1. Arch Linux Installation - iWas-Coder/Pingu Wiki

<-- Home

This document is a guide for installing Arch Linux using the live system booted from an installation medium made from an official installation image. This guide was adapted from the official documentation.

Table of contents

  1. Initial checks and optional steps
  2. Drive Partitioning and Formatting
  3. Partition Mounting
  4. Base Packages Installation
  5. Fstab File Generation
  6. Chroot-ing to root partition
  7. Swap file
  8. Users and Groups
  9. sudo Configuration
  10. Region Configuration
  11. Network Configuration
  12. Initramfs Regeneration
  13. GRUB Installation
  14. Multilib and BlackArch Repositories
  15. Change to normal user
  16. AUR Helper Installation

Initial checks and optional steps

Increase the font size (doubles the height and width), if necessary:

setfont -d

Set the corresponding keymap (us, es, etc.), if necessary.

loadkeys <KEYMAP>

Check if Internet works properly.

ping -c 1 google.es

Enable NTP to ensure the system clock is accurate.

timedatectl set-ntp true

Drive Partitioning and Formatting

Wiping and cleaning

If you wish to wipe and fully clean a specific drive, you can do the following:

dd if=/dev/zero of=/dev/<DRIVE> bs=1M status=progress

This would effectively write over the entire drive with ASCII code 0x00 characters. At this point, the chances for recovering any data would be almost hopeless to most data recovering techniques.

Depending on the size of the disk, it can take a good amount of time, be patient :)

Partitioning

List all available drives with lsblk. As an example, the primary NVMe drive would appear as nvme0n1 (drive 0; namespace 1).

cfdisk /dev/nvme0n1
Partition Number Partition label Partition type Expected mountpoint Size
1 EFI EFI System -> FAT32 /boot/EFI 512M
2 BOOT Linux filesystem -> EXT4 /boot 512M
3 ROOT Linux filesystem -> LUKS / REST
cfdisk /dev/nvme1n1
Partition Number Partition label Partition type Expected mountpoint Size
1 HOME Linux filesystem -> LUKS /home ALL

Encrypting

Next, we have to encrypt both the ROOT and HOME partitions, using the kernel module dm-crypt. We will be using the cryptsetup tool.

To encrypt the ROOT and HOME partitions, do:

# ROOT partition
cryptsetup luksFormat -v -c aes-xts-plain64 -h sha512 -s 512 --use-random -i 5000 /dev/nvme0n1p3
# HOME partition
cryptsetup luksFormat -v -c aes-xts-plain64 -h sha512 -s 512 --use-random -i 5000 /dev/nvme1n1p1

Once the LUKS partitions have been created, they can then be unlocked. The unlocking process will map the partitions to a new device name using the device mapper. This alerts the kernel that a certain device is actually an encrypted device and should be addressed through LUKS using the /dev/mapper/<NAME> so as not to overwrite the encrypted data. In order to open both ROOT and HOME encrypted LUKS partitions do:

# ROOT partition
cryptsetup open /dev/nvme0n1p3 cryptroot
# HOME partition
cryptsetup open /dev/nvme1n1p1 crypthome

In order to write encrypted data into the partition it must be accessed through the device mapped name. The first step of access will typically be to create a file system. In this case, we need to format 4 partitions in total (EFI, BOOT, ROOT and HOME):

  • EFI partition
mkfs.fat -F 32 -n EFI /dev/nvme0n1p1
  • BOOT partition
mkfs.ext4 -L BOOT /dev/nvme0n1p2
  • ROOT partition
mkfs.ext4 -L ROOT /dev/mapper/cryptroot
  • HOME partition
mkfs.ext4 -L HOME /dev/mapper/crypthome

Partition Mounting

In order to setup correctly our system, it is important to configure the mountpoint for each accessible partition (EFI, BOOT, ROOT and HOME):

mount -L ROOT /mnt
mount --mkdir -L BOOT /mnt/boot
mount --mkdir -L EFI /mnt/boot/EFI
mount --mkdir -L HOME /mnt/home

Base Packages Installation

Use the pacstrap script to install all needed and desired packages available.

pacstrap /mnt base base-devel linux linux-firmware amd-ucode|intel-ucode grub efibootmgr \
exfatprogs dosfstools mtools ntfs-3g sudo zsh git vim

Fstab File Generation

Generate an fstab file.

genfstab -U /mnt > /mnt/etc/fstab

Chroot-ing to root partition

Change root into the new system.

arch-chroot /mnt

Swap file

Linux divides its physical RAM (random access memory) into chunks of memory called pages. Swapping is the process whereby a page of memory is copied to the preconfigured space on the hard disk, called swap space, to free up that page of memory. The combined sizes of the physical memory and the swap space is the amount of virtual memory available. Support for swap is provided by the Linux kernel and user-space utilities from the util-linux package.

As an alternative to creating an entire partition, a swap file offers the ability to vary its size on-the-fly, and is more easily removed altogether. Use dd to create a swap file the size of your choosing:

dd if=/dev/zero of=/swapfile bs=1M count=8192 status=progress

Set the right permissions (a world-readable swap file is a huge local vulnerability):

chmod 600 /swapfile

After creating the correctly sized file, format it to swap and activate it (check if all good with swapon --show):

mkswap -U clear -L SWAP /swapfile
swapon /swapfile
swapon --show

Finally, edit the fstab configuration to add an entry for the swap file:

echo "/swapfile none swap defaults 0 0" >> /etc/fstab

Users and Groups

Set a root password.

passwd

Create a new user with its home directory.

useradd -m -c "<FULL_NAME>" <USER>
passwd <USER>
usermod -aG wheel <USER>

Set the default shell for the created user and root.

usermod --shell /usr/bin/zsh root
usermod --shell /usr/bin/zsh <USER>

Create basic folders for the user's home:

mkdir /home/<USER>/{downloads,content}
chown <USER>:<USER> /home/<USER>

sudo Configuration

Open file /etc/sudoers and uncomment this line: %wheel ALL=(ALL:ALL) ALL.

Region Configuration

We have to set our specific timezone, in this case Europe/Madrid (feel free to select the one that suits your setup the most). Also, we run hwclock to generate /etc/adjtime:

ln -s /usr/share/zoneinfo/Europe/Madrid /etc/localtime
hwclock --systohc

Open file /etc/locale.gen and uncomment this line (feel free to select the ones that suits your setup the most):

  • en_US.UTF-8 UTF-8

Then, we generate the selected locales, we set a default one, and we set a default keymap for the console:

locale-gen

echo "LANG=en_US.UTF-8" > /etc/locale.conf
echo -e "KEYMAP=us" > /etc/vconsole.conf

Network Configuration

We have to set a hostname for the system, feel free to select one that suits your system :)

echo "hostname" > /etc/hostname

Create file /etc/hosts:

127.0.0.1    localhost
::1          localhost
127.0.0.1    hostname.example.com hostname

Create network profile as the file /etc/systemd/network/<NAME>.network. Replace <NAME> with your preferred network profile name. The file must follow this structure:

[Match]
Name=<ADAPTER_NAME>

[Network]
Address=<IP_ADDRESS>/<NET_MASK>
Gateway=<GATEWAY_IP>
DNS=<DNS-1_IP>
DNS=<DNS-2_IP>

If wanted to use DHCP instead of a static configuration, the file must follow this structure:

[Match]
Name=<ADAPTER_NAME>

[Network]
DHCP=ipv4

Also, we should create the file /etc/resolv.conf for handling the domain name resolution a little more in depth:

nameserver <DNS-1_IP>
nameserver <DNS-2_IP>
search <DOMAIN_LIST>

Initramfs regeneration

The initial RAM disk (initrd) is an initial root file system that is mounted prior to when the real root file system is available. The initrd is bound to the kernel and loaded as part of the kernel boot procedure. Initramfs is used as the first root filesystem that your machine has access to. It is used for mounting the real rootfs which has all your data. The initramfs carries the modules needed for mounting your rootfs.

mkinitcpio is a bash script used to create an initial ramdisk environment. We have to change the hooks list inside its configuration file (/etc/mkinitcpio.conf) before we regenerate it:

HOOKS=(base systemd autodetect keyboard sd-vconsole modconf block sd-encrypt filesystems fsck)

To regenerate the image do:

mkinitcpio -P

GRUB Installation

GRUB  (GRand Unified Bootloader) is a boot loader. The current GRUB is also referred to as GRUB 2. Execute the following command to install the GRUB EFI application grubx64.efi and install its modules to /boot/grub/x86_64-efi/:

grub-install --target=x86_64-efi --bootloader-id=grub_uefi --recheck

After the above installation completed, the main GRUB directory is located at /boot/grub/.

Multilib and BlackArch Repositories

Multilib

Multilib is an official repository that contains 32-bit software and libraries that can be used to run and build 32-bit applications on 64-bit installs (e.g. wine, steam, etc). With the multilib repository enabled, the 32-bit compatible libraries are located under /usr/lib32/.

Open file /etc/pacman.conf with sudo privileges and uncomment the [multilib] section to enable this repository.

[multilib]
Include = /etc/pacman.d/mirrorlist

Then, update all repositories with:

sudo pacman -Sy

BlackArch

BlackArch is a penetration testing distribution based on Arch Linux that provides a large amount of cyber security tools. It is an open-source distro created specially for penetration testers and security researchers. The repository contains more than 2800 tools that can be installed individually or in groups.

We can enable its repositories with the following command (AS ROOT!!!) (feel free to read the script before executing with curl -s -X GET "https://blackarch.org/strap.sh" | less):

curl -s -X GET "https://blackarch.org/strap.sh" | bash

If it shows a trust problem with a signature (e.g. error: blackarch: signature from "Levon 'noptrix' Kayan (BlackArch Developer) <[email protected]>" is unknown trust), then the key (signature) should be signed locally by doing:

pacman-key --lsign-key [email protected]

Then, update all repositories with:

sudo pacman -Sy

Upgrade the system

With that done, it should be enabled both the multilib and the blackarch package repositories. To continue, it is best to update all package repositories and upgrade all system packages with:

sudo pacman -Syu

Change to normal user

su <USER>

It will prompt you with the Z-Shell configuration wizard, just type q to quit and do nothing for now. We will configure the ZSH shell with the Pingu script further on.

We will change directory to ~/content, this is where we are going to work from:

cd ~/content

AUR Helper Installation

The Arch User Repository (AUR) is a community-driven repository for Arch users. It contains package descriptions (PKGBUILDs) that allow you to compile a package from source with makepkg and then install it via pacman. The AUR was created to organize and share new packages from the community and to help expedite popular packages inclusion into the community repository.

In order to automate the installation of AUR packages, it is recommended to install an AUR helper (an example built in Rust is paru; an example built in Go is yay; both are great :D). For instance, to install yay we do:

git clone "https://aur.archlinux.org/yay-git"
cd yay-git
makepkg -si
cd ..
rm -rf yay-git

The installation medium can be unplugged now, enter the BIOS and boot from the GRUB partition configured earlier. Note that the GRUB theme it is not applied yet, we will need to regenerate the GRUB config file once logged in.

Continue to the Post Installation section to see the first post-installation steps.

⚠️ **GitHub.com Fallback** ⚠️