Installing Hyperbola GNU/Linux-libre with disk encryption (excluding /boot)
Create bootable image
Download live image
Make sure to change your BIOS settings so that your computer will boot from your optical disk or USB stick.
Download the new Hyperbola ISO from the download page.
- Instead of six different images we only provide a single one which can be booted into an i686 and x86_64 live system to install Hyperbola GNU/Linux-libre over the network.
Verify the live image
Once you have downloaded the Live image as described you should verify it following:
Preparation
- Create a directory called live_image in your home directory.
- Move the live image you downloaded in this directory.
- Download the following files and move them into the live_image directory.
Hyperbola live image
File | Description |
---|---|
hyperbola-milky-way-v0.4.3-dual.iso.sha512 | Contains the SHA512 sums to check the integrity of the Hyperbola live image. |
hyperbola-milky-way-v0.4.3-dual.iso.sha512.sig | Signed by the Hyperbola team to check the authenticity of the sha512sum file of the Hyperbola live image. |
Your live_image directory should now contain 3 files: Your live image and the sha512 file and the signed one, like this:
- hyperbola-milky-way-v0.4.3-dual.iso
- hyperbola-milky-way-v0.4.3-dual.iso.sha512
- hyperbola-milky-way-v0.4.3-dual.iso.sha512.sig
Integrity check
To verify the integrity of your live image, generate its SHA512 sum and compare it to the one found in the sha512sum file.
In most GNU/Linux distributions the SHA512 sum can be generated by opening a terminal and running the following commands:
cd
cd live_image
sha512sum -b *.iso
The last command should show you the SHA512 sum of your live file. Compare it to the sha512sum file. If it match, you've successfully verified the integrity of your live image.
sha512sum -c hyperbola-milky-way-v0.4.3-dual.iso.sha512
Authenticity check
To verify the authenticity of the sha512sum file, we need to check the signature on the signed file.
Import the Hyperbola signing key:
gpg --keyserver pgp.mit.edu --recv-key "C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456"
gpg --keyserver pgp.mit.edu --recv-key F9704456
gpg --list-key --with-fingerprint F9704456
Check the output of the last command, to make sure the fingerprint is C92B AA71 3B8D 53D3 CAE6 3FC9 E697 4752 F970 4456.
Verify the authenticity of the sha512sum file, like this:
cd
cd live_image
gpg --verify hyperbola-milky-way-v0.4.3-dual.iso.sha512.sig
The output of the last command should tell you that the file signature is 'good' and that it was signed with the following key: F9704456.
Acknowledgement
This wiki article is based on Mint's download page. We may have removed non-FSDG bits from it.
.
- Install images are signed and it is highly recommend to verify their signature before use. On Hyperbola, this can be done by using pacman-key -v <iso-file>.sig
- The image can be burned to a CD, mounted as an ISO file, or directly written to a USB stick using a utility like dd. It is intended for new installations only; an existing Hyperbola GNU/Linux-libre system can always be updated with pacman -Syu.
Writing a Hyperbola ISO image to an USB drive
Burn the image to your optical disk
To create a disk to use as your install medium, insert a blank or re-writable disk, CD or DVD, into your disk drive. Next, you will need to mount the disk.
mount sr0
Provided your computer has a disk drive. Sr0 should the first or only, if you only have one disk drive, mount point of disk drives. You will need to address the correct destination for the command to work.
dd if=~/hyperbola-milky-way-v0.2.1-dual.iso of=/dev/sr0 bs=2048 conv=noerror && sync
Write the image to your USB
If you don’t have an ISO writer, go (change directory) to the folder where you saved the downloaded Live image (probably the Downloads folder) and type the following into your terminal:
dd if=hyperbola-milky-way-v0.2.1-dual.iso of=/dev/sdb bs=2048 && sync
To find out what’s the name of the USB device, type fdisk -l
You’ll probably see something like this:
Device Boot Start End Sectors Size Id Type /dev/sda1 2048 8390655 8388608 4G 82 Linux swap /Solaris /dev/sda2 * 8390656 976773167 968382512 461,8G 83 Linux
Device Boot Start End Sectors Size Id Type /dev/sdb1 * 0 1255423 1255424 613M 0 Empty /dev/sdb2 172 63659 63488 31M ef EFI (FAT-12/16/32)
From the above, sda is your HDD, and the sdb is your USB device where you’re going to write your Live image.
Also take a note of your partitions, you will come to need it when you’re creating the file system and mounting the root partition during the installation.
Once you’ve downloaded, verified and written the Live image to your USB device, you can move on to boot your computer from your USB.
dd if=''[iso file]'' of=''[usb device file]'' bs=1M && sync
[iso file]
is the path to the ISO image file.
[usb device file]
is the path to the USB device file. dmesg or lsblk –fs can be used to learn this path. It is often similar to device filenames of storage devices like hard drives and SSDs, e.g. /dev/sdb 'It is very important to use the correct value
' to avoid overwriting other storage devices.
Keyboard layout
For many countries and keyboard types appropriate keymaps are available already, and a command like loadkeys gr might do what you want. More available keymap files can be found in /usr/share/kbd/keymaps/ (you can omit the keymap path and file extension when using loadkeys).
If you’re not using an English keyboard, you can set your language by typing loadkeys followed by you language. For British users, type:
loadkeys gr.
Internet Connection
First check if there is an Internet connection already,
ping -c 3 gnu.org
If don´t get any connection, follow steps bellow:
Connect to the Internet
A DHCP service is already enabled for all available devices. If you need to setup a static IP or use management tools, you should stop this service first:
rc-service dhcpcd stop
The dhcpcd network daemon starts automatically during boot and it will attempt to start a wired connection. Try to ping a server to see if a connection was established. For example, gnu.org:
ping -c 3 gnu.org PING gnu.org (208.118.235.148) 56(84) bytes of data. 64 bytes from wildebeest.gnu.org (208.118.235.148): icmp_seq=1 ttl=47 time=183 ms 64 bytes from wildebeest.gnu.org (208.118.235.148): icmp_seq=2 ttl=47 time=168 ms 64 bytes from wildebeest.gnu.org (208.118.235.148): icmp_seq=3 ttl=47 time=183 ms --- gnu.org ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 168.131/178.357/183.914/7.248 ms
If you get a ping: unknown host error, first check if there is an issue with your cable or wireless signal strength. If not, you will need to set up the network manually, as explained below.
Wired
Follow this procedure if you need to set up a wired connection via a static IP address.
First, disable the dhcpcd service which was started automatically at boot:
rc-service dhcpcd stop
Identify the name of your Ethernet interface.
ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp2s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 00:11:25:31:69:20 brd ff:ff:ff:ff:ff:ff 3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT qlen 1000 link/ether 01:02:03:04:05:06 brd ff:ff:ff:ff:ff:ff
In this example, the Ethernet interface is enp2s0f0. If you are unsure, your Ethernet interface is likely to start with the letter “e”, and unlikely to be “lo” or start with the letter “w”. You can also use iwconfig and see which interfaces are not wireless:
iwconfig enp2s0f0 no wireless extensions. wlp3s0 IEEE 802.11bgn ESSID:"NETGEAR97" Mode:Managed Frequency:2.427 GHz Access Point: 2C:B0:5D:9C:72:BF Bit Rate=65 Mb/s Tx-Power=16 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:on Link Quality=61/70 Signal level=-49 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:0 Invalid misc:430 Missed beacon:0 lo no wireless extensions.
In this example, neither enp2s0f0 nor the loopback device have wireless extensions, meaning enp2s0f0 is our Ethernet interface.
You also need to know these settings:
- Static IP address.
- Subnet mask.
- Gateway's IP address.
- Name servers' (DNS) IP addresses.
- Domain name (unless you are on a local LAN, in which case you can make it up).
Activate the connected Ethernet interface (e.g. enp2s0f0):
ip link set enp2s0f0 up
Add the address:
ip addr add ip_address/subnetmask dev interface_name
For example:
ip addr add 192.168.1.2/24 dev enp2s0f0
For more options, run man ip.
Add your gateway like this, substituting your own gateway's IP address:
ip route add default via ip_address
For example:
ip route add default via 192.168.1.1
Edit resolv.conf, substituting your name servers' IP addresses and your local domain name:
nano /etc/resolv.conf nameserver 61.23.173.5 nameserver 61.95.849.8 search example.com
You should now have a working network connection.
Wireless
Follow this procedure if you need wireless connectivity (Wi-Fi) during the installation process.
First, identify the name of your wireless interface.
iw dev phy#0 Interface wlp3s0 ifindex 3 wdev 0x1 addr 00:21:6a:5e:52:bc type managed
In this example, wlp3s0 is the available wireless interface. If you are unsure, your wireless interface is likely to start with the letter “w”, and unlikely to be “lo” or start with the letter “e”.
Bring the interface up with:
ip link set wlp3s0 up
SIOCSIFFLAGS: No such file or directory
Then, your wireless chipset could need a non-free firmware to function. This is not supported on Hyperbola. Please see Wireless Setup if you are unsure if this is the true for your particular chipset.
Next, use iw dev wlp3s0 scan | grep SSID to scan for available networks, then connect to a network with:
wpa_supplicant -B -i wlp3s0 -c <(wpa_passphrase "ssid" "psk")
You need to replace ssid with the name of your network (e.g. “Linksys etc…”) and psk with your wireless password, leaving the quotes around the network name and password.
Finally, you have to give your interface an IP address. This can be set manually or using the dhcp:
dhcpcd wlp3s0
If that does not work, issue the following commands:
echo 'ctrl_interface=DIR=/run/wpa_supplicant' > /etc/wpa_supplicant.conf
wpa_passphrase <ssid> <passphrase> >> /etc/wpa_supplicant.conf
ip link set <interface> up # May not be needed as dhcpcd should bring it up but may be needed for wpa_supplicant.
wpa_supplicant -B -D nl80211 -c /foobar.conf -i <interface name>
dhcpcd -A <interface name>
ADSL with PPPoE/PPPoA
Follow this procedure if you need ADSL with PPPoE/PPPoA during the installation process.
First, identify the name of your Ethernet interface.
ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: enp2s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000 link/ether 00:11:25:31:69:20 brd ff:ff:ff:ff:ff:ff 3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT qlen 1000 link/ether 01:02:03:04:05:06 brd ff:ff:ff:ff:ff:ff
In this example, the Ethernet interface is enp2s0f0.
Second, create the PPP net script and the net script for the Ethernet interface to be used by PPP:
ln -s /etc/init.d/net.lo /etc/init.d/net.ppp0
ln -s /etc/init.d/net.lo /etc/init.d/net.enp2s0f0
Now we need to configure /etc/conf.d/net.
nano /etc/conf.d/net config_eth0=null (Specify the ethernet interface) config_ppp0="ppp" link_ppp0="enp2s0f0" (Specify the ethernet interface) plugins_ppp0="pppoe" username_ppp0='user' password_ppp0='password' pppd_ppp0=" noauth defaultroute usepeerdns holdoff 3 child-timeout 60 lcp-echo-interval 15 lcp-echo-failure 3 noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp" rc_net_ppp0_need="net.enp2s0f0"
Now that the interface is configured, we can start it using the following commands:
rc-service net.ppp0 start
Behind a proxy server
If you are behind a proxy server, you will need to export the http_proxy and ftp_proxy environment variables.
Preparing the storage device for installation
You need to prepare the storage device that we will use to install the operating system. You can use same device name that you used earlier, to determine the installation device for the ISO.
Wipe storage device
You want to make sure that the device you’re using doesn’t contain any plaintext copies of your personal data. If the drive is new, then you can skip the rest of this section; if it’s not new, then there are two ways to handle it:
- If the drive were not previously encrypted, securely wipe it with the dd command; you can either choose to fill it with zeroes or random data; I chose random data (e.g., urandom), because it’s more secure. Depending on the size of the drive, this could take a while to complete:
# dd if=/dev/urandom of=/dev/sdX; sync
- If the drive were previously encrypted, all you need to do is wipe the LUKS header. The size of the header depends upon the specific model of the hard drive; you can find this information by doing some research online. You can either fill the header with zeroes, or with random data; again, I chose random data, using urandom:
# head -c 3145728 /dev/urandom > /dev/sdX; sync
Also, if you’re using an SSD, there are a two things you should keep in mind:
- There are issues with TRIM; it’s not enabled by default through LUKS, and there are security issues, if you do enable it.
Formatting the storage device
Now that all the personal data has been deleted from the disk, it’s time to format it. We’ll begin by creating a single, large partition on it, and then encrypting it using LUKS.
Initial setup
First you will need to install cryptsetup package in the live system run from the iso, given it is a utility we will use to encrypt your disk
pacman -S cryptsetup
Disk configuration
Partition disk
We then need to select the device name of the drive we’re installing the operating system on; see the above method, if needed, for figuring out device names.
lsblk
Now that we have the name of the correct device, we need to create the partition on it. For this, we will use the cfdisk command:
cfdisk /dev/sdX
This will bring up a graphical partitioning table, use the Tab and arrow keys to navigate.
If there are no partitions present select dos, try to avoid gpt only for very large disks. If intended to leave any partition on the drive, select Delete, to clear some space for new system installation.
To make a new partitions use the arrow keys and select your partition, choose New, to create intended partition sizes.
First we need make a boot partition. When creating it, will see an option for Primary or Logical; choose Primary, and make sure that the partition type is Linux (83), then choose the Boot flag to make this partition “bootable”, for the partition size is advised to use 500 MB for the unencrypted boot. Then create a partition with the rest of the disk where the encrypted LUKS container would be allocated. Again chose as Primary go to “Type” option and select Linux (83) from list, then choose the End flag.
Select Write; it will ask you if you are sure that you want to overwrite the drive. Type yes, and press enter to save your changes to disk. A message at the bottom will appear, telling you that the partition table has been altered. Select Quit, to return you to the main terminal.
Create the LUKS partition
Now that you have created the partition, it’s time to create the encrypted volume on it.
cryptsetup benchmark (to make sure that the list below is populated)
Then:
cat /proc/crypto
This gives us the crypto options that can be used. It also provides a representation of the best way to set up LUKS. In our case, security is a priority and speed a distant second, considering the above requirements, we do the following based on Encryption options for LUKS mode. Reading through, it seems like Serpent (encryption) and Whirlpool (hash) is the best option, according to the performance test executed by previous commands.
using the cryptsetup command, like this:
cryptsetup --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --use-random luksFormat /dev/sda2
These are just recommended defaults; if you want to use anything else, or to find out what options there are in order to gain a better understandment of this programme, run man cryptsetup, and read through its manual pages.
You will now be prompted to enter a passphrase; be sure to make it secure. For passphrase security, length is more important than complexity (e.g., correct-horse-battery-staple is more secure than bf20$3Jhy3), but it’s helpful to include several different types of characters (e.g., uppercase/lowercase letters, numbers, special characters). The password length should be as long as you are able to remember, without having to write it down, or store it anywhere.
Use of the diceware method is recommended, for generating secure passphrases (rather than passwords).
Create the volume group and logical volumes
The next step is to create two logical volumes within the LUKS-encrypted partition: one will contain your main installation, and the other will contain your swap space.
We will create this using, the Logical Volume Manager (LVM).
Open LUKS partition
First, we need to open the LUKS partition, at /dev/mapper/lvm:
cryptsetup open /dev/sda2 lvm
Create physical volume
Then, we create LVM partition:
pvcreate /dev/mapper/lvm
Check to make sure that the partition was created:
pvdisplay
Create volume group
Next, we create the volume group, inside of which the logical volumes will be created. For this example, we will call this group matrix. You can call yours whatever you would like; just make sure that you remember its name:
vgcreate matrix /dev/mapper/lvm
Check to make sure that the group was created:
vgdisplay
Setup logical volumes
Lastly, we need to create the logical volumes themselves, inside the volume group; first will create our / logical volume, named root, another will be our /swap volume, again named as swap, and finally the last will be our /home volume, consequently named as home.
Root volume
Now we will create a single, large partition in the rest of the space, for root:
lvcreate -L 40G matrix -n root
Swap volume
First to create the swap (again, choose your own name, if you feel like). With 4 GB of available memory, your Swap would then be arround the same equivalent size to your computer’s memory should be more then enough.
For checking how much RAM memory you have installed on your computer check the line “MemTotal” of the results given by the following command:
cat /proc/meminfo A
Alternatively these commands maybe be used for the same purpose: vmstat -s.
Make sure to choose an appropriate swap size (e.g., 2G refers to two gigabytes; change this however you see fit)
lvcreate -L 4G matrix -n swap
Home Volume
lvcreate -l +100%FREE matrix -n home
Verify that the logical volumes were created correctly:
lvdisplay
Filesystem Configuration
The last steps of setting up the drive for installation are to make drive ready to receive installation.
to make it ready for installation, we do this with the mkfs (i.e., make file system) command. We choose the ext4 filesystem, but you could use a different one, depending on your use case:
Partition Formatting
Create a file system
Root
Now we have to format `/`, ext4 will be used for root.
mkfs.ext4 /dev/mapper/matrix-root
Home
Now we have to format `/home`, ext4 will be used for home.
mkfs.ext4 /dev/mapper/matrix-home
Swap creation
First we have to format swap, to make it an active swap partition.
Activate swap
To make swap into a swap partition, we run the mkswap (i.e., make swap) command:
mkswap /dev/mapper/matrix-swap
Enable swap partition
Activate the swap, allowing it to now be used as swap, using swapon (i.e., turn swap on) command:
swapon /dev/matrix/swap
Mount root partition
We now must mount the root partition on /mnt. You should also create directories for and mount any other partitions (/mnt/boot, /mnt/home, …) and mount your swap partition if you want them to be detected by genfstab.
Mount root in /mnt
So to mount root type:
mount /dev/mapper/matrix-root /mnt
Since root has been mounted at /mnt, now is needed to create the remaining directories. This is where will do so, using mkdir. These folders contain each user’s personal documents, videos, log files, etc:
Make remaining directories
Create home
mkdir -p /mnt/home
Mount other partitions
Mount home
mount /dev/mapper/matrix-home /mnt/home
Boot Setup
Setup the boot partition:
mkfs.ext4 /dev/sda1
mkdir -p /mnt/boot
mount /dev/sda1 /mnt/boot
You could also create two separate partitions for /boot and /home, but such a setup would be for advanced users, and is thus not covered in this guide. The setup of the drive and partitions is now complete; it’s time to actually install Hyperbola.
Verification of package signatures
New packager keys are necessary by default to install Hyperbola from current ISOs. Because changes in existing keys might happen since the ISO release, it is recommended, if not mandatory, to update the keys before attempting an install.
To check that your computer has the correct time, enter date in the terminal.
date
If the date is incorrect, you will need to manually set the correct time.
date MMDDhhmm[[CC]YY][.ss]
where MM is the month, DD the day, hh the hour, mm the minutes, CC the century, YY the year and .SS the seconds of current time, the seconds can be omitted (and then also the dot before them should be omitted), the year can also be submitted or just the century. for instance if the current time is 32 seconds and 44 minutes past 18 (6 pm) on the 13th November 2013. Then the command would be:
date 111318442013.32
Once the date is correct, we need to initialize the gnupg directory and update pacman's keys.
pacman-key --init
mount -o remount,size=100M,noatime /etc/pacman.d/gnupg
pacman-key --populate hyperbola
pacman-key --refresh-keys
If you get GPG errors updating those packages, you can try running these commands to start over:
rm -r /etc/pacman.d/gnupg/*
pacman-key --init
pacman-key --populate hyperbola
pacman-key --refresh-keys
If you get an error related to dirmngr, you can get rid of it with:
mkdir /root/.gnupg && chmod go-rx /root/.gnupg && touch /root/.gnupg/dirmngr_ldapservers.conf
For the time being, running the previous command might also be needed in the newly installed system.
Base system installation
Update keys of hyperiso:
pacman -S hyperbola-keyring
Install the base system using pacstrap:
pacstrap /mnt base
You can install additional packages passing base and the names of these packages as arguments after the root directory of the new installation (all packages from the base group are installed if no package is specified).
Install `xenocara-input-synaptics` only on laptops that have touchpad
pacstrap /mnt xenocara-input-synaptics
Wireless tools installation
If your wireless network is WPA protected, you'll need wpa_supplicant to connect to it:
pacstrap /mnt iw iproute2 wpa_supplicant
System configuration
Generate an fstab
Generate a fstab with the following command (if you prefer to use UUIDs or labels, add the -U or -L option, respectively):
genfstab -p /mnt >> /mnt/etc/fstab
genfstab -U -p /mnt >> /mnt/etc/fstab
Chroot and configure the base system
Next, chroot into our newly installed system:
arch-chroot /mnt
Hostname
Set hostname, by editing /etc/hostname file:
echo hyperpc > /etc/hostname
Add the same hostname, i.e. hyperpc, to /etc/hosts.
Type:
nano /etc/hosts
# <ip-address> <hostname.domain.org> <hostname> 127.0.0.1 localhost.localdomain localhost hyperpc ::1 localhost.localdomain localhost hyperpc
Setting up Locale
edit locale in /etc/locale.gen:
nano /etc/locale.gen
By uncomment the selected language locale, For color #620BB9/#EEDDFF>us</color>, English, it should look like this:
... #en_SG ISO-8859-1 en_US.UTF-8 UTF-8 #en_US ISO-8859-1 ...
After you’ve uncommented your language, generate the locale by runnning:
locale-gen
Then set locale preferences in /etc/locale.conf:
echo LANG=en_US.UTF-8 > /etc/locale.conf
echo LANGUAGE=en_US >> /etc/locale.conf
echo LC_TIME=en_US.UTF-8 >> /etc/locale.conf
Then export your chosen locale
export LANG=en_US.UTF-8
Keymap
Setup the console keymap and font preferences, by configure and changing the file /etc/conf.d/keymaps:
nano /etc/conf.d/keymaps
keymap="gr"
If you have an advanced usage of your keymap, you can watch the other functionalities, documented in the comments. You can find all the available keymaps in /usr/share/kbd/keymaps. Then run:
rc-update add keymaps default
Time zone
Set localtime, by creating a symbolic link /etc/localtime to your subzone file /usr/share/zoneinfo/Zone/SubZone:
ln -s /usr/share/zoneinfo/Zone/SubZone /etc/localtime
For example, here replace Zone and Subzone to Europe and Athens, respectively:
ln -s /usr/share/zoneinfo/Europe/Athens /etc/localtime
ln -s -f /usr/share/zoneinfo/Zone/SubZone /etc/localtime
Hardware clock
Set the hardware clock to UTC (Optional):
hwclock --systohc --utc
Root password
Set root user, password with passwd:
passwd
Add a user
lets add a normal user:
we choose the name `freedom` but you can change to whatever you prefer and add it to basic groups
useradd -m -G audio,disk,games,http,input,lp,network,optical,power,scanner,storage,sys,video,wheel -g users -s /bin/bash freedom
Assign password
passwd freedom
Bootloader installation and configuration
GRUB
- If you want to install GRUB for the (U)EFI mode, you will need to make sure that:
- The computer booted in (U)EFI mode (if /sys/firmware/efi exist, then it booted in (U)EFI mode)
- The efivars module is loaded. (modprobe efivars will load it)
Finally follow these steps:
pacman -S grub
grub-install /dev/sdX
Create grub.cfg file
grub-mkconfig -o /boot/grub/grub.cfg
nano /boot/grub/grub.cfg
Syslinux
See Syslinux for further details.
Setting up the kernel modules
Before we do that we need to install cryptsetup
pacman -S crypsetup
Now we need to make sure that the kernel has all the modules that it needs to boot the operating system. To do this, we need to edit a file called mkinitcpio.conf.
nano /etc/mkinitcpio.conf
There are several modifications that we need to make to the file:
- Change the value of the uncommented MODULES line to i915.
- This forces the driver to load earlier, so that the console font you selected earlier isn’t wiped out after getting to login.
- Be aware, when you add i915 into the uncommented modules line, that you remove these “ “
- If you are using a Macbook 2,1 you will also need to add hid-generic, hid, and hid-apple inside the quotation marks, in order to have a working keyboard when asked to enter the LUKS password. Make sure to separate each module by one space.
- Change the value of the uncommented HOOKS line to the following:
nano /etc/mkinitcpio.conf "base udev autodetect modconf block keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown"
Here’s what each module does:
- keymap adds to initramfs the keymap that you specified in /etc/conf.d/keymaps
- consolefont adds to initramfs the font that you specified in /etc/conf.d/keymaps
- lvm2 adds LVM support to the initramfs - needed to mount the LVM partitions at boot time
- shutdown is needed for unmounting devices (such as LUKS/LVM) during shutdown
After modifying the file and saving it, we need to update the kernel(s) with the new settings.
Then, we update both kernels like this, using the mkinitcpio command:
mkinitcpio -p linux-libre-lts
Configure Wireless
wpa_suplicant
- Configure wpa_supplicant
nano -w /etc/wpa_supplicant/wpa_supplicant.conf
Inside:
ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel update_config=1 network = { ssid="<network-name>" psk="your-pass" }
Add to service by default
rc-update add wpa_supplicant default
dhcpcd
Add to service by default
rc-update add dhcpcd default
BASE graphical interface
Install video package (depending on the brand of your video card)
Check video brand:
lspci | grep -e VGA
Install one, depending of brand:
Ati
pacman -S xenocara-video-ati
Intel
pacman -S xenocara-video-intel
Nvidia
pacman -S xorg-video-nouveau
Vesa (generic)
pacman -S xenocara-video-vesa
Xenocara components
# pacman -S xenocara-server xenocara-xinit
Setting in keyboard language for Xenocara
Here's an example:
nano ~/.xinitrc
and inside write:
setxkbmap gr
Typefaces
pacman -S ttf-liberation ttf-dejavu
Audio support
Install the required packages for audio to work:
pacman -S sndio alsa-utils
Add audio services to default
rc-update add alsasound default
rc-update add sndiod default
Officially supported desktop environments
Lumina Desktop
Lumina is a lightweight desktop environment, free of D-Bus and *kit, designed to have as few system dependencies and requirements as possible. Check this Wikipedia article, and the official handbook.
Installation
To install Lumina desktop, run:
pacman -S lumina lumina-extra
Configuration
A configuration file is installed in /etc/luminaDesktop.conf . Lumina also has a bunch of own configuration tools.
Invocation
Lumina provides its own replacement for startx to be started from console.
start-lumina-desktop
Alternatively it can be added to the ~/.xinitrc file for being started via startx or a display manager
nano ~/.xinitrc
and inside write:
exec start-lumina-desktop
How to start Xenocara?
Write a `~/.xinitrc` file
Uncomment your installed desktop or window manager, example file `~/.xinitrc`:
#!/bin/sh # # ~/.xinitrc # # Executed by startx (run your window manager from here) # # exec enlightenment_start # exec i3 # exec awesome # exec bspwm # exec startfluxbox # exec openbox-session # exec pekwm # exec dwm # exec icewm-session # exec jwm # exec notion # exec evilwm
Then from a tty, you can run `startx` and your desktop will start.
Install login manager (option 2)
Example: `slim`
pacman -S slim-theme-hyperbola
Add to service default
rc-update add slim default
Tools
Disks
pacman -S udevil
Add to service default
rc-update add devmon default
Net
dhcpcd-ui for IP management
pacman -S dhcpcd-ui
wpa-gui to connect to wifi
pacman -S wpa_supplicant_gui
Volume applet
Volume icon
pacman -S volumeicon
Synchronize Local Time
Install NTP
pacman -S ntp
Synchronize Time
ntpdate -u hora.roa.es
Add to service default
rc-update add ntpd default
File compressors
Normally we come across files compressed in ZIP, RAR and/or another format that are usually exchanged on the Internet. To improve functionality of these file compressors, we will add support for 7Z, RAR, ZIP and others.
GZip (known with extension ".tar.gz")
pacman -S zlib
BZip2
pacman -S bzip2
RAR
pacman -S unar
7Zip
pacman -S p7zip lrzip
ZIP
pacman -S zip libzip unzip
Reading and writing NTFS file systems
pacman -S ntfs-3g
Reading and writing XFS file systems
pacman -S xfsprogs
Multimedia support
To play multimedia files, you need to be able to have the codecs and player. To do this, we will proceed to install ffmpeg and gstreamer codecs, in addition to players. Here I suggest some players that you may find useful.
Codecs
pacman -S ffmpeg gstreamer gst-libav gst-plugins-bad gst-plugins-good gst-plugins-ugly gst-plugins-base gst-transcoder x264 libvorbis libvpx libtheora opus vorbis-tools
Audacious player
pacman -S audacious
SMPlayer
pacman -S smplayer smplayer-themes smplayer-skins
VLC player
pacman -S vlc
MPV player
pacman -S mpv
Lightweight image viewer
pacman -S viewnior
PDF viewer
pacman -S mupdf
UXP Applications
Thanks to the developers, in Hyperbola we have a web browser called iceweasel-uxp internet suite and a email-manager called iceape-uxp a mail and news reader called icedove-uxp
Iceweasel-UXP
pacman -S iceweasel-uxp
Iceape-UXP
pacman -S iceape-uxp
Icedove-UXP
pacman -S icedove-uxp
Office
In general, when using an Operating System, at least you have an office suite. In GNU/Linux, it's customary to have one. Fortunately in Hyperbola, Libreoffice is presented in its stable version. For install, run:
LibreOffice
pacman -S libreoffice
Spell check
To check spelling you will need hunspell
pacman -S hunspell
Hyphenation and justification
To have provide rules you also need `hyphen` + a set of rules (hyphen-en)
pacman -S hyphen hyphen-en
Synonyms
For Synonyms option you will need `mythes` + a mythes synonym library (mythes-en)
pacman -S libmythes mythes-en
Security
Security is important when browsing the Internet, that's why Hyperbola provides a tool called firejail in combination with a graphical interface called firetools
pacman -S firejail firetools
install the firewall nftables it comes configured to protect your system
pacman -S nftables
now add it to service default
rc-update add nftables default
Social
Hyperbola have programs for communication:
Tox
qTox:
pacman -S qtox
or
toxic:
pacman -S toxic
Enable the necessary services before leaving chroot
rc-update add lvm boot
rc-update add dmcrypt boot
rc-update add udev default
rc-update add lm_sensors default
Unmount and reboot
you are still in the chroot environment type exit or press Ctrl+D in order to exit.
exit
Earlier we mounted the partitions under /mnt. In this step we will unmount them:
umount -R /mnt
swapoff -a
lvchange -an /dev/matrix/root
lvchange -an /dev/matrix/home
lvchange -an /dev/matrix/swap
cryptsetup close lvm
Now reboot and then login into the new system.
reboot
Service management
Since Hyperbola removed entire systemd support, we suggest you read about Openrc which is our main default init system.
See Also
Conclusion
Your new Hyperbola GNU/Linux-libre base system is now a functional GNU/Linux environment.
Acknowledgement
This wiki article is based on ParabolaWiki. We may have removed non-FSDG bits from it.