2023-12-24 00:38:47 +01:00
# Installation
To install the Alpine Linux distribution on the system, the encrypted partition and the efi partition have to be mounted to the main system.
```
2024-01-01 20:47:20 +01:00
# mount /dev/vg<n>/alp_root /mnt -t ext4
2024-01-20 15:33:21 +01:00
# mkdir /mnt/efi -p
# mount /dev/<disk1> /mnt/efi -t vfat
2023-12-24 00:38:47 +01:00
```
Then set up the base system using `setup-disk` :
```
# setup-disk -m sys /mnt
```
2024-01-03 21:02:59 +01:00
This will also add grub as bootloader which will be replaced but for now it will reside on the boot partition.
2023-12-24 00:38:47 +01:00
2024-01-03 21:02:59 +01:00
To make it possible to chroot into the system, mount the other directories:
2023-12-24 00:38:47 +01:00
```
# for i in dev proc sys run; do
> mount --rbind --make-rslave /$i /mnt/$i
> done
# chroot /mnt
```
2024-03-24 17:37:18 +01:00
The other setup scripts can be used to configure key aspects of the system. Besides that a few necessary services have to be activated.
2023-12-24 00:38:47 +01:00
```
# setup-hostname <hostname>
# setup-keymap us us-euro
2023-12-27 12:06:05 +01:00
# setup-timezone -i <area>/<subarea>
2023-12-24 02:33:57 +01:00
# setup-ntp openntpd
2023-12-24 02:15:39 +01:00
# rc-update add acpid default
2024-03-24 17:37:18 +01:00
# rc-update add lvm boot
# rc-update add seedrng boot
2024-03-24 17:46:01 +01:00
# rm -rf /var/tmp ; ln -s /tmp /var/tmp
2023-12-24 00:38:47 +01:00
# passwd root
```
2024-01-03 21:02:59 +01:00
> The root password does not really matter because it is going to be locked after a user has been created.
2023-12-30 01:19:33 +01:00
2023-12-27 13:52:44 +01:00
Set the `hwclock` to use `localtime` instead of `UTC` in `/etc/conf.d/hwclock` :
2023-12-26 12:53:07 +01:00
```
clock="local"
clock_hctosys="NO"
clock_systohc="NO"
```
2023-12-27 13:52:44 +01:00
Edit `/etc/fstab` for correct mounts:
2023-12-24 00:38:47 +01:00
```
2024-01-20 15:33:21 +01:00
/dev/disk/by-label/efi /efi vfat defaults,nodev,nosuid,noexec 0 2
/dev/vg< n > /alp_root / ext4 defaults,noatime 0 1
/dev/vg< n > /alp_home /home ext4 defaults,noatime,nosuid,nodev 0 2
/dev/vg< n > /alp_var /var ext4 defaults,nodev,nosuid,noexec 0 2
/dev/vg< n > /alp_nix /nix ext4 defaults,noatime,nodev,nosuid 0 2
tmpfs /tmp tmpfs rw,size=4G,nr_inodes=5k,noexec,nodev,nosuid,mode=1777 0 0
proc /proc proc nosuid,nodev,noexec,hidepid=2 0 0
2023-12-24 00:38:47 +01:00
```
2023-12-27 13:52:44 +01:00
By default Alpine Linux uses `mkinitfs` to create initramfs, although it is minimal that also means that it lacks some functionality which is needed for a proper setup. Because of this `mkinitfs` and `grub-efi ` will be replaced with `booster` and `secureboot-hook` .
2023-12-24 00:38:47 +01:00
```
# apk add booster secureboot-hook sbctl
# apk del mkinitfs grub-efi
```
To configure booster edit `/etc/booster.yaml` :
```
2023-12-26 12:53:07 +01:00
busybox: false
2023-12-24 00:38:47 +01:00
modules: vfat,nls_cp437,nls_iso8859_1
enable_lvm: true
```
2024-01-03 21:02:59 +01:00
The most important step is the creation of a UKI using `secureboot-hook` which also automatically signs them. First the hook itself will have to be tweaked to use `booster` instead of `mkinitfs` , edit `/etc/kernel-hooks.d/50-secureboot.hook` and change the line:
2023-12-24 00:38:47 +01:00
```
/sbin/mkinitfs -o "$tmpdir"/initramfs "$NEW_VERSION-$FLAVOR"
```
2024-01-03 21:02:59 +01:00
to:
2023-12-24 00:38:47 +01:00
```
/usr/bin/booster build "$tmpdir"/initramfs --kernel-version "$NEW_VERSION-$FLAVOR"
```
2024-01-03 21:02:59 +01:00
and configure `/etc/kernel-hooks.d/secureboot.conf` for cmdline and secureboot.
2023-12-24 00:38:47 +01:00
```
2024-01-02 20:45:46 +01:00
cmdline="rw rd.luks.name=< uuid > =luks root=/dev/vg< n > /alp_root modules=ext4 quiet splash rd.lvm.vg=vg< n > "
2023-12-24 00:38:47 +01:00
signing_cert="/usr/share/secureboot/keys/db/db.pem"
signing_key="/usr/share/secureboot/keys/db/db.key"
2024-01-20 15:33:21 +01:00
output_dir="/efi/EFI/Linux"
2023-12-24 00:38:47 +01:00
output_name="alpine-linux-{flavor}.efi"
```
2024-01-03 21:02:59 +01:00
Here `<uuid>` has to be replaced with the uuid of the partition which contains the volume group:
2023-12-24 00:38:47 +01:00
```
2023-12-27 12:08:59 +01:00
# blkid /dev/<disk2> >> /etc/kernel-hooks.d/secureboot.conf
2023-12-24 00:38:47 +01:00
```
2024-01-03 21:02:59 +01:00
Use `sbctl` to create secureboot keys and sign them.
2023-12-24 00:38:47 +01:00
```
# sbctl create-keys
# sbctl enroll-keys
...
```
2023-12-24 13:08:54 +01:00
> Whilst enrolling the keys it might be necessary to add the `--microsoft` flag if you are unable to use custom keys.
2023-12-24 00:38:47 +01:00
Now to see if everything went succesfully run:
```
# apk fix kernel-hooks
```
And it should give no warnings if done properly.
2024-01-03 21:02:59 +01:00
As discussed earlier `grub` will be replaced, install `gummiboot` as a bootloader.
2023-12-24 00:38:47 +01:00
```
# apk add gummiboot
2024-01-20 15:33:21 +01:00
# gummiboot install --path=/efi
# sbctl sign -s /efi/EFI/gummiboot/gummibootx64.efi
# sbctl sign -s /efi/EFI/Boot/BOOTX64.EFI
2023-12-24 00:38:47 +01:00
```
2024-01-03 21:02:59 +01:00
And also remove some remnants of `grub` .
2023-12-24 00:38:47 +01:00
```
2024-01-20 15:33:21 +01:00
# rm -rf /efi/EFI/alpine
2024-01-20 15:55:53 +01:00
# rm -rf /efi/grub
2023-12-29 22:25:18 +01:00
# rm -rf /etc/default
2024-01-01 20:47:20 +01:00
# cd /boot && unlink boot
2023-12-24 00:38:47 +01:00
```
2024-01-21 14:28:22 +01:00
`gummiboot` can be configured with the file `/efi/loader/loader.conf` with which the timeout and the default OS can be specified.
2023-12-27 15:33:56 +01:00
```
2024-01-21 14:28:22 +01:00
default alpine-linux-lts.efi
2023-12-27 15:49:24 +01:00
timeout 2
2023-12-27 15:33:56 +01:00
editor no
```
2023-12-26 12:53:07 +01:00
2024-04-24 12:02:58 +02:00
Before finishing the installation `networkmanager` will be installed for networking. Also install `networkmanager-wifi` and `wpa_supplicant` for wifi functionality.
2023-12-26 12:53:07 +01:00
```
2024-04-24 12:02:58 +02:00
# apk add networkmanager networkmanager-wifi wpa_supplicant
2023-12-26 12:53:07 +01:00
# setup-devd udev
# rc-update add networkmanager default
```
2024-01-03 21:02:59 +01:00
Wifi will not yet work. For wifi configuration see the [network section ](post-install/network ).
2023-12-26 12:53:07 +01:00
2024-01-03 21:02:59 +01:00
> If internet does not work after reboot create the config file as described in the [network section](post-install/network) and restart the service.
2023-12-26 13:24:37 +01:00
2024-01-03 21:02:59 +01:00
Now exit the chroot and you should be able to reboot into a working Alpine system.
2023-12-24 00:38:47 +01:00
```
# exit
# umount -lf /mnt
2023-12-24 01:10:15 +01:00
# reboot
2023-12-24 00:38:47 +01:00
```
2024-01-02 20:44:19 +01:00
When booting up your screen might appear blank, this is the encryption prompt. Enter the encryption key and press enter to boot.
2024-01-02 20:45:46 +01:00
> Do note that "Linux Boot Manager" will have to be set to load first in your bios.