# A Void Linux desktop install (Unfinished) This install is based on the [EFI boot stub](https://mth.st/blog/void-efistub/) blog entry of [Matthias Totschnig](https://mth.st/), the [Void Handbook](https://docs.voidlinux.org/about/index.html) and the Void Linux man pages. This guide focuses on a Void Linux x86-64 glibc/musl install. In this install gummiboot is used as bootloader and the root partition will be encrypted. ## Provisioning First off the drive should be partitioned, possibly with fdisk. It should have atleast two partitions with one `EFI System` Partition and one `Linux filesystem` partition. It should look something like this: | Number of partition | Size | Type | |:-----:|:-----:|:-----: | | 1 | 1 to 2 GB | EFI System | | 2 | Rest of the drive | Linux filesystem | Then to create the filesystem of the efi partition. ``` # mkfs.fat -F 32 -n efi /dev/ ``` And the encrypted filesystem of the root partition. ``` # cryptsetup luksFormat /dev/ --type luks2 --label luks # cryptsetup open --type luks /dev/ root # mkfs.ext4 -L root /dev/mapper/root ``` ## Installation The encrypted partition and the efi partition have to be mounted to the main system. ``` # mount /dev/mapper/root /mnt # mkdir /mnt/boot # mount /dev/ /mnt/boot # for dir in dev proc sys run; do > mkdir /mnt/$dir > mount --rbind --make-rslave /$dir /mnt/$dir > done ``` The "base-system" needs to be installed to the mounted drive. For this installation there is also other packages which are needed like NetworkManager, gummiboot and cryptsetup. * For glibc: ``` # xbps-install -Sy -R https://repo-default.voidlinux.org/current -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git ``` * For musl: ``` # xbps-install -Sy -R https://repo-default.voidlinux.org/current/musl -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git ``` To get internet inside the chroot whilst installing the system, copy over the `resolve.conf`. ``` # cp /etc/resolve.conf /mnt/etc/resolve.conf ``` Entering the chroot and configuring the system. ``` # chroot /mnt # chown root:root / # chmod 755 / # passwd root # echo > /etc/hostname ``` Adding the `uuid` of the root partition to `crypttab`, by first creating `/etc/crypttab`: ``` # touch /etc/crypttab ``` Then the `uuid` can be obtained by: ``` # lsblk -f |grep luks >> /etc/crypttab ``` Now edit `/etc/crypttab` and insert: ``` root /dev/disk/by-uuid/ none: ``` We can configure the `fstab` by editing `/etc/fstab` and inserting: ``` tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0 efivarfs /sys/firmware/efi/efivars efivarfs defaults 0 0 /dev/disk/by-label/root / ext4 defaults,noatime 0 1 /dev/disk/by-label/efi /boot vfat defaults 0 2 ``` Create `/etc/dracut.conf.d/30.conf` to configure dracut. ``` hostonly="yes" use_fstab="yes" install_items+=" /etc/crypttab " add_drivers+=" vfat nls_cp437 nls_iso8859_1 " ``` Create a symbolic link from `/etc/fstab.sys` to `/etc/fstab` to indicate that dracut should mount all the file systems listed. ``` # ln -s /etc/fstab /etc/fstab.sys ``` Then, to omit mounting them again in runit stage 1, disable the corresponding core service. ``` # mv /etc/runit/core-services/03-filesystems.sh{,.bak} ``` Edit `/etc/xbps.d/xbps.conf` to prevent the service from being added back by an update to runit-void. ``` noextract=/etc/runit/core-services/03-filesystems.sh ``` Now mount `efivarfs` to `/sys/firmware/efi/efivars`. ``` # mount -t efivarfs efivarfs /sys/firmware/efi/efivars ``` And install gummiboot. ``` # gummiboot install ``` Create `/boot/loader/void-options.conf` to configure gummiboot. ``` # touch /boot/loader/void-options.conf ``` The `uuid` is needed again and can be obtained by: ``` # lsblk -f |grep luks >> /boot/loader/void-options.conf ``` Now edit `/boot/loader/void-options.conf` and insert: ``` rw rd.luks.name==root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor ``` To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`. ``` timeout 4 ``` Then to configure the locales: * For glibc: edit `/etc/default/libc-locales` and uncomment. ``` en_US.UTF-8 UTF-8 ``` * For musl: ``` ``` Then reconfigure the locales. * For glibc: ``` # xbps-reconfigure -f glibc-locales ``` * For musl: ``` ``` To obtain better security, `apparmor` will be set to enforce. By editing `/etc/default/apparmor` and inserting: ``` APPARMOR=enforce ``` To set the internal network edit `/etc/hosts` and insert. ``` 127.0.1.1 ``` Finally reconfigure Linux. ``` # xbps-reconfigure -f linux{version} ``` Exit the chroot. ``` # exit ``` Do not forget to umount. (I always do). ``` # umount -r /mnt ``` And reboot. ``` # shutdown -r now ``` ## Post install