luc/void-desktop
1
1
Fork 0
Code Issues Pull requests Wiki Activity
void-desktop/void-desktop-install.md
tastatur 0cff788e38 Update 'void-desktop-install.md'
2023-04-07 14:54:02 +02:00

4.7 KiB
Raw Blame History

A Void Linux desktop install (Unfinished)

This install is based on the EFI boot stub blog entry of Matthias Totschnig, the Void Handbook and the Void Linux man pages. This guide focuses on a Void Linux x86-64 glibc/musl install. In this install gummiboot is used as bootloader and the root partition will be encrypted.

Provisioning

First off the drive should be partitioned, possibly with fdisk. It should have atleast two partitions with one EFI System Partition and one Linux filesystem partition.

It should look something like this:

Number of partition Size Type
1 1 to 2 GB EFI System
2 Rest of the drive Linux filesystem

Then to create the filesystem of the efi partition.

# mkfs.fat -F 32 -n efi /dev/<disk1>

And the encrypted filesystem of the root partition.

# cryptsetup luksFormat /dev/<disk2> --type luks2 --label luks
# cryptsetup open --type luks /dev/<disk2> root
# mkfs.ext4 -L root /dev/mapper/root

Installation

The encrypted partition and the efi partition have to be mounted to the main system.

# mount /dev/mapper/root /mnt
# mkdir /mnt/boot
# mount /dev/<disk1> /mnt/boot
# for dir in dev proc sys run; do
> mkdir /mnt/$dir
> mount --rbind --make-rslave /$dir /mnt/$dir
> done

The "base-system" needs to be installed to the mounted drive. For this installation there is also other packages which are needed like NetworkManager, gummiboot and cryptsetup.

  • For glibc:
# xbps-install -Sy -R https://repo-default.voidlinux.org/current -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git
  • For musl:
# xbps-install -Sy -R https://repo-default.voidlinux.org/current/musl -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git

To get internet inside the chroot whilst installing the system, copy over the resolv.conf.

# cp /etc/resolv.conf /mnt/etc/resolv.conf

Entering the chroot and configuring the system.

# chroot /mnt
# chown root:root /
# chmod 755 /
# passwd root
# echo <hostname> > /etc/hostname

Adding the uuid of the root partition to crypttab, by first creating /etc/crypttab:

# touch /etc/crypttab

Then the uuid can be obtained by:

# lsblk -f |grep luks >> /etc/crypttab

Now edit /etc/crypttab and insert:

root /dev/disk/by-uuid/<uuid> none:

We can configure the fstab by editing /etc/fstab and inserting:

tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0
efivarfs /sys/firmware/efi/efivars efivarfs defaults 0 0
/dev/disk/by-label/root / ext4 defaults,noatime 0 1
/dev/disk/by-label/efi /boot vfat defaults 0 2

Create /etc/dracut.conf.d/30.conf to configure dracut.

hostonly="yes"
use_fstab="yes"
install_items+=" /etc/crypttab "
add_drivers+=" vfat nls_cp437 nls_iso8859_1 "

Create a symbolic link from /etc/fstab.sys to /etc/fstab to indicate that dracut should mount all the file systems listed.

# ln -s /etc/fstab /etc/fstab.sys

Then, to omit mounting them again in runit stage 1, disable the corresponding core service.

# mv /etc/runit/core-services/03-filesystems.sh{,.bak}

Edit /etc/xbps.d/xbps.conf to prevent the service from being added back by an update to runit-void.

noextract=/etc/runit/core-services/03-filesystems.sh

Now mount efivarfs to /sys/firmware/efi/efivars.

# mount -t efivarfs efivarfs /sys/firmware/efi/efivars

And install gummiboot.

# gummiboot install

Create /boot/loader/void-options.conf to configure gummiboot.

# touch /boot/loader/void-options.conf

The uuid is needed again and can be obtained by:

# lsblk -f |grep luks >> /boot/loader/void-options.conf

Now edit /boot/loader/void-options.conf and insert:

rw rd.luks.name=<uuid>=root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor

To obtain a boot menu. A timeout may be added to /boot/loader/loader.conf.

timeout 4

Then to configure the locales:

  • For glibc: edit /etc/default/libc-locales and uncomment.
en_US.UTF-8 UTF-8
  • For musl:

Then reconfigure the locales.

  • For glibc:
# xbps-reconfigure -f glibc-locales
  • For musl:

To obtain better security, apparmor will be set to enforce. By editing /etc/default/apparmor and inserting:

APPARMOR=enforce

To set the internal network edit /etc/hosts and insert.

127.0.1.1 <hostname>

Finally reconfigure Linux.

# xbps-reconfigure -f linux{version}

Exit the chroot.

# exit

Do not forget to umount. (I always do).

# umount -r /mnt

And reboot.

# shutdown -r now

Post install