Project

General

Profile

Support #410

Updated by Daniel Curtis over 10 years ago

Now that I have made the switch to Arch Linux more permanently, I decided to run through how I set my laptop up. The primary hard drive consists of 3 partitions: 
 * Windows XP (Dummy OS) 
 * Arch / (root) 
 * Arch /home (home) 

 The Windows partition installs its bootloader on the primary hard drive. The intention is to have the Arch boot off of a USB drive, but will only boot into Windows if the drive is not present.  

 The general software load out consists of: 
 * *VirtualBox w/ Guest Additions*: Virtual computing software 
 * *LibreOffice*: Office suite 
 * *TrueCrypt*: High-grade encryption tool 
 * *Windows Network Browsing*: For connecting to Windows shares 
 * *Firefox*: Web browser 
 * *Thunderbird*: Mail client 
 * *ownCloud Client*: Personal cloud client 
 * *Pidgin*: Instant messaging client 
 * *Chromium*: Open Source Chrome web 
 * *BleachBit*: Browser, mail, application cleaning application 
 * *GIMP*: Image editing 
 * *Filezilla*: FTP/SFTP Client 
 * *git*: Source code management 
 * *KeePass2*: Password management 
 * *VLC*: Media player 
 * *Flash*: Closed source media and content plugin 
 * *Arduino*: Arduino Integrated Development Environment 
 * *Fritzing*: Prototyping software 

 h2. Preparing the two partitions  

 I decided to use LUKS on both the root and home partitions. 

 * Format the partitions, if any custom options are wanted, this is where you would specify them.: 
 <pre> 
 cryptsetup luksFormat /dev/sdb5 
 cryptsetup luksFormat /dev/sdb6 
 </pre> 
 NOTE: This will prompt you for a passphrase to use for encrypting the partition. If I were truly paranoid I would use a keyfile with the @-d@ flag and generate a 1K random keyfile: 
 <pre> 
 dd if=/dev/urandom of=/path/to/keyfile bs=1K 
 </pre>  

 * Now map open the LUKS partition to tad them to the device mapper: 
 <pre> 
 cryptsetup luksOpen /dev/sdb5 root 
 cryptsetup luksOpen /dev/sdb6 home 
 </pre> 

 * Next, create the filesystem for the containers. I chose BTRFS, though the choice in filesystem is user-preferential; I would like to try ZFS at some point.  
 <pre> 
 mkfs.btrfs /dev/mapper/root 
 mkfs.btrfs /dev/mapper/home 
 </pre> 

 * Mount the new encrypted partitions: 
 <pre> 
 mount /dev/mapper/root /mnt 
 mkdir /mnt/home 
 mkdir /mnt/boot 
 mount /dev/mapper/home /mnt/home 
 </pre> 

 h2. Prepare the USB bootloader 

 This is one layer in my defense-in-depth, needing a USB with the bootloader installed onto. If I were a tad more paranoid, I would include the usage of a keyfile. 

 I usually add a 512MB ext4 partition to the beginning of a USB drive, this will be enough room for a few kernels. Using cfdisk will simplify the task. 

 * Once the partition is created and formatted to the appropriate filesystem, mount the USB drive to the installation path /boot folder: 
 <pre> 
 mount /dev/sdc1 /mnt/boot 
 </pre> 

 h2. Install the base system 

 * Now its time to install the base system: 
 <pre> 
 pacstrap /mnt base grub 
 </pre> 

 * Generate an fstab: 
 <pre> 
 genfstab -p /mnt >> /mnt/etc/fstab 
 </pre> 

 * chroot into the newly installed system: 
 <pre> 
 arch-chroot /mnt 
 </pre> 

 * Write your hostname to /etc/hostname: 
 <pre> 
 echo 'archdev' >> /etc/hostname 
 </pre> 

 * Symlink /etc/localtime to /usr/share/zoneinfo/Zone/SubZone: 
 <pre> 
 ln -s /usr/share/zoneinfo/America/Los_angeles /etc/localtime 
 </pre> 

 * Uncomment the selected locale in /etc/locale.gen and generate it with: 
 <pre> 
 locale-gen 
 </pre> 

 * Configure @/etc/mkinitcpio.conf@ as needed and create an initial RAM disk with: 
 <pre> 
 mkinitcpio -p linux 
 </pre> 
 NOTE: Make site to add the *_encrypt_* word to the mkinitcpio.conf +HOOKS+ section: 
 > HOOKS="... encrypt ... filesystems ..." 

 * Set a root password: 
 <pre> 
 passwd 
 </pre> 

 * Configure the network again for newly installed environment: 
 <pre> 
 cp /etc/netctl/examples/ethernet-dhcp /etc/netctl/wired 
 netctl enable wired.service 
 </pre> 

 Add the encrypted mapping to @/etc/crypttab@: 
 > home       /dev/mapper/home 

 h2. Install the bootloader 

 * Before installing the booloader to the USB drive, the bootloader must be configured for the encrypted root partition. This can be done by making the following modification to @/etc/default/grub@: 
 > GRUB_CMDLINE_LINUX_DEFAULT="root=/dev/mapper/root cryptdevice=/dev/sda5:root quiet" 

 * Now install GRUB onto the USB drive: 
 <pre> 
 grub-install --target=i386-pc --recheck --debug /dev/sdc 
 grub-mkconfig -o /boot/grub/grub.cfg 
 </pre> 

 h2. Exit the install environment and reboot 

 At this point the system will be bootable from the USB drive. Exit and reboot the out of the installation environment: 
 <pre> 
 exit 
 umount /mnt/home 
 umount /mnt/boot 
 umount /mnt 
 reboot 
 </pre> 

 h2. Install a desktop environment 

 There are many choices for desktop environments, I went through a few before I returned to my favorite (LXDE). Here are a few popular ones just for reference: 

 * GNOME 
 <pre> 
 pacman -S gnome 
 systemctl enable gdm.service 
 systemctl start gdm.service 
 </pre> 

 * KDE 
 <pre> 
 pacman -S kde 
 systemctl enable kdm.service 
 systemctl start kdm.sercice 
 </pre> 

 * XFCE 
 <pre> 
 pacman -S xfce4 
 echo 'exec startxfce4' >> ~/.xinitrc 
 startx 
 </pre> 

 * LXDE 
 <pre> 
 pacman -S lxde 
 echo 'exec startlxde' >> ~/.xinitrc 
 startx 
 </pre> 

 h2. Add an administrator user 

 It is generally a good idead not to run command directly as root, but rather as an administrative user using the sudo wrapper command.  

 * First install sudo: 
 <pre> 
 pacman -S sudo 
 </pre> 

 And create a user: 
 * <pre> 
 useradd -m -g users -s /bin/bash bob 
 </pre> 

 * Add bob to the sudoers file: 
 <pre> 
 visudo 
 </pre> 
 > bob ALL=(ALL) ALL 

 h2. Install the packages 

 * For the packages I require through the Arch repositories, I will just run with one command: 
 <pre> 
 sudo pacman -S chromium firefox thunderbird pidgin virtualbox libreoffice truecrypt bleachbit gimp filezilla keepass vlc base-devel git 
 </pre> 

 * For the packages I require through the AUR, I need to download the compressed PKGBUILD files and compile each package from source: 
 <pre> 
 mkdir ~/src && cd ~/src 
 </pre> 

Back