И ещё один пример установки Arch Linux на ноутбук с UEFI, GPT разметкой, используя LUKS шифрование LVM раздела.
Аналогичные примеры — Arch Linux: установка с LVM и LUKS шифрованием диска и Arch: установка с LVM.
Собственно в этом примере ничего особо отличного, кроме настроек GRUB.
Содержание
WiFi
Настраиваем WiFi, подключаемся к сети:
wifi-menu
Задаём пароль root:
passwd root
Запускаем sshd:
systemctl start sshd.service
Подключаемся, продолжаем установку по SSH:
ssh root@172.16.66.117
…
root@172.16.66.117’s password:
Last login: Tue May 22 14:36:56 2018
root@archiso ~ # bash
[root@archiso ~]#
Разбивка диска
Сейчас есть старые разделы:
[root@archiso ~]# fdisk /dev/sda
...
Command (m for help): p
Disk /dev/sda: 238.5 GiB, 256060514304 bytes, 500118192 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: A7F873F9-09FF-4202-BDD5-5499A21477B2
Device Start End Sectors Size Type
/dev/sda1 2048 1050623 1048576 512M EFI System
/dev/sda2 1050624 2050047 999424 488M Linux filesystem
/dev/sda3 2050048 500117503 498067456 237.5G Linux filesystem
Удаляем их все командой d, теперь разметка пустая:
...
Command (m for help): p
Disk /dev/sda: 238.5 GiB, 256060514304 bytes, 500118192 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: A7F873F9-09FF-4202-BDD5-5499A21477B2
Создаём новые разделы — сначала под EFI, sda1:
...
Command (m for help): n
Partition number (1-128, default 1):
First sector (34-500118158, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-500118158, default 500118158): +512M
Created a new partition 1 of type 'Linux filesystem' and of size 512 MiB.
Partition #1 contains a vfat signature.
Do you want to remove the signature? [Y]es/[N]o: Y
The signature will be removed by a write command.
...
Указываем тип раздела EFI:
...
Command (m for help): t
Selected partition 1
Partition type (type L to list all types): L
1 EFI System C12A7328-F81F-11D2-BA4B-00A0C93EC93B
...
Partition type (type L to list all types): 1
Changed type of partition 'Linux filesystem' to 'EFI System'.
Второй раздел — под boot, sda2:
...
Command (m for help): n
Partition number (3-128, default 3):
First sector (34605056-500118158, default 34605056):
Last sector, +sectors or +size{K,M,G,T,P} (34605056-500118158, default 500118158): +512M
Created a new partition 3 of type 'Linux filesystem' and of size 512 MiB.
...
И раздел под LVM — тут будут root, home и swap:
...
Command (m for help): n
Partition number (4-128, default 4):
First sector (35653632-500118158, default 35653632):
Last sector, +sectors or +size{K,M,G,T,P} (35653632-500118158, default 500118158):
Created a new partition 4 of type 'Linux filesystem' and of size 221.5 GiB.
...
Проверяем:
...
Command (m for help): p
Disk /dev/sda: 238.5 GiB, 256060514304 bytes, 500118192 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: A7F873F9-09FF-4202-BDD5-5499A21477B2
Device Start End Sectors Size Type
/dev/sda1 2048 1050623 1048576 512M EFI System
/dev/sda2 1050624 2099199 1048576 512M Linux filesystem
/dev/sda3 2099200 500118158 498018959 237.5G Linux filesystem
...
Записываем новую таблицу — w:
...
Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.
...
Проверяем:
[root@archiso ~]# fdisk -l /dev/sda
Disk /dev/sda: 238.5 GiB, 256060514304 bytes, 500118192 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: A7F873F9-09FF-4202-BDD5-5499A21477B2
Device Start End Sectors Size Type
/dev/sda1 2048 1050623 1048576 512M EFI System
/dev/sda2 1050624 2099199 1048576 512M Linux filesystem
/dev/sda3 2099200 500118158 498018959 237.5G Linux filesystem
LUKS
Шифруем раздел sda3:
[root@archiso ~]# cryptsetup -y luksFormat --type luks2 /dev/sda3
WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.
Are you sure? (Type uppercase yes): YES
Enter passphrase for /dev/sda3:
Verify passphrase:
Открываем его:
[root@archiso ~]# cryptsetup open /dev/sda3 cryptlvm
Enter passphrase for /dev/sda3:
LVM
Создаём Physical volume:
[root@archiso ~]# pvcreate /dev/mapper/cryptlvm
Physical volume "/dev/mapper/cryptlvm" successfully created.
Volume group:
[root@archiso ~]# vgcreate vg_arch /dev/mapper/cryptlvm
Volume group "vg_arch" successfully created
Logical volume под swap:
[root@archiso ~]# lvcreate -L 16G -n swap vg_arch
Logical volume "swap" created.
Logical volume под root, 60gb:
[root@archiso ~]# lvcreate -L 60G -n root vg_arch
Logical volume "root" created.
Logical volume под home, 100% места:
[root@archiso ~]# lvcreate -l 100%FREE -n home vg_arch
Logical volume "home" created.
mkfs
Форматируем раздел sda1 под EFI:
[root@archiso ~]# mkfs.fat -F32 /dev/sda1
mkfs.fat 4.1 (2017-01-24)
/boot:
[root@archiso ~]# mkfs.ext2 /dev/sda2
mke2fs 1.44.1 (24-Mar-2018)
Discarding device blocks: done
Creating filesystem with 131072 4k blocks and 32768 inodes
Filesystem UUID: f18f003f-9054-4bbb-9b93-ed39297f924c
Superblock backups stored on blocks:
32768, 98304
Allocating group tables: done
Writing inode tables: done
Writing superblocks and filesystem accounting information: done
root:
[root@archiso ~]# mkfs.ext4 /dev/vg_arch/root
/home:
[root@archiso ~]# mkfs.ext4 /dev/vg_arch/home
swap:
[root@archiso ~]# mkswap /dev/vg_arch/swap
Setting up swapspace version 1, size = 16 GiB (17179865088 bytes)
no label, UUID=0e0d178e-c894-47cd-a4db-72d21feab15e
Подключаем swap:
[root@archiso ~]# swapon /dev/vg_arch/swap
Монтируем root:
[root@archiso ~]# mount /dev/vg_arch/root /mnt/
home:
[root@archiso ~]# mkdir /mnt/home
[root@archiso ~]# mount /dev/vg_arch/home /mnt/home/
И boot (sda2):
[root@archiso ~]# mkdir /mnt/boot
[root@archiso ~]# mount /dev/sda2 /mnt/boot/
Установка Arch Linux
Устанавливаем систему в /mnt, заодно openssh и утилиты для настройки WiFi:
[root@archiso ~]# pacstrap -i /mnt base base-devel openssh wireless_tools wpa_supplicant wpa_actiond dialog
Из комментариев: «в pacstrap также нужно добавить linux и linux-firmware, иначе mkinitcpio не будет работать»
Создаём fstab:
[root@archiso ~]# genfstab -pU /mnt >> /mnt/etc/fstab
Меняем рабочее окружение:
[root@archiso ~]# arch-chroot /mnt /bin/bash
kernel
Обновляем /etc/mkinitcpio.conf — добавляем keyboard, keymap, encrypt и lvm2, с соблюдением порядка как в примере ниже:
... HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 filesystems fsck) ...
Создаём ядро:
[root@archiso /]# cd /boot/ && mkinitcpio -p linux
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
-> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
==> Starting build: 4.16.9-1-ARCH
-> Running build hook: [base]
-> Running build hook: [udev]
-> Running build hook: [autodetect]
-> Running build hook: [keyboard]
-> Running build hook: [keymap]
-> Running build hook: [modconf]
-> Running build hook: [block]
-> Running build hook: [encrypt]
-> Running build hook: [lvm2]
-> Running build hook: [filesystems]
-> Running build hook: [keyboard]
-> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
-> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
==> Starting build: 4.16.9-1-ARCH
-> Running build hook: [base]
-> Running build hook: [udev]
-> Running build hook: [keyboard]
-> Running build hook: [keymap]
-> Running build hook: [modconf]
-> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: wd719x
==> WARNING: Possibly missing firmware for module: aic94xx
-> Running build hook: [encrypt]
-> Running build hook: [lvm2]
-> Running build hook: [filesystems]
-> Running build hook: [keyboard]
-> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-fallback.img
==> Image generation successful
Настройка GRUB
Устанавливаем утилиты:
[root@archiso boot]# pacman -S grub efibootmgr dosfstools os-prober mtools
Создаём каталог EFI:
[root@archiso boot]# mkdir /boot/EFI
Монтируем sda1 в /boot/EFI:
[root@archiso boot]# mount /dev/sda1 /boot/EFI
Устанавливаем GRUB с опцией EFI:
[root@archiso boot]# grub-install --target=x86_64-efi --bootloader-id=grub_uefi --recheck
Installing for x86_64-efi platform.
Installation finished. No error reported.
Указываем GRUB на необходимость открыть зашифрованный раздел.
Находим ID диска с root:
[root@archiso boot]# blkid /dev/sda3
/dev/sda3: UUID="e52d9a55-05e4-48c6-bb1d-cc47293cbd8b" TYPE="crypto_LUKS" PARTUUID="3eca6ae1-afcf-c547-9536-9edca7463482"
Редактируем /etc/default/grub:
... GRUB_CMDLINE_LINUX="cryptdevice=UUID=e52d9a55-05e4-48c6-bb1d-cc47293cbd8b:cryptlvm root=/dev/vg_arch/root" ...
Создаём файл настроек GRUB:
[root@archiso boot]# grub-mkconfig -o /boot/grub/grub.cfg
Выходим из chroot, перезагружаемся:
[root@archiso boot]# exit
[root@archiso ~]# reboot
Connection to 172.16.66.80 closed by remote host.
Connection to 172.16.66.80 closed.
Готово.
