In the Love of Arch Linux 💗

15/10/2020
24-minute read

Introduction

Arch Linux is my favorite Linux Distrubtion, it’s minimal, and has a lot of community support. Why Arch Linux ✌ ?

You can Proudly say: BTW i use Arch Linux :D
Keep it Simple
Do it yourself ( DIY ), configure it once and use it all the time
AUR ( one of the largest Linux packages repository )
Rolling Distro ( no versioning ) you feel this impact if you are using the system for many years
Bleeding Edge, Arch Linux really strives to stay bleeding edge, Arch Linux typically offers the latest stable version of most software

I been using Arch Linux since 2013, and initially i faced many challanges to running it, specially on the period nvidia support was not as easy as it’s today.

However it’s worthy experince. also again you get intitle to say the famous powerfull magic word when you get in arugment with any other Linux user, I Use Arch Linux BTW.

More About Arch Linux

I originally wrote this post in 2019, prior to the installation script that Arch shipped by default now with Arch ISO, the old way is still valid and give better insight of how Linux subsystems connected togather and you will learn more about the commands.

But there is no harm in using the new way, either way i have documented both ways.

If you are using windows, with no previous knowledge to Linux in general, then i recommend you to start using Linux with other distro like Ubuntu or Mint then when you feel comfortable jump to Arch Linux.

I will assume you are a basic Linux user and have simple knowledge of working with the command line.

Prepare for the installation

Arch Linux by default use online repository during the installation. but there is a way to create a local repository hosted on the USB. something bigger than 8 GB is more than enough.

We will use fdisk to partition our USB stick, we will create 2 partition:

Partition will hold the Arch Linux ISO installer, and we going to configure to be bootable in both UEFI, and BIOS, 1GB is enough for this partition.
Partition will hold configuration + Local repository for offline Arch Linux installation.

Assuming the usb have sdj as drive letters

fdisk /dev/sdj

The below commands are as follow
o -> n -> default enter -> default enter -> default first sector -> last sector +1GB -> a ( flag it as bootable ) -> n -> default enter -> default enter -> default first sector -> default last sector -> w

Welcome to fdisk (util-linux 2.36.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.


Command (m for help): o
Created a new DOS disklabel with disk identifier 0xcb2f0e1d.

Command (m for help): n
Partition type
   p   primary (0 primary, 0 extended, 4 free)
   e   extended (container for logical partitions)
Select (default p): 

Using default response p.
Partition number (1-4, default 1): 
First sector (2048-30310399, default 2048): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-30310399, default 30310399): +1GB

Created a new partition 1 of type 'Linux' and of size 954 MiB.

Command (m for help): a
Selected partition 1
The bootable flag on partition 1 is enabled now.

Command (m for help): n
Partition type
   p   primary (1 primary, 0 extended, 3 free)
   e   extended (container for logical partitions)
Select (default p): 

Using default response p.
Partition number (2-4, default 2): 
First sector (1955840-30310399, default 1955840): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (1955840-30310399, default 30310399): 

Created a new partition 2 of type 'Linux' and of size 13.5 GiB.

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

For the first partition we will use FAT file system, for the second partition we will use EXT4.

mkfs.fat -F32 /dev/sdj1
mkfs.ext4 /dev/sdj2 -L "Data"

Bootloader

Bootloader is a piece of software responsible for loading other software which is the kernel. afaik there is 2 type of booting your system, the legacy way is using BIOS, while the modern secure way is using UEFI .

There is mutiple boot loader the work with Linux, systemd now eat a lot of other software, and it has it own bootloader which work only with UEFI, however since this boot loader is for the USB live system it self, i will be using GRUB. GRUB support both way of booting. check this comparsion table on Arch Linux wiki to compare all boot loader that work with Arch Linux and their Firmware support.

The only other option i might consider other than GRUB is systemd-boot, systemd-boot only support UEFI, most modern computers support UEFI from long time.

We going to configure GRUB to boot with both way, BIOS and UFEI, just in case.

Preparing the boot partition, in order to support both modes ( this is for the installation media (USB stick ) to boot, not the intended final system installation ), we going use DD command to dump the iso into the first parition we have created previously, and modify some text to use UUID to track the disk instead of disk labels.

Follow the below commands.

mkdir -p /mnt/{iso,usb}
mount -o loop archlinux-2020.10.01-x86_64.iso /mnt/iso
mount: /mnt/iso: WARNING: source write-protected, mounted read-only.
mount /dev/sdj1 /mnt/usb/
cp -a /mnt/iso/* /mnt/usb/
sync
umount /mnt/iso/

Depending the way the system was booted ( BIOS or UEFI ), different configuration file will be used, in case of UEFI archiso-x86_64-linux.conf will be used, for BIOS archiso_sys-linux.cfg will be used, we will insert the disk UUID in both files in order to support both ways.

First obtain the boot partition UUID by using ls

ls -l /dev/disk/by-uuid/ | grep sdj1
lrwxrwxrwx 1 root root 10 Oct 15 22:44 6819-E686 -> ../../sdj1

UEFI

change the archisodevice as below

vim archiso-x86_64-linux.conf

#
# SPDX-License-Identifier: GPL-3.0-or-later

title   Arch Linux install medium (x86_64, UEFI)
linux   /arch/boot/x86_64/vmlinuz-linux
initrd  /arch/boot/intel-ucode.img
initrd  /arch/boot/amd-ucode.img
initrd  /arch/boot/x86_64/initramfs-linux.img
options archisobasedir=arch archisodevice=/dev/disk/by-uuid/6819-E686

BIOS

change the archisodevice as below

vim archiso_sys-linux.cfg

LABEL arch64
TEXT HELP
Boot the Arch Linux install medium on BIOS.
It allows you to install Arch Linux or perform system maintenance.
ENDTEXT
MENU LABEL Arch Linux install medium (x86_64, BIOS)
LINUX boot/x86_64/vmlinuz-linux
INITRD boot/intel-ucode.img,boot/amd-ucode.img,boot/x86_64/initramfs-linux.img
APPEND archisobasedir=arch archisodevice=/dev/disk/by-uuid/6819-E686

Unmount the USB, generally for Linux you will need to disable the secure boot from your mother board settings.

Plug the USB into your device, navigate to the boot menu, usually you will find the USB manufacture name in the menu, choose UEFI if possible.

To verify that Arch Linux booted successfully, you should find root@archlinux on the left side. congratulation now we are going to do some configure for the local repository before installation Arch Linux.

Prepare the system

What a lovely message :

To install Arch Linux follow the installation guide:
https://wiki.archlinux.org/index.php/Installation_guide

For Wi-Fi, authenticate to the wireless network using the iwctl utility.
Ethernet and Wi-Fi connections using DHCP should work automatically.

After connecting to the internet, the installation guide can be accessed
via the convenience script Installation_guide.

Last login: Fri Nov 27 15:19:13 2020
root@archiso ~

First thing first, set time correctly and activate NTP

timedatectl set-timezone 'Asia/Riyadh'
timedatectl set-ntp true

Check your available disk, and locate the USB drive and the your main system drive, there must be an entry for each hardware harddisk you have.

fdisk -l

Mount the second partition on /opt/arch

mkdir /opt/arch
mount /dev/vdb2 /opt/arch

Network configuration

check your interfaces with

ip a

For Ethernet interface, your should have an IP assigned to your machine, if the above command showed an IP, then you are good to go, try to ping some website e.g. duckduckgo.com or something to double check your internet connection.

For Wireless check your Wireless interface name, it’s usually something like wlan0, it’s not easy to configure Wireless using command line, however it’s not that hard too. you will need the SSID for the network you will connect to.
SSID = your network name along with the WiFi password on the below command, you can name the file anything instead of SSID

wpa_passphrase "SSID" "Password" >> /etc/<ssid>.conf
wpa_supplicant -B -i <interface> -c /etc/<ssid>.conf

Create local repository

Creating the local respository will allow you to install Arch Linux offline, you can skip this section if you will always have internet connection, for me at least i will keep local repository for faster installation.

Clean up the second partition by deleting lost+found directory ( this directory get created when you format the drive with EXT4 file system ), and make our own pacman configuration file, pacman is Arch Linux package manager. you will use pacman a lot.

Create the following Directories:
1.pkgs - to store the packages
2.db - database files only and packages signatures
3.gpg - clearly GPG keys will be stored here

rm -r /opt/arch/lost+found
cp /etc/pacman.conf /opt/arch/pacman/conf 
mkdir /opt/arch/pacman/{pkgs,db,gpg}
vim /opt/arch/pacman/conf

I like keeping the configuration file clean, and remove commented lines to make it easier to track. so i have removed all commented lines. in the bottom we will define our local repository. ironically we will comment our local repository for now, until it’s ready.

[options]
DBPath      = /opt/arch/pacman/db/
CacheDir    = /opt/arch/pacman/pkgs/
GPGDir      = /opt/arch/pacman/gpg/
HoldPkg     = pacman glibc
Architecture = auto
CheckSpace
SigLevel    = Required DatabaseOptional
LocalFileSigLevel = Optional


[core]
Include = /etc/pacman.d/mirrorlist

[extra]
Include = /etc/pacman.d/mirrorlist

[community]
Include = /etc/pacman.d/mirrorlist

[multilib]
Include = /etc/pacman.d/mirrorlist

#[arch]
#SigLevel = Optional TrustAll
#Server = file:///opt/arch/pacman/db

Initilaze the directory with the needed GPG keys, we will need to specifiy the configuration file path, along with GPG directory path.

pacman-key --init --config /opt/arch/pacman/conf --gpgdir /opt/arch/pacman/gpg/
pacman-key --populate archlinux --config /opt/arch/pacman/conf --gpgdir /opt/arch/pacman/gpg/

The output should be something like this.

root@archiso ~ #  pacman-key --init --config /opt/arch/pacman/conf --gpgdir /opt/arch/pacman/gpg/
gpg: /opt/arch/pacman/gpg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/opt/arch/pacman/gpg/secring.gpg' to gpg-agent
gpg: migration succeeded
gpg: Generating pacman keyring master key...
gpg: key 1156C60ECAB26AB9 marked as ultimately trusted
gpg: directory '/opt/arch/pacman/gpg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/opt/arch/pacman/gpg/openpgp-revocs.d/955CCA6F2711D56D758564DC1156C60ECAB26AB9.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
root@archiso ~ # pacman-key --populate archlinux --config /opt/arch/pacman/conf --gpgdir /opt/arch/pacman/gpg/
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
  -> Locally signing key D8AFDDA07A5B6EDFA7D8CCDAD6D055F927843F1C...
  -> Locally signing key DDB867B92AA789C165EEFA799B729B06A680C281...
  -> Locally signing key 91FFE0700E80619CEB73235CA88E23E377514E00...
  -> Locally signing key 0E8B644079F599DFC1DDC3973348882F6AC6A4C2...
  -> Locally signing key AB19265E5D7D20687D303246BA1DFB64FFF979E7...
==> Importing owner trust values...
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
  -> Disabling key 8F76BEEA0289F9E1D3E229C05F946DED983D4366...
  -> Disabling key 63F395DE2D6398BBE458F281F2DBB4931985A992...
  -> Disabling key 50F33E2E5B0C3D900424ABE89BDCF497A4BBCC7F...
  -> Disabling key 27FFC4769E19F096D41D9265A04F9397CDFD6BB0...
  -> Disabling key 39F880E50E49A4D11341E8F939E4F17F295AFBF4...
  -> Disabling key 8840BD07FC24CB7CE394A07CCF7037A4F27FB7DA...
  -> Disabling key 5559BC1A32B8F76B3FCCD9555FA5E5544F010D48...
  -> Disabling key 0B20CA1931F5DA3A70D0F8D2EA6836E1AB441196...
  -> Disabling key 07DFD3A0BC213FA12EDC217559B3122E2FA915EC...
  -> Disabling key 4FCF887689C41B09506BE8D5F3E1D5C5D30DB0AD...
  -> Disabling key 5A2257D19FF7E1E0E415968CE62F853100F0D0F0...
  -> Disabling key D921CABED130A5690EF1896E81AF739EC0711BF1...
  -> Disabling key 7FA647CD89891DEDC060287BB9113D1ED21E1A55...
  -> Disabling key BC1FBE4D2826A0B51E47ED62E2539214C6C11350...
  -> Disabling key 4A8B17E20B88ACA61860009B5CED81B7C2E5C0D2...
  -> Disabling key 5696C003B0854206450C8E5BE613C09CB4440678...
  -> Disabling key 684148BB25B49E986A4944C55184252D824B18E8...
  -> Disabling key 8CF934E339CAD8ABF342E822E711306E3C4F88BC...
  -> Disabling key F5A361A3A13554B85E57DDDAAF7EF7873CFD4BB6...
  -> Disabling key 5E7585ADFF106BFFBBA319DC654B877A0864983E...
  -> Disabling key 65EEFE022108E2B708CBFCF7F9E712E59AF5F22A...
  -> Disabling key 40440DC037C05620984379A6761FAD69BA06C6A9...
  -> Disabling key 34C5D94FE7E7913E86DC427E7FB1A3800C84C0A5...
  -> Disabling key 1A60DC44245D06FEF90623D6EEEEE2EEEE2EEEEE...
  -> Disabling key 81D7F8241DB38BC759C80FCE3A726C6170E80477...
  -> Disabling key E7210A59715F6940CF9A4E36A001876699AD6E84...
  -> Disabling key 5357F3B111688D88C1D88119FCF2CB179205AC90...
  -> Disabling key 4D913AECD81726D9A6C74F0ADA6426DD215B37AD...
  -> Disabling key FB871F0131FEA4FB5A9192B4C8880A6406361833...
  -> Disabling key 66BD74A036D522F51DD70A3C7F2A16726521E06D...
  -> Disabling key 487EACC08557AD082088DABA1EB2638FF56C0C53...
  -> Disabling key B1F2C889CB2CCB2ADA36D963097D629E437520BD...
  -> Disabling key 9515D8A8EAB88E49BB65EDBCE6B456CAF15447D5...
  -> Disabling key 76B4192E902C0A52642C63C273B8ED52F1D357C1...
  -> Disabling key 40776A5221EF5AD468A4906D42A1DB15EC133BAD...
  -> Disabling key D4DE5ABDE2A7287644EAC7E36D1A9E70E19DAA50...
  -> Disabling key 44D4A033AC140143927397D47EFD567D4C7EA887...
==> Updating trust database...
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 786C63F330D7CB92: no user ID for key signature packet of class 10
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: key 1EB2638FF56C0C53: no user ID for key signature packet of class 10
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   5  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:   5  signed:  80  trust: 0-, 0q, 0n, 5m, 0f, 0u
gpg: depth: 2  valid:  77  signed:  25  trust: 77-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2021-01-01
pacman-key --populate archlinux --config /opt/arch/pacman/conf --gpgdir   7.97s user 0.53s system 95% cpu 8.888 total

Download the needed packages to the local repository, clearly we will not mirror the entire Arch Linux repository, the following packages consider enough for normal Arch Linux system.

gnome gnome-extra xfce4 xfce4-goodies base base-devel xorg-xinit xorg-server xorg-apps grub efibootmgr os-prober nvidia bumblebee openssh grub linux-headers networkmanager network-manager-applet dialog xorg-xinit xorg-server-common  mesa lib32-nvidia-libgl xf86-video-amdgpu i3-wm vim zsh nano lvm2 lightdm lightdm-gtk-greeter lightdm-gtk-greeter-settings apparmor

You can extended the list as you like but keep in mind your USB stick capacity.

pacman -Syw --cachedir /opt/arch/pacman/pkgs/ --config /opt/arch/pacman/conf --gpgdir /opt/arch/pacman/gpg gnome gnome-extra xfce4 xfce4-goodies base base-devel xorg-xinit xorg-server xorg-apps grub efibootmgr os-prober nvidia bumblebee openssh grub linux-headers networkmanager network-manager-applet dialog xorg-xinit xorg-server-common  mesa lib32-nvidia-libgl xf86-video-amdgpu i3-wm vim zsh nano lvm2 lightdm lightdm-gtk-greeter lightdm-gtk-greeter-settings apparmor

It’s trival to create Arch Linux repoistory, it’s just with one command. you can uncomment the repository from pacman configuration file.

cd /opt/arch/pacman/db
repo-add arch.db.tar.gz /opt/arch/pacman/pkgs/*

You now have an installation media ready to be used to install Arch Linux, there is a lot of different ways to install Linux in general, however i have 2 approaches.

First approach, is doing the command by your self manually, this will have high risk of forgetting something, and require great knowledge of what you are doing 🤦‍♂️, but it’s really fun at least for me, i love learning by mistake it give you a deeper understanding of how the system work.

Second approach, is using the default installation script that is shipped with Arch Linux, it’s actually really cool and give you a lot of options and really fast the only missing part atm is configuring pacman to use the local repository instead of online one then you are ready to use the script

There is no harm of doing it both ways, over and over again, and improving your setup each time.

I recommend you to document your process, make a github repository to hold your configuration file, it will be expanded later and have more value with team.

For the Linux enthusiasts like me, use something other than github ( since it’s owned by Microsoft 🤷‍♂️ ) or even better host your own git server.

First Approach

Partition

This step is highly depend on your main operating system disk, and once you become an expert you can try different file system other than EXT4, i will try to keep it simple while secure as possbile, we will encrypt the main disk for Arch Linux and use LVM for better disk performance and flexibility.

There is a common knowledge, that when you delete a file you actually only deleting an entry from the INODE table, to really erase the file you will also need to zero the bytes on the hard disk itself, there is multiple way of doing this, you may refer to Securely wipe disk , for more information.

I will be using shred command for clearing the hard drive, this is a very slow process you may skip this step if you don’t care.

The following command will fill the disk with random data, and it will do this 3 times ( don’t ask me why it’s paranoid mentality 👀), again this command will take very long time even if the disk space is small, i wont use it in the main Arch Linux disk since this disk get written very often and most files are only operating system files however if you want you can do it ( it’s always why not ? not why 😜 ).

shred --verbose --random-source=/dev/urandom --iterations=3 /dev/sda

As we discussed before, we will support the 2 firmware mode of bootloading, so will make 3 paritions in total: 1.BIOS bootloader partition ( 512MB )
2.UEFI bootloader partition ( 512MB )
3.LVM parition ( all the reset, since we will partiton this one with lvm command later )
commands: g -> n -> last sector +512MB -> n -> last sector +512MB -> t -> 2 -> 1 -> n -> t -> 3 -> 30 -> w ( for the last one dont enter any thing in the last secotr and just press enter ).

Now we will partition you main computer hard drive, we will create 3 partitions, one for bios as fall back, EFI, and LVM partition that hold the OS. Im doing this installation on Virtual Machine, so it can be easier for me to copy the output, however it should be almost the same on your physical machine.

We will utilze fdisk again 😊, this time assuming hard drive letter is vda

fdisk /dev/vda

command sequence: g -> n -> default enter -> default first sector -> +512MB for last sector
Now you have created the first partition successfully.

Welcome to fdisk (util-linux 2.36).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table.
Created a new DOS disklabel with disk identifier 0x79f59da0.

Command (m for help): g
Created a new GPT disklabel (GUID: DC5BBF00-A52E-C341-A83A-802BEE2508D6).

Command (m for help): n
Partition number (1-128, default 1): 
First sector (2048-104857566, default 2048): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2048-104857566, default 104857566): +512MB

Created a new partition 1 of type 'Linux filesystem' and of size 488 MiB.

command sequence: n -> default enter -> default first sector -> +512MB for last sector -> t -> default enter -> 1

Now you have created the second partition successfully, change the type of the parition to be EFI system.

Command (m for help): n
Partition number (2-128, default 2): 
First sector (1001472-104857566, default 1001472): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (1001472-104857566, default 104857566): +512MB

Created a new partition 2 of type 'Linux filesystem' and of size 488 MiB.

Command (m for help): t
Partition number (1,2, default 2): 
Partition type or alias (type L to list all): 1

Changed type of partition 'Linux filesystem' to 'EFI System'.

command sequence: n -> default enter -> default first sector -> default last sector -> t -> default enter -> 30

Now you have created all partition and change the type of the third partition to be LVM.

Command (m for help): n
Partition number (3-128, default 3): 
First sector (2000896-104857566, default 2000896): 
Last sector, +/-sectors or +/-size{K,M,G,T,P} (2000896-104857566, default 104857566): 

Created a new partition 3 of type 'Linux filesystem' and of size 49 GiB.

Command (m for help): t
Partition number (1-3, default 3): 
Partition type or alias (type L to list all): 30

Changed type of partition 'Linux filesystem' to 'Linux LVM'.

Command sequence: w to write the changes to the disk.

Command (m for help): w
The partition table has been altered.
Calling ioctl() to re-read partition table.
Syncing disks.

Formatting the BIOS partition to be EXT2 ( we are using EXT2 because of the same size).
Formatting the UEFT partition to be FAT32.

mkfs.ext2 -L "boot" /dev/vda1
mkfs.fat -F32 /dev/vda2

We will Encrypt the main partition that will hold Arch Linux, we will use cryptsetup utility.
Use the below command to encrypt vda3 partition.
Confirm the choose with all capital letters YES this will erase the existenanc drive, enter your encryption password twice for confirmation.
Losing the encryption password will result in data loss forever, however we will setup an encryption key-file later on as backup way of accessing your drive.

cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random luksFormat  /dev/vda3

WARNING!
========
This will overwrite data on /dev/vda3 irrevocably.

Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /dev/vda3: 
Verify passphrase: 
WARNING: Locking directory /run/cryptsetup is missing!
Key slot 0 created.
Command successful.
cryptsetup --verbose --cipher aes-xts-plain64 --key-size 512 --hash sha512     69.84s user 2.34s system 216% cpu 33.394 total

Create encryption key, you may store this encryption key of your USB stick

dd bs=512 count=4 if=/dev/urandom of=<keyfile> iflag=fullblock # "example"
dd bs=512 count=4 if=/dev/urandom of=/opt/arch/keys/arch.key iflag=fullblock

Add the encryption key to the drive

cryptsetup luksAddKey <dev> <keyfile> # "example"
cryptsetup luksAddKey /dev/nvme0n1p3 /opt/arch/keys/arch.key

The encryption information is stored at the beginning of the hard drive, so if anything got corrupted to the disk header, it will result in lockdown of the data with no way of restoring it. it’s good practise to also take a backup of the disk header

cryptsetup luksDump <dev> # "example"
cryptsetup luksDump /dev/nvme0n1p3 > /opt/arch/headers/arch.header

Before configuring LVM, you will need to uncrypt the drive and mount it
Replace dev name with device letter vda3 in our case, and choose a name for the mounted disk

cryptsetup open --type luks <dev> <name> # "example"
cryptsetup open --type luks /dev/vda3 disk1
modprobe dm_mod

Now configuring LVM, LVM is really cool way of utilizing your hard drives.
Covering LVM is beyond the scope of this article, however you may read more about it in LVM
To keep it simple, LVM create group of volumes and then partition them internally, you need to pick a name for this group, i choosed iUseArchBtw 😜.
pvcreate to initialize physical volume
vgcreate to create volume group
lvcreate to create volume, there is multiple option to size the volume you are creating -L to specify the exact size of the volume or using -l 100%FREE to use the reset of available unused space

pvcreate /dev/mapper/<name> # "example"
pvcreate /dev/mapper/disk1
vgcreate <groupname> /dev/mapper/<name> # "example"
vgcreate iUseArchBtw /dev/mapper/disk1
lvcreate -L <size> <group> -n <name> # "example"
lvcreate -L 20GB iUseArchBtw -n lv_root
lvcreate -l 100%FREE iUseArchBtw -n lv_home
vgscan
vgchange -ay

Assuming you have a basic understanding of the Linux filesystem, it’s up to you how to partition your disk, a simple way you can start with is to create 2 parition
1.Root - to hold the installation for Arch Linux, logs and packages
2.Home - to store your user account data if this paritition for any reason got full your system will still operate normally, it wont distrube your Linux system
At later stage you can play around with more option like different file system or make a backup partition, /var partition to hold only logs, you can also keep it simple and not over engineer it

Format the partition with the following commands

mkfs.ext4 /dev/iUseArchBtw/lv_root -L "root"
mkfs.ext4 /dev/iUseArchBtw/lv_home -L "home"

Start the installation process and mount all drives on /mnt

mount /dev/iUseArchBtw/lv_root /mnt
mkdir /mnt/{boot,home,efi}
mount /dev/iUseArchBtw/lv_home /mnt/home
mount /dev/vda1 /mnt/boot
mount /dev/vda2 /mnt/efi
rm -r /mnt/lost+found 
rm -r /mnt/boot/lost+found 
rm -r /mnt/home/lost+found

Stay clean and remove all lost+found directories from all the newely created partition

Installing the Arch Linux from our local repository, we going to use pacstrap command which uses pacman to pass the configuration file use -C option. Install the base & base-devel package group as starting point, we will chroot later to the system and install more packages

pacman keep a internally database for all installed packages on your system, if you install package from outside like here, the internal database of pacman wont recongize that the package has been installed, so to stay clean we will keep only 2 group packages

pacstrap -C /opt/arch/pacman/conf -i /mnt base base-devel

Umount the local repository partition and mount inside Arch Linux

umount /opt/arch
mkdir /mnt/opt/arch

Arch-chroot is really magical command, you are now in your future Linux system, i really like it 😉

arch-chroot /mnt

Setup a password for your root account so you don’t forget about it, if you forgot this you will need to boot again from USB unencrypt your drive arch-chroot again and then setup a password 😁

Also create a separate user than root

passwd
useradd -m -s /bin/bash <name>

Mount the local repo parition.

mount /dev/vdb2 /opt/arch

Install nessery packages, you will customize your system now, hardware drivers ( e.g. GPU nvidia or AMD ), desire desktop manager, and so on. I will be using xfce4 since it’s simple

pacman -S --config /opt/arch/pacman/conf --cachedir /opt/arch/pacman/pkgs --gpgdir /opt/arch/pacman/gpg lvm2 vim nano zsh linux-headers linux xfce4 xfce4-goodies lightdm lightdm-gtk-greeter lightdm-gtk-greeter-settings apparmor grub efibootmgr os-prober xorg-server xorg-xinit xorg-apps networkmanager network-manager-applet

Configure time zone and locale

cat /etc/locale.gen
localectl set-locale "en_US.UTF-8"
timedatectl set-timezone "Asia/Riyadh"

Ramdisk

Linux boot process consiste of multiple stage, something at BIOS or UEFI, and then your bootloader like GRUB, then you will load something called initial ramdisk, we will use mkinitcpio to initate our ramdisk.

To load encrypted drive we will need to add some hooks, the order of these hooks matter
The 2 hooks we are going to add are encrypt & lvm2 edit the file /etc/mkinitcpio.conf

vim /etc/mkinitcpio.conf

Add encrypt & lvm2 between block & filesystems as below

MODULES=()
BINARIES=()
FILES=()
HOOKS=(base udev autodetect modconf block encrypt lvm2 filesystems keyboard fsck)

Run mkinitcpio command to initial the ramdisk, Arch Linux support multiple kernel, LTS and hardened and zen, you will need to do the below step for each kernel version you have installed

mkinitcpio -p linux

GRUB

We need to configure GRUB to prompt us with unlocking the encrypted drive, we going to modifiy default GRUB command line options

vim /etc/default/grub

You will need to add the desire drive to unencrypt it, the option is cryptdevice, replace the device name with your own and LVM group with the name you choosed eariler
Add apparmor parameters so later on you can use apparmor
Your configuration file should look something like this

### GRUB boot loader configuration

GRUB_DEFAULT=0
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="Arch"
GRUB_CMDLINE_LINUX_DEFAULT="cryptdevice=/dev/nvme0n1p3:IUseArchBtw apparmor=1 security=apparmor loglevel=3 quiet"
GRUB_CMDLINE_LINUX=""
...

Since UEFI can be booted from BIOS but not the other way around, try to use UEFI when possible, to install GRUB UEFI execute the below command

grub-install --target=x86_64-efi --efi-directory=efi --bootloader-id=GRUB

If you don’t want to install GRUB in UEFI, and want to use BIOS, use the bellow command

grub-install --target=i386-pc --recheck /dev/vda

Generate the configuration file for GRUB, i choosed english language.

cp /usr/share/locale/en\@quot/LC_MESSAGES/grub.mo /boot/grub/locale/en.mo
grub-mkconfig -o /boot/grub/grub.cfg

To boot into graphical user interface, you need DisplayManager, every Desktop environment have a DisplayManager, the DisplayManager is not restricted to a Desktop environment, gnome gdm can be used with xfce4

I will be using lightdm DisplayManager for now

To make lightdm work properly, it come with various greeter software, greeter is the piece of software that will prompt you for login, there gtk greeter and web greeter, i will be using gtk greeter for now

Edit lightdm configuration file, look for greeter-session, and modify as below.

vim /etc/lightdm/lightdm.conf

greeter-session=lightdm-gtk-greeter

Enable the lightdm service to start with system startup also enable NetworkManager service so you can have internet connection after reboot

systemctl enable lightdm.service
systemctl enable NetworkManager.service

This is the end of the installation process, exit your Arch-chroot with Ctrl+D, umount all drives and reboot your system

umount -a
reboot

Unplug your USB stick, hopefully everything went fine, and you should have lightdm gtk greeter window, login with your user ( don’t user root )

Even we went through a lot to install Arch Linux, this is should be simple setup. Approach two should be a lot easier since we going to use installation script.