Traveling through the Arch — Vol. 3

svettwer

Sven Hettwer

Posted on June 23, 2018

Traveling through the Arch — Vol. 3

Welcome back to the third issue of “Traveling though the Arch”. The last post was about a Anarchy Linux installation using the installer from arch-anywhere.org. This time, we’ll install a basic Arch Linux™ by our own hands without any predefined installer.

Requirements

To follow this guide, I would like to recommend the following setup:

  • Virtual machine (VirtualBox, KVM, etc.)
  • A downloaded Arch Linux™ iso image to install the OS from.
  • A web browser to read the instructions. I guess you‘ll have one when you’re reading this article ;-)
  • 10–60 minutes of time depending on the level of detail you’re looking for

Introduction

At first, let me point out, that I’ll not cover every step of the installation in this article but only some of the more interesting parts. You can find the whole installation process in my Arch-Installation GitHub repository, where every command is commented. I separated the installation into three major steps just as the official installation guide does.

  • Creating a bootable USB Stick Just in case you want to install it on a real machine
  • Installing a very basic Arch Linux™
  • Installing everything else on top Will be covered in the next episode

This structure will be represented in the GitHub repository as well.

Creating a bootable USB Stick

Under Linux, there is nothing easier than that!

Disclaimer!

If you use dd, please be careful! You can easily erase your disks, if you set
of to the wrong device.

dd bs=4M if=/path/to/archlinux.iso of=/dev/sdX status=progress && sync
  • dd A tool to copy files byte by byte.
  • bs=4M Telling dd to read/write 4M byte at a time.
  • if Stands for i nput f ile.
  • of Stands for o utput f ile.
  • status=progress Limits the output of the output to transfer statistics.
  • && An logical and operator. Within the context of this command: If dd was successful, please also execute sync.
  • sync Tells the system to write cached data to persistent storage.

If you’re not familiar with dd or the way that Linux handles devices, please use a tool like the Startup Disk Creator or one of the other numerous programs to create bootable USB Sticks.

If you’re starting from Windows, I’d recommend the LinuxLive USB Creator.

Installing a very basic Arch Linux™

Arch Linux™ — Boot screen

After booting your system from the medium of your choice, the boot screen will show up as in any other distribution. But After deciding to Boot Arch Linux (x86_64) you’ll be dropped into a the live system with nothing more than a command prompt.

Arch Linux live shell

Partitioning and encryption

After performing some basic configuration, I prepared my partitions. I used the tool cfdisk (just because I know how it works) and created two partitions. One partition for /boot, with round about 200MB of space and the rest of the disk for everything else.

If you’re curious what /boot is:

Referring to the Filesystem Hirarchy Standards (FHS), the /boot folder holds the static files of the boot loader. It is allowed to store the kernel there as well.

The only reason, why I setup a different partition for my boot loader and kernel is, that my main partition will be encrypted and therefore a decryption by the kernel is required before user-mode programs can be loaded.

So now that I’ve setup my partitions, it’s time to encrypt the device!

Therefore I used the tool cryptsetup, which is a tool that is able to perform a plain dm-crypt or a LUKS encryption. dm-crypt is the cryptographic device mapper module where LUKS stands for Linux Unified key Setup, which extends the plain encryption of dm-crypt by an additional meta information header easing the identification of the encryption algorithm, finding user data within the encrypted data blob and makes some additional cryptographic features possible.

cryptsetup -y -v luksFormat /dev/sdaX
  • cryptsetup Tool to encrypt devices
  • -y Asks for passphrase verification
  • -v Verbose
  • luksFormat Encrypt with LUKS header
  • /dev/sdaX The device to be encrypted

Encryption is done!

Setting up the File system

After opening the encrypted device, we’re now able to write our file system.

mkfs.btrfs /dev/mapper/cryptroot
  • mkfs A tool to create Linux file systems
  • mkfs.btrfs Creates a btrfs file system
  • /dev/mapper/cryptroot The opened/mapped device
mkfs.ext2 /dev/sda1
  • mkfs.ext2 Creates a ext2 file system
  • /dev/sda1 The device to create the file system on. In this case, this is my /boot partition

Setting up a file system is not that hard. Choosing your file system however is very hard. There are multiple file systems out there with many different features. Because I don’t want to start comparing all the pros and cons of the different systems, let me just point out why I’ve chosen ext2 for my boot partition and btrfs for everything else. At first: It was a recommendation. But that’s not enough reason to do so. Therefore I did some research.

ext2 is what one would call a very basic file system nowadays. It was meant to solve various issues of ext. But due to its simplicity it’s ideal for boot partitions, USB-Sticks and basically every storage, where journaling is not required.

btrfs on the other hand is a file system that hits its stable state initially in 2014. It’s a copy-on-write file system with a vast amount of features including self-healing mechanisms, file system snapshots, subvolumes and much much more. Especially because of it’s snapshot mechanism it’s very easy to create file system backups without copying tons of data to an external drive.

Setting up initramfs

This section clarifies what bugged me the most when installing Linux systems with encrypted devices… until now.

The keyboard layout while setting up the passphrase was German (due to my choices during the installation process) but while booting the system, the layout switches back to English!

This led me to so many moments full of frustration but now, they are gone!

And unfortunately it could have been so easy avoiding the frustration at all.

There is a file on your Arch Linux™ machine called /etc/mkinitcpio.conf.

This is a configuration file for (who would have guessed) a program called mkinitcpio which is able to create initramfs archives. The most important part of this configuration file is the definition of the HOOKS variable. HOOKS specifies the composition and behavior of the initramfs. One of this glorious hooks is called keymap. And this is what keymap does:

Adds the specified keymap(s) from /etc/vconsole.conf to the initramfs.

Loads the specified keymap(s) from /etc/vconsole.conf during early userspace.

Source: https://wiki.archlinux.org/index.php?title=Mkinitcpio&oldid=492088

mkinitcpio -p linux

Done!

This means, that the keyboard layout of my choice is loaded within the initramfs. This empowers me to use as many special characters in my passphrase as I want!

Summary

One told me once: Setting up an Arch Linux™is no witchcraft.

Now that I did it, I can only agree. I took some hours to find out only some of the details I wanted to know. One could spend hundreds of hours more depending on the level of detail you’re looking for. So the learning curve is steep and one will have to do some parts of the installation twice but at the end, you’ve a system which is absolutely transparent to you. And if I forget what I did once while I performed the installation, I can just look it up in the repository. At my current point it feels like there is not a single situation where the system could receives critical damage to the software that I’m unable to repair.

This article is originally published at medium.com/@SvenHettwer

💖 💪 🙅 🚩
svettwer
Sven Hettwer

Posted on June 23, 2018

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

Traveling through the Arch — Vol. 3
experience Traveling through the Arch — Vol. 3

June 23, 2018