Install Arch Linux
13 Feb 2022
Thankfully, there are a few walk-throughs on how to install Arch Linux. This one was particularly helpful for me, but I made a few modifications. I have an old ThinkPad X250 kicking around that I wanted to try Arch on, so that's the hardware I use in this example. It is capable of UEFI boot.
The actual Arch download page is a bit confusing, but just scroll to the bottom of the page and click on a download mirror that is closest to you. I downloaded my Arch Linux ISO from http://mirrors.mit.edu/archlinux/iso/2022.02.01/archlinux-2022.02.01-x86_64.iso as well as http://mirrors.mit.edu/archlinux/iso/2022.02.01/sha1sums.txt
I downloaded the ISO and then
sha1sumed it to be sure it was OK.
wget http://mirrors.mit.edu/archlinux/iso/2022.02.01/sha1sums.txt wget http://mirrors.mit.edu/archlinux/iso/2022.02.01/archlinux-2022.02.01-x86_64.iso sha1sum archlinux-2022.02.01-x86_64.iso cat sha1sums.txt
Find a USB thumb drive to write the ISO to. Insert the thumb drive into your computer and find it:
On my machine, the USB is
/dev/hdb, and two partitions
got auto-mounted. So I will become root, unmount those partitions,
and then write the ISO image to the thumb drive.
su - umount /dev/sdb1 dd bs=4M if=/home/mwood/Downloads/archlinux-2022.02.01-x86_64.iso \ of=/dev/sdb oflag=sync status=progress
Now, remove the thumb drive and put it in your target computer
(in my case an old ThinkPad X250) and at boot up, hit
(or whatever appropriate button on your computer) to interrupt normal
startup, then F12 (or whatever appropriate button on your computer)
to change the boot device. Select the thumb drive to boot from.
Then, at the menu, select "Arch Linux Install Medium (x96_64, UEFI)"
Arch will place you in a root shell.
Be sure you really are on a UEFI system. This
command will list files if you are really on a UEFI system:
The best thing to do here is probably plug in an ethernet cable,
but it turns out the new
iwctl command is pretty sweet!
It even runs in an interactive shell mode, which I use here:
iwctl [iwd]# device list [iwd]# station wlan0 scan [iwd]# station wlan0 get-networks
I see my Wi-Fi network! It is named "foo". I will now connect to it:
[iwd]# station wlan0 connect foo Type the network passphrase for foo psk. Passphrase: ******************* [iwd]# quit ping yahoo.com
Now be sure your clock is correct:
timedatectl set-ntp true
Now find the disk you want to install Arch on:
On my machine, it's
/dev/sda, so I will use
to partition the target drive. The important thing is to create a
UEFI partition first, and then a linux partition for the rest of the
disk. Yes, it turns out that UEFI needs a FAT partition to do its stuff,
and not providing one is a bad mistake!
In my case, I delete existing partitions from a prior Arch install and then create my partitions fresh:
gdisk /dev/sda p # Print partition table. d # Delete partition... 2 # ...number 2. d # Delete partition... 1 # ...number 1. n # New partition... 1 # ...number 1... <Enter> # ...from first sector... +512M # ...plus 512MB... ef00 # ...of type "EFI system partition". n # New partition... 2 # ...number 2... <Enter> # ...from first available sector... <Enter> # ...to last available sector... 8300 # ...of type "Linux filesystem". w # Write partition table to disk. Y # Yes, really do it.
lsblk will show you your partitions.
Format the EUFI partition with FAT:
mkfs.fat -F32 /dev/sda1
Encrypt the root partition
cryptsetup -y -v luksFormat /dev/sda2 YES <enter passphrase> <enter passphrase again> cryptsetup open /dev/sda2 cryptroot
Open the encrypted partition via the device mapper
cryptsetup open /dev/sda2 cryptroot <enter passphrase>
ext4 filesystem on your encrypted
partition which is presumably mounted/overlaid/mapped
Now mount both the freshly-formatted UEFI partition and the encrypted partition so they are accessible on your filesystem:
mount /dev/mapper/cryptroot /mnt mkdir /mnt/boot mount /dev/sda1 /mnt/boot lsblk # look at everything to be sure it's OK
Create a swap file (rather than a swap partition) which will live in your encrypted partition. Apparently, current thinking is that the swapfile (not swap partition!) should be 1.5 times your system's RAM. I'll be honest, I usually don't bother with a swap file or swap partition anymore, but I set one up this time.
dd if=/dev/zero of=/mnt/swapfile bs=1M count=24576 status=progress chmod 600 /mnt/swapfile mkswap /mnt/swapfile swapon /mnt/swapfile
Install Arch Linux! Also, install vim so that you have a way of editing files in later steps.
pacstrap /mnt base base-devel linux linux-firmware vim
fstab file. Apparently,the
file already exists, but it's just got comments in it. So we
append to it, using this handy
genfstab -U /mnt >> /mnt/etc/fstab
Switch to your Arch Linux installation! I haven't read up on
arch-chroot command, but it seems to do what it
says on the tin:
Set up your time zone / locale and ensure the hardware clock agrees with the software clock.
ln -sf /usr/share/zoneinfo/AmericaNew_York /etc/localtime hwclock --systohc date # ensure the date and time seem sane vim /etc/locale.gen # uncomment your locale, such as "en_US.UTF-8 UTF-8" locale-gen echo 'LANG=en_US.UTF-8' > /etc/locale.conf
Pick a hostname and put it in the
echo 'manniX250' > /etc/hostname vim /etc/hosts
Be sure the contents of
/etc/hots look like this:
127.0.0.1 localhost ::1 localhost 127.0.1.1 manniX250.localdomain manniX250
Set the root password:
Configure the initial RAM filesystem:
/etc/mkinitcpio.conf is just a
that we need to edit.
According to https://wiki.archlinux.org/title/mkinitcpio#HOOKS,
we want to put find the
HOOKS section and put
autodetect (and remove
from near the end of the
HOOKS list) so that when
initramfs boots, it will have
all the keyboard drivers needed to collect a passphrase to decrypt
the encrypted partition. Putting
keyboard this early
HOOKS ensures that even if the user plugs in a
keyboard not used during setup (such as the laptop keyboard) there
still should be a driver on hand to detect/use that keyboard.
To have drivers on hand for the encrypted partition, put
HOOKS line of
Create the initial RAM filesystem:
Install the brug UEFI boot loader and the Intel microcode patcher thingy:
pacman -S grub efibootmgr intel-ucode
Get the UUID of your encrypted filesystem
blkid -s UUID -o value /dev/sda2 > /tmp/cryptuuid.txt
grub so that it knows about the
encrypted file system:
grub about your encrypted filesystem:
grub as co-operative and verbose as possible:
GRUB_TIMEOUT_STYLE=menu GRUB_TIMEOUT=-1 GRUB_CMDLINE_LINUX_DEFAULT=""
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB grub-mkconfig -o /boot/grub/grub.cfg
Install Network Manager. Personally, I was quite happy
iwctl thing, but I guess Network Manager
wraps it and is generally nice:
pacman -S networkmanager systemctl enable NetworkManager
Connect to wifi, but this time using Network Manager's CLI:
nmcli d wifi list nmcli d wifi connect foo password nottellinganybody
Make a non-root user
useradd --create-home mwood passwd mwood
pacman -Syu pacman -S xorg xorg-server pacman -S gnome
It looks like this reconfigures mkinitcpio, so I guess we should reboot!
When you've rebooted, log on as root and enable
systemctl start gdm.service
Now Gnome has started; log on as the plain user you created, but then
run a terminal and then ensure the
gdm service stays
sudo systemctl enable gdm.service
Reboot again to be sure
gdm comes back up on reboot:
After you have rebooted,
gdm should have come up,
and you show now log on as your regular, non-root user, fire up a terminal,
become root, and install Firefox (and
vlc while we
are at it):
su - pacman -S firefox vlc
Install a firewall
pacman -S nftables vim /etc/nftables.conf ## if you need to disable ssh incoming systemctl enable nftables.service --now
Enable time synchronization
sudo systemctl enable systemd-timesyncd.service --now
More things to consider for SSD owners:
This apparently enables regular housekeeping of SSDs and maybe makes them last longer:
sudo systemctl enable fstrim.timer --now
More things to consider (for laptop users):
tlp-rdw will improve power management
on laptops, so consider installing those. A typical installation
looks like this, but just googleing
turns up possibley more involved setups for ThinkPad users:
pacman -S tlp tlp-rdw systemctl enable tlp.service --now systemctl enable NetworkManager-dispatcher.service --now tlp-stat