This is a small manual for installing Arch Linux. In this manual Arch will be installed on a separate USB drive for booting Arch Linux on a MacBook Air (without touching the internal disk).
Note that the Arch Linux wiki contains a whole lot more information and explanations for choices that can be made. This simple document only describes the installation for a particular set of choices that have already been made.
WARNING: these notes must be updated, please read them with that notion in mind.
Arch Linux can be downloaded from archlinux.org, either a BitTorrent download or a direct HTTP download. Once downloaded, the download’s integrity should be verified. For this the signature also has to be downloaded, e.g. archlinux-2016.12.01-dual.iso.sig (of the same file of course). Once both the download and the signature reside in the same directory, verification can be done like so:
$ gpg --keyserver-options auto-key-retrieve --verify archlinux-<version>-dual.iso.sigNote that this command gave me a failed verification with a warning on Debian Jessie, because of not being able to find the public key. I guess the auto-key-retrieve on Debian doesn’t work like it does on Arch.
Or, if you’re already running Arch, you can do:
pacman-key -v archlinux-<version>-dual.iso.sigThe location of your USB drive can be determined by dmesg (right
after inserting it) or by lsblk.
# dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && syncThe sync is there to make sure all data is written to the drive
prior to removing it from your computer.
So the USB drive has been prepared, so connect it to the MacBook Air
and power cycle the laptop. Just before the mac is booting you must
press the right ‘option’ key (alt) until the boot menu is shown. It
should at least show your normal `Macintosh HD’ and an extra `EFI
Boot’, the latter being the Arch Linux installer. Select it using the
arrow keys and press enter. Arch will boot!
After a few seconds a shell is shown, I’m automatically logged into
the installer as root. Since we’re on Mac, it should have booted in
EFI mode, lets check:
# ls /sys/firmware/efi/efivarsIf this directory doesn’t exist, it’ll have booted in BIOS mode.
The Arch Linux wiki now suggests working on the network configuration, but since I’m on WiFi on a Mac, I prefer to do that later.
Now I’m going to prepare the USB drive that I’m going to use for Arch. It’s a 64GB SanDisk Extreme drive, connected via USB 3.0, it won’t be as fast as the Mac’s internal SSD but that’s OK.
The Arch Linux wiki has a lot of information on disk encryption, check here. I’m going to use dm-crypt/LUKS together with LVM. There are basically two ways to go about this:
- install LVM on top of the encryption layer.
- create an encryption layer on top of LVM.
Since I’m using a single USB drive on which Arch is going to be installed, I’ll choose the somewhat easier approach (the first one).
The following partitions will be put on the drive:
- EFI System Partition (ESP) [1G, /boot]
- LVM [58G]
- swap [4G]
- root [54G]
I use gdisk for the partitioning. After inserting the USB stick, you
may want to verify to which device the target disk is mapped. Again,
find out by lsblk or gdisk -l.
In my case the device is /dev/sdd. I’m using gdisk, because I want
to use a GPT partition table:
# gdisk /dev/sddCreate the partitions, in my case the result is:
| Number | Start (sector) | End (sector) | Size | Code | Name |
|---|---|---|---|---|---|
| 1 | 34 | 2097185 | 1024.0 MiB | EF00 | EFI System |
| 3 | 2097186 | 122544482 | 57.4 GiB | 8E00 | Linux LVM |
The EFI System partition has to be formatted as FAT32. Do this like so:
# mkfs.fat -F32 /dev/sdd1The Arch Linux wiki talks about EFISTUB under the `Mount the
partition’ heading. To my understanding this is an alternative to a
conventional boot loader like grub, where the kernel can be loaded
as an EFI executable. In my setup I’ll still use a boot loader and for
an easier installation I’ll mount the ESP to /boot.
Now we can create the LVM on LUKS setup. First we prepare the disk. The following command irrevocably erases data on the partition:
# cryptsetup luksFormat /dev/sdd2Enter a strong passphrase.
Now open the container:
# cryptsetup open --type luks /dev/sdd2 lvmThe decrypted container should now be available under
/dev/mapper/lvm.
# pvcreate /dev/mapper/lvmIt should say “Physical volume “/dev/mapper/lvm” successfully created.” Now create a volume group:
# vgcreate archbook-vg /dev/mapper/lvmIt should say “Volume group “archbook-vg” successfully created”. Create logical volumes:
# lvcreate -L 4G archbook-vg -n swap
# lvcreate -l 100%FREE archbook-vg -n rootThis will create a logical volume of 4G for swap and a 54G logical volume for the root. Note that my MacBook has 8G RAM on board, so that’s plenty most of the times. Therefore adding 4G to the virtual memory is more than enough (and I want to save some space on the flash drive).
Prepare the new logical volume and swap:
# mkfs.ext4 /dev/mapper/archbook--vg-root
# mkswap /dev/mapper/archbook--vg-swapNow mount the file systems:
# mount /dev/mapper/archbook--vg-root /mnt
# mkdir /mnt/boot
# mount /dev/sdd1 /mnt/boot
# swapon /dev/mapper/archbook--vg-swapNow we can continue with the normal installation procedure, until
the mkinitcpio step.
Edit the /etc/pacman.d/mirrorlist and optionally move your closest
mirrors to the top of the file.
Now I’m pluggin’ in a cable, hopefully I can get connected.! Wow, it works!! My Thunderbolt network adapter is automagically recognized:)
Update system clock:
# timedatectl set-ntp true
# timedatectl statusNow I can install the base packages:
# pacstrap /mnt base base-develMake a new fstab:
# genfstab -U /mnt >> /mnt/etc/fstabWe should check the result for errors, it seems OK. Now we can
chroot into the system.
# arch-chroot /mntSince we’re in the chroot now, we can install extra packages using
pacman.
# pacman -S wireless_tools wpa_supplicant iw dialog vimSet the time zone:
# ln -s /usr/share/zoneinfo/Europe/Amsterdam /etc/localtimeRun hwclock to generate /etc/adjtime.
# hwclock --systohcUncomment en_US.UTF-8 UTF-8 (and other needed localizations) in
=/etc/locale.gen and generate with:
# locale-genMake a file /etc/locale.conf with content LANG\=en_US.UTF-8.
Create hostname in /etc/hostname. I’m choosing macbookarch.
Maybe add: “127.0.1.1 macbookarch.localdomain macbookarch”
Now we have to modify the mkinitcpio config, since we’re using lvm and
encryption. Edit /etc/mkinitcpio.conf and add encrypt and lvm2
to the HOOKS definition.
I’m choosing systemd-boot as a boot loader. Let’s configure this one
now. First, we must check if the efivars are loaded correctly. See
here for what to check, in short (in the chroot’ed environment, I’ve
booted again with the Arch Installer):
# ls -al /sys/firmware/efi/efivars
# pacman -S efivar
# efivar -lThe first command should list a non-empty directory, the latter should list the efi variables without warning. There are other requirements listed, see the Arch wiki for that.
Install the systemd boot loader:
# bootctl --path=/boot installHere /boot is the mount point for the ESP.
Since the MacBook runs an Intel processor, we have to install the Intel microcode.
# pacman -S intel-ucodeMake a boot entry for booting into Arch:
To find out the id of the LUKS container, you can do:
# ls -l /dev/disk/by-id | grep CRYPTNow we’re ready to create a new initramfs:
# mkinitcpio -p linuxSet the root password:
# passwdNow you’re ready to reboot, fingers crossed:)
# exit
# umount -R /mnt
# shutdown -r nowIf all went well, you can enter the passphrase after selecting the USB stick for booting, and then Arch boots and greets you with a login prompt.
Make sure that the dhcpcd service is started after booting:
# systemctl enable [email protected]Here ens9 is the name of the network interface that I’m using (the
thunderbolt Ethernet adapter). Find out by:
# ip link