xengineering

Table of contents

Introduction

This article describes how to install Arch Linux. It is based on the official installation guide.

This primary documentation does not describe one specific installation option but instead points out the different options the user has like selecting bootloaders, boot modes or filesystems.

As a complement this article documents one specific installation inside a QEMU virtual machine (VM). It might be used as a VM or converted to a binary image file which can be written to a physical drive like an USB stick or SSD.

Design decisions

The installation is based on the following design decisions.

UEFI boot
GUID-based partition table
full disc encryption
Btrfs root filesystem
only a minimalistic set of installed packages (no graphical environment)
nftables firewall
systemd- and iwd-based networking

Those might change in the future. Secure boot with a unified kernel image is appreciated but not yet implemented.

Installation

First a virtual drive is created as a file as a starting point for the VM installation. Additionally a writable copy of the UEFI variables is created to keep settings.

qemu-img create -f qcow2 archlinux.qcow2 8G
cp /usr/share/edk2/x64/OVMF_VARS.4m.fd .

It is expected that the Arch Linux *.iso installation image is downloaded, verified and saved in the same folder. See the download page for details.

The installation image can be booted with qemu-system-x86_64. The just created virtual machine disk is attached as an additional drive.

It is important that immediately after the first UEFI screen is shown the e key is pressed and console=ttyS0 <Enter> is typed. This makes sure the console is exposed via a virtual serial console bound to the host terminal. Booting will take some time.

This is annoying but worth it since it allows to copy and paste all subsequent commands instead of typing them by hand.

qemu-system-x86_64 \
    -enable-kvm \
    -m 4G \
    -nic user,model=virtio \
    -drive file=archlinux.qcow2,media=disk,if=virtio \
    -smp cpus=4 \
    -nographic \
    -boot order=d \
    -drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd \
    -drive if=pflash,format=raw,file=OVMF_VARS.4m.fd \
    -cdrom archlinux-*.iso

After specifying the console the installation image should boot. Next the user root without password is used to log in.

The following command allows to check if the time is properly synchronized.

timedatectl

The virtual machine disk can be partitioned with parted.

parted /dev/vda --script mklabel gpt
parted /dev/vda --script mkpart primary fat32 1MiB 2GiB
parted /dev/vda --script mkpart primary 2GiB 100%
parted /dev/vda --script set 1 boot on

The following commands format the second partition for use with Linux Unified Key Setup (LUKS) and opens this LUKS partition to open the encrypted partition inside. The interactive questions have to be answered.

cryptsetup luksFormat --batch-mode --label CRYPTO_ROOT /dev/vda2
cryptsetup open /dev/vda2 root

The actual filesystems are then created with mkfs. For the BOOT partition a FAT filesystem is used. The ROOT filesystem containing the operating system and user data is formatted with BTRFS.

mkfs.vfat -n BOOT /dev/vda1
mkfs.btrfs -L ROOT /dev/mapper/root

These two filesystems are opened by mounting them to the current system under the path /mnt.

mount /dev/mapper/root /mnt
mount --options fmask=7137,dmask=7027 --mkdir /dev/vda1 /mnt/boot

The software reflector is executed to find appropriate Arch Linux package servers which provide a good bandwidth at the current location. These server references are later copied to the installed system.

systemctl start reflector

Selected software packages are installed to the new system with pacstrap.

pacstrap -K /mnt \
    base \
    linux \
    linux-firmware \
    parted \
    btrfs-progs \
    iwd \
    vi \
    openssh \
    nftables \
    arch-install-scripts \
    man-db \
    man-pages \
    texinfo

The filesystem table (fstab) is created, printed and saved to the new system to describe which filesystems should be mounted where during boot.

genfstab -L /mnt | tee /mnt/etc/fstab

Without actual booting a change root (chroot) command is used to use the new system already.

arch-chroot /mnt

Miscellaneous settings are configured via the command line.

ln -sf /usr/share/zoneinfo/Europe/Berlin /etc/localtime
hwclock --systohc
sed -i 's/#en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/g' /etc/locale.gen
locale-gen
echo 'LANG=en_US.UTF-8' > /etc/locale.conf
echo 'archlinux' > /etc/hostname
echo 'root' | passwd -s
echo '[Match]
Kind=!*
Type=ether wlan

[Network]
DHCP=yes' > /etc/systemd/network/auto.network
systemctl enable nftables.service
systemctl enable systemd-networkd.service
systemctl enable systemd-resolved.service
ln -sf ../run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
systemctl enable iwd.service
systemctl enable systemd-timesyncd.service

The systemd bootloader is installed and configured.

bootctl install
echo 'title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=/dev/disk/by-label/CRYPTO_ROOT:root root=/dev/mapper/root rw' > /boot/loader/entries/arch.conf

The initial RAM filesystem (initramfs) is configured and created to ensure BTRFS and LUKS support during an early boot stage.

sed -i 's/^HOOKS.*$/HOOKS=(base udev autodetect microcode modconf kms keyboard keymap consolefont block encrypt btrfs filesystems fsck)/g' /etc/mkinitcpio.conf
mkinitcpio -P

The chroot is exited and the live system is powered off.

exit
poweroff

The virtual machine image can be written to a physical drive like a boot stick or SSD with qemu-img. For that the /dev/null in the following command has to be replaced by the path to the correct drive. A mistake here might lead to the destruction of the current system with no way back. Use with care and only if you know what you are doing.

qemu-img dd -f qcow2 -O raw if=archlinux.qcow2 of=/dev/null

Otherwise the virtual machine image can be started again with QEMU without the installation image:

qemu-system-x86_64 \
    -enable-kvm \
    -m 4G \
    -nic user,model=virtio \
    -drive file=archlinux.qcow2,media=disk,if=virtio \
    -smp cpus=4 \
    -drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd \
    -drive if=pflash,format=raw,file=OVMF_VARS.4m.fd

The username and password is based on this guide root. Output to the serial console is currently not supported.

If the new system is booted the second partition containing the LUKS container and ROOT BTRFS partition can be extended to the full possible size.

parted /dev/sdb --script resizepart 2 100%
cryptsetup resize root
btrfs filesystem resize max /

With this step the installation is finished.