Arch Linux - bunnyamin/bunnix GitHub Wiki

General installation

Always do a quick comparison to the official Arch Linux Installation guide before a new complete installation.

Current distribution, version, and other information about the operative system

  • lsb_release -a
  • cat /etc/*-release
  • hostnamectl
  • uname -a

Preparation

  • Decide on an init system: init, SystemD, SysVinit.
  • Decide on Instruction Set Architecture: i686, x86_64, Multilib.
  • If Internet connection requires login, make sure to note all required credentials.

Setup

  1. Load keymap for keyboard
  2. Verify boot mode: BIOS or UEFI
  3. Partition devices
  4. Mount devices
    • The order devices or partitions are mounted or activated is the order genfstab arranges devices in fstab.
    • Example of recommended mount order:
      • # mount /dev/<device> /mnt
        • mkdir -p /mnt/boot/{esp,grub}
      • # mount /dev/<device> /mnt/boot
      • # swapon /dev/<device>
      • Mount or activate other devices.
  5. Connect to the Internet
  6. Adjust system clock
    • [timedatectl](systemd#timedatectl)
  7. Select pacman mirrorlist
  8. [pacstrap](#pacstrap)
  9. genfstab -U /mnt >> /mnt/etc/fstab
    • This could be done after changed root, however see Fstab for possible problems.
  10. Change root arch-chroot /mnt
  11. Install packages necessary for configuration.
  12. Configure basic installation.
  13. Before reboot:
    • Assign password for root user.
    • Configure not-root user.
    • If the internet connection will be lost after reboot, install all minimum necessary packages.
  14. Reboot.
  15. Expand basic configuration as needed:

Pacman

Useful commands

  • Query the package database (-Q) and print installed packages (-d) neither required nor optionally required by any currently installed package (-t) pacman -Qdt <package name>.
  • Query the package database (-Q) for owner (-o) of program pacman -Qo <program name>.
  • Query the package database (-Q) and list all of its paths (-l) of program pacman -Ql <package name>.
  • Query the package database (-Q) quietly (-q) for packages that are dependencies (-d) but are not required (-t) pacman -Qdtq.
  • Query the package database (-Q) and check if installed packages are missing any files (-k) pacman -Qk.
  • Remove all packages (-R) and their dependencies (-s) which are no longer necessary pacman -Rs $(pacman -Qdtq).
  • Remove specific package (-R), but not its dependencies pacman -R <package name>.
  • Remove specific package (-R), and its dependencies (-s) and configuration files (-n) pacman -Rns <package name>.
  • Remove all cached (-cc) packages pacman -Scc.
  • Remove all cached packages paccache -rk0.

AUR

  • Required to be non-root user

  • Download snapshot

  • Make package as normal user $ makepkg -src.

    • -i Install or upgrade the package after a successful build using pacman.
    • -s Install missing dependencies using pacman. When build-time or run-time dependencies are not found, pacman will try to resolve them. If successful, the missing packages will be downloaded and installed.
    • -r Upon successful build, remove any dependencies installed by makepkg during dependency auto-resolution and installation when using -s.
    • -c Clean up leftover work files and directories after a successful build.

  • Install package requires root # pacman -U <package name>.pkg.tar.xz.

If error ==> ERROR: Cannot find the fakeroot binary.

  • Install pacman -S base-devel

Mirrorlist

  • The mirrorlist directory /etc/pacman.d/mirrorlist.
  • Download mirrorlist curl -o /etc/pacman.d/mirrorlist "https://archlinux.org/mirrorlist/?country=all&protocol=https&ip_version=4&ip_version=6".
  • NOTE The subdomain www is no longer required (2021-12-29).
  • NOTE The trailing / after mirrorlist is required.

pacstrap

Assign -d to allow installation to a non-mountpoint directory.

  • For example, when installing from on existing Arch Linux installation to a directory to chroot into.

pacstrap [-d] /<root> <package 1> <package 2> <package 3> ...

  • The base package base.
  • AUR build tools base-devel.
  • The Linux kernel linux.
  • Firmware files for Linux linux-firmware.
  • sudo

Package

Audio

package description
alsa-card-profiles ALSA card profiles shared by PulseAudio.
alsa-lib An alternative implementation of Linux sound support.
alsa-topology-conf ALSA topology configuration files.
alsa-utils Advanced Linux Sound Architecture - Utilities.
alsa-ucm-conf ALSA Use Case Manager configuration (and topologies).
asoundconf (AUR) Utility to read and change the user's ALSA library configuration.
libpulse A featureful, general-purpose sound server (client library). Includes pactl.
pulseaudio A featureful, general-purpose sound server.
pulseaudio-alsa ALSA Configuration for PulseAudio.
pulseaudio-bluetooth Bluetooth support for PulseAudio.
pulseaudio-jack Jack support for PulseAudio. For example, 3.5 mm jacks.
pulseaudio-rtp RTP and RAOP support for PulseAudio.
pavucontrol PulseAudio Volume Control.
pulsemixer CLI and curses mixer for pulseaudio.

Connection

package description
bluez Daemons for the bluetooth protocol stack.
bluez-utils Development and debugging utilities for the bluetooth protocol stack. Contains the program bluetoothctl.
usbutils A collection of USB tools to query connected USB devices

Diskless

package description
atftp Client/server implementation of the TFTP protocol that implements RFCs 1350, 2090, 2347, 2348, and 2349.
dhcp A DHCP server, client, and relay agent. systemd-networkd is now preferred because it was easier to configure.
mkinitcpio-nbd mkinitcpio hook to boot from a NBD (Network Block Device).
mkinitcpio-nfs-utils ipconfig and nfsmount tools for NFS root support in mkinitcpio. Necessary for NFS client.
nbd Tools for network block devices, allowing you to use remote block devices over TCP/IP. Necessary for the server and the client mkinitcpio hook nbd.
nfs-utils Support programs for Network File Systems. Necessary for NFS server and client.

File management

package description
binutils A set of programs to assemble and manipulate binary and object files. For example, ar.
dpkg The Debian Package Manager tools.
mc A file manager that emulates Norton Commander.
ncdu Disk usage analyzer with an ncurses interface.
rpmextract Script to convert or extract RPM archives (contains rpm2cpio). Contains rpm2cpio.
xz Library and command line tools for XZ and LZMA compressed files.

Firmware

package description
intel-ucode Microcode update files for Intel CPUs.

Graphic

package description
xf86-video-amdgpu X.org amdgpu video driver.
xf86-video-ati X.org ati video driver.
xf86-video-intel X.org Intel i810/i830/i915/945G/G965+ video drivers.
xf86-video-nouveau Open Source 2D acceleration driver for nVidia cards.
xf86-video-vesa X.org vesa video driver.

Nvidia Optimus for Linux

package description
bumblebee NVIDIA Optimus support for Linux through VirtualGL.
intel-virtual-output In the package xf86-video-intel.
mesa-demos Mesa demos and tools incl. glxinfo + glxgears.
primus Faster OpenGL offloading for Bumblebee.

GUI

package description
xf86-input-libinput Generic input driver for the X.Org server based on libinput. Should obsolete xf86-input-synaptics. The libinput library requires regular users to be members of the group "input" in order to allow access to input devices.
xf86-input-synaptics Synaptics driver for notebook touchpads. Not necessary?; see xf86-input-libinput.
xorg-xrandr Primitive command line interface to RandR extension.
xorg-server Xorg X server.
xorg-xinit X.Org initialisation program.
xorg-xinput Small commandline tool to configure devices (xinput).

Miscellaneous

package description
cryptsetup Userspace setup tool for transparent encryption of block devices using dm-crypt (cryptsetup).
man-db A utility for reading man pages.
nano Pico editor clone with enhancements.
pciutils PCI bus configuration space access library and tools
usbutils A collection of USB tools to query connected USB devices
xterm X Terminal Emulator.

Network

package description
arp-scan A tool that uses ARP to discover and fingerprint IP hosts on the local network.
iw nl80211 based CLI configuration utility for wireless devices.
iwd Internet Wireless Daemon.
ethtool Utility for controlling network drivers and hardware.
dhclient A standalone DHCP client from the dhcp package.
dhcpc A DHCP server daemon, and relay agent.
dhcpcd RFC2131 compliant DHCP client daemon.
hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator.
inetutils A collection of common network programs, such as hostname.
ldns Fast DNS library supporting recent RFCs.
netcat To verify ports; GNU (gnu-netcat) or BSD (openbsd-netcat).
netctl Profile based systemd network management (netctl). systemd-networkd is now preferred because it was easier to configure, especially for a network with multiple device interfaces.
nftables Netfilter tables userspace tools, for example, ip forwarding and firewall.
nmap Utility for network discovery and security auditing.
openssh Free version of the SSH connectivity tools.
openresolv resolv.conf management framework (resolvconf). systemd-resolvectl is now preferred because it was easier to configure together with systemd-networkd.
tcpdump Powerful command-line packet analyzer.
wireguard-tools Next generation secure network tunnel - tools for configuration.
wireshark-cli Network traffic and protocol analyzer/sniffer - CLI tools and data files.
wpa_supplicant A utility providing key negotiation for WPA wireless networks.

Storage

package description
lvm2 Logical Volume Manager 2 utilities.
parted A program for creating, destroying, resizing, checking and copying partitions.
gptfdisk A text-mode partitioning tool that works on GUID Partition Table (GPT) disks.
dosfstools DOS filesystem utilities, for example, FAT support.

System maintenance

package description
arch-install-scripts Scripts to aid in installing Arch Linux. Required for an Arch Linux from which another Arch Linux is to be installed.
efibootmgr Tool to modify UEFI Firmware Boot Manager Variables.
grub GNU GRand Unified Bootloader (2).
man-pages Linux man pages.
pacman-contrib Contributed scripts and tools for pacman systems. For example, paccache.
sudo Give certain users the ability to run some commands as root.

Virtualization

package description
edk2-ovmf Open Virtual Machine Firmware to support firmware for Virtual Machines.
qemu-base QEMU without GUI. Prior to Qemu 7.0 the package was named Qemu (headless).
qemu-common A generic and open source machine emulator and virtualizer. Package named as of Qemu 7.0.

Configuration

Basic

A minimal configuration to expand depending on additional functional requirements.

file package configure
/etc/adjtime (base) Adjust the hardware clock from the system clock with the assumption that the hardware clock is in UTC: # hwclock --systohc --utc.
/boot/grub/grub.cfg grub-install, generate a grub configuration file with grub-mkconfig.
/etc/default/grub grub Install grub, and configure grub.
/etc/fstab (base) Generate fstab # genfstab -U /mnt >> /mnt/etc/fstab, where -U to use UUID or -L to use labels. The order devices or partitions are mounted or activated is the order genfstab arranges devices in fstab. Ensure that options are provided for basic devices ands paths, especially /boot. If using swap file add its entry to the fstab /swap none swap defaults 0 0 >> /etc/fstab.
/etc/hostname (base) Edit file in a text editor; add <hostname>. Alternatively, use SystemD # hostnamectl set-hostname <hostname>.
/etc/hosts (base) Edit file in a text editor: 127.0.0.1 <hostname>.localdomain <hostname>.
/etc/localtime (base) A syslink from the Time Zone Database database to localtime: $ ln -sf /usr/share/zoneinfo/<region>/<city> /etc/localtime.
/etc/locale.conf (base) Add locale, for example, LANG=en_US.UTF-8.
/etc/locale.gen (base) Uncomment locale in locale.gen and generate locale.conf and resources in /usr/lib/locale with locale-gen. Remember, any additional language later assigned requires to be uncomment in the locale.gen and locale-gen re-generated.
/etc/mkinitcpio.conf (base) For example, /etc/mkinitcpio.portable.conf, /etc/mkinitcpio.netboot.nfs.conf.
/etc/vconsole.conf (base) Add keyboard loadkeys keymap as KEYMAP.

bumblebee

Expanded from the basic configuration, xorg.

GeForce 650M

  1. Add regular user to bumblebee group # gpasswd -a <USER> bumblebee.
  2. Enable bumblebee service # systemctl enable bumblebeed.
  3. Reboot, login to xorg server and test bumblebee $ optirun glxgears -info.
file package configure
/etc/bumblebee/xorg.conf.nvidia bumblebee Configure bumblebee if necessary.

Diskless node, workstation, system

Expanded from the basic configuration. The diskless node, workstation, system is a minimal configuration that enables a client to boot over the network to a server using a PXE. The Linux OS root is mounted on the client over the network using NFS or NBD. Although the OS and all data are stored on the server, the OS and subsequent programs are executed on the client hardware.

Source:

Assuming network configuration:

SERVER 1 NETWORK DEVICE (0) GATEWAY IP : 192.168.0.1
SERVER 1 NETWORK DEVICE (0) IP         : 192.168.0.101/24
SERVER 1 NETWORK DEVICE (1) IP         : 192.168.1.101/24
SERVER 1 NETWORK DEVICE (2) IP         : 192.168.2.101/24
SERVER 1 NETWORK DEVICE (3) IP         : 192.168.3.101/24
SERVER ...

CLIENT 1 NETWORK DEVICE (1) IP         : 192.168.1.102/24
CLIENT 2 NETWORK DEVICE (2) IP         : 192.168.2.102/24
CLIENT 3 NETWORK DEVICE (3) IP         : 192.168.3.102/24
CLIENT ...
  1. Recommended packages:
    • arch-install-scripts to install Arch Linux for the clients.
    • tcpdump to debug network traffic.
    • wireshark-cli to debug network traffic.
  2. Install and configure the client OS on Server:
    1. basic configuration
    2. Create a mkinitcpio for NFS, for example mkinitcpio.netboot.nfs.conf.
      • Build the new image mkinitcpio -c /etc/mkinitcpio.netboot.nfs.conf -k 5.8.14-arch1-1 -g /boot/initramfs-linux.nfs.img.
      • Ensure that the initramfs is
        • small, no more than around 50MiB, because if it is too large then the connection to TFTP could be dropped with error: timeout reading netboot/initramfs-linux.nfs.img (atftpd.log), ICMP enp0s0.localdomain udp port 46503 unreachable, length 40 (tcpdump), and
        • allowed to be read otherwise ATFTP returns error File netboot/initramfs-linux.nfs.img not found.
    3. Create a symbolic link from the client /boot/ to the /srv/tftp/netboot/ directory. The boot files have to be in the TFTP search path.
    4. Configure boot loader:
  3. Configure SystemD NetworkD
    • Configure network for 2 or more static interfaces.
    • Ping the IP addresses to confirm that they work.
  4. Configure DNS
  5. Configure TFTP
  6. Configure NFS

Verify configuration

  • systemctl status systemd-networkd
  • systemctl status atftpd
  • systemctl status nfs-server

Package summary

Server

file package configure
/etc/conf.d/atftpd atftp Provide the TFTP directory. Assign --group nobody to ATFTPD_ARGS because atftpd defaults to nogroup and Arch Linux uses nobody.
/etc/conf.d/nfs-common.conf The nfs-common.conf is not necessary.
/etc/dhcpd.conf dhcp Enable and start DHCPD for IPv4 systemctl enable dhcpd4 and systemctl start dhcpd4. systemd-networkd is now preferred because it was easier to configure.
/etc/exports nfs-utils Declare NFS exports of directories. Enable and start systemctl enable nfs-server and systemctl start nfs-server includes, amongst other services, rpc.idmapd and rpc-mountd, or start them specifically # systemctl start nfs-idmapd nfs-mountd.
/etc/hostname (base) The server hostname.
/etc/hosts (base) Associate server and client IP addresses with hostnames and domains for the local network.
/etc/idmapd.conf nfs-utils Enable or disable idmapping and configure idmapd.conf. The idmapd is started, amongst other services, with systemctl start nfs-server. The service can be started specifically with # systemctl start nfs-idmapd.
/etc/mkinitcpio.conf mkinitcpio-nbd If root is served over NBD (not tested).
/etc/mkinitcpio.conf mkinitcpio-nfs-utils If root is served over NFS, setup mkinitcpio nfs.
/etc/modprobe.d/nfs.conf nfs-utils If enabling or disabling idmapping for NFS using modprobe.d.
/etc/modprobe.d/nfsd.conf nfs-utils If enabling or disabling idmapping for NFS using modprobe.d.
/etc/systemd/network/10-interface-dynamic.network (base) Example of a SystemD NetworkD DHCP connection.
/etc/systemd/network/20-interface-static.network (base) Example of a SystemD NetworkD static connection.
/etc/nbd-server/config nbd Not tested. Enable and start systemctl enable nbd and systemctl start nbd.
/etc/nftables.conf nftables In nftables, allow TFTP, NFS, SSH, packages from/to WAN/LAN, and masquerade WAN.
/etc/nfs.conf nfs-utils All settings commented out for nfs.conf.
/etc/resolvconf.conf (base) Assign the local network DNS.
/etc/nsswitch (base?) Should not be necessary to configure.
/root/.ssh/sshd_config openssh Activate service, either systemctl enable sshd.service, which is appropriate for servers with high SSH traffic.
/etc/udev/rules.d/10-network.rules (base) Ensure that the device names are constant, that is, do not change after reboot. On computer with 2 Ethernet devices, booting with Archlinux 4.13.11-1-ARCH, the device names randomly switched between the devices, for example, on boot: dev 1 is eno1, dev 2 is eno2, after reboot: dev 1 became eno2, dev 2 became eno1.
/srv/tftp/netboot/grub/grub.cfg grub grub.cfg

Client

setup description
image Install the OS on an image that is mounted on /srv/os and shared between clients. Changes are copied on write and are on end of session either discarded or saved at a different location.
directory Install one OS on the server /srv/client_x for each served client. A shared OS without CoW (Copy on Write) that is written to by multiple clients causes corruption.
virtualized Install the OS in a virtualized environment, for example, Qemu.
file package configure
~/.ssh/config openssh Configure at least SSH server IP and Port.
/boot/initramfs-linux.nfs.img mkinitcpio-nfs-utils Configure /etc/mkinitcpio.netboot.nfs.conf as described in mkinitcpio nfs, and then rebuild mkinitcpio.
/etc/fstab (base) Declare the NFS root in the fstab.
/etc/hostname (base) The client hostname.
/etc/resolvconf.conf (base) Assign the local network DNS.

Remote desktop

Setup a VNC.

Server

VPS

Expanded from the basic configuration.

Assuming

  • deployment on a minimal, basic or simple plan, where
  • the memory can be upgraded,
  • storage can be added.

The storage is partione in three sections. The swap is stored as a file in order to expand and shrink it as needed.

sda
├─sda1
├─sda2  vfat  FAT32 ESP   abcd-ef01
└─sda4  ext4  1.0   data  01234567-89ab-cdef-0123-456789abcdef  10G  50% /
sdb
└─sdb1  ext4  1.0   data  abcdef01-2345-6789-abcd-ef0123456789  40G  10% /

Install packages for VPS configuration:

  • dhcpcd (# systemctl enable dhcpcd)
  • man-db
  • mc
  • nano
  • ncdu
  • nftables
  • openresolv
  • openssh
  • pacman-contrib
  • rsync (for user admin)

Security

The result of a scan depends on the type of scan. Multiple options may be required for a conclusive result. For example, a reported state of "filtered" indicates that nmap could not determine whether or not the port is open because packet filtering prevents its probes from reaching the port.

  • Scan server for selected open ports nmap <SERVER IP>.
  • Scan server for all open ports nmap -p 0-65535 <SERVER IP>.
  • TCP SYN scan (sS) server with root privilegas # nmap -sS <SERVER IP>
  • UDP scan (sU) server with root privilegas for # nmap -sS <SERVER IP>
  • TCP ACK scan (sA) server with root privilegas # nmap -sS <SERVER IP>

A SYN scan that results in "filtered", which can be because of a firewall.

  • Attempt to determine the status of the port nmap -sV <SERVER IP> or nmap -A <SERVER IP>
  • Attempt to bypass the firewall nmap --tcp-flags SYN,FIN <SERVER IP>

Xorg

Expanded from the basic configuration.

file package configure
/etc/X11/xorg.conf.d/00-keyboard.conf (xorg) Configure input devices: keyboard.

General installation upgrade

Careful, read all instructions before upgrade:

Custom mkinitcpio

If Linux boot depends on a custom initramfs image, then manually update the mkinitcpio accordingly before restarting the system after system upgrade.

timedatectl

Observed from 4.14.15-1-ARCH upgrade 4.15.9-1-ARCH to 4.17.2-1-ARCH. The System clock synchronized and systemd-timesyncd.service active is set to no.

$ timedatectl status
                      Local time: Tue 2018-07-03 23:28:44 UTC
                  Universal time: Tue 2018-07-03 23:28:44 UTC
                        RTC time: Tue 2018-07-03 23:28:44
                       Time zone: UTC (UTC, +0000)
       System clock synchronized: no
systemd-timesyncd.service active: no
                 RTC in local TZ: no

Re-adjust the system clock # timedatectl set-ntp true.

Debug

If problems occur at the boot up stage then add the arguments debug amd ignore_loglevel to the linux parameter in grub.cfg.

Error, problem, troubleshoot

Event Error Cause Consequence Remedy
pacman -S <package> [package]: signature from "[developer] <developer>" is unknown trust Update archlinux certificates # pacman -Sy archlinux-keyring.
pacman -S <package> error: lib__: signature from "Author <[email protected]>" is unknown truest
FIile /var/cache/pacman/pkg/lib__.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)) 		Update archlinux certificates # pacman -Sy archlinux-keyring.
pacman -S <package> error: failed to init transaction (unable to lock database)
error: could not lock database: File exists
if you're sure a package manager is not already running, you can remove /var/lib/pacman/db.lck 		Remove file rm /var/lib/pacman/db.lck.
pacman -Syu Failed to sync all databases (unable to lock database) Database corruption or failure to close the database. For example, due to power failure during system update. Cannot resume update rm /var/lib/pacman/db.lck
checking keys in keyring
downloading required keys... 		error: key "CEB167EFB5722BD6" could not be looked up remotely
error: required key missing from keyring
error: failed to commit transaction (unexpected error)
Errors occurred, no packages were upgraded. 		Update archlinux certificates # pacman -Sy archlinux-keyring.
pacman pacman error: duplicated database entry ... Two or more packages are stored in /var/lib/pacman/local/ Remove the older packages rm -r /var/lib/pacman/local/<PACKAGE>
pacman <PACKADE> ... exist on filesystem pacman -S --overwrite \* <PACKAGE NAME>
Pacman error: failed to commit transaction (conflicting files) Errors occurred, no packages were upgraded. "Failed to commit transaction (conflicting files)" error

[back to top]

⚠️ **GitHub.com Fallback** ⚠️