Last active
February 3, 2023 01:52
-
-
Save burningTyger/cb6e61afdeb527f4b87e57774ac40f16 to your computer and use it in GitHub Desktop.
Install Arch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This guide is based on https://wiki.archlinux.org/index.php/User:Altercation/Bullet_Proof_Arch_Install | |
# compare for more details on each step. It's a great guide and seems to get frequent updates. | |
# This guide has a few changes that helped me to get thew bootloader running | |
# Start up the Live USB/CD and enable SSH: | |
# set a password for root to enable ssh login | |
# * | |
passwd | |
systemctl start sshd.service | |
# then login to your machine from another device with ssh | |
# if you're reinstalling a machine and you have a static ip | |
# you may want to ignore the hosts file: | |
ssh -o GlobalKnownHostsFile=/dev/null -o UserKnownHostsFile=/dev/null root@LIVE_USB | |
# then go on with these instructions via SSH | |
# create an ENV variable for your drive. For example, mine was: /dev/sda | |
# You need to edit this line!!! | |
DRIVE=/dev/DRIVEID | |
# clean drive. This deletes everything for good. Be careful | |
sgdisk --zap-all $DRIVE | |
# partition with partition labels | |
sgdisk --clear \ | |
--new=1:0:+550MiB --typecode=1:ef00 --change-name=1:EFI \ | |
--new=2:0:+8GiB --typecode=2:8200 --change-name=2:cryptswap \ | |
--new=3:0:0 --typecode=2:8200 --change-name=3:cryptsystem \ | |
$DRIVE | |
# format the EFI partition with fat-32 | |
mkfs.fat -F32 -n EFI /dev/disk/by-partlabel/EFI | |
# create the encrypted system partition | |
cryptsetup luksFormat --align-payload=8192 -s 256 -c aes-xts-plain64 /dev/disk/by-partlabel/cryptsystem | |
# open the encrypted partition with label system | |
# If something fails and you need to restart your system this is the line you need to open your partition again later on. | |
# I'l mark those commands with an asterisk should you need to reboot and start over with eg. the boot option. | |
# * | |
cryptsetup open /dev/disk/by-partlabel/cryptsystem system | |
# open the swap partition with a random key | |
cryptsetup open --type plain --key-file /dev/urandom /dev/disk/by-partlabel/cryptswap swap | |
# create the swap partition | |
mkswap -L swap /dev/mapper/swap | |
swapon -L swap | |
# format the system partition with btrfs. Inside we will use subvolumes | |
mkfs.btrfs --force --label system /dev/mapper/system | |
# create some useful ENV vars | |
# * | |
o=defaults,x-mount.mkdir | |
#* | |
o_btrfs=$o,compress=lzo,ssd,noatime | |
# mount the newly created partition | |
mount -t btrfs LABEL=system /mnt | |
# and create the neccessary subvolumes | |
btrfs subvolume create /mnt/root | |
btrfs subvolume create /mnt/home | |
btrfs subvolume create /mnt/snapshots | |
# then unmount to mount again with subvolumes | |
umount -R /mnt | |
# * | |
mount -t btrfs -o subvol=root,$o_btrfs LABEL=system /mnt | |
mount -t btrfs -o subvol=home,$o_btrfs LABEL=system /mnt/home | |
mount -t btrfs -o subvol=snapshots,$o_btrfs LABEL=system /mnt/.snapshots | |
# create a boot partition and mount as well | |
mkdir /mnt/boot | |
# * | |
mount LABEL=EFI /mnt/boot; | |
# then install the base system | |
pacstrap /mnt base | |
# You will notice some errors related to fsck.btrfs. We will fix that in a minute | |
genfstab -L -p /mnt >> /mnt/etc/fstab | |
# fix fstab so swap partition can be found again | |
sed -i "s+LABEL=swap+/dev/mapper/swap+" /mnt/etc/fstab | |
# tell crypttab which partition to mount | |
echo "swap /dev/disk/by-partlabel/cryptswap /dev/urandom swap,cipher=aes-cbc-essiv:sha256,size=256" >> /mnt/etc/crypttab | |
# boot into new system to continue with install | |
# * | |
systemd-nspawn -bD /mnt | |
# basic settings | |
echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen | |
locale-gen | |
localectl set-locale LANG=en_US.UTF-8 | |
timedatectl set-ntp 1 | |
timedatectl set-timezone Europe/Berlin | |
# You need to edit this line | |
hostnamectl set-hostname A_HOSTNAME | |
echo "KEYMAP=de-latin1" > /etc/vconsole.conf | |
# install some more basic stuff otherwise you can't boot into new system | |
pacman -Syu base-devel btrfs-progs | |
# you need to change hooks to decrypt your drive | |
# I also changed MODULES so that I can have early KMS start with my Intel graphics card: MODULES="i915" | |
sed -i "s+HOOKS=\"base udev autodetect modconf block filesystems keyboard fsck\"+HOOKS=\"base udev autodetect modconf block keyboard keymap encrypt filesystems btrfs\"+" /etc/mkinitcpio.conf | |
# This line didn't quite work on my second PC. I had to use this here instead in my mkinitio.conf file: | |
# MODULES=(atkbd) | |
# HOOKS=(base udev autodetect modconf block keyboard keymap encrypt filesystems btrfs) | |
# The atkbd module was necessary because I couldn't use the keyboard from systemd 241 on. Some bug maybe? | |
# then rerun to get a new initramfs image | |
mkinitcpio -p linux | |
# * or if you're repairing you can pacman -Syu | |
# change password | |
passwd | |
# get back to the LIVE USB/CD to finish up | |
poweroff | |
# I used efibootmgr to boot. You may need GRUB or whatever here I had to use sda3 as device | |
# usually this line is a point of failure if Arch doesn't boot again | |
efibootmgr -d /dev/sda -p 1 -c -L "Arch Linux" -l \vmlinuz-linux -u "cryptdevice=/dev/sda3:cryptsystem root=/dev/mapper/cryptsystem rw rootflags=subvol=root initrd=\initramfs-linux.img" | |
# to list all boot options in case of trouble: efibootmgr | |
# to remove an entry, e.g. Boot0000 you have to efibootmgr -b 0 -B and then run above line again to make it the new first boot entry. | |
# this method didn't work on my DELL optiplex 7050. Apparently its UEFI doesn't support boot options so I can't decrypt. | |
# Instead I used refind: | |
pacman -S refind-efi | |
refind-install | |
# Then edit the /boot/refind_linux.conf file: | |
"Boot with standard options" "cryptdevice=/dev/sda3:cryptsystem root=/dev/mapper/cryptsystem rw rootflags=subvol=root initrd=/initramfs-linux.img" | |
# Make sure you're using your partition here. Mine was sda3 | |
# then reboot and see if it works. Good luck | |
reboot | |
# if it doesn't work boot from your pen drive again and run the commands with the asterisk again to get into your newly installed system. | |
# note that your system is not the same as the one on your pendrive. You will have to reinstall everything that you need. |
Recently, probably with some kernel 5.x version booting failed and it seems that the initrd boot option requires backslashes. I have corrected that for efibootbgr but not for refind since I don't use it anymore.
For some reason my PC sometimes "forgets" the boot option it is supposed to boot and starts the EFI shell. After trying to repair the boot image it turned out I had to just set the right boot option again. So before you manually enter all these commands just look at efibootmgr first and reset that.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
So I messed up my mkinitcpio.conf file wit a pacnew merge and was left with an unbootable device. Anyway, here's how to fix that:
Download and dd an arch iso on a pen drive and start it up.
open the encrypted device with above command, mount it with the next command and also the mount the boot dir but not into /mnt/boot but /boot
arch-chroot /mnt/root the whole thing and
then edit the mkinitcpio.conf file to fix it, and run mkinitcpio -p linux to create the initramfs again.