diff --git a/.gitignore b/.gitignore index beb5f1a..0a9cebf 100644 --- a/.gitignore +++ b/.gitignore @@ -4,7 +4,8 @@ !/dustdoc.cls !/generate-pdfs -!/Documentation.tex !/Documentation.pdf +!/Documentation.tex +!/Documentation_v2.org !/print_a4.tex !/print_a4.pdf diff --git a/Documentation.pdf b/Documentation.pdf index 838ed16..c2fa3fe 100644 Binary files a/Documentation.pdf and b/Documentation.pdf differ diff --git a/Documentation.tex b/Documentation.tex index eb44184..31a39d4 100644 --- a/Documentation.tex +++ b/Documentation.tex @@ -11,7 +11,7 @@ \tableofcontents -\chapter{Inside the \texttt{archiso}} +\chapter{Inside the \texttt{archiso}}% \label{sec:inside-the-archiso} This chapter is aimed at assisting with the general setup of a customized Arch Linux installation, using an official Arch Linux image (\texttt{archiso}). @@ -23,30 +23,36 @@ This chapter is aimed at assisting with the general setup of a customized Arch L If you encounter any problems along the way, you will either have to resolve the issue yourself, or utilize the great \hreffn{https://wiki.archlinux.org/}{ArchWiki}, or the \hreffn{https://bbs.archlinux.org/}{Arch Linux forums}. \end{NOTE} -\section{\texttt{Sy}ncing up \texttt{pacman}} +\begin{NOTE} + In the following document, + I will denote a \texttt{root} shell with a preceding \mintinline{fish}{#} and a \texttt{user} shell with a preceding \mintinline{fish}{>}. +\end{NOTE} + +\section{\texttt{Sy}ncing up \texttt{pacman}}% \label{sec:syncing-up-pacman} First of all we need to sync up \texttt{pacman}'s package repository, in order to be able to install the latest, as well as new packages to the \texttt{archiso} and our new system. -\begin{minted}{console} -root@archiso ~ # pacman -Sy +\begin{minted}{fish} +> pacman -Sy \end{minted} \begin{WARNING} - Using \mintinline{console}{$ pacman -Sy} should be sufficient, in order to be able to search for packages from within the \texttt{archiso}, without upgrading the system, but might break your system, if you use this command on an existing installation! + Using \mintinline{fish}{> pacman -Sy} should be sufficient, in order to be able to search for packages from within the \texttt{archiso}, without upgrading the system, but might break your system, if you use this command on an existing installation! - To be on the safe side, it is advised to always use \mintinline{console}{$ pacman -Syu} instead! + To be on the safe side, it is advised to always use \mintinline{fish}{> pacman -Syu} instead! \texttt{pacstrap} uses the latest packages anyways. \end{WARNING} -\subsection{Official repositories} +\subsection{Official repositories}% \label{sec:official-repositories} After doing that, we can now install any software from the official repositories by issuing -\begin{minted}{console} -root@archiso ~ # pacman -S +\begin{minted}{fish} +root in ~ +> pacman -S \end{minted} \noindent @@ -54,90 +60,95 @@ where you would replace \texttt{} with the actual package name. If you want to remove an installed package, just use -\begin{minted}{console} -root@archiso ~ # pacman -Rsu +\begin{minted}{fish} +root in ~ +> pacman -Rsu \end{minted} If you don’t know the exact package name, or if you just want to search for a keyword, for example \texttt{xfce}, to list all packages having to do something with \texttt{xfce}, use -\begin{minted}{console} -root@archiso ~ # pacman -Ss +\begin{minted}{fish} +root in ~ +> pacman -Ss \end{minted} \begin{CAUTION} If you really need to force remove a package, which you should use \emph{with extreme caution}, you could use - \begin{minted}{console} -root@archiso ~ # pacman -Rdd + \begin{minted}{fish} +root in ~ +> pacman -Rdd \end{minted} \end{CAUTION} -\subsection{\texttt{AUR}} +\subsection{\texttt{AUR}}% \label{sec:aur} -If you want to install a package from the \hreffn{https://aur.archlinux.org/}{\texttt{AUR}}, I would advise proceeding in the following manner +If you want to install a package from the \hreffn{https://aur.archlinux.org/}{\texttt{AUR}}, I would advise proceeding in the following manner, in order to install the \texttt{AUR}-helper \texttt{paru}. \begin{enumerate} - \item \texttt{cd} into the dedicated \mintinline{text}{~/AUR} directory, if you’re using the \texttt{dotfiles} repo, which provides you with an \mintinline{text}{update} \texttt{bash} script within that folder, to check every subfolder for updates - - \begin{minted}{console} -dustvoice@archiso ~ $ cd AUR - \end{minted} - \item Clone the package with \texttt{git} - \begin{minted}{console} -dustvoice@archiso ~/AUR $ git clone https://aur.archlinux.org/pacman-git.git + \begin{minted}{fish} +dustvoice in ~ +> git clone https://aur.archlinux.org/paru.git \end{minted} + + \begin{NOTE} + If you are on a slow PC, or don't want to compile \texttt{paru} from scratch, you can also use \hreffn{https://aur.archlinux.org/paru-bin.git}{\texttt{paru-bin}}. + \end{NOTE} + \item Switch to the package directory - \begin{minted}{console} -dustvoice@archiso ~/AUR $ cd pacman-git + \begin{minted}{fish} +dustvoice in ~ +> cd paru \end{minted} - \item Execute \mintinline{console}{$ makepkg} - \begin{minted}{console} -dustvoice@archiso ~/AUR/pacman-git $ makepkg -si + \item Execute \mintinline{fish}{> makepkg} + + \begin{minted}{fish} +dustvoice in ~/paru +> makepkg -si \end{minted} - \item Delete all files created by \texttt{makepkg}, in order to easily see, if a package needs an update by using \mintinline{console}{$ git fetch --all} and \mintinline{console}{$ git status} - \begin{minted}{console} -dustvoice@archiso ~/AUR/pacman-git $ git reset HEAD --hard -dustvoice@archiso ~/AUR/pacman-git $ git clean -fdx + \item Delete all files created, as \texttt{paru} will now be handling all the \texttt{AUR} stuff. + + \begin{minted}{fish} +dustvoice in ~/paru +> cd .. + +dustvoice in ~ +> rm -rf paru \end{minted} + \end{enumerate} \begin{NOTE} - You might have to resolve some \texttt{AUR} dependencies manually, which can’t be automatically resolved by \texttt{makepkg}'s \texttt{-s} option, whitch uses \texttt{pacman}. + If you only install \texttt{AUR} packages the manual way, you might have to resolve some \texttt{AUR} dependencies manually, which can’t be automatically resolved by \texttt{makepkg}'s \texttt{-s} option, whitch uses \texttt{pacman}. \end{NOTE} \begin{WARNING} - In order to install the desired \texttt{AUR} package, you \emph{must} switch to your normal, non-\texttt{root} user, because \texttt{makepkg} doesn’t run as \texttt{root}. + In order to install a desired \texttt{AUR} package, you \emph{must} switch to your normal, non-\texttt{root} user, because \texttt{makepkg} doesn’t run as \texttt{root}. \end{WARNING} -\begin{NOTE} - As mentioned before, there is an \mintinline{text}{update} \texttt{bash} script available within the \mintinline{text}{~/AUR} directory, when using the \texttt{dotfiles} repository, which enables you to quickly check all cloned \texttt{AUR} repositories within said directory for updates and even install them in the same step. - - Issue \mintinline{console}{$ ./update --help} for command line options. -\end{NOTE} - -\subsection{Software categories} +\subsection{Software categories}% \label{sec:software-categories} In this guide, software is categorized in three different categories \begin{itemize} - \item \texttt{Console} software is intended to be used with either the native linux console, or with a terminal emulator + \item \texttt{Fish} software is intended to be used with either the native linux fish, or with a terminal emulator \item \texttt{GUI} software is intended to be used within a graphical desktop environment - \item \texttt{Hybrid} software can either be used within both a console and a graphical desktop environment (e.g. \texttt{networkmanager}), or there are packages available for both console and a graphical desktop environment (e.g. \texttt{pulseaudio} with \texttt{pulsemixer} for \texttt{Console} and \texttt{pavucontrol} for \texttt{GUI}) + \item \texttt{Hybrid} software can either be used within both a fish and a graphical desktop environment (e.g. \texttt{networkmanager}), or there are packages available for both fish and a graphical desktop environment (e.g. \texttt{pulseaudio} with \texttt{pulsemixer} for \texttt{Fish} and \texttt{pavucontrol} for \texttt{GUI}) \end{itemize} -\subsection{Software installation} +\subsection{Software installation}% \label{sec:software-installation} In this guide, I’ll be explicitly listing the packages installed in a specific section at the beginning of the individual sections. @@ -160,15 +171,15 @@ This allows you to Of course, as always, you can and should adapt everything according to your needs, as this guide is, again, \emph{no tutorial, but a guide}. \end{NOTE} -\subsubsection{Example section} +\subsubsection{Example section}% \label{sec:example-section} -\begin{packagetable} +\begin{pkgtable} \texttt{core} & \texttt{libutil-linux} \\ \texttt{extra} & \texttt{git} \\ \texttt{community} & \texttt{ardour cadence jsampler linuxsampler qsampler sample-package} \\ \texttt{AUR} & \texttt{sbupdate} \\ -\end{packagetable} +\end{pkgtable} You have to configure \texttt{sample-package}, by editing \texttt{/etc/sample.conf} @@ -180,17 +191,18 @@ Sample.text=useful \caption{\mintinline{text}{/etc/sample.conf}} \end{mintedlisting} -\section{Formatting the drive} +\section{Formatting the drive}% \label{sec:formatting-the-drive} First, you probably want to get a list of all available drives, together with their corresponding device name, by issuing -\begin{minted}{console} -root@archiso ~ # fdisk -l +\begin{minted}{fish} +root in ~ +> fdisk -l \end{minted} \begin{NOTE} - The output of \mintinline{console}{$ fdisk -l} is dependent on your system configuration and many other factors, like \texttt{BIOS} initialization order, etc. + The output of \mintinline{fish}{> fdisk -l} is dependent on your system configuration and many other factors, like \texttt{BIOS} initialization order, etc. \begin{CAUTION} Don't assume the same path of a device between reboots! @@ -201,7 +213,7 @@ root@archiso ~ # fdisk -l \end{CAUTION} \end{NOTE} -\subsection{The standard way} +\subsection{The standard way}% \label{sec:the-standard-way} In my case, the partition I want to install the root file system on is \mintinline{text}{/dev/sdb2}. @@ -223,28 +235,37 @@ In my case, the partition I want to install the root file system on is \mintinli Now we need to format the partitions accordingly -\begin{minted}{console} -root@archiso ~ # mkfs.ext4 /dev/sdb2 -root@archiso ~ # mkswap /dev/sdb3 +\begin{minted}{fish} +root in ~ +> mkfs.ext4 /dev/sdb2 + +root in ~ +> mkswap /dev/sdb3 \end{minted} After doing that, we can turn on the \texttt{swap} and mount the root partition. -\begin{minted}{console} -root@archiso ~ # swapon /dev/sdb3 -root@archiso ~ # mount /dev/sdb2 /mnt +\begin{minted}{fish} +root in ~ +> swapon /dev/sdb3 + +root in ~ +> mount /dev/sdb2 /mnt \end{minted} \begin{NOTE} - If you have an additional EFI System partition, because of a \emph{UEFI - GPT} setup or an existing Windows installation, for example, which we will assume to be located under \mintinline{text}{/dev/sda2} (\mintinline{text}{/dev/sda} is the disk of my Windows install), you’ll have to mount this partition to the new system's \mintinline{text}{/boot} folder + If you have an additional EFI System partition, because of a \emph{UEFI -\ GPT} setup or an existing Windows installation, for example, which we will assume to be located under \mintinline{text}{/dev/sda2} (\mintinline{text}{/dev/sda} is the disk of my Windows install), you’ll have to mount this partition to the new system's \mintinline{text}{/boot} folder - \begin{minted}{console} -root@archiso ~ # mkdir /mnt/boot -root@archiso ~ # mount /dev/sda2 /mnt/boot + \begin{minted}{fish} +root in ~ +> mkdir /mnt/boot + +root in ~ +> mount /dev/sda2 /mnt/boot \end{minted} \end{NOTE} -\subsection{Full system encryption} +\subsection{Full system encryption}% \label{sec:full-system-encryption} \begin{NOTE} @@ -265,12 +286,12 @@ In my case I’ll be using my NVMe SSD, with a \texttt{GPT} partition scheme, fo After partitioning our disk, we now have to set everything up. -\subsubsection{EFI System partition} +\subsubsection{EFI System partition}% \label{sec:efi-system-partition} -\begin{packagetable} +\begin{pkgtable} \texttt{core} & \texttt{dosfstools} \\ -\end{packagetable} +\end{pkgtable} I won’t setup my EFI System partition with \texttt{cryptsetup}, as it makes no sense in my case. @@ -278,8 +299,9 @@ Every \texttt{EFI} binary (or \texttt{STUB}) will have to be signed with my cust Instead I will simply format it with a \texttt{FAT32} filesystem -\begin{minted}{console} -root@archiso ~ # mkfs.fat -F 32 -L /efi /dev/nvme0n1p1 +\begin{minted}{fish} +root in ~ +> mkfs.fat -F 32 -L /efi /dev/nvme0n1p1 \end{minted} We will bother with mounting it later on. @@ -288,65 +310,86 @@ We will bother with mounting it later on. When you \emph{do} want to encrypt your EFI System partition, in conjunction with using \texttt{grub}, please either use \texttt{LUKS 1}, or make sure to have the latest version of \texttt{grub} installed on your system, to make it work with \texttt{LUKS 2}! \end{NOTE} -\subsubsection{\texttt{LUKS}} +\subsubsection{\texttt{LUKS}}% \label{sec:luks} -\begin{packagetable} +\begin{pkgtable} \texttt{core} & \texttt{cryptsetup} \\ -\end{packagetable} +\end{pkgtable} First off we have to create the \texttt{LUKS} volume -\begin{minted}{console} -root@archiso ~ # cryptsetup luksFormat --type luks2 /dev/nvme0n1p2 +\begin{minted}{fish} +root in ~ +> cryptsetup luksFormat --type luks2 /dev/nvme0n1p2 \end{minted} After that we have to open the volume -\begin{minted}{console} -root@archiso ~ # cryptsetup open /dev/nvme0n1p2 cryptroot +\begin{minted}{fish} +root in ~ +> cryptsetup open /dev/nvme0n1p2 cryptroot \end{minted} The volume is now accessible under \mintinline{text}{/dev/mapper/cryptroot}. -\subsubsection{\texttt{LVM}} +\subsubsection{\texttt{LVM}}% \label{sec:lvm} -\begin{packagetable} +\begin{pkgtable} \texttt{core} & \texttt{lvm2} \\ -\end{packagetable} +\end{pkgtable} I’m going to create one \texttt{PV} (Physical Volume) using the just created and opened \texttt{cryptroot} \texttt{LUKS} volume, one \texttt{VG} (Volume Group), named \texttt{DustArch1}, which will contain two \texttt{LV}s (Logical Volumes) named \texttt{root} and \texttt{swap} containing the \texttt{root} filesystem and the \texttt{swap} space respectively. -\begin{minted}{console} -root@archiso ~ # pvcreate /dev/mapper/cryptroot -root@archiso ~ # vgcreate DustArch1 /dev/mapper/cryptroot -root@archiso ~ # lvcreate -L 100%FREE -n root DustArch1 -root@archiso ~ # lvreduce -l -32G /dev/DustArch1/root -root@archiso ~ # lvcreate -L 100%FREE -n swap DustArch1 +\begin{minted}{fish} +root in ~ +> pvcreate /dev/mapper/cryptroot + +root in ~ +> vgcreate DustArch1 /dev/mapper/cryptroot + +root in ~ +> lvcreate -l 100%FREE -n root DustArch1 + +root in ~ +> lvreduce -L -32G /dev/DustArch1/root + +root in ~ +> lvcreate -l 100%FREE -n swap DustArch1 \end{minted} -\subsubsection{Format \& mount} +\subsubsection{Format \& mount}% \label{sec:format-and-mount} Now the only thing left to do is formatting our freshly created logical volumes appropriately -\begin{minted}{console} -root@archiso ~ # mkfs.ext4 -L / /dev/DustArch1/root -root@archiso ~ # mkswap /dev/DustArch1/swap +\begin{minted}{fish} +root in ~ +> mkfs.ext4 -L / /dev/DustArch1/root + +root in ~ +> mkswap /dev/DustArch1/swap \end{minted} \noindent as well as mounting them and enabling the \texttt{swap}, in order to proceed with the next steps. -\begin{minted}{console} -root@archiso ~ # mount /dev/DustArch1/root /mnt -root@archiso ~ # mkdir /mnt/efi -root@archiso ~ # mount /dev/nvme0n1p1 /mnt/efi -root@archiso ~ # swapon /dev/DustArch1/swap +\begin{minted}{fish} +root in ~ +> mount /dev/DustArch1/root /mnt + +root in ~ +> mkdir /mnt/efi + +root in ~ +> mount /dev/nvme0n1p1 /mnt/efi + +root in ~ +> swapon /dev/DustArch1/swap \end{minted} -\subsubsection{Unmount \& Close} +\subsubsection{Unmount \& Close}% \label{sec:unmount-and-close} \begin{WARNING} @@ -358,50 +401,56 @@ To close everything back up again, \begin{enumerate} \item unmount the volumes - \begin{minted}{console} -root@archiso ~ # umount /mnt/efi /mnt + \begin{minted}{fish} +root in ~ +> umount /mnt/efi /mnt \end{minted} \item deactivate the \texttt{VG} - \begin{minted}{console} -root@archiso ~ # vgchange -a n DustArch1 + \begin{minted}{fish} +root in ~ +> vgchange -a n DustArch1 \end{minted} \item close the \texttt{LUKS} volume - \begin{minted}{console} -root@archiso ~ # cryptsetup close cryptroot + \begin{minted}{fish} +root in ~ +> cryptsetup close cryptroot \end{minted} \end{enumerate} -\section{Preparing the \texttt{chroot} environment} +\section{Preparing the \texttt{chroot} environment}% \label{sec:preparing-the-chroot-environment} -First it might make sense to edit \mintinline{text}{/etc/pacman.d/mirrorlist} to move the mirror(s) geographically closest to you to the top. +First it might make sense to edit \mintinline{text}{/etc/pacman.d/mirrorlist} to move the mirrors geographically closest to you to the top. If you're using an older version of the \texttt{archiso}, you might want to replace the mirrorlist present on the \texttt{archiso} with the newest one from \hreffn{https://archlinux.org/mirrorlist}{https://archlinux.org/mirrorlist} -\begin{minted}{console} -root@archiso ~ # curl https://archlinux.org/mirrorlist/all > /etc/pacman.d/mirrorlist +\begin{minted}{fish} +root in ~ +> curl https://archlinux.org/mirrorlist/all > /etc/pacman.d/mirrorlist \end{minted} \begin{NOTE} - \begin{packagetable} + \begin{pkgtable} \texttt{community} & \texttt{reflector} \\ - \end{packagetable} + \end{pkgtable} The best way to do this, is using a package from the official repositories named \texttt{reflector}. It comes with all sorts of options, for example sorting mirrors by speed, filtering by country, etc. - \begin{minted}{console} -root@archiso ~ # reflector --verbose --latest 200 --sort rate --save /etc/pacman.d/mirrorlist + \begin{minted}{fish} +root in ~ +> reflector --verbose --latest 200 --sort rate --save /etc/pacman.d/mirrorlist \end{minted} After that you would need to reinstall the \texttt{pacman-mirror} package and run - \begin{minted}{console} -root@archiso ~ # pacman -Syyuu + \begin{minted}{fish} +root in ~ +> pacman -Syyuu \end{minted} \noindent @@ -411,51 +460,54 @@ root@archiso ~ # pacman -Syyuu After that we can \texttt{pacstrap} the \emph{minimum packages} needed. We will install all other packages later on. -\begin{packagetable} +\begin{pkgtable} \texttt{core} & \texttt{base linux linux-firmware} \\ -\end{packagetable} +\end{pkgtable} \begin{NOTE} This is the actual command used in my case - \begin{minted}{console} -root@archiso ~ # pacstrap /mnt base linux linux-firmware + \begin{minted}{fish} +root in ~ +> pacstrap /mnt base linux linux-firmware \end{minted} \end{NOTE} After that generate an \texttt{fstab} using \texttt{genfstab} -\begin{minted}{console} -root@archiso ~ # genfstab -U /mnt >> /mnt/etc/fstab +\begin{minted}{fish} +root in ~ +> genfstab -U /mnt >> /mnt/etc/fstab \end{minted} \noindent and you’re ready to enter the \texttt{chroot} environment. -\chapter{Entering the \texttt{chroot}} +\chapter{Entering the \texttt{chroot}}% \label{sec:entering-the-chroot} \begin{NOTE} - As we want to set up our new system, we need to have access to the different partitions, the internet, etc. which we wouldn’t get by solely using \texttt{chroot}. + As we want to set up our new system, we need to have access to the different partitions, the internet, etc. \ which we wouldn’t get by solely using \texttt{chroot}. That’s why we are using \texttt{arch-chroot}, provided by the \texttt{arch-install-scripts} package, which is shipped with the \texttt{archiso}. This script takes care of all the afforementioned stuff, so we can set up our system properly. \end{NOTE} -\begin{minted}{console} -root@archiso ~ # arch-chroot /mnt +\begin{minted}{fish} +root in ~ +> arch-chroot /mnt \end{minted} Et Voil\`{a}! You successfully \texttt{chroot}ed inside your new system and you’ll be greeted by a \texttt{bash} prompt, which is the default shell on fresh Arch Linux installations. -\section{Installing additional packages} +\section{Installing additional packages}% \label{sec:installing-additional-packages} -\begin{packagetable} +\begin{pkgtable} \texttt{core} & \texttt{amd-ucode base-devel diffutils dmraid dnsmasq dosfstools efibootmgr exfat-utils grub iputils lvm2 openssh sudo usbutils} \\ \texttt{extra} & \texttt{efitools git intel-ucode networkmanager networkmanager-openconnect networkmanager-openvpn parted polkit rsync zsh} \\ \texttt{community} & \texttt{neovim os-prober} \\ -\end{packagetable} +\end{pkgtable} \begin{NOTE} There are many command line text editors available, like \texttt{nano}, \texttt{vi}, \texttt{vim}, \texttt{emacs}, etc. @@ -465,8 +517,9 @@ Et Voil\`{a}! You successfully \texttt{chroot}ed inside your new system and you Make sure to enable the \mintinline{text}{NetworkManager.service} service, in order for the Internet connection to work correctly, upon booting into the fresh system later on. -\begin{minted}{console} -[root@archiso /]# systemctl enable NetworkManager.service +\begin{minted}{fish} +root in / +> systemctl enable NetworkManager.service \end{minted} With \texttt{polkit} installed, create a file to enable users of the \texttt{network} group to add new networks without the need of \texttt{sudo}. @@ -485,7 +538,7 @@ polkit.addRule(function(action, subject) { If you use \texttt{UEFI}, you’ll also need the \texttt{efibootmgr}, in order to modify the \texttt{UEFI} entries. -\section{Master of time} +\section{Master of time}% \label{sec:master-of-time} After that, you have to set your timezone and update the system clock. @@ -496,26 +549,33 @@ In my case, my timezone file resides under \mintinline{text}{/usr/share/zoneinfo To achieve the desired result, I will want to symlink this to \mintinline{text}{/etc/localtime} and set the hardware clock. -\begin{minted}{console} -[root@archiso /]# ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime -[root@archiso /]# hwclock --systohc --utc +\begin{minted}{fish} +root in / +> ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime + +root in / +> hwclock --systohc --utc \end{minted} Now you can also enable time synchronization over network -\begin{minted}{console} -[root@archiso /]# timedatectl set-timezone Europe/Berlin -[root@archiso /]# timedatectl set-ntp true +\begin{minted}{fish} +root in / +> timedatectl set-timezone Europe/Berlin + +root in / +> timedatectl set-ntp true \end{minted} \noindent and check that everything is alright -\begin{minted}{console} -[root@archiso /]# timedatectl status +\begin{minted}{fish} +root in / +> timedatectl status \end{minted} -\section{Master of locales} +\section{Master of locales}% \label{sec:master-of-locales} Now you have to generate your locale information. @@ -538,27 +598,29 @@ en_US.UTF-8 UTF8 After that you still have to actually generate the locales by issuing -\begin{minted}{console} -[root@archiso /]# locale-gen +\begin{minted}{fish} +root in / +> locale-gen \end{minted} \noindent and set the locale -\begin{minted}{console} -[root@archiso /]# localectl set-locale LANG="en_US.UTF-8" +\begin{minted}{fish} +root in / +> localectl set-locale LANG="en_US.UTF-8" \end{minted} After that we’re done with this part. -\section{Naming your machine} +\section{Naming your machine}% \label{sec:naming-your-machine} Now we can set the \texttt{hostname} for our new install and add \texttt{hosts} entries. Apart from being mentioned in your command prompt, the \texttt{hostname} also serves the purpose of identifying, or naming your machine locally, as well as in a networked scenario. This will enable you to see your PC with the correct name in your router, etc. -\subsection{\texttt{hostname}} +\subsection{\texttt{hostname}}% \label{sec:hostname} To change the \texttt{hostname}, simply edit \mintinline{text}{/etc/hostname}, enter the desired name, then save and quit @@ -571,7 +633,7 @@ DustArch \caption{\mintinline{text}{/etc/hostname}} \end{mintedlisting} -\subsection{\texttt{hosts}} +\subsection{\texttt{hosts}}% \label{sec:hosts} Now we need to specify some \texttt{hosts} entries by editing \mintinline{text}{/etc/hosts} @@ -589,41 +651,45 @@ Now we need to specify some \texttt{hosts} entries by editing \mintinline{text}{ \caption{\mintinline{text}{/etc/hosts}} \end{mintedlisting} -\section{User setup} +\section{User setup}% \label{sec:user-setup} Now you should probably change the default \texttt{root} password and create a new non-\texttt{root} user for yourself, as using your new system purely through the native \texttt{root} user is not recommended from a security standpoint. -\subsection{Give \texttt{root} a password} +\subsection{Give \texttt{root} a password}% \label{sec:give-root-a-password} To change the password for the current user (the \texttt{root} user) issue -\begin{minted}{console} -[root@archiso /]# passwd +\begin{minted}{fish} +root in / +> passwd \end{minted} \noindent and choose a new password. -\subsection{Create a personal user} +\subsection{Create a personal user}% \label{sec:create-a-personal-user} -\begin{packagetable} +\begin{pkgtable} \texttt{core} & \texttt{sudo} \\ \texttt{extra} & \texttt{zsh} \\ -\end{packagetable} +\end{pkgtable} We are going to create a new user and set the password, groups and shell for this user -\begin{minted}{console} -[root@archiso /]# useradd -m -p "" -G "adm,audio,disk,floppy,kvm,log,lp,network,rfkill,scanner,storage,users,optical,power,wheel" -s /usr/bin/zsh dustvoice -[root@archiso /]# passwd dustvoice +\begin{minted}{fish} +root in / +> useradd -m -p "" -G "adm,audio,disk,floppy,kvm,log,lp,network,rfkill,scanner,storage,users,optical,power,wheel" -s /usr/bin/zsh dustvoice + +root in / +> passwd dustvoice \end{minted} We now have to allow the \texttt{wheel} group \texttt{sudo} access. -For that we edit \mintinline{text}{/etc/sudoers} and uncomment the \mintinline{text}{%wheel [...]} line +For that we edit \mintinline{text}{/etc/sudoers} and uncomment the \mintinline[escapeinside=||]{text}{|\%|wheel [|\ldots|]} line. \begin{mintedlisting} \begin{minted}{text} @@ -657,23 +723,24 @@ dustvoice ALL=(ALL) ALL \noindent to solely grant the \emph{new} user \texttt{sudo} privileges. -\section{Boot manager} +\section{Boot manager}% \label{sec:boot-manager} In this section different boot managers / boot methods are explained. -\subsection{\texttt{EFISTUB}} +\subsection{\texttt{EFISTUB}}% \label{sec:efistub} -\begin{packagetable} +\begin{pkgtable} \texttt{core} & \texttt{efibootmgr} \\ -\end{packagetable} +\end{pkgtable} You can directly boot the system, by making use of the \texttt{EFISTUB} contained in the kernel image. To utilize this, we can use \texttt{efibootmgr} to create an entry in the \texttt{UEFI} -\begin{minted}{console} -[root@archiso /]# efibootmgr --disk /dev/sda --part 2 --create --label "Arch Linux" --loader /vmlinuz-linux --unicode 'root=6ff60fab-c046-47f2-848c-791fbc52df09 rw initrd=\initramfs-linux.img resume=UUID=097c6f11-f246-40eb-a702-ba83c92654f2' --verbose +\begin{minted}{fish} +root in / +> efibootmgr --disk /dev/sda --part 2 --create --label "Arch Linux" --loader /vmlinuz-linux --unicode 'root=6ff60fab-c046-47f2-848c-791fbc52df09 rw initrd=\initramfs-linux.img resume=UUID=097c6f11-f246-40eb-a702-ba83c92654f2' --verbose \end{minted} \begin{NOTE} @@ -681,34 +748,35 @@ To utilize this, we can use \texttt{efibootmgr} to create an entry in the \textt In this case it doesn't matter of course, if your machine \emph{theoretically supports} \texttt{UEFI}, but rather if it is the \emph{enabled mode}! \end{NOTE} -\subsection{\texttt{grub}} +\subsection{\texttt{grub}}% \label{sec:grub} -\begin{packagetable} +\begin{pkgtable} \texttt{core} & \texttt{dosfstools efibootmgr grub} \\ \texttt{extra} & \texttt{mtools} \\ \texttt{community} & \texttt{os-prober} \\ -\end{packagetable} +\end{pkgtable} Of course you can also use a boot manager to boot the system, as the name implies. -If I can't use \texttt{EFISTUB}, e.g. either because the system has no \texttt{UEFI} support, or because I need another feature of a boot manager, I normally use \texttt{grub}. +If I can't use \texttt{EFISTUB}, e.g.\ either because the system has no \texttt{UEFI} support, or because I need another feature of a boot manager, I normally use \texttt{grub}. \begin{NOTE} You'll probably only need the \texttt{efibootmgr} package, if you plan to utilize \texttt{UEFI}. \end{NOTE} -\subsubsection{\texttt{BIOS}} +\subsubsection{\texttt{BIOS}}% \label{sec:bios} -If you chose the \texttt{BIOS - MBR} variation, you’ll have to \emph{do nothing special} +If you chose the \texttt{BIOS -\ MBR} variation, you’ll have to \emph{do nothing special}. -If you chose the \texttt{BIOS - GPT} variation, you’ll have to \emph{have a \texttt{+1M} boot partition} created with the partition type set to \texttt{BIOS boot}. +If you chose the \texttt{BIOS -\ GPT} variation, you’ll have to \emph{have a \texttt{+1M} boot partition} created with the partition type set to \texttt{BIOS boot}. In both cases you’ll have to \emph{run the following comman} now -\begin{minted}{console} -[root@archiso /]# grub-install --target=i386-pc /dev/sdb +\begin{minted}{fish} +root in / +> grub-install --target=i386-pc /dev/sdb \end{minted} \begin{NOTE} @@ -716,15 +784,16 @@ In both cases you’ll have to \emph{run the following comman} now Note however that you have to specify a \emph{disk} and \emph{not a partition}, so \emph{no number}. \end{NOTE} -\subsubsection{\texttt{UEFI}} +\subsubsection{\texttt{UEFI}}% \label{sec:uefi} -If you chose the \texttt{UEFI - GPT} variation, you’ll have to \emph{have the EFI System partition mounted} at \mintinline{text}{/boot} (where \mintinline{text}{/dev/sda2} is the partition holding said EFI System partition in my particular setup) +If you chose the \texttt{UEFI -\ GPT} variation, you’ll have to \emph{have the EFI System partition mounted} at \mintinline{text}{/boot} (where \mintinline{text}{/dev/sda2} is the partition holding said EFI System partition in my particular setup) Now \emph{install \texttt{grub} to the EFI System partition} -\begin{minted}{console} -[root@archiso /]# grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=grub --recheck +\begin{minted}{fish} +root in / +> grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=grub --recheck \end{minted} \begin{IMPORTANT} @@ -738,32 +807,33 @@ bcdedit /set {bootmgr} path \EFI\grub\grubx64.efi To make sure that the path is correct, you can use - \begin{minted}{console} -[root@archiso /]# ls /boot/EFI/grub + \begin{minted}{fish} +root in / +> ls /boot/EFI/grub \end{minted} \noindent under Linux to make sure, that the \mintinline{text}{grubx64.efi} file is really there. \end{IMPORTANT} -\subsubsection{\texttt{grub} config} +\subsubsection{\texttt{grub} config}% \label{sec:grub-config} In all cases, you now have to create the main \mintinline{text}{grub.cfg} configuration file. But before we actually generate it, we’ll make some changes to the default \texttt{grub} settings, which the \mintinline{text}{grub.cfg} will be generated from. -\paragraph{Adjust the timeout} +\paragraph{Adjust the timeout}% \label{par:adjust-the-timeout} -First of all, I want my \texttt{grub} menu to wait indefinitely for my command to boot an OS. +First of all, I want my \texttt{grub} menu to wait indefinitely for my command to boot an OS.\@ \begin{mintedlisting} \begin{minted}{text} GRUB_TIMEOUT=-1 \end{minted} - \caption{\mintinline{text}{/boot/grub/grub.cfg}} + \caption{\mintinline{text}{/etc/default/grub}} \end{mintedlisting} \begin{NOTE} @@ -784,7 +854,7 @@ GRUB_SAVEDEFAULT="true" \end{mintedlisting} \end{NOTE} -\paragraph{Enable the recovery} +\paragraph{Enable the recovery}% \label{par:enable-the-recovery} After that I also want the recovery option showing up, which means that besides the standard and fallback images, also the recovery one would show up. @@ -797,7 +867,7 @@ GRUB_DISABLE_RECOVERY=false \caption{\mintinline{text}{/etc/default/grub}} \end{mintedlisting} -\paragraph{NVIDIA fix} +\paragraph{NVIDIA fix}% \label{par:nvidia-fix} Now, as I’m using the binary NVIDIA driver for my graphics card, I also want to make sure, to revert \texttt{grub} back to text mode, after I select a boot entry, in order for the NVIDIA driver to work properly. @@ -811,7 +881,7 @@ GRUB_GFXPAYLOAD_LINUX=text \caption{\mintinline{text}{/etc/default/grub}} \end{mintedlisting} -\paragraph{Add power options} +\paragraph{Add power options}% \label{par:add-power-options} I also want to add two new menu entries, to enable me to shut down the PC, or reboot it, right from the \texttt{grub} menu. @@ -827,39 +897,40 @@ menuentry '=> Reboot' { } \end{minted} - \caption{\mintinline{text}{/etc/default/grub}} + \caption{\mintinline{text}{/etc/grub.d/40_custom}} \end{mintedlisting} -\paragraph{Installing \texttt{memtest}} +\paragraph{Installing \texttt{memtest}}% \label{par:installing-memtest} As I want all possible options to possibly troubleshoot my PC right there in my \texttt{grub} menu, without the need to boot into a live OS, I also want to have a memory tester there. -\subparagraph{\texttt{BIOS}} +\subparagraph{\texttt{BIOS}}% \label{par:installing-memtest-bios} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{memtest86+} \\ -\end{packagetable} +\end{pkgtable} For a \texttt{BIOS} setup, you’ll simply need to install the \texttt{memtest86+} package, with no further configuration. -\subparagraph{\texttt{UEFI}} +\subparagraph{\texttt{UEFI}}% \label{par:installing-memtest-uefi} -\begin{packagetable} +\begin{pkgtable} \texttt{AUR} & \texttt{memtest86-efi} \\ -\end{packagetable} +\end{pkgtable} For a \texttt{UEFI} setup, you’ll first need to install the package and then tell \texttt{memtest86-efi\textsuperscript{\texttt{AUR}}} how to install itself -\begin{minted}{console} -[root@archiso /]# memtest86-efi -i +\begin{minted}{fish} +root in / +> memtest86-efi -i \end{minted} Now select option 3, to install it as a \texttt{grub2} menu item. -\paragraph{Enabling hibernation} +\paragraph{Enabling hibernation}% \label{par:enabling-hibernation} We need to add the \texttt{resume} kernel parameter to \mintinline{text}{/etc/default/grub}, containing my \texttt{swap} partition \texttt{UUID}, in my case @@ -873,21 +944,36 @@ GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet resume=UUID=097c6f11-f246-40eb-a702 \end{mintedlisting} \begin{NOTE} - If you have to change anything, like the \texttt{swap} partition \texttt{UUID}, inside the \texttt{grub} configuration files, you’ll always have to rerun \mintinline{console}{$ grub-mkconfig} as explained in the paragraph \nameref{par:generating-the-grub-config} of the section \nameref{sec:grub-config}. + If you have to change anything, like the \texttt{swap} partition \texttt{UUID}, inside the \texttt{grub} configuration files, you’ll always have to rerun \mintinline{fish}{> grub-mkconfig} as explained in the paragraph \nameref{par:generating-the-grub-config} of the section \nameref{sec:grub-config}. \end{NOTE} -\paragraph{Generating the \texttt{grub} config} +\paragraph{Disabling \texttt{os-prober}}% +\label{par:disabling-os-prober} + +Sometimes it makes sense to disable the \texttt{os-prober} functionality of grub, even though \texttt{os-prober} is installed on the system (which auto enables it), for example when installing arch for portability purposes. +We can disable the os-prober functionality in the \texttt{grub} default config file. + +\begin{mintedlisting} + \begin{minted}{text} +GRUB_DISABLE_OS_PROBER=true + \end{minted} + + \caption{\mintinline{text}{/etc/default/grub}} +\end{mintedlisting} + +\paragraph{Generating the \texttt{grub} config}% \label{par:generating-the-grub-config} Now we can finally generate our \mintinline{text}{grub.cfg} -\begin{minted}{console} -[root@archiso /]# grub-mkconfig -o /boot/grub/grub.cfg +\begin{minted}{fish} +root in / +> grub-mkconfig -o /boot/grub/grub.cfg \end{minted} Now you’re good to boot into your new system. -\section{Switch to a \texttt{systemd} based \texttt{ramdisk}} +\section{Switch to a \texttt{systemd} based \texttt{ramdisk}}% \label{sec:switch-to-a-systemd-based-ramdisk} \begin{NOTE} @@ -912,9 +998,9 @@ You will also need to use \texttt{systemd} hooks from now on, for example \textt Replace this with \texttt{systemd} to switch from \texttt{busybox} to \texttt{systemd}. - \item \texttt{keymap} and/or \texttt{consolefont} + \item \texttt{keymap} and/or \texttt{fishfont} - These two, or one, if you didn’t use one of them, need to be replaced with \texttt{sd-vconsole}. + These two, or one, if you didn’t use one of them, need to be replaced with \texttt{sd-vfish}. Everything else stays the same with these. \item \texttt{encrypt} @@ -931,10 +1017,10 @@ You will also need to use \texttt{systemd} hooks from now on, for example \textt You can find all purposes of the individual hooks, as well as the \texttt{busybox} / \texttt{systemd} equivalent of each one in the \hreffn{https://wiki.archlinux.org/index.php/Mkinitcpio\#Common\_hooks}{ArchWiki}. \end{NOTE} -\section{Hibernation} +\section{Hibernation}% \label{sec:hibernation} -In order to use the hibernation feature, you should make sure that your \texttt{swap} partition/file is at least the size of your RAM. +In order to use the hibernation feature, you should make sure that your \texttt{swap} partition/file is at least the size of your RAM.\@ \begin{NOTE} If you use a \texttt{busybox} based \texttt{ramdisk}, you need to @@ -951,8 +1037,9 @@ HOOKS=(base udev autodetect modconf block filesystems keyboard resume fsck) \end{mintedlisting} \item run - \begin{minted}{console} -[root@archiso /]# mkinitcpio -p linux + \begin{minted}{fish} +root in / +> mkinitcpio -p linux \end{minted} \end{enumerate} \end{NOTE} @@ -962,22 +1049,22 @@ HOOKS=(base udev autodetect modconf block filesystems keyboard resume fsck) If your motherboard doesn’t support this, you would need to use \hreffn{https://wiki.archlinux.org/index.php/Systemd-boot}{\texttt{systemd-boot}}. \end{NOTE} -\section{Secure Boot} +\section{Secure Boot}% \label{sec:secure-boot} -\subsection{\texttt{shim}} +\subsection{\texttt{shim}}% \label{sec:shim} -\begin{packagetable} +\begin{pkgtable} \texttt{AUR} & \texttt{shim-signed} \\ -\end{packagetable} +\end{pkgtable} \begin{WARNING} This is a way of handling secure boot that aims at just making everything work! It is not the way Secure Boot was intended to be used and you might as well disable it. - If you need Secure Boot to be enabled, e.g. for Windows, but you couldn’t care less for the security it could bring to your device, use this method. + If you need Secure Boot to be enabled, e.g.\ for Windows, but you couldn’t care less for the security it could bring to your device, use this method. If you want to actually make use of the Secure Boot feature, read \nameref{sec:the-manual-way}. \end{WARNING} @@ -991,9 +1078,12 @@ If you decided on using Secure Boot, you will first have to install the package. Now we just need to copy \mintinline{text}{shimx64.efi}, as well as \mintinline{text}{mmx64.efi} to our EFI System partition -\begin{minted}{console} -[root@archiso /]# cp /usr/share/shim-signed/shimx64.efi /boot/EFI/grub/ -[root@archiso /]# cp /usr/share/shim-signed/mmx64.efi /boot/EFI/grub/ +\begin{minted}{fish} +root in / +> cp /usr/share/shim-signed/shimx64.efi /boot/EFI/grub/ + +root in / +> cp /usr/share/shim-signed/mmx64.efi /boot/EFI/grub/ \end{minted} \begin{NOTE} @@ -1006,18 +1096,18 @@ bcdedit /set {bootmgr} path \EFI\grub\shimx64.efi Now you will be greeted by \texttt{MokManager} everytime you update your bootloader or kernel. -Just choose "Enroll hash from disk" and enroll your bootloader binary (\mintinline{text}{grubx64.efi}) and kernel (\mintinline{text}{vmlinuz-linux}). +Just choose ``Enroll hash from disk'' and enroll your bootloader binary (\mintinline{text}{grubx64.efi}) and kernel (\mintinline{text}{vmlinuz-linux}). Reboot and your system should fire up just fine. -\subsection{The manual way} +\subsection{The manual way}% \label{sec:the-manual-way} \begin{WARNING} As this is a very tedious and time consuming process, it only makes sense when also utilizing some sort of disk encryption, which is, why I would advise you to read \nameref{sec:full-system-encryption} first. \end{WARNING} -\subsubsection{File formats} +\subsubsection{File formats}% \label{sec:file-formats} In the following subsections, we will be dealing with some different file formats. @@ -1039,68 +1129,95 @@ In the following subsections, we will be dealing with some different file format \end{sidebar} \begin{sidebar}{\mintinline{text}{.auth}} - Certificates in \texttt{EFI} Signature List with authentication header (i.e. a signed certificate update file) for \texttt{KeyTool} and/or firmware. + Certificates in \texttt{EFI} Signature List with authentication header (i.e.\ a signed certificate update file) for \texttt{KeyTool} and/or firmware. \end{sidebar} -\subsubsection{Create the keys} +\subsubsection{Create the keys}% \label{sec:create-the-keys} First off, we have to generate our Secure Boot keys. These will be used to sign any binary which will be executed by the firwmare. -\paragraph{\texttt{GUID}} +\paragraph{\texttt{GUID}}% \label{par:guid} Let’s create a \texttt{GUID} first to use with the next commands. -\begin{minted}{console} -[root@archiso ~/sb]# uuidgen --random > GUID.txt +\begin{minted}{fish} +root in ~/sb +> uuidgen --random > GUID.txt \end{minted} -\paragraph{\texttt{PK}} +\paragraph{\texttt{PK}}% \label{par:pk} We can now generate our \texttt{PK} (Platform Key) -\begin{minted}{console} -[root@archiso ~/sb]# openssl req -newkey rsa:4096 -nodes -keyout PK.key -new -x509 -sha256 -subj "/CN=Platform Key for DustArch/" -out PK.crt -[root@archiso ~/sb]# openssl x509 -outform DER -in PK.crt -out PK.cer -[root@archiso ~/sb]# cert-to-efi-sig-list -g "$(< GUID.txt)" PK.crt PK.esl -[root@archiso ~/sb]# sign-efi-sig-list -g "$(< GUID.txt)" -k PK.key -c PK.crt PK PK.esl PK.auth +\begin{minted}{fish} +root in ~/sb +> openssl req -newkey rsa:4096 -nodes -keyout PK.key -new -x509 -sha256 -subj "/CN=Platform Key for DustArch/" -out PK.crt + +root in ~/sb +> openssl x509 -outform DER -in PK.crt -out PK.cer + +root in ~/sb +> cert-to-efi-sig-list -g "$(< GUID.txt)" PK.crt PK.esl + +root in ~/sb +> sign-efi-sig-list -g "$(< GUID.txt)" -k PK.key -c PK.crt PK PK.esl PK.auth \end{minted} + In order to allow deletion of the \texttt{PK}, for firmwares which do not provide this functionality out of the box, we have to sign an empty file. -\begin{minted}{console} -[root@archiso ~/sb]# sign-efi-sig-list -g "$(< GUID.txt)" -k PK.key -c PK.crt PK /dev/null rm_PK.auth +\begin{minted}{fish} +root in ~/sb +> sign-efi-sig-list -g "$(< GUID.txt)" -k PK.key -c PK.crt PK /dev/null rm_PK.auth \end{minted} -\paragraph{\texttt{KEK}} + +\paragraph{\texttt{KEK}}% \label{par:kek} We proced in a similar fashion with the \texttt{KEK} (Key Exchange Key) -\begin{minted}{console} -[root@archiso ~/sb]# openssl req -newkey rsa:4096 -nodes -keyout KEK.key -new -x509 -sha256 -subj "/CN=Key Exchange Key for DustArch/" -out KEK.crt -[root@archiso ~/sb]# openssl x509 -outform DER -in KEK.crt -out KEK.cer -[root@archiso ~/sb]# cert-to-efi-sig-list -g "$(< GUID.txt)" KEK.crt KEK.esl -[root@archiso ~/sb]# sign-efi-sig-list -g "$(< GUID.txt)" -k PK.key -c PK.crt KEK KEK.esl KEK.auth +\begin{minted}{fish} +root in ~/sb +> openssl req -newkey rsa:4096 -nodes -keyout KEK.key -new -x509 -sha256 -subj "/CN=Key Exchange Key for DustArch/" -out KEK.crt + +root in ~/sb +> openssl x509 -outform DER -in KEK.crt -out KEK.cer + +root in ~/sb +> cert-to-efi-sig-list -g "$(< GUID.txt)" KEK.crt KEK.esl + +root in ~/sb +> sign-efi-sig-list -g "$(< GUID.txt)" -k PK.key -c PK.crt KEK KEK.esl KEK.auth \end{minted} -\paragraph{\texttt{DB}} + +\paragraph{\texttt{DB}}% \label{par:db} And finally the \texttt{DB} (Signature Database) key. -\begin{minted}{console} -[root@archiso ~/sb]# openssl req -newkey rsa:4096 -nodes -keyout db.key -new -x509 -sha256 -subj "/CN=Signature Database key for DustArch" -out db.crt -[root@archiso ~/sb]# openssl x509 -outform DER -in db.crt -out db.cer -[root@archiso ~/sb]# cert-to-efi-sig-list -g "$(< GUID.txt)" db.crt db.esl -[root@archiso ~/sb]# sign-efi-sig-list -g "$(< GUID.txt)" -k KEK.key -c KEK.crt db db.esl db.auth +\begin{minted}{fish} +root in ~/sb +> openssl req -newkey rsa:4096 -nodes -keyout db.key -new -x509 -sha256 -subj "/CN=Signature Database key for DustArch" -out db.crt + +root in ~/sb +> openssl x509 -outform DER -in db.crt -out db.cer + +root in ~/sb +> cert-to-efi-sig-list -g "$(< GUID.txt)" db.crt db.esl + +root in ~/sb +> sign-efi-sig-list -g "$(< GUID.txt)" -k KEK.key -c KEK.crt db db.esl db.auth \end{minted} -\subsubsection{Windows stuff} + +\subsubsection{Windows stuff}% \label{sec:windows-stuff} As your plan is to be able to control, which things do boot on your system and which don’t, you’re going through all this hassle to create and enroll custom keys, so only \texttt{EFI} binaries signed with said keys can be executed. @@ -1111,25 +1228,33 @@ Well the procedure is actually pretty straight forward. You just grab Microsoft’s certificates, convert them into a usable format, sign them and enroll them. No need to sign the Windows boot loader. -\begin{minted}{console} -[root@archiso ~/sb]# curl -fLo WinCert.crt https://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt -[root@archiso ~/sb]# openssl x509 -inform DER -outform PEM -in MicWinCert.crt -out MicWinCert.pem -[root@archiso ~/sb]# cert-to-efi-sig-list -g 77fa9abd-0359-4d32-bd60-28f4e78f784b MicWinCert.pem MS_db.esl -[root@archiso ~/sb]# sign-efi-sig-list -a -g 77fa9abd-0359-4d32-bd60-28f4e78f784b -k KEK.key -c KEK.crt db MS_db.esl add_MS_db.auth +\begin{minted}{fish} +root in ~/sb +> curl -fLo WinCert.crt https://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt + +root in ~/sb +> openssl x509 -inform DER -outform PEM -in MicWinCert.crt -out MicWinCert.pem + +root in ~/sb +> cert-to-efi-sig-list -g 77fa9abd-0359-4d32-bd60-28f4e78f784b MicWinCert.pem MS_db.esl + +root in ~/sb +> sign-efi-sig-list -a -g 77fa9abd-0359-4d32-bd60-28f4e78f784b -k KEK.key -c KEK.crt db MS_db.esl add_MS_db.auth \end{minted} -\subsubsection{Move the kernel \& keys} + +\subsubsection{Move the kernel \& keys}% \label{sec:move-the-kernel-and-keys} In order to ensure a smooth operation, with actual security, we need to move some stuff around. -\paragraph{Kernel, \texttt{initramfs}, microcode} +\paragraph{Kernel, \texttt{initramfs}, microcode}% \label{par:kernel-initramfs-microcode} \texttt{pacman} will put its unsigned and unencrypted kernel, \texttt{initramfs} and microcode images into \mintinline{text}{/boot}, which is, why it will be no longer a good idea, to leave your EFI System partition mounted there. Instead we will create a new mountpoint under \mintinline{text}{/efi} and modify our \texttt{fstab} accordingly. -\paragraph{Keys} +\paragraph{Keys}% \label{par:keys} As you probably want to automate signing sooner or later and only use the ultimately necessary keys for this process, as well as store the other more important keys somewhere more safe and secure than your \texttt{root} home directory, we will move the necessary keys. @@ -1137,13 +1262,13 @@ As you probably want to automate signing sooner or later and only use the ultima I personally like to create a \mintinline{text}{/etc/efi-keys} directory, \texttt{chmod}ded to \texttt{700} and place my \mintinline{text}{db.crt} and \mintinline{text}{db.key} there. All the keys will get packed into a \texttt{tar} archive and encrypted with a strong symmetric pass phrase and stored somewhere secure and safe. -\subsubsection{Signing} +\subsubsection{Signing}% \label{sec:signing} Signing is the process of, well, signing your \texttt{EFI} binaries, in order for them to be allowed to be executed, by the motherboard firmware. At the end of the day, that’s why you’re doing all this, to prevent an attack by launching unknown code. -\paragraph{Manual signing} +\paragraph{Manual signing}% \label{par:manual-signing} Of course, you can sign images yourself manually. @@ -1152,23 +1277,24 @@ In my case, I used this, to sign the boot loader, kernel and \texttt{initramfs} \begin{NOTE} As always, manual signing also comes with its caveats! - If I update my kernel, boot loader, or create an updated \texttt{initramfs} on my Arch Linux USB installation, I have to sign those files again, in order to be able to boot it on my PC. + If I update my kernel, boot loader, or create an updated \texttt{initramfs} on my Arch Linux USB installation, I have to sign those files again, in order to be able to boot it on my PC.\@ Of course you can always script and automate stuff, but if you want something more easy for day to day use, I really recommend that you try out \texttt{sbupdate}, which I will explain in the next paragraph \nameref{par:sbupdate}. \end{NOTE} For example, if I want to sign the kernel image of my USB installation, where I mounted the boot partition to \mintinline{text}{/mnt/dustarchusb/boot}, I would have to do the following -\begin{minted}{console} -[root@archiso ~/sb]# sbsign --key /etc/efi-keys/db.key --cert /etc/efi-keys/db.crt --output /boot/vmlinuz-linux /boot/vmlinuz-linux +\begin{minted}{fish} +root in ~/sb +> sbsign --key /etc/efi-keys/db.key --cert /etc/efi-keys/db.crt --output /boot/vmlinuz-linux /boot/vmlinuz-linux \end{minted} -\paragraph{\texttt{sbupdate}} +\paragraph{\texttt{sbupdate}}% \label{par:sbupdate} -\begin{packagetable} +\begin{pkgtable} \texttt{AUR} & \texttt{sbupdate-git} \\ -\end{packagetable} +\end{pkgtable} Of course, if you’re using Secure Boot productively, you would want something more practical than manual signing, especially since you need to sign @@ -1216,36 +1342,39 @@ After you’ve successfully configured \texttt{sbupdate}, you can run it as root In that case you will have to run \texttt{sbupdate} manually. \end{NOTE} -\subsubsection{Add \texttt{EFI} entries} +\subsubsection{Add \texttt{EFI} entries}% \label{sec:add-efi-entries} -\begin{packagetable} +\begin{pkgtable} \texttt{core} & \texttt{efibootmgr} \\ -\end{packagetable} +\end{pkgtable} Now the only thing left to do, if you want to stay boot loader free anyways, is to add the signed images to the boot list of your \texttt{NVRAM}. You can do this with \texttt{efibootmgr}. -\begin{minted}{console} -[root@archiso ~/sb]# efibootmgr -c -d /dev/nvme0n1 -p 1 -L "Arch Linux fallback" -l "EFI\Arch\linux-fallback-signed.efi -[root@archiso ~/sb]# efibootmgr -c -d /dev/nvme0n1 -p 1 -L "Arch Linux" -l "EFI\Arch\linux-signed.efi +\begin{minted}{fish} +root in ~/sb +> efibootmgr -c -d /dev/nvme0n1 -p 1 -L "Arch Linux fallback" -l "EFI\Arch\linux-fallback-signed.efi + +root in ~/sb +> efibootmgr -c -d /dev/nvme0n1 -p 1 -L "Arch Linux" -l "EFI\Arch\linux-signed.efi \end{minted} Of course you can extend this list, with whichever entries you need. -\subsubsection{Enrolling everything} +\subsubsection{Enrolling everything}% \label{sec:enrolling-everything} First off, copy all \mintinline{text}{.cer}, \mintinline{text}{.esl} and \mintinline{text}{.auth} files to a \texttt{FAT} formatted filesystem. I’m using my EFI System partition for this. -After that reboot into the firmware setup of your motherboard, clear the existing Platform Key, to set the firmware into "Setup Mode" and enroll the \texttt{db}, \texttt{KEK} and \texttt{PK} certificates in sequence. +After that reboot into the firmware setup of your motherboard, clear the existing Platform Key, to set the firmware into ``Setup Mode'' and enroll the \texttt{db}, \texttt{KEK} and \texttt{PK} certificates in sequence. \begin{NOTE} - Enroll the Platform Key last, as it sets most firmware’s Secure Boot sections back into "User mode", exiting "Setup Mode". + Enroll the Platform Key last, as it sets most firmware’s Secure Boot sections back into ``User mode'', exiting ``Setup Mode''. \end{NOTE} -\chapter{Inside the \texttt{DustArch}} +\chapter{Inside the \texttt{DustArch}}% \label{sec:inside-the-dustarch} This section helps at setting up the customized system from within an installed system. @@ -1261,33 +1390,36 @@ This section mainly provides aid with the basic set up tasks, like networking, d As I mentioned, this is only a guide and not the answer to everything. \end{NOTE} -\section{Someone there?} +\section{Someone there?}% \label{sec:someone-there} First we have to check if the network interfaces are set up properly. To view the network interfaces with all their properties, we can issue -\begin{minted}{text} -DustArch% ip link +\begin{minted}{fish} +dustvoice in ~ +> ip link \end{minted} To make sure that you have a working \emph{Internet} connection, issue -\begin{minted}{text} -DustArch% ping archlinux.org +\begin{minted}{fish} +dustvoice in ~ +> ping archlinux.org \end{minted} Everything should run smoothly if you have a wired connection. If there is no connection and you’re indeed using a wired connection, try restarting the \texttt{NetworkManager} service -\begin{minted}{text} -DustArch% sudo systemctl restart NetworkManager.service +\begin{minted}{fish} +dustvoice in ~ +> sudo systemctl restart NetworkManager.service \end{minted} \noindent -and then try \mintinline{console}{$ ping}ing again. +and then try \mintinline{fish}{> ping}ing again. If you're trying to utilize a Wi-Fi connection, use \texttt{nmcli}, the NetworkManager's command line tool, or \texttt{nmtui}, the NetworkManager terminal user interface, to connect to a Wi-Fi network. @@ -1297,54 +1429,61 @@ If you're trying to utilize a Wi-Fi connection, use \texttt{nmcli}, the NetworkM First make sure, the scanning of nearby Wi-Fi networks is enabled for your Wi-Fi device -\begin{minted}{text} -DustArch% nmcli radio +\begin{minted}{fish} +dustvoice in ~ +> nmcli radio \end{minted} \noindent and if not, enable it -\begin{minted}{text} -DustArch% nmcli radio wifi on +\begin{minted}{fish} +dustvoice in ~ +> nmcli radio wifi on \end{minted} Now make sure your Wi-Fi interface appears under -\begin{minted}{text} -DustArch% nmcli device +\begin{minted}{fish} +dustvoice in ~ +> nmcli device \end{minted} Rescan for available networks -\begin{minted}{text} -DustArch% nmcli device wifi rescan +\begin{minted}{fish} +dustvoice in ~ +> nmcli device wifi rescan \end{minted} \noindent and list all found networks -\begin{minted}{text} -DustArch% nmcli device wifi list +\begin{minted}{fish} +dustvoice in ~ +> nmcli device wifi list \end{minted} After that connect to the network -\begin{minted}{text} -DustArch% nmcli device wifi connect --ask +\begin{minted}{fish} +dustvoice in ~ +> nmcli device wifi connect --ask \end{minted} -Now try \mintinline{console}{$ ping}ing again. +Now try \mintinline{fish}{> ping}ing again. -\section{Update and upgrade} +\section{Update and upgrade}% \label{sec:update-and-upgrade} After making sure that you have a working Internet connection, you can then proceed to update and upgrade all installed packages by issuing -\begin{minted}{text} -DustArch% sudo pacman -Syu +\begin{minted}{fish} +dustvoice in ~ +> sudo pacman -Syu \end{minted} -\section{Enabling the \texttt{multilib} repository} +\section{Enabling the \texttt{multilib} repository}% \label{sec:enabling-the-multilib-repository} In order to make 32-bit packages available to \texttt{pacman}, we’ll need to enable the \texttt{multilib} repository in \mintinline{text}{/etc/pacman.conf} first. @@ -1362,11 +1501,12 @@ Include = /etc/pacman.d/mirrorlist \noindent and update \texttt{pacman}'s package repositories afterwards -\begin{minted}{text} -DustArch% sudo pacman -Syu +\begin{minted}{fish} +dustvoice in ~ +> sudo pacman -Syu \end{minted} -\section{\texttt{zsh} for president} +\section{\texttt{zsh} for president}% \label{sec:zsh-for-president} Of course you can use any shell you want. @@ -1378,52 +1518,57 @@ In my case I’ll be using the \texttt{zsh} shell. We already set the correct shell for the \texttt{dustvoice} user in the \nameref{sec:create-a-personal-user} step, but I want to use \texttt{zsh} for the \texttt{root} user too, so I’ll have to change \texttt{root}'s default shell to it. -\begin{minted}{text} -DustArch% sudo chsh -s /usr/bin/zsh root +\begin{minted}{fish} +dustvoice in ~ +> sudo chsh -s /usr/bin/zsh root \end{minted} Don’t worry about the looks by the way, we’re gonna change all that in just a second. -\section{\texttt{git}} +\section{\texttt{git}}% \label{sec:git} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{git} \\ -\end{packagetable} +\end{pkgtable} Install the package and you’re good to go for now, as we’ll care about the \mintinline{text}{.gitconfig} in just a second. -\section{Security is important} +\section{Security is important}% \label{sec:security-is-important} -\begin{packagetable} +\begin{pkgtable} \texttt{core} & \texttt{gnupg} \\ -\end{packagetable} +\end{pkgtable} If you’ve followed the tutorial using a recent version of the archiso, you’ll probably already have the most recent version of \texttt{gnupg} installed by default. -\subsection{Smartcard shenanigans} +\subsection{Smartcard shenanigans}% \label{sec:smartcard-shenanigans} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{libusb-compat} \\ \texttt{community} & \texttt{ccid opensc pcsclite} \\ -\end{packagetable} +\end{pkgtable} After that you’ll still have to setup \texttt{gnupg} correctly. In my case I have my private keys stored on a smartcard. To use it, I’ll have to install the listed packages and then enable and start the \mintinline{text}{pcscd.service} service -\begin{minted}{text} -DustArch% sudo systemctl enable pcscd.service -DustArch% sudo systemctl start pcscd.service +\begin{minted}{fish} +dustvoice in ~ +> sudo systemctl enable pcscd.service + +dustvoice in ~ +> sudo systemctl start pcscd.service \end{minted} After that, you should be able to see your smartcard being detected -\begin{minted}{text} -DustArch% gpg --card-status +\begin{minted}{fish} +dustvoice in ~ +> gpg --card-status \end{minted} \begin{NOTE} @@ -1431,20 +1576,20 @@ DustArch% gpg --card-status \end{NOTE} -\section{Additional required tools} +\section{Additional required tools}% \label{sec:additional-required-tools} -\begin{packagetable} - \texttt{core} & \texttt{make openssh} \\ - \texttt{extra} & \texttt{clang cmake jdk-openjdk python} \\ - \texttt{community} & \texttt{pass python-pynvim} \\ -\end{packagetable} +\begin{pkgtable} + core & make openssh \\ + extra & clang cmake jdk-openjdk python \\ + community & pass python-pynvim \\ +\end{pkgtable} To minimize the effort required by the following steps, we’ll install most of the required packages beforehand This will ensure, we proceed through the following section without the need for interruption, because a package needs to be installed, so the following content can be condensed to the relevant informations. -\section{Setting up a \texttt{home} environment} +\section{Setting up a \texttt{home} environment}% \label{sec:setting-up-a-home-environment} In this step we’re going to setup a home environment for both the \texttt{root} and my personal \texttt{dustvoice} user. @@ -1457,7 +1602,7 @@ In this step we’re going to setup a home environment for both the \texttt{root Note that this comes with some drawbacks. For example, if I change a configuration for my \texttt{dustvoice} user, I would have to regularly update it for the \texttt{root} user too. This bears the problem, that I have to register my smartcard for the root user. - This in turn is problematic, cause the \texttt{gpg-agent} used for \texttt{ssh} authentication, doesn’t behave well when used within a \mintinline{console}{$ su} or \mintinline{console}{$ sudo -i} session. + This in turn is problematic, cause the \texttt{gpg-agent} used for \texttt{ssh} authentication, doesn’t behave well when used within a \mintinline{fish}{> su} or \mintinline{fish}{> sudo -i} session. So in order to update \texttt{root}'s config files I would either need to symlink everything, which I won’t do, or I’ll need to login as the \texttt{root} user now and then, to update everything. \end{NOTE} @@ -1467,7 +1612,7 @@ In this step we’re going to setup a home environment for both the \texttt{root This means I will have to reside to using the \texttt{https} URL of the repository first and later changing the URL either in the corresponding \mintinline{text}{.git/config} file, or by issuing the appropriate command. \end{NOTE} -\subsection{Use \texttt{dotfiles} for a base config} +\subsection{Use \texttt{dotfiles} for a base config}% \label{sec:use-dotfiles-for-a-base-config} To provide myself with a base configuration, which I can then extend, I have created a \texttt{dotfiles} repository, which contains all kinds of configurations. @@ -1477,17 +1622,26 @@ By using a curated \mintinline{text}{.gitignore} file, I’m able to only includ To achieve this very specific setup, I have to turn my home directory into said \texttt{dotfiles} repository first -\begin{minted}{text} -DustArch% git init -DustArch% git remote add origin https://git.dustvoice.de/DustVoice/dotfiles.git -DustArch% git fetch -DustArch% git reset origin/master --hard -DustArch% git branch --set-upstream-to=origin/master master +\begin{minted}{fish} +dustvoice in ~ +> git init + +dustvoice in ~ +> git remote add origin https://git.dustvoice.de/DustVoice/dotfiles.git + +dustvoice in ~ +> git fetch + +dustvoice in ~ +> git reset origin/master --hard + +dustvoice in ~ +> git branch --set-upstream-to=origin/master master \end{minted} Now I can issue any \texttt{git} command in my \mintinline{text}{~} directory, because it now is a \texttt{git} repository. -\subsection{Set up \texttt{gpg}} +\subsection{Set up \texttt{gpg}}% \label{sec:set-up-gpg} As I wanted to keep my \texttt{dotfiles} repository as modular as possible, I utilize \texttt{git}'s \texttt{submodule} feature. @@ -1496,43 +1650,49 @@ I am also using the \texttt{Pass} repository on my Android phone and Windows PC, Before we’ll be able to update the \texttt{submodule}s (\texttt{nvim} config files and \texttt{pass}word-store) though, we will have to setup our \texttt{gpg} key as an \texttt{ssh} key, as I use it to authenticate -\begin{minted}{console} -dustvoice@DustArch ~ -$ chmod 700 .gnupg -dustvoice@DustArch ~ -$ gpg --card-status -dustvoice@DustArch ~ -$ gpg --card-edit +\begin{minted}{fish} +dustvoice in ~ +> chmod 700 .gnupg + +dustvoice in ~ +> gpg --card-status + +dustvoice in ~ +> gpg --card-edit \end{minted} -\begin{minted}{console} + +\begin{minted}{fish} (insert) gpg/card> fetch (insert) gpg/card> q \end{minted} -\begin{minted}{console} -dustvoice@DustArch ~ -$ gpg-connect-agent updatestartuptty /bye +\begin{minted}{fish} +dustvoice in ~ +> gpg-connect-agent updatestartuptty /bye \end{minted} + \begin{NOTE} - You would have to adapt the \texttt{keygrip} present in the \mintinline{text}{~/.gnupg/sshcontrol} file to your specific \texttt{keygrip}, retrieved with \mintinline{console}{$ gpg -K --with-keygrip}. + You would have to adapt the \texttt{keygrip} present in the \mintinline{text}{~/.gnupg/sshcontrol} file to your specific \texttt{keygrip}, retrieved with \mintinline{fish}{> gpg -K --with-keygrip}. \end{NOTE} Now, as mentioned before, I’ll switch to using \texttt{ssh} for authentication, rather than \texttt{https} -\begin{minted}{console} -dustvoice@DustArch ~ -$ git remote set-url origin git@git.dustvoice.de:DustVoice/dotfiles.git +\begin{minted}{fish} +dustvoice in ~ +> git remote set-url origin git@git.dustvoice.de:DustVoice/dotfiles.git \end{minted} + As the best method to both make \texttt{zsh} recognize all the configuration changes, as well as the \texttt{gpg-agent} behave properly, is to re-login, we’ll do just that -\begin{minted}{console} -dustvoice@DustArch ~ -$ exit +\begin{minted}{fish} +dustvoice in ~ +> exit \end{minted} + \begin{WARNING} It is very important to note, that I mean \emph{a real re-login}. @@ -1540,37 +1700,48 @@ $ exit You’ll probably need to restart the machine completely. \end{WARNING} -\subsection{Finalize the \texttt{dotfiles}} +\subsection{Finalize the \texttt{dotfiles}}% \label{sec:finalize-the-dotfiles} Now log back in and continue -\begin{minted}{console} -dustvoice@DustArch ~ -$ git submodule update --recursive --init -dustvoice@DustArch ~ -$ source .zshrc -dustvoice@DustArch ~ -$ cd .config/nvim -dustvoice@DustArch ~/.config/nvim -$ echo 'let g:platform = "linux"' >> platform.vim -dustvoice@DustArch ~/.config/nvim -$ echo 'let g:use_autocomplete = 3' >> custom.vim -dustvoice@DustArch ~/.config/nvim -$ echo 'let g:use_clang_format = 1' >> custom.vim -dustvoice@DustArch ~/.config/nvim -$ echo 'let g:use_font = 0' >> custom.vim -dustvoice@DustArch ~/.config/nvim -$ nvim --headless +PlugInstall +qa -dustvoice@DustArch ~/.config/nvim -$ cd plugged/YouCompleteMe -dustvoice@DustArch ~/.config/nvim/plugged/YouCompleteMe -$ python3 install.py --clang-completer --java-completer -dustvoice@DustArch ~/.config/nvim/plugged/YouCompleteMe -$ cd ~ +\begin{minted}{fish} +dustvoice in ~ +> git submodule update --recursive --init + +dustvoice in ~ +> source .zshrc + +dustvoice in ~ +> cd .config/nvim + +dustvoice in ~/.config/nvim +> echo 'let g:platform = "linux"' >> platform.vim + +dustvoice in ~/.config/nvim +> echo 'let g:use_autocomplete = 3' >> custom.vim + +dustvoice in ~/.config/nvim +> echo 'let g:use_clang_format = 1' >> custom.vim + +dustvoice in ~/.config/nvim +> echo 'let g:use_font = 0' >> custom.vim + +dustvoice in ~/.config/nvim +> nvim --headless +PlugInstall +qa + +dustvoice in ~/.config/nvim +> cd plugged/YouCompleteMe + +dustvoice in ~/.config/nvim/plugged/YouCompleteMe +> python3 install.py --clang-completer --java-completer + +dustvoice in ~/.config/nvim/plugged/YouCompleteMe +> cd ~ \end{minted} -\subsection{\texttt{gpg-agent} forwarding} + +\subsection{\texttt{gpg-agent} forwarding}% \label{sec:gpg-agent-forwarding} Now there is only one thing left to do, in order to make the \texttt{gpg} setup complete: \texttt{gpg-agent} forwarding over \texttt{ssh}. @@ -1596,10 +1767,11 @@ Host To get the paths needed as parameters for \texttt{RemoteForward}, issue - \begin{minted}{console} -dustvoice@DustArch ~ -$ gpgconf --list-dirs + \begin{minted}{fish} +dustvoice in ~ +> gpgconf --list-dirs \end{minted} + \end{NOTE} \begin{example} @@ -1615,11 +1787,12 @@ Host archserver RemoteForward /run/user/1000/gnupg/S.gpg-agent.ssh /run/user/1000/gnupg/S.gpg-agent.ssh \end{minted} + \caption{\mintinline{text}{~/.ssh/config}} \end{mintedlisting} \end{example} -Now you’ll still need to enable some settings on the remote machine(s). +Now you’ll still need to enable some settings on the remote machines. \begin{mintedlisting} \begin{minted}{text} @@ -1631,46 +1804,48 @@ X11Forwarding yes \caption{\mintinline{text}{/etc/ssh/sshd\_config}} \end{mintedlisting} -Now just restart your remote machine(s) and you’re ready to go. +Now just restart your remote machines and you’re ready to go. \begin{NOTE} If you use \texttt{alacritty}, to connect to your remote machine over \texttt{ssh}, you will need to install the \texttt{alacritty} on the remote machine too, as \texttt{alacritty} uses its own \texttt{\$TERM}. Another option would be changing that variable for the \texttt{ssh} command - \begin{minted}{console} -dustvoice@DustArch ~ -$ TERM=xterm-256colors ssh remote-machine + \begin{minted}{fish} +dustvoice in ~ +> TERM=xterm-256colors ssh remote-machine \end{minted} + \end{NOTE} -\subsection{Back to your \texttt{root}s} +\subsection{Back to your \texttt{root}s}% \label{sec:back-to-your-roots} As mentioned before, you would now switch to the \texttt{root} user, either by logging in as \texttt{root}, or by using -\begin{minted}{console} -dustvoice@DustArch ~ -$ sudo -iu root +\begin{minted}{fish} +dustvoice in ~ +> sudo -iu root \end{minted} + Now go back to \nameref{sec:setting-up-a-home-environment} to repeat all commands for the \texttt{root} user. \begin{WARNING} - A native login would be better compared to \mintinline{console}{$ sudo -iu root}, as there could be some complications, like already running \texttt{gpg-agent} instances, etc., which you would need to manually resolve, when using \mintinline{console}{$ sudo -iu root}. + A native login would be better compared to \mintinline{fish}{> sudo -iu root}, as there could be some complications, like already running \texttt{gpg-agent} instances, etc., which you would need to manually resolve, when using \mintinline{fish}{> sudo -iu root}. \end{WARNING} -\section{Audio} +\section{Audio}% \label{sec:audio} -Well, why wouldn’t you want audio... +Well, why wouldn’t you want audio \ldots -\subsection{\texttt{alsa}} +\subsection{\texttt{alsa}}% \label{sec:alsa} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{alsa-utils} \\ -\end{packagetable} +\end{pkgtable} \begin{NOTE} You’re probably better off using \texttt{pulseaudio} and/or \texttt{jack}. @@ -1678,11 +1853,12 @@ Well, why wouldn’t you want audio... Now choose the sound card you want to use -\begin{minted}{console} -dustvoice@DustArch ~ -$ cat /proc/asound/cards +\begin{minted}{fish} +dustvoice in ~ +> cat /proc/asound/cards \end{minted} + \noindent and then create \mintinline{text}{/etc/asound.conf} @@ -1699,13 +1875,13 @@ defaults.ctl.card 2 It should be apparent, that you would have to switch out \texttt{2} with the number corresponding to the sound card you want to use. \end{NOTE} -\subsection{\texttt{pulseaudio}} +\subsection{\texttt{pulseaudio}}% \label{sec:pulseaudio} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{pavucontrol pulseaudio} \\ \texttt{community} & \texttt{pulsemixer} \\ -\end{packagetable} +\end{pkgtable} Some applications require \texttt{pulseaudio}, or work better with it, for example \texttt{discord}, so it might make sense to use \texttt{pulseaudio} @@ -1736,138 +1912,146 @@ resample-method = speex-float-10 Of course a restart of the \texttt{pulseaudio} daemon is necessary to reflect the changes you just made -\begin{minted}{console} -dustvoice@DustArch ~ -$ pulseaudio --kill -dustvoice@DustArch ~ -$ pulseaudio --start +\begin{minted}{fish} +dustvoice in ~ +> pulseaudio --kill + +dustvoice in ~ +> pulseaudio --start \end{minted} -\subsection{\texttt{jack}} + +\subsection{\texttt{jack}}% \label{sec:jack} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{pulseaudio-jack} \\ \texttt{community} & \texttt{cadence jack2} \\ -\end{packagetable} +\end{pkgtable} If you either want to manually control audio routing, or if you use some kind of audio application like \texttt{ardour}, you’ll probably want to use \texttt{jack} and \texttt{cadence} as a GUI to control it, as it has native support for bridging \texttt{pulseaudio} to \texttt{jack}. -\subsection{Audio handling} +\subsection{Audio handling}% \label{sec:audio-handling} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{libao libid3tag libmad libpulse opus wavpack} \\ \texttt{community} & \texttt{sox twolame} \\ -\end{packagetable} +\end{pkgtable} To also play audio, we need to install the mentioned packages and then simply do -\begin{minted}{console} -dustvoice@DustArch ~ -$ play audio.wav -dustvoice@DustArch ~ -$ play audio.mp3 +\begin{minted}{fish} +dustvoice in ~ +> play audio.wav + +dustvoice in ~ +> play audio.mp3 \end{minted} + \noindent to play audio. -\section{Bluetooth} +\section{Bluetooth}% \label{sec:bluetooth} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{bluez bluez-utils pulseaudio-bluetooth} \\ \texttt{community} & \texttt{blueman} \\ -\end{packagetable} +\end{pkgtable} To set up Bluetooth, we need to install the \texttt{bluez} and \texttt{bluez-utils} packages in order to have at least a command line utility \texttt{bluetoothctl} to configure connections Now we need to check if the \texttt{btusb} kernel module was already loaded -\begin{minted}{console} -dustvoice@DustArch ~ -$ sudo lsmod | grep btusb +\begin{minted}{fish} +dustvoice in ~ +> sudo lsmod | grep btusb \end{minted} + After that we can enable and start the \mintinline{text}{bluetooth.service} service -\begin{minted}{console} -dustvoice@DustArch ~ -$ sudo systemctl enable bluetooth.service -dustvoice@DustArch ~ -$ sudo systemctl start bluetooth.service +\begin{minted}{fish} +dustvoice in ~ +> sudo systemctl enable bluetooth.service + +dustvoice in ~ +> sudo systemctl start bluetooth.service \end{minted} + \begin{NOTE} To use \texttt{bluetoothctl} and get access to the Bluetooth device of your PC, your user needs to be a member of the \texttt{lp} group. \end{NOTE} Now simply enter \texttt{bluetoothctl} -\begin{minted}{console} -dustvoice@DustArch ~ -$ bluetoothctl +\begin{minted}{fish} +dustvoice in ~ +> bluetoothctl \end{minted} + In most cases your Bluetooth interface will be preselected and defaulted, but in some cases, you might need to first select the Bluetooth controller -\begin{minted}{console} +\begin{minted}{fish} (insert) [DustVoice]# list (insert) [DustVoice]# select \end{minted} After that, power on the controller -\begin{minted}{console} +\begin{minted}{fish} (insert) [DustVoice]# power on \end{minted} Now enter device discovery mode -\begin{minted}{console} +\begin{minted}{fish} (insert) [DustVoice]# scan on \end{minted} \noindent and list found devices -\begin{minted}{console} +\begin{minted}{fish} (insert) [DustVoice]# devices \end{minted} \begin{NOTE} You can turn device discovery mode off again, after your desired device has been found - \begin{minted}{console} + \begin{minted}{fish} (insert) [DustVoice]# scan off \end{minted} \end{NOTE} Now turn on the agent -\begin{minted}{console} +\begin{minted}{fish} (insert) [DustVoice]# agent on \end{minted} \noindent and pair with your device -\begin{minted}{console} +\begin{minted}{fish} (insert) [DustVoice]# pair \end{minted} \begin{NOTE} If your device doesn’t support PIN verification you might need to manually trust the device - \begin{minted}{console} + \begin{minted}{fish} (insert) [DustVoice]# trust \end{minted} \end{NOTE} Finally connect to your device -\begin{minted}{console} +\begin{minted}{fish} (insert) [DustVoice]# connect \end{minted} @@ -1888,24 +2072,26 @@ load-module module-bluetooth-discover \noindent and restart \texttt{pulseaudio} - \begin{minted}{console} -dustvoice@DustArch ~ -$ pulseaudo --kill -dustvoice@DustArch ~ -$ pulseaudo --start + \begin{minted}{fish} +dustvoice in ~ +> pulseaudo --kill + +dustvoice in ~ +> pulseaudo --start \end{minted} + \end{NOTE} If you want a GUI to do all of this, just install \texttt{blueman} and launch \texttt{blueman-manager} -\section{Graphical desktop environment} +\section{Graphical desktop environment}% \label{sec:graphical-desktop-environment} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{ttf-hack xclip xorg xorg-drivers xorg-xinit} \\ \texttt{community} & \texttt{arandr alacritty bspwm dmenu sxhkd} \\ \texttt{AUR} & \texttt{polybar} \\ -\end{packagetable} +\end{pkgtable} If you decide, that you want to use a graphical desktop environment, you have to install additional packages in order for that to work. @@ -1915,65 +2101,69 @@ If you decide, that you want to use a graphical desktop environment, you have to It is not required though. \end{NOTE} -\subsection{NVIDIA} +\subsection{NVIDIA}% \label{sec:nvidia} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{nvidia nvidia-utils nvidia-settings opencl-nvidia} \\ -\end{packagetable} +\end{pkgtable} If you also want to utilize special NVIDIA functionality, for example for \texttt{davinci-resolve}, you’ll most likely need to install their proprietary driver. To configure the \texttt{X} server correctly, one can use \texttt{nvidia-xconfig} -\begin{minted}{console} -dustvoice@DustArch ~ -$ sudo nvidia-xconfig +\begin{minted}{fish} +dustvoice in ~ +> sudo nvidia-xconfig \end{minted} + If you want to further tweak all settings available, you can use \texttt{nvidia-settings}. -\begin{minted}{console} -dustvoice@DustArch ~ -$ sudo nvidia-settings +\begin{minted}{fish} +dustvoice in ~ +> sudo nvidia-settings \end{minted} + \noindent -will enable you to \emph{"Save to X Configuration File"}, witch merges your changes with \mintinline{text}{/etc/X11/xorg.conf}. +will enable you to \emph{``Save to X Configuration File''}, witch merges your changes with \mintinline{text}{/etc/X11/xorg.conf}. With -\begin{minted}{console} -dustvoice@DustArch ~ -$ nvidia-settings +\begin{minted}{fish} +dustvoice in ~ +> nvidia-settings \end{minted} + \noindent you’ll only be able to save the current configuration to \mintinline{text}{~/.nvidia-settings-rc}, witch you have to source after \texttt{X} startup with -\begin{minted}{console} -dustvoice@DustArch ~ -$ nvidia-settings --load-config-only +\begin{minted}{fish} +dustvoice in ~ +> nvidia-settings --load-config-only \end{minted} + \begin{NOTE} You will have to reboot sooner or later after installing the NVIDIA drivers, so you might as well do it now, before any complications come up. \end{NOTE} -\subsection{Launching the graphical environment} +\subsection{Launching the graphical environment}% \label{sec:launching-the-graphical-environment} After that you can now do \texttt{startx} in order to launch the graphical environment. If anything goes wrong in the process, remember that you can press \mintinline{text}{Ctrl+Alt+} to switch \texttt{tty}s. -\subsubsection{The NVIDIA way} +\subsubsection{The NVIDIA way}% \label{sec:the-nvidia-way} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{bbswitch} \\ \texttt{AUR} & \texttt{nvidia-xrun} \\ -\end{packagetable} +\end{pkgtable} If you’re using an NVIDIA graphics card, you might want to use \texttt{nvidia-xrun\textsuperscript{\texttt{AUR}}} instead of \texttt{startx}. This has the advantage, of the \texttt{nvidia} kernel modules, as well as the \texttt{nouveau} ones not loaded at boot time, thus saving power. @@ -1984,9 +2174,9 @@ This has the advantage, of the \texttt{nvidia} kernel modules, as well as the \t \end{IMPORTANT} \begin{NOTE} - \begin{packagetable} + \begin{pkgtable} \texttt{AUR} & \texttt{nvidia-xrun-pm} \\ - \end{packagetable} + \end{pkgtable} If your hardware doesn’t support \texttt{bbswitch}, you would need to use \texttt{nvidia-xrun-pm\textsuperscript{\texttt{AUR}}} instead. \end{NOTE} @@ -2013,19 +2203,21 @@ blacklist nouveau With this config in place, -\begin{minted}{console} -dustvoice@DustArch ~ -$ lsmod | grep nvidia +\begin{minted}{fish} +dustvoice in ~ +> lsmod | grep nvidia \end{minted} + \noindent and -\begin{minted}{console} -dustvoice@DustArch ~ -$ lsmod | grep nouveau +\begin{minted}{fish} +dustvoice in ~ +> lsmod | grep nouveau \end{minted} + \noindent should return no output. Else you might have to place some additional entries into the file. @@ -2037,10 +2229,11 @@ Else you might have to place some additional entries into the file. \begin{NOTE} If you installed \texttt{nvidia-xrun-pm} instead of \texttt{nvidia-xrun} and \texttt{bbswitch}, you might want to also enable the \texttt{nvidia-xrun-pm} service - \begin{minted}{console} + \begin{minted}{fish} dustvoice@dustArch ~ $ sudo systemctl enable nvidia-xrun-pm.service \end{minted} + \end{NOTE} \begin{NOTE} @@ -2049,17 +2242,17 @@ $ sudo systemctl enable nvidia-xrun-pm.service Now instead of \texttt{startx}, just run \texttt{nvidia-xrun}, enter your \texttt{sudo} password and you’re good to go. -\section{Additional \texttt{console} software} -\label{sec:additional-console-software} +\section{Additional \texttt{fish} software}% +\label{sec:additional-fish-software} -Software that is useful in combination with a \texttt{console}. +Software that is useful in combination with a \texttt{fish}. -\subsection{\texttt{tmux}} +\subsection{\texttt{tmux}}% \label{sec:tmux} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{tmux} \\ -\end{packagetable} +\end{pkgtable} I would reccommend to install \texttt{tmux} which enables you to have multiple terminal instances (called \texttt{windows} in \texttt{tmux}) open at the same time. This makes working with the linux terminal much easier. @@ -2068,28 +2261,29 @@ This makes working with the linux terminal much easier. To view a list of keybinds, you just need to press \mintinline{text}{Ctrl+b} followed by \texttt{?}. \end{NOTE} -\subsection{Communication} -\label{sec:console-communication} +\subsection{Communication}% +\label{sec:fish-communication} Life is all about communicating. Here are some pieces of software to do exactly that. -\subsubsection{\texttt{weechat}} +\subsubsection{\texttt{weechat}}% \label{sec:weechat} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{weechat} \\ -\end{packagetable} +\end{pkgtable} \texttt{weechat} is an \texttt{IRC} client for the terminal, with the best features and even a \texttt{vim} mode, by using a plugin To configure everything, open \texttt{weechat} -\begin{minted}{console} -dustvoice@DustArch ~ -$ weechat +\begin{minted}{fish} +dustvoice in ~ +> weechat \end{minted} + \noindent and install \texttt{vimode}, as well as configure it @@ -2148,55 +2342,56 @@ and connect to it after that, using the cursor, select the entry you want to modify (for example \mintinline{text}{plugins.var.python.vimode}) and then press \texttt{s} (make sure you’re in \texttt{insert} mode) and \texttt{Return}, in order to modify the existing value. \end{NOTE} -\subsection{PDF viewer} -\label{sec:console-pdf-viewer} +\subsection{PDF viewer}% +\label{sec:fish-pdf-viewer} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{ghostscript} \\ \texttt{community} & \texttt{fbida} \\ -\end{packagetable} +\end{pkgtable} -To use \texttt{asciidoctor-pdf}, you might be wondering how you are supposed to open the generated PDFs from the native linux console. +To use \texttt{asciidoctor-pdf}, you might be wondering how you are supposed to open the generated PDFs from the native linux fish. This \texttt{fbida} package provides the \texttt{fbgs} software, which renders a PDF document using the native framebuffer. To view this PDF document (\mintinline{text}{Documentation.pdf}) for example, you would run -\begin{minted}{console} -dustvoice@DustArch ~ -$ fbgs Documentation.pdf +\begin{minted}{fish} +dustvoice in ~ +> fbgs Documentation.pdf \end{minted} + \begin{NOTE} You can view all the controls by pressing \texttt{h}. \end{NOTE} -\section{Additional \texttt{hybrid} software} +\section{Additional \texttt{hybrid} software}% \label{sec:additional-hybrid-software} -Some additional software providing some kind of \texttt{GUI} to work with, but that can be useful in a \texttt{console} only environment nevertheless. +Some additional software providing some kind of \texttt{GUI} to work with, but that can be useful in a \texttt{fish} only environment nevertheless. -\subsection{\texttt{Pass}word management} +\subsection{\texttt{Pass}word management}% \label{sec:password-management} I’m using \texttt{pass} as my password manager. As we already installed it in the \nameref{sec:additional-required-tools} step and updated the \texttt{submodule} that holds our \mintinline{text}{.password-store}, there is nothing left to do in this step -\subsection{\texttt{python}} +\subsection{\texttt{python}}% \label{sec:python} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{python} \\ -\end{packagetable} +\end{pkgtable} Python has become really important for a magnitude of use cases. -\subsection{\texttt{ruby} \& \texttt{asciidoctor}} +\subsection{\texttt{ruby} \& \texttt{asciidoctor}}% \label{sec:ruby-and-asciidoctor} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{ruby rubygems} \\ -\end{packagetable} +\end{pkgtable} In order to use \texttt{asciidoctor}, we have to install \texttt{ruby} and \texttt{rubygems}. After that we can install \texttt{asciidoctor} and all its required gems. @@ -2209,17 +2404,19 @@ After that we can install \texttt{asciidoctor} and all its required gems. \begin{itemize} \item \texttt{pygments.rb}, which requires python to be installed - \begin{minted}{console} -dustvoice@DustArch ~ -$ gem install pygments.rb + \begin{minted}{fish} +dustvoice in ~ +> gem install pygments.rb \end{minted} + \item \texttt{rouge} which is a native \texttt{ruby} gem - \begin{minted}{console} -dustvoice@DustArch ~ -$ gem install rouge + \begin{minted}{fish} +dustvoice in ~ +> gem install rouge \end{minted} + \end{itemize} \end{NOTE} @@ -2236,6 +2433,7 @@ For \texttt{zsh} you’ll want to add a new entry inside the \mintinline{text}{. path+=("$HOME/.gem/ruby/2.7.0/bin") \end{minted} + \caption{\mintinline{text}{~/.zshpath}} \end{mintedlisting} @@ -2244,26 +2442,28 @@ which then gets sourced by the provided \mintinline{text}{.zshenv} file. An example is provided with the \mintinline{text}{.zshpath.example} file \begin{NOTE} - You might have to re-\mintinline{console}{$ source} the \mintinline{text}{.zshenv} file to make the changes take effect immediately + You might have to re-\mintinline{fish}{> source} the \mintinline{text}{.zshenv} file to make the changes take effect immediately - \begin{minted}{console} -dustvoice@DustArch ~ -$ source .zshenv + \begin{minted}{fish} +dustvoice in ~ +> source .zshenv \end{minted} + \end{NOTE} \begin{NOTE} If you want to add a new entry to the \texttt{path} variable, you have to append it to the array \begin{minted}{text} -path+=("pass:[$HOME/.gem/ruby/2.7.0/bin" "$]HOME/.gem/ruby/2.6.0/bin") +path+=("$HOME/.gem/ruby/2.7.0/bin" "$HOME/.gem/ruby/2.6.0/bin") \end{minted} + \end{NOTE} \begin{NOTE} If you use another shell than \texttt{zsh}, you might have to do something different, to add a directory to your \texttt{PATH}. \end{NOTE} -\subsection{\texttt{JUCE} and \texttt{FRUT}} +\subsection{\texttt{JUCE} and \texttt{FRUT}}% \label{sec:juce-and-frut} \texttt{JUCE} is a library for \texttt{C++} that enables you to develop cross-platform applications with a single codebase. @@ -2278,81 +2478,86 @@ path+=("pass:[$HOME/.gem/ruby/2.7.0/bin" "$]HOME/.gem/ruby/2.6.0/bin") The information in this guide should be updated ASAP, if it is apparent that \texttt{FRUT} has now become obsolete. \end{NOTE} -\begin{minted}{console} -dustvoice@DustArch ~ -$ git clone https://github.com/WeAreROLI/JUCE.git -dustvoice@DustArch ~ -$ cd JUCE -dustvoice@DustArch ~/JUCE -$ git checkout develop -dustvoice@DustArch ~/JUCE -$ cd .. -dustvoice@DustArch ~ -$ git clone https://github.com/McMartin/FRUT.git +\begin{minted}{fish} +dustvoice in ~ +> git clone https://github.com/WeAreROLI/JUCE.git + +dustvoice in ~ +> cd JUCE + +dustvoice in ~/JUCE +> git checkout develop + +dustvoice in ~/JUCE +> cd .. + +dustvoice in ~ +> git clone https://github.com/McMartin/FRUT.git \end{minted} -\subsubsection{Using \texttt{JUCE}} + +\subsubsection{Using \texttt{JUCE}}% \label{sec:using-juce} -\begin{packagetable} +\begin{pkgtable} \texttt{core} & \texttt{gcc gnutls} \\ \texttt{extra} & \texttt{alsa-lib clang freeglut freetype2 ladspa libx11 libxcomposite libxinerama libxrandr mesa webkit2gtk} \\ \texttt{community} & \texttt{jack2 libcurl-gnutls} \\ \texttt{multilib} & \texttt{lib32-freeglut} \\ -\end{packagetable} +\end{pkgtable} In order to use \texttt{JUCE}, you’ll need to have some dependency packages installed, where \texttt{ladspa} and \texttt{lib32-freeglut} are not neccessarily needed. -\subsection{Additional development tools} +\subsection{Additional development tools}% \label{sec:additional-development-tools} Here are just some examples of development tools one could install in addition to what we already have. -\subsubsection{Code formatting} +\subsubsection{Code formatting}% \label{sec:code-formatting} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{astyle} \\ -\end{packagetable} +\end{pkgtable} We already have \texttt{clang-format} as a code formatter, but this only works for \texttt{C}-family languages. For \texttt{java} stuff, we can use \texttt{astyle} -\subsubsection{Documentation} +\subsubsection{Documentation}% \label{sec:documentation} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{doxygen} \\ -\end{packagetable} +\end{pkgtable} To generate a documentation from source code, I mostly use \texttt{doxygen} -\subsubsection{Build tools} +\subsubsection{Build tools}% \label{sec:build-tools} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{ninja} \\ -\end{packagetable} +\end{pkgtable} In addition to \texttt{make}, I’ll often times use \texttt{ninja} for my builds -\subsection{Android file transfer} +\subsection{Android file transfer}% \label{sec:android-file-transfer} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{gvfs-mtp libmtp} \\ -\end{packagetable} +\end{pkgtable} Now you should be able to see your phone inside either your preferred filemanager, in my case \texttt{thunar}, or \texttt{gigolo\textsuperscript{\texttt{AUR}}}. If you want to access the android’s file system from the command line, you will need to either install and use \texttt{simple-mtpfs\textsuperscript{\texttt{AUR}}}, or \texttt{adb} -\subsubsection{\texttt{simple-mtpfs\texorpdfstring{\textsuperscript{AUR}}{ (AUR)}}} +\subsubsection{\texttt{simple-mtpfs\texorpdfstring{\textsuperscript{AUR}}{ (AUR)}}}% \label{sec:simple-mtpfs-aur} -\begin{packagetable} +\begin{pkgtable} \texttt{AUR} & \texttt{simple-mtpfs} \\ -\end{packagetable} +\end{pkgtable} Edit \mintinline{text}{/etc/fuse.conf} to uncomment @@ -2367,102 +2572,113 @@ user_allow_other \noindent and mount the android device -\begin{minted}{console} -dustvoice@DustArch ~ -$ simple-mtpfs -l -dustvoice@DustArch ~ -$ mkdir ~/mnt -dustvoice@DustArch ~ -$ simple-mtpfs --device ~/mnt -allow_other +\begin{minted}{fish} +dustvoice in ~ +> simple-mtpfs -l + +dustvoice in ~ +> mkdir ~/mnt + +dustvoice in ~ +> simple-mtpfs --device ~/mnt -allow_other \end{minted} + \noindent and respectively unmount it -\begin{minted}{console} -dustvoice@DustArch ~ -$ fusermount -u mnt -dustvoice@DustArch ~ -$ rmdir mnt +\begin{minted}{fish} +dustvoice in ~ +> fusermount -u mnt + +dustvoice in ~ +> rmdir mnt \end{minted} -\subsubsection{\texttt{adb}} + +\subsubsection{\texttt{adb}}% \label{sec:adb} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{android-tools} \\ -\end{packagetable} +\end{pkgtable} Kill the \texttt{adb} server, if it is running -\begin{minted}{console} -dustvoice@DustArch ~ -$ adb kill-server +\begin{minted}{fish} +dustvoice in ~ +> adb kill-server \end{minted} + \begin{NOTE} - If the server is currently not running, \mintinline{console}{$ adb [...]} will output an error with a \texttt{Connection refused} message. + If the server is currently not running, \mintinline{fish}{> adb} will output an error with a \texttt{Connection refused} message. \end{NOTE} Now connect your phone, unlock it and start the \texttt{adb} server -\begin{minted}{console} -dustvoice@DustArch ~ -$ adb start-server +\begin{minted}{fish} +dustvoice in ~ +> adb start-server \end{minted} + If the PC is unknown to the android device, it will display a confirmation dialog. Accept it and ensure that the device was recognized -\begin{minted}{console} -dustvoice@DustArch ~ -$ adb devices +\begin{minted}{fish} +dustvoice in ~ +> adb devices \end{minted} + Now you can \texttt{push}/\texttt{pull} files. -\begin{minted}{console} -dustvoice@DustArch ~ -$ adb pull /storage/emulated/0/DCIM/Camera/IMG.jpg . -dustvoice@DustArch ~ -$ adb push IMG.jpg /storage/emulated/0/DCIM/Camera/IMG2.jpg -dustvoice@DustArch ~ -$ adb kill-server +\begin{minted}{fish} +dustvoice in ~ +> adb pull /storage/emulated/0/DCIM/Camera/IMG.jpg . + +dustvoice in ~ +> adb push IMG.jpg /storage/emulated/0/DCIM/Camera/IMG2.jpg + +dustvoice in ~ +> adb kill-server \end{minted} + \begin{NOTE} Of course you would need to have the \emph{developer options} unlocked, as well as the \emph{USB debugging} option enabled within them, for \texttt{adb} to even work. \end{NOTE} -\subsection{Partition management} +\subsection{Partition management}% \label{sec:partition-management} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{gparted parted} \\ -\end{packagetable} +\end{pkgtable} You may also choose to use a graphical partitioning software instead of \texttt{fdisk} or \texttt{cfdisk}. For that you can use \texttt{gparted}. -Of course there is also the \texttt{console} equivalent \texttt{parted}. +Of course there is also the \texttt{fish} equivalent \texttt{parted}. -\subsection{PDF viewer} +\subsection{PDF viewer}% \label{sec:gui-pdf-viewer} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{evince} \\ \texttt{community} & \texttt{zathura zathura-pdf-mupdf} \\ -\end{packagetable} +\end{pkgtable} -To use \texttt{asciidoctor-pdf}, you might be wondering how you are supposed to open the generated PDFs using the GUI. +To use \texttt{asciidoctor-pdf}, you might be wondering how you are supposed to open the generated PDFs using the GUI.\@ -\texttt{zathura} has a minimalistic design and UI with a focus on vim keybinding, whereas \texttt{evince} is a more desktop like experience, with things like a print dialogue, etc. +The software \texttt{zathura} has a minimalistic design and UI with a focus on vim keybinding, whereas \texttt{evince} is a more desktop like experience, with things like a print dialogue, etc. -\subsection{Process management} +\subsection{Process management}% \label{sec:process-management} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{htop xfce4-taskmanager} \\ -\end{packagetable} +\end{pkgtable} The native tool is \texttt{top}. @@ -2470,31 +2686,31 @@ The next evolutionary step would be \texttt{htop}, which is an improved version If you prefer a GUI for that kind of task, use \texttt{xfce4-taskmanager}. -\subsection{Video software} -\label{sec:console-video-software} +\subsection{Video software}% +\label{sec:fish-video-software} Just some additional software related to videos. -\subsubsection{Live streaming a terminal session} +\subsubsection{Live streaming a terminal session}% \label{sec:live-streaming-a-terminal-session} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{tmate} \\ -\end{packagetable} +\end{pkgtable} For this task, you’ll need a program called \texttt{tmate}. -\section{Additional \texttt{GUI} software} +\section{Additional \texttt{GUI} software}% \label{sec:additional-gui-software} As you now have a working graphical desktop environment, you might want to install some software to utilize your newly gained power. -\subsection{Session Lock} +\subsection{Session Lock}% \label{sec:session-lock} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{xsecurelock xss-lock} \\ -\end{packagetable} +\end{pkgtable} Probably the first thing you’ll want to set up is a session locker, which locks your \texttt{X}-session after resuming from sleep, hibernation, etc. It then requires you to input your password again, so no unauthorized user can access you machine. @@ -2504,18 +2720,19 @@ I’ll use \texttt{xss-lock} to hook into the necessary \texttt{systemd} events \begin{IMPORTANT} You need to make sure this command gets executed upon start of the \texttt{X}-session, so hook it into your window manager startup script, or in a file called by your desktop environment - \begin{minted}{console} -dustvoice@DustArch ~ -$ xss-lock -l -- xsecurelock & + \begin{minted}{fish} +dustvoice in ~ +> xss-lock -l -- xsecurelock & \end{minted} + \end{IMPORTANT} -\subsection{\texttt{xfce-polkit\texorpdfstring{\textsuperscript{AUR}}{ (AUR)}}} +\subsection{\texttt{xfce-polkit\texorpdfstring{\textsuperscript{AUR}}{ (AUR)}}}% \label{sec:xfce-polkit-aur} -\begin{packagetable} +\begin{pkgtable} \texttt{AUR} & \texttt{xfce-polkit} \\ -\end{packagetable} +\end{pkgtable} In order for GUI applications to acquire \texttt{sudo} permissions, we need to install a \texttt{PolicyKit} authentication agent. @@ -2525,162 +2742,171 @@ Now you just need to startup \texttt{xfce-polkit\textsuperscript{\texttt{AUR}}} As I already launch it as a part of my \texttt{bspwm} configuration, I won’t have to worry about that. -\subsection{Desktop background} +\subsection{Desktop background}% \label{sec:desktop-background} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{nitrogen} \\ -\end{packagetable} +\end{pkgtable} You might want to consider installing \texttt{nitrogen}, in order to be able to set a background image -\subsection{Compositing software} +\subsection{Compositing software}% \label{sec:compositing-software} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{picom} \\ -\end{packagetable} +\end{pkgtable} -To get buttery smooth animation as well as e.g. smooth video playback in \texttt{brave} without screen tearing, you might want to consider using a compositor, in my case one named \texttt{picom} +To get buttery smooth animation as well as e.g.\ smooth video playback in \texttt{brave} without screen tearing, you might want to consider using a compositor, in my case one named \texttt{picom} \begin{WARNING} In order for \texttt{obs}' screen capture to work correctly, you need to kill \texttt{picom} completely before using \texttt{obs}. - \begin{minted}{console} -dustvoice@DustArch ~ -$ killall picom + \begin{minted}{fish} +dustvoice in ~ +> killall picom \end{minted} + \noindent or - \begin{minted}{console} -dustvoice@DustArch ~ -$ ps aux | grep picom -dustvoice@DustArch ~ -$ kill -9 + \begin{minted}{fish} +dustvoice in ~ +> ps aux | grep picom + +dustvoice in ~ +> kill -9 \end{minted} + \end{WARNING} -\subsection{\texttt{networkmanager} applet} +\subsection{\texttt{networkmanager} applet}% \label{sec:networkmanager-applet} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{network-manager-applet} \\ -\end{packagetable} +\end{pkgtable} To install the \texttt{NetworkManager} applet, which lives in your tray and provides you with a quick method to connect to different networks, you have to install the \texttt{network-manager-applet} package Now you can start the applet with -\begin{minted}{console} -dustvoice@DustArch ~ -$ nm-applet & +\begin{minted}{fish} +dustvoice in ~ +> nm-applet & \end{minted} -If you want to edit the network connections with a more full screen approach, you can also launch \mintinline{console}{$ nm-connection-editor}. + +If you want to edit the network connections with a more full screen approach, you can also launch \mintinline{fish}{> nm-connection-editor}. \begin{NOTE} The \texttt{nm-connection-editor} doesn’t search for available Wi-Fis. You would have to set up a Wi-Fi connection completely by hand, which could be desirable depending on how difficult it is to set up your Wi-Fi. \end{NOTE} -\subsection{Show keyboard layout} +\subsection{Show keyboard layout}% \label{sec:show-keyboard-layout} -\begin{packagetable} +\begin{pkgtable} \texttt{AUR} & \texttt{xkblayout-state} \\ -\end{packagetable} +\end{pkgtable} To show, which keyboard layout and variant is currently in use, you can use \texttt{xkblayout-state\textsuperscript{\texttt{AUR}}} Now simply issue the \texttt{layout} alias, provided by my custom \texttt{zsh} configuration. -\subsection{X clipboard} +\subsection{X clipboard}% \label{sec:x-clipboard} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{xclip} \\ -\end{packagetable} +\end{pkgtable} To copy something from the terminal to the \texttt{xorg} clipboard, use \texttt{xclip} -\subsection{Taking screen shots} +\subsection{Taking screen shots}% \label{sec:taking-screen-shots} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{scrot} \\ -\end{packagetable} +\end{pkgtable} For this functionality, especially in combination with \texttt{rofi}, use \texttt{scrot}. -\mintinline{console}{$ scrot ~/Pictures/filename.png} then saves the screen shot under \mintinline{text}{~/Pictures/filename.png}. -\subsection{Image viewer} +\mintinline{fish}{> scrot $HOME/Pictures/filename.png} then saves the screen shot under \mintinline{text}{$HOME/Pictures/filename.png}. + +\subsection{Image viewer}% \label{sec:image-viewer} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{ristretto} \\ -\end{packagetable} +\end{pkgtable} Now that we can create screen shots, we might also want to view those -\begin{minted}{console} -dustvoice@DustArch ~ -$ ristretto filename.png +\begin{minted}{fish} +dustvoice in ~ +> ristretto filename.png \end{minted} -\subsection{File manager} + +\subsection{File manager}% \label{sec:file-manager} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{gvfs thunar} \\ \texttt{AUR} & \texttt{gigolo} \\ -\end{packagetable} +\end{pkgtable} You probably also want to use a file manager. In my case, \texttt{thunar}, the \texttt{xfce} file manager, worked best. To also be able to mount removable drives, without being \texttt{root} or using \texttt{sudo}, and in order to have a GUI for mounting stuff, you would need to use \texttt{gigolo\textsuperscript{\texttt{AUR}}} and \texttt{gvfs}. -\subsection{Archive manager} +\subsection{Archive manager}% \label{sec:archive-manager} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{cpio unrar unzip zip} \\ \texttt{community} & \texttt{xarchiver} \\ -\end{packagetable} +\end{pkgtable} As we now have a file manager, it might be annoying, to open up a terminal every time you simply want to extract an archive of some sort. That’s why we’ll use \texttt{xarchiver}. -\subsection{Web browser} +\subsection{Web browser}% \label{sec:web-browser} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{firefox firefox-i18n-en-us} \\ \texttt{community} & \texttt{browserpass} \\ -\end{packagetable} +\end{pkgtable} As you’re already using a GUI, you also might be interested in a web browser. In my case, I’m using \texttt{firefox}, as well as \texttt{browserpass} from the official repositories, together with the \hreffn{https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/}{uBlock Origin}, \hreffn{https://addons.mozilla.org/en-US/firefox/addon/darkreader/}{Dark Reader}, \hreffn{https://addons.mozilla.org/en-US/firefox/addon/duckduckgo-for-firefox/}{DuckDuckGo Pricacy Essentials}, \hreffn{https://addons.mozilla.org/en-US/firefox/addon/vimium-ff/}{Vimium} and finally \hreffn{https://addons.mozilla.org/en-US/firefox/addon/browserpass-ce/}{Browserpass} add-ons, in order to use my passwords in \texttt{firefox} and have best protection in regard to privacy, while browsing the web. We still have to setup \texttt{browserpass}, after installing all of this -\begin{minted}{console} -dustvoice@DustArch ~ -$ cd /usr/lib/browserpass -dustvoice@DustArch /usr/lib/browserpass -$ make hosts-firefox-user -dustvoice@DustArch /usr/lib/browserpass -$ cd ~ +\begin{minted}{fish} +dustvoice in ~ +> cd /usr/lib/browserpass + +dustvoice in /usr/lib/browserpass +> make hosts-firefox-user + +dustvoice in /usr/lib/browserpass +> cd ~ \end{minted} -\subsubsection{Entering the dark side} + +\subsubsection{Entering the dark side}% \label{sec:entering-the-dark-side} -\begin{packagetable} +\begin{pkgtable} \texttt{AUR} & \texttt{tor-browser} \\ -\end{packagetable} +\end{pkgtable} You might want to be completely anonymous whilst browsing the web at some point. Although this shouldn’t be your only precaution, using \texttt{tor-browser\textsuperscript{\texttt{AUR}}} would be the first thing to do @@ -2689,31 +2915,33 @@ Although this shouldn’t be your only precaution, using \texttt{tor-browser\tex You might have to check out how to import the \texttt{gpg} keys on the \texttt{AUR} page of \texttt{tor-browser}. \end{NOTE} -\subsection{Office utilities} +\subsection{Office utilities}% \label{sec:office-utilities} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{libreoffice-fresh} \\ -\end{packagetable} +\end{pkgtable} I’ll use \texttt{libreoffice-fresh} for anything that I’m not able to do with \texttt{neovim}. -\subsubsection{Printing} +\subsubsection{Printing}% \label{sec:printing} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{avahi cups cups-pdf nss-mdns print-manager system-config-printer} \\ -\end{packagetable} +\end{pkgtable} In order to be able to print from the \texttt{gtk} print dialog, we’ll also need \texttt{system-config-printer} and \texttt{print-manager}. -\begin{minted}{console} -dustvoice@DustArch ~ -$ sudo systemctl enable avahi-daemon.service -dustvoice@DustArch ~ -$ sudo systemctl start avahi-daemon.service +\begin{minted}{fish} +dustvoice in ~ +> sudo systemctl enable avahi-daemon.service + +dustvoice in ~ +> sudo systemctl start avahi-daemon.service \end{minted} + Now you have to edit \mintinline{text}{/etc/nsswitch.conf} and add\newline \mintinline{text}{mdns4_minimal [NOTFOUND=return]} @@ -2727,120 +2955,124 @@ hosts: files mymachines myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNA Now continue with this -\begin{minted}{console} -dustvoice@DustArch ~ -$ avahi-browse --all --ignore-local --resolve --terminate -dustvoice@DustArch ~ -$ sudo systemctl enable org.cups.cupsd.service -dustvoice@DustArch ~ -$ sudo systemctl start org.cups.cupsd.service +\begin{minted}{fish} +dustvoice in ~ +> avahi-browse --all --ignore-local --resolve --terminate + +dustvoice in ~ +> sudo systemctl enable org.cups.cupsd.service + +dustvoice in ~ +> sudo systemctl start org.cups.cupsd.service \end{minted} + Just open up \texttt{system-config-printer} now and configure your printer. To test if everything is working, you could open up \texttt{brave}, then go to \emph{Print} and then try printing. -\subsection{Communication} +\subsection{Communication}% \label{sec:gui-communication} Life is all about communicating. Here are some pieces of software to do exactly that. -\subsubsection{Email} +\subsubsection{Email}% \label{sec:email} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{thunderbird} \\ -\end{packagetable} +\end{pkgtable} There is nothing better than some classical email. -\subsubsection{Telegram} +\subsubsection{Telegram}% \label{sec:telegram} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{telegram-desktop} \\ -\end{packagetable} +\end{pkgtable} -You want to have your \texttt{telegram} messages on your desktop PC? +You want to have your \texttt{telegram} messages on your desktop PC?\@ -\subsubsection{TeamSpeak 3} +\subsubsection{TeamSpeak 3}% \label{sec:teamspeak-3} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{teamspeak3} \\ -\end{packagetable} +\end{pkgtable} Wanna chat with your gaming friends and they have a \texttt{teamspeak3} server? -\subsubsection{Discord} +\subsubsection{Discord}% \label{sec:discord} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{discord} \\ -\end{packagetable} +\end{pkgtable} You’d rather use \texttt{discord}? -\subsection{Video software} +\subsection{Video software}% \label{sec:gui-video-software} Just some additional software related to videos. -\subsubsection{Viewing video} +\subsubsection{Viewing video}% \label{sec:viewing-video} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{vlc} \\ -\end{packagetable} +\end{pkgtable} You might consider using \texttt{vlc} -\subsubsection{Creating video} +\subsubsection{Creating video}% \label{sec:creating-video} -\begin{packagetable} +\begin{pkgtable} \texttt{AUR} & \texttt{obs-linuxbrowser-bin obs-glcapture-git obs-studio-git} \\ -\end{packagetable} +\end{pkgtable} \texttt{obs-studio-git\textsuperscript{\texttt{AUR}}} should be the right choice. You can also make use of the plugins provided in the package list above. -\paragraph{Showing keystrokes} +\paragraph{Showing keystrokes}% \label{par:showing-keystrokes} -\begin{packagetable} +\begin{pkgtable} \texttt{AUR} & \texttt{screenkey} \\ -\end{packagetable} +\end{pkgtable} In order to show the viewers what keystrokes you’re pressing, you can use something like \texttt{screenkey\textsuperscript{\texttt{AUR}}} \begin{NOTE} - For ideal use with \texttt{obs}, my \texttt{dotfiles} repository already provides you with the \mintinline{console}{$ screenkey-obs} alias for you to run with \texttt{zsh}. + For ideal use with \texttt{obs}, my \texttt{dotfiles} repository already provides you with the \mintinline{fish}{> screenkey-obs} alias for you to run with \texttt{zsh}. \end{NOTE} -\subsubsection{Editing video} +\subsubsection{Editing video}% \label{sec:editing-video} -\begin{packagetable} +\begin{pkgtable} \texttt{AUR} & \texttt{davinci-resolve} \\ -\end{packagetable} +\end{pkgtable} In my case, I’m using \texttt{davinci-resolve\textsuperscript{\texttt{AUR}}}. -\subsubsection{Utilizing video} +\subsubsection{Utilizing video}% \label{sec:utilizing-video} -\begin{packagetable} +\begin{pkgtable} \texttt{AUR} & \texttt{teamviewer} \\ -\end{packagetable} +\end{pkgtable} + +Wanna remote control your own or another PC?\@ -Wanna remote control your own or another PC? \texttt{teamviewer\textsuperscript{\texttt{AUR}}} might just be the right choice for you -\subsection{Audio Production} +\subsection{Audio Production}% \label{sec:audio-production} You might have to edit \mintinline{text}{/etc/security/limits.conf}, to increase the allowed locked memory amount. @@ -2856,210 +3088,229 @@ In my case I have 32GB of RAM and I want the \texttt{audio} group to be able to \caption{\mintinline{text}{/etc/security/limits.conf}} \end{mintedlisting} -\subsubsection{Ardour} +\subsubsection{Ardour}% \label{sec:ardour} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{ardour} \\ -\end{packagetable} +\end{pkgtable} -To e.g. edit and produce audio, you could use \texttt{ardour}, because it’s easy to use, stable and cross platform. +To e.g.\ edit and produce audio, you could use \texttt{ardour}, because it’s easy to use, stable and cross platform. \begin{NOTE} - \begin{packagetable} + \begin{pkgtable} \texttt{extra} & \texttt{ffmpeg} \\ - \end{packagetable} + \end{pkgtable} Ardour won’t natively save in the \texttt{mp3} format, due to licensing stuff. In order to create \texttt{mp3} files, for sharing with other devices, because they have problems with \texttt{wav} files, for example, you can just use \texttt{ffmpeg}. and after that we’re going to convert \mintinline{text}{in.wav} to \mintinline{text}{out.mp3} - \begin{minted}{console} -dustvoice@DustArch ~ -$ ffmpeg -i in.wav -acodec mp3 out.mp3 + \begin{minted}{fish} +dustvoice in ~ +> ffmpeg -i in.wav -acodec mp3 out.mp3 \end{minted} + \end{NOTE} % TODO: Add how I have carla, etc. pp set up on the laptop for windows vst/lv2/etc. -\subsubsection{Reaper} +\subsubsection{Reaper}% \label{sec:reaper} -\begin{packagetable} +\begin{pkgtable} \texttt{AUR} & \texttt{reaper-bin} \\ -\end{packagetable} +\end{pkgtable} Instead of \texttt{ardour}, I’m using \texttt{reaper}, which is available for linux as a beta version, in my case more stable than \texttt{ardour} and more easy to use for me. -\subsection{Virtualization} +\subsection{Virtualization}% \label{sec:virtualization} -\begin{packagetable} +\begin{pkgtable} \texttt{community} & \texttt{virtualbox virtualbox-host-modules-arch} \\ -\end{packagetable} +\end{pkgtable} -You might need to run another OS, for example Mac OS, from within Linux, e.g. for development/testing purposes. +You might need to run another OS, for example Mac OS, from within Linux, e.g.\ for development/testing purposes. For that you can use \texttt{virtualbox}. Now when you want to use \texttt{virtualbox} just load the kernel module -\begin{minted}{console} -dustvoice@DustArch ~ -$ sudo modprobe vboxdrv +\begin{minted}{fish} +dustvoice in ~ +> sudo modprobe vboxdrv \end{minted} + \noindent -and add the user which is supposed to run \mintinline{console}{$ virtualbox} to the \texttt{vboxusers} group +and add the user which is supposed to run \mintinline{fish}{> virtualbox} to the \texttt{vboxusers} group -\begin{minted}{console} -dustvoice@DustArch ~ -pass:[$ sudo usermod -a G vboxusers $]USER +\begin{minted}{fish} +dustvoice in ~ +> sudo usermod -a G vboxusers $USER \end{minted} + \noindent and if you want to use \mintinline{text}{rawdisk} functionality, also to the \texttt{disk} group -\begin{minted}{console} -dustvoice@DustArch ~ -pass:[$ sudo usermod -a G disk $]USER +\begin{minted}{fish} +dustvoice in ~ +> sudo usermod -a G disk $USER \end{minted} + Now just re-login and you’re good to go. -\subsection{Gaming} +\subsection{Gaming}% \label{sec:gaming} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{pulseaudio pulseaudio-alsa} \\ \texttt{community} & \texttt{lutris} \\ \texttt{multilib} & \texttt{lib32-libpulse lib32-nvidia-utils steam} \\ -\end{packagetable} +\end{pkgtable} The first option for native/emulated gaming on Linux is obviously \texttt{steam}. The second option would be \texttt{lutris}, a program, that configures a wine instance correctly, etc. -\subsection{Wacom} +\subsection{Wacom}% \label{sec:wacom} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{libwacom xf86-input-wacom} \\ -\end{packagetable} +\end{pkgtable} In order to use a Wacom graphics tablet, you’ll have to install some packages You can now configure your tablet using the \texttt{xsetwacom} command. -\subsection{\texttt{VNC} \& \texttt{RDP}} +\subsection{\texttt{VNC} \& \texttt{RDP}}% \label{sec:vnc-and-rdp} -\begin{packagetable} +\begin{pkgtable} \texttt{extra} & \texttt{libvncserver} \\ \texttt{community} & \texttt{remmina} \\ \texttt{AUR} & \texttt{freerdp} \\ -\end{packagetable} +\end{pkgtable} In order to connect to a machine over \texttt{VNC} or to connect to a machine using the \texttt{Remote Desktop Protocol}, for example to connect to a Windows machine, I’ll need to install \texttt{freerdp\textsuperscript{\texttt{AUR}}}, as well as \texttt{libvncserver}, for \texttt{RDP} and \texttt{VNC} functionality respectively, as well as \texttt{remmina}, to have a GUI client for those two protocols. Now you can set up all your connections inside \texttt{remmina}. -\chapter{Upgrading the system} +\chapter{Upgrading the system}% \label{sec:upgrading-the-system} You’re probably wondering why this gets a dedicated section. You’ll probably think that it would be just a matter of issuing -\begin{minted}{console} -dustvoice@DustArch ~ -$ sudo pacman -Syu +\begin{minted}{fish} +dustvoice in ~ +> sudo pacman -Syu \end{minted} + That’s both true and false. You have to make sure, \emph{that your boot partition is mounted at \mintinline{text}{/boot}} in order for everything to upgrade correctly. That’s because the moment you upgrade the \texttt{linux} package without having the correct partition mounted at \mintinline{text}{/boot}, your system won’t boot. -You also might have to do \mintinline{console}{$ grub-mkconfig -o /boot/grub/grub.cfg} after you install a different kernel image. +You also might have to do \mintinline{fish}{> grub-mkconfig -o /boot/grub/grub.cfg} after you install a different kernel image. -If your system \emph{indeed doesn’t boot} and \emph{boots to a recovery console}, then double check that the issue really is the not perfectly executed kernel update by issuing +If your system \emph{indeed doesn’t boot} and \emph{boots to a recovery fish}, then double check that the issue really is the not perfectly executed kernel update by issuing -\begin{minted}{console} -root@DustArch ~ -$ uname -a +\begin{minted}{fish} +root in ~ +> uname -a \end{minted} + \noindent and -\begin{minted}{console} -root@DustArch ~ -$ pacman -Q linux +\begin{minted}{fish} +root in ~ +> pacman -Q linux \end{minted} + \emph{The version of these two packages should be exactly the same!} If it isn’t there is an easy fix for it. -\section{Fixing a faulty kernel upgrade} +\section{Fixing a faulty kernel upgrade}% \label{sec:fixing-a-faulty-kernel-upgrade} First off we need to restore the old \texttt{linux} package. For that note the version number of -\begin{minted}{console} -root@DustArch ~ -$ uname -a +\begin{minted}{fish} +root in ~ +> uname -a \end{minted} + Now we’ll make sure first that nothing is mounted at \mintinline{text}{/boot}, because the process will likely create some unwanted files. The process will also create a new \mintinline{text}{/boot} folder, which we’re going to delete afterwards. -\begin{minted}{console} -root@DustArch ~ -$ umount /boot +\begin{minted}{fish} +root in ~ +> umount /boot \end{minted} + Now \texttt{cd} into \texttt{pacman}'s package cache -\begin{minted}{console} -root@DustArch ~ -$ cd /var/cache/pacman/pkg +\begin{minted}{fish} +root in ~ +> cd /var/cache/pacman/pkg \end{minted} + There should be a file located named something like \mintinline{text}{linux-.pkg.tar.xz}, where \texttt{} would be somewhat equivalent to the previously noted version number Now downgrade the \texttt{linux} package -\begin{minted}{console} -root@DustArch ~ -$ pacman -U linux-.pkg.tar.xz +\begin{minted}{fish} +root in ~ +> pacman -U linux-.pkg.tar.xz \end{minted} + After that remove the possibly created \mintinline{text}{/boot} directory -\begin{minted}{console} -root@DustArch ~ -$ rm -rf /boot -root@DustArch ~ -$ mkdir /boot +\begin{minted}{fish} +root in ~ +> rm -rf /boot + +root in ~ +> mkdir /boot \end{minted} + Now reboot and mount the \texttt{boot} partition, in my case an EFI System partition. Now simply rerun -\begin{minted}{console} -dustvoice@DustArch ~ -$ sudo pacman -Syu +\begin{minted}{fish} +dustvoice in ~ +> sudo pacman -Syu \end{minted} + \noindent and you should be fine now. -\chapter{Additional notes} +\chapter{Additional notes}% \label{sec:additional-notes} If you’ve printed this guide, you might want to add some additional blank pages for notes. \end{document} + +% Local Variables: +% TeX-engine: luatex +% TeX-command-extra-options: "--shell-escape" +% End: diff --git a/Documentation_v2.org b/Documentation_v2.org new file mode 100644 index 0000000..6385d07 --- /dev/null +++ b/Documentation_v2.org @@ -0,0 +1,3431 @@ +#+title: DustArch +#+subtitle: DustVoice's Arch Linux from scratch +#+author: David Holland +#+options: toc:t +#+language: en + +#+begin_export html + +#+end_export + +* Inside the =archiso= +:PROPERTIES: +:CUSTOM_ID: inside-the-archiso +:END: +This chapter is aimed at assisting with the general setup of a +customized Arch Linux installation, using an official Arch Linux image +(=archiso=). + +#+begin_note +As Arch Linux is a rolling release GNU/Linux distribution, it is +advised, to have a working internet connection, in order to get the +latest package upgrades and to install additional software, as the +=archiso= doesn't have all packages available from cache, especially the +ones that need to be installed from the =AUR=. + +Furthermore, one should bear in mind that depending on the version, or +rather modification date, of this guide, the exact steps taken may +already be outdated. If you encounter any problems along the way, you +will either have to resolve the issue yourself, or utilize the great [[https://wiki.archlinux.org/][ArchWiki]], or the [[https://bbs.archlinux.org/][Arch Linux forums]]. +#+end_note + +In the following document, I will denote a command execution in a shell with a preceding +~>~:\\ +(~> uname -a~). + +In a shell session block, you can infer the privilege the command was executed by looking at the prompt line above the command, where the username will be denoted, together with the current working directory. + +#+begin_src fish +dustvoice in ~ +> git init + +root in /boot +> ls -la +#+end_src + +** Syncing up =pacman= +:PROPERTIES: +:CUSTOM_ID: syncing-up-pacman +:END: + +First of all we need to sync up =pacman='s package repository, in order +to be able to install the latest, as well as new packages to the +=archiso= and our new system. + +#+begin_src fish +> pacman -Sy +#+end_src + +Using ~> pacman -Sy~ should be sufficient, in order to be able to search +for packages from within the =archiso=, without upgrading the system, +but might break your system, if you use this command on an existing +installation! + +To be on the safe side, it is advised to always use ~> pacman -Syu~ +instead! + +:NOTE: +=pacstrap= uses the latest packages anyways. +:END: + +#+begin_note +=pacstrap= uses the latest packages anyways. +#+end_note + +*** Official repositories +:PROPERTIES: +:CUSTOM_ID: official-repositories +:END: +After doing that, we can now install any software from the official +repositories by issuing + +#+caption: Test +#+begin_src fish +root in ~ +> pacman -S +#+end_src + +where you would replace ~~ with the actual package name. + +If you want to remove an installed package, just use + +#+begin_src fish +root in ~ +> pacman -Rsu +#+end_src + +If you don't know the exact package name, or if you just want to search +for a keyword, for example =xfce=, to list all packages having to do +something with =xfce=, use + +#+begin_src fish +root in ~ +> pacman -Ss +#+end_src + +If you really need to force remove a package, which you should use /with +extreme caution/, you could use + +#+begin_src fish +root in ~ +> pacman -Rdd +#+end_src + +*** =AUR= +:PROPERTIES: +:CUSTOM_ID: aur +:END: +If you want to install a package from the , I would advise proceeding in +the following manner, in order to install the =AUR=-helper =paru=. + +1. Clone the package with =git= + + #+begin_src fish + dustvoice in ~ + > git clone https://aur.archlinux.org/paru.git + #+end_src + + If you are on a slow PC, or don't want to compile =paru= from + scratch, you can also use . + +2. Switch to the package directory + + #+begin_src fish + dustvoice in ~ + > cd paru + #+end_src + +3. Execute => makepkg= + + #+begin_src fish + dustvoice in ~/paru + > makepkg -si + #+end_src + +4. Delete all files created, as =paru= will now be handling all the + =AUR= stuff. + + #+begin_src fish + dustvoice in ~/paru + > cd .. + + dustvoice in ~ + > rm -rf paru + #+end_src + +If you only install =AUR= packages the manual way, you might have to +resolve some =AUR= dependencies manually, which can't be automatically +resolved by =makepkg='s =-s= option, whitch uses =pacman=. + +In order to install a desired =AUR= package, you /must/ switch to your +normal, non-=root= user, because =makepkg= doesn't run as =root=. + +*** Software categories +:PROPERTIES: +:CUSTOM_ID: software-categories +:END: +In this guide, software is categorized in three different categories + +- =Fish= software is intended to be used with either the native linux + fish, or with a terminal emulator + +- =GUI= software is intended to be used within a graphical desktop + environment + +- =Hybrid= software can either be used within both a fish and a + graphical desktop environment (e.g. =networkmanager=), or there are + packages available for both fish and a graphical desktop environment + (e.g. =pulseaudio= with =pulsemixer= for =Fish= and =pavucontrol= for + =GUI=) + +*** Software installation +:PROPERTIES: +:CUSTOM_ID: software-installation +:END: +In this guide, I'll be explicitly listing the packages installed in a +specific section at the beginning of the individual sections. + +This allows you to + +- clearly see what packages get installed / need to be installed in a + specific section + +- install packages before you start with the section in order to + minimize waiting time + +- not having to accidentally reinstall already installed packages + +The packages are always the recommended packages. + +For further clarification for specific packages (e.g. =UEFI= specific +packages), continue reading the section, as there is most certainly an +explanation there. + +Of course, as always, you can and should adapt everything according to +your needs, as this guide is, again, /no tutorial, but a guide/. + +**** Example section +:PROPERTIES: +:CUSTOM_ID: example-section +:END: + +=core= & =libutil-linux=\\ +=extra= & =git=\\ +=community= & +=ardour cadence jsampler linuxsampler qsampler sample-package=\\ +=AUR= & =sbupdate=\\ + +You have to configure =sample-package=, by editing =/etc/sample.conf= + +#+begin_example +Sample.text=useful +#+end_example + +** Formatting the drive +:PROPERTIES: +:CUSTOM_ID: formatting-the-drive +:END: +First, you probably want to get a list of all available drives, together +with their corresponding device name, by issuing + +#+begin_src fish +root in ~ +> fdisk -l +#+end_src + +The output of => fdisk -l= is dependent on your system configuration and +many other factors, like =BIOS= initialization order, etc. + +Don't assume the same path of a device between reboots! + +Always double check! + +There is nothing worse than formatting a drive you didn't mean to +format! + +*** The standard way +:PROPERTIES: +:CUSTOM_ID: the-standard-way +:END: +In my case, the partition I want to install the root file system on is +=/dev/sdb2=. =/dev/sdb3= will be my =swap= partition. + +A =swap= size twice the size of your RAM is recommended by a lot of +people. + +To be exact, every distribution has different recommendations for =swap= +sizes. Also =swap= size heavily depends on whether you want to be able +to hibernate, etc. + +***** In my opinion +:PROPERTIES: +:CUSTOM_ID: in-my-opinion +:END: +You should make the =swap= size at least your RAM size and for RAM sizes +over =4GB= and the wish to hibernate, at least one and a half your RAM +size. + +If you haven't yet partitioned your disk, please refer to the in the +ArchWiki. + +Now we need to format the partitions accordingly + +#+begin_src fish +root in ~ +> mkfs.ext4 /dev/sdb2 + +root in ~ +> mkswap /dev/sdb3 +#+end_src + +After doing that, we can turn on the =swap= and mount the root +partition. + +#+begin_src fish +root in ~ +> swapon /dev/sdb3 + +root in ~ +> mount /dev/sdb2 /mnt +#+end_src + +If you have an additional EFI System partition, because of a /UEFI +- GPT/ setup or an existing Windows installation, for example, which we +will assume to be located under =/dev/sda2= (=/dev/sda= is the disk of +my Windows install), you'll have to mount this partition to the new +system's =/boot= folder + +#+begin_src fish +root in ~ +> mkdir /mnt/boot + +root in ~ +> mount /dev/sda2 /mnt/boot +#+end_src + +*** Full system encryption +:PROPERTIES: +:CUSTOM_ID: full-system-encryption +:END: + +This is only one way to do it and it is the way I have done it. I'm +using a =LVM= on =LUKS= setup, with =lvm2= and =luks2=. For more +information look into the . + +This setup has different partitions, used for the EFI System partition, +the =root= partition, etc., compared to the ones used in the rest of the +guide. If you want to use =grub= in conjunction with some full system +encryption, you would have to adapt the disk and partition names +accordingly. The only part of the guide, which currently uses the drives +& partitions used in this section is . + +To start things, we first have to decide, which disk, or partition, is +going to hold the =luks2= encrypted =lvm2= stuff. + +In my case I'll be using my NVMe SSD, with a =GPT= partition scheme, for +both the EFI System partition, in my case =/dev/nvme0n1p1=, defined as a +=EFI System= partition type in =fdisk=, as well as the main =LUKS= +volume, in my case =/dev/nvme0n1p2=, defined as a =Linux filesystem= +partition type in =fdisk=. + +After partitioning our disk, we now have to set everything up. + +**** EFI System partition +:PROPERTIES: +:CUSTOM_ID: efi-system-partition +:END: + +=core= & =dosfstools=\\ + +I won't setup my EFI System partition with =cryptsetup=, as it makes no +sense in my case. + +Every =EFI= binary (or =STUB=) will have to be signed with my custom +Secure Boot keys, as described in , so tempering with the EFI System +partition poses no risk to my system. + +Instead I will simply format it with a =FAT32= filesystem + +#+begin_src fish +root in ~ +> mkfs.fat -F 32 -L /efi /dev/nvme0n1p1 +#+end_src + +We will bother with mounting it later on. + +When you /do/ want to encrypt your EFI System partition, in conjunction +with using =grub=, please either use =LUKS 1=, or make sure to have the +latest version of =grub= installed on your system, to make it work with +=LUKS 2=! + +**** =LUKS= +:PROPERTIES: +:CUSTOM_ID: luks +:END: + +=core= & =cryptsetup=\\ + +First off we have to create the =LUKS= volume + +#+begin_src fish +root in ~ +> cryptsetup luksFormat --type luks2 /dev/nvme0n1p2 +#+end_src + +After that we have to open the volume + +#+begin_src fish +root in ~ +> cryptsetup open /dev/nvme0n1p2 cryptroot +#+end_src + +The volume is now accessible under =/dev/mapper/cryptroot=. + +**** =LVM= +:PROPERTIES: +:CUSTOM_ID: lvm +:END: + +=core= & =lvm2=\\ + +I'm going to create one =PV= (Physical Volume) using the just created +and opened =cryptroot= =LUKS= volume, one =VG= (Volume Group), named +=DustArch1=, which will contain two =LV=s (Logical Volumes) named =root= +and =swap= containing the =root= filesystem and the =swap= space +respectively. + +#+begin_src fish +root in ~ +> pvcreate /dev/mapper/cryptroot + +root in ~ +> vgcreate DustArch1 /dev/mapper/cryptroot + +root in ~ +> lvcreate -l 100%FREE -n root DustArch1 + +root in ~ +> lvreduce -L -32G /dev/DustArch1/root + +root in ~ +> lvcreate -l 100%FREE -n swap DustArch1 +#+end_src + +**** Format & mount +:PROPERTIES: +:CUSTOM_ID: format-and-mount +:END: +Now the only thing left to do is formatting our freshly created logical +volumes appropriately + +#+begin_src fish +root in ~ +> mkfs.ext4 -L / /dev/DustArch1/root + +root in ~ +> mkswap /dev/DustArch1/swap +#+end_src + +as well as mounting them and enabling the =swap=, in order to proceed +with the next steps. + +#+begin_src fish +root in ~ +> mount /dev/DustArch1/root /mnt + +root in ~ +> mkdir /mnt/efi + +root in ~ +> mount /dev/nvme0n1p1 /mnt/efi + +root in ~ +> swapon /dev/DustArch1/swap +#+end_src + +**** Unmount & Close +:PROPERTIES: +:CUSTOM_ID: unmount-and-close +:END: + +Only do this, after you're finished with your setup within the =archiso= +and are about to reboot into your new system, or else the next steps +won't work for you. + +To close everything back up again, + +1. unmount the volumes + + #+begin_src fish + root in ~ + > umount /mnt/efi /mnt + #+end_src + +2. deactivate the =VG= + + #+begin_src fish + root in ~ + > vgchange -a n DustArch1 + #+end_src + +3. close the =LUKS= volume + + #+begin_src fish + root in ~ + > cryptsetup close cryptroot + #+end_src + +** Preparing the =chroot= environment +:PROPERTIES: +:CUSTOM_ID: preparing-the-chroot-environment +:END: +First it might make sense to edit =/etc/pacman.d/mirrorlist= to move the +mirrors geographically closest to you to the top. + +If you're using an older version of the =archiso=, you might want to +replace the mirrorlist present on the =archiso= with the newest one from + +#+begin_src fish +root in ~ +> curl https://archlinux.org/mirrorlist/all > /etc/pacman.d/mirrorlist +#+end_src + +=community= & =reflector=\\ + +The best way to do this, is using a package from the official +repositories named =reflector=. It comes with all sorts of options, for +example sorting mirrors by speed, filtering by country, etc. + +#+begin_src fish +root in ~ +> reflector --verbose --latest 200 --sort rate --save /etc/pacman.d/mirrorlist +#+end_src + +After that you would need to reinstall the =pacman-mirror= package and +run + +#+begin_src fish +root in ~ +> pacman -Syyuu +#+end_src + +for the best results. + +After that we can =pacstrap= the /minimum packages/ needed. We will +install all other packages later on. + +=core= & =base linux linux-firmware=\\ + +This is the actual command used in my case + +#+begin_src fish +root in ~ +> pacstrap /mnt base linux linux-firmware +#+end_src + +After that generate an =fstab= using =genfstab= + +#+begin_src fish +root in ~ +> genfstab -U /mnt >> /mnt/etc/fstab +#+end_src + +and you're ready to enter the =chroot= environment. + +* Entering the =chroot= +:PROPERTIES: +:CUSTOM_ID: entering-the-chroot +:END: + +As we want to set up our new system, we need to have access to the +different partitions, the internet, etc.  which we wouldn't get by +solely using =chroot=. + +That's why we are using =arch-chroot=, provided by the +=arch-install-scripts= package, which is shipped with the =archiso=. +This script takes care of all the afforementioned stuff, so we can set +up our system properly. + +#+begin_src fish +root in ~ +> arch-chroot /mnt +#+end_src + +Et Voilà! You successfully =chroot=ed inside your new system and you'll +be greeted by a =bash= prompt, which is the default shell on fresh Arch +Linux installations. + +** Installing additional packages +:PROPERTIES: +:CUSTOM_ID: installing-additional-packages +:END: + +=core= & +=amd-ucode base-devel diffutils dmraid dnsmasq dosfstools efibootmgr exfat-utils grub iputils lvm2 openssh sudo usbutils=\\ +=extra= & +=efitools git intel-ucode networkmanager networkmanager-openconnect networkmanager-openvpn parted polkit rsync zsh=\\ +=community= & =neovim os-prober=\\ + +There are many command line text editors available, like =nano=, =vi=, +=vim=, =emacs=, etc. + +I'll be using =neovim=, though it shouldn't matter what editor you +choose for the rest of the guide. + +Make sure to enable the =NetworkManager.service= service, in order for +the Internet connection to work correctly, upon booting into the fresh +system later on. + +#+begin_src fish +root in / +> systemctl enable NetworkManager.service +#+end_src + +With =polkit= installed, create a file to enable users of the =network= +group to add new networks without the need of =sudo=. + +#+begin_src fish +polkit.addRule(function(action, subject) { + if (action.id.indexOf("org.freedesktop.NetworkManager.") == 0 && subject.isInGroup("network")) { + return polkit.Result.YES; + } +}); +#+end_src + +If you use =UEFI=, you'll also need the =efibootmgr=, in order to modify +the =UEFI= entries. + +** Master of time +:PROPERTIES: +:CUSTOM_ID: master-of-time +:END: +After that, you have to set your timezone and update the system clock. + +Generally speaking, you can find all the different timezones under +=/usr/share/zoneinfo=. + +In my case, my timezone file resides under +=/usr/share/zoneinfo/Europe/Berlin=. + +To achieve the desired result, I will want to symlink this to +=/etc/localtime= and set the hardware clock. + +#+begin_src fish +root in / +> ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime + +root in / +> hwclock --systohc --utc +#+end_src + +Now you can also enable time synchronization over network + +#+begin_src fish +root in / +> timedatectl set-timezone Europe/Berlin + +root in / +> timedatectl set-ntp true +#+end_src + +and check that everything is alright + +#+begin_src fish +root in / +> timedatectl status +#+end_src + +** Master of locales +:PROPERTIES: +:CUSTOM_ID: master-of-locales +:END: +Now you have to generate your locale information. + +For that you have to edit =/etc/locale.gen= and uncomment the locales +you want to enable. + +I recommend to always uncomment =en_US.UTF-8 UTF8=, even if you want to +use another language primarily. + +In my case I only uncommented the =en_US.UTF-8 UTF8= line + +#+begin_src fish +en_US.UTF-8 UTF8 +#+end_src + +After that you still have to actually generate the locales by issuing + +#+begin_src fish +root in / +> locale-gen +#+end_src + +and set the locale + +#+begin_src fish +root in / +> localectl set-locale LANG="en_US.UTF-8" +#+end_src + +After that we're done with this part. + +** Naming your machine +:PROPERTIES: +:CUSTOM_ID: naming-your-machine +:END: +Now we can set the =hostname= for our new install and add =hosts= +entries. + +Apart from being mentioned in your command prompt, the =hostname= also +serves the purpose of identifying, or naming your machine locally, as +well as in a networked scenario. This will enable you to see your PC +with the correct name in your router, etc. + +*** =hostname= +:PROPERTIES: +:CUSTOM_ID: hostname +:END: +To change the =hostname=, simply edit =/etc/hostname=, enter the desired +name, then save and quit + +#+begin_src fish +DustArch +#+end_src + +*** =hosts= +:PROPERTIES: +:CUSTOM_ID: hosts +:END: +Now we need to specify some =hosts= entries by editing =/etc/hosts= + +#+begin_src fish +# Static table lookup for hostnames. +# See hosts(5) for details. + +127.0.0.1 localhost . +::1 localhost . +127.0.1.1 DustArch.localhost DustArch +#+end_src + +** User setup +:PROPERTIES: +:CUSTOM_ID: user-setup +:END: +Now you should probably change the default =root= password and create a +new non-=root= user for yourself, as using your new system purely +through the native =root= user is not recommended from a security +standpoint. + +*** Give =root= a password +:PROPERTIES: +:CUSTOM_ID: give-root-a-password +:END: +To change the password for the current user (the =root= user) issue + +#+begin_src fish +root in / +> passwd +#+end_src + +and choose a new password. + +*** Create a personal user +:PROPERTIES: +:CUSTOM_ID: create-a-personal-user +:END: + +=core= & =sudo=\\ +=extra= & =zsh=\\ + +We are going to create a new user and set the password, groups and shell +for this user + +#+begin_src fish +root in / +> useradd -m -p "" -G "adm,audio,disk,floppy,kvm,log,lp,network,rfkill,scanner,storage,users,optical,power,wheel" -s /usr/bin/zsh dustvoice + +root in / +> passwd dustvoice +#+end_src + +We now have to allow the =wheel= group =sudo= access. + +For that we edit =/etc/sudoers= and uncomment the =|\%|wheel [|\ldots|]= +line. + +#+begin_src fish +%wheel ALL=(ALL) ALL +#+end_src + +You could also add a new line below the =root= line + +#+begin_src fish +root ALL=(ALL) ALL +#+end_src + +with your new username + +#+begin_src fish +dustvoice ALL=(ALL) ALL +#+end_src + +to solely grant the /new/ user =sudo= privileges. + +** Boot manager +:PROPERTIES: +:CUSTOM_ID: boot-manager +:END: +In this section different boot managers / boot methods are explained. + +*** =EFISTUB= +:PROPERTIES: +:CUSTOM_ID: efistub +:END: + +=core= & =efibootmgr=\\ + +You can directly boot the system, by making use of the =EFISTUB= +contained in the kernel image. To utilize this, we can use =efibootmgr= +to create an entry in the =UEFI= + +#+begin_src fish +root in / +> efibootmgr --disk /dev/sda --part 2 --create --label "Arch Linux" --loader /vmlinuz-linux --unicode 'root=6ff60fab-c046-47f2-848c-791fbc52df09 rw initrd=\initramfs-linux.img resume=UUID=097c6f11-f246-40eb-a702-ba83c92654f2' --verbose +#+end_src + +This only makes sense of course, if you're using =UEFI= instead of a +legacy =BIOS=. In this case it doesn't matter of course, if your machine +/theoretically supports/ =UEFI=, but rather if it is the /enabled mode/! + +*** =grub= +:PROPERTIES: +:CUSTOM_ID: grub +:END: + +=core= & =dosfstools efibootmgr grub=\\ +=extra= & =mtools=\\ +=community= & =os-prober=\\ + +Of course you can also use a boot manager to boot the system, as the +name implies. + +If I can't use =EFISTUB=, e.g. either because the system has no =UEFI= +support, or because I need another feature of a boot manager, I normally +use =grub=. + +You'll probably only need the =efibootmgr= package, if you plan to +utilize =UEFI=. + +**** =BIOS= +:PROPERTIES: +:CUSTOM_ID: bios +:END: +If you chose the =BIOS - MBR= variation, you'll have to /do nothing +special/. + +If you chose the =BIOS - GPT= variation, you'll have to /have a =+1M= +boot partition/ created with the partition type set to =BIOS boot=. + +In both cases you'll have to /run the following comman/ now + +#+begin_src fish +root in / +> grub-install --target=i386-pc /dev/sdb +#+end_src + +It should obvious that you would need to replace =/dev/sdb= with the +disk you actually want to use. Note however that you have to specify a +/disk/ and /not a partition/, so /no number/. + +**** =UEFI= +:PROPERTIES: +:CUSTOM_ID: uefi +:END: +If you chose the =UEFI - GPT= variation, you'll have to /have the EFI +System partition mounted/ at =/boot= (where =/dev/sda2= is the partition +holding said EFI System partition in my particular setup) + +Now /install =grub= to the EFI System partition/ + +#+begin_src fish +root in / +> grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=grub --recheck +#+end_src + +If you've planned on dual booting arch with Windows and therefore reused +the EFI System partition created by Windows, you might not be able to +boot to grub just yet. + +In this case, boot into Windows, open a =cmd= window as Administrator +and type in + +#+begin_src fish +bcdedit /set {bootmgr} path \EFI\grub\grubx64.efi +#+end_src + +To make sure that the path is correct, you can use + +#+begin_src fish +root in / +> ls /boot/EFI/grub +#+end_src + +under Linux to make sure, that the =grubx64.efi= file is really there. + +**** =grub= config +:PROPERTIES: +:CUSTOM_ID: grub-config +:END: +In all cases, you now have to create the main =grub.cfg= configuration +file. + +But before we actually generate it, we'll make some changes to the +default =grub= settings, which the =grub.cfg= will be generated from. + +***** Adjust the timeout +:PROPERTIES: +:CUSTOM_ID: par:adjust-the-timeout +:END: +First of all, I want my =grub= menu to wait indefinitely for my command +to boot an OS. + +#+begin_src fish +GRUB_TIMEOUT=-1 +#+end_src + +I decided on this, because I'm dual booting with Windows and after +Windows updates itself, I don't want to accidentally boot into my Arch +Linux, just because I wasn't quick enough to select the Windows Boot +Loader from the =grub= menu. + +Of course you can set this parameter to whatever you want. + +Another way of achieving what I described, would be to make =grub= +remember the last selection. + +#+begin_src fish +GRUB_TIMEOUT=5 +GRUB_DEFAULT=saved +GRUB_SAVEDEFAULT="true" +#+end_src + +***** Enable the recovery +:PROPERTIES: +:CUSTOM_ID: par:enable-the-recovery +:END: +After that I also want the recovery option showing up, which means that +besides the standard and fallback images, also the recovery one would +show up. + +#+begin_src fish +GRUB_DISABLE_RECOVERY=false +#+end_src + +***** NVIDIA fix +:PROPERTIES: +:CUSTOM_ID: par:nvidia-fix +:END: +Now, as I'm using the binary NVIDIA driver for my graphics card, I also +want to make sure, to revert =grub= back to text mode, after I select a +boot entry, in order for the NVIDIA driver to work properly. You might +not need this + +#+begin_src fish +GRUB_GFXPAYLOAD_LINUX=text +#+end_src + +***** Add power options +:PROPERTIES: +:CUSTOM_ID: par:add-power-options +:END: +I also want to add two new menu entries, to enable me to shut down the +PC, or reboot it, right from the =grub= menu. + +#+begin_src fish +menuentry '=> Shutdown' { + halt +} + +menuentry '=> Reboot' { + reboot +} +#+end_src + +***** Installing =memtest= +:PROPERTIES: +:CUSTOM_ID: par:installing-memtest +:END: +As I want all possible options to possibly troubleshoot my PC right +there in my =grub= menu, without the need to boot into a live OS, I also +want to have a memory tester there. + +****** =BIOS= +:PROPERTIES: +:CUSTOM_ID: par:installing-memtest-bios +:END: + +=extra= & =memtest86+=\\ + +For a =BIOS= setup, you'll simply need to install the =memtest86+= +package, with no further configuration. + +****** =UEFI= +:PROPERTIES: +:CUSTOM_ID: par:installing-memtest-uefi +:END: + +=AUR= & =memtest86-efi=\\ + +For a =UEFI= setup, you'll first need to install the package and then +tell =memtest86-efi=^{=AUR=} how to install itself + +#+begin_src fish +root in / +> memtest86-efi -i +#+end_src + +Now select option 3, to install it as a =grub2= menu item. + +***** Enabling hibernation +:PROPERTIES: +:CUSTOM_ID: par:enabling-hibernation +:END: +We need to add the =resume= kernel parameter to =/etc/default/grub=, +containing my =swap= partition =UUID=, in my case + +#+begin_src fish +GRUB_CMDLINE_LINUX_DEFAULT="loglevel=3 quiet resume=UUID=097c6f11-f246-40eb-a702-ba83c92654f2" +#+end_src + +If you have to change anything, like the =swap= partition =UUID=, inside +the =grub= configuration files, you'll always have to rerun +=> grub-mkconfig= as explained in the paragraph of the section . + +***** Disabling =os-prober= +:PROPERTIES: +:CUSTOM_ID: par:disabling-os-prober +:END: +Sometimes it makes sense to disable the =os-prober= functionality of +grub, even though =os-prober= is installed on the system (which auto +enables it), for example when installing arch for portability purposes. +We can disable the os-prober functionality in the =grub= default config +file. + +#+begin_src fish +GRUB_DISABLE_OS_PROBER=true +#+end_src + +***** Generating the =grub= config +:PROPERTIES: +:CUSTOM_ID: par:generating-the-grub-config +:END: +Now we can finally generate our =grub.cfg= + +#+begin_src fish +root in / +> grub-mkconfig -o /boot/grub/grub.cfg +#+end_src + +Now you're good to boot into your new system. + +** Switch to a =systemd= based =ramdisk= +:PROPERTIES: +:CUSTOM_ID: switch-to-a-systemd-based-ramdisk +:END: + +There is nothing particularily better about using a =systemd= based +=ramdisk= instead of a =busybox= one, it's just that I prefer it. + +Some advantages, at least in my opinion, that the =systemd= based +=ramidsk= has, are the included =resume= hook, as well as password +caching, when decrypting encrypted volumes, which means that because I +use the same =LUKS= password for both my data storage =HDD=, as well as +my =cryptroot=, I only have to input the password once for my +=cryptroot= and my data storage =HDD= will get decrypted too, without +the need to create =/etc/crypttab= entries, etc. + +To switch to a =systemd= based =ramdisk=, you will normally need to +substitute the =busybox= specific hooks for =systemd= ones. You will +also need to use =systemd= hooks from now on, for example =sd-encrypt= +instead of =encrypt=. + +- =base= + + In my case, I left the =base= hook untouched, to get a =busybox= + recovery shell, if something goes wrong, although you wouldn't + technically need it, when using =systemd=. + + Don't remove this, when using =busybox=, unless you're absolutely + knowing what you're doing. + +- =udev= + + Replace this with =systemd= to switch from =busybox= to =systemd=. + +- =keymap= and/or =fishfont= + + These two, or one, if you didn't use one of them, need to be replaced + with =sd-vfish=. Everything else stays the same with these. + +- =encrypt= + + Isn't used in the default =/etc/mkinitcpio.conf=, but could be + important later on, for example when using . You need to substitute + this with =sd-encrypt=. + +- =lvm2= + + Same thing as with =encrypt= and needs to be substituted with + =sd-lvm2=. + +You can find all purposes of the individual hooks, as well as the +=busybox= / =systemd= equivalent of each one in the . + +** Hibernation +:PROPERTIES: +:CUSTOM_ID: hibernation +:END: +In order to use the hibernation feature, you should make sure that your +=swap= partition/file is at least the size of your RAM. + +If you use a =busybox= based =ramdisk=, you need to + +1. add the =resume= hook to =/etc/mkinitcpio.conf=, before =fsck= and + definetely after =block= + + #+begin_src fish + HOOKS=(base udev autodetect modconf block filesystems keyboard resume fsck) + #+end_src + +2. run + + #+begin_src fish + root in / + > mkinitcpio -p linux + #+end_src + +When using =EFISTUB= without =sbupdate=, your motherboard has to support +kernel parameters for boot entries. If your motherboard doesn't support +this, you would need to use . + +** Secure Boot +:PROPERTIES: +:CUSTOM_ID: secure-boot +:END: +*** =shim= +:PROPERTIES: +:CUSTOM_ID: shim +:END: + +=AUR= & =shim-signed=\\ + +This is a way of handling secure boot that aims at just making +everything work! + +It is not the way Secure Boot was intended to be used and you might as +well disable it. + +If you need Secure Boot to be enabled, e.g. for Windows, but you +couldn't care less for the security it could bring to your device, use +this method. + +If you want to actually make use of the Secure Boot feature, read . + +I know I told you that you're now good to boot into your new system. +That is only correct, if you're /not/ using Secure Boot. + +You can either proceed by disabling Secure Boot in your firmware +settings, or by using =shim= as kind of a pre-bootloader, as well as +signing your bootloader (=grub=) and your kernel. + +If you decided on using Secure Boot, you will first have to install the +package. + +Now we just need to copy =shimx64.efi=, as well as =mmx64.efi= to our +EFI System partition + +#+begin_src fish +root in / +> cp /usr/share/shim-signed/shimx64.efi /boot/EFI/grub/ + +root in / +> cp /usr/share/shim-signed/mmx64.efi /boot/EFI/grub/ +#+end_src + +If you have to use =bcdedit= from within Windows, as explained in +section , you need to adapt the command accordingly + +#+begin_src fish +bcdedit /set {bootmgr} path \EFI\grub\shimx64.efi +#+end_src + +Now you will be greeted by =MokManager= everytime you update your +bootloader or kernel. + +Just choose "Enroll hash from disk" and enroll your bootloader binary +(=grubx64.efi=) and kernel (=vmlinuz-linux=). + +Reboot and your system should fire up just fine. + +*** The manual way +:PROPERTIES: +:CUSTOM_ID: the-manual-way +:END: + +As this is a very tedious and time consuming process, it only makes +sense when also utilizing some sort of disk encryption, which is, why I +would advise you to read first. + +**** File formats +:PROPERTIES: +:CUSTOM_ID: file-formats +:END: +In the following subsections, we will be dealing with some different +file formats. + +=.key= =PEM= format private keys for =EFI= binary and =EFI= signature +list signing. + +=.crt= =PEM= format certificates for =sbsign=. + +=.cer= =DER= format certigficates for firmware. + +=.esl= Certificates in =EFI= Signature List for =KeyTool= and/or +firmware. + +=.auth= Certificates in =EFI= Signature List with authentication header +(i.e. a signed certificate update file) for =KeyTool= and/or firmware. + +**** Create the keys +:PROPERTIES: +:CUSTOM_ID: create-the-keys +:END: +First off, we have to generate our Secure Boot keys. + +These will be used to sign any binary which will be executed by the +firwmare. + +***** =GUID= +:PROPERTIES: +:CUSTOM_ID: par:guid +:END: +Let's create a =GUID= first to use with the next commands. + +#+begin_src fish +root in ~/sb +> uuidgen --random > GUID.txt +#+end_src + +***** =PK= +:PROPERTIES: +:CUSTOM_ID: par:pk +:END: +We can now generate our =PK= (Platform Key) + +#+begin_src fish +root in ~/sb +> openssl req -newkey rsa:4096 -nodes -keyout PK.key -new -x509 -sha256 -subj "/CN=Platform Key for DustArch/" -out PK.crt + +root in ~/sb +> openssl x509 -outform DER -in PK.crt -out PK.cer + +root in ~/sb +> cert-to-efi-sig-list -g "$(< GUID.txt)" PK.crt PK.esl + +root in ~/sb +> sign-efi-sig-list -g "$(< GUID.txt)" -k PK.key -c PK.crt PK PK.esl PK.auth +#+end_src + +In order to allow deletion of the =PK=, for firmwares which do not +provide this functionality out of the box, we have to sign an empty +file. + +#+begin_src fish +root in ~/sb +> sign-efi-sig-list -g "$(< GUID.txt)" -k PK.key -c PK.crt PK /dev/null rm_PK.auth +#+end_src + +***** =KEK= +:PROPERTIES: +:CUSTOM_ID: par:kek +:END: +We proced in a similar fashion with the =KEK= (Key Exchange Key) + +#+begin_src fish +root in ~/sb +> openssl req -newkey rsa:4096 -nodes -keyout KEK.key -new -x509 -sha256 -subj "/CN=Key Exchange Key for DustArch/" -out KEK.crt + +root in ~/sb +> openssl x509 -outform DER -in KEK.crt -out KEK.cer + +root in ~/sb +> cert-to-efi-sig-list -g "$(< GUID.txt)" KEK.crt KEK.esl + +root in ~/sb +> sign-efi-sig-list -g "$(< GUID.txt)" -k PK.key -c PK.crt KEK KEK.esl KEK.auth +#+end_src + +***** =DB= +:PROPERTIES: +:CUSTOM_ID: par:db +:END: +And finally the =DB= (Signature Database) key. + +#+begin_src fish +root in ~/sb +> openssl req -newkey rsa:4096 -nodes -keyout db.key -new -x509 -sha256 -subj "/CN=Signature Database key for DustArch" -out db.crt + +root in ~/sb +> openssl x509 -outform DER -in db.crt -out db.cer + +root in ~/sb +> cert-to-efi-sig-list -g "$(< GUID.txt)" db.crt db.esl + +root in ~/sb +> sign-efi-sig-list -g "$(< GUID.txt)" -k KEK.key -c KEK.crt db db.esl db.auth +#+end_src + +**** Windows stuff +:PROPERTIES: +:CUSTOM_ID: windows-stuff +:END: +As your plan is to be able to control, which things do boot on your +system and which don't, you're going through all this hassle to create +and enroll custom keys, so only =EFI= binaries signed with said keys can +be executed. + +But what if you have a Windows dual boot setup? + +Well the procedure is actually pretty straight forward. You just grab +Microsoft's certificates, convert them into a usable format, sign them +and enroll them. No need to sign the Windows boot loader. + +#+begin_src fish +root in ~/sb +> curl -fLo WinCert.crt https://www.microsoft.com/pkiops/certs/MicWinProPCA2011_2011-10-19.crt + +root in ~/sb +> openssl x509 -inform DER -outform PEM -in MicWinCert.crt -out MicWinCert.pem + +root in ~/sb +> cert-to-efi-sig-list -g 77fa9abd-0359-4d32-bd60-28f4e78f784b MicWinCert.pem MS_db.esl + +root in ~/sb +> sign-efi-sig-list -a -g 77fa9abd-0359-4d32-bd60-28f4e78f784b -k KEK.key -c KEK.crt db MS_db.esl add_MS_db.auth +#+end_src + +**** Move the kernel & keys +:PROPERTIES: +:CUSTOM_ID: move-the-kernel-and-keys +:END: +In order to ensure a smooth operation, with actual security, we need to +move some stuff around. + +***** Kernel, =initramfs=, microcode +:PROPERTIES: +:CUSTOM_ID: par:kernel-initramfs-microcode +:END: +=pacman= will put its unsigned and unencrypted kernel, =initramfs= and +microcode images into =/boot=, which is, why it will be no longer a good +idea, to leave your EFI System partition mounted there. Instead we will +create a new mountpoint under =/efi= and modify our =fstab= accordingly. + +***** Keys +:PROPERTIES: +:CUSTOM_ID: par:keys +:END: +As you probably want to automate signing sooner or later and only use +the ultimately necessary keys for this process, as well as store the +other more important keys somewhere more safe and secure than your +=root= home directory, we will move the necessary keys. + +I personally like to create a =/etc/efi-keys= directory, =chmod=ded to +=700= and place my =db.crt= and =db.key= there. All the keys will get +packed into a =tar= archive and encrypted with a strong symmetric pass +phrase and stored somewhere secure and safe. + +**** Signing +:PROPERTIES: +:CUSTOM_ID: signing +:END: +Signing is the process of, well, signing your =EFI= binaries, in order +for them to be allowed to be executed, by the motherboard firmware. At +the end of the day, that's why you're doing all this, to prevent an +attack by launching unknown code. + +***** Manual signing +:PROPERTIES: +:CUSTOM_ID: par:manual-signing +:END: +Of course, you can sign images yourself manually. In my case, I used +this, to sign the boot loader, kernel and =initramfs= of my USB +installation of Arch Linux. + +As always, manual signing also comes with its caveats! + +If I update my kernel, boot loader, or create an updated =initramfs= on +my Arch Linux USB installation, I have to sign those files again, in +order to be able to boot it on my PC. + +Of course you can always script and automate stuff, but if you want +something more easy for day to day use, I really recommend that you try +out =sbupdate=, which I will explain in the next paragraph . + +For example, if I want to sign the kernel image of my USB installation, +where I mounted the boot partition to =/mnt/dustarchusb/boot=, I would +have to do the following + +#+begin_src fish +root in ~/sb +> sbsign --key /etc/efi-keys/db.key --cert /etc/efi-keys/db.crt --output /boot/vmlinuz-linux /boot/vmlinuz-linux +#+end_src + +***** =sbupdate= +:PROPERTIES: +:CUSTOM_ID: par:sbupdate +:END: + +=AUR= & =sbupdate-git=\\ + +Of course, if you're using Secure Boot productively, you would want +something more practical than manual signing, especially since you need +to sign + +- the boot loader + +- the kernel image + +- the =initramfs= + +Fortunately there is an easy and uncomplicated tool out there, that does +all that for you, called =sbupdate=. + +It not only signs everything and also foreign =EFI= binaries, if +specified, but also combines your kernel and =initramfs= into a single +executable =EFI= binary, so you don't even need a boot loader, if your +motherboard implementation supports booting those. + +After installing =sbupdate=, we can edit the =/etc/sbupdate.conf= file, +to set everything up. + +Everything in this config should be self-explanatory. + +You will probably need to + +- set =ESP_DIR= to =/efi= + +- add any other =EFI= binary you want to have signed to =EXTRA_SIGN= + +- add your kernel parameters, for example + + - =rd.luks.name= + + - =root= + + - =rw= + + - =resume= + + - etc. + + to =CMDLINE_DEFAULT= + +After you've successfully configured =sbupdate=, you can run it as root, +to create all the signed files. + +=sbupdate= will be executed upon kernel updates by =pacman=, but not if +you change your =initramfs= with something like =mkinitcpio=. In that +case you will have to run =sbupdate= manually. + +**** Add =EFI= entries +:PROPERTIES: +:CUSTOM_ID: add-efi-entries +:END: + +=core= & =efibootmgr=\\ + +Now the only thing left to do, if you want to stay boot loader free +anyways, is to add the signed images to the boot list of your =NVRAM=. +You can do this with =efibootmgr=. + +#+begin_src fish +root in ~/sb +> efibootmgr -c -d /dev/nvme0n1 -p 1 -L "Arch Linux fallback" -l "EFI\Arch\linux-fallback-signed.efi + +root in ~/sb +> efibootmgr -c -d /dev/nvme0n1 -p 1 -L "Arch Linux" -l "EFI\Arch\linux-signed.efi +#+end_src + +Of course you can extend this list, with whichever entries you need. + +**** Enrolling everything +:PROPERTIES: +:CUSTOM_ID: enrolling-everything +:END: +First off, copy all =.cer=, =.esl= and =.auth= files to a =FAT= +formatted filesystem. I'm using my EFI System partition for this. + +After that reboot into the firmware setup of your motherboard, clear the +existing Platform Key, to set the firmware into "Setup Mode" and enroll +the =db=, =KEK= and =PK= certificates in sequence. + +Enroll the Platform Key last, as it sets most firmware's Secure Boot +sections back into "User mode", exiting "Setup Mode". + +* Inside the =DustArch= +:PROPERTIES: +:CUSTOM_ID: inside-the-dustarch +:END: +This section helps at setting up the customized system from within an +installed system. + +This section mainly provides aid with the basic set up tasks, like +networking, dotfiles, etc. + +Not everything in this section is mandatory. + +This section is rather a guideline, because it is easy to forget some +steps needed, for example =jack= for audio production, that only become +apparent, when they're needed. + +It is furthermore the responsibility of the reader to decide which steps +to skip and which need further research. As I mentioned, this is only a +guide and not the answer to everything. + +** Someone there? +:PROPERTIES: +:CUSTOM_ID: someone-there +:END: +First we have to check if the network interfaces are set up properly. + +To view the network interfaces with all their properties, we can issue + +#+begin_src fish +dustvoice in ~ +> ip link +#+end_src + +To make sure that you have a working /Internet/ connection, issue + +#+begin_src fish +dustvoice in ~ +> ping archlinux.org +#+end_src + +Everything should run smoothly if you have a wired connection. + +If there is no connection and you're indeed using a wired connection, +try restarting the =NetworkManager= service + +#+begin_src fish +dustvoice in ~ +> sudo systemctl restart NetworkManager.service +#+end_src + +and then try => ping=ing again. + +If you're trying to utilize a Wi-Fi connection, use =nmcli=, the +NetworkManager's command line tool, or =nmtui=, the NetworkManager +terminal user interface, to connect to a Wi-Fi network. + +I never got =nmtui= to behave like I wanted it to, in my particular case +at least, which is the reason why I use =nmcli= or the GUI tools. + +First make sure, the scanning of nearby Wi-Fi networks is enabled for +your Wi-Fi device + +#+begin_src fish +dustvoice in ~ +> nmcli radio +#+end_src + +and if not, enable it + +#+begin_src fish +dustvoice in ~ +> nmcli radio wifi on +#+end_src + +Now make sure your Wi-Fi interface appears under + +#+begin_src fish +dustvoice in ~ +> nmcli device +#+end_src + +Rescan for available networks + +#+begin_src fish +dustvoice in ~ +> nmcli device wifi rescan +#+end_src + +and list all found networks + +#+begin_src fish +dustvoice in ~ +> nmcli device wifi list +#+end_src + +After that connect to the network + +#+begin_src fish +dustvoice in ~ +> nmcli device wifi connect --ask +#+end_src + +Now try => ping=ing again. + +** Update and upgrade +:PROPERTIES: +:CUSTOM_ID: update-and-upgrade +:END: +After making sure that you have a working Internet connection, you can +then proceed to update and upgrade all installed packages by issuing + +#+begin_src fish +dustvoice in ~ +> sudo pacman -Syu +#+end_src + +** Enabling the =multilib= repository +:PROPERTIES: +:CUSTOM_ID: enabling-the-multilib-repository +:END: +In order to make 32-bit packages available to =pacman=, we'll need to +enable the =multilib= repository in =/etc/pacman.conf= first. Simply +uncomment + +#+begin_src fish +[multilib] +Include = /etc/pacman.d/mirrorlist +#+end_src + +and update =pacman='s package repositories afterwards + +#+begin_src fish +dustvoice in ~ +> sudo pacman -Syu +#+end_src + +** =zsh= for president +:PROPERTIES: +:CUSTOM_ID: zsh-for-president +:END: +Of course you can use any shell you want. In my case I'll be using the +=zsh= shell. + +I am using =zsh= because of its auto completion functionality and +extensibility, as well as a brilliant =vim= like navigation +implementation through a plugin, though that might not be what you're +looking for. + +We already set the correct shell for the =dustvoice= user in the step, +but I want to use =zsh= for the =root= user too, so I'll have to change +=root='s default shell to it. + +#+begin_src fish +dustvoice in ~ +> sudo chsh -s /usr/bin/zsh root +#+end_src + +Don't worry about the looks by the way, we're gonna change all that in +just a second. + +** =git= +:PROPERTIES: +:CUSTOM_ID: git +:END: + +=extra= & =git=\\ + +Install the package and you're good to go for now, as we'll care about +the =.gitconfig= in just a second. + +** Security is important +:PROPERTIES: +:CUSTOM_ID: security-is-important +:END: + +=core= & =gnupg=\\ + +If you've followed the tutorial using a recent version of the archiso, +you'll probably already have the most recent version of =gnupg= +installed by default. + +*** Smartcard shenanigans +:PROPERTIES: +:CUSTOM_ID: smartcard-shenanigans +:END: + +=extra= & =libusb-compat=\\ +=community= & =ccid opensc pcsclite=\\ + +After that you'll still have to setup =gnupg= correctly. In my case I +have my private keys stored on a smartcard. + +To use it, I'll have to install the listed packages and then enable and +start the =pcscd.service= service + +#+begin_src fish +dustvoice in ~ +> sudo systemctl enable pcscd.service + +dustvoice in ~ +> sudo systemctl start pcscd.service +#+end_src + +After that, you should be able to see your smartcard being detected + +#+begin_src fish +dustvoice in ~ +> gpg --card-status +#+end_src + +If your smartcard still isn't detected, try logging off completely or +even restarting, as that sometimes is the solution to the problem. + +** Additional required tools +:PROPERTIES: +:CUSTOM_ID: additional-required-tools +:END: + +core & make openssh\\ +extra & clang cmake jdk-openjdk python\\ +community & pass python-pynvim\\ + +To minimize the effort required by the following steps, we'll install +most of the required packages beforehand + +This will ensure, we proceed through the following section without the +need for interruption, because a package needs to be installed, so the +following content can be condensed to the relevant informations. + +** Setting up a =home= environment +:PROPERTIES: +:CUSTOM_ID: setting-up-a-home-environment +:END: +In this step we're going to setup a home environment for both the =root= +and my personal =dustvoice= user. + +In my case these 2 home environments are mostly equivalent, which is why +I'll execute the following commands as the =dustvoice= user first and +then switch to the =root= user and repeat the same commands. + +I decided on this, as I want to edit files with elevated permissions and +still have the same editor style and functions/plugins. + +Note that this comes with some drawbacks. For example, if I change a +configuration for my =dustvoice= user, I would have to regularly update +it for the =root= user too. This bears the problem, that I have to +register my smartcard for the root user. This in turn is problematic, +cause the =gpg-agent= used for =ssh= authentication, doesn't behave well +when used within a => su= or => sudo -i= session. So in order to update +=root='s config files I would either need to symlink everything, which I +won't do, or I'll need to login as the =root= user now and then, to +update everything. + +In my case, I want to access all my =git= repositories with my =gpg= key +on my smartcard. For that I have to configure the =gpg-agent= with some +configuration files that reside in a =git= repository. This means I will +have to reside to using the =https= URL of the repository first and +later changing the URL either in the corresponding =.git/config= file, +or by issuing the appropriate command. + +*** Use =dotfiles= for a base config +:PROPERTIES: +:CUSTOM_ID: use-dotfiles-for-a-base-config +:END: +To provide myself with a base configuration, which I can then extend, I +have created a =dotfiles= repository, which contains all kinds of +configurations. + +The special thing about this =dotfiles= repository is that it /is/ my +home folder. By using a curated =.gitignore= file, I'm able to only +include the configuration files I want to keep between installs into the +repository and ignore everything else. + +To achieve this very specific setup, I have to turn my home directory +into said =dotfiles= repository first + +#+begin_src fish +dustvoice in ~ +> git init + +dustvoice in ~ +> git remote add origin https://git.dustvoice.de/DustVoice/dotfiles.git + +dustvoice in ~ +> git fetch + +dustvoice in ~ +> git reset origin/master --hard + +dustvoice in ~ +> git branch --set-upstream-to=origin/master master +#+end_src + +Now I can issue any =git= command in my =~= directory, because it now is +a =git= repository. + +*** Set up =gpg= +:PROPERTIES: +:CUSTOM_ID: set-up-gpg +:END: +As I wanted to keep my =dotfiles= repository as modular as possible, I +utilize =git='s =submodule= feature. Furthermore I want to use my =nvim= +repository, which contains all my configurations and plugins for +=neovim=, on Windows, but without all the Linux specific configuration +files. I am also using the =Pass= repository on my Android phone and +Windows PC, where I only need this repository without the other Linux +configuration files. + +Before we'll be able to update the =submodule=s (=nvim= config files and +=pass=word-store) though, we will have to setup our =gpg= key as an +=ssh= key, as I use it to authenticate + +#+begin_src fish +dustvoice in ~ +> chmod 700 .gnupg + +dustvoice in ~ +> gpg --card-status + +dustvoice in ~ +> gpg --card-edit +#+end_src + +#+begin_src fish +(insert) gpg/card> fetch +(insert) gpg/card> q +#+end_src + +#+begin_src fish +dustvoice in ~ +> gpg-connect-agent updatestartuptty /bye +#+end_src + +You would have to adapt the =keygrip= present in the +=~/.gnupg/sshcontrol= file to your specific =keygrip=, retrieved with +=> gpg -K --with-keygrip=. + +Now, as mentioned before, I'll switch to using =ssh= for authentication, +rather than =https= + +#+begin_src fish +dustvoice in ~ +> git remote set-url origin git@git.dustvoice.de:DustVoice/dotfiles.git +#+end_src + +As the best method to both make =zsh= recognize all the configuration +changes, as well as the =gpg-agent= behave properly, is to re-login, +we'll do just that + +#+begin_src fish +dustvoice in ~ +> exit +#+end_src + +It is very important to note, that I mean /a real re-login/. + +That means that if you've used =ssh= to log into your machine, it +probably won't be sufficient to login into a new =ssh= session. You'll +probably need to restart the machine completely. + +*** Finalize the =dotfiles= +:PROPERTIES: +:CUSTOM_ID: finalize-the-dotfiles +:END: +Now log back in and continue + +#+begin_src fish +dustvoice in ~ +> git submodule update --recursive --init + +dustvoice in ~ +> source .zshrc + +dustvoice in ~ +> cd .config/nvim + +dustvoice in ~/.config/nvim +> echo 'let g:platform = "linux"' >> platform.vim + +dustvoice in ~/.config/nvim +> echo 'let g:use_autocomplete = 3' >> custom.vim + +dustvoice in ~/.config/nvim +> echo 'let g:use_clang_format = 1' >> custom.vim + +dustvoice in ~/.config/nvim +> echo 'let g:use_font = 0' >> custom.vim + +dustvoice in ~/.config/nvim +> nvim --headless +PlugInstall +qa + +dustvoice in ~/.config/nvim +> cd plugged/YouCompleteMe + +dustvoice in ~/.config/nvim/plugged/YouCompleteMe +> python3 install.py --clang-completer --java-completer + +dustvoice in ~/.config/nvim/plugged/YouCompleteMe +> cd ~ +#+end_src + +*** =gpg-agent= forwarding +:PROPERTIES: +:CUSTOM_ID: gpg-agent-forwarding +:END: +Now there is only one thing left to do, in order to make the =gpg= setup +complete: =gpg-agent= forwarding over =ssh=. This is very important for +me, as I want to use my smartcard on my development server too, which +requires me, to forward/tunnel my =gpg-agent= to my remote machine. + +First of all, I want to setup a config file for =ssh=, as I don't want +to pass all parameters manually to ssh every time. + +#+begin_src fish +Host + HostName + ForwardAgent yes + ForwardX11 yes + RemoteForward + RemoteForward +#+end_src + +You would of course, need to adapt the content in between the =<= and +=>= brackets. + +To get the paths needed as parameters for =RemoteForward=, issue + +#+begin_src fish +dustvoice in ~ +> gpgconf --list-dirs +#+end_src + +An example for a valid =~/.ssh/config= would be + +#+begin_src fish +Host archserver + HostName pc.dustvoice.de + ForwardAgent yes + ForwardX11 yes + RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra + RemoteForward /run/user/1000/gnupg/S.gpg-agent.ssh /run/user/1000/gnupg/S.gpg-agent.ssh +#+end_src + +Now you'll still need to enable some settings on the remote machines. + +#+begin_src fish +StreamLocalBindUnlink yes +AllowAgentForwarding yes +X11Forwarding yes +#+end_src + +Now just restart your remote machines and you're ready to go. + +If you use =alacritty=, to connect to your remote machine over =ssh=, +you will need to install the =alacritty= on the remote machine too, as +=alacritty= uses its own =$TERM=. + +Another option would be changing that variable for the =ssh= command + +#+begin_src fish +dustvoice in ~ +> TERM=xterm-256colors ssh remote-machine +#+end_src + +*** Back to your =root=s +:PROPERTIES: +:CUSTOM_ID: back-to-your-roots +:END: +As mentioned before, you would now switch to the =root= user, either by +logging in as =root=, or by using + +#+begin_src fish +dustvoice in ~ +> sudo -iu root +#+end_src + +Now go back to to repeat all commands for the =root= user. + +A native login would be better compared to => sudo -iu root=, as there +could be some complications, like already running =gpg-agent= instances, +etc., which you would need to manually resolve, when using +=> sudo -iu root=. + +** Audio +:PROPERTIES: +:CUSTOM_ID: audio +:END: +Well, why wouldn't you want audio ... + +*** =alsa= +:PROPERTIES: +:CUSTOM_ID: alsa +:END: + +=extra= & =alsa-utils=\\ + +You're probably better off using =pulseaudio= and/or =jack=. + +Now choose the sound card you want to use + +#+begin_src fish +dustvoice in ~ +> cat /proc/asound/cards +#+end_src + +and then create =/etc/asound.conf= + +#+begin_src fish +defaults.pcm.card 2 +defaults.ctl.card 2 +#+end_src + +It should be apparent, that you would have to switch out =2= with the +number corresponding to the sound card you want to use. + +*** =pulseaudio= +:PROPERTIES: +:CUSTOM_ID: pulseaudio +:END: + +=extra= & =pavucontrol pulseaudio=\\ +=community= & =pulsemixer=\\ + +Some applications require =pulseaudio=, or work better with it, for +example =discord=, so it might make sense to use =pulseaudio= + +For enabling real-time priority for =pulseaudio= on Arch Linux, please +make sure your user is part of the =audio= group and edit the file +=/etc/pulse/daemon.conf=, so that you uncomment the lines + +#+begin_src fish +high-priority = yes +nice-level = -11 + +realtime-scheduling = yes +realtime-priority = 5 +#+end_src + +If your system can handle the load, you can also increase the remixing +quality, by changing the =resample-method= + +#+begin_src fish +resample-method = speex-float-10 +#+end_src + +Of course a restart of the =pulseaudio= daemon is necessary to reflect +the changes you just made + +#+begin_src fish +dustvoice in ~ +> pulseaudio --kill + +dustvoice in ~ +> pulseaudio --start +#+end_src + +*** =jack= +:PROPERTIES: +:CUSTOM_ID: jack +:END: + +=extra= & =pulseaudio-jack=\\ +=community= & =cadence jack2=\\ + +If you either want to manually control audio routing, or if you use some +kind of audio application like =ardour=, you'll probably want to use +=jack= and =cadence= as a GUI to control it, as it has native support +for bridging =pulseaudio= to =jack=. + +*** Audio handling +:PROPERTIES: +:CUSTOM_ID: audio-handling +:END: + +=extra= & =libao libid3tag libmad libpulse opus wavpack=\\ +=community= & =sox twolame=\\ + +To also play audio, we need to install the mentioned packages and then +simply do + +#+begin_src fish +dustvoice in ~ +> play audio.wav + +dustvoice in ~ +> play audio.mp3 +#+end_src + +to play audio. + +** Bluetooth +:PROPERTIES: +:CUSTOM_ID: bluetooth +:END: + +=extra= & =bluez bluez-utils pulseaudio-bluetooth=\\ +=community= & =blueman=\\ + +To set up Bluetooth, we need to install the =bluez= and =bluez-utils= +packages in order to have at least a command line utility =bluetoothctl= +to configure connections + +Now we need to check if the =btusb= kernel module was already loaded + +#+begin_src fish +dustvoice in ~ +> sudo lsmod | grep btusb +#+end_src + +After that we can enable and start the =bluetooth.service= service + +#+begin_src fish +dustvoice in ~ +> sudo systemctl enable bluetooth.service + +dustvoice in ~ +> sudo systemctl start bluetooth.service +#+end_src + +To use =bluetoothctl= and get access to the Bluetooth device of your PC, +your user needs to be a member of the =lp= group. + +Now simply enter =bluetoothctl= + +#+begin_src fish +dustvoice in ~ +> bluetoothctl +#+end_src + +In most cases your Bluetooth interface will be preselected and +defaulted, but in some cases, you might need to first select the +Bluetooth controller + +#+begin_src fish +(insert) [DustVoice]# list +(insert) [DustVoice]# select +#+end_src + +After that, power on the controller + +#+begin_src fish +(insert) [DustVoice]# power on +#+end_src + +Now enter device discovery mode + +#+begin_src fish +(insert) [DustVoice]# scan on +#+end_src + +and list found devices + +#+begin_src fish +(insert) [DustVoice]# devices +#+end_src + +You can turn device discovery mode off again, after your desired device +has been found + +#+begin_src fish +(insert) [DustVoice]# scan off +#+end_src + +Now turn on the agent + +#+begin_src fish +(insert) [DustVoice]# agent on +#+end_src + +and pair with your device + +#+begin_src fish +(insert) [DustVoice]# pair +#+end_src + +If your device doesn't support PIN verification you might need to +manually trust the device + +#+begin_src fish +(insert) [DustVoice]# trust +#+end_src + +Finally connect to your device + +#+begin_src fish +(insert) [DustVoice]# connect +#+end_src + +If your device is an audio device, of some kind you might have to +install =pulseaudio-bluetooth=. + +You will then also need to append 2 lines to =/etc/pulse/system.pa= + +#+begin_src fish +load-module module-bluetooth-policy +load-module module-bluetooth-discover +#+end_src + +and restart =pulseaudio= + +#+begin_src fish +dustvoice in ~ +> pulseaudo --kill + +dustvoice in ~ +> pulseaudo --start +#+end_src + +If you want a GUI to do all of this, just install =blueman= and launch +=blueman-manager= + +** Graphical desktop environment +:PROPERTIES: +:CUSTOM_ID: graphical-desktop-environment +:END: + +=extra= & =ttf-hack xclip xorg xorg-drivers xorg-xinit=\\ +=community= & =arandr alacritty bspwm dmenu sxhkd=\\ +=AUR= & =polybar=\\ + +If you decide, that you want to use a graphical desktop environment, you +have to install additional packages in order for that to work. + +=xclip= is useful, when you want to send something to the =X= clipboard. +It is also required, in order for =neovim='s clipboard to work +correctly. It is not required though. + +*** NVIDIA +:PROPERTIES: +:CUSTOM_ID: nvidia +:END: + +=extra= & =nvidia nvidia-utils nvidia-settings opencl-nvidia=\\ + +If you also want to utilize special NVIDIA functionality, for example +for =davinci-resolve=, you'll most likely need to install their +proprietary driver. + +To configure the =X= server correctly, one can use =nvidia-xconfig= + +#+begin_src fish +dustvoice in ~ +> sudo nvidia-xconfig +#+end_src + +If you want to further tweak all settings available, you can use +=nvidia-settings=. + +#+begin_src fish +dustvoice in ~ +> sudo nvidia-settings +#+end_src + +will enable you to /"Save to X Configuration File"/, witch merges your +changes with =/etc/X11/xorg.conf=. + +With + +#+begin_src fish +dustvoice in ~ +> nvidia-settings +#+end_src + +you'll only be able to save the current configuration to +=~/.nvidia-settings-rc=, witch you have to source after =X= startup with + +#+begin_src fish +dustvoice in ~ +> nvidia-settings --load-config-only +#+end_src + +You will have to reboot sooner or later after installing the NVIDIA +drivers, so you might as well do it now, before any complications come +up. + +*** Launching the graphical environment +:PROPERTIES: +:CUSTOM_ID: launching-the-graphical-environment +:END: +After that you can now do =startx= in order to launch the graphical +environment. + +If anything goes wrong in the process, remember that you can press +=Ctrl+Alt+= to switch =tty=s. + +**** The NVIDIA way +:PROPERTIES: +:CUSTOM_ID: the-nvidia-way +:END: + +=community= & =bbswitch=\\ +=AUR= & =nvidia-xrun=\\ + +If you're using an NVIDIA graphics card, you might want to use +=nvidia-xrun=^{=AUR=} instead of =startx=. This has the advantage, of +the =nvidia= kernel modules, as well as the =nouveau= ones not loaded at +boot time, thus saving power. =nvidia-xrun=^{=AUR=} will then load the +correct kernel modules and run the =.nvidia-xinitrc= script in your home +directory (for more file locations look into the documentation for +=nvidia-xrun=^{=AUR=}). + +At the time of writing, =nvidia-xrun=^{=AUR=} needs =sudo= permissions +before executing its task. + +=AUR= & =nvidia-xrun-pm=\\ + +If your hardware doesn't support =bbswitch=, you would need to use +=nvidia-xrun-pm=^{=AUR=} instead. + +Now we need to blacklist /both =nouveau= and =nvidia=/ kernel modules. + +To do that, we first have to find out, where our active =modprobe.d= +directory is located. There are 2 possible locations, generally +speaking: =/etc/modprobe.d= and =/usr/lib/modprobe.d=. In my case it was +the latter, which I could tell, because this directory already had files +in it. + +Now I'll create a new file named =nvidia-xrun.conf= and write the +following into it + +#+begin_src fish +blacklist nvidia +blacklist nvidia-drm +blacklist nvidia-modeset +blacklist nvidia-uvm +blacklist nouveau +#+end_src + +With this config in place, + +#+begin_src fish +dustvoice in ~ +> lsmod | grep nvidia +#+end_src + +and + +#+begin_src fish +dustvoice in ~ +> lsmod | grep nouveau +#+end_src + +should return no output. Else you might have to place some additional +entries into the file. + +Of course, you'll need to reboot, after blacklisting the modules and +before issuing the 2 commands mentioned. + +If you installed =nvidia-xrun-pm= instead of =nvidia-xrun= and +=bbswitch=, you might want to also enable the =nvidia-xrun-pm= service + +#+begin_src fish +dustvoice@dustArch ~ +$ sudo systemctl enable nvidia-xrun-pm.service +#+end_src + +The required =.nvidia-xinitrc= file, mentioned previously, should +already be provided in the =dotfiles= repository. + +Now instead of =startx=, just run =nvidia-xrun=, enter your =sudo= +password and you're good to go. + +** Additional =fish= software +:PROPERTIES: +:CUSTOM_ID: additional-fish-software +:END: +Software that is useful in combination with a =fish=. + +*** =tmux= +:PROPERTIES: +:CUSTOM_ID: tmux +:END: + +=community= & =tmux=\\ + +I would reccommend to install =tmux= which enables you to have multiple +terminal instances (called =windows= in =tmux=) open at the same time. +This makes working with the linux terminal much easier. + +To view a list of keybinds, you just need to press =Ctrl+b= followed by +=?=. + +*** Communication +:PROPERTIES: +:CUSTOM_ID: fish-communication +:END: +Life is all about communicating. Here are some pieces of software to do +exactly that. + +**** =weechat= +:PROPERTIES: +:CUSTOM_ID: weechat +:END: + +=community= & =weechat=\\ + +=weechat= is an =IRC= client for the terminal, with the best features +and even a =vim= mode, by using a plugin + +To configure everything, open =weechat= + +#+begin_src fish +dustvoice in ~ +> weechat +#+end_src + +and install =vimode=, as well as configure it + +#+begin_src fish +/script install vimode.py +/vimode bind_keys +/set plugins.var.python.vimode.mode_indicator_normal_color_bg "blue" +#+end_src + +Now add =mode_indicator+= in front of and =,[vi_buffer]= to the end of +=weechat.bar.input.items=, in my case + +#+begin_src fish +/set weechat.bar.input.items "mode_indicator+[input_prompt]+(away),[input_search],[input_paste],input_text,[vi_buffer]" +#+end_src + +Now add =,cmd_completion= to the end of =weechat.bar.status.items=, in +my case + +#+begin_src fish +/set weechat.bar.status.items "[time],[buffer_last_number],[buffer_plugin],buffer_number+:+buffer_name+(buffer_modes)+{buffer_nicklist_count}+buffer_zoom+buffer_filter,scroll,[lag],[hotlist],completion,cmd_completion" +#+end_src + +Now enable =vimode= searching + +#+begin_src fish +/set plugins.var.python.vimode.search_vim on +#+end_src + +Now you just need to add a new connection, for example +=irc.freenode.net= + +#+begin_src fish +/server add freenode irc.freenode.net +#+end_src + +and connect to it + +#+begin_src fish +/connect freenode +#+end_src + +You might need to authenticate with =NickServ=, before being able to +write in a channel + +#+begin_src fish +/msg NickServ identify +#+end_src + +Instead of directly =/set=ting the values specified above, you can also +do + +#+begin_src fish +/fset weechat.var.name +#+end_src + +after that, using the cursor, select the entry you want to modify (for +example =plugins.var.python.vimode=) and then press =s= (make sure +you're in =insert= mode) and =Return=, in order to modify the existing +value. + +*** PDF viewer +:PROPERTIES: +:CUSTOM_ID: fish-pdf-viewer +:END: + +=extra= & =ghostscript=\\ +=community= & =fbida=\\ + +To use =asciidoctor-pdf=, you might be wondering how you are supposed to +open the generated PDFs from the native linux fish. + +This =fbida= package provides the =fbgs= software, which renders a PDF +document using the native framebuffer. + +To view this PDF document (=Documentation.pdf=) for example, you would +run + +#+begin_src fish +dustvoice in ~ +> fbgs Documentation.pdf +#+end_src + +You can view all the controls by pressing =h=. + +** Additional =hybrid= software +:PROPERTIES: +:CUSTOM_ID: additional-hybrid-software +:END: +Some additional software providing some kind of =GUI= to work with, but +that can be useful in a =fish= only environment nevertheless. + +*** =Pass=word management +:PROPERTIES: +:CUSTOM_ID: password-management +:END: +I'm using =pass= as my password manager. As we already installed it in +the step and updated the =submodule= that holds our =.password-store=, +there is nothing left to do in this step + +*** =python= +:PROPERTIES: +:CUSTOM_ID: python +:END: + +=extra= & =python=\\ + +Python has become really important for a magnitude of use cases. + +*** =ruby= & =asciidoctor= +:PROPERTIES: +:CUSTOM_ID: ruby-and-asciidoctor +:END: + +=extra= & =ruby rubygems=\\ + +In order to use =asciidoctor=, we have to install =ruby= and =rubygems=. +After that we can install =asciidoctor= and all its required gems. + +If you want to have pretty and highlighted source code, you'll need to +install a code formatter too. + +For me there are mainly two options + +- =pygments.rb=, which requires python to be installed + + #+begin_src fish + dustvoice in ~ + > gem install pygments.rb + #+end_src + +- =rouge= which is a native =ruby= gem + + #+begin_src fish + dustvoice in ~ + > gem install rouge + #+end_src + +Now the only thing left, in my case at least, is adding +=~/.gem/ruby/2.7.0/bin= to your path. + +Please note that if you run a ruby version different from =2.7.0=, or if +you upgrade your ruby version, you have to use the =bin= path for that +version. + +For =zsh= you'll want to add a new entry inside the =.zshpath= file + +#+begin_src fish +path+=("$HOME/.gem/ruby/2.7.0/bin") +#+end_src + +which then gets sourced by the provided =.zshenv= file. An example is +provided with the =.zshpath.example= file + +You might have to re-=> source= the =.zshenv= file to make the changes +take effect immediately + +#+begin_src fish +dustvoice in ~ +> source .zshenv +#+end_src + +If you want to add a new entry to the =path= variable, you have to +append it to the array + +#+begin_src fish +path+=("$HOME/.gem/ruby/2.7.0/bin" "$HOME/.gem/ruby/2.6.0/bin") +#+end_src + +If you use another shell than =zsh=, you might have to do something +different, to add a directory to your =PATH=. + +*** =JUCE= and =FRUT= +:PROPERTIES: +:CUSTOM_ID: juce-and-frut +:END: +=JUCE= is a library for =C++= that enables you to develop cross-platform +applications with a single codebase. + +=FRUT= makes it possible to manage =JUCE= projects purely from =cmake=. + +Note that apparently in the new =JUCE= version, =cmake= support is +integrated. It remains to be seen how well this will work and if =FRUT= +will become obsolete. + +The information in this guide should be updated ASAP, if it is apparent +that =FRUT= has now become obsolete. + +#+begin_src fish +dustvoice in ~ +> git clone https://github.com/WeAreROLI/JUCE.git + +dustvoice in ~ +> cd JUCE + +dustvoice in ~/JUCE +> git checkout develop + +dustvoice in ~/JUCE +> cd .. + +dustvoice in ~ +> git clone https://github.com/McMartin/FRUT.git +#+end_src + +**** Using =JUCE= +:PROPERTIES: +:CUSTOM_ID: using-juce +:END: + +=core= & =gcc gnutls=\\ +=extra= & +=alsa-lib clang freeglut freetype2 ladspa libx11 libxcomposite libxinerama libxrandr mesa webkit2gtk=\\ +=community= & =jack2 libcurl-gnutls=\\ +=multilib= & =lib32-freeglut=\\ + +In order to use =JUCE=, you'll need to have some dependency packages +installed, where =ladspa= and =lib32-freeglut= are not neccessarily +needed. + +*** Additional development tools +:PROPERTIES: +:CUSTOM_ID: additional-development-tools +:END: +Here are just some examples of development tools one could install in +addition to what we already have. + +**** Code formatting +:PROPERTIES: +:CUSTOM_ID: code-formatting +:END: + +=community= & =astyle=\\ + +We already have =clang-format= as a code formatter, but this only works +for =C=-family languages. For =java= stuff, we can use =astyle= + +**** Documentation +:PROPERTIES: +:CUSTOM_ID: documentation +:END: + +=extra= & =doxygen=\\ + +To generate a documentation from source code, I mostly use =doxygen= + +**** Build tools +:PROPERTIES: +:CUSTOM_ID: build-tools +:END: + +=community= & =ninja=\\ + +In addition to =make=, I'll often times use =ninja= for my builds + +*** Android file transfer +:PROPERTIES: +:CUSTOM_ID: android-file-transfer +:END: + +=extra= & =gvfs-mtp libmtp=\\ + +Now you should be able to see your phone inside either your preferred +filemanager, in my case =thunar=, or =gigolo=^{=AUR=}. + +If you want to access the android's file system from the command line, +you will need to either install and use =simple-mtpfs=^{=AUR=}, or =adb= + +**** =simple-mtpfs=^{=AUR=} +:PROPERTIES: +:CUSTOM_ID: simple-mtpfs-aur +:END: + +=AUR= & =simple-mtpfs=\\ + +Edit =/etc/fuse.conf= to uncomment + +#+begin_src fish +user_allow_other +#+end_src + +and mount the android device + +#+begin_src fish +dustvoice in ~ +> simple-mtpfs -l + +dustvoice in ~ +> mkdir ~/mnt + +dustvoice in ~ +> simple-mtpfs --device ~/mnt -allow_other +#+end_src + +and respectively unmount it + +#+begin_src fish +dustvoice in ~ +> fusermount -u mnt + +dustvoice in ~ +> rmdir mnt +#+end_src + +**** =adb= +:PROPERTIES: +:CUSTOM_ID: adb +:END: + +=community= & =android-tools=\\ + +Kill the =adb= server, if it is running + +#+begin_src fish +dustvoice in ~ +> adb kill-server +#+end_src + +If the server is currently not running, => adb= will output an error +with a =Connection refused= message. + +Now connect your phone, unlock it and start the =adb= server + +#+begin_src fish +dustvoice in ~ +> adb start-server +#+end_src + +If the PC is unknown to the android device, it will display a +confirmation dialog. Accept it and ensure that the device was recognized + +#+begin_src fish +dustvoice in ~ +> adb devices +#+end_src + +Now you can =push=/=pull= files. + +#+begin_src fish +dustvoice in ~ +> adb pull /storage/emulated/0/DCIM/Camera/IMG.jpg . + +dustvoice in ~ +> adb push IMG.jpg /storage/emulated/0/DCIM/Camera/IMG2.jpg + +dustvoice in ~ +> adb kill-server +#+end_src + +Of course you would need to have the /developer options/ unlocked, as +well as the /USB debugging/ option enabled within them, for =adb= to +even work. + +*** Partition management +:PROPERTIES: +:CUSTOM_ID: partition-management +:END: + +=extra= & =gparted parted=\\ + +You may also choose to use a graphical partitioning software instead of +=fdisk= or =cfdisk=. For that you can use =gparted=. Of course there is +also the =fish= equivalent =parted=. + +*** PDF viewer +:PROPERTIES: +:CUSTOM_ID: gui-pdf-viewer +:END: + +=extra= & =evince=\\ +=community= & =zathura zathura-pdf-mupdf=\\ + +To use =asciidoctor-pdf=, you might be wondering how you are supposed to +open the generated PDFs using the GUI. + +The software =zathura= has a minimalistic design and UI with a focus on +vim keybinding, whereas =evince= is a more desktop like experience, with +things like a print dialogue, etc. + +*** Process management +:PROPERTIES: +:CUSTOM_ID: process-management +:END: + +=extra= & =htop xfce4-taskmanager=\\ + +The native tool is =top=. + +The next evolutionary step would be =htop=, which is an improved version +of =top= (like =vi= and =vim= for example) + +If you prefer a GUI for that kind of task, use =xfce4-taskmanager=. + +*** Video software +:PROPERTIES: +:CUSTOM_ID: fish-video-software +:END: +Just some additional software related to videos. + +**** Live streaming a terminal session +:PROPERTIES: +:CUSTOM_ID: live-streaming-a-terminal-session +:END: + +=community= & =tmate=\\ + +For this task, you'll need a program called =tmate=. + +** Additional =GUI= software +:PROPERTIES: +:CUSTOM_ID: additional-gui-software +:END: +As you now have a working graphical desktop environment, you might want +to install some software to utilize your newly gained power. + +*** Session Lock +:PROPERTIES: +:CUSTOM_ID: session-lock +:END: + +=community= & =xsecurelock xss-lock=\\ + +Probably the first thing you'll want to set up is a session locker, +which locks your =X=-session after resuming from sleep, hibernation, +etc. It then requires you to input your password again, so no +unauthorized user can access you machine. + +I'll use =xss-lock= to hook into the necessary =systemd= events and then +use =xsecurelock= as my locker. + +You need to make sure this command gets executed upon start of the +=X=-session, so hook it into your window manager startup script, or in a +file called by your desktop environment + +#+begin_src fish +dustvoice in ~ +> xss-lock -l -- xsecurelock & +#+end_src + +*** =xfce-polkit=^{=AUR=} +:PROPERTIES: +:CUSTOM_ID: xfce-polkit-aur +:END: + +=AUR= & =xfce-polkit=\\ + +In order for GUI applications to acquire =sudo= permissions, we need to +install a =PolicyKit= authentication agent. + +We could use =gnome-polkit= for that purpose, which resides inside the +official repositories, but I decided on using =xfce-polkit=^{=AUR=}. + +Now you just need to startup =xfce-polkit=^{=AUR=} before trying to +execute something like =gparted= and you'll be prompted for your +password. + +As I already launch it as a part of my =bspwm= configuration, I won't +have to worry about that. + +*** Desktop background +:PROPERTIES: +:CUSTOM_ID: desktop-background +:END: + +=extra= & =nitrogen=\\ + +You might want to consider installing =nitrogen=, in order to be able to +set a background image + +*** Compositing software +:PROPERTIES: +:CUSTOM_ID: compositing-software +:END: + +=community= & =picom=\\ + +To get buttery smooth animation as well as e.g. smooth video playback in +=brave= without screen tearing, you might want to consider using a +compositor, in my case one named =picom= + +In order for =obs=' screen capture to work correctly, you need to kill +=picom= completely before using =obs=. + +#+begin_src fish +dustvoice in ~ +> killall picom +#+end_src + +or + +#+begin_src fish +dustvoice in ~ +> ps aux | grep picom + +dustvoice in ~ +> kill -9 +#+end_src + +*** =networkmanager= applet +:PROPERTIES: +:CUSTOM_ID: networkmanager-applet +:END: + +=extra= & =network-manager-applet=\\ + +To install the =NetworkManager= applet, which lives in your tray and +provides you with a quick method to connect to different networks, you +have to install the =network-manager-applet= package + +Now you can start the applet with + +#+begin_src fish +dustvoice in ~ +> nm-applet & +#+end_src + +If you want to edit the network connections with a more full screen +approach, you can also launch => nm-connection-editor=. + +The =nm-connection-editor= doesn't search for available Wi-Fis. You +would have to set up a Wi-Fi connection completely by hand, which could +be desirable depending on how difficult it is to set up your Wi-Fi. + +*** Show keyboard layout +:PROPERTIES: +:CUSTOM_ID: show-keyboard-layout +:END: + +=AUR= & =xkblayout-state=\\ + +To show, which keyboard layout and variant is currently in use, you can +use =xkblayout-state=^{=AUR=} + +Now simply issue the =layout= alias, provided by my custom =zsh= +configuration. + +*** X clipboard +:PROPERTIES: +:CUSTOM_ID: x-clipboard +:END: + +=extra= & =xclip=\\ + +To copy something from the terminal to the =xorg= clipboard, use =xclip= + +*** Taking screen shots +:PROPERTIES: +:CUSTOM_ID: taking-screen-shots +:END: + +=community= & =scrot=\\ + +For this functionality, especially in combination with =rofi=, use +=scrot=. + +=> scrot $HOME/Pictures/filename.png= then saves the screen shot under +=$HOME/Pictures/filename.png=. + +*** Image viewer +:PROPERTIES: +:CUSTOM_ID: image-viewer +:END: + +=extra= & =ristretto=\\ + +Now that we can create screen shots, we might also want to view those + +#+begin_src fish +dustvoice in ~ +> ristretto filename.png +#+end_src + +*** File manager +:PROPERTIES: +:CUSTOM_ID: file-manager +:END: + +=extra= & =gvfs thunar=\\ +=AUR= & =gigolo=\\ + +You probably also want to use a file manager. In my case, =thunar=, the +=xfce= file manager, worked best. + +To also be able to mount removable drives, without being =root= or using +=sudo=, and in order to have a GUI for mounting stuff, you would need to +use =gigolo=^{=AUR=} and =gvfs=. + +*** Archive manager +:PROPERTIES: +:CUSTOM_ID: archive-manager +:END: + +=extra= & =cpio unrar unzip zip=\\ +=community= & =xarchiver=\\ + +As we now have a file manager, it might be annoying, to open up a +terminal every time you simply want to extract an archive of some sort. +That's why we'll use =xarchiver=. + +*** Web browser +:PROPERTIES: +:CUSTOM_ID: web-browser +:END: + +=extra= & =firefox firefox-i18n-en-us=\\ +=community= & =browserpass=\\ + +As you're already using a GUI, you also might be interested in a web +browser. In my case, I'm using =firefox=, as well as =browserpass= from +the official repositories, together with the , , , and finally add-ons, +in order to use my passwords in =firefox= and have best protection in +regard to privacy, while browsing the web. + +We still have to setup =browserpass=, after installing all of this + +#+begin_src fish +dustvoice in ~ +> cd /usr/lib/browserpass + +dustvoice in /usr/lib/browserpass +> make hosts-firefox-user + +dustvoice in /usr/lib/browserpass +> cd ~ +#+end_src + +**** Entering the dark side +:PROPERTIES: +:CUSTOM_ID: entering-the-dark-side +:END: + +=AUR= & =tor-browser=\\ + +You might want to be completely anonymous whilst browsing the web at +some point. Although this shouldn't be your only precaution, using +=tor-browser=^{=AUR=} would be the first thing to do + +You might have to check out how to import the =gpg= keys on the =AUR= +page of =tor-browser=. + +*** Office utilities +:PROPERTIES: +:CUSTOM_ID: office-utilities +:END: + +=extra= & =libreoffice-fresh=\\ + +I'll use =libreoffice-fresh= for anything that I'm not able to do with +=neovim=. + +**** Printing +:PROPERTIES: +:CUSTOM_ID: printing +:END: + +=extra= & +=avahi cups cups-pdf nss-mdns print-manager system-config-printer=\\ + +In order to be able to print from the =gtk= print dialog, we'll also +need =system-config-printer= and =print-manager=. + +#+begin_src fish +dustvoice in ~ +> sudo systemctl enable avahi-daemon.service + +dustvoice in ~ +> sudo systemctl start avahi-daemon.service +#+end_src + +Now you have to edit =/etc/nsswitch.conf= and add +=mdns4_minimal [NOTFOUND=return]= + +#+begin_src fish +hosts: files mymachines myhostname mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns +#+end_src + +Now continue with this + +#+begin_src fish +dustvoice in ~ +> avahi-browse --all --ignore-local --resolve --terminate + +dustvoice in ~ +> sudo systemctl enable org.cups.cupsd.service + +dustvoice in ~ +> sudo systemctl start org.cups.cupsd.service +#+end_src + +Just open up =system-config-printer= now and configure your printer. + +To test if everything is working, you could open up =brave=, then go to +/Print/ and then try printing. + +*** Communication +:PROPERTIES: +:CUSTOM_ID: gui-communication +:END: +Life is all about communicating. Here are some pieces of software to do +exactly that. + +**** Email +:PROPERTIES: +:CUSTOM_ID: email +:END: + +=extra= & =thunderbird=\\ + +There is nothing better than some classical email. + +**** Telegram +:PROPERTIES: +:CUSTOM_ID: telegram +:END: + +=community= & =telegram-desktop=\\ + +You want to have your =telegram= messages on your desktop PC? + +**** TeamSpeak 3 +:PROPERTIES: +:CUSTOM_ID: teamspeak-3 +:END: + +=community= & =teamspeak3=\\ + +Wanna chat with your gaming friends and they have a =teamspeak3= server? + +**** Discord +:PROPERTIES: +:CUSTOM_ID: discord +:END: + +=community= & =discord=\\ + +You'd rather use =discord=? + +*** Video software +:PROPERTIES: +:CUSTOM_ID: gui-video-software +:END: +Just some additional software related to videos. + +**** Viewing video +:PROPERTIES: +:CUSTOM_ID: viewing-video +:END: + +=extra= & =vlc=\\ + +You might consider using =vlc= + +**** Creating video +:PROPERTIES: +:CUSTOM_ID: creating-video +:END: + +=AUR= & =obs-linuxbrowser-bin obs-glcapture-git obs-studio-git=\\ + +=obs-studio-git=^{=AUR=} should be the right choice. + +You can also make use of the plugins provided in the package list above. + +***** Showing keystrokes +:PROPERTIES: +:CUSTOM_ID: par:showing-keystrokes +:END: + +=AUR= & =screenkey=\\ + +In order to show the viewers what keystrokes you're pressing, you can +use something like =screenkey=^{=AUR=} + +For ideal use with =obs=, my =dotfiles= repository already provides you +with the => screenkey-obs= alias for you to run with =zsh=. + +**** Editing video +:PROPERTIES: +:CUSTOM_ID: editing-video +:END: + +=AUR= & =davinci-resolve=\\ + +In my case, I'm using =davinci-resolve=^{=AUR=}. + +**** Utilizing video +:PROPERTIES: +:CUSTOM_ID: utilizing-video +:END: + +=AUR= & =teamviewer=\\ + +Wanna remote control your own or another PC? + +=teamviewer=^{=AUR=} might just be the right choice for you + +*** Audio Production +:PROPERTIES: +:CUSTOM_ID: audio-production +:END: +You might have to edit =/etc/security/limits.conf=, to increase the +allowed locked memory amount. + +In my case I have 32GB of RAM and I want the =audio= group to be able to +allocate most of the RAM, which is why I added the following line to the +file + +#+begin_src fish +@audio - memlock 29360128 +#+end_src + +**** Ardour +:PROPERTIES: +:CUSTOM_ID: ardour +:END: + +=community= & =ardour=\\ + +To e.g. edit and produce audio, you could use =ardour=, because it's +easy to use, stable and cross platform. + +=extra= & =ffmpeg=\\ + +Ardour won't natively save in the =mp3= format, due to licensing stuff. +In order to create =mp3= files, for sharing with other devices, because +they have problems with =wav= files, for example, you can just use +=ffmpeg=. + +and after that we're going to convert =in.wav= to =out.mp3= + +#+begin_src fish +dustvoice in ~ +> ffmpeg -i in.wav -acodec mp3 out.mp3 +#+end_src + +**** Reaper +:PROPERTIES: +:CUSTOM_ID: reaper +:END: + +=AUR= & =reaper-bin=\\ + +Instead of =ardour=, I'm using =reaper=, which is available for linux as +a beta version, in my case more stable than =ardour= and more easy to +use for me. + +*** Virtualization +:PROPERTIES: +:CUSTOM_ID: virtualization +:END: + +=community= & =virtualbox virtualbox-host-modules-arch=\\ + +You might need to run another OS, for example Mac OS, from within Linux, +e.g. for development/testing purposes. For that you can use +=virtualbox=. + +Now when you want to use =virtualbox= just load the kernel module + +#+begin_src fish +dustvoice in ~ +> sudo modprobe vboxdrv +#+end_src + +and add the user which is supposed to run => virtualbox= to the +=vboxusers= group + +#+begin_src fish +dustvoice in ~ +> sudo usermod -a G vboxusers $USER +#+end_src + +and if you want to use =rawdisk= functionality, also to the =disk= group + +#+begin_src fish +dustvoice in ~ +> sudo usermod -a G disk $USER +#+end_src + +Now just re-login and you're good to go. + +*** Gaming +:PROPERTIES: +:CUSTOM_ID: gaming +:END: + +=extra= & =pulseaudio pulseaudio-alsa=\\ +=community= & =lutris=\\ +=multilib= & =lib32-libpulse lib32-nvidia-utils steam=\\ + +The first option for native/emulated gaming on Linux is obviously +=steam=. + +The second option would be =lutris=, a program, that configures a wine +instance correctly, etc. + +*** Wacom +:PROPERTIES: +:CUSTOM_ID: wacom +:END: + +=extra= & =libwacom xf86-input-wacom=\\ + +In order to use a Wacom graphics tablet, you'll have to install some +packages + +You can now configure your tablet using the =xsetwacom= command. + +*** =VNC= & =RDP= +:PROPERTIES: +:CUSTOM_ID: vnc-and-rdp +:END: + +=extra= & =libvncserver=\\ +=community= & =remmina=\\ +=AUR= & =freerdp=\\ + +In order to connect to a machine over =VNC= or to connect to a machine +using the =Remote Desktop Protocol=, for example to connect to a Windows +machine, I'll need to install =freerdp=^{=AUR=}, as well as +=libvncserver=, for =RDP= and =VNC= functionality respectively, as well +as =remmina=, to have a GUI client for those two protocols. + +Now you can set up all your connections inside =remmina=. + +* Upgrading the system +:PROPERTIES: +:CUSTOM_ID: upgrading-the-system +:END: +You're probably wondering why this gets a dedicated section. + +You'll probably think that it would be just a matter of issuing + +#+begin_src fish +dustvoice in ~ +> sudo pacman -Syu +#+end_src + +That's both true and false. + +You have to make sure, /that your boot partition is mounted at =/boot=/ +in order for everything to upgrade correctly. That's because the moment +you upgrade the =linux= package without having the correct partition +mounted at =/boot=, your system won't boot. You also might have to do +=> grub-mkconfig -o /boot/grub/grub.cfg= after you install a different +kernel image. + +If your system /indeed doesn't boot/ and /boots to a recovery fish/, +then double check that the issue really is the not perfectly executed +kernel update by issuing + +#+begin_src fish +root in ~ +> uname -a +#+end_src + +and + +#+begin_src fish +root in ~ +> pacman -Q linux +#+end_src + +/The version of these two packages should be exactly the same!/ + +If it isn't there is an easy fix for it. + +** Fixing a faulty kernel upgrade +:PROPERTIES: +:CUSTOM_ID: fixing-a-faulty-kernel-upgrade +:END: +First off we need to restore the old =linux= package. + +For that note the version number of + +#+begin_src fish +root in ~ +> uname -a +#+end_src + +Now we'll make sure first that nothing is mounted at =/boot=, because +the process will likely create some unwanted files. The process will +also create a new =/boot= folder, which we're going to delete +afterwards. + +#+begin_src fish +root in ~ +> umount /boot +#+end_src + +Now =cd= into =pacman='s package cache + +#+begin_src fish +root in ~ +> cd /var/cache/pacman/pkg +#+end_src + +There should be a file located named something like +=linux-.pkg.tar.xz=, where == would be somewhat +equivalent to the previously noted version number + +Now downgrade the =linux= package + +#+begin_src fish +root in ~ +> pacman -U linux-.pkg.tar.xz +#+end_src + +After that remove the possibly created =/boot= directory + +#+begin_src fish +root in ~ +> rm -rf /boot + +root in ~ +> mkdir /boot +#+end_src + +Now reboot and mount the =boot= partition, in my case an EFI System +partition. + +Now simply rerun + +#+begin_src fish +dustvoice in ~ +> sudo pacman -Syu +#+end_src + +and you should be fine now. + +* Additional notes +:PROPERTIES: +:CUSTOM_ID: additional-notes +:END: +If you've printed this guide, you might want to add some additional +blank pages for notes. diff --git a/dustdoc.cls b/dustdoc.cls index fb80175..0c1aa8f 100644 --- a/dustdoc.cls +++ b/dustdoc.cls @@ -19,8 +19,10 @@ \RequirePackage{array} \RequirePackage{caption} -\RequirePackage{longtable} -\RequirePackage{tabu} +% Replaced because outdated and unmaintained +%\RequirePackage{longtable} +%\RequirePackage{tabu} +\RequirePackage{tabularray} \RequirePackage{fix-cm} \RequirePackage{fontspec} @@ -116,9 +118,19 @@ {\begin{tcolorbox}[before upper={\setlength{\parindent}{1.5em}\noindent},colback=admonitionBG,coltitle=draculaBG,colframe=draculaPink,colbacktitle=draculaPink,title=CAUTION]} {\end{tcolorbox}} -\newenvironment{packagetable} -{\begin{longtabu}to \textwidth [b]{X[1,r]|X[1,l]}} -{\end{longtabu}} +% See note for tabu +%\newenvironment{packagetable} +%{\begin{longtabu}to \textwidth [b]{X[1,r]|X[1,l]}} +%{\end{longtabu}} + +\NewTblrTheme{packagetable}{ + \DefTblrTemplate{head}{default}{} + \DefTblrTemplate{foot}{default}{} +} + +\newenvironment{pkgtable} +{\begin{longtblr}[b, theme=packagetable]{colspec={X[1,r]|X[1,l]}, width=\textwidth}} +{\end{longtblr}} \newenvironment{mintedlisting}{% \begin{listing}[H]%