И ещё один пример установки Arch Linux на ноутбук с UEFI, GPT разметкой, используя LUKS шифрование LVM раздела.
Аналогичные примеры – Arch Linux: установка с LVM и LUKS шифрованием диска и Arch: установка с LVM.
Собственно в этом примере ничего особо отличного, кроме настроек GRUB.
Содержание
WiFi
Настраиваем WiFi, подключаемся к сети:
[simterm]
# wifi-menu
[/simterm]
Задаём пароль root:
[simterm]
# passwd root
[/simterm]
Запускаем sshd:
[simterm]
# systemctl start sshd.service
[/simterm]
Подключаемся, продолжаем установку по SSH:
[simterm]
$ ssh [email protected]
…
[email protected]’s password:
Last login: Tue May 22 14:36:56 2018
root@archiso ~ # bash
[root@archiso ~]#
[/simterm]
Разбивка диска
Сейчас есть старые разделы:
[simterm]
[root@archiso ~]# fdisk /dev/sda ... Command (m for help): p Disk /dev/sda: 238.5 GiB, 256060514304 bytes, 500118192 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disklabel type: gpt Disk identifier: A7F873F9-09FF-4202-BDD5-5499A21477B2 Device Start End Sectors Size Type /dev/sda1 2048 1050623 1048576 512M EFI System /dev/sda2 1050624 2050047 999424 488M Linux filesystem /dev/sda3 2050048 500117503 498067456 237.5G Linux filesystem
[/simterm]
Удаляем их все командой d, теперь разметка пустая:
[simterm]
...
Command (m for help): p Disk /dev/sda: 238.5 GiB, 256060514304 bytes, 500118192 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disklabel type: gpt Disk identifier: A7F873F9-09FF-4202-BDD5-5499A21477B2
[/simterm]
Создаём новые разделы – сначала под EFI, sda1:
[simterm]
...
Command (m for help): n
Partition number (1-128, default 1):
First sector (34-500118158, default 2048):
Last sector, +sectors or +size{K,M,G,T,P} (2048-500118158, default 500118158): +512M
Created a new partition 1 of type 'Linux filesystem' and of size 512 MiB.
Partition #1 contains a vfat signature.
Do you want to remove the signature? [Y]es/[N]o: Y
The signature will be removed by a write command.
...
[/simterm]
Указываем тип раздела EFI:
[simterm]
... Command (m for help): t Selected partition 1 Partition type (type L to list all types): L 1 EFI System C12A7328-F81F-11D2-BA4B-00A0C93EC93B ... Partition type (type L to list all types): 1 Changed type of partition 'Linux filesystem' to 'EFI System'.
[/simterm]
Второй раздел – под boot, sda2:
[simterm]
...
Command (m for help): n
Partition number (3-128, default 3):
First sector (34605056-500118158, default 34605056):
Last sector, +sectors or +size{K,M,G,T,P} (34605056-500118158, default 500118158): +512M
Created a new partition 3 of type 'Linux filesystem' and of size 512 MiB.
...
[/simterm]
И раздел под LVM – тут будут root, home и swap:
[simterm]
...
Command (m for help): n
Partition number (4-128, default 4):
First sector (35653632-500118158, default 35653632):
Last sector, +sectors or +size{K,M,G,T,P} (35653632-500118158, default 500118158):
Created a new partition 4 of type 'Linux filesystem' and of size 221.5 GiB.
...
[/simterm]
Проверяем:
[simterm]
... Command (m for help): p Disk /dev/sda: 238.5 GiB, 256060514304 bytes, 500118192 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disklabel type: gpt Disk identifier: A7F873F9-09FF-4202-BDD5-5499A21477B2 Device Start End Sectors Size Type /dev/sda1 2048 1050623 1048576 512M EFI System /dev/sda2 1050624 2099199 1048576 512M Linux filesystem /dev/sda3 2099200 500118158 498018959 237.5G Linux filesystem ...
[/simterm]
Записываем новую таблицу – w:
[simterm]
... Command (m for help): w The partition table has been altered. Calling ioctl() to re-read partition table. Syncing disks. ...
[/simterm]
Проверяем:
[simterm]
[root@archiso ~]# fdisk -l /dev/sda Disk /dev/sda: 238.5 GiB, 256060514304 bytes, 500118192 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disklabel type: gpt Disk identifier: A7F873F9-09FF-4202-BDD5-5499A21477B2 Device Start End Sectors Size Type /dev/sda1 2048 1050623 1048576 512M EFI System /dev/sda2 1050624 2099199 1048576 512M Linux filesystem /dev/sda3 2099200 500118158 498018959 237.5G Linux filesystem
[/simterm]
LUKS
Шифруем раздел sda3:
[simterm]
[root@archiso ~]# cryptsetup -y luksFormat --type luks2 /dev/sda3 WARNING! ======== This will overwrite data on /dev/sda3 irrevocably. Are you sure? (Type uppercase yes): YES Enter passphrase for /dev/sda3: Verify passphrase:
[/simterm]
Открываем его:
[simterm]
[root@archiso ~]# cryptsetup open /dev/sda3 cryptlvm Enter passphrase for /dev/sda3:
[/simterm]
LVM
Создаём Physical volume:
[simterm]
[root@archiso ~]# pvcreate /dev/mapper/cryptlvm Physical volume "/dev/mapper/cryptlvm" successfully created.
[/simterm]
Volume group:
[simterm]
[root@archiso ~]# vgcreate vg_arch /dev/mapper/cryptlvm Volume group "vg_arch" successfully created
[/simterm]
Logical volume под swap:
[simterm]
[root@archiso ~]# lvcreate -L 16G -n swap vg_arch Logical volume "swap" created.
[/simterm]
Logical volume под root, 60gb:
[simterm]
[root@archiso ~]# lvcreate -L 60G -n root vg_arch Logical volume "root" created.
[/simterm]
Logical volume под home, 100% места:
[simterm]
[root@archiso ~]# lvcreate -l 100%FREE -n home vg_arch Logical volume "home" created.
[/simterm]
mkfs
Форматируем раздел sda1 под EFI:
[simterm]
[root@archiso ~]# mkfs.fat -F32 /dev/sda1 mkfs.fat 4.1 (2017-01-24)
[/simterm]
/boot:
[simterm]
[root@archiso ~]# mkfs.ext2 /dev/sda2
mke2fs 1.44.1 (24-Mar-2018)
Discarding device blocks: done
Creating filesystem with 131072 4k blocks and 32768 inodes
Filesystem UUID: f18f003f-9054-4bbb-9b93-ed39297f924c
Superblock backups stored on blocks:
32768, 98304
Allocating group tables: done
Writing inode tables: done
Writing superblocks and filesystem accounting information: done
[/simterm]
root:
[simterm]
[root@archiso ~]# mkfs.ext4 /dev/vg_arch/root
[/simterm]
/home:
[simterm]
[root@archiso ~]# mkfs.ext4 /dev/vg_arch/home
[/simterm]
swap:
[simterm]
[root@archiso ~]# mkswap /dev/vg_arch/swap Setting up swapspace version 1, size = 16 GiB (17179865088 bytes) no label, UUID=0e0d178e-c894-47cd-a4db-72d21feab15e
[/simterm]
Подключаем swap:
[simterm]
[root@archiso ~]# swapon /dev/vg_arch/swap
[/simterm]
Монтируем root:
[simterm]
[root@archiso ~]# mount /dev/vg_arch/root /mnt/
[/simterm]
home:
[simterm]
[root@archiso ~]# mkdir /mnt/home [root@archiso ~]# mount /dev/vg_arch/home /mnt/home/
[/simterm]
И boot (sda2):
[simterm]
[root@archiso ~]# mkdir /mnt/boot [root@archiso ~]# mount /dev/sda2 /mnt/boot/
[/simterm]
Установка Arch Linux
Устанавливаем систему в /mnt, заодно openssh и утилиты для настройки WiFi:
[simterm]
[root@archiso ~]# pacstrap -i /mnt base base-devel openssh wireless_tools wpa_supplicant wpa_actiond dialog
[/simterm]
Из комментариев: “в pacstrap также нужно добавить linux и linux-firmware, иначе mkinitcpio не будет работать”
Создаём fstab:
[simterm]
[root@archiso ~]# genfstab -pU /mnt >> /mnt/etc/fstab
[/simterm]
Меняем рабочее окружение:
[simterm]
[root@archiso ~]# arch-chroot /mnt /bin/bash
[/simterm]
kernel
Обновляем /etc/mkinitcpio.conf – добавляем keyboard, keymap, encrypt и lvm2, с соблюдением порядка как в примере ниже:
... HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 filesystems fsck) ...
Создаём ядро:
[simterm]
[root@archiso /]# cd /boot/ && mkinitcpio -p linux ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default' -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img ==> Starting build: 4.16.9-1-ARCH -> Running build hook: [base] -> Running build hook: [udev] -> Running build hook: [autodetect] -> Running build hook: [keyboard] -> Running build hook: [keymap] -> Running build hook: [modconf] -> Running build hook: [block] -> Running build hook: [encrypt] -> Running build hook: [lvm2] -> Running build hook: [filesystems] -> Running build hook: [keyboard] -> Running build hook: [fsck] ==> Generating module dependencies ==> Creating gzip-compressed initcpio image: /boot/initramfs-linux.img ==> Image generation successful ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback' -> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect ==> Starting build: 4.16.9-1-ARCH -> Running build hook: [base] -> Running build hook: [udev] -> Running build hook: [keyboard] -> Running build hook: [keymap] -> Running build hook: [modconf] -> Running build hook: [block] ==> WARNING: Possibly missing firmware for module: wd719x ==> WARNING: Possibly missing firmware for module: aic94xx -> Running build hook: [encrypt] -> Running build hook: [lvm2] -> Running build hook: [filesystems] -> Running build hook: [keyboard] -> Running build hook: [fsck] ==> Generating module dependencies ==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-fallback.img ==> Image generation successful
[/simterm]
Настройка GRUB
Устанавливаем утилиты:
[simterm]
[root@archiso boot]# pacman -S grub efibootmgr dosfstools os-prober mtools
[/simterm]
Создаём каталог EFI:
[simterm]
[root@archiso boot]# mkdir /boot/EFI
[/simterm]
Монтируем sda1 в /boot/EFI:
[simterm]
[root@archiso boot]# mount /dev/sda1 /boot/EFI
[/simterm]
Устанавливаем GRUB с опцией EFI:
[simterm]
[root@archiso boot]# grub-install --target=x86_64-efi --bootloader-id=grub_uefi --recheck Installing for x86_64-efi platform. Installation finished. No error reported.
[/simterm]
Указываем GRUB на необходимость открыть зашифрованный раздел.
Находим ID диска с root:
[simterm]
[root@archiso boot]# blkid /dev/sda3 /dev/sda3: UUID="e52d9a55-05e4-48c6-bb1d-cc47293cbd8b" TYPE="crypto_LUKS" PARTUUID="3eca6ae1-afcf-c547-9536-9edca7463482"
[/simterm]
Редактируем /etc/default/grub:
... GRUB_CMDLINE_LINUX="cryptdevice=UUID=e52d9a55-05e4-48c6-bb1d-cc47293cbd8b:cryptlvm root=/dev/vg_arch/root" ...
Создаём файл настроек GRUB:
[simterm]
[root@archiso boot]# grub-mkconfig -o /boot/grub/grub.cfg
[/simterm]
Выходим из chroot, перезагружаемся:
[simterm]
[root@archiso boot]# exit [root@archiso ~]# reboot Connection to 172.16.66.80 closed by remote host. Connection to 172.16.66.80 closed.
[/simterm]
Готово.
