this post was submitted on 30 Jul 2025

18 points (87.5% liked)

Linux

8723 readers

385 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

GNU Linux how to install arch (with btrfs and without frustration) + minimalistic latest MATE Desktop (dwaves.de)

submitted 3 days ago by cm0002@programming.dev to c/linux@programming.dev

14 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] bacon_pdp@lemmy.world -1 points 3 days ago

Do better

################################################################################# #################################################################################

A minimal Arch install procedure with encrypted /boot and /

################################################################################# #################################################################################

Format virtual drive to have 1 large primary partition and mark it as bootable

echo -e "o\nn\np\n1\n\n\na\nw" | fdisk /dev/sda

It really is that simple to set up the partition table. o wipes the previous

table, n creates a new partition, and a makes it bootable. w writes the changes.

Encrypt entire volume

Default iter is 2000 and takes 22 seconds for grub to decrypt, adjust accordingly

cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 50000
--use-random --verify-passphrase luksFormat --type luks1 /dev/sda1

or if that takes too long to type or you don't care; you can use the defaults:

The luks1 however matters until grub finishes adding sufficient support for

luks2. Argon2id (cryptsetup default) and Argon2i PBKDFs are not supported, only

PBKDF2 is at this time

cryptsetup -v --use-random -y luksFormat --type luks1 /dev/sda1

Open for formating

cryptsetup open /dev/sda1 root

Actually format

mkfs.btrfs /dev/mapper/root

Mount partitions

mount /dev/mapper/root /mnt

Fix the slow install problem

pacman -Sy pacman -S pacman-contrib cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup

if per policy reasons you need to limit yourself to the USA

curl "https://archlinux.org/mirrorlist/?country=US" | sed 's/#Server/Server/g' \

>| /etc/pacman.d/mirrorlist.backup

rankmirrors -n 6 /etc/pacman.d/mirrorlist.backup > /etc/pacman.d/mirrorlist

Install bootstrap

pacstrap /mnt base linux linux-firmware btrfs-progs lvm2

if you see bill-auger is unknown trust

pacman -S archlinux-keyring parabola-keyring

Setup fstab

genfstab -U /mnt >> /mnt/etc/fstab

Chroot into mount

arch-chroot /mnt

Set root password

passwd

Setup timezone

ln -sf /usr/share/zoneinfo/US/Michigan /etc/localtime

Setup locales

echo "en_US.UTF-8 UTF-8" > /etc/locale.gen echo "LANG=en_US.UTF-8" > /etc/locale.conf locale-gen

Set hostname

export hostname=encom

Use it

echo "$hostname" >| /etc/hostname { cat <<-EOF 127.0.0.1 localhost 127.0.1.1 $hostname

The following lines are desirable for IPv6 capable hosts

::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters EOF } >| /etc/hosts

Enable dhcp on ethernet

pacman -S dhclient

#enable wifi pacman -S iw iwd

Fix kernel file system

YES order matters for stupid reasons

components="base
udev
autodetect
modconf
keyboard
block
encrypt
lvm2
filesystems
keyboard
fsck"; sed -i "/^HOOKS=/c\HOOKS=(${components})" /etc/mkinitcpio.conf

Modify: to add support for encrypt and lvm2

build new initial ramdisk:

mkinitcpio -p linux

May produce warnings about lwn2, can safely ignore

Setup grub

pacman -S grub

indicate /boot is encrypted

sed -i '/^GRUB_CMDLINE_LINUX=/c\GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda1:root"'
/etc/default/grub

Enable support for encrypted /boot

sed -i '/^#GRUB_ENABLE_CRYPTODISK=/c\GRUB_ENABLE_CRYPTODISK="y"' /etc/default/grub

Uncomment GRUB_ENABLE_CRYPTODISK=y

mkdir /boot/grub grub-mkconfig -o /boot/grub/grub.cfg grub-install /dev/sda

################################################################################# #################################################################################

Reboot as the core setup is done and the rest can be done inside our new arch

Linux system as root/administrator

################################################################################# #################################################################################

Remove need to type luks password twice

dd bs=512 count=4 if=/dev/urandom of=/crypto_keyfile.bin chmod 400 /crypto_keyfile.bin cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin

Set init to use that file

sed -i "/^FILES=/c\FILES=/crypto_keyfile.bin" /etc/mkinitcpio.conf

build new initial ramdisk:

mkinitcpio -p linux

Enable networking

dhclient ens33

Setup sudo group for membership and useful privileges

pacman -S sudo vim wget groupadd sudo

Uncomment the %sudo line

sed -i '/^# %sudo/c%sudo\tALL=(ALL:ALL) ALL' /etc/sudoers

Setup our power user

export USERNAME=user useradd -m $USERNAME passwd $USERNAME usermod -G sudo -a $USERNAME

################################################################################# #################################################################################

If you want guix for everything else on your system use the install guix

procedure instead of following the rest of this procedure.

#################################################################################

You may now logout and finish the rest of this procedure as your

administrative account created previously

################################################################################# #################################################################################

Install baseline gui

sudo pacman -S i3-wm xorg-server xorg-xinit xf86-video-vesa xorg mesa slim
xorg-xrdb dmenu emacs st git gcc make htop screen
binutils stow