________ ___ _ ______ _____ ____ ____ _____ _ _ _____ _______ _ _
| ____\ \ / / | | | ____| __ \| _ \ / __ \ |_ _| \ | |/ ____|__ __|/\ | | | |
| |__ \ V /| |__| | |__ | |__) | |_) | | | |______| | | \| | (___ | | / \ | | | |
| __| > < | __ | __| | _ /| _ <| | | |______| | | . ` |\___ \ | | / /\ \ | | | |
| |____ / . \| | | | |____| | \ \| |_) | |__| | _| |_| |\ |____) | | |/ ____ \| |____| |____
|______/_/ \_\_| |_|______|_| \_\____/ \____/ |_____|_| \_|_____/ |_/_/ \_\______|______|This guide is based on several documentations
Exherbo
- Title: Installation Guide
- Source: http://exherbo.org/docs/install-guide.html
Systemd
- Title: The Boot Loader Specification
- Source: https://systemd.io/BOOT_LOADER_SPECIFICATION/
Freedesktop
- Title: systemd-gpt-auto-generator
- Source: https://www.freedesktop.org/software/systemd/man/systemd-gpt-auto-generator.html
Download SystemRescueCD, Archlinux or other live systems.
Put it on the usb stick:
root@archiso ~ # dd if=/path/to/system-x.y.z.iso of=/dev/sdx
Reboot
Disk layout:
+-----------------+ +-----------------+ +-----------------------------------------------------------------------+
| ESP | | XBOOTLDR | | Subvolume 1 | Subvolume 2 | Subvolume 3 |
| | | | | | | |
| /efi | | /boot | | @ or / | @home or /home | @snapshots or /.snapshot |
| | | | | | | |
| | | | |_ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ __ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ ____|
| | | | | |
| /dev/nvme0n1p1 | | /dev/nvme0n1p2 | | LUKS2 encrypted partition nvme0n1p3 |
| | | | | |
+-----------------+ +-----------------+ +-----------------------------------------------------------------------+Create a new GPT disklabel and three partitions, one for the ESP (~100mb), one for the XBOOTLDR (~200mb) and another one for the LUKS container (the remaining disk space).
root@archiso ~ # fdisk /dev/nvme0n1
Welcome to fdisk (util-linux 2.36.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): g
Created a new GPT disklabel (GUID: AF3C933D-3C72-4342-8CBA-057327B4FD1A).
Command (m for help): n
Partition number (1-128, default 1):
First sector (2048-1000215182, default 2048):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-1000215182, default 1000215182): +100MB
Created a new partition 1 of type 'Linux filesystem' and of size 95 MiB.
Command (m for help): t
Selected partition 1
Partition type or alias (type L to list all): 1
Changed type of partition 'Linux filesystem' to 'EFI System'.
Command (m for help): n
Partition number (2-128, default 2):
First sector (196608-1000215182, default 196608):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (196608-1000215182, default 1000215182): +200MB
Created a new partition 2 of type 'Linux filesystem' and of size 191 MiB.
Command (m for help): t
Partition number (1,2, default 2):
Partition type or alias (type L to list all): 48
Changed type of partition 'Linux filesystem' to 'Linux extended boot'.
Command (m for help): n
Partition number (3-128, default 3):
First sector (587776-1000215182, default 587776):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (587776-1000215182, default 1000215182):
Created a new partition 3 of type 'Linux filesystem' and of size 476.7 GiB.
Command (m for help): p
Disk /dev/nvme0n1: 476.94 GiB, 512110190592 bytes, 1000215216 sectors
Disk model: WDC PC SN720 SDAQNTW-512G-1001
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: AF3C933D-3C72-4342-8CBA-057327B4FD1A
Device Start End Sectors Size Type
/dev/nvme0n1p1 2048 196607 194560 95M EFI System
/dev/nvme0n1p2 196608 587775 391168 191M Linux extended boot
/dev/nvme0n1p3 587776 1000215182 999627407 476.7G Linux filesystem
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.Format EFI Partition:
root@archiso ~ # mkfs.vfat -F32 /dev/nvme0n1p1
Format BOOT Partition:
root@archiso ~ # mkfs.vfat -F32 /dev/nvme0n1p2
Create the LUKS encrypted container and open it:
root@archiso ~ # cryptsetup --cipher aes-xts-plain64 --hash sha512 --use-random --verify-passphrase luksFormat /dev/nvme0n1p3
root@archiso ~ # cryptsetup open /dev/nvme0n1p3 root
Format LUKS container
root@archiso ~ # mkfs -t btrfs --force -L root /dev/mapper/root
Create BTRFS subvolumes:
root@archiso ~ # mount -t btrfs -o compress=zstd /dev/mapper/root /mnt
root@archiso ~ # btrfs subvolume create /mnt/@
root@archiso ~ # btrfs subvolume create /mnt/@home
root@archiso ~ # btrfs subvolume create /mnt/@snapshots
Unmount the system partition at /mnt
root@archiso ~ # umount /mnt
Mount options:
root@archiso ~ # o=defaults,x-mount.mkdir
root@archiso ~ # o_btrfs=$o,compress=zstd,ssd,noatime
Mount new subvolumes:
root@archiso ~ # mount -o compress=zstd,subvol=@,$o_btrfs /dev/mapper/root /mnt
root@archiso ~ # mount -o compress=zstd,subvol=@home,$o_btrfs /dev/mapper/root /mnt/home
root@archiso ~ # mount -o compress=zstd,subvol=@snapshots,$o_btrfs /dev/mapper/root /mnt/.snapshots
Get the latest automatically-built daily archive of Exherbo from Stages and verify the consistence of the file:
root@archiso ~ # cd /mnt
root@archiso /mnt # curl -O https://dev.exherbo.org/stages/exherbo-x86_64-pc-linux-gnu-current.tar.xz
root@archiso /mnt # curl -O https://dev.exherbo.org/stages/sha1sum
root@archiso /mnt # grep exherbo-x86_64-pc-linux-gnu-current.tar.xz sha1sum | sha1sum -c
Extract the stage:
root@archiso /mnt # tar xJpf exherbo*xz
Mount everything for the chroot:
root@archiso ~ # mount -o rbind /dev /mnt/dev/
root@archiso ~ # mount -o bind /sys /mnt/sys/
root@archiso ~ # mount -t proc none /mnt/proc/
root@archiso ~ # mount /dev/nvme0n1p1 -o x-mount.mkdir /mnt/efi
root@archiso ~ # mount /dev/nvme0n1p2 /mnt/boot
Make sure the network can resolve DNS:
root@archiso ~ # cp /etc/resolv.conf /mnt/etc/resolv.conf
Change your root:
root@archiso ~ # env -i TERM=$TERM SHELL=/bin/bash HOME=$HOME $(which chroot) /mnt /bin/bash
root@archiso / # source /etc/profile
root@archiso / # export PS1="(chroot) $PS1"
Make sure Paludis is configured correctly:
(chroot) root@archiso ~ # cd /etc/paludis && vim bashrc && vim *conf
Sync all the trees – now it is safe to sync
(chroot) root@archiso ~ # cave sync
(chroot) root@archiso ~ # cave resolve world -c
Create fstab:
(chroot) root@archiso /mnt # vim /etc/fstab
# <fs> <mountpoint> <type> <opts> <dump/pass>
/dev/mapper/root / btrfs defaults,noatime,discard,ssd,compress=zstd,subvol=@ 0 1
/dev/mapper/root /home btrfs defaults,noatime,discard,ssd,compress=zstd,subvol=@home 0 1
/dev/mapper/root /.snapshots btrfs defaults,noatime,discard,ssd,compress=zstd,subvol=@snapshots 0 1
tmpfs /tmp tmpfs rw,nosuid,noatime,nodev,mode=1777 0 0
Create crypttab:
(chroot) root@archiso /mnt # blkid | grep nvme0n1p3
/dev/nvme0n1p3: UUID="5a1558cc-0d27-4795-a2bc-64ffdfc04f8b" TYPE="crypto_LUKS" PARTUUID="c6d92a71-284e-1d41-a5c0-748cf21e53b8"
(chroot) root@archiso /mnt # vim /etc/crypttab
root UUID=5a1558cc-0d27-4795-a2bc-64ffdfc04f8b none luks,cipher=aes-xts-plain64,discard
Rebuild systemd with efi and cryptsetup flag:
(chroot) root@archiso ~ # echo "sys-apps/systemd cryptsetup efi" >> /etc/paludis/options.conf
(chroot) root@archiso ~ # cave resolve -x sys-apps/systemd
Install dracut, cryptsetup and btrfs-progs:
(chroot) root@archiso ~ # echo "sys-apps/coreutils xattr" >> /etc/paludis/options.conf
(chroot) root@archiso ~ # cave resolve -x dracut --take btrfs-progs
Configure dracut:
(chroot) root@archiso ~ # echo "compress=\"xz\"" > /etc/dracut.conf.d/compress.conf
(chroot) root@archiso ~ # echo "force=\"yes\"" > /etc/dracut.conf.d/force.conf
(chroot) root@archiso ~ # echo "hostonly=\"yes\"" > /etc/dracut.conf.d/hostonly.conf
(chroot) root@archiso ~ # echo "hostonly_mode=\"strict\"" >> /etc/dracut.conf.d/hostonly.conf
(chroot) root@archiso ~ # echo "dracutmodules=\"base bash crypt dm btrfs dracut-systemd fs-lib i18n kernel-modules rootfs-block systemd systemd-initrd terminfo udev-rules usrmount\"" > /etc/dracut.conf.d/modules.conf
Configure console keymap:
(chroot) root@archiso ~ # echo KEYMAP=fr > /etc/vconsole.conf
Create kernel cmdline:
(chroot) root@archiso ~ # echo quiet > /etc/kernel/cmdline
Install systemd-boot:
(chroot) root@archiso ~ # mount -t efivarfs efivarfs /sys/firmware/efi/efivars
(chroot) root@archiso ~ # bootctl --esp-path=/efi --boot-path=/boot install
Download and extract the latest stable kernel from The Linux Kernel Archives.
Go to the kernel folder:
(chroot) root@archiso ~ # mkdir /usr/src/kernel && cd $_
(chroot) root@archiso /usr/src/kernel # wget https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.10.4.tar.xz
(chroot) root@archiso /usr/src/kernel # tar -xf linux-5.10.4.tar.xz && cd linux-5.10.4
Configure kernel:
(chroot) root@archiso /usr/src/kernel/linux-5.10.4 # make nconfig
NVM Express block device:
Device Drivers --->
<*> NVM Express block device
Btrfs support:
File systems --->
<*> Btrfs filesystem
Device mapper and crypt target:
[*] Enable loadable module support
Device Drivers --->
[*] Multiple devices driver support (RAID and LVM) --->
<*> Crypt target support
Cryptographic API functions:
[*] Cryptographic API --->
<*> XTS support
<*> User-space interface for hash algorithms
<*> User-space interface for symmetric key cipher algorithms
Compression algorithm:
[*] Cryptographic API --->
<*> LZO compression algorithm
<*> LZ4 compression algorithm
<*> LZ4HC compression algorithm
<*> Zstd compression algorithm
Iwd:
Security Options --->
[*] Enable access key retention support
[*] Diffie-Hellman operations on retained keys
Cryptographic API --->
<*> Triple DES EDE cipher algorithm (x86-64)
<*> ARC4 cipher algorithm
Build and install kernel/initramfs:
(chroot) root@archiso /usr/src/kernel/linux-5.3.11 # eclectic installkernel set -2
(chroot) root@archiso /usr/src/kernel/linux-5.3.11 # make -j$(nproc)
(chroot) root@archiso /usr/src/kernel/linux-5.3.11 # make modules_install
(chroot) root@archiso /usr/src/kernel/linux-5.3.11 # mkdir /boot/$(cat /etc/machine-id)
(chroot) root@archiso /usr/src/kernel/linux-5.3.11 # make install
Configure your hostname:
(chroot) root@archiso ~ # echo "laptop" > /etc/hostname
Configure hosts:
(chroot) root@archiso ~ # vim /etc/hosts
127.0.0.1 laptop.local laptop localhost
::1 laptop.local laptop localhost
Additional kernel support (e.g. for an Intel wireless card):
(chroot) root@archiso ~ # cave resolve repository/hardware -x
(chroot) root@archiso ~ # cave resolve -x linux-firmware
Locales / LANG / timezone:
(chroot) root@archiso ~ # localedef -i en_US -f ISO-8859-1 en_US
(chroot) root@archiso ~ # echo LANG="en_US.UTF-8" > /etc/env.d/99locale
(chroot) root@archiso ~ # ln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime
Install iwd:
(chroot) root@archiso ~ # cave resolve -x iwd
Enable service:
(chroot) root@archiso ~ # systemctl enable getty@
(chroot) root@archiso ~ # systemctl enable iwd
(chroot) root@archiso ~ # systemctl enable dhcpcd
Set root password:
(chroot) root@archiso ~ # passwd
🔪 + 🐐 + 🙏
cave resolve -x dracut --take btrfs-progs is ending miserably with :
I encountered the following errors:
! dev-python/Sphinx
Reasons: sys-fs/btrfs-progs-6.14:0::arbor
Unsuitable candidates:
Masked by unavailable (In a repository which is unavailable)
As I'm just beginning with Paludis I've no clue what to do fix that.
Thank's