356 lines
10 KiB
Markdown
356 lines
10 KiB
Markdown
---
|
|
title: "Artix Linux Installation Guide"
|
|
date: 2024-02-24T17:04:21Z
|
|
author:
|
|
name: "Sam Chance"
|
|
header_image: "/pics/blog/artix-logo.webp"
|
|
draft: False
|
|
summary: "This guide will run through the process of installing Artix Linux with runit as the init system on an encrypted disk partition."
|
|
---
|
|
|
|
This guide will run through the process of installing Artix Linux, which is a
|
|
fork of Arch Linux without SystemD. For the init system I'll be installing
|
|
Runit, but you can install any init system of your choosing.
|
|
|
|
I'll be creating an encrypted partition and installing on a UEFI system.
|
|
|
|
If you wish to install using legacy boot, or you don't need to encrypt your
|
|
drive, then follow the installation guide on the [Artix Wiki](https://wiki.artixlinux.org/Main/Installation) instead.
|
|
|
|
Download the latest Artix ISO from [here](https://artixlinux.org/download.php)
|
|
and write to a usb flashdrive. I recommend using
|
|
[Ventoy](https://www.ventoy.net/en/index.html), but you can use the dd command
|
|
to burn the ISO image directly to the usb drive (just make sure there is no
|
|
important data on the disk beforehand)
|
|
|
|
{{< highlight shell >}}
|
|
dd if=artix-linux.iso of=/dev/sdX status=progress
|
|
{{</ highlight >}}
|
|
|
|
Boot into the ISO image and select the appropriate keyboard layout. Then start
|
|
the live environment. The first step is to partition the hard drive. In this
|
|
guide I'll be using an encrypted partition on an UEFI system. If if you want a
|
|
different configuration, please consult the [Arch
|
|
wiki](https://wiki.archlinux.org/title/Partitioning#Example_layouts).
|
|
|
|
![artix-keyboard-select](/pics/blog/artix-keyboard-select.webp)
|
|
|
|
## Partition layout
|
|
|
|
The layout for this installation is as follows:
|
|
|
|
| mount point | drive | partition type | size |
|
|
|-------------|-----------|-------------------------|---------------|
|
|
| boot/efi | /dev/sda1 | efi partition | 1G |
|
|
| / | /dev/sda2 | encrypted luks partiton | rest of drive |
|
|
|
|
There is a 1GB efi partition at the beginning of the drive for the bootloader,
|
|
then the rest of the drive will be encrypted and contain our root and home
|
|
directory.
|
|
|
|
This installation assums the system will boot using UEFI. If you wish to
|
|
install on a legacy system, this process will not work. To check if your system
|
|
is UEFI, the run this command:
|
|
|
|
{{< highlight shell >}}
|
|
cat /sys/firmware/efi/fw_platform_size
|
|
{{</ highlight >}}
|
|
|
|
If the command returns `64`, then the system uses UEFI to boot.
|
|
|
|
## Create New Partition
|
|
Login to the Artix live cd using with username: `root`, password: `artix`
|
|
|
|
List all drives attached to system:
|
|
|
|
{{< highlight shell >}}
|
|
lsblk
|
|
{{</ highlight >}}
|
|
|
|
![artix-lsblk](/pics/blog/artix-lsblk.webp)
|
|
|
|
Locate the target drive (in this case `/dev/sda`) where we will install Artix.
|
|
|
|
Run:
|
|
{{< highlight shell >}}
|
|
fdisk /dev/sda
|
|
{{</ highlight >}}
|
|
Run through the options to partition the disk:
|
|
* Press (g) to create a new empty GPT partition table
|
|
* Press (n) to add a new partition
|
|
* Choose default partition number (1)
|
|
* Choose default first sector (2048)
|
|
* Set last sector as (+1G)
|
|
* Press (t) to change partition type
|
|
* Set partition type to "EFI System" (usually option 1 - press L to see all options)
|
|
* Press (n) to create a second partition for the rest of the drive. Choose all default settings
|
|
* Press (w) to write and exit
|
|
|
|
You should now have two partitions under `/dev/sda`:
|
|
|
|
![artix-lsblk1](/pics/blog/artix-lsblk1.webp)
|
|
|
|
`/dev/sda1` is the unencrypted boot partition, and `/dev/sda2` will be where we store our encrypted volume.
|
|
|
|
## Encryption using luks cryptsetup
|
|
|
|
Firstly create an encrypted container on the second partition. For this we will use luks encryption:
|
|
{{< highlight shell >}}
|
|
cryptsetup luksFormat /dev/sda2
|
|
{{</ highlight >}}
|
|
|
|
Enter a suitably strong passphrase.
|
|
|
|
Next we need to open and mount the encrypted vault to install Artix.
|
|
|
|
{{< highlight shell >}}
|
|
cryptsetup luksOpen /dev/sda2 crypt
|
|
{{</ highlight >}}
|
|
|
|
Enter your passphrase. This will open the encrypted vault and make it mountable
|
|
under the name "crypt" (accessible from `/dev/mapper/crypt`). You can choose a different name if you wish.
|
|
|
|
## Create Filesystems
|
|
|
|
Format the boot/efi partition using fat32:
|
|
|
|
{{< highlight shell >}}
|
|
mkfs.fat -F32 /dev/sda1
|
|
{{</ highlight >}}
|
|
|
|
And create a btrfs file system on the opened and decrypted luks vault:
|
|
|
|
{{< highlight shell >}}
|
|
mkfs.btrfs /dev/mapper/crypt
|
|
{{</ highlight >}}
|
|
|
|
To check everything is in order, run:
|
|
|
|
{{< highlight shell >}}
|
|
lsblk -f
|
|
{{</ highlight >}}
|
|
|
|
It should look something like this:
|
|
|
|
![artix-lsblk2](/pics/blog/artix-lsblk2.webp)
|
|
|
|
Note the UUIDs - they will be needed later for setting up decryption during boot.
|
|
|
|
Then we mount the partitions:
|
|
|
|
{{< highlight shell >}}
|
|
mount /dev/mapper/crypt /mnt
|
|
mkdir /mnt/boot
|
|
mount /dev/sda1 /mnt/boot
|
|
{{</ highlight >}}
|
|
|
|
## Install Artix
|
|
|
|
Use the `basestrap` command to install Artix linux and other essential packages
|
|
to the mounted partition. You can also install packages from the Arch repos
|
|
here too:
|
|
|
|
{{< highlight shell >}}
|
|
basestrap -i /mnt base base-devel runit elogind-runit linux linux-firmware grub efibootmgr
|
|
networkmanager networkmanager-runit cryptsetup lvm2 lvm2-runit neovim vim
|
|
openssh openssh-runit
|
|
{{</ highlight >}}
|
|
|
|
This will install about 1.4GB of packages onto your system.
|
|
|
|
## Generate Fstab
|
|
|
|
This generates an fstab file for automatically mounting drives during system boot.
|
|
|
|
{{< highlight shell >}}
|
|
fstabgen -U /mnt >> /mnt/etc/fstab
|
|
{{</ highlight >}}
|
|
|
|
## Chroot Into the Install
|
|
|
|
Chroot will transport us into the installation:
|
|
|
|
{{< highlight shell >}}
|
|
artix-chroot /mnt
|
|
{{</ highlight >}}
|
|
|
|
## General Arch Setup
|
|
|
|
More info about each of these steps on the [Artix Wiki](https://wiki.artixlinux.org/Main/Installation) and the [Arch Wiki](https://wiki.archlinux.org/title/Installation_guide#Time_zone)
|
|
|
|
Set timezone
|
|
|
|
{{< highlight shell >}}
|
|
ln -sf /usr/share/zoneinfo/Europe/London /etc/localtime
|
|
{{</ highlight >}}
|
|
|
|
Set system clock
|
|
|
|
{{< highlight shell >}}
|
|
hwclock --systohc
|
|
{{</ highlight >}}
|
|
|
|
Set locales
|
|
|
|
{{< highlight shell >}}
|
|
vim /etc/locale.gen
|
|
# uncomment your layouts, e.g. for me: "en_GB.UTF-8 UTF-8"
|
|
{{</ highlight >}}
|
|
|
|
Generate locale
|
|
|
|
{{< highlight shell >}}
|
|
locale-gen
|
|
{{</ highlight >}}
|
|
|
|
Set systemwide locale
|
|
|
|
{{< highlight shell >}}
|
|
vim /etc/locale.conf
|
|
|
|
#and append:
|
|
export LANG="en_GB.UTF-8 UTF-8"
|
|
export LC_COLLATE="C"
|
|
{{</ highlight >}}
|
|
|
|
## Setup mkinitcpio.conf
|
|
|
|
`/etc/mkinitcpio.conf` is the configuration file for setting up the initial
|
|
ramdisk environment. This is an small environment which loads various kernel
|
|
modules and sets the system up before handing control to the init system. As we
|
|
have installed Linux on an encrypted partition, we need to tell the ramdisk
|
|
environment how to decrypt this partition.
|
|
|
|
To do this we need to add some modules to the HOOKS line:
|
|
|
|
{{< highlight text >}}
|
|
HOOKS=(base udev autodetect modconf kms keyboard keymap consolefont block encrypt lvm2 filesystems fsck)
|
|
add these modules---------------------------------------------------------^-------^
|
|
{{</ highlight >}}
|
|
|
|
Here we add `encrypt` and `lvm2` to the HOOKS. These modules will now get
|
|
loaded before boot and will enable the system to decrypt the root partition.
|
|
|
|
Next, regenerate the ramdisk environment based on the `linux` preset:
|
|
|
|
{{< highlight shell >}}
|
|
mkinitcpio --preset linux
|
|
{{</ highlight >}}
|
|
|
|
## Grub Bootloader
|
|
|
|
We now need to tell the bootloader where both our encrypted luks
|
|
vault is (so it can decrypt it) and where the decrypted root partition is in
|
|
order to boot the system. For this, we'll need two UUIDs, one for the encrypted
|
|
luks vault (referenced as `cryptdevice=UUID`), and another for the decrypted
|
|
filesystem (referenced as `root=UUID`). We can obtain this information from the
|
|
`lsblk -f` command
|
|
|
|
We can output this to the `/etc/default/grub` file. We can do this using the
|
|
following command, I advice double checking this command before running it, as
|
|
it may not work on your system if it is set it up differently (e.g. you're
|
|
not using btrfs):
|
|
|
|
Also, REMEMBER TO `APPEND` USING TWO ARROWS `>>`!! Else you'll overwrite the
|
|
grub file and will need to reinstall.
|
|
|
|
{{< highlight shell >}}
|
|
lsblk -f | grep "crypto_LUKS\|btrfs" | sed "s/crypto_LUKS/#cryptdevice=UUID/;s/btrfs/#root=UUID/" | awk '{print $2"="$3}' >> /etc/default/grub
|
|
{{</ highlight >}}
|
|
|
|
This will append the following to the grub file:
|
|
|
|
{{< highlight text >}}
|
|
#cryptdevice=UUID=<long-uuid-string>
|
|
#root=UUID=<long-uuid-string>
|
|
{{</ highlight >}}
|
|
|
|
Now we can open `/etc/default/grub`. We need to insert the two new strings at
|
|
the bottom of the file into the `GRUB_CMDLINE_LINUX_DEFAULT` string. It should
|
|
look something like this (remember to also add a volume name after the
|
|
cryptdevice=UUID string - e.g. here I've called it `cryptlvm` - you can call it
|
|
whatever you like)
|
|
|
|
{{< highlight text >}}
|
|
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet cryptdevice=UUID=<long-uuid-string>:cryptlvm root=UUID=<long-uuid-string>"
|
|
{{</ highlight >}}
|
|
|
|
## Install grub
|
|
|
|
For efi systems grub is installed with the following command:
|
|
|
|
{{< highlight shell >}}
|
|
grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=grub
|
|
grub-mkconfig -o /boot/grub/grub.cfg
|
|
{{</ highlight >}}
|
|
|
|
![artix-grub-install](/pics/blog/artix-grub-install.webp)
|
|
|
|
## Add Users
|
|
|
|
Set a password for the root user:
|
|
|
|
{{< highlight shell >}}
|
|
passwd
|
|
{{</ highlight >}}
|
|
|
|
Create regular user and add to wheel group. Set a password for that user.
|
|
|
|
{{< highlight shell >}}
|
|
useradd -G wheel -m user
|
|
passwd user
|
|
{{</ highlight >}}
|
|
|
|
Edit the sudoers file to allow sudo root commands for user.
|
|
|
|
{{< highlight shell >}}
|
|
EDITOR=vim visudo`
|
|
{{</ highlight >}}
|
|
|
|
Then uncomment the following line:
|
|
|
|
{{< highlight text >}}
|
|
%wheel ALL=(ALL:ALL) ALL
|
|
{{</ highlight >}}
|
|
|
|
## Network Config
|
|
|
|
set hostname (replace `<my-hostname>` with a suitable name for your system)
|
|
|
|
{{< highlight shell >}}
|
|
echo "<my-hostname>" > /etc/hostname
|
|
{{</ highlight >}}
|
|
|
|
Add hosts to `/etc/hosts`
|
|
|
|
{{< highlight text >}}
|
|
127.0.0.1 localhost
|
|
::1 localhost
|
|
127.0.1.1 <my-hostname>.localdomain <my-hostname>
|
|
{{</ highlight >}}
|
|
|
|
Install dhcp client
|
|
|
|
{{< highlight shell >}}
|
|
pacman -S dhcpcd
|
|
{{</ highlight >}}
|
|
|
|
Enable networkmanager service with runit
|
|
|
|
{{< highlight shell >}}
|
|
ln -s /etc/runit/sv/NetworkManager /etc/runit/runsvdir/current
|
|
{{</ highlight >}}
|
|
|
|
## Exit chroot, unmount partition and reboot
|
|
|
|
{{< highlight shell >}}
|
|
exit
|
|
umount -R /mnt
|
|
reboot
|
|
{{</ highlight >}}
|
|
|
|
If everything worked, then the system should be successfully setup. After
|
|
reboot, it should ask for a passphrase to access the encrypted partition. You
|
|
can then login using the user account that we created. At this point, we can
|
|
install a graphical environment.
|