network]
DHCP=yes
IPForward=yes
Domains=your-lan-dns-domain-names


create lan0.network
with:

[Match]
Name=lan0

[Network]
Bridge=br0

repeat for lan1.network through lan3.network.

The WAN port, eth2, is a hybrid 1G RJ45 and 2.5G SPF/mini-gbic.
It takes a while to initialize at power-on and also when eth2 is available,
 trying to set it to do something causes it to crash--the LED on the RJ45 NIC
 turns off and nothing can be done to recover that I know.

Once eth2 is up and running for a few seconds, everything is OK.

What I do is to create a script to bring up eth2 and glue that script into systemd-networkd.service via a drop-in.

------
$ cat /etc/eth2-magic 
#! /bin/sh

set -x

READY=
while [ -z "$READY" ]
do
    READY="$(ip -br a l dev eth2)"
done

sleep 10

ip link set up dev eth2
------

sudo systemctl edit systemd-networkd.service

Add:

[Service]
ExecStartPre=
ExecStartPre=+/etc/eth2-magic

That even survives "systemctl restart systemd-networkd" and such.

Power off and reboot.

Verify with
networkctl -a

IDX LINK    TYPE     OPERATIONAL SETUP      
  1 lo      loopback carrier     unmanaged
  2 eth0    ether    off         unmanaged
  3 eth1    ether    degraded    unmanaged
  4 eth2    ether    routable    configured 
  5 lan0    dsa      no-carrier  configured 
  6 lan1    dsa      no-carrier  configured 
  7 lan2    dsa      no-carrier  configured 
  8 lan3    dsa      no-carrier  configured 
  9 br0     bridge   no-carrier  configuring

"br0 bridge" shows "configuring" because there are no cables plugged into the LAN ports.
If you have cables plugged it the status of br0 will be different.

You will need a firewall to avoid having traffic from the WAN port
 getting to everything on the LAN. I use shorewall but other
 firewall tools like firewalld, etc. would work or you could
 create your one nftables/iptables rules directly.

Install Docker

Do not run yay as root.
yay -Suy
yay -S docker docker-compose
sudo systemctl enable --now docker.socket
sudo systemctl enable --now docker.service

Verify with: docker info