lnorg/documentation
1
2
Fork 0
Code Issues 30 Pull requests Projects 6 Activity
documentation/docs/alpine-desktop-setup/installation/installation.md
Tastatur 5f2353ee16 Spelling again
2023-12-26 12:54:54 +01:00

4.8 KiB
Raw Blame History

Installation

To install the Alpine Linux distribution on the system, the encrypted partition and the efi partition have to be mounted to the main system.

# mount /dev/vg0/aroot /mnt -t ext4
# mkdir /mnt/boot/efi -p
# mount /dev/<disk1> /mnt/boot/efi -t vfat

Then set up the base system using setup-disk:

# setup-disk -m sys /mnt

This will also add grub as bootloader which is going to be replaced on this system but for now it will reside on the boot partition.

Now the other directories are going to be mounted so that it's possible to chroot into the system:

# for i in dev proc sys run; do
> mount --rbind --make-rslave /$i /mnt/$i
> done
# mount /dev/vg0/avar /mnt/var
# mount /dev/vg0/atmp /mnt/tmp
# chroot /mnt

The other "setup" scripts can be used to configure key aspects of the system.

# setup-hostname <hostname>
# setup-keymap us us-euro
# setup-timezone -i <Area>/<Subarea>
# setup-ntp openntpd
# rc-update add acpid default
# passwd root

Set the hwclock to use localtime instead of UTC in /etc/conf.d/hwclock

clock="local"
clock_hctosys="NO"
clock_systohc="NO"

Edit /etc/fstab for correct mounts.

tmpfs   /tmp    tmpfs   nosuid,nodev    0 0
/dev/vg0/aroot  /       ext4    defaults,noatime    0 1
/dev/vg0/ahome  /home   ext4    defaults,noatime,nodev  0 1
/dev/vg0/atmp   /tmp    ext4    defaults,nodev,nosuid,noexec    0 1
/dev/vg0/avar   /var    ext4    defaults,nodev,nosuid,noexec    0 1
/dev/vg0/anix   /nix    ext4    defaults,nodev,nosuid   0 1
proc    /proc   proc    nosuid,nodev,noexec,hidepid=2   0 0
/dev/disk/by-label/efi  /boot/efi   vfat    defaults    0 2

By default Alpine Linux uses mkinitfs to create initramfs, although it's minimal that also means that it lacks some functionality which is needed for a proper setup. Because of this mkinitfs and grub-efi will be replaced with booster and secureboot-hook.

# apk add booster secureboot-hook sbctl
# apk del mkinitfs grub-efi

To configure booster edit /etc/booster.yaml:

busybox: false
modules: vfat,nls_cp437,nls_iso8859_1
enable_lvm: true

The most important step is the creation of uki's using secureboot-hook which also automatically signs them. First the hook itself will have to be tweaked to use booster instead of mkinitfs, edit /usr/share/kernel-hooks.d/secureboot.hook and change the line:

/sbin/mkinitfs -o "$tmpdir"/initramfs "$NEW_VERSION-$FLAVOR"

To:

/usr/bin/booster build "$tmpdir"/initramfs --kernel-version "$NEW_VERSION-$FLAVOR"

And configure /etc/kernel-hooks.d/secureboot.conf for cmdline and secureboot.

cmdline="rw rd.luks.name=<uuid>=root root=/dev/vg0/aroot modules=ext4 quiet splash rd.lvm.vg=vg0"

signing_cert="/usr/share/secureboot/keys/db/db.pem"
signing_key="/usr/share/secureboot/keys/db/db.key"

output_dir="/boot/efi/EFI/Linux"

output_name="alpine-linux-{flavor}.efi"

Here <uuid> has to be replaced with the uuid of the partition which contains our volume group:

# blkid -o value -s UUID /dev/<disk2> >> /etc/kernel-hooks.d/secureboot.conf

All that's left for booting is secureboot which sbctl will be used for to create keys, and sign some executables with.

# sbctl create-keys
# sbctl enroll-keys
...

Whilst enrolling the keys it might be necessary to add the --microsoft flag if you are unable to use custom keys.

Now to see if everything went succesfully run:

# apk fix kernel-hooks

And it should give no warnings if done properly.

To make our lives easier we'll also install gummiboot as a bootloader.

# apk add gummiboot
# gummiboot install --path=/boot/efi
# sbctl sign -s /boot/efi/EFI/gummiboot/gummibootx64.efi
# sbctl sign -s /boot/efi/EFI/Boot/BOOTX64.EFI

And also remove some junk left over by grub.

# rm -rf /boot/efi/EFI/alpine
# rm -rf /boot/grub

If you have multiple operating systems installed you can change the default OS it loads into with /boot/efi/loader/loader.conf and adding the line: default alpine. You can also install os-prober which can find operating systems and add them to your bootloader.

Before finishing up the installation networkmanager will be installed for networking.

# apk add networkmanager
# setup-devd udev
# rc-update add networkmanager default

Wifi will not yet work but this is will be done later on.

Now exit out of the chroot and you should be able to reboot into a working Alpine system.

# exit
# umount -lf /mnt
# reboot

Do note that "Linux Boot Manager" will have to be set to load first in your bios.

When booting up your screen might appear blank but you will have to enter the password you added for encryption and press enter.