luc/void-desktop
1
1
Fork 0
Code Issues Pull requests Wiki Activity
void-desktop/void-desktop-install.md

226 lines
No EOL
4.7 KiB
Markdown
Raw Blame History

# A Void Linux desktop install (Unfinished)
This install is based on the [EFI boot stub](https://mth.st/blog/void-efistub/) blog entry of [Matthias Totschnig](https://mth.st/), the [Void Handbook](https://docs.voidlinux.org/about/index.html) and the Void Linux man pages. This guide focuses on a Void Linux x86-64 glibc/musl install. In this install gummiboot is used as bootloader and the root partition will be encrypted.
## Provisioning
First off the drive should be partitioned, possibly with fdisk. It should have atleast two partitions with one `EFI System` Partition and one `Linux filesystem` partition.
It should look something like this:
| Number of partition | Size | Type |
|:-----:|:-----:|:-----: |
| 1 | 1 to 2 GB | EFI System |
| 2 | Rest of the drive | Linux filesystem |
Then to create the filesystem of the efi partition.
```
# mkfs.fat -F 32 -n efi /dev/<disk1>
```
And the encrypted filesystem of the root partition.
```
# cryptsetup luksFormat /dev/<disk2> --type luks2 --label luks
# cryptsetup open --type luks /dev/<disk2> root
# mkfs.ext4 -L root /dev/mapper/root
```
## Installation
The encrypted partition and the efi partition have to be mounted to the main system.
```
# mount /dev/mapper/root /mnt
# mkdir /mnt/boot
# mount /dev/<disk1> /mnt/boot
# for dir in dev proc sys run; do
> mkdir /mnt/$dir
> mount --rbind --make-rslave /$dir /mnt/$dir
> done
```
The "base-system" needs to be installed to the mounted drive. For this installation there is also other packages which are needed like NetworkManager, gummiboot and cryptsetup.
* For glibc:
```
# xbps-install -Sy -R https://repo-default.voidlinux.org/current -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git
```
* For musl:
```
# xbps-install -Sy -R https://repo-default.voidlinux.org/current/musl -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git
```
To get internet inside the chroot whilst installing the system, copy over the `resolve.conf`.
```
# cp /etc/resolve.conf /mnt/etc/resolve.conf
```
Entering the chroot and configuring the system.
```
# chroot /mnt
# chown root:root /
# chmod 755 /
# passwd root
# echo <hostname> > /etc/hostname
```
Adding the `uuid` of the root partition to `crypttab`, by first creating `/etc/crypttab`:
```
# touch /etc/crypttab
```
Then the `uuid` can be obtained by:
```
# lsblk -f |grep luks >> /etc/crypttab
```
Now edit `/etc/crypttab` and insert:
```
root /dev/disk/by-uuid/<uuid> none:
```
We can configure the `fstab` by editing `/etc/fstab` and inserting:
```
tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0
efivarfs /sys/firmware/efi/efivars efivarfs defaults 0 0
/dev/disk/by-label/root / ext4 defaults,noatime 0 1
/dev/disk/by-label/efi /boot vfat defaults 0 2
```
Create `/etc/dracut.conf.d/30.conf` to configure dracut.
```
hostonly="yes"
use_fstab="yes"
install_items+=" /etc/crypttab "
add_drivers+=" vfat nls_cp437 nls_iso8859_1 "
```
Create a symbolic link from `/etc/fstab.sys` to `/etc/fstab` to indicate that dracut should mount all the file systems listed.
```
# ln -s /etc/fstab /etc/fstab.sys
```
Then, to omit mounting them again in runit stage 1, disable the corresponding core service.
```
# mv /etc/runit/core-services/03-filesystems.sh{,.bak}
```
Edit `/etc/xbps.d/xbps.conf` to prevent the service from being added back by an update to runit-void.
```
noextract=/etc/runit/core-services/03-filesystems.sh
```
Now mount `efivarfs` to `/sys/firmware/efi/efivars`.
```
# mount -t efivarfs efivarfs /sys/firmware/efi/efivars
```
And install gummiboot.
```
# gummiboot install
```
Create `/boot/loader/void-options.conf` to configure gummiboot.
```
# touch /boot/loader/void-options.conf
```
The `uuid` is needed again and can be obtained by:
```
# lsblk -f |grep luks >> /boot/loader/void-options.conf
```
Now edit `/boot/loader/void-options.conf` and insert:
```
rw rd.luks.name=<uuid>=root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor
```
To obtain a boot menu. A timeout may be added to `/boot/loader/loader.conf`.
```
timeout 4
```
Then to configure the locales:
* For glibc: edit `/etc/default/libc-locales` and uncomment.
```
en_US.UTF-8 UTF-8
```
* For musl:
```
```
Then reconfigure the locales.
* For glibc:
```
# xbps-reconfigure -f glibc-locales
```
* For musl:
```
```
To obtain better security, `apparmor` will be set to enforce. By editing `/etc/default/apparmor` and inserting:
```
APPARMOR=enforce
```
To set the internal network edit `/etc/hosts` and insert.
```
127.0.1.1 <hostname>
```
Finally reconfigure Linux.
```
# xbps-reconfigure -f linux{version}
```
Exit the chroot.
```
# exit
```
Do not forget to umount. (I always do).
```
# umount -r /mnt
```
And reboot.
```
# shutdown -r now
```
## Post install
Reference in a new issue View git blame Copy permalink