14 KiB
A Void Linux install (Unfinished)
This install is based on the EFI boot stub blog entry of Matthias Totschnig, the Void Handbook and the Void Linux man pages. This guide focuses on a Void Linux x86_64 glibc/musl install on uefi. In this install gummiboot is used as bootloader and the root partition will be encrypted.
Provisioning
First off the drive should be partitioned, possibly with fdisk. It should have atleast two partitions with one EFI System Partition and one Linux filesystem partition.
It should look something like this:
| Number of partition | Size | Type |
|---|---|---|
| 1 | 1 to 2 GB or more | EFI System |
| 2 | Rest of the drive | Linux filesystem |
Then to create the filesystem of the efi partition.
# mkfs.fat -F 32 -n efi /dev/<disk1>
And the encrypted filesystem of the root partition.
# cryptsetup luksFormat /dev/<disk2> --type luks2 --label luks
# cryptsetup open --type luks /dev/<disk2> root
# mkfs.ext4 -L root /dev/mapper/root
Other filesystems can also be used but ext4 is the standard for most linux distobutions.
Installation
To install the Void Linux distribution on the system, the encrypted partition and the efi partition have to be mounted to the main system.
# mount /dev/mapper/root /mnt
# mkdir /mnt/boot
# mount /dev/<disk1> /mnt/boot
# for dir in dev proc sys run; do
> mkdir /mnt/$dir
> mount --rbind --make-rslave /$dir /mnt/$dir
> done
The "base-system" needs to be installed to the mounted drive. For this installation there is also other packages which are needed like NetworkManager, gummiboot and cryptsetup.
- For glibc:
# xbps-install -Sy -R https://repo-default.voidlinux.org/current -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git
- For musl:
# xbps-install -Sy -R https://repo-default.voidlinux.org/current/musl -r /mnt base-system cryptsetup gummiboot vim apparmor NetworkManager git
To get internet inside the chroot whilst installing the system, copy over the resolv.conf.
# cp /etc/resolv.conf /mnt/etc/resolv.conf
Entering the chroot and configuring the system.
# chroot /mnt
# chown root:root /
# chmod 755 /
# passwd root
# echo <hostname> > /etc/hostname
Adding the uuid of the root partition to crypttab, by first creating /etc/crypttab:
# touch /etc/crypttab
Then the uuid can be obtained by:
# lsblk -f |grep luks >> /etc/crypttab
Now edit /etc/crypttab and insert:
root /dev/disk/by-uuid/<uuid> none:
We can configure the fstab by editing /etc/fstab and inserting:
tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0
efivarfs /sys/firmware/efi/efivars efivarfs defaults 0 0
/dev/disk/by-label/root / ext4 defaults,noatime 0 1
/dev/disk/by-label/efi /boot vfat defaults 0 2
Create /etc/dracut.conf.d/30.conf to configure dracut.
hostonly="yes"
use_fstab="yes"
install_items+=" /etc/crypttab "
add_drivers+=" vfat nls_cp437 nls_iso8859_1 "
Create a symbolic link from /etc/fstab.sys to /etc/fstab to indicate that dracut should mount all the file systems listed.
# ln -s /etc/fstab /etc/fstab.sys
Then, to omit mounting them again in runit stage 1, disable the corresponding core service.
# mv /etc/runit/core-services/03-filesystems.sh{,.bak}
Edit /etc/xbps.d/xbps.conf to prevent the service from being added back by an update to runit-void.
noextract=/etc/runit/core-services/03-filesystems.sh
Now mount efivarfs to /sys/firmware/efi/efivars.
# mount -t efivarfs efivarfs /sys/firmware/efi/efivars
And install gummiboot.
# gummiboot install
Create /boot/loader/void-options.conf to configure gummiboot.
# touch /boot/loader/void-options.conf
The uuid is needed again and can be obtained by:
# lsblk -f |grep luks >> /boot/loader/void-options.conf
Now edit /boot/loader/void-options.conf and insert:
rw rd.luks.name=<uuid>=root root=/dev/mapper/root quiet splash apparmor=1 security=apparmor loglevel=1
To obtain a boot menu. A timeout may be added to /boot/loader/loader.conf.
timeout 4
If running glibc the locales have to be configured, to configure the locales edit /etc/default/libc-locales and uncomment.
en_US.UTF-8 UTF-8
And reconfigure the locales.
# xbps-reconfigure -f glibc-locales
To obtain better security, apparmor will be set to enforce. By editing /etc/default/apparmor and inserting:
APPARMOR=enforce
To set the internal network edit /etc/hosts and insert.
127.0.1.1 <hostname>
Finally reconfigure Linux.
# xbps-reconfigure -f linux<version>
Exit the chroot.
# exit
Do not forget to umount. (I always do).
# umount -r /mnt
And reboot.
# shutdown -r now
Post install
In the post install section the installation and configuration of certain applications are elaborated. With the use of the config-files in this repository.
To obtain these config-files the void-desktop repository may be cloned with the git command.
$ git clone https://git.bijl.us/luc/void-desktop.git
Network
NetworkManager will be used as Network daemon due to its versatility. The package was already installed with the installation, thereby it only needs to be symlinked to /var/service to function.
# ln -s /etc/sv/NetworkManager /var/service
NetworkManager needs the dbus daemon to function, in general most other applications that will be discussed in the Post install section need dbus. To symlink dbus to /var/service:
# ln -s /etc/sv/dbus /var/service
Then, NetworkManager may be configured to enhance the security of the system. This is especially useful for laptops etc. To do this edit /etc/NetworkManager/NetworkManager.conf.
[device-mac-randomization]
wifi.scan-rand-mac-address=yes
[connection-mac-randomization]
ethernet.cloned-mac-address=random
wifi.cloned-mac-address=random
Users
A user should be added to improve security of the system.
# useradd <user>
The user may be added to certain groups, to give it some rights.
# usermod -aG wheel,audio,video,kvm,tty,input,storage(,bluetooth,_seatd) <user>
The package sudo that is present in the base-system package will be removed. Since, it is bloatware. To persist this. That is sudo will not be installed ever again on the system. Edit /etc/xbps.d/xbps.conf and insert:
ignorepkg=sudo
Then remove sudo.
# xbps-remove -y sudo
The sudo package will be replaced by opendoas. To install it:
# xbps-install -Sy opendoas
Symlink it to /bin/sudo so that applications which require root can still be granted by the user.
# ln -s /bin/doas /bin/sudo
And edit /etc/doas.conf to give users in the wheel group access to the doas command.
permit persist :wheel as root
To finalize this section, the .bashrc and .bash_profile configuration files will be copied to the home space of the user.
$ cp void-desktop/config-files/bash/.bashrc .bashrc
$ cp void-desktop/config-files/bash/.bash_profile .bash_profile
Linux-lts
It might be desirable to install an LTS kernel for better stability. This can be done by:
# xbps-install -Sy linux-lts linux-lts-headers
To uninstall the non-lts kernel, ignore the package through /etc/xbps.d/xbps.conf by adding:
ignorepkg=linux
And then removing the linux meta package and its dependecies:
# xbps-remove -Ry linux
Localtime
A "Network Time Protocol Daemon" (nptd for short) can sync the system clock with internet standard time servers. The chrony daemon is used as ntpd. Install it by:
# xbps-install -Sy chrony
Then to active its service:
ln -s /etc/sv/chronyd /var/service
To configure the timezone to your own edit the /etc/rc.conf file and set these lines:
HARDWARECLOCK="localtime"
TIMEZONE=("Europe/Amsterdam")
Using Swap
Swap can be utilised by the system to free up space in RAM. For most use cases it is recommend to create a swapfile that is one and a half times the size of your RAM.
To create a swapfile of 8 GB use:
# dd if=/dev/zero of=/swapfile bs=8M count=1024 status=progress
To create a different size of swapfile, change the count= amount to a desirable size.
Then to actually add the swap space to your system issue these commands:
# chmod 600 /swapfile
# mkswap /swapfile
# swapon /swapfile
To mount the swap to the system at boot, add the swapfile to your /etc/fstab:
/swapfile none swap defaults 0 0
And do not forget to reconfigure the kernel after updating/etc/fstab:
# xbps-reconfigure -f linux<version>
Network filesystems
Network filesystems may be used for enhanced workflow between multiple devices and persistance of storage.
Samba
Samba is such a Network filesystem protocol that may be used between different platforms. To use it install.
# xbps-install -Sy cifs-utils
Next, a credentials file will be created that is, $HOME/.smbpasswd. Edit the file and insert:
username=<username>
password=<password>
domain=<domain>
Concerning security considerations, the permissions may be enhanced.
# chmod 600 $HOME/.smbpasswd
Then edit /etc/fstab and insert:
//<domain>/<homefolder> $HOME/<smbfolder> cifs credentials=$HOME/.smbpasswd,_netdev,uid=<uid> 0 0
Finally mount the network filesystem.
# mount -a
Logging
Logging may be benificial to spot certain misbehaviours or errors in the system. The socklog-void package will be used as logging daemon.
# xbps-install -Sy socklog-void
# ln -s /etc/sv/socklog-unix /var/service/
# ln -s /etc/sv/nanoklogd /var/service/
To read the logs use:
# svlogtail
Or go to /var/log/socklog.
Repositories
To install the official Void Linux 32-bit and nonfree repositories simply install their respective packages:
- For glibc
# xbps-install -Sy void-repo-multilib void-repo-nonfree void-repo-multilib-nonfree
- For musl
# xbps-install -Sy void-repo-nonfree
And update the repositories:
# xbps-install -S
There is also our unnofficial extra repository for some additional packages and some packages which are needed for the graphical installation. To use those add them to /etc/xbps.d/00-repository-ample.conf,
- For glibc:
repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current
repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current/nonfree
- For musl
repository=https://git.bijl.us/lnco/xbps-ample/raw/branch/main/current/musl
And refresh the repositories:
# xbps-install -S
Firmware and drivers
GPU drivers
It is necessary for a graphical enviroment to install GPU drivers. To install the drivers for your GPU use one of the following commands:
- For Intel
# xbps-install -Sy linux-firmware-intel mesa mesa-dri vulkan-loader mesa-vulkan-intel intel-video-accel
- For AMD
# xbps-install -Sy linux-firmware-amd vulkan-loader mesa-vulkan-radeon amdvlk xf86-video-amdgpu mesa-vaapi mesa-vdpau mesa-dri
- For Nvidia (glibc only)
# xbps-install -Sy nvidia nvidia-opencl
32-bit drivers
(Only applicable to glibc as Void Linux musl only supports 64-bit)
To run 32-bit applications like some videogames it will also be necessary to install the 32-bit drivers:
- For Intel
# xbps-install -Sy mesa-32bit mesa-dri-32bit mesa-vulkan-intel-32bit vulkan-loader-32bit
- For AMD
# xbps-install -Sy vulkan-loader-32bit amdvlk-32bit mesa-32bit mesa-dri-32bit
- For Nvidia
# xbps-install -Sy nvidia-libs-32bit
CPU firmware
To keep the firmware of your CPU up to date it is necessary to install the correct microcode:
- For Intel
(The Intel microcode requires that you are using the nonfree repository)
# xbps-install -Sy intel-ucode
And regenerate the initramfs:
# xbps-reconfigure -f linux<version>
- For AMD
# xbps-install -Sy linux-firmware-amd
Secure-boot
Linux Windows dual boot
# xbps-install -Sy sbctl
# sbctl create-keys
# sbctl enroll-keys --microsoft
# sbctl sign -s /boot/EFI/Boot/BOOTX64.EFI
# sbctl sign -s /boot/EFI/gummiboot/gummibootx64.efi
# sbctl sign -s /boot/vmlinuz-<version>
# sbctl verify
Laptop-management
# xbps-install -Sy tlp tlpui
# ln -s /etc/sv/tlp /var/service
# ln -s /etc/sv/acpid /var/service
Edit /etc/tlp.d/00-template.conf
CPU_ENERGY_PERF_POLICY_ON_AC=performance
CPU_ENERGY_PERF_POLICY_ON_BAT=power
Graphical session
Session manager
To use a graphical enviroment it is necessary to start a seat and session manager. For a minimal install it is recommended to use seatd, dumb_runtime_dir and polkit. To install those run:
# xbps-install -Sy seatd dumb_runtime_dir polkit
Then to enable them:
# ln -s /etc/sv/seatd /var/service
# ln -s /etc/sv/polkitd /var/service
And for dumb_runtime_dir to function, configure /etc/pam.d/system-login by uncommenting:
session optional pam_dumb_runtime_dir.so
For some sane polkit rules add these lines to /etc/polkit-1/rules.d/00-polkit.rules:
polkit.addRule(function(action, subject)
{
if (action.id == "org.freedesktop.policykit.exec" && action.lookup("program") == "/bin/shutdown" && subject.isInGroup("wheel"))
return polkit.Result.YES;
});
polkit.addRule(function(action, subject)
{
if (action.id == "org.freedesktop.policykit.exec" && action.lookup("program") == "/bin/zzz" && subject.isInGroup("wheel"))
return polkit.Result.YES;
});
polkit.addRule(function(action, subject)
{
if (action.id.startsWith("org.freedesktop.udisks2.") && subject.isInGroup("storage"))
return polkit.Result.YES;
});
Or for the more lazy under us copy void-desktop/config-files/polkit/00-polkit.rules to /etc/polkit-1/rules.d/.
# cp -r void-desktop/config-files/polkit/00-polkit.rules /etc/polkit-1/rules.d/
Login manager
To make it easier to log into the system, set up a login manager. For a minimal and wayland-compatible login manager use greetd with gtkgreet. Install them with:
# xbps-install -Sy greetd gtkgreet
Window manager
There are many different window managers and desktop enviroments which can provide a decent experience. Wayfire is a functional, relativily lightweight and good looking wayland window manager and will be used for this install.