A minimal Arch Linux installation with Gnome. My notes.

Feb 28, 2021 linux

Arch Linux is extremely well documented so I highly recommend to read the Arch installation guide. This guide installs the Gnome desktop environment, but one can easily swap Gnome for i3 or another desktop environment, or leave it all together. This is the procedure I used for installing Arch on a Thinkpad t460s, t490s and a Dell Precision 5550.

Partitioning

Checkout the current partition scheme and the name of the harddrive(s)

1fdisk -l

Determine how you want to partition the disk. I do not use anything fancy (yet).

  • a EFI boot partition and an ext4 root partition
  • an encrypted root
device size purpose
/dev/nvme0n1p1 500 MB - 1 GB boot
/dev/nvme0n1p2 remainder encrypted root

Let's go ahead and delete the existing partitions and create new partitions.

1fdisk /dev/nvme01
2fdisk d # delete until no partitions are left
3fdisk n # boot partition, type +512M for size
4fdisk n # for root partition, remainder of disk 
5fdisk t L 1 # set to EFI
6fdisk p # check
7fdisk w # write

Optional: if you need a swap partition just create an extra partition and prepare it as follows:

1mkswap /dev/nvme0n1p3
2swapon /dev/nvme0n1p3

Encrypt and mount

To encrypt the root partion with Luks:

1cryptsetup -y -v luksFormat /dev/nvme0n1p2
2cryptsetup open /dev/nvme0n1p2 cryptroot

Source: https://wiki.archlinux.org/index.php/Dm-crypt/Encrypting_an_entire_system#LUKS_on_a_partition

Set filesystem to ext4 and mount it:

1mkfs.ext4 /dev/mapper/cryptroot
2mount /dev/mapper/cryptroot /mnt

Make filesystem for boot and mount

1mkfs.fat -F32 /dev/vme0n1p1
2mkdir /mnt/boot
3mount /dev/vme0n1p1 /mnt/boot

Bootstrap

1pacstrap /mnt vim sudo grub efibootmgr linux linux-lts base base-devel dhcpcd linux-firmware

Create fstab

1genfstab -U /mnt >> /mnt/etc/fstab

Now chroot into the newly mounted root:

1arch-chroot /mnt

Set time zone:

1ln -sf /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
2hwclock --systohc
3

Edit /etc/locale.gen and uncomment en_US.UTF-8 UTF-8 and other needed locales.

1vim /etc/locale.gen

Generate the locales by running:

1locale-gen

Create the locale.conf(5) file, and set the LANG variable accordingly:

1/etc/locale.conf
2LANG=en_US.UTF-8

Create the hostname file:

1/etc/hostname
2myhostname
3
4/etc/hosts
5127.0.0.1	localhost
6::1		localhost
7127.0.1.1	myhostname.localdomain	myhostname

Grub

This step is the most exciting. We need to create a ramdisk to configure early userspace. See here: https://en.wikipedia.org/wiki/Initial_ramdisk

  • We need to make sure to add an encrypt hook before the filesystem is loaded
  • We need to add the video driver so it starts before GDM (only for Gnome users)

Which videodriver to add? See here: https://wiki.archlinux.org/index.php/Kernel_mode_setting#Early_KMS_start

Edit /etc/mkinitcpio.conf:

  • HOOKS: add the word "encrypt" just before "filesystems"
  • MODULES: add the video driver

Leave the rest of the file in tact.

1vim /etc/mkinitcpio.conf
2# only change this:
3MODULES=(i915)
4HOOKS=(base udev autodetect keyboard keymap consolefont modconf block encrypt filesystems fsck)

Next generate the ramdisk:

1mkinitcpio -P

Now install Grub:

1grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
2# if you didn't configure encryption, you should mount the EFI partition in /boot/efi and also set --efi-directory=/boot/efi

Edit the grub conf to point to the encrypted root.

1vim /etc/default/grub # --> cryptdevice=/dev/nvme0n1p2:cryptroot

Here is a screenshot from my grub config. I also changed the order as you can see. 1

Generate grub:

1grub-mkconfig -o /boot/grub/grub.cfg

Add user and desktop environment

1passwd
2useradd -mg users -G wheel,storage,power -s /bin/bash jacqueline
3passwd jacqueline
4pacman -S xorg xorg-server gnome zsh cmake git neofetch jq ansible
5systemctl enable gdm.service
6systemctl enable NetworkManager.service
7systemctl enable dhcpcd

Now reboot into Gnome.

Summary

Add an extra encryption key

If you regret your disk encryption key, you can easily set another one:

1sudo cryptsetup luksDump /dev/nvme0n1p2
2sudo cryptsetup luksAddKey --key-slot 1 /dev/nvme0n1p2

History

 1ln -sd /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime
 2hwclock --systohc
 3vim /etc/locale.gen
 4locale-gen
 5vim /etc/locale.conf
 6vim /etc/hostname
 7vim /etc/hosts
 8vim /etc/mkinitcpio.conf
 9mkinitcpio -P
10grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
11vim /etc/default/grub
12grub-mkconfig -o /boot/grub/grub.cfg
13passwd
14useradd -mg users -G wheel,storage,power -s /bin/bash jacqueline
15passwd jacqueline
16pacman -S xorg xorg-server gnome zsh cmake git neofetch jq ansible
17systemctl enable gdm.service
18systemctl enable NetworkManager.service
19systemctl enable dhcpcd