baseddata.io/content/blog/install-artix.md

10 KiB

title date author header_image draft summary
Artix Linux Installation Guide 2024-02-24T17:04:21Z
name
Sam Chance
/pics/blog/artix-logo.webp False This guide will run through the process of installing Artix Linux with runit as the init system on an encrypted disk partition.

This guide will run through the process of installing Artix Linux, which is a fork of Arch Linux without SystemD. For the init system I'll be installing Runit, but you can install any init system of your choosing.

I'll be creating an encrypted partition and installing on a UEFI system.

If you wish to install using legacy boot, or you don't need to encrypt your drive, then follow the installation guide on the Artix Wiki instead.

Download the latest Artix ISO from here and write to a usb flashdrive. I recommend using Ventoy, but you can use the dd command to burn the ISO image directly to the usb drive (just make sure there is no important data on the disk beforehand)

{{< highlight shell >}} dd if=artix-linux.iso of=/dev/sdX status=progress {{</ highlight >}}

Boot into the ISO image and select the appropriate keyboard layout. Then start the live environment. The first step is to partition the hard drive. In this guide I'll be using an encrypted partition on an UEFI system. If if you want a different configuration, please consult the Arch wiki.

artix-keyboard-select

Partition layout

The layout for this installation is as follows:

mount point drive partition type size
boot/efi /dev/sda1 efi partition 1G
/ /dev/sda2 encrypted luks partiton rest of drive

There is a 1GB efi partition at the beginning of the drive for the bootloader, then the rest of the drive will be encrypted and contain our root and home directory.

This installation assums the system will boot using UEFI. If you wish to install on a legacy system, this process will not work. To check if your system is UEFI, the run this command:

{{< highlight shell >}} cat /sys/firmware/efi/fw_platform_size {{</ highlight >}}

If the command returns 64, then the system uses UEFI to boot.

Create New Partition

Login to the Artix live cd using with username: root, password: artix

List all drives attached to system:

{{< highlight shell >}} lsblk {{</ highlight >}}

artix-lsblk

Locate the target drive (in this case /dev/sda) where we will install Artix.

Run: {{< highlight shell >}} fdisk /dev/sda {{</ highlight >}} Run through the options to partition the disk:

  • Press (g) to create a new empty GPT partition table
  • Press (n) to add a new partition
  • Choose default partition number (1)
  • Choose default first sector (2048)
  • Set last sector as (+1G)
  • Press (t) to change partition type
  • Set partition type to "EFI System" (usually option 1 - press L to see all options)
  • Press (n) to create a second partition for the rest of the drive. Choose all default settings
  • Press (w) to write and exit

You should now have two partitions under /dev/sda:

artix-lsblk1

/dev/sda1 is the unencrypted boot partition, and /dev/sda2 will be where we store our encrypted volume.

Encryption using luks cryptsetup

Firstly create an encrypted container on the second partition. For this we will use luks encryption: {{< highlight shell >}} cryptsetup luksFormat /dev/sda2 {{</ highlight >}}

Enter a suitably strong passphrase.

Next we need to open and mount the encrypted vault to install Artix.

{{< highlight shell >}} cryptsetup luksOpen /dev/sda2 crypt {{</ highlight >}}

Enter your passphrase. This will open the encrypted vault and make it mountable under the name "crypt" (accessible from /dev/mapper/crypt). You can choose a different name if you wish.

Create Filesystems

Format the boot/efi partition using fat32:

{{< highlight shell >}} mkfs.fat -F32 /dev/sda1 {{</ highlight >}}

And create a btrfs file system on the opened and decrypted luks vault:

{{< highlight shell >}} mkfs.btrfs /dev/mapper/crypt {{</ highlight >}}

To check everything is in order, run:

{{< highlight shell >}} lsblk -f {{</ highlight >}}

It should look something like this:

artix-lsblk2

Note the UUIDs - they will be needed later for setting up decryption during boot.

Then we mount the partitions:

{{< highlight shell >}} mount /dev/mapper/crypt /mnt mkdir /mnt/boot mount /dev/sda1 /mnt/boot {{</ highlight >}}

Install Artix

Use the basestrap command to install Artix linux and other essential packages to the mounted partition. You can also install packages from the Arch repos here too:

{{< highlight shell >}} basestrap -i /mnt base base-devel runit elogind-runit linux linux-firmware grub efibootmgr networkmanager networkmanager-runit cryptsetup lvm2 lvm2-runit neovim vim openssh openssh-runit {{</ highlight >}}

This will install about 1.4GB of packages onto your system.

Generate Fstab

This generates an fstab file for automatically mounting drives during system boot.

{{< highlight shell >}} fstabgen -U /mnt >> /mnt/etc/fstab {{</ highlight >}}

Chroot Into the Install

Chroot will transport us into the installation:

{{< highlight shell >}} artix-chroot /mnt {{</ highlight >}}

General Arch Setup

More info about each of these steps on the Artix Wiki and the Arch Wiki

Set timezone

{{< highlight shell >}} ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime {{</ highlight >}}

Set system clock

{{< highlight shell >}} hwclock --systohc {{</ highlight >}}

Set locales

{{< highlight shell >}} vim /etc/locale.gen

uncomment your layouts, e.g. for me: "en_GB.UTF-8 UTF-8"

{{</ highlight >}}

Generate locale

{{< highlight shell >}} locale-gen {{</ highlight >}}

Set systemwide locale

{{< highlight shell >}} vim /etc/locale.conf

#and append: export LANG="en_GB.UTF-8 UTF-8" export LC_COLLATE="C" {{</ highlight >}}

Setup mkinitcpio.conf

/etc/mkinitcpio.conf is the configuration file for setting up the initial ramdisk environment. This is an small environment which loads various kernel modules and sets the system up before handing control to the init system. As we have installed Linux on an encrypted partition, we need to tell the ramdisk environment how to decrypt this partition.

To do this we need to add some modules to the HOOKS line:

{{< highlight text >}} HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems fsck) add these modules---------------------------------------------------------^-------^ {{</ highlight >}}

Here we add encrypt and lvm2 to the HOOKS. These modules will now get loaded before boot and will enable the system to decrypt the root partition.

Next, regenerate the ramdisk environment based on the linux preset:

{{< highlight shell >}} mkinitcpio --preset linux {{</ highlight >}}

Grub Bootloader

We now need to tell the bootloader where both our encrypted luks vault is (so it can decrypt it) and where the decrypted root partition is in order to boot the system. For this, we'll need two UUIDs, one for the encrypted luks vault (referenced as cryptdevice=UUID), and another for the decrypted filesystem (referenced as root=UUID). We can obtain this information from the lsblk -f command

We can output this to the /etc/default/grub file. We can do this using the following command, I advice double checking this command before running it, as it may not work on your system if it is set it up differently (e.g. you're not using btrfs):

Also, REMEMBER TO APPEND USING TWO ARROWS >>!! Else you'll overwrite the grub file and will need to reinstall.

{{< highlight shell >}} lsblk -f | grep "crypto_LUKS|btrfs" | sed "s/crypto_LUKS/#cryptdevice=UUID/;s/btrfs/#root=UUID/" | awk '{print $2"="$3}' >> /etc/default/grub {{</ highlight >}}

This will append the following to the grub file:

{{< highlight text >}} #cryptdevice=UUID= #root=UUID= {{</ highlight >}}

Now we can open /etc/default/grub. We need to insert the two new strings at the bottom of the file into the GRUB_CMDLINE_LINUX_DEFAULT string. It should look something like this (remember to also add a volume name after the cryptdevice=UUID string - e.g. here I've called it cryptlvm - you can call it whatever you like)

{{< highlight text >}} GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=UUID=:cryptlvm root=UUID=" {{</ highlight >}}

Install grub

For efi systems grub is installed with the following command:

{{< highlight shell >}} grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=grub grub-mkconfig -o /boot/grub/grub.cfg {{</ highlight >}}

artix-grub-install

Add Users

Set a password for the root user:

{{< highlight shell >}} passwd {{</ highlight >}}

Create regular user and add to wheel group. Set a password for that user.

{{< highlight shell >}} useradd -G wheel -m user passwd user {{</ highlight >}}

Edit the sudoers file to allow sudo root commands for user.

{{< highlight shell >}} EDITOR=vim visudo` {{</ highlight >}}

Then uncomment the following line:

{{< highlight text >}} %wheel ALL=(ALL:ALL) ALL {{</ highlight >}}

Network Config

set hostname (replace <my-hostname> with a suitable name for your system)

{{< highlight shell >}} echo "" > /etc/hostname {{</ highlight >}}

Add hosts to /etc/hosts

{{< highlight text >}} 127.0.0.1 localhost ::1 localhost 127.0.1.1 .localdomain {{</ highlight >}}

Install dhcp client

{{< highlight shell >}} pacman -S dhcpcd {{</ highlight >}}

Enable networkmanager service with runit

{{< highlight shell >}} ln -s /etc/runit/sv/NetworkManager /etc/runit/runsvdir/current {{</ highlight >}}

Exit chroot, unmount partition and reboot

{{< highlight shell >}} exit umount -R /mnt reboot {{</ highlight >}}

If everything worked, then the system should be successfully setup. After reboot, it should ask for a passphrase to access the encrypted partition. You can then login using the user account that we created. At this point, we can install a graphical environment.