Project

General

Profile

Support #410

Updated by Daniel Curtis over 10 years ago

Now that I have made the switch to Arch Linux more permanently, I decided to run through how I set my laptop up. The primary hard drive consists of 3 partitions: 
 * Windows XP (Dummy OS) 
 * Arch / (root) 
 * Arch /home (home) 

 The Windows partition installs its bootloader on the primary hard drive. The intention is to have the Arch boot off of a USB drive, but will only boot into Windows if the drive is not present.  

 The general software load out consists of: 
 * *VirtualBox w/ Guest Additions*: Virtual computing software 
 * *LibreOffice*: Office suite 
 * *TrueCrypt*: High-grade encryption tool 
 * *Windows Network Browsing*: For connecting to Windows shares 
 * *Firefox*: Web browser 
 * *Thunderbird*: Mail client 
 * *ownCloud Client*: Personal cloud client 
 * *Pidgin*: Instant messaging client 
 * *Chromium*: Open Source Chrome web 
 * *BleachBit*: Browser, mail, application cleaning application 
 * *GIMP*: Image editing 
 * *Filezilla*: FTP/SFTP Client 
 * *git*: Source code management 
 * *KeePass2*: Password management 
 * *VLC*: Media player 
 * *Flash*: Closed source media and content plugin 
 * *Arduino*: Arduino Integrated Development Environment 
 * *Fritzing*: Prototyping software 
 * *PlayOnLinux*: Front-end to Wine 
 * *Steam*: Digital gaming distributor 
 * *Komodo Edit*: Open Source IDE 
 * *HuluDesktop*: Hulu client 

 h2. Preparing the two partitions  

 I decided to use LUKS on both the root and home partitions. 

 * Format the partitions, if any custom options are wanted, this is where you would specify them.: 
 <pre> 
 cryptsetup luksFormat /dev/sdb5 
 cryptsetup luksFormat /dev/sdb6 
 </pre> 
 *# *NOTE*: This will prompt you for a passphrase to use for encrypting the partition. If I were truly paranoid I would use a keyfile with the @-d@ flag and generate a 1K random keyfile: 
 <pre> 
 dd if=/dev/urandom of=/path/to/keyfile bs=1K 
 </pre>  

 * Now map open the LUKS partition to tad them to the device mapper: 
 <pre> 
 cryptsetup luksOpen /dev/sdb5 root 
 cryptsetup luksOpen /dev/sdb6 home 
 </pre> 

 * Next, create the filesystem for the containers. I chose BTRFS, though the choice in filesystem is user-preferential; I would like to try ZFS at some point.  
 <pre> 
 mkfs.btrfs /dev/mapper/root 
 mkfs.btrfs /dev/mapper/home 
 </pre> 

 * Mount the new encrypted partitions: 
 <pre> 
 mount /dev/mapper/root /mnt 
 mkdir /mnt/home 
 mkdir /mnt/boot 
 mount /dev/mapper/home /mnt/home 
 </pre> 

 h2. Prepare the USB bootloader 

 This is one layer in my defense-in-depth, needing a USB with the bootloader installed onto. If I were a tad more paranoid, I would include the usage of a keyfile. 

 I usually add a 512MB ext4 partition to the beginning of a USB drive, this will be enough room for a few kernels. Using cfdisk will simplify the task: 
 <pre> 
 cfdisk /dev/sdc 
 </pre> 

 * Once the partition is created and formatted to the appropriate filesystem, mount the USB drive to the installation path /boot folder: 
 <pre> 
 mount /dev/sdc1 /mnt/boot 
 </pre> 

 h2. Install the base system 

 * Now its time to install the base system: 
 <pre> 
 pacstrap /mnt base grub 
 </pre> 

 * Generate an fstab: 
 <pre> 
 genfstab -p /mnt >> /mnt/etc/fstab 
 </pre> 

 * chroot into the newly installed system: 
 <pre> 
 arch-chroot /mnt 
 </pre> 

 * Write your hostname to /etc/hostname: 
 <pre> 
 echo 'archdev' >> /etc/hostname 
 </pre> 

 * Symlink /etc/localtime to /usr/share/zoneinfo/Zone/SubZone: 
 <pre> 
 ln -s /usr/share/zoneinfo/America/Los_angeles /etc/localtime 
 </pre> 

 * Uncomment the selected locale in /etc/locale.gen and generate it with: 
 <pre> 
 vi /etc/locale.gen 
 :%s/#en_US.UTF-8/en_US.UTF-8 
 :wq 
 locale-gen 
 </pre> 

 * Configure @/etc/mkinitcpio.conf@ as needed and create an initial RAM disk with: 
 <pre> 
 mkinitcpio -p linux 
 </pre> 
 *# *NOTE*: Make site to add the *_encrypt_* word to the mkinitcpio.conf +HOOKS+ section: 
 > HOOKS="... encrypt ... filesystems ..." 

 * Set a root password: 
 <pre> 
 passwd 
 </pre> 

 * Configure the network again for newly installed environment: 
 <pre> 
 cp /etc/netctl/examples/ethernet-dhcp /etc/netctl/wired 
 netctl enable wired.service 
 </pre> 

 * Add the encrypted mapping to @/etc/crypttab@: 
 > home       /dev/mapper/home 

 h2. Install the bootloader 

 * Before installing the booloader to the USB drive, the bootloader must be configured for the encrypted root partition. This can be done by making the following modification to @/etc/default/grub@: 
 > GRUB_CMDLINE_LINUX_DEFAULT="root=/dev/mapper/root cryptdevice=/dev/sda5:root quiet" 

 * Now install GRUB onto the USB drive: 
 <pre> 
 grub-install --target=i386-pc --recheck --debug /dev/sdc 
 grub-mkconfig -o /boot/grub/grub.cfg 
 </pre> 

 h2. Exit the install environment and reboot 

 At this point the system will be bootable from the USB drive. Exit and reboot the out of the installation environment: 
 <pre> 
 exit 
 umount /mnt/home 
 umount /mnt/boot 
 umount /mnt 
 reboot 
 </pre> 

 h2. Install a desktop environment 

 There are many choices for desktop environments, I went through a few before I returned to my favorite (LXDE). Here are a few popular ones just for reference: 

 * GNOME 
 <pre> 
 pacman -S gnome 
 systemctl enable gdm.service 
 systemctl start gdm.service 
 </pre> 

 * KDE 
 <pre> 
 pacman -S kde 
 systemctl enable kdm.service 
 systemctl start kdm.sercice 
 </pre> 

 * XFCE 
 <pre> 
 pacman -S xfce4 xorg xorg-xinit 
 echo 'exec startxfce4' >> ~/.xinitrc 
 startx 
 </pre> 

 * LXDE 
 <pre> 
 pacman -S lxde xorg xorg-xinit 
 echo 'exec startlxde' >> ~/.xinitrc 
 startx 
 </pre> 

 h2. Add an administrator user 

 It is generally a good idead not to run command directly as root, but rather as an administrative user using the sudo wrapper command.  

 * First install sudo: 
 <pre> 
 pacman -S sudo 
 </pre> 

 And create a user: 
 * <pre> 
 useradd -m -g users -s /bin/bash bob 
 </pre> 

 * Add bob to the sudoers file: 
 <pre> 
 visudo 
 </pre> 
 > bob ALL=(ALL) ALL 

 h2. Install the packages 

 * For the packages I require through the Arch repositories, I will just run with one command: 
 <pre> 
 sudo pacman -S chromium firefox thunderbird pidgin virtualbox libreoffice truecrypt bleachbit gimp filezilla keepass vlc base-devel git wget playonlinux steam flashplugin 
 </pre> 

 * For the packages I require through the AUR, I need to download the compressed PKGBUILD files and compile each package from source: 
 <pre> 
 mkdir ~/src && cd ~/src 
 </pre> 
 # adduser-deb (I come from a Debian background, so this is just aesthetic) 
 <pre> 
 wget https://aur.archlinux.org/packages/ad/adduser-deb/adduser-deb.tar.gz 
 tar xzf adduser-deb.tar.gz 
 cd adduser-deb 
 makepkg -s PKGBUILD 
 sudo pacman -U adduser-deb*.xz 
 </pre> 
 # qtkeychain-git (This is a dependency for the ownCloud client) 
 <pre> 
 wget https://aur.archlinux.org/packages/qt/qtkeychain-git/qtkeychain-git.tar.gz 
 tar xzf qtkeychain-git.tar.gz 
 cd qtkeychain-git 
 makepkg -s PKGBUILD 
 sudo pacman -U qtkeychain-git*.xz 
 </pre> 
 # caffeine-systray 
 <pre> 
 wget https://aur.archlinux.org/packages/ca/caffeine-systray/caffeine-systray.tar.gz 
 tar xzf caffeine-systray.tar.gz 
 cd caffeine-systray 
 makepkg -s PKGBUILD 
 sudo pacman -U caffeine-systray*.xz 
 </pre> 
 # owncloud-client 
 <pre> 
 wget https://aur.archlinux.org/packages/ow/owncloud-client/owncloud-client.tar.gz 
 tar xzf owncloud-client.tar.gz 
 cd owncloud-client 
 makepkg -s PKGBUILD 
 sudo pacman -U owncloud-client*.xz 
 </pre> 
 # fritzing 
 <pre> 
 wget https://aur.archlinux.org/packages/fr/fritzing/fritzing.tar.gz 
 tar xzf fritzing.tar.gz 
 cd fritzing 
 makepkg -s PKGBUILD 
 sudo pacman -U fritzing*.xz 
 </pre> 
 # arduino 
 <pre> 
 wget https://aur.archlinux.org/packages/ar/arduino/arduino.tar.gz 
 tar xzf arduino.tar.gz 
 cd fritzing 
 makepkg -s PKGBUILD 
 sudo pacman -U arduino*.xz 
 </pre> 
 # komodo-edit 
 <pre> 
 wget https://aur.archlinux.org/packages/ko/komodo-edit/komodo-edit.tar.gz 
 tar xzf komodo-edit.tar.gz 
 cd komodo-edit 
 makepkg -s PKGBUILD 
 sudo pacman -U komodo-edit*.xz 
 </pre> 
 # huludesktop 
 <pre> 
 wget https://aur.archlinux.org/packages/hu/huludesktop/huludesktop.tar.gz 
 tar xzf huludesktop 
 cd huludesktop 
 makepkg -s PKGBUILD 
 sudo pacman -U huludesktop 
 </pre> 

 h3. NOTE: Intel Galileo uses a different Arduino IDE 

 Since I am developing on the Intel Galileo, I needed to grab Intel's IDE from https://communities.intel.com/docs/DOC-22226 

 Building the above arduino package from the AUR may resolve issues if there are any problems installing the Intel version of the arduino IDE. 

 h3. NOTE: Arduino and Galileo users must be added to the lock and uucp groups 

 The arduino board communicates with the computer via a serial connection or a serial over USB connection. So the user needs read/write access to the serial device file. Udev creates files in @/dev/tts/@ owned by group uucp so adding the user to the uucp group gives the required read/write access: 
 <pre> 
 gpasswd -a $USER uucp 
 gpasswd -a $USER lock 
 </pre> 

 Note: You will have to logout and login again for this to take effect. 

 The arduino board appears as /dev/ttyACMx so if the above doesn't work try adding the user to the group tty: 
 <pre> 
 gpasswd -a $USER tty 
 </pre> 

 Before uploading to the Arduino, be sure to set the correct serial port, board, and processor from the Tools menu.  

 h3. Fix the corrupt text with Steam 

 Steam needs to have its own fonts, this can be installed by doing the following: 
 <pre> 
 mkdir ~/SteamFonts && cd ~/SteamFonts 
 wget https://support.steampowered.com/downloads/1974-YFKL-4947/SteamFonts.zip 
 unzip SteamFonts.zip 
 sudo cp * /usr/share/fonts/TTF/ 
 sudo chown -R root.root /usr/share/fonts/TTF/ 
 </pre>

Back