This will use GPT partitions and GRUB2 on a BIOS enabled PC (see Wiki for EFI) using a SSD and LUKS (encryption) over LVM. The Installation Guide can be found at /root/install.txt.
Fill new drive with Random data: # dd if=/dev/urandom of=/dev/sda takes long
or install frandom from AUR
# dd if=/dev/frandom of=/dev/sda
faster but less random
Based upon 2012.10.01 ISO image or later from http://www.archlinux.org/download.
# dd if=/dev/zero of=/dev/sdx bs=1k count=1
# dd if=archlinux-xxxxx.iso of=/dev/sdx
Replace sdx by your thumbdrive reference.
Boot & select x86_64 (or i686 if you want to stay with i686 architecture, max. 3GB SRAM)
# loadkeys fr
2012.08.04 image automatically starts the network and get an IP address via DHCP so the following step is not required.
Assuming you are on ethernet with a DHCP server.
# dhcpcd
# gdisk /dev/sda
Remove old partitions then create the following partitions:
- 2MB, type EF02 (BIOS partition). This is used by GRUB2/BIOS-GPT. (/dev/sda1)
- 100MB, type 8300 (Linux). This will store /boot (/dev/sda2)
- 2GB, type 8200 (swap). This is our dedicated swap partition (not part of lvm). (/dev/sda3)
- Remaining space, type 8E00 (LVM). Store both / and /home. (/dev/sda4).
Swap is not part of the LVM group because it will be encrypted with its own random key upon each reboot.
REBOOT here in order to be able to do the cryptsetup step.
We need to align, enable TRIM and use the right payload for SSD.
# cryptsetup -c aes-cbc-essiv:sha256 -y -s 128 -h sha512 --align-payload=8192 luksFormat /dev/sda4
# cryptsetup luksOpen --allow-discards /dev/sda4 enc-lvm
--allow-discards does not work with luksFormat only for mounting
# lvm pvcreate --dataalignment 4M /dev/mapper/enc-lvm
# lvm vgcreate vgroup /dev/mapper/enc-lvm
# lvm lvcreate -L 4GB -n root vgroup change size !!!!!
# !!! NO NO lvm lvcreate -L 512MB -n swap vgroup
# !!! NO ... We want to keep some free space for snapshots lvm lvcreate -l 100%FREE -n home vgroup
# lvm lvcreate -L 400GB -n home vgroup
-l 100%FREE
Format and enable TRIM support.
# mkfs.ext2 /dev/sda2
# mkfs.ext4 -E discard /dev/mapper/vgroup-root
# mkfs.ext4 -E discard /dev/mapper/vgroup-home
5% space are by default hidden on ext4 partitions. This is typically used on root partition as a safeguard when the disk gets full. On non-root partition this hidden space can be easily and safely reclaimed back by using the following command.
# tune2fs -m 0 /dev/mapper/vgroup-home
# mount /dev/mapper/vgroup-root /mnt
# mkdir /mnt/boot
# mount /dev/sda2 /mnt/boot
# mkdir /mnt/home
# mount /dev/mapper/vgroup-home /mnt/home
ftp.archlinux.org is throttled to 50KB/s.
Before installing, you may want to edit /etc/pacman.d/mirrorlist such that your preferred mirror is first. This copy of the mirrorlist will be installed on your new system by pacstrap as well, so it's worth getting it right.
# pacstrap /mnt base base-devel
Folllowing will install GRUB2. If you want EFI please refer to Wiki.
# pacstrap /mnt grub-bios
Generate an fstab file with the following command. UUIDs will be used because they have certain advantages (see fstab#Identifying filesystems). If you would prefer to use labels instead, replace the -U option with -L. Note: If you encounter errors running genfstab or later in the install process, do not run genfstab again; just edit the fstab file.
# genfstab -U -p /mnt >> /mnt/etc/fstab
Edit /mnt/etc/fstab to add TRIM support
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/mapper/vgroup-home /home ext4 defaults,noatime,discard 0 2
/dev/mapper/vgroup-root / ext4 defaults,noatime,discard 0 1
/dev/sda2 /boot ext2 defaults,noatime 0 2
# arch-chroot /mnt
Set a root password with:
# passwd
Add your hostname in /etc/hostname.
myhostname
Set it to your liking. This is the name of your computer.
Add also your hostname in /etc/hosts, coinciding with the one specified in /etc/hostname as an alias, so that it looks like this:
127.0.0.1 localhost.localdomain localhost myhostname
::1 localhost.localdomain localhost myhostname
Note: ::1 is the IPv6 equivalent of 127.0.0.1
Set keymap and font name in /etc/vconsole.conf.
KEYMAP=fr
FONT=
FONT_MAP=
KEYMAP The available keymaps are in /usr/share/kbd/keymaps. Please note that this setting is only valid for your TTYs, not any graphical window managers or X. FONT Available alternate console fonts reside in /usr/share/kbd/consolefonts/. The default (blank) is safe. FONT_MAP Defines the console map to load with the setfont program at boot. Possible maps are found in /usr/share/kbd/consoletrans, if needed. The default (blank) is safe.
Edit the file /etc/timezone and write your Zone/Subzone. Available time zones and subzones can be found in the /usr/share/zoneinfo// directories. Example:
Europe/Paris
Additionaly, create a symbolic link /etc/localtime to the same /usr/share/zoneinfo// using this command:
# ln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime
Edit /etc/locale.gen and uncomment:
en_US.UTF-8 UTF-8
fr_FR.UTF-8 UTF-8
fr_FR ISO-8859-15
fr_FR@euro ISO-8859-15
# locale-gen
Add your language to /etc/locale.conf.
LANG=fr_FR.UTF-8
# Keep the default sort order (e.g. files starting with a '.'
# should appear at the start of a dir
LC_COLLATE="C"
LANG=fr_FR.UTF-8 #LC_COLLATE="C" LC_COLLATE="fr_FR.UTF-8"
We will be adding keymap to mkinicpio.conf therefore we need to environment variable LANG.
# export LANG=fr_FR.UTF-8
When using UTC launch the following command:
# hwclock --systohc --utc
If not using DHCP or network manager, please see wiki for rc.conf configuration.
Add keymap to kernel for non-US keyboard on boot.
Edit /etc/mkinitcpio.conf and insert "keymap" after "sata" (no quote required).
add keymap, encrypt and lvm2 before filesystems
OLD: HOOKS="base udev autodetect pata scsi sata keymap encrypt lvm2 filesystems"
-
NOW: HOOKS="base udev autodetect modconf block keymap encrypt lvm2 filesystems usbinput fsck"
# mkinitcpio -p linux
# grub-install /dev/sda
To prevent a (harmless) error message at boot time execute:
# cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo
nano /etc/default/grub
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda4:vgroup:allow-discards"
No need to specify the root=/dev/mapper... is added automatically.
grub default.config
To add TRIM support during boot, you will need to add ":allow-discards" to the cryptdevice option. The option should look like this:
cryptdevice=/dev/mapper/root:root:allow-discards check with Frank !!!!!!!!!
cryptdevice=/dev/mapper/root:root:allow-discards
Add "cryptdevice=/dev/sda4:vgroup" between "root=..." and "ro" in the paragraphs "Arch Linux" and "Arch Linux Fallback"
kernel /vmlinuz-linux root=/dev/mapper/vgroup-root cryptdevice=/dev/sda4:vgroup:allow-discards ro
# grub-mkconfig -o /boot/grub/grub.cfg
If you are still in the chroot environment then type exit or Ctrl+D in order to exit chroot. Since the partitions are mounted under /mnt, we use the following command to unmount them.
# exit
# umount /mnt/boot
# umount /mnt/home
# umount /mnt
Execute the following command and remove the installation media.
# reboot
DO NOT USEroot r
# mkswap /dev/sda3 && swapon /dev/sda3
If swap has been set before:
# dd if=/dev/urandom of=/dev/sda3
Edit /etc/crypttab
enc-swap /dev/sda3 /dev/urandom cipher=aes-cbc-essiv:sha256,size=128,hash=sha512,swap
Edit /etc/fstab
#/dev/sda2 swap swap defaults 0 0
/dev/mapper/enc-swap swap swap defaults 0 0
One can place a swap partition on an SSD. Note that most modern desktops with an excess of 2 Gigs of memory rarely use swap at all. The notable exception is systems which make use of the hibernate feature. The following is recommended tweak for SSDs using a swap partition that will reduce the "swappiness" of the system thus avoiding writes to swap.
/etc/sysctl.conf
vm.swappiness=1
vm.vfs_cache_pressure=50
Reboot
Check
# cat /proc/sys/vm/swappiness
benchmark scheduler http://ubuntuforums.org/showthread.php?t=1464706
Using udev for one device or HDD/SSD mixed environment
NOT WORKING YET
To do this, create and edit a file in /etc/udev/rules.d named something like '60-schedulers.rules'. In the file include the following:
# set deadline scheduler for non-rotating disks
ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"
Of course, set deadline/cfq to the desired schedulers. Changes should occur upon next boot. To check success of the new rule:
# cat /sys/block/sdX/queue/scheduler #where X is the device in question
Note: Keep in mind cfq is the default scheduler, so the second rule with the standard kernel is not actually necessary. Also, in the example sixty is chosen because that is the number udev uses for its own persistent naming rules. Thus, it would seem that block devices are at this point able to be modified and this is a safe position for this particular rule. But the rule can be named anything so long as it ends in '.rules'. (Credit: falconindy and w0ng for posting on his blog)
noop vs deadline ????
Most people will want to use [core], [extra] and [community].
If you installed Arch Linux x86_64, it's recommended that you enable the [multilib] repository, as well (to be able to run both 32 bit and 64 bit applications):
[multilib]
SigLevel = PackageRequired
Include = /etc/pacman.d/mirrorlist
yaourt + multilib + other repos
Required for installing yaourt & virtualbox and many other packages
Add as root the following into /etc/pacman.conf:
For 32-bit (i686) installations:
[archlinuxfr]
SigLevel = Optional TrustAll
Server = http://repo.archlinux.fr/i686
For 64-bit installations:
[archlinuxfr]
SigLevel = Optional TrustAll
Server = http://repo.archlinux.fr/x86_64
Refresh software list with:
# pacman -Syy
Add nice colors when browsing packages
# pacman -S yaourt pacman-color colordiff
Search both binary repo but also AUR
# yaourt mc
Complete update and upgrade, even for packages coming from AUR
# yaourt -Syu --aur
# useradd -m -g users -s /bin/bash archie
Setup password for new user:
# passwd archie
None of these groups is needed for standard desktop permissions like sound, 3D, printing, mounting, etc. as long as the logind (or consolekit) session isn't broken (for example by starting X on a different VT than where you logged in).
user groups audio, camera, disk, floppy, games, locate, lp, network, networkmanager, optical, power, scanner, storage, sys, uucp, video, wheel ???
system groups adm, avahi, bin, clamav, daemon, dbus, ftp, gdm, hal, http, kmem, log, mail, mem, mpd, nobody, ntp, policykit, root, smmsp, tty, users vboxsf, fuse
software groups adbusers, cdemu, kvm, thinkpad, vboxusers, vmware, ssh, wireshark
Install the alsa-utils package:
# pacman -S alsa-utils
Also, you may want to install the alsa-oss package, which wraps applications written for OSS in a compatibility library, allowing them to work with ALSA. To install the alsa-oss package:
# pacman -S alsa-oss
As normal, non-root user, invoke /usr/bin/alsamixer:
# su - yourusername
# alsamixer
Unmute the Master and PCM channels by scrolling to them with cursor left/right and pressing M. Increase the volume levels with the cursor-up key. (70-90 Should be a safe range.) Some machines, (like the Thinkpad T61), have a Speaker channel which must be unmuted and adjusted as well. Leave alsamixer by pressing ESC.
Ensure your speakers are properly connected, and test your sound configuration as normal user using :
# speaker-test -c 2
You should hear a very eloquent woman say, "Front, center."
FOLLOWING... NOT SURE !!! Exit your normal user shell and run /usr/sbin/alsactl as root to save settings:
# exit
# alsactl store
Not sure about the following one... doens't save anything. This will create the file '/etc/asound.state', saving the alsamixer settings.
# pacman -S xorg-server xorg-xinit xorg-server-utils
The 3D utilities glxgears and glxinfo are included in the mesa package:
# pacman -S mesa
Then you need to install a suitable driver for your graphic card. You need to know its brand and model then consult main Archlinux wiki to see which driver better fits your needs. The output of the command:
# lspci | grep VGA
should help you to identify your card.
For a complete list of open-source video drivers, search the package database:
# pacman -Ss xf86-video | less
The following is for an Intel based graphic card.
# pacman -S xf86-video-intel lib32-intel-dri
Udev should be capable of detecting your hardware without problems. The evdev driver (xf86-input-evdev) is the modern hot-plugging input driver for almost all devices, so in most cases, installing input drivers is not needed.
Laptop users will also need the synaptics package to allow X to configure the touchpad:
# pacman -S xf86-input-synaptics
Set the keyboard layout (if you do not use a standard US keyboard). To change your keyboard layout, edit /etc/X11/xorg.conf.d/10-evdev.conf
and add a XkbLayout line so it looks like:
Section "InputClass"
Identifier "evdev keyboard catchall"
MatchIsKeyboard "on"
MatchDevicePath "/dev/input/event*"
Option "XkbLayout" "fr"
Driver "evdev"
EndSection
The XkbLayout key may differ from the keymap code you used with the loadkeys command. A list of many keyboard layouts and variants can be found in /usr/share/X11/xkb/rules/base.lst (after the line beginning with ! layout). For instance, the layout gb corresponds to "English (UK)", whereas for the console it was loadkeys uk.
Install the default environment:
# pacman -S xorg-twm xorg-xclock xterm
Start X
# startx
At this point, you may wish to save time by installing visually pleasing, true type fonts, before installing a desktop environment/window manager. Dejavu and bitstream-vera are good, general-purpose font sets. You may also want to have the Microsoft font sets, which are especially popular on websites.
Install with:
# pacman -S ttf-dejavu ttf-bitstream-vera
# yaourt ttf-ms-fonts
Allocine is missing one font that needs to be added manually!
# pacman -S gnome gnome-extra
tracker & gnome-documents !!!!
GDM is part of gnome-extra.
To make GDM the default graphical login method for the system, use the packaged systemd service file, gdm.service. Simply run the following command once to bring up GDM on boot:
# systemctl enable gdm
Starting GNOME manually
If you prefer to start GNOME manually from the console, add the following line to your ~/.xinitrc file:
~/.xinitrc
exec gnome-session
You can get .xinitrc template from /etc/skel/.xinitc
# systemctl enable NetworkManager
This graphical tool customizes fonts, themes, titlebar buttons and other settings.
# pacman -S gnome-tweak-tool
# pacman -S sudo
Configure for a given user:
# visudo
and add:
alpha ALL=(ALL) ALL
# pacman -S guake
Guake autostart, add an entry to gnome-session
# pacman -S zsh grml-zsh-config
# yaourt oh-my-zsh-git
There is a conflict with /etc/skel/.zshrc, just rename it before installing oh-my-zsh-git
Change the default shell for the current user:
# chsh -s $(which zsh)
https://sites.google.com/site/lightrush/random-1/checkiftrimonext4isenabledandworking
http://worldsmostsecret.blogspot.fr/2012/04/how-to-activate-trim-on-luks-encrypted.html
sudo dmsetup table /dev/mapper/vgroup --showkeys
# sudo pacman -S virtualbox virtualbox-guest-iso virtualbox-host-source linux-headers
# yaourt virtualbox-ext-oracle
virtualbox-modules can be used if not using custom kernel
Add the desired username to the vboxusers group. Everything may work fine without this step but shared folders and possibly some other optional stuff require it to work. The new group does not automatically apply to existing sessions; the user has to log in again.
# gpasswd -a username vboxusers
Load module on boot
Edit /etc/modules-load.d/virtualbox.conf and add:
vboxdrv
Normally the CPU frequency driver should be loaded automatically.
For example for Intel:
# lsmod | grep acpi_cpufreq
If not To load the driver automatically at start-up, add a file specifying the appropriate driver to the /etc/modules-load.d/ directory. For example:
/etc/modules-load.d/cpufreq.conf
Install cpupower to monitor it:
# pacman -S cpupower
Change governor on boot
/etc/modules-load.d/cpufreq_gov.conf
# Load cpufreq governors
cpufreq_powersave
cpufreq_userspace
cpupower includes a daemon which allows users to set the desired scaling governor and min/max clock speeds for all processor cores at boot-time.
Before starting the daemon, edit /etc/conf.d/cpupower as root, selecting the desired governor and setting the min/max speed for your CPU(s). Note: The exact min/max values of the CPU(s) can be determined by running cpupower frequency-info. However, these values are optional. Users may omit them entirely by deleting or commenting out the min/max_freq lines; scaling will work automatically.
With the appropriate configuration, start the daemon with the following command:
# systemctl start cpupower
To start the daemon automatically at startup:
# systemctl enable cpupower
threshold can be tweaked for better performance: https://wiki.archlinux.org/index.php/Cpupower
mplayer2, smplayer, vlc
codecs:
# pacman -S gstreamer0.10-plugins
# pacman -S jre7-openjdk jre7-openjdk-headless icedtea-web-java7
# pacman -S flashplugin
Flash Player: Bad (choppy) sound on the 64-bit version
There is a problem with Flash plugin 11 on 64-bit systems and a new memcpy routine in glibc (for more details see this Fefora bug report), which makes the sound choppy on MP3 streams. Current workarounds are:
replacing the memcpy routine as suggested in this thread.
installing flashplugin-square from the AUR (this is a version of the Flash plugin with working hardware acceleration).
# pacman -S ntfs-3g ntfsprogs
# pacman -S gimp-devel
# pacman -S gimp-dbp gimp-plugin-gmic gimp-plugin-fblur gimp-plugin-lqr gimp-plugin-wavelet-decompose gimp-plugin-wavelet-denoise gimp-refocus gimp-ufraw
Yaourt for:
- gimp-fix-ca (erro)
- gimp-plugin-image-reg (error)
- *gimp-plugin-saveforweb
- *gimp-plugin-separate+
- *gimp-plugin-wavelet-sharpen
- *gimp-resynth-heal-selection
- *gimpfx-foundry
evince, mupdf, acroread
Firefox pdf
External PDF viewers
To use an external PDF viewer you need #MozPlugger or #kpartsplugin.
If you want to use MozPlugger with Evince, for example, you have to find the lines containing pdf in the /etc/mozpluggerrc file and modify the corresponding line after GV() as below:
repeat noisy swallow(evince) fill: evince "$file"
(replace evince with something else if it is not your viewer of choice).
acroread + firefox
Be advised that the Firefox plugin cannot be used directly with this binary -- it will not load in the 64-bit browser. To load it install the nspluginwrapper plackage from the official [multilib] repository and run:
$ nspluginwrapper -v -a -i
as a normal user. This checks the plugin directory and links the plugins as needed.
# pacman ntpd
# sytstemctl enable ntpd
Is it required? Installed by samba. No longer required by gnome or Nautilus.
# pacman -S gamin
mkdir ~/go
export GOPATH=~/go
go get website.com/user/module
==> You may need to delete your local ==> ~/.mozilla/firefox//pluginreg.dat file for mozplugger to be ==> enabled correctly after you update it. (It will get regenerated). ==> To add more helpers, edit /etc/mozpluggerrc. ==> The window name can be obtained using the utility xprop(1x). ==> Type xprop WM_CLASS and click on a window. yaourt mozplu 4,88s user 1,68s system 3% cpu 3:25,71 total
cups cups-filters cups-pdf system-config-printer-gnome
sudo pacman -S foomatic-db foomatic-db-engine foomatic-db-nonfree foomatic-filters
- explaing PDF setup To use cups-pdf, restart cups and visit the cups web interface at http://localhost:631/
You can now add a "Virtual Printer (PDF Printer)" and use the Postscript/Generic postscript color printer driver.
Note that cups-pdf has a configuration file in /etc/cups. The default location for pdf output is /var/spool/cups-pdf/$username.
Please make sure your user is a member of "plugdev" group if you use UPEK non-free library, and modify your PAM configuration (e.g., /etc/pam.d/{login,su,sudo,gdm}).
fingerprint-polkit-agent conflicts with files in /etc/xdg/autostart that must be removed: "polkit-gnome-authentication-agent-1.desktop" and "polkit-kde-authentication-agent-1.desktop".
Add "debug" switch to fingerprint-gui, you can see the debug log in /var/log/auth.log
Refer to "Manual_en.html" and "CHANGELOG" for more information. Dépendances optionnelles pour fingerprint-gui libusb: for libbsapi yaourt fingerprint 134,43s user 10,13s system 53% cpu 4:31,06 total
- kipi + require for video thumbnails? + gtk theme manager!!
créer le fichier /etc/modprobe.d/blacklist.conf avec pour contenu :
blacklist pcspkr
Cette petite ligne permet de désactiver le « beep » atroce et faisant saigner les oreilles sortant parfois des entrailles de la machine – pour un dispositif nomade, donc coutumier des salles de cours, c’est un comportement indisposant.
DO NOT USE
créer le fichier /etc/modprobe.d/snd_hda_intel.conf avec le contenu :
options snd-hda-intel model=laptop
options snd_hda_intel power_save=1
options snd-hda-intel enable_msi=1
ajouter le répertoire à /etc/pacman.conf
[repo-ck]
SigLevel = PackageRequired
Server = http://repo-ck.com/$arch
ajouter la signature de graysky
# pacman-key -r 6176ED4B; pacman-key --lsign-key 6176ED4B
mettre à jour la base de pacman (et avoir la musique en tête, accessoirement, de rien c’est gratuit)
# pacman -Syy
installer le noyau qui va bien (ici optimisé pour un Intel Atom)
# pacman -S linux-ck-corex linux-ck-corex-headers
À ce moment, il faut sélectionner les paquets qui vont bien par rapport à la configuration matérielle, pour ma part j’avais besoin des drivers Broadcom, donc j’ai sélectionné le noyau (évidemment), et le module (qui ajoutera tout ce qu’il faut dans /etc/modules-load.d/.
changer d’elevator (si par exemple vous n’avez pas de SSD, auquel cas il est conseillé de garder deadline) :
Insérez elevator=bfq dans /etc/default/grub à la ligne GRUB_CMDLINE_LINUX_DEFAULT, puis régénérez GRUB2 d’un grub-mkconfig -o /boot/grub/grub.cfg.
Add i915 to mkinitcpio.conf (module section)
xdg-open
xdg-open is a desktop-independent tool for configuring default applications.
Can stay in rc.conf Alternatively, you may remove the /etc/rc.conf file entirely and enable services in systemd (see wiki).
Tip: Normally all needed modules are automatically loaded by udev, so you will rarely need to add something here. Only add modules that you know are missing.
Edit /etc/modules-load.d/ to configure kernel modules to load during boot in a static list. Each configuration file is named in the style of /etc/modules-load.d/.conf. The configuration files should simply contain a list of kernel module names to load, separated by newlines. Empty lines and lines whose first non-whitespace character is # or ; are ignored. Example:
/etc/modules-load.d/virtio-net.conf # Load virtio-net.ko at boot virtio-net
Browser Profiles
One can easily mount browser profile(s) such as chromium, firefox, opera, etc. into RAM via tmpfs and also use rsync to keep them synced with HDD-based backups. In addition to the obvious speed enhancements, users will also save read/write cycles on their SSD by doing so.
The AUR contains several packages to automate this process, for example profile-sync-daemon.
-
the underlying device must be aligned (if using partitions, be sure you have start of partition aligned, better use "fdisk -u" to calculate in sectors. If not sure, align to 1M or even 4M offset, this will always fit:-) (fdisk from latest util-linux-ng should support automatic alignment)
-
be sure that lvm2 PV metadata (data start) is always aligned (see pvcreate --dataalignment parameter) (latest lvm2 already have support for automatic data alignment if kernel exports proper alignment data)
-
for cryptetup/LUKS - use "--align-payload" parameter (default is alignment to 4k boundary, not enough for SSD). Note that parameter is in 512 bytes sectors!
e.g. you want to align to 4MB boundary ( = 8192 * 512 bytes), use
cryptsetup luksFormat --align-payload=8192 ...
verify with cryptsetup luksDump (see Payload offset)
(I usually set lvm2 extent size to 4MB and aling LUKS the same, so the LUKS header takes exactly one extent.)
- and finally, you should optimize FS above that device stack
(From the kernel point of view, there is no difference if you put lvm2 over LUKS or vice versa - both should work the same. Just configuration is different, I have some old slides describing activation of volumes here http://mbroz.fedorapeople.org/talks/LinuxAlt2008-eng/ )
-
properly align partition (use sectors, not default: fdisk -u, or use parted)
-
align data on LUKS drive (e.g. cryptsetup luksFormat ... --align-payload=8192 to align to 4MB)
-
pvcreate --dataalignment 4M to align PV to 4M offset, all LVs will be aligned automagically when created (option available in recent lvm2)
FOLLOWING IS NOT UPDATED YET
useradd -m -G users,audio,lp,optical,storage,video,wheel,power,network -s /bin/bash yourname
Next, add a password for your new user using
passwd yourname
Build a mirrorlist using the rankmirrors script
/usr/bin/rankmirrors is a python script which will attempt to detect the mirrors which are closest to the installation machine based on the mirrors specified in /etc/pacman.d/mirrorlist. Faster mirrors will dramatically improve pacman performance, and the overall Arch Linux experience. This script may be run periodically, especially if the chosen mirrors provide inconsistent throughput and/or updates.
First, use pacman to install python & curl :
pacman -Sy python curl
cd to the /etc/pacman.d/ directory:
cd /etc/pacman.d
Backup the existing /etc/pacman.d/mirrorlist:
cp mirrorlist mirrorlist.backup
Edit mirrorlist.backup and uncomment all mirrors on the same continent or within geographical proximity to test with rankmirrors.
nano mirrorlist.backup
Run the script against the mirrorlist.backup with the -n switch and redirect output to a new /etc/pacman.d/mirrorlist file:
rankmirrors -n 6 mirrorlist.backup > mirrorlist
-n 6: rank the 6 fastest mirrors<
After creating/editing /etc/pacman.d/mirrorlist, (manually or by /usr/bin/rankmirrors) issue the following command:
pacman -Syy
SLiM is not a good option for starting Gnome. Besides tweakings required for accessing gnome-keyring (see below) it won't allow you to use gnome deskbar to shutdown or reboot the machine (lack of consolekit support).
pacman -S slim
There are also additional themes packages:
pacman -S slim-themes archlinux-themes-slim
nano /etc/slim.conf
For exemple to enable the archlinux theme:
#current_theme default
current_theme archlinux-simplyblack
To preview a theme, run:
slim -p /usr/share/slim/themes/<theme name>
Simply type "exit" and press Enter to get out of the preview.
There are two ways to do that:
- Via Daemon
- Via Run-level (this is the one described below)
Modify default run-level by editing /etc/inittab and find the line that looks like this:
id:3:initdefault:
Modify the '3' to '5' for X11:
id:5:initdefault:
Add or uncomment if exsiting the following line to /etc/inittab: x:5:respawn:/usr/bin/slim >& /dev/null
How to start from command line rather than SLiM?
If you are using SLiM to launch a Gnome session and have trouble accessing your keyring, for example not being automatically authenticated on login, add the following lines to /etc/pam.d/slim
auth optional pam_gnome_keyring.so
session optional pam_gnome_keyring.so auto_start
You also need to modify and replace login_cmd in /etc/slim.conf:
login_cmd exec ck-launch-session dbus-launch /bin/bash -login ~/.xinitrc %session >~/.xsession-errors 2>&1
It is aleady installed with Gnome
Edit /etc/rc.conf as root:
nano /etc/rc.conf
Disable (!) any devices in the INTERFACES array that you wish to manage with Wicd. For example:
INTERFACES=(!eth0 !wlan0)
#NETWORKS=(main)
#Static IP example
#eth0="eth0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"
eth0="dhcp"
INTERFACES=(!eth0 !eth1)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
#
gateway="default gw 192.168.0.1"
ROUTES=(!gateway)
If you don't use OpenVPN, CiscoVPN or 3G broadband connection then wicd offers the best choice (fast, both GUI and CLI interface). When using the above modes it is recommended to use Gnome network manager
pacman -S wicd pacman -S hicolor-icon-theme gksu python-notify
DO NOT INSTALL notification-daemon!!!
Now, add wicd to the DAEMONS array (hal before wicd). The DAEMONS array should now look something like this:
DAEMONS=(syslog-ng hal !network !dhcdbd !networkmanager wicd ...)
Disable (!) any other existing network management daemons in the DAEMONS array, including network, dhcdbd, and networkmanager. Note: wicd uses dbus but as we have with hal in DAEMONS array the Hal daemon will automatically start dbus for you.
Save and close.
the Unix group that dbus allows to access wicd is subject to change, and may be different than network. Check which policy group is specified in /etc/dbus-1/system.d/wicd.conf, and add your user to that group.
Lastly, reboot your PC. Note: There is no need to reboot your computer after installing and configuring wicd. Arch != Windows so there's no need to reboot after installing some (trivial) stuff like wicd. Start /etc/rc.d/dbus (or hal) and /etc/rc.d/wicd. If you want your new group for a user to be active you can just logout and login.
How to bypass Gnome keyring for normal users connecting with wireless
It's super simple! First, create a group called networkmanager with the following command (or any other method you prefer):
# groupadd networkmanager
Then add your user to that group using the following command (or any other preferred method):
# gpasswd -a username networkmanager
Replace username in the above command with your actual username.
Now, as root, launch nm-connection-editor and configure the connections:
# nm-connection-editor
Put a check mark next to "Available to all users" and apply the settings. Note: on gnome3 you can just clik on Wireless settings, it will probably ask for password to run with root privileges.
Now you won't be bothered by Gnome keyring! (citation needed) Also, if you additionally enable "connect automatically", your connection will be available and connected before you even log in to your desktop, making your whole startup process even faster!
ADDED SLIM with autologin!
modified /etc/slim.conf login_cmd exec /bin/bash -login ~/.xinitrc %session auto_login yes
modified .xinitrc exec ck-launch-session dbus-launch gnome-session
for intel graphic cards edit /etc/mkinitcpio.conf
MODULES="i915"
+++ Backup keys
dmsetup table --showkey
cryptsetup luksDump /dev/sda3 | grep "Payload offset"
Note Payload offset: 4040
then
dd if=/dev/sda3 of=./backup.img bs=512 count=4040
dmsetup info -c
How do I backup a LUKS header?
While you could just copy the appropriate number of bytes from the start of the LUKS partition, the best way is to use command option "luksHeaderBackup" of cryptsetup. This protects also against errors when non-standard parameters have been used in LUKS partition creation. Example:
cryptsetup luksHeaderBackup --header-backup-file h /dev/mapper/c1
cryptsetup luksHeaderBackup --header-backup-file h /dev/sda3
To restore, use the inverse command, i.e.
cryptsetup luksHeaderRestore --header-backup-file h /dev/mapper/c1
LVM header backup vgcfgbackup -f x201-lvm vgroup
+++ Restore keys
If you have live mapping still, you are not lost completely yet. Do not reboot! First run "dmsetup table --showkeys" and "dmsetup info -c" and store the full mapping to some file.
If you see dm-crypt mapping there mapped to proper drive, you can still recreate LUKS header with some some magic.
(If you have saved that dmsetup mapping, I'll describe hot to save you data
- still depends how many of fs was overwritten.)
If you want help with that, paste here "dmsetup table" (without using --showkeys, we do not want see your master key:-). For recovery you will need to know that key, so be sure you have full table with key stored as written above.
(Table is created according to LUKS header which is lost, so after reboot you are lost completely. BTW Passphrase will not help here at all.) http://www.spinics.net/lists/dm-crypt/msg02914.html https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery
UUID http://www.datadisk.co.uk/html_docs/redhat/rh_lvm.htm https://www.centos.org/docs/5/html/Cluster_Logical_Volume_Manager/mdatarecover.html
p dd if=./backup.img of=/dev/sda3 bs=512 count=4040
+++ Mount from recovery CD
- modprobe dm-crypt (not required)
- cryptsetup luksOpen /dev/sda3 mylvm
- vgscan
- vgchange -ay
- mkdir /mnt/oldroot
- mount /dev/mapper/vgroup-root /mnt/oldroot
+++ fsck on lvm fsck on lvm can be a bit tricky. Like a the normal process, the partition needs to be umounted and we can boot up using the rescue cd or in emergency mode. Normally, you fsck /dev/sda1
if the partition is lvm, you need to activate the lvm first like so
vgchange --ignorelockingfailure -ay lvscan --ignorelockingfailure (this command should now work) fsck /dev/volumegroup/lvname
if the logical volume contains a partition, you need to kpartx the lv.
+++ LVM snapshot
http://www.thegoldfish.org/2011/09/reverting-to-a-previous-snapshot-using-linux-lvm/ http://www.redhatlinux.info/2010/11/lvm-logical-volume-manager.html http://doc.ubuntu-fr.org/lvm
LVM snapshot
lvcreate -L 10g -s -n mysnapshot /dev/vgroup/root
Revert back to LVM snapshot
Reboot with USB Archlinu key
- loadkeys fr
- cryptsetup luksOpen /dev/sda4 mylvm
- vgscan
- vgchange -ay
- lvconvert --merge /dev/vgroup/mysnapshot
- reboot for root partition
then for non root umount /home lvchange -an vgroup/home dmsetup status vgroup-snaphome lvchange -ay vgroup/home
remove snapshot
++ Manual Luks volume
dd if=/dev/zero of=/bigsecret bs=1M count=10 losetup /dev/loop0 /bigsecret cryptsetup luksFormat /dev/loop0 ===> cryptsetup luksFormat -c cast5-cbc-plain -s 128 -h sha256 /dev/$DEVICE cryptsetup luksOpen /dev/loop0 secret
FORMAT mkfs.ext2 /dev/mapper/secret
MOUNT mkdir /mnt/secret mount -t ext2 /dev/mapper/secret /mnt/secret
UMOUNT umount /mnt/secret cryptsetup luksClose secret losetup -d /dev/loop0 # free the loopdevice.
REMOUNT losetup /dev/loop0 /bigsecret cryptsetup luksOpen /dev/loop0 secret mount -t ext2 /dev/mapper/secret /mnt/secret
check if trim is enabled https://sites.google.com/site/lightrush/random-1/checkiftrimonext4isenabledandworking
optimization http://postblue.info/netbook-archlinux-i3-optimisation/
power saving https://github.com/Unia/powersave http://crunchbang.org/forums/viewtopic.php?id=11954&p=1
nice example from postblue http://bin.postblue.info/powersave
Insérez pcie_aspm=force dans /etc/default/grub à la ligne GRUB_CMDLINE_LINUX, puis régénérez GRUB2 d’un grub-mkconfig -o /boot/grub/grub.cfg.
permettre à systemd de gérer les événements du matériel en éditant le fichier /etc/systemd/logind.conf ;
créer le fichier /etc/modules-load.d/cpufreq.conf afin d’activer les modules de contrôle de la fréquence du processeur, avec le contenu suivant ; ici j’utilise le module acpi_cpufreq mais choisissez le module qui convient le mieux à votre matériel :
# Load cpufreq driver
acpi_cpufreq
# Load cpufreq governors
cpufreq_performance
cpufreq_powersave
cpufreq_ondemand
/etc/udev/rules.d/50-powersave.rules SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="0", RUN+="/usr/bin/powersave true" SUBSYSTEM=="power_supply", ENV{POWER_SUPPLY_ONLINE}=="1", RUN+="/usr/bin/powersave false" KERNEL=="sr0", SUBSYSTEM=="block", ENV{POWER_SUPPLY_ONLINE}=="0", ENV{UDISKS_DISABLE_POLLING}="1" KERNEL=="sr0", SUBSYSTEM=="block", ENV{POWER_SUPPLY_ONLINE}=="1", ENV{UDISKS_DISABLE_POLLING}="0"
/usr/lib/systemd/system-sleep/powersave.sh
#!/bin/sh
case $1 in
pre) /usr/bin/powersave false ;;
post)
if cat /sys/class/power_supply/ADP1/online | grep 0 > /dev/null 2>&1
then
/usr/bin/powersave true
else
/usr/bin/powersave false
fi
;;
esac
exit 0
Change execution flag
# chmod +x /usr/lib/systemd/system-sleep/powersave.sh
/usr/bin/powersave #!/bin/sh
case "$1" in true) # Enable power saving settings on battery # bus for i in /sys/bus//devices//power/control; do echo auto > $i; done # usb autosuspend for i in /sys/bus/usb/devices//power/autosuspend; do echo 1 > $i; done for i in /sys/bus/usb/devices//power/control; do echo auto > $i; done # sata powersave for i in /sys/class/scsi_host/host*/link_power_management_policy; do echo min_power > $i; done # disk powersave #for dev in /dev/sd[a-z]; do hdparm -S 12 -B 200 -a 2048 $dev; done # nmi_watchdog echo 0 > /proc/sys/kernel/nmi_watchdog # cpu for i in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do echo powersave > $i; done #echo 1 > /sys/devices/system/cpu/sched_smt_power_savings #echo 1 > /sys/devices/system/cpu/sched_mc_power_savings #echo 80 > /sys/devices/system/cpu/cpufreq/conservative/up_threshold #echo 40 > /sys/devices/system/cpu/cpufreq/conservative/down_threshold #echo 20000 > /sys/devices/system/cpu/cpufreq/conservative/sampling_rate #echo 1 > /sys/devices/system/cpu/cpufreq/conservative/sampling_down_factor #echo 20 > /sys/devices/system/cpu/cpufreq/conservative/freq_step # aspm echo powersave > /sys/module/pcie_aspm/parameters/policy # kernel write mode echo 5 > /proc/sys/vm/laptop_mode echo 90 > /proc/sys/vm/dirty_ratio echo 1 > /proc/sys/vm/dirty_background_ratio echo 1500 > /proc/sys/vm/dirty_expire_centisecs echo 1500 > /proc/sys/vm/dirty_writeback_centisecs # sound card powersave echo 1 > /sys/module/snd_hda_intel/parameters/power_save echo Y > /sys/module/snd_hda_intel/parameters/power_save_controller #echo 1 > sys/module/snd_ac97_codec/parameters/power_save # wlan0/eth0 powersave iwconfig wlan0 power on ethtool -s eth0 wol d # i915 echo 1 > /sys/module/i915/parameters/i915_enable_rc6 echo 1 > /sys/module/i915/parameters/i915_enable_fbc echo 1 > /sys/module/i915/parameters/powersave echo 1 > /sys/module/i915/parameters/semaphores echo 1 > /sys/module/i915/parameters/lvds_downclock ;; false) # Return to default on AC power # bus for i in /sys/bus//devices//power/control; do echo on > $i; done # usb autosuspend for i in /sys/bus/usb/devices//power/autosuspend; do echo 0 > $i; done for i in /sys/bus/usb/devices//power/control; do echo on > $i; done # sata powersave for i in /sys/class/scsi_host/host*/link_power_management_policy; do echo max_performance > $i; done # disk powersave rotational only #for dev in /dev/sd[a-z]; do hdparm -S 120 -B 255 -a 128 $dev; done # nmi_watchdog echo 1 > /proc/sys/kernel/nmi_watchdog # cpu for i in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do echo performance > $i; done #echo 0 > /sys/devices/system/cpu/sched_smt_power_savings #echo 0 > /sys/devices/system/cpu/sched_mc_power_savings # aspm echo performance > /sys/module/pcie_aspm/parameters/policy # kernel write mode echo 0 > /proc/sys/vm/laptop_mode echo 10 > /proc/sys/vm/dirty_ratio echo 5 > /proc/sys/vm/dirty_background_ratio echo 500 > /proc/sys/vm/dirty_expire_centisecs echo 500 > /proc/sys/vm/dirty_writeback_centisecs # sound card powersave echo 0 > /sys/module/snd_hda_intel/parameters/power_save echo Y > /sys/module/snd_hda_intel/parameters/power_save_controller #echo 0 > sys/module/snd_ac97_codec/parameters/power_save # wlan0/eth0 powersave iwconfig wlan0 power off ethtool -s eth0 wol d # i915 echo 0 > /sys/module/i915/parameters/i915_enable_rc6 echo 0 > /sys/module/i915/parameters/i915_enable_fbc echo 0 > /sys/module/i915/parameters/powersave echo 0 > /sys/module/i915/parameters/semaphores echo 0 > /sys/module/i915/parameters/lvds_downclock ;; esac exit 0
chmod +x /usr/bin/powersave
disabled for now echo 1 > /sys/module/snd_hda_intel/parameters/power_save echo Y > /sys/module/snd_hda_intel/parameters/power_save_controller #echo 1 > sys/module/snd_ac97_codec/parameters/power_save
xdg-user-dirs uses a configuration file located at ~/.config/user-dirs.dir. Its format is as follows
## Localized folders
# This file is written by xdg-user-dirs-update
# If you want to change or add directories, just edit the line you're
# interested in. All local changes will be retained on the next run
# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
# absolute path. No other format is supported.
#
XDG_DESKTOP_DIR="$HOME/Bureau"
XDG_DOWNLOAD_DIR="$HOME/Téléchargements"
XDG_TEMPLATES_DIR="$HOME/Modèles"
XDG_PUBLICSHARE_DIR="$HOME/Public"
XDG_DOCUMENTS_DIR="$HOME/Documents"
XDG_MUSIC_DIR="$HOME/Musique"
XDG_PICTURES_DIR="$HOME/Images"
XDG_VIDEOS_DIR="$HOME/Vidéos"
Remove or rename the one you like/don't like and also delete the folders from the drives for the one you no longer want.
# gconf-editor
/apps/guake/general/use_vte_titles
Create/Edit ~/.gnomerc
and add
#export LC_COLLATE=C That was the original post
replaced by
#export LC_COLLATE="fr_FR.UTF-8"
IMPORTANT NOTE: You must make the '.gnomerc' file executable before restarting your computer. You can use a command like
chmod 755 .gnomerc or chmod 700 .gnomerc
https://bbs.archlinux.org/viewtopic.php?pid=1081952
In the end I got it working with: /etc/locale.conf
LANG=fr_FR.UTF-8
#LC_COLLATE="C"
LC_COLLATE="fr_FR.UTF-8"
and adding/modifying the following in ~/.zshrc.local
export LC_ALL="fr_FR.UTF-8"
#export LC_COLLATE="C"
export LC_COLLATE="fr_FR.UTF-8"
# systemctl enable cups.service
PDF virtual printer
CUPS-PDF is a nice package that allows one to setup a virtual printer that will generate a PDF from anything sent to it. Obviously this package is not necessary, but it can be quite useful.
Find generated PDF documents in a sub-directory located at /var/spool/cups-pdf. Normally, the subdirectory is named after the user who performed the job. A little tweak helps you to find your printed PDF documents more easily. Edit /etc/cups/cups-pdf.conf by changing the line
#Out /var/spool/cups-pdf/${USER}
to
Out /home/${USER}
This package can be installed by the following command:
pacman -S cups-pdf
After installing the package, set it up as if it were for any other printer by using the web interface. For the Device, select CUPS-PDF (Virtual PDF Printer); Make/Manufacturer, choose Generic; Model/Driver, select Generic postscript color printer or Generic Cups-PDF Printer.
Quality sucks!
Not enabled by default
# systemctl enable cronie.service
Since version 38, systemd has its own logging system, the journal. Therefore, running a syslog daemon is no longer required. To read the log, use:
# journalctl
By default (when Storage= is set to auto in /etc/systemd/journald.conf), the journal writes to /var/log/journal/. If the directory /var/log/journal/ does not exist (e.g. if you or some program delete it), systemd will not create it automatically, but instead write its logs to /run/systemd/journal. This means that logs will be lost on reboot.
On default installation it appears to be using /var/log/journal
Adding ipv6.disable=1 to the kernel line disables the whole IPv6 stack, which is likely what you want if you are experiencing issues. See Kernel parameters for more information.
-
Disabled gnome-keyring in gnome-session-properties
-
disable gpg-agent in ~/.gnupg.conf
-
create /etc/profile.d/gpg-agent.sh
#!/bin/sh
envfile="${HOME}/.gnupg/gpg-agent.env" if test -f "$envfile" && kill -0 $(grep GPG_AGENT_INFO "$envfile" | cut -d: -f 2) 2>/dev/null; then eval "$(cat "$envfile")" else eval "$(gpg-agent --daemon --write-env-file "$envfile")"
fi export GPG_AGENT_INFO # the env file does not contain the export statement
chmod + x /etc/profile/d/gpg-agent.sh
-
create /etc/udev/rules.d/40-cryptostick.rules
SUBSYSTEM!="usb", GOTO="cryptostick_rules_end" ACTION!="add", GOTO="cryptostick_rules_end"
ATTR{idVendor}=="20a0", ATTR{idProduct}=="4107", ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
LABEL="cryptostick_rules_end"
/etc/systemd/system/ciscovpn.service
[Unit]
Description=Cisco AnyConnect Secure Mobility Client Agent
Requires=network.target remote-fs.target
After=network.target remote-fs.target
[Service]
Type=forking
PIDFile=/var/run/vpnagentd.pid
ExecStart=/opt/cisco/vpn/bin/vpnagentd
ExecStop=/usr/bin/killall /opt/cisco/vpn/bin/vpnagentd
Restart=on-abort
[Install]
# one may want to use multi-user.target instead
WantedBy=graphical.target
## Some systemd services
https://wiki.archlinux.org/index.php/Systemd/Services
sudo lvcreate -L 2g -s -n home-snapshot /dev/vgroup/home sudo lvcreate -L 2g -s -n root-snapshot /dev/vgroup/root sudo cp /boot/vmlinuz-linux /boot/vmlinuz-linux-PREVIOUS sudo cp /boot/vmlinuz-linux-ck /boot/vmlinuz-linux-ck-PREVIOUS sudo cp /boot/initramfs-linux.img /boot/initramfs-linux-PREVIOUS.img sudo cp /boot/initramfs-linux-ck.img /boot/initramfs-linux-ck-PREVIOUS.img
if everything is ok, remove snapshots: sudo lvremove /dev/vgroup/root-snapshot sudo lvremove /dev/vgroup/home-snapshot
issues with i915
removed echo 0 > /sys/module/i915/parameters/i915_enable_rc6 echo 0 > /sys/module/i915/parameters/i915_enable_fbc echo 0 > /sys/module/i915/parameters/powersave
from /usr/bin/powersave
Added i915 in /etc/mkinitcpio.conf Created /etc/modprobe.d/i915.conf
options i915 i915_enable_rc6=1 options i915 i915_enable_fbc=1 options i915 lvds_downclock=1
Removed from grub default
apparement si i915 est dans mkinitcpio.conf alors on ne peut plus l'écrire après, uniquement via i915.conf (a investiguer)