This is my cheat sheet for installing Arch Linux. It results in a base system including disk encryption, graphics, and sound. Pretty much everything I need to get started. I update the cheat sheet as necessary from time to time. The last update was September 24, 2020.
Use of this cheat sheet assumes that the target system boots with UEFI, has an Intel processor, and uses Intel graphics. You should also have some prior Linux/Unix experience. That said, you can certainly deviate as much as you want/need. If you get stuck or aren't sure of something, consult the ArchWiki.
Please let me know if I've made any egregious errors. And no, I don't consider the use of bash, nano, or ext4 to be errors.
- Boot the install medium.
- Check that the system has booted into UEFI mode.
ls /sys/firmware/efi/efivars
- This should get a list of UEFI variables. If not, reboot and do whatever's needed to boot into UEFI mode.
- Establish an internet connection.
iw dev
wifi-menu -o [wireless interface]
- Update the system clock.
timedatectl set-ntp true
- Check the status of the systemd-timesyncd service with
timedatectl status
.
- Check the status of the systemd-timesyncd service with
- Prepare the storage devices.
- Get a list of all storage devices attached to the system. Make note of the one you want.
lsblk
- Wipe the drive with random data before partitioning and encrypting.
- If the drive already contains LUKS formatted partitions...
- For each partition,
dd if=/dev/urandom of=/dev/[device][partition number] bs=512 count=40960
- This will overwrite the first 20 MiB of the partition with random data, wiping the LUKS header data.
- This option is much quicker than writing random data to the entire drive, but not necessarily as secure.
- For each partition,
- Else...
cryptsetup open --type plain /dev/[device] container
fdisk -l
- /dev/mapper/container should exist.
dd if=/dev/zero of=/dev/mapper/container
- This will write random data to the entire drive.
- This could take a long time, depending on the size of the drive.
- If the drive already contains LUKS formatted partitions...
- Partition the disk.
cgdisk /dev/[device]
- Be sure to make the first partition 512 MiB and mark it as EFI type. This will be the boot partition.
- Encrypt, make a filesystem on, and mount the root partition.
cryptsetup -v luksFormat /dev/[device][root partition]
- Don't forget the password you use for the encryption key!
cryptsetup open --type luks /dev/[device][root partition] root
mkfs -t ext4 /dev/mapper/root
mount /dev/mapper/root /mnt
- Make the filesystem for the EFI boot partition and mount it. Do not encrypt the EFI boot partition!
mkfs.vfat -F32 /dev/[device][EFI boot partition]
mkdir /mnt/boot
mount /dev/[device][EFI boot partition] /mnt/boot
- Generate keyfiles for each of the remaining partitions you need to encrypt.
mkdir /mnt/etc
- For each partition yet to be encrypted,
dd bs=512 count=4 if=/dev/urandom of=/mnt/etc/[keyfile name] iflag=fullblock
- Encrypt, make a filesystem on, and mount the remaining partitions.
- For each partition...
cryptsetup -v luksFormat /dev/[device][partition number] /mnt/etc/[keyfile to use]
cryptsetup open --type luks --key-file /mnt/etc/[keyfile to use] /dev/[device][partition number] [partition name]
mkfs -t ext4 /dev/mapper/[partition name]
mkdir /mnt/[directory corresponding to partition]
mount /dev/mapper/[partition name] /mnt/[directory corresponding to partition]
- For each partition...
- Get a list of all storage devices attached to the system. Make note of the one you want.
- Install and configure the base system.
- Select a mirror and install the base system.
nano /etc/pacman.d/mirrorlist
- Uncomment the mirror you want pacman to use when downloading and installing packages for the base system
pacstrap /mnt base linux linux-firmware e2fsprogs gptfdisk man-db sudo nano iw wpa_supplicant dialog netctl dhcpcd wget ntp base-devel
- Generate an fstab.
genfstab -U /mnt >> /mnt/etc/fstab
- To validate that the fstab has been generated,
nano /mnt/etc/fstab
- Chroot and configure the base system.
arch-chroot /mnt /bin/bash
ln -sf /usr/share/zoneinfo/[timezone]/[sub timezone] /etc/localtime
hwclock --systohc
nano /etc/locale.gen
- Uncomment the locale you want for the system (for United States, probably en_US.UTF-8 UTF-8).
locale-gen
echo LANG=[locale you uncommented] > /etc/locale.conf
echo [desired hostname] > /etc/hostname
nano /etc/hosts
- Add the following lines:
127.0.0.1 localhost
::1 localhost
127.0.1.1 [hostname].localdomain [hostname]
- Add the following lines:
- If the system is being installed on a USB key...
nano /etc/mkinitcpio.conf
- Add the
block
hook to the hooks array right afterudev
.
- Add the
- If the system is being installed on a SSD or other flash-based medium...
nano /etc/fstab
- Change any instances of
relatime
tonoatime
.
- Change any instances of
nano /etc/makepkg.conf
- Uncomment
BUILDDIR=/tmp/makepkg
in theBUILD ENVIRONMENT
section.
- Uncomment
- If the system is being installed on a SSD...
nano /etc/fstab
- Add the
discard
option to all ext4 partitions on the disk.
- Add the
- If
/var
has been given its own partition...nano /etc/systemd/journald.conf
- Uncomment
Storage
and set its value tovolatile
instead ofauto
. The purpose of this is to prevent the shutdown messageFailed unmounting /var
. systemd's journal will be stored in RAM at/run/log/journal
instead of on disk at/var/log/journal
.
- Uncomment
- Configure the boot options.
nano /etc/mkinitcpio.conf
- Add
encrypt
,keymap
, andkeyboard
to the hooks array.keymap
must come beforeencrypt
.
- Add
mkinitcpio -P
bootctl install
pacman -S intel-ucode
blkid
- Look for the UUID of the encrypted root partition (
/dev/[device][root partition]
, not\dev\mapper\root
). Write it down for use in the next step.
- Look for the UUID of the encrypted root partition (
nano /boot/loader/entries/arch.conf
- The contents of the file should look like this:
title Arch Linux
linux /vmlinuz-linux
initrd /intel-ucode.img
initrd /initramfs-linux.img
options cryptdevice=UUID=[UUID of encrypted root partition]:root root=/dev/mapper/root rw
- The contents of the file should look like this:
nano /boot/loader/loader.conf
- The contents of the file should look like this:
default arch.conf
timeout 4
editor no
- The contents of the file should look like this:
blkid
- Look for the UUIDs of any other encrypted partitions (again,
/dev/[device][partition number]
, not/dev/mapper/[partition name]
). Write them down for use in the next step.
- Look for the UUIDs of any other encrypted partitions (again,
nano /etc/crypttab
- For each encrypted partition, add the following line:
[dev mapper name] UUID=[UUID of encrypted partition] /etc/[keyfile to unlock encrypted partition]
- For each encrypted partition, add the following line:
nano /etc/fstab
- Replace the UUIDs or devices of each encrypted partition (besides
/
and/boot
) with/dev/mapper/[partition name]
.
- Replace the UUIDs or devices of each encrypted partition (besides
- Set the root password. Don't forget it!
passwd
- Select a mirror and install the base system.
- Unmount the partitions and reboot the computer.
exit
- For each encrypted partition except
/
(root)...umount /mnt/[directory corresponding to partition]
cryptsetup close [partition name]
umount /mnt/boot
umount /mnt
cryptsetup close root
reboot
- Log in and configure the system.
wifi-menu
netctl enable [network you just connected to with wifi-menu]
- This will create and enable a systemd service that will connect to the wifi network when the system boots.
timedatectl set-ntp true
- Validate that ntp is running with
timedatectl status
.
- Validate that ntp is running with
useradd -m -G wheel -s /bin/bash [your username]
passwd [your username]
EDITOR=nano visudo
- Allow members of group
wheel
sudo access by uncommenting the line%wheel ALL=(ALL) ALL
- Allow members of group
nano /etc/pacman.conf
- Uncomment the
multilib
repository lines.
- Uncomment the
pacman -S reflector
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup
reflector --verbose -l 5 -p http --sort rate --save /etc/pacman.d/mirrorlist
pacman -Syy
pacman -Syu
- Install and configure preferred base applications/libraries.
pacman -S mesa lib32-mesa libva-intel-driver
pacman -S xorg-server xorg-apps xorg-xinit
pacman -S alsa-utils pulseaudio pulseaudio-alsa
pacman -S ttf-dejavu ttf-freefont