Arch Linux - A comprehensive installation guide (kinda)
Table of Contents
- Home partition
- File systems
- File system table
- Initial ramdisk
- Init systems
What this guide is (and Fedora shilling)
This guide is a detailed explanation of the installation process and things relating to it. This is not a guide that takes you step by step through the commands you need to run to install Arch Linux. If you want that take a look at the "Recommended guides" section below. This guide is meant to help you understand the commands you are running allowing you to install Arch Linux (or any DIY distro) the way YOU want or the way that best suits your needs. This guide should be used as a collection of useful links and ideas. A lot of information here can carry over to other operating systems installations but the focus of this guide is Arch Linux. If you are new to linux or never used it, what are you doing here? Go earn some Tux exp. points™ by using Fedora, its cutting edge, stable and better than Arch in a lot of areas. Linus Torvalds doesn't use Fedora without reason. This guide gets updated from time to time as the writer gains more Tux exp. points™.
Arch Linux installation scripts
People have created Arch Linux installation scripts plenty of times. However Arch Installer is the only official automated script. This installer is optional. If the user desires to install Arch Linux manually they can still do so.
There isn't a single correct way to install Arch Linux, however, the most up-to-date and accurate is the official guide by the Arch Linux wiki. Remember none official guides tend to go out of date and become obsolete, some are linked here for reference and to show the various ways an installation can be configured.
- It's FOSS (Gnome), extra steps for KDE.
- EF - Linux Made Simple
- Thomas Forgione
- Memory Imprint Studio
Post installation tweaks
After installing the base system there are some things that you might want to tweak afterwards.
This guide assumes you have a x86_64 1 computer which has 2GB of RAM, 20GB of disk space 2, an internet connection, a USB with at least 2GB of storage 3.
1 Arch Linux only supports x86_64 architecture, however a fork of it exists for ARM CPUs.
2 Arch Linux can be installed on a smaller disk space and use less RAM but you probably (and should) use more.
3 The USB is not needed if you Netboot into the live medium. An optical disc can also be used instead of a USB.
Arch Linux ISO
The first thing we must do is to get the ISO file and USB device. Head over to Arch Linux website to download the official ISO using either a magnet link or a torrent file. To make use of the ISO file, we will need a bootable USB.
Verifying the signature
Verifying the signature of the file is important to make sure the ISO you have is not compromised, malicious, or broken. The Arch Linux wiki covers this pretty well thus going over it would be redundant.
Most guides recommend tools like UNetBootin, Balena Etcher or Rufus to etch an ISO file onto a USB device. These tools are great but they uses the entire USB (which could be 16GB or more) to etch a single distro in which the ISO might be 2GB large. Arch Linux's disk image takes up less than 1GB of space! Even if you aren't going to use all that space, It is time consuming and tedious to rerun the etching software every time you want to use a different operating system. If you are distro-hopping or would like to keep multiple operating systems (not just different distributions!) on a single USB, this guide recommends using a tool called Ventoy 1.
1 Ventoy is not the only program that can do this, YUMI (Your USB Multiboot Installer) is another program that can be used.
To make a bootable USB we will need to create it using Ventoy. Ventoy has both a GUI and a CLI clients therefore its perfect for any user. When you run Ventoy on your desired USB device, It will create 2 partitions. We only need to worry about one of these partitions, the empty one, this is were we will be putting our image files. After downloading the Arch Linux ISO (or any other ISO file), just move it to the empty Ventoy partition and we will be able to boot into it.
Booting into the live medium
Reboot your machine and enter the BIOS/UEFI to disable "Secure Boot" if its enabled. Then boot into your USB device from the boot loader menu. Secure boot can be set up after the installation.
This is where things get interesting! Partitioning a disk is just dividing up your storage device into smaller chinks which may have different file systems. There is a plethora of partitioning tools you can use 1. The easiest non-GUI tool is "cfdisk". Some guides use "fdisk" which is more intimidating. There is multiple partitions you can make for many reasons. The simplest installation only requires 2 on a UEFI system, an EFI partition and a root partition. The EFI partition is needed to boot the system, it is your boot partition. The root partition is where everything else is stored. A BIOS system only need 1 root partition which contains everything.
1 Some partitioning tools are parted, fdisk, cfdisk, sfdisk, gdisk, cgdisk, and sgdisk. More can be found here.
A partition table describes how a disk is partitioned. There are 2 types of partition tables, the "Master Boot Record" (MBR) and "GUID Partition Table" (GPT). The GPT partitioning table is newer and is more feature rich than its predecessor. If you are installing an operating system you will want to use GPT unless you have a specific reason not to. GPT allows you to create more partitions and supports disks larger than 2TB.
Storage device naming scheme
When you are formatting your drives, you probably want to know which device is being used. In Linux, storage devices can be found in "/dev". HDD and USB storage devices are usually labeled as sdX. Where "X" is a lower case letter starting in alphabetical order (sda, sdb, sdc, etc.). each of these is a separate storage device.
An example list of storage devices names could look like this:
/dev/sda sda <-- HDD
/dev/sdb sdb <-- Secondary HDD
/dev/sdc sdc <-- USB drive
/dev/nvme0n1 nvme0n1 <-- SSD
/dev/nvme0n2 nvme0n2 <-- Secondary SSD
Number of partitions on a single disk is also taken into account. The number after the device name (sda1, nvme0n1p1) is the partition number.
An example output of the command "lsblk -o NAME,TYPE" is this:
$ lsblk -o NAME,TYPE
├─sda1 part <-- EFI - boot partition
├─sda2 part <-- Ext4 - root partition
└─sda3 part <-- swap - swap partition
└─sda1 part <-- FAT32 - extra storage partition
└─nvme0n1p1 part <-- Ext4 - home partition
Creating more partitions allows you to better organize or even backup your data. A home partition will only hold the user(s) files (all of "/home"). The root partition will contain everything else (packages, operating system files, etc.).
Swap can be used to off load data from RAM, essentially giving you more ram at the cost of disk space using a process called paging. You can create either a swap file or a swap partition. Swap is also used for hibernation 1 of your system. Hibernation allows you to completely power off your computer which is why its more useful than normal sleep which keep the system on 2. Restoring from hibernation is slower compared to restoration from sleep. Having swap is recommended for lower end systems which may have less memory.
1 Hibernation is like entering sleep mode, however the data is stored in the swap partition/file. `Normal` sleep just keeps the data in RAM.
2 Sleep powers off all of the computers hardware (networking, display, etc.) with the exception of RAM. If RAM was powered off, nothing would be saved.
After creating your partitions you have to format them. There is multiple file system types. Different operating systems tend to use different file systems usually because these systems are proprietary. A variant of the FAT file system, FAT32, is widely used in storage devices of computers, cameras, embedded systems and game systems. Windows uses FAT32 for a boot partition and NTFS for its root partition. macOS uses APFS. Most guides tell you to format the EFI partition has FAT32 1 and the root partition as Ext4. Some guides use BTRFS file system for the root partition, because it is faster than Ext4 and has more features, however it comes at the cost of stability 2. XFS and ZFS can also be used instead of Ext4 for a root partition. If you created a swap partition you want to format it as such. If in doubt when choosing file system for your root or home partition, choose either BTRFS or Ext4.
1 If you are using a BIOS system you only have 1 partition which typically is formatted as Ext4.
2 Stability on BTRFS has not been an issue for a long time.
If you plan on encrypting one or more partitions you should do so using the "cryptsetup" command. To setup encryption on a partition, format that partition as "LUKS" (either LUKS1 or LUKS2) using the command "cryptsetup --type luks1 luksFormat <path to partition>". Then you will be prompted to type a passphrase, make sure to memorize this passphrase because without it you will not be able to boot into your operating system 1. Before you can use the partition, you will need to create and form the virtual disk. To access the encrypted partition, type the command "cryptsetup luksOpen <path to partition> <name>" (the example below uses "crypthome" as the name). Then you can mount the virtual drive and use it. The path of the virtual drive is "/dev/mapper/<name>".
Example of an encrypted partition.
$ lsblk -o NAME,TYPE,MOUNTPOINTS
NAME TYPE MOUNTPOINTS
├─sda1 part /boot
├─sda2 part /
└─crypthome crypt /home <-- full path is "/dev/mapper/crypthome/home"
A more detailed explanation of how to encrypt your drives can be found on the Arch Linux wiki.
1 You will be prompted to enter this passphrase every time you boot your system (assuming the partition will get mounted by the bootloader).
Unix/Linux file system structure
In a Unix/Linux system, everything is a file. If you wanted to know the specifications of your CPU, you can just look at the file in "/proc/cpuinfo". On a windows system, you would need to make an API call to get this information. In a Unix/Linux system, there is a single folder that contains everything. This folder is called root "/". Running processes can be found in "/proc" (notice that "proc" is inside "/"). Linux Journey explains the different directories well.
After partitioning and creating the needed file systems you need to mount them to write data to them. Mounting allows you to attach other partitions onto your root partition. For example, when you plug in a USB storage device into a Linux system the OS will automatically mount it to a specific directory such as "/run/media/<user's name>". To install Arch Linux, you will need to manually mount the created partitions on to the live system to install the necessary programs. You would need to mount "/dev/<root partition>" on to "/mnt" to install the system programs and you will also need to mount "/dev/<EFI partition>" on to "/mnt/boot" to be able to boot. The "/mnt" directory will become the new root directory once the installation is finished. Files located at "/mnt/var" in the live environment will be at "/var" on the new system.
Mounting encrypted partition
If you encrypted your root partition you would need to mount "/dev/mapper/root" to "/mnt". If you created a separate home partition and is also encrypted you would need to mount it to its corresponding mounting point. each encrypted partition will need its own passphrase 1.
1 If you got an encrypted root and home partitions you will need to type 2 passphrase to actually use your system.
Pacstrap is a script which you will need to install the base system, Linux kernel 1, and the kernel's firmware. The pacstrap is essentially the "pacman" command but installs packages to a different root partition. The script can also be used to install programs into the new root partition. It is a good idea to install a text editor when you run this command because it will make life easier later.
1 There are different kernels officially supported by Arch Linux.
There are 4 official variants of the Linux kernel. The "Stable kernel" is the main vanilla Linux kernel. The "Hardened kernel" is more security orientated and mitigates exploits better. The "Long term kernel" is aimed at providing long term support (LTS). The LTS kernel is better suited for servers and for older hardware. The "Zen kernel" is optimized for performance and speed. The actual linux kernel executable is located at "/boot/vmlinux" (assuming the vanilla kernel).
1 A list of kernels can be found here.
Mandatory Access Control
A base Linux install usually defines restrictions to users based on what group they are in and what permissions a certain file has (i.e. Discretionary Access Control). Mandatory Access Control adds extra restrains to better improve security. Actions done in a system with MAC is checked against a set of rules and policies (which can not be changed by users) to allow or deny the action. There are different implementations of MAC for Linux systems, most popular being Security-Enhanced Linux (SELinux). There are other implementations such as AppArmor (which is used by default on Ubuntu and SUSE) and TOMOYO.
SELinux is currently not officially supported but can be installed. SELinux works by replacing the DAC system and is used by RHEL by default. Using SELinux means a lot of packages, including the kernel, would need to be recompiled with SELinux support flags. Commonly used packages are recompiled with the needed flags and can be installed from the AUR.
File system table
The new operating system will need to know where each partition is located and where to mount it. The command "genfstab" will generate a file system table to define where those partitions mount.
This section is not necessary for the installation process 1, however some programs might not work properly without them. To configure the new system you will need to run the "arch-chroot" command on the new root partition "/mnt". Chroot is an important command to keep in mind in case the system breaks in the future. This command will change the root user of the live system into the root user of the new system. Inside the chroot environment you can set up the timezone, locale and networking, but this can be done after installation. One thing you should do in the chroot environment is setting up the bootloader. You should give the new root user a password using the "passwd" command.
1 If you consider the bootloader unnecessary.
During the boot process the Linux kernel's modules need to be loaded. The initial ramdisk loads these before handing them over to the init system (systemd when using vanilla Arch Linux). The "mkinitcpio" 1 command creates the initial ramdisk using the configuration file located at "/etc/mkinitcpio.conf". Executing "mkinitcpio" creates kernel images in your boot partition. If you plan on messing with boot process, having an understanding of the initial ramdisk helps.
1 "mkinitcpio" is not the only program that can be used to create the initramfs image, others such as dracut and booster can also be used. A list can be found here.
Hooks are extra scripts that extend what the initial ramdisk can do. For example, they allow the kernel to open encrypted partitions, resume from hibernation, allow useage of BTRFS partitions or access to file systems on LVM and more,
Most guides use GRUB as the bootloader however you can use other bootloaders such as systemd-boot. A list of bootloaders can be found here. Inside the chroot environment you want to configure the bootloader because you can not boot into the operating system to configure it there (there no bootloader yet!). Setting up the bootloader on a UEFI system will need a package called "efibootmgr" and (obviously) your bootloader of choice. For a GRUB installation, you will want to create a directory inside"/boot" the name doesn't matter (in our example we will use "/boot/efi"). The following sections will assume you are using GRUB. GRUB configuration file is located at "/etc/default/grub" and after editing it you will need to run "grub-install" 1.
1 When running "grub-install" make sure to point it to the efi directory you created earlier.
When configuring the bootloader or the initial ramdisk it is recommended to use a persistent block device naming scheme like the Universal Unique Identifier (UUID) of the partition rather than using the device name.
GRUB_CMDLINE_LINUX="root=UUID=0a3407de-014b-458b-b5c1-848e92a327a3" <-- recommended
The bootloader will need to know which partition is encrypted to it can open it properly. You need to tell GRUB what partition is encrypted using "cryptdevice". You will also need to allow GRUB to boot from a LUKS device.
GRUB_CMDLINE_LINUX="cryptdevice=/dev/<partition>:<virtual device name>"
This is an example of what the above lines may look like:
If you have multiple operating systems you will need to run "os-prober" so GRUB can detect other OSes. Also you should enable "GRUB_DISABLE_OS_PROBER" in your GRUB config.
To be able to restore from hibernating you will need to add "resume" and point it to your swap partition/file. You should also add it to "GRUB_CMDLINE_LINUX_DEFAULT".
GRUB_CMDLINE_LINUX_DEFAULT="resume=/dev/<location to swap>"
resume=/dev/<location to swap>
Plymouth is not part of the installation process however it looks good. To use plymouth you will need to add the necessary strings to the "mkinitcpio.conf" and to the bootloader (GRUB in this example). "plymouth" needs to be after "base" and "udev". If disk encryption is used, replace "encrypt" with "plymouth-encrypt".
MODULES=(i915) < for Intel
MODULES=(amdgpu) <-- for AMD
The following command line entries need to be added for a smooth experience. The "splash" entry is absolutely needed for plymouth (or any other graphical boot process).
GRUB_CMDLINE_LINUX_DEFAULT="splash rd.udev.log_priority=3 vt.g
Plymouth is a fantastic program, here is a list of some themes, some ported from android.
The most used init system is systemd however many people consider it bloated. Arch Linux uses systemd. Other init systems are openrc, runit, s6, sysvinit, dinit, sinit, epoch, upstart and GNU Shepherd. If you do not wish to use systemd but still want a DIY distribution then consider using an alternative operating system such as Artix Linux, Void Linux, Gentoo Linux, Linux from scratch (LFS) or even a BSD distro. Swapping out systemd on Arch Linux will guarantee detrimental damage to the operating system.
IDK where to squeeze this in so I'm putting it here.
There are many desktop environments (DEs) for Linux and BSD systems. Most commonly used are Gnome and KDE. A DE is just collection of packages which setup the GUI and install some user applications 1 that share a common graphical framework 2 to reduce bloat and graphical inconsistency. All DEs install with a window manager however you can install a window manager without installing a DE. A list of all DEs can be found here and for officially supported DEs on Arch Linux here. The Arch Linux wiki has a desktop environment comparison page.
1 The applications installed vary with each DE but usually include an application center, terminal, file manager, settings application, screenshot utility, text editor, web browser, office suite, and similar applications.
2 The most used Libraries are GTK, QT however others exist such as Enlightenment. More libraries can be found here.
Window managers (WMs) are programs that work with the window server 1 to produce a graphical interface. Window managers control the behavior and appearance of the windows running inside it. There are 3 types of window managers, floating/stacking, tiling, and dynamic. Floating window managers are what Windows and macOS use. In a floating WM, the windows may overlap other windows. Floating window managers require the mouse to resize and move the windows. Tiling WM is where windows are automatically organized into tiles to maximize the screen real estate. These tiles do not over lap. Tiling window managers are minimal in nature and do not depend on the mouse to move and resize windows. Dynamic window managers are a combination of Floating and tiling WMs. A list of window managers can be found here.
1 The window server usually is either X.Org or Wayland. Other window servers can be found here.
The graphical interface where you login to a specific user is the display manager 1 (DM). From it you can choose which desktop environment or window manager to use. DE tend to ship their own DMs for example, Gnome uses the Gnome Display Manager (GDM) and KDE uses Simple Desktop Display Manager (SDDM). DM are usually graphical but CLI/TUI DMs exist. The Arch Linux wiki has a list of display managers you can use.
1 Also referred to as the login/session manager.
Limiting access to certain commands is needed for good security. You can create a new user account using the command "useradd -g <name>", the "-g" flag is for creating a home directory for that user. You can assign a password to that user using the "passwd" command. Add a user to a group using the "usermod" command. To allow user accounts to elevate their privileges to root, add them to the "wheel" group 1.
1 The "wheel" group isn't necessary for privilege escalation but its widely used. Other groups or manually giving a user privilege also works. More information about the "wheel" group here.
To change the privilege of a user or group you edit the file "/etc/sudoers" using the command "visudo" 1. Other commands commands like "sudo" exists such as "su" and "doas". "su" is the predecessor of "sudo". "doas" is alot simpler than "sudo" also it is significantly smaller in size. The "doas" config is alot nicer and less intimidating than "sudo"'s. I can not recommend "doas" for beginners because "makepkg" fails (requires a patch to work with "doas"). If don't plan on using "makepkg" then replace sudo!
1 Why use "visudo" instead of manually editing the file directly?
Files and directories have specific permissions based on certain criteria. Using a command like "ls" 1 we can see the permissions of a file or directory:
$ ls -l
drwxr-xr-x linux linux 4.0 KB Wed Mar 16 14:15:14 2022 Documents
-rw-r--r-- linux linux 143 B Thu Nov 11 17:30:07 2021 file.txt
^^^ ^^^ ^^^
│ | |
| | Group.
| Owner of file/directory.
These are the permissions.
To better understand this we will split the sting into 4 smaller strings:
╭───────────────── Tells us if entry is a directory or a file.
│ ╭────────────── Tells us the permission of the file's owner. (Think "Can the owner of this file read/write/execute it?")
│ │ ╭────────── Tells us the permission of users in the assigned group.
│ │ │
│ │ │ ╭────── Tells us the permission of every other user.
│ │ │ │
d rwx r-x r-x
The letter "r" means read, "w" means write, and "x" means execute. The lack of a letter "-" means no permission is given.
- rwx r-x r--
│ │ │
│ │ ╰───── Any other user (not the owner or in the group) can only read the file.
│ ╰─────────── Users in the group can only read and execute the file.
╰───────────────── The owner of this file can read, write and execute it.
Keep in mind that the root user has read, write and execute permissions to everything. This is one of the reasons why using root for everything is dangerous.
1 The command "namei" can be used to follow the path of a file/directory and list permissions of its parent directories.
Arch User Repository
There are 2 main repositories to install packages from, the official stable repo and the AUR. The AUR is a collection of user submitted packages while the official repo are selected and verified by the Arch Linux developers and repo maintainers. Since the AUR is based on user submissions, you should inspect the "PKGBUILD" of a program before installing it (in case it is malicious or broken). The are more repositories you can download software from but often it is unneeded and may break package dependencies. List of official and unofficial repositories. Anyone can create a repository, instructions on how to do so can be found here.
Using an AUR helper is not needed but makes installing packages easier. A list of them can be found here. To manually install an AUR package you should download it from the AUR site and then compile it's "makepkg" after inspecting the "PKGBUILD". A list of AUR helpers can be found on the Arch Linux wiki 1.
1 I have contributed the one of the AUR helpers, Aura!