Mirrors/spark
1
0
Fork 0
mirror of https://github.com/pigmonkey/spark.git synced 2026-01-23 02:24:09 +00:00
Code Issues Projects Releases Wiki Activity
spark/INSTALL.md
Pig Monkey b8a827504f install: support suspend 
After making these changes to an existing system, rebuild grub and make
images.

    # grub-mkconfig -o /boot/grub/grub.cfg
    # mkinitcpio -p linux
    # mkinitcpio -p linux-grsec
2016-01-28 19:29:06 -08:00

3.4 KiB
Raw Blame History

The following is a brief installation tutorial for Arch Linux. It assumes familiarity with the Arch Beginner's Guide and Installation Guide.

It will provide a system with full-disk encryption using LVM on LUKS. There is no separate /boot partition. The entire installation is encrypted and booted via Grub's crypto hooks.

Boot into the Arch installer.

Verify that the system clock is up to date.

$ timedatectl set-ntp true

Create a single partition for LUKS.

$ parted -s /dev/sda mklabel msdos
$ parted -s /dev/sda mkpart primary 2048s 100%

Create and mount the encrypted filesystem.

$ cryptsetup luksFormat /dev/sda1
$ cryptsetup luksOpen /dev/sda1 lvm
$ pvcreate /dev/mapper/lvm
$ vgcreate arch /dev/mapper/lvm
$ lvcreate -L 8G arch -n swap
$ lvcreate -L 30G arch -n root
$ lvcreate -l +100%FREE arch -n home
$ mkswap -L swap /dev/mapper/arch-swap
$ mkfs.ext4 /dev/mapper/arch-root
$ mkfs.ext4 /dev/mapper/arch-home
$ mount /dev/mapper/arch-root /mnt
$ mkdir /mnt/home
$ mount /dev/mapper/arch-home /mnt/home
$ swapon /dev/mapper/arch-swap

Optionally edit the mirror list.

$ vi /etc/pacman.d/mirrorlist

Install the base system.

$ pacstrap -i /mnt base base-devel

Generate and verify fstab.

$ genfstab -U -p /mnt >> /mnt/etc/fstab
$ less /mnt/etc/fstab

Change root into the base install and perform base configuration tasks.

$ arch-chroot /mnt /bin/bash
$ echo en_US.UTF-8 UTF-8 >> /etc/locale.gen
$ locale-gen
$ echo LANG=en_US.UTF-8 > /etc/locale.conf
$ export LANG=en_US.UTF-8
$ ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
$ hwclock --systohc --utc
$ echo mymachine > /etc/hostname
$ systemctl enable dhcpcd.service
$ passwd

Add a key file to decrypt the volume and properly set the hooks.

$ dd bs=512 count=8 if=/dev/urandom of=/crypto_keyfile.bin
$ cryptsetup luksAddKey /dev/sda1 /crypto_keyfile.bin
$ chmod 000 /crypto_keyfile.bin
$ sed -i 's/^FILES=.*/FILES="\/crypto_keyfile.bin"/' /etc/mkinitcpio.conf
$ sed -i 's/^HOOKS=.*/HOOKS="base udev autodetect modconf block keyboard encrypt lvm2 resume filesystems fsck"/' /etc/mkinitcpio.conf
$ mkinitcpio -p linux

Install GRUB.

$ pacman -S grub
$ echo GRUB_ENABLE_CRYPTODISK=y >> /etc/default/grub
$ sed -i 's/^GRUB_CMDLINE_LINUX=.*/GRUB_CMDLINE_LINUX="cryptdevice=\/dev\/sda1:lvm:allow-discards resume=\/dev\/mapper\/arch-swap"/' /etc/default/grub
$ grub-mkconfig -o /boot/grub/grub.cfg
$ grub-install /dev/sda
$ chmod -R g-rwx,o-rwx /boot

Cleanup and reboot!

$ exit
$ umount -R /mnt
$ reboot

Run ansible!