Support #410
Updated by Daniel Curtis over 10 years ago
Now that I have made the switch to Arch Linux more permanently, I decided to run through how I set my laptop up. The primary hard drive consists of 3 partitions: * Windows XP (Dummy OS) * Arch / (root) * Arch /home (home) The Windows partition installs its bootloader on the primary hard drive. The intention is to have the Arch boot off of a USB drive, but will only boot into Windows if the drive is not present. The general software load out consists of: * *VirtualBox w/ Guest Additions*: Virtual computing software * *LibreOffice*: Office suite * *TrueCrypt*: High-grade encryption tool * *Windows Network Browsing*: For connecting to Windows shares * *Firefox*: Web browser * *Thunderbird*: Mail client * *ownCloud Client*: Personal cloud client * *Pidgin*: Instant messaging client * *Chromium*: Open Source Chrome web * *BleachBit*: Browser, mail, application cleaning application * *GIMP*: Image editing * *Filezilla*: FTP/SFTP Client * *git*: Source code management * *KeePass2*: Password management * *VLC*: Media player * *Flash*: Closed source media and content plugin * *Arduino*: Arduino Integrated Development Environment * *Fritzing*: Prototyping software h2. Preparing the two partitions I decided to use LUKS on both the root and home partitions. * Format the partitions, if any custom options are wanted, this is where you would specify them.: <pre> cryptsetup luksFormat /dev/sdb5 cryptsetup luksFormat /dev/sdb6 </pre> NOTE: This will prompt you for a passphrase to use for encrypting the partition. If I were truly paranoid I would use a keyfile with the @-d@ flag and generate a 1K random keyfile: <pre> dd if=/dev/urandom of=/path/to/keyfile bs=1K </pre> * Now map open the LUKS partition to tad them to the device mapper: <pre> cryptsetup luksOpen /dev/sdb5 root cryptsetup luksOpen /dev/sdb6 home </pre> * Next, create the filesystem for the containers. I chose BTRFS, though the choice in filesystem is user-preferential; I would like to try ZFS at some point. <pre> mkfs.btrfs /dev/mapper/root mkfs.btrfs /dev/mapper/home </pre> * Mount the new encrypted partitions: <pre> mount /dev/mapper/root /mnt mkdir /mnt/home mkdir /mnt/boot mount /dev/mapper/home /mnt/home </pre> h2. Prepare the USB bootloader This is one layer in my defense-in-depth, needing a USB with the bootloader installed onto. If I were a tad more paranoid, I would include the usage of a keyfile. I usually add a 512MB ext4 partition to the beginning of a USB drive, this will be enough room for a few kernels. Using cfdisk will simplify the task. * Once the partition is created and formatted to the appropriate filesystem, mount the USB drive to the installation path /boot folder: <pre> mount /dev/sdc1 /mnt/boot </pre> h2. Install the base system * Now its time to install the base system: <pre> pacstrap /mnt base grub </pre> * Generate an fstab: <pre> genfstab -p /mnt >> /mnt/etc/fstab </pre> * chroot into the newly installed system: <pre> arch-chroot /mnt </pre> * Write your hostname to /etc/hostname: <pre> echo 'archdev' >> /etc/hostname </pre> * Symlink /etc/localtime to /usr/share/zoneinfo/Zone/SubZone: <pre> ln -s /usr/share/zoneinfo/America/Los_angeles /etc/localtime </pre> * Uncomment the selected locale in /etc/locale.gen and generate it with: <pre> locale-gen </pre> * Configure @/etc/mkinitcpio.conf@ as needed and create an initial RAM disk with: <pre> mkinitcpio -p linux </pre> NOTE: Make site to add the *_encrypt_* word to the mkinitcpio.conf +HOOKS+ section: > HOOKS="... encrypt ... filesystems ..." * Set a root password: <pre> passwd </pre> * Configure the network again for newly installed environment: <pre> cp /etc/netctl/examples/ethernet-dhcp /etc/netctl/wired netctl enable wired.service </pre> Add the encrypted mapping to @/etc/crypttab@: > home /dev/mapper/home h2. Install the bootloader * Before installing the booloader to the USB drive, the bootloader must be configured for the encrypted root partition. This can be done by making the following modification to @/etc/default/grub@: > GRUB_CMDLINE_LINUX_DEFAULT="root=/dev/mapper/root cryptdevice=/dev/sda5:root quiet" * Now install GRUB onto the USB drive: <pre> grub-install --target=i386-pc --recheck --debug /dev/sdc grub-mkconfig -o /boot/grub/grub.cfg </pre> h2. Exit the install environment and reboot At this point the system will be bootable from the USB drive. Exit and reboot the out of the installation environment: <pre> exit umount /mnt/home umount /mnt/boot umount /mnt reboot </pre> h2. Install a desktop environment There are many choices for desktop environments, I went through a few before I returned to my favorite (LXDE). Here are a few popular ones just for reference: * GNOME <pre> pacman -S gnome systemctl enable gdm.service systemctl start gdm.service </pre> * KDE <pre> pacman -S kde systemctl enable kdm.service systemctl start kdm.sercice </pre> * XFCE <pre> pacman -S xfce4 echo 'exec startxfce4' >> ~/.xinitrc startx </pre> * LXDE <pre> pacman -S lxde echo 'exec startlxde' >> ~/.xinitrc startx </pre> h2. Add an administrator user It is generally a good idead not to run command directly as root, but rather as an administrative user using the sudo wrapper command. * First install sudo: <pre> pacman -S sudo </pre> And create a user: * <pre> useradd -m -g users -s /bin/bash bob </pre> * Add bob to the sudoers file: <pre> visudo </pre> > bob ALL=(ALL) ALL h2. Install the packages * For the packages I require through the Arch repositories, I will just run with one command: <pre> sudo pacman -S chromium firefox thunderbird pidgin virtualbox libreoffice truecrypt bleachbit gimp filezilla keepass vlc base-devel git </pre> * For the packages I require through the AUR, I need to download the compressed PKGBUILD files and compile each package from source: <pre> mkdir ~/src && cd ~/src </pre>