From 8370aec2fcd491ffd0f67e2e78c0d65784825212 Mon Sep 17 00:00:00 2001 From: Chris Allen Date: Tue, 17 Jul 2018 12:21:10 -0500 Subject: [PATCH 1/2] Improved the guide --- README.org | 976 +---------------------------------------------------- 1 file changed, 1 insertion(+), 975 deletions(-) diff --git a/README.org b/README.org index 6844924..8ae3ade 100644 --- a/README.org +++ b/README.org @@ -1,977 +1,3 @@ * installing arch dot txt - i am so sorry for this guide. - - this is an attempt at a comprehensive, front to back, install guide for - lenovo's 6th gen carbon x1. my model is the 20KG-0022US, which I bought from - Costco, and comes with an 8th gen intel i7, 16gb ram, and 512gb PCIe ssd. My - instructions will thus have mentions of specific components from this - laptops as they appear in the guide, but I will try to make it clear when - such a case may not hold for others with respect to 6th gen x1 versions. - - i want to make a shoutout to specific sources for informing this guide. it's - the result of mashing together and cross referencing the wiki with multiple - tutorials and guides where I would verify instructions and install - strategies. Included in this list is [[https://www.youtube.com/channel/UCxQKHvKbmSzGMvUrVtJYnUA][LearnLinux.tv]], [[https://www.youtube.com/channel/UCNgMPxqWds9IYR_QFNPButw][Kai Hendry]], [[https://www.youtube.com/channel/UCNgMPxqWds9IYR_QFNPButw][Lucas - Alvares Gomes]], [[https://ticki.github.io/blog/setting-up-archlinux-on-a-lenovo-yoga/][Ticki]], and [[https://kozikow.com/2016/06/03/installing-and-configuring-arch-linux-on-thinkpad-x1-carbon/#Disable-secure-boot][Robert Kozikowski]]. ya'll helped a homie. - -** sacrifices, incantations - since we are installing arch, there a a few precautions you'll want to - take/keep in mind: - - if your shit gets destroyed, it is 1000% not my problem and not my fault - lmao - - that said, that's an extremely unlikely outcome, please don't let this - liability bulletpoint scare you - - you may want to form a pentagram with some usb cords, placing a copy of - the GNU GPLv3 license at its center, and playing some soft but slightly - erotic ambient music so that we may pray to stallman that this goes - smoothly - - [[./stallman-dot-png.jpg][st. ignucius, may he guide us]] - - - put aside like 2-4 hours for this depending on how inexperienced you are - - this took me a quick minute because i would double check input text - before executing a command, cross referencing what wikis/videos said to - do to make sure they were right and i understand what was happening, etc. - - just keep this in mind and or be somewhere you can stop and leave your laptop - plugged in on the chance you need to do something else - -** live usb - 1. download the img from https://www.archlinux.org/download/ - - torrent is faster, also remember to seed - - alternatively just dl the iso directly, slightly slower - 2. install - - find your usb - #+BEGIN_SRC sh - lsblk - #+END_SRC - - it will probably be named ~sda~ or ~sdb~, pay attention to the size - of the drives upon output to be sure. - - you are going to use the name of the drive itself, ~sdx~, so *do not* include - a number, such as ~sdx1~ in the drive name for the command below - - make sure it is unmounted with: - #+BEGIN_SRC - umount /dev/sdx # x = letter of your actual drive - #+END_SRC - - in term: - #+BEGIN_SRC sh - dd bs=4M if=/path/to/iso of=/path/to/usb status=progress oflag=sync - #+END_SRC - - example in my case: - #+BEGIN_SRC sh - dd bs=4M if=~/Downloads/archlinux-2018.07.01-x86_64.iso of=/dev/sda status=progress oflag=sync - #+END_SRC - - *note*: I did this on Ubuntu with Gnome, and it proved not possible - to format it with the drive entirely unmounted because of how - Nautillus handles mounting jump drives. Therefore, I actually did - this with it mounted but had no problems so ¯\_(ツ)_/¯ - linux ¯\_(ツ)_/¯ ymmv ¯\_(ツ)_/¯ - - upon finishing, insert the usb into the x1 - 3. disable safe boot - - turn on laptop (or hard reset to ensure true "turn off"), press enter - at lenovo boot screen - - under Security, you will find the option. Disable it. - 4. ensure your usb is first in boot order - - under Startup, go to boot - - using the - and + keys, make sure it is at the top of the list - - press F10 to save our configs and exit. - - If everything went well, we will now boot into the arch iso. - -** setting up to install - You are going to need to be familiar with vim, nano, pico, emacs, idc, - something, this is on you, fam. - - 1. configure our mirrors to download software from - - this is the difference between a 20kb/s and ~10mb/s download speed, at - least in my case first time round - - the mirror list is found in ~/etc/pacman.d/mirrorlist~ - - the logic is simple: the earlier a mirror item appears in the list, - the greater preference it is given for use as a source. - - copy and paste a server that is close to you geographically and insert - it at the top of the list. - - server i chose for those in USA who are lazy: - #+BEGIN_SRC sh - Server = http://mirrors.lug.mtu.edu/archlinux/$repo/os/$arch - #+END_SRC - - *important* refresh our mirrorlist - #+BEGIN_SRC sh - pacman -Sy - #+END_SRC - - we will now have (hopefully) fast downloads for our packages - 2. configure wifi (skippable?) - - x1 does not have a ether port, but adaptors exist - - these adaptors supposedly work without issue but I don't have one, - so I'm assuming you don't either - - dilemma: we don't have fucking internet by default - - solution: ~netctl~ - - find the name of your wifi card device - - I would assume x1's have the same name, but who knows: - #+BEGIN_SRC sh - ip link - #+END_SRC - - mine was ~wlp2s0~, arch wiki suggests that anything that starts with - a ~w~ is probably the wifi card - - figure out the wifi point you are going to use. - - I'm going to assume it is either of "simple" wpa or wpa-enterprise - - the latter is at corporate or university settings if that helps - - luckily ~netctl~ provides templates for both. copy the appropriate - one and place it in the root of ~netctl~ as so: - #+BEGIN_SRC sh - # simple wpa, such as home routers - cp /etc/netctl/examples/wireless-wpa /etc/netctl/ - - # enterprise wpa - cp /etc/netctl/examples/wireless-wpa-configsection /etc/netctl/ - #+END_SRC - - ~wireless-wpa~ looks like this: - #+BEGIN_SRC conf - Description='A simple WPA encrypted wireless connection' - Interface=wlan0 - Connection=wireless - - Security=wpa - IP=dhcp - - ESSID='MyNetwork' - # Prepend hexadecimal keys with \" - # If your key starts with ", write it as '"""' - # See also: the section on special quoting rules in netctl.profile(5) - Key='WirelessKey' - # Uncomment this if your ssid is hidden - #Hidden=yes - # Set a priority for automatic profile selection - #Priority=10 - #+END_SRC - - ~wireless-wpa-configsection~ looks like this: - #+BEGIN_SRC conf - Description='A wireless connection using a custom network block configuration' - Interface=wlan0 - Connection=wireless - Security=wpa-configsection - IP=dhcp - WPAConfigSection=( - 'ssid="University"' - 'key_mgmt=WPA-EAP' - 'eap=TTLS' - 'group=TKIP' - 'pairwise=TKIP CCMP' - 'anonymous_identity="anonymous"' - 'identity="myusername"' - 'password="mypassword"' - 'priority=1' - 'phase2="auth=PAP"' - ) - #+END_SRC - - *in both cases*: - - ~Interface~ takes the value of the wifi card device name we - found earlier - - ~Security~, ~Connection~, and ~IP~ remain untouched - - Do what you will with ~Description~ - - For vanilla ~wireless-wpa~, the config explains itself: - - ~ESSID~ is the name of your wifi access point - - ~Key~ is the password - - For ~wireless-wpa-configsection~, things can be trickier: - - ~ssid~ is access point - - ~key_mgmt~ should remain untouched in most cases - - ~eap~ is entirely dependent on your case, for many (aka - including me), it is ~PEAP~ - - ~pairwise~ is dependent on your situation (i did not need it) - - ~anonymous_identity~ is dependent on your situation (i did not need it) - - ~password~ is password - - ~priority~ is dependent on your situation (i did not need it) - - ~phase2~ is dependent on your situation (i did not need it) - - if my list appears not very useful in terms of help and - explanation, then you understand the very nature of who is - writing it and i'm so sorry i'm trying - - example ~wireless-wpa-configsection~ i actually used (with - values obviously substituted in): - #+BEGIN_SRC conf - Description='lol' - Interface=wlp2s0 - Connection=wireless - Security=wpa-configsection - IP=dhcp - WPAConfigSection=( - 'ssid="wutang"' - 'key_mgmt=WPA-EAP' - 'eap=PEAP' - 'identity="ghostfacekillah"' - 'password="suuuuuuuuuuuuu69"' - ) - #+END_SRC - - save your config file, time to connect: - #+BEGIN_SRC sh - netctl start - #+END_SRC - - it should take like 3 seconds to connect - - if nothing happens, it worked - - check with a quick ~ping 8.8.8.8~, if packets are shooting out, you - got internet. - - otherwise, diagnose with ~journalctl -xe~ and use those arch wikis - and forums! welcome to arch :))))))))))))))))) - -** freeze: partition time! - that was a bad joke jesus christ forgive me - - 1. make sure we have (U)EFI - - i am doing all of this on the *presumption we have EFI*, maybe - should have brought that up while we were in BIOS - - go back to BIOS and un-enable legacy mode, given that the x1 should - come with (U)EFI by default enabled. - - use the following command to ensure we are in EFI mode: - #+BEGIN_SRC sh - ls /sys/firmware/efi/ - #+END_SRC - - *if the directory exists, we are good* - 2. figure out where our main drive is - 1. find our drives with ~lsblk~ yet again - - my x1 came with a PCIe ssd, yours may or may not and, more - importantly, this influences its name as seen with ~lsblk~ - - for the PCIe ssd, it will be called something like ~nvme0n1~, with - each partition appending a ~p1~, ~p2~, and so forth - - for others, it may appear as the traditional ~sda~, with a number - appended for each partition as it did above for your usb stick. - - will assume we are using ~nvme0n1~ as our os drive hereon - - my x1 came with windows installed and i assumed yours did, too. - - i am going to kill windows with this install. - - cannot have an optimally secure setup otherwise (or rather, I'm - not going to put up with that much of a headache). - - if you want to keep a dual boot setup, this is not the guide for you. - - i am sorry to fail you like this. f. - 3. partitioning and configuring - 1. we will now format our main drive with arch - #+BEGIN_SRC - gdisk /dev/nvme0n1 - #+END_SRC - - you will enter a prompt of sorts for gdisk - - you should get some output about a valid GPT partition found - alongside with a protected MBR partition. This is good. - 2. we will now wipe the disk. - - *this is permanent. stop now or forever hold your peace* - - I will be listing the commands in order and describe what they do - as subpoints: - - ~o~ - - we are wiping the disk. answer ~y~ to continue. - - ~n~ - - command for making a new partition. - - ~Enter~ - - we want the default number for the partition, and this - convention will hold throughout the rest of the guide. - - ~Enter~ - - we don't want to specify the starting vector for the partition, - and this convention will hold throughout the rest of the - guide. - - ~+512MB~ - - we want our first partition to be of size 512MB. This is to - meet the specification for a EFI boot partition. - - ~EF00~ - - this is the hex code type to indicate we want the partition to - be of EFI - - *partition 1 done* - - ~n~ - - making another partition - - ~Enter~ - - ~Enter~ - - ~Enter~ - - the final partition is going to take the rest of our disk. If - you do not want this, assign it something else like we did - above. - - ~8E00~ - - this is the linux LVM (logical volume manager) format, which we - are going to need for our encryption scheme. - - *second partition done* - - we are now done making /physical/ partitions - - ~w~ - - *we are going to write to disk* - - ~y~ - - *we just wrote to disk. goodbye everything else* - 3. encryption with ~cryptsetup~ - - make sure to use our *second partition* - - *not* our EFI partition - #+BEGIN_SRC sh - # in my case, this is... - cryptsetup luksFormat /dev/nvme0n1p2 - #+END_SRC - - you will be prompted for a password, make it a good one - - we do not specify the luks type, such as ~luks2~, because it is - incompatible with GRUB. We will not be using GRUB, but I do not - want to screw myself (or you) out of that option. - - for the love of god, do not forget this password - - this process could take like 2 or 3 or 4 hours depending on - your experience and the last thing you need to do is forget the - fucking luks password. - - what we have now is a Luks container, which we will be using to - put our actual OS/data in, which makes handling encryption logic - easier in the long run. - 4. generation of logical volumes within our LVM - 1. open our encrypted container: - - we need to name the container, I am choosing ~main_part~ for main - partition, it really doesn't matter - #+BEGIN_SRC sh - cryptsetup open --type luks /dev/nmve0n1p2 main_part - #+END_SRC - - this should now be available at ~/dev/mapper/main_part~ - 2. create a physical volume within our LVM partition: - #+BEGIN_SRC sh - pvcreate /dev/mapper/main_part - #+END_SRC - - this creates a "physical" volume inside of our luks container - 3. create a volume group - - we need to name this one, I'm choosing ~main_group~ to continue - the theme - - this will go on "top" of our physical container we just made, ergo - why we create our group from it. - #+BEGIN_SRC sh - vgcreate main_group /dev/mapper/main_part - #+END_SRC - 4. generate our logical partitions within the luks container - - I am following the wiki piece for piece here, and what you ultimately - make the size of your swap (if any), root, and home (if any) is - completely your call. The numbers I use are pulled from thin air and - because I have so much space to use with the ssd that came with my - x1. - - Note that for each instance, we are taking our logical partition from - the volume group we just created. *Be conscious of this*. - - 1. create swap: - #+BEGIN_SRC sh - # 8 gb for swap - lvcreate -L8G main_group -n swap - #+END_SRC - 2. create root - #+BEGIN_SRC sh - # 8 gb for swap - lvcreate -L64G main_group -n root - #+END_SRC - 3. create home - #+BEGIN_SRC sh - lvcreate -l 100%FREE main_group -n home - #+END_SRC - - we use a special trick to allocate all remaining memory in our - ssd to home. it goes without saying that do not do this if you - do not want to allocate all of it to home, etc. - - 5. format and mount our logical partitions - - Note that our resultant logical volumes are named - ~-~, so my home is - ~/dev/mapper/main_group-home~ for example. - - 1. root and home: - #+BEGIN_SRC sh - mkfs.ext4 /dev/mapper/main_group-root - mkfs.ext4 /dev/mapper/main_group-home - #+END_SRC - - 2. swap: - #+BEGIN_SRC - mkswap /dev/mapper/main_group-swap - #+END_SRC - - 3. mount our new volumes - - 1. mount our new volumes - - The logic here is that ~/mnt/~ translates to ~/~ for our actual - arch system once we install arch, so keep this in - mind. ~/mnt/boot~ becomes ~/boot/~, ~/mnt/home/~ becomes home, - etcetera. - #+BEGIN_SRC sh - mount /dev/mapper/main_group-root /mnt/ - mkdir /mnt/home - mount /dev/mapper/main_group-home /mnt/home - swapon /dev/mapper/main_group-swap - #+END_SRC - - 2. mount our bootloader - - Remember the first partition we made (~nvme0n1p1~ in my case)? We - now need to mount it as the boot loader: - #+BEGIN_SRC sh - mkdir /mnt/boot/ - mount /dev/nvme0n1p1 /mnt/boot - #+END_SRC - -** installing arch and setting it up to boot and run - 1. install arch onto ~/mnt~ - #+BEGIN_SRC sh - pacstrap /mnt/ base - #+END_SRC - - note, a popular additional option to include is ~base-devel~, so - install that as well if you see yourself needing to compile and link - a lot of things, such as through AUR. - - *CONGRATS!* - - you have installed arch! - - *CONGRATS!* - - you are not even remotely close to done installing arch! - - it won't even boot correctly as of now! - - welcome to arch :~) - - generate our fstab file - - this is important for bootloading purposes, not the last time we will - deal with this. It holds information about partitions, can't say much - more about this. - #+BEGIN_SRC sh - genfstab -p /mnt >> /mnt/etc/fstab - #+END_SRC - 2. log into arch and installing stuff! - #+BEGIN_SRC sh - archroot /mnt - #+END_SRC - - we are now in the arch install and no longer "in" the liveusb - - - install important packages - - we have access to things, like wifi, that are not yet actually - configured yet on the operating system, thus we should take advantage - of this by installing some packages. - - some of these are subjective, others are ones I have taken from people - who know more about arch than I do - - for a fact will want to install all the packages in relation to wifi - if you do not have an adapter like me. - #+BEGIN_SRC sh - pacman -S wpa_supplicant networkmanager network-manager-applet dialogue - #+END_SRC - - packages for intel microcode drivers, *important* - - microcode is key to stability and patching issues with intel - processors that is released as proprietary code. The linux kernal - can do this directly for us. - - need to modify ~/etc/pacman.conf~ - - it will have two lines commented out regarding ~multilib, uncomment - them as so: - #+BEGIN_SRC conf - [multilib] - Include = /etc/pacman.d/mirrorlist - #+END_SRC - - now install intel microcode: - #+BEGIN_SRC - pacman -Sy intel-ucode - #+END_SRC - - other packages others recommend: - #+BEGIN_SRC sh - pacman -S linux-headers linux-lts linux-lts-headers - #+END_SRC - - we are essentially installing another copy of the linux kernal for - purposes of stability: if something goes wrong with an update of the - kernal, you will have a backup kernal to get into. - - additionally, we are installing the headers for both the current - kernal and the lts kernal: these are useful for other packages that - need to link/bind against them for development purposes, etc. - - we install another useful operating system: - #+BEGIN_SRC sh - pacman -S emacs - #+END_SRC - - .... or vim if that's your choice.... definitely more efficient - memory wise - - c.f. i will /die/ before i give up my elisp - - you should probably also install tools like ~git~ - 3. modify ~/etc/mkinitcpio.conf~ to enable encryption - - as with most things in this guide, taken directly from the wiki. - - there is a variable in here named ~HOOKS~, which the file makes clear - is important to the boot order of the operating system. - - make yours look like this: - #+BEGIN_SRC conf - HOOKS=(base udev autodetect keyboard keymap modconf block encrypt lvm2 filesystems fsck) - #+END_SRC - - you will notice that we *moved* ~keyboard~ to after ~autodetect~ - - *added* ~keymap~ to after ~keyboard~ - - *added* ~encrypt~ and ~lvm2~ after ~block~ and before ~filesystems~ - - *do not fuck this up* - - regenerate our ~initramfs~: - #+BEGIN_SRC sh - mkinitcpio -p linux - #+END_SRC - - we regenerate the image of the operating system here - - it now takes into account the new boot items and order we have - specified in the ~HOOKS~ variable - - *if you installed* the ~linux-lts~ kernal, you have to *do it again* for that - as well - #+BEGIN_SRC sh - mkinitcpio -p linux-lts - #+END_SRC - - _we are getting there, lads, hold on. for the promise land is close._ - 4. setting up the bootloader itself - - I am using bootctl, not grub. Your call to make ultimately. - - 1. create our loader with bootctl - #+BEGIN_SRC - bootctl --path=/boot/ install - #+END_SRC - - 2. create arch loader - - modify the file ~/boot/loader.conf~ to reflect the following: - #+BEGIN_SRC conf - default arch - timeout 3 - editor 0 - #+END_SRC - - ~default~ is the default entry to select when booting - - ~timeout~ is the time before the entry is loaded at the boot menu - - ~editor~ is whether to enable the the kernal parameters - editor. This is import to disable for security purpose and is - *enabled by default, so make sure to disable as above* - - 3. create arch.conf - 1. you are going to need a variable value provided by the command - ~blkid~ - - you will either need to write it down by hand to copy with nano - or use ~emacs~ or ~vim~ to evaluate it in buffer to copy - - emacs has ~eshell~, which you can use like the normal shell but - copy and paste with - - vim has the command ~:r !blkid~ which will read in the file - directly - - this variable is the ~UUID~ for ~/dev/nvme0n1p2~ as given from ~blkid~ - - ~/dev/nvme0n1p2~ is the second physical partition we made at the - very beginning. If yours is ~/dev/sda2~ or similar, use that - instead. - - you will know it is the correct entry if the line also includes - ~TYPE="crypto_LUKS" PARTLABEL="Linux LVM"~ - - example: - #+BEGIN_SRC conf - /dev/nvme0n1p2: UUID="really-long-string-of-alphanumericals" TYPE="crypto_LUKS" PARTLABEL="Linux LVM" PARTUUID="another-long-string-of-alphanumericals" - #+END_SRC - - note: we want the value of ~UUID~, *NOT* ~PARTUUID~ or - anything else. - 2. with this value copied, create the file - ~/boot/loader/entries/arch.conf~: - #+BEGIN_SRC conf - title Arch Linux - linux /vmlinuz-linux # not a typo - initrd /intel-ucode.img # this must come before the entry immediately below - initrd /initramfs-linux.img # what we made with mkinitcpio -p linux - options cryptdevice=UUID=long-alphanumerica-string-WITHOUT-QUOTES:cryptlvm root=/dev/mapper/main_group-root quiet rw - #+END_SRC - - as i try to hint, make sure to remove the quotes around the UUID - value as copied and pasted - - note that we add a ~:cryptlvm~ to the end of that value - - after a single space, we added the location of our root - partition within the luks container, - ~root=/dev/mapper/main_group-root/~ in my case - - finally, we add the options ~quiet rw~ - 5. From here, we can *officially reboot into our install and it should - work* - - 🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉 - - 🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉🎉 - - execute ~shutdown now~ - - remove the usb once the laptop turns off - - you should eventually see the boot screen which will automatically - boot into arch after 2 seconds or so - - enter your password for the encrypted partition when asked, then login - as ~root~ and press enter for the password, seeing as we have yet to - make one. - -** drivers, wifi, sudo user - - .... we aren't done yet :~) 🎉🎉🎉 - - 1. utilities - 1. wifi - - i hope you installed those wifi packages i told you to install and or - you have a lan connection - - refollow the steps we did above for wifi to regain our connection - 2. reconfigure our mirror list - - again, do as we did before with ~/etc/pacman.d/mirrorlist~ - 3. configure locale.gen and time - 1. enter ~/etc/locale.gen~ - - we need to tell arch what our locale is by going to the line and - uncommenting our respective locale - - usa peeps will use the line ~en_US.UTF-8 UTF8~ - 2. run ~locale-gen~ - 3. run ~localectl set-locale LANG="en_US.UTF-8"~ - - this is separate from step 2. - - some applications need it because they won't respect the changes - brought by step #2 - 4. sync our clock with ~hwclock --systohc --utc~ - 4. change password for root with ~passwd~ - - self explanatory, but know this is the password exclusively for - ~root~, not for your own user you'll make later who will have sudo - user privileges. - 5. as of now, you will have to manually connect to wifi access points. - - tools like ~wifi-menu~ help you find access points - - it will also help you make a config for it. even if the initial - connection attempt fails, preserve the config (it'll ask you) and go - in to edit it. ~wifi-menu~ will then be able to use the corrected - config the next time you try. - 2. touchpad, xorg, and graphics drivers - I am choosing to not use wayland because while it is the future of linux - desktop management, it is still not 100% ready for userland. - - 1. touchpad install - #+BEGIN_SRC sh - pacman -S xf86-input-libinput - #+END_SRC - 2. xorg - #+BEGIN_SRC sh - pacman -S xorg-server xorg-xinit xorg-apps mesa xterm - #+END_SRC - - we need xterm in addition to xorg if we want to have a minimally - functional deskto a la ~twm~ windows manager that xorg default - supports - - 3. intel drivers - - to my knowledge, we only have 32 bit drivers in case you are - wondering why we are instaling 32 bit drivers /shrug - - #+BEGIN_SRC sh - pacman -S xf86-video-intel lib32-intel-dri lib32-mesa lib32-libgl - #+END_SRC - - - at this point, if you want, you can use a very primitive GUI via - ~twm~, which is the default tiling window manager of xorg. To do - this, simply run ~startx~. If it looks weird and ugly, it worked. - - personally, i'm going to stay in the default tty shell. - - 4. configuring sudo, adding a user, disabling root - - 1. install ~sudo~ - - i am not joking, arch does not come with ~sudo~ by default - #+BEGIN_SRC sh - pacman -S sudo - #+END_SRC - - 2. enable sudo for other users via ~visudo~ - - it is bad to edit the sudoers file with a normal editor. ~visudo~ - makes a temporary file and checks that any edits are - syntactically correct before saving and affecting the changes. - - we need to uncomment the following line: - #+BEGIN_SRC shell - ## Uncomment to allow members of group wheel to execute any command - # %wheel ALL=(ALL) ALL # <-- this line if its now clear enough, fam - #+END_SRC - - make sure to not uncomment the one after this one, they have - somewhat similar contents but are not the same ofc - - visudo uses vi by *default*. If you do not know how to use vi, - simply execute the following to use nano instead: - #+BEGIN_SRC sh - EDITOR=nano visudo - #+END_SRC - 3. creating new user - - make your actual user account with the following, substituting - your desired name: - #+BEGIN_SRC sh - useradd -m -G wheel -s /bin/bash - #+END_SRC - - give your new user a password - #+BEGIN_SRC sh - passwd - #+END_SRC - - reboot (or just exit, but I like being sure) your machine, and - make sure you can login as your new user. - - *this is critical before we disable root* - - otherwise risk not being to log back in - 4. disable root login - - you don't have to do this, but I think it is a good security - practice to have - - makes it much much harder to get into your machine by making - adversaries guess the username itself in addition to - - if you are enabling ssh, i believe this does not effect that, - so make sure to disable root logins via ssh as well. - - as your new user, simple execute: - #+BEGIN_SRC sh - sudo passwd -l root - #+END_SRC - - exit and retry to login as root, should no longer be able to - - it'll show "login incorrect" errors even when using the - correct password for root user -** loose ends: desktop stuff, etc -*** desktop environment - still not done :~) - - we will go for kde5 plasma for now because it is absolutely gorgeous, is not - bloated, and is easy to get accustomed to. i may possibly add an addendum - for a tiling wm like dwm if I can get it figured out. - - #+BEGIN_SRC sh - pacman -S plasma-meta kde-applications # don't do the last if you don't want kde apps, i do, though. - #+END_SRC - - this might take a quick minute given the total DL is about ~3gb iirc - - now we need to enable it by creating a ~.xinitrc~ file in our home with the - following content: - #+BEGIN_SRC sh - echo "exec startkde" >> .xinitrc - #+END_SRC - - to use your beautiful new desktop, simply execute ~startx~ and KDE should - now load. Nice! - - whenever you reboot your laptop, you will need to execute ~startx~ to get - your desktop. If you don't want the hassle, then.... -**** kde discover - - KDE discover is the DE's app store. It won't work fully by default - because of how arch handles its applications. You need to install the - following for it to work as expected: - #+BEGIN_SRC sh - pacman -S packagekit-qt5 - #+END_SRC - - you may still get an error about ~parley.knsrc~, from what I can tell - and searching online, this is """harmless""". -*** fonts :~) - fonts, and how they work, is actually one of the more confusing things i - encountered during this journey - - partitioning drives and encrypting them makes much more sense vs font - configurations in retrospect - - the following should help you get some very nice looking fonts on your - computer along with full emoji support more or less - - completely ripped from a reddit post [[https://www.reddit.com/r/archlinux/comments/5r5ep8/make_your_arch_fonts_beautiful_easily/][here]] - - - install the fonts - - #+BEGIN_SRC sh - pacman -S ttf-dejavu ttf-liberation noto-fonts - #+END_SRC - - - enable font presets - - #+BEGIN_SRC sh - sudo ln -s /etc/fonts/conf.avail/70-no-bitmaps.conf /etc/fonts/conf.d - sudo ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d - sudo ln -s /etc/fonts/conf.avail/11-lcdfilter-default.conf /etc/fonts/conf.d - #+END_SRC - - - create a file, ~/etc/fonts/local.conf~ with following: - - #+BEGIN_SRC html - - - - - Noto Sans - - - serif - Noto Serif - - - sans-serif - Noto Sans - - - monospace - Noto Mono - - - #+END_SRC - - - then go to Fonts (use KDE's search bar, accessible via the bottom left - button on the desktop panel), and make sure the edits are reflected - there, i.e. that you now have Noto Sans as your font for everything - minus fixed width text, which should be Hack. - - - you can do more edits to tweak fonts to your liking here. - - - resetting the computer should make sure the edits take full effect - across all apps, etc. - -*** emacs :~) - 1. ispell doesn't work by default because the required programs aren't - installed. let's fix that: - #+BEGIN_SRC sh - pacman -S aspell-en # ispell didn't work for some reason, so we use its successor. - #+END_SRC - 2. emojis don't work by default, install and run ~emojify-mode~ - - forgot that you need to install ~emojify~ (which I had) but also - manually run it to actually display them (or enable them globally). -*** gpg and ssh - 1. ssh - - don't yell at me i know that it's probably not the best thing that I do - this, but in my personal defense it is only for personal projects and my - own servers - - say you have an ssh key you would like to use on your new install: - 1. first, install ~openssh~ - 2. execute the following: - #+BEGIN_SRC sh - mkdir ~/.ssh - cp ~/.ssh/ - cp ~/.ssh/.pub - chmod 700 ~/.ssh - chmod 600 ~/.ssh/ - chmod 600 ~/.ssh/.pub - #+END_SRC - 2. gpg - 1. install gpg - - should already be installed but yeah - 2. import the key: - #+BEGIN_SRC sh - gpg --import - #+END_SRC -*** AUR and aurman - - AUR is the Arch User Repository, and it holds a bunch of additional - packages that pacman does not have (or customized in different ways, etc). - - ~aurman~ is a AUR Helper, a tool that helps to install packages hosted up - on AUR - - it is really good to look into how AUR works and how to do AUR installs - on your own for the sake of being able to help yourself when something - breaks, etc - - to install ~aurman~: - - first, we need to install the PGP key of the author: - #+BEGIN_SRC sh - curl -sSL https://github.com/polygamma.gpg | gpg --import - - #+END_SRC - - this simply downloads the author's key and imports it directly into - your GPG keychain - - now install ~aurman~ - - it is common advise to make a specific directory where you can go - download and install your AUR packages, so: - #+BEGIN_SRC sh - mkdir ~/aur_pkg - cd aur_pkg - git clone https://aur.archlinux.org/aurman.git - cd aurmen/ - makepkg -si # DO NOT USE SUDO HERE - #+END_SRC - - to search for a package on AUR and install, it is just like with pacman: - #+BEGIN_SRC sh - aurman -Ss # search - aurman -S # install - #+END_SRC - - pls go see how it works in its totality: https://github.com/polygamma/aurman - - make sure to checkout the install scripts/configs you are using - - some malware was recently discovered on AUR - - this should not be surprising: bad people are everywhere and the arch - community has been saying for years to make sure to check the code - you use before compiling it on your system - - not your mom, tho, help the CCP or NSA run botnets for all i care man - - example, I use [[https://spideroak.com/one/][spideroak one]] as private, encrypted, and more - trustworthy dropbox service, and there is a maintained AUR install for - it: - #+BEGIN_SRC sh - aurman -S spideroak-one # ta-da - #+END_SRC -** lenovo x1c6 stuff - - -*** cpu throttling - - cpu throttling - - so turns out there is some unfortunate fuckery with Lenovo thinkpad - cpu's right now - - artificially throttled while underload because of misaligned temp - values - - lets install a script that fixes this - #+BEGIN_SRC sh - aurman -S lenovo-throttling-fix-git - sudo systemctl enable --now lenovo_fix.service - #+END_SRC - - usual warnings apply about this not being endorsed by lenovo, etc etc - - lenovo i love you, please stop hurting us like this - - please look at the script yourself, see the options you have: https://github.com/erpalma/lenovo-throttling-fix -*** bios update - - Lenovo has released an updated bio since (i'm guessing) most x1c6 units - shipped, at least my model for sure. - - has several improvements that are honestly worth risking a manual bios - update - - recall that disclaimer I had at the beginning? this action, more than - anything, requires it - - *you are responsible for the result of updating your bios* - - to update your bios: - 1. first go get the update, [[https://download.lenovo.com/pccbbs/mobiles/n23ur08w.iso][here]]. - 2. install the following utility made just for this: - #+BEGIN_SRC sh - aurman -S geteltorito - #+END_SRC - 3. we now will extract the .img from the .iso that Lenovo provided us: - #+BEGIN_SRC sh - geteltorito.pl -o .img .iso - #+END_SRC - - where the ~.img~ is our *output* from extracting. Do not mix this up later. - - i say this because when i was doing this myself at like 1am, i sure - as hell did for a while and wasted 30 mins trying to figure out why - my stupid update wouldn't initiate upon boot - 4. now we will make a live usb with the ~.img~ - - this is just like what we did when we made the arch live usb - - same disclaimers apply: do not mix up your source with your - destination, and double check the name of your drive with ~lsblk~ - - i will assume the device is named ~sdb~ for the purpose of this - tutorial - - make sure the drive is not mounted as well - - with a spare usb you are okay with completely wiping clean, do the - following: - #+BEGIN_SRC sh - dd if=/path/to/bios.img of=/dev/sdb bs=512K status=progress - #+END_SRC - 5. now, with our new live-usb in hand, reboot the laptop and go into the - bio menu - 1. Enable -*** trimming SSD - - not lenovo exclusive but /shrug/ - - "trimming" your ssd regularly improves its performance by allowing it - to better know where it has memory free to use - - make sure you can do it with command ~lsblk --discard~ - - non-zero values in the first and second column for your SSD means yes - - if so, now install ~utils-linux~ and enable the service for periodic - trimming - #+BEGIN_SRC sh - pacman -S utils-linux - systemctl enable fstrim.timer - #+END_SRC - - you can tweak the time interval this occurs, that's on you - - for those possibly wondering: we don't need to enable trimming in lvm's - conf nor for dm-crypt with this method, which is both nice and more - secure. That said, you could potentially get better performance doing - these alterations as well, but I won't. -*** patching for S3 support - 1. s3 vs s0i3 sleep state - - this is a lot trickier and i won't be walking you through this - - tl;dr, MCSFT is pushing a new sleep state standard, s0i3, that makes laptop behave more - akin to phones - - pros: they can do stuff like connect to wifi, update, and refresh - user data while asleep - - cons: massively more energy use - - lenovo decided to support this: okay, fine - - ... but also decided to completely remove support for previous - format, S3 - - wait, *why, lenovo, why??????* - - Making matters worse: neither are now properly supported by linux - because of lenovo's implementation, you need to apply a patch fix - either way - - it involves patching the kernal or editing boot configs - - didn't mention them earlier because this is an idiot's guide and i - didn't want to overwhelm you - - i was also overwhelmed, i was the idiot - - reference the wiki, make your decision: - - if you want to return to S3, follow this guide: https://delta-xi.net/#056 - - it is very good and really does guide you through all the steps, do - not be intimidated - 2. if you follow the s3 guide (as I did), some advice: - 1. *first and foremost, update your bios as described above* - 1. good chance your s3 won't work nearly as good without it (if at - all, going by forum discussions) - 2. when running the patch, Hunk 7 failed for me. - 1. solution: there is a function call that will look like this in - your .dsl: - #+BEGIN_SRC asm - OperationRegion (GNVS, SystemMemory, 0x4FF4E000,0x0771) - #+END_SRC - - the last two values are different from the ~.patch~ the author - provides. Edit the values *in the patch* to be the *same* as - those in your *.dsl* - - after this, *regenerate* the .dsl as the author guides you and - reapply the patch as instructed, hunk 7 should now pass. - 2. the author uses ~GRUB~, if you followed my guide, you don't use - ~GRUB~ like me. - 1. Follow the guide as instructed up to, and including, to where - we ~cp~ the ~acpi_override~ to ~/boot/~ - 2. Now we need to edit our ~arch.conf~ entry that we made earlier - in ~/boot/loader/entries/~ - - we are making two additions, adding a ~initrd /acpi_override~ - entry and then adding another kernal param argument to - options, ~mem_sleep_default=deep~ - - this is what my ~arch.conf~ looks like: - #+BEGIN_SRC conf - title Arch Linux - linux /vmlinuz-linux - initrd /intel-ucode.img - initrd /acpi_override - initrd /initramfs-linux.img - options cryptdevice=UUID=:cryptlvm root=/dev/mapper/main_group-root mem_sleep_default=deep quiet rw - #+END_SRC - - notice the fourth line and the end of the last line, you'll - see my edits as compared to when we first made this file - - I've excluded the edit for enabling hibernation from this - example, fyi -*** hibernate support - - changes to HOOKS - - regenerating initramfs - - adding param to arch.conf loader file in options + [Don't.](https://www.ubuntu.com/download/desktop) From cce8bda3d5801299cea9503b6dc80d7d38f9f082 Mon Sep 17 00:00:00 2001 From: Chris Allen Date: Tue, 17 Jul 2018 12:21:55 -0500 Subject: [PATCH 2/2] Fixed link because this is org-town --- README.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.org b/README.org index 8ae3ade..ee015f7 100644 --- a/README.org +++ b/README.org @@ -1,3 +1,3 @@ * installing arch dot txt - [Don't.](https://www.ubuntu.com/download/desktop) + [[https://www.ubuntu.com/download/desktop][Don't.]]