How I Install Arch Linux (the hard way).

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
there's a few reasons why Arch is my go-to Linux distribution and it's not just because I get to tell people that I use it by the way the main reason I choose Arch is because of Freedom or autonomy it's an unopinionated distribution that allows me to set up my computer however I want to now installing Arch can be kind of daunting for beginners so in this video I'm going to show you how I do it with full dis encryption the computer I'm going to use for this installation is a se6 Max which is a pretty power efficient machine using around 10 wats when idle and a Max of 80 when underload despite this efficiency it's going to be plenty powerful enough for my day-to-day tasks out of the box the machine comes with 32 gigs of memory which is more than enough for any MacBook users for storage it comes with a 1 TB SSD which is not bad however for myself I'm going to need just a little bit more fortunately it provides support for up to two nvme drives so I'm going to add another 4 TB the drive I'm installing is a crucial P3 plus which I I got from Amazon you can find a link for all of this Hardware in the description down below to install it I first need to open up the machine which can be done by unscrewing the four screws at the bottom of the enclosure once unscrewed I can then access the internals by using this tab on the bottom of the case which is really helpful as it prevents my fingertips from being embarrassed once inside it's as simple as installing the M2 drive as you would any other followed by reattaching the base and returning the screws to where they belong with the upgrades complete the next task to obtain a copy of the Arch Linux ISO navigating to the download page of the arch website we're greeted with a number of ways to obtain this image the recommended approach is to use a torrent however for those not comfortable with torrenting then there are some direct download links available on the page all you have to do is select the mirror you want to use and then download the image once the download is complete it's generally a good idea to verify the Integrity of the image you'll notice on the direct download page that there are a couple of text files these these contain the expected hash sums of the image we just downloaded which we can use to verify against I'm going to grab both to show you how to use each one you'll also notice there's a doig file here as well if you're extra paranoid like I am then you'll also want to download this now we can verify our ISO image opening up a terminal and heading on over to the downloads directory we can use either of the following two commands to verify the hash sum of the image next to make sure you haven't downloaded an image from a malicious website you can verify the signature of the ISO as well you'll need G PG installed on your system in order to do this first use the following command to download and import the public key in order to verify the signature next we can use the gpg verify command which will check that the signature is valid with that we've completed our due diligence the next thing to do is to flash this image onto a USB drive I normally do this using the DD command inside of the terminal and whilst this is pretty simple to do it's also incredibly easy to accidentally make a mistake and making a mistake with DD is a Surefire way to destroy your system so being the responsible individual that I am I decided to show how to flash this in a much safer way using an app called eter by balena you can download this app from their website and it supports all of the major operating systems once downloaded open up the application and you should be greeted with the following window flashing with eter is really simple just drag and drop the iso onto the application then select the USB drive you wish to use once configured all you need to do is then click the flash button after a short amount of time this should complete once it's done eject the USB drive insert it into your new computer and power it on at this point you're going to want to intercept your boot menu in order to load from the USB drive on a this is done by pressing the F7 key whilst the machine is starting up upon selecting the USB drive as your boot dis you should be greeted with another boot menu with a number of different options here I selected the first item in this menu which brings me into the Arch Linux installation environment to make things a little easier when installing Arch I tend to ssh in from my other computer in order to do that however I'm going to need to set up the box to have network access the preferred option here is to just go ahead and plug in an ethernet cable and everything should work as expected however most people will typically need to use Wi-Fi in order to connect fortunately this is actually rather easy to set up we can use the iwct command to do so all we need to do is tell our WLAN zero device to connect to our SS ID entering our Wi-Fi password when prompted once connected the next thing you need to do is obtain the machine's IP address you can do this using the IP Adder command next we want to make sure the SSH demon is actually running this should be enabled by default but it never hurts to double check All That Remains is to set a password using the past WD command this will allow us to log in when we try to SSH from our other machine to do so head back on over to your other computer and enter in the same command as I am make sure to replace the IP address with the one that we pulled out using the IP Adder command earlier if everything's successful you should be greeted with the Arch Linux installation welcome message the first thing we need to do when setting up a new system is to ensure that our diss are set up correctly in my case I want to install Arch on an encrypted volume for doing that however it's a good practice to overwrite your disk with random data in order to hide where your data boundary lies to do this we first need to locate the path towards our drives we can do this using the lsblk command which will list all of our block devices the the drives I'm looking for are both of the mvme ones the easiest way to write random data is to use the DD command with the /d/ random device now this command takes a long time in my case it took around 8 hours in total in order to overwrite both drives if that is understandably too much time for you then this step is totally optional however it does secure your data just a little bit more than not doing so in either case the next step after this is to set up our disk partitions I pretty much have a standard table that I use when it comes to partitioning my discs which is separating the boot dis into three distinct partitions the first of these is the EFI part which will contain our Linux image the second is used to contain our bootloader which in our case will be grub and the last partition is an encrypted lvm containing multiple volumes as this system has two distinct drives the second Drive will be used as an encrypted partition for storing the slome directory if you're only using a single drive then don't worry about the home partition I have a link to a guide in the description down below which covers both setups to set up my partitions I'm going to use G disk on my boot Drive which for me is mvme 0n1 to see the current layout I can use the P command inside of the menu which shows I have no partition table as expected to create a new Partition you use the N command and use the defaults for both the partition number and the start sector as I want this partition to be 512 mbes I'll set the last sector to be a size of plus 512m with we then need to give this partition a label type we can find the code we want using the L command and typing in our search string as this is the EFI partition I can search for EFI which produces the EF code afterwards I can check this Partition by printing out the table again next is to move on to the boot partition which follows a pretty similar setup process I'm setting the size of this partition to be 4 GB however again we'll search for the code re1 using the L command which will give us the ef02 code once again I'll check that everything looks good by printing out the partition table then it's time to move on to the third and final partition as I want this partition to take up all of the remaining space I just need to accept the default for the last sector because this partition is going to be encrypted with Linux Lux the code for this partition is 8309 with our partitions defined we can then use the W key to write this table to the disk next is to set a partition on my home directory drive as this drive is only going to contain a single partition I can accept the default that GIS provides in order to use the entire disk this partition will also be encrypted so for the hex code you can either use the same Lux code we used before or as I'm doing in my case using the Linux /home code which is 8302 with our table now defined and written the next step is to set up encryption on both my lvm and home partitions to do this we're going to use Lux or Linux unified key setup which comes as part of the Linux kernel to begin it's a good idea to make sure the encryption modules are loaded which we can achieve using mod Probe on DMC Crypt and dmod the first partition we're going to encrypt is the third partition of our boot drive we can do this using the following command specifying the partition we want to encrypt at the end when it comes to the Luxe format command there's a whole bunch of configuration you can choose from however I find this is the best configuration for me because it's both simple and secure after submitting this command you'll be prompted to enter in a password it's always a good idea to keep a copy of this password somewhere safe in case you forget get it personally I use a self-hosted password manager which also has an off-site encrypted backup once the first partition is encrypted I can use the same command again on my home partition going through the exact same steps you can use either the same password here or use a different one whichever your preference with our encryption complete the next step is to add logical volumes into our lvm partition to do so first use the following command to decrypt and mount our encrypted partition where we're going to be defining our volumes let's Mount this on under the mapped device of luxore lvm next we can then create a physical volume using the PV create command under our mapped device followed by then creating a volume group named Arch once that's done we can then create a logical volume for our swap device as I plan on upgrading my Ram to 64 GB I'm setting the size of the swap volume to be 96 gigs this means it's able to store all of the contents of memory on disk with a little bit of a buffer after the swap volume it's then time to create the root volume as I'm using another disc to store my home partition I'm going to set this volume to use the remaining free disc space by using the following command once that's done we can check these new volumes by using the ls block command the last thing for me to do is to decrypt and mount my home partition which I'm going to mount at Arch Dome with our volumes defined we can go ahead and set up our file system the first partition we want to format is where our EFI will be stored for this it needs to be fat 32 which we can format using the following command for our boot partition we can use ext4 for my root and home file systems I prefer to use btrfs which provides a number of additional features such as full system snapshots and rollbacks we can format our two partitions to use btrfs by using the make fs. btrfs Command with our home and root partitions done the last thing we need to format is our swap volume which we can do using the make swap command with that we finally have our file system set up how we want to now we just need to mount it in order to install Arch first let's Mount our swap Space by using the following two commands to First enable the Swap and to mark it as available next Mount the root volume to the/ MNT directory we can then use the make dear command to create both our home and boot directories with these created we can then Mount our boot partition to the boot directory and our home volume to the home directory the last thing to do is make a new EFI directory inside of the boot folder and then Mount our EFI partition to it that's a lot amounts I recommend double-checking yourself using the ls block command here's what mine looks like with that we're now ready to install Arch finally setting up discs always take such a long time to install Arch on our system we can use the pack strap command passing in the bass Linux and Linux firmware packages if you want to do a hardened installation which is a little more secure then you can use the Linux Das Harden package instead however do be aware that some apps may not work on your system I recommend reading the documentation to find out more once pressing enter the command will download and install all the packages onto our file system this will take a couple of minutes depending on your internet speed once it's done we then want to make sure we save our file system table to our new system this can be done using the Gen FS tab command writing it to the Mount Etsy FS tab file now we can load up a shell inside of our system using the arch change root command on the/ Mount directory this now acts as if we're root inside of our actual operating system the first package I like to install is the base develop package or Bas devl which provides a number of features for software development we also could have specified this package inside of the pack strap command if we wanted to but as not everybody is a software developer then I chose to admit it for this video with our base packages installed we now need to do a little more configuration in order for our operating system to be able to boot to do that we first need to install a text editor in my case I'm using neim however if you're not comfortable using Vim key bindings then I recommend using Nano instead with your choice of editor installed we then need to open up the/ Etsy /m init CPO file in order to configure Linux to decrypt our volumes when it starts up to add this in scroll down to your hooks line inside of this file here make sure to add both the encrypt and lvm2 hooks in between block and file systems then go ahead and save and exit this file once that's done we then need to install the lvm2 package on our system for the hook to be available this will also regenerate our Linux image next we need to install our bootloader which in this case is going to be grub in order to set up our bootloader we're going to need to install both the grub and EFI boot manager packages onto our system next we need to install grub onto our boot partition we can do this using the grub install command as follows then once installed open up the /c/ deault sgrub file in your text editor here is where we're going to set some kernel parameters to our boot configuration the first is the partition that contains our root file system which in my case is pointing to the arch root volume the second is to mount our encrypted device to the Lux lvm volume here I've specified the path to the partition however this isn't exactly a best practice sometimes following a cosos reset the device ordering can change which can break the operating system from loading a better practice is to use the device uuid instead you can obtain this using the following command in the terminal then copy it to your clipboard head back into the grub configuration and make the following changes to use with the Crypt device with our kernel parameters configured the next thing we want to do is make sure we only have to enter in our encryption password once to do this we can make use of a key file for each of our encrypted partitions I like to store my key files in a directory called secure which we can create using the following command if you can think of a better place to store these then let me know in the comments down below the next step is to create a key file each for our root directory and our home directory we can do this using our old friends the DD command sourcing from Dev / random and outputting to our respective files here is the command that I'm using to create them next we want to lock down the permissions on these files so that only the root user can access them we can do this by setting the permission Flags to zero using the change mode command it's also a good idea to change the permissions on the init Ram FS as well as this will contain the key file with our key files created we then need to add them to each of our partitions respectively we can do this using the Lux add key command entering in our existing pass pH when prompted here I'm doing this for both of my partitions with our key files created the next thing we want to do is make sure that the kernel can access them opening up our make init cpo.com file again in our text editor head on down to the files line here add an entry for the root key file this will ensure that the bootloader has access to this file when the system starts up this sets up the root volume next is the home partition for this we're going to use the Crypt table in order to modify this first obtain The UU ID of the home partition then then open up the sled c/p tab in your text editor inside add the following line the First Column defines the mount path which in our case is ar- home the second column defines the device which we're referencing by its uu ID and the last column points to our home's key file once that's added the first thing to do is regenerate our Linux image using the following command then we need to initialize our grub configuration we can do this using the grub make config command and outputting it to both the boot sgrub grub.com config directory and another instance into our EFI directory this will enable grow for both bios and ufi systems with that our boot configuration should be complete All That Remains is to do some final setup on our system the first thing we'll want to do is make sure to set up our time zone and local correctly you can do this by creating a symbolic link to the region and City that's within your time zone for me I'm choosing the America region with the Chicago time zone if you're not sure which one to use then you can always check the contents of these directories to find find out which one best suits you as well as setting your time zone you may also want to enable ntp which stands for Network time protocol to do this first open up the time sync D config file and then make sure to set the primary ntp servers as follows it's also a good idea to add some fullback servers here as well you can use the same configuration that I am lastly we just need to enable the time sync D service in system D next we need to Define our local first open up the Etsy local. gen file inside of your text editor then scroll down to the utf8 language that you want to enable for me I'm using the US English language despite my accent being British with our local configured we can then use the local gen command to generate any needed language specific files next you'll need to add a language entry into your local. com open this file up in your text editor and then add in the following line if your primary language isn't us English then I recommend checking out the Arch Linux documentation to see which value to use next we want to give our computer a host name this can be whatever you like but do make sure to give it something that you'll easily remember as it'll be the main identifier on your local network it'll also show up in your terminal prompts as well next we want to make sure we secure the root user and then add a new user account that we can log into instead let's first set a password for the root user using the pass WD command next I'm going to go ahead and install zshell which is what I want the main login shell for my user to be you can change this to be any shell you prefer now we're ready to create our own user account we can do this using the user ad command here we're telling it to create a user directory with the- m flag setting the group the user belongs to as whe using the G flag and setting the login shell of the user using the- S flag which in my case is Zell and lastly we're setting the user's name with our user created let's go ahead and set their password using the pass WD command as our root user has been locked down we want to give the ability for our new user to escalate their own permissions to do this we need to edit the PSE sudoers file first make sure to set the editor environment variable on your system to whichever editor you're using then you can run the viudo command to open up the pseudo file in my case I want to make it so that any member of the wheel group is able to assume root permissions I can do this by uncommenting the following line next we're going to want to make sure our machine is able to connect to our Network the simplest way to achieve that is to install the network manager package as follows it's also a good idea to enable this on Startup using the system control enable command lastly it's time to install a desktop environment for this video I'm going to show you how to install gome as it's one of the more simple desktop environments to get started with to do so just run the following command and make sure to enter in the selections as you go through for the first option I'm just using the default of all and then I'm selecting the second option for the next two this will download a lot of packages which is one of the criticisms people have of gnome personally however whilst it does include a lot of bloat I think it's one of the best desktop environments for firsttime Linux users especially if you're coming from Mac OS once that's finished we then want to enable The Gnome display manager which provides a UI for us to log in and load our desktop environment with that everything should be working however there may be another step you might want to take this is installing micr code on your system in order to speed certain processes up as I'm using an AMD based system then I'm going to install the AMD micro code package using the following command if you're on team blue then make sure to install the Intel micro code package instead once installed we then need to regenerate our grub configuration file we can do so using the following two commands with that everything now should be complete let's shut down the installer and reboot into our system safely to do that first exit the change root Shell by typing the exit command and then unmount all of our drives using the ount command with the- r flag on the/ Mount directory once that's done you can then use the following command to reboot the machine whilst it's rebooting you can pull out the USB stick and you should load up into the GRUB boot manager select the Arch Linux installation and you should be then prompted for your password to unencrypt your disk after that you'll then be greeted by the gome display manager log in with your user account and The Gnome desktop environment should then open up for you with that we've successfully managed to set up an Arch Linux installation from scratch with disk encryption you can also find a link in the description down below to a guide with of the commands used in this video from here it's the perfect Launchpad to configure our system further now I have a few more videos coming but if there's anything you'd like to see then please let me know in the comments down below otherwise a big thank you for watching and I'll see you on the next one
Info
Channel: Dreams of Autonomy
Views: 66,855
Rating: undefined out of 5
Keywords:
Id: YC7NMbl4goo
Channel Id: undefined
Length: 21min 44sec (1304 seconds)
Published: Thu Jan 11 2024
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.