WARNING!
2017 version of this installation guide can be found here
This tutorial will guide you for installing ArchLinux on a GPT partition while using GRUB2 on a BIOS enabled PC (see Wiki for EFI) and thus on a SSD media based upon LUKS (encryption) over LVM. It is not aimed to replace the official ArchLinux installation guide or Wiki. It is just a collection of notes gathered from the official sources. As a reminder the Installation Guide can now also be found on the USB flash drive under /root/install.txt.
Once you have installed your system please make sure to consult my emergency instructions for accessing your encrypted data with a LiveCD USB Flash drive and also perform seamless upgrades using LVM snapshots.
Pre-Installation Steps
Securely wipe SSD
Fill the new drive with random data using a working Linux system:
# dd if=/dev/urandom of=/dev/sda iflag=nocache oflag=direct bs=4096
This operation takes a long time (eg. 8 hours for a 500GB SSD).
Prepare USB Flash drive
Based upon 2015.12.01 ISO image or later from http://www.archlinux.org/download.
# dd if=/dev/zero of=/dev/sdx bs=1k count=1
# dd if=archlinux-xxxxx.iso of=/dev/sdx
Replace sdx by your thumbdrive reference.
Boot from USB Flash drive
Go into BIOS menu and make sure to disable UEFI or enable legacy BIOS as default then boot & select x86_64 (or i686 if you want to stay with i686 architecture, max. 3GB SRAM). If you see UEFI in the boot menu, it is likely that your system is setup for UEFI boot only.
Change keyboard layout
# loadkeys fr
Get IP address
Archlinux boot CD starts the network and get an IP address via DHCP. You can check that you have obtained an IP address with:
# ip addr
In case you IP address was not automaticaly setup, you can use:
# dhcpcd
It is also possible to use manual IP or wifi. Please refer to the official wiki for proper instructions.
Configure drive, block devices and encrypted filesystems
Identify the devices
The first step is to identify the devices where the new system will be installed. The following command will show all the available devices:
# lsblk
Manually partition the SSD
# gdisk /dev/sda
Remove old partitions then create the following partitions:
- Enter n,1,[Enter],2M, EF02. This is the first partition (2MB) with type EF02 (BIOS partition) and used by GRUB2/BIOS-GPT. (/dev/sda1).
- Enter n,2,[Enter],256M,8300. Second partition (256MB) with type 8300 (Linux) holds unencrypted /boot as well as backup copies of /boot between system upgrades. (/dev/sda2)
- Enter n,3,[Enter],3G,8200. Third partition (3GB) with type 8200 (swap) is our optional swap partition that will be encrypted with random key but not part of lvm. (/dev/sda3)
- Enter n,4,[Enter],[Enter]. Fourth partition occupies the remaining space with a type 8E00 (LVM). It will store the encrypted LVM for /, /home and snapshots (/dev/sda4)
- Enter p to verify the above configuration
- Enter w,Y
Prepare encrypted LUKS space
We need to align, enable TRIM and use the right payload for SSD.
# cryptsetup -v --cipher aes-xts-plain64 --key-size 512 --hash sha512 --iter-time 5000 --use-random --align-payload=8192 luksFormat /dev/sda4
# cryptsetup luksOpen --allow-discards /dev/sda4 enc-lvm
While we will be enabling TRIM at different stages we won’t activate the discard option for mounting the different partitions but rather use weekly fstrim checks. The iter-time at 5000 means it will take up to 5s to check the password hash.
Setup LVM space
20GB for root is usually enough but if you start installing large packages such as TeX or others it can become too small over time. Therefore 40GB gives some room. We don’t setup swap inside LVM but keep it outside with its own random key per reboot. For the home directory we don’t use all remaining space but save some spare space for snapshots.
# lvm pvcreate --dataalignment 4M /dev/mapper/enc-lvm
# lvm vgcreate vgroup /dev/mapper/enc-lvm
# lvm lvcreate -L 40GB -n root vgroup
# lvm lvcreate -l 95%free -n home vgroup
vgdisplay to see the remaining space for snapshot. If not ok,
# lvremove /dev/mapper/vgroup-home
# lvm lvcreate -l 97%free -n home vgroup
Format /boot, /root and /home
# mkfs.ext2 /dev/sda2
# mkfs.xfs /dev/mapper/vgroup-root
# mkfs.xfs /dev/mapper/vgroup-home
ext4 was the filesystem of choice in the previous installation guide. Since I’m using XFS now on my NAS I thought it would make sense to use XFS here too especially with the latest developments including metadata checksums that are enabled by default.
Get 5% space back from /home partition (if using EXT4)
If you selected ext4 instead of XFS for /home you can gain 5% of space back since this is typically used on root partition as a safeguard when the disk gets full.
On non-root partition this hidden space can be easily and safely reclaimed back by using the following command.
# tune2fs -m 0 /dev/mapper/vgroup-home
Mount the partitions
# mount /dev/mapper/vgroup-root /mnt
# mkdir /mnt/boot
# mount /dev/sda2 /mnt/boot
# mkdir /mnt/home
# mount /dev/mapper/vgroup-home /mnt/home
Install the base system
Select installation mirror
ftp.archlinux.org is throttled to 50KB/s.
Before installing, you may want to edit /etc/pacman.d/mirrorlist such that your preferred mirror is first. This copy of the mirrorlist will be installed on your new system by pacstrap as well, so it’s worth getting it right.
Perform system installation
# pacstrap /mnt base base-devel
Install a bootloader
The folllowing will install GRUB2. If you want EFI please refer to the official Wiki.
# pacstrap /mnt grub-bios
Generate fstab for the new disk scheme
Generate a fstab file with the following command. UUIDs will be used because they have certain advantages (see official wiki). If you would prefer to use labels instead, replace the -U option with -L. Note: If you encounter errors running genfstab or later in the install process, do not run genfstab again; just edit the fstab file.
# genfstab -U -p /mnt >> /mnt/etc/fstab
Setup mount Flags
When using SSD it’s important to disable some of the timestampgins that can impact the SSD lifetime. Edit the /mnt/etc/fstab generate above to reflect the following changes:
UUID=XXX-YYY-ZZZ / xfs rw,noatime,attr2,inode64,noquota 0 1
UUID=TTT-UUU-VVV /boot ext2 rw,noatime 0 2
UUID=PPP-QQQ-RRR /home xfs rw,noatime,attr2,inode64,noquota 0 2
Enable TRIM support on LVM
We have to enable the option issue_discards in the LVM configuration. Edit /mnt/etc/lvm/lvm.conf
# [...]
devices {
# [...]
issue_discards = 1
# [...]
}
# [...]
Configure the newly installed system
Chroot into the installed system
# arch-chroot /mnt /bin/bash
Set root password
Set a root password with:
# passwd
Set hostname
Add your hostname in /etc/hostname.
myhostname
Set it to your liking. This is the name of your computer.
Add also your hostname in /etc/hosts, coinciding with the one specified in /etc/hostname as an alias, so that it looks like this:
127.0.0.1 localhost.localdomain localhost myhostname
::1 localhost.localdomain localhost myhostname
Note: ::1 is the IPv6 equivalent of 127.0.0.1
Configure console fonts and keymap
Set keymap and font name in /etc/vconsole.conf.
KEYMAP=fr
FONT=
FONT_MAP=
KEYMAP The available keymaps are in /usr/share/kbd/keymaps. Please note that this setting is only valid for your TTYs, not any graphical window managers or X. FONT Available alternate console fonts reside in /usr/share/kbd/consolefonts/. The default (blank) is safe. FONT_MAP Defines the console map to load with the setfont program at boot. Possible maps are found in /usr/share/kbd/consoletrans, if needed. The default (blank) is safe.
Setup time
Select a time zone:
# tzselect
Available time zones and subzones can also be found in the /usr/share/zoneinfo/
Setup a timezone
Edit the file /etc/timezone and write your Zone/Subzone. Example:
Europe/Paris
Additionaly, create a symbolic link /etc/localtime to the same /usr/share/zoneinfo/
# ln -s /usr/share/zoneinfo/Europe/Paris /etc/localtime
Adjust time skew
It is recommended to adjust the time skew, and set the time standard to UTC:
# hwclock --systohc --utc
Locale
Enable locales
Edit /etc/locale.gen and uncomment:
en_US.UTF-8 UTF-8
fr_FR.UTF-8 UTF-8
fr_FR ISO-8859-15
fr_FR@euro ISO-8859-15
Generate locales
# locale-gen
Setting up system-wide locale
Add your language to /etc/locale.conf.
LANG=fr_FR.UTF-8
LC_COLLATE="fr_FR.UTF-8"
Export current language for initramfs creation
We will be adding keymap to mkinicpio.conf therefore we need to environment variable LANG.
# export LANG=fr_FR.UTF-8
Configure the network
If not using DHCP or network manager, please see wiki for rc.conf configuration.
Prepare initramfs and bootloard
Prepare the initramfs build
Add keymap to kernel for non-US keyboard on boot as well as keyboard for usb support on boot, encrypt and lvm2 for accessing our encrypted space.
Edit /etc/mkinitcpio.conf to add required hooks for encryption, keyboard and LVM.
HOOKS="base udev autodetect modconf block keyboard keymap encrypt lvm2 filesystems fsck"
Also add the required video driver for early display setup. For example for integrated Intel graphic card:
MODULES="i915"
Create an initial ramdisk environment
# mkinitcpio -p linux
Configure the bootloader
Install GRUB2 to the SSD
# grub-install --recheck /dev/sda
Add SSD TRIM and encryption support
We need to allow discards in grub even if we only use the fstrim utility instead of the discard mount option. Edit /etc/default/grub and change with:
GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda4:vgroup:allow-discards"
Generate GRUB2 configuration
# grub-mkconfig -o /boot/grub/grub.cfg
Some warning will popup but it’s ok. Next time you regenerate the grub configuration, warnings should be gone.
Time to reboot into your freshly installed system
Unmount the partitions
If you are still in the chroot environment then type exit or Ctrl+D in order to exit chroot. Since the partitions are mounted under /mnt, we use the following command to unmount them.
# exit
# umount /mnt/boot
# umount /mnt/home
# umount /mnt
Reboot
Execute the following command and remove the installation media.
# reboot
Post Installation Steps
Start network
# dhcpd eth0
Setup swap space
One can place a swap partition on an SSD. Note that most modern desktops with an excess of 2 Gigs of memory rarely use swap at all. The notable exception is systems which make use of the hibernate feature.
Enable encrypted swap with random key but without suspend-to-disk support
It is very dangerous to use crypttab swap with /dev/sdx3 or even /dev/disk/by-id/ata-SERIAL-partX. A small change in your device names or partitioning layout and /etc/crypttab will see your valuable data formatted on the next boot. It is more reliable to identify the correct partition by giving it a UUID or LABEL. By default that does not work because dm-crypt and mkswap would simply overwrite any content on that partition; however, it is possible to specify an offset. This allows you to create a very small, empty, bogus filesystem (with no other purpose than providing a UUID or LABEL), which survives the swap encryptions.
Create a filesystem with label of your choice:
# mkfs.ext2 -L cryptswap /dev/sda3 1M
The unusual parameter after the device name limits the filesystem size to 1 MiB.
# blkid /dev/sda3
/dev/sda3: LABEL="cryptswap" UUID="b72c384e-bd3c-49aa-b7a7-a28ea81a2605" TYPE="ext2"
With this, /dev/sda3 now can easily be identified either by UUID or LABEL, regardless of how its device name or even partition number might change in the future. All that’s left is the /etc/crypttab and /etc/fstab entries:
/etc/crypttab
# <name> <device> <password> <options>
cryptswap LABEL=cryptswap /dev/urandom swap,offset=2048,cipher=aes-xts-plain64,size=512,hash=sha512
Note the offset: it’s 2048 sectors of 512 bytes, thus 1 MiB. This way the filesystem LABEL/UUID remains intact, and data alignment works out as well.
Why /dev/urandom and not /dev/random? The latter blocks until it got enough entropy to continue, urandom don’t. So if you use random instead urandom you might have to wait during boot until enough entropy is collected. (It does help to type your keyboard and move the mouse.) Use /dev/random if you’re really paranoid.
/etc/fstab
# <filesystem> <dir> <type> <options> <dump> <pass>
/dev/mapper/cryptswap none swap defaults 0 0
Change swap space behavior
The following is recommended tweak for SSDs using a swap partition that will reduce the “swappiness” of the system thus avoiding writes to swap.
/etc/sysctl.d/99-sysctl.conf
vm.swappiness=1
vm.vfs_cache_pressure=50
Reboot
Check
# cat /proc/sys/vm/swappiness
Enable periodic TRIM operation
Since we haven’t enabled discards on mountpoints we need to perform trim operations on a regular basis.
The util-linux package (part of base and base-devel) provides fstrim.service and fstrim.timer systemd unit files. Enabling the timer will activate the service weekly, which will then trim all mounted filesystems on devices that support the discard operation. The timer relies on the timestamp of /var/lib/systemd/timers/stamp-fstrim.timer (which it will create upon first invocation) to know whether a week has elapsed since it last ran.
Therefore there is no need to worry about too frequent invocations, in an anacron-like fashion. It is also possible to query the units activity and status using standard journalctl and systemctl status commands:
# journalctl -u fstrim
# systemctl status fstrim
Change I/O scheduler for SSD
Both noop and deadline are recommanded for SSD operation. We will stick to deadline for SSD and CFQ for hard drives.
To do this, create and edit a file in /etc/udev/rules.d named something like ‘60-schedulers.rules’. In the file include the following:
# set deadline scheduler for non-rotating disks
ACTION=="add|change", KERNEL=="sd[a-z]", TEST!="queue/rotational", ATTR{queue/scheduler}="deadline"
ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="deadline"
# set cfq scheduler for rotating disks
ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="1", ATTR{queue/scheduler}="cfq"
Of course, set deadline/cfq to the desired schedulers. Changes should occur upon next boot. To check success of the new rule:
# cat /sys/block/sdX/queue/scheduler #where X is the device in question
Note: Keep in mind cfq is the default scheduler, so the second rule with the standard kernel is not actually necessary. Also, in the example sixty is chosen because that is the number udev uses for its own persistent naming rules. Thus, it would seem that block devices are at this point able to be modified and this is a safe position for this particular rule. But the rule can be named anything so long as it ends in ‘.rules’. (Credit: falconindy and w0ng for posting on his blog)
Resolving NCQ errors
Some SSDs and SATA chipsets do not work properly with Linux Native Command Queueing (NCQ). The tell-tale dmesg errors look like this: [ 9.115544] ata9: exception Emask 0x0 SAct 0xf SErr 0x0 action 0x10 frozen [ 9.115550] ata9.00: failed command: READ FPDMA QUEUED [ 9.115556] ata9.00: cmd 60⁄04:00:d4:82:85⁄00:00:1f:00:00/40 tag 0 ncq 2048 in [ 9.115557] res 40⁄00:18:d3:82:85⁄00:00:1f:00:00/40 Emask 0x4 (timeout)
To disable NCQ on boot, add libata.force=noncq
to the kernel command line in the bootloader configuration. To disable NCQ only for disk 0 on port 1 use:
libata.force=1.00:noncq
Add default user
# useradd -m -G wheel -s /bin/bash archie
Setup password for new user:
# passwd archie
Sudo
# pacman -S sudo
Configure for a given user:
# visudo
and add:
archie ALL=(ALL) ALL
Add additional repositories
Most people will want to use [core], [extra] and [community].
Multilib
If you installed Arch Linux x86_64, it’s recommended that you enable the [multilib] repository, as well (to be able to run both 32 bit and 64 bit applications):
[multilib]
Include = /etc/pacman.d/mirrorlist
archlinuxfr
Required for installing yaourt & virtualbox and many other packages
Add as root the following into /etc/pacman.conf (this is for a 64-bit installation) :
[archlinuxfr]
SigLevel = Optional TrustAll
Server = http://repo.archlinux.fr/x86_64
Refresh software list with:
# pacman -Syy
Package management with Yaourt rather than pacman
Add nice colors when browsing packages
# pacman -S yaourt colordiff
!!! What happened for pacman-color ???
Search both binary repo but also AUR
# yaourt mc
Complete update and upgrade, even for packages coming from AUR
# yaourt -Syu --aur
Setup automatic microcode loading
For AMD processors the microcode updates are available in linux-firmware, which is installed as part of the base system. No further action is needed.
For Intel processors, install the intel-ucode package, and continue reading:
# pacman -S intel-ucode
grub-mkconfig will automatically detect the microcode update and configure grub appropriately. After installing the intel-ucode package, users are directed to regenerate the grub config to activate loading the microcode update by running:
# grub-mkconfig -o /boot/grub/grub.cfg
Install Xorg
Core Xorg install
# pacman -S xorg-server xorg-xinit xorg-server-utils
—> 4 providers for libgl: 1) mesa-libgl 2) nvidia-304xx-libgl 3) nvidia-340xx-libgl 4) nvidia-libgl
2 providers for xf86-input-driver 1) xf86-input-evdev 2) xf86-input-libinput
—->
The 3D utilities glxgears and glxinfo are included in the mesa package:
# pacman -S mesa
Identify video driver
Then you need to install a suitable driver for your graphic card. You need to know its brand and model then consult main Archlinux wiki to see which driver better fits your needs. The output of the command:
# lspci | grep VGA
should help you to identify your card.
For a complete list of open-source video drivers, search the package database:
# pacman -Ss xf86-video | less
The following is for an Intel based graphic card.
# pacman -S xf86-video-intel lib32-mesa-libgl
Keyboard & mouse
NEW **** NO DONE YET!!! Udev will detect your hardware and evdev will act as the hotplugging input driver for almost all devices. Udev is provided by systemd and xf86-input-evdev is required by xorg-server, so there is no need to explicitly install those packages. You should have 10-evdev.conf in the /usr/share/X11/xorg.conf.d/ directory, which manages keyboards, mice, touchpads and touchscreens. If evdev does not support your device, install the needed driver from the xorg-drivers group. Alike evdev, libinput (xf86-input-libinput) is a driver which supports a wide array of hardware from all device categories. See the following pages for specific instructions, or the Fedora wiki entry for more examples. https://fedoraproject.org/wiki/Input_device_configuration
Udev should be capable of detecting your hardware without problems. The evdev driver (xf86-input-evdev) is the modern hot-plugging input driver for almost all devices, so in most cases, installing input drivers is not needed.
Laptop users will also need the synaptics package to allow X to configure the touchpad:
# pacman -S xf86-input-synaptics
The primary method of configuration for the touchpad is through an Xorg server configuration file. After installation of xf86-input-synaptics, a default configuration file is located at /usr/share/X11/xorg.conf.d/50-synaptics.conf. Users can copy this file to /etc/X11/xorg.conf.d/ and edit it to configure the various driver options available. Refer to the synaptics(4) manual page for a complete list of available options. Machine-specific options can be discovered using synclient.
The following lists options that many users may wish to configure. This example configuration file enables vertical, horizontal and circular scrolling as well as touchpad tap to click: /etc/X11/xorg.conf.d/50-synaptics.conf
Section "InputClass"
Identifier "touchpad"
Driver "synaptics"
MatchIsTouchpad "on"
Option "TapButton1" "1"
Option "TapButton2" "2"
Option "TapButton3" "3"
Option "VertEdgeScroll" "on"
Option "VertTwoFingerScroll" "on"
Option "HorizEdgeScroll" "on"
Option "HorizTwoFingerScroll" "on"
Option "CircularScrolling" "on"
Option "CircScrollTrigger" "2"
Option "EmulateTwoFingerMinZ" "40"
Option "EmulateTwoFingerMinW" "8"
Option "CoastingSpeed" "0"
Option "FingerLow" "35"
Option "FingerHigh" "40"
...
EndSection
NOT DONE !!!!
Set the keyboard layout (if you do not use a standard US keyboard). To change your keyboard layout, edit /etc/X11/xorg.conf.d/10-evdev.conf
and add a XkbLayout line so it looks like:
Section "InputClass"
Identifier "evdev keyboard catchall"
MatchIsKeyboard "on"
MatchDevicePath "/dev/input/event*"
Option "XkbLayout" "fr"
Option "XkbVariant" "latin9"
Driver "evdev"
EndSection
The XkbLayout key may differ from the keymap code you used with the loadkeys command. A list of many keyboard layouts and variants can be found in /usr/share/X11/xkb/rules/base.lst (after the line beginning with ! layout). For instance, the layout gb corresponds to “English (UK)”, whereas for the console it was loadkeys uk.
Test X
Install the default environment:
# pacman -S xorg-twm xorg-xclock xterm
Start X
# startx
Install fonts
At this point, you may wish to save time by installing visually pleasing, true type fonts, before installing a desktop environment/window manager. Dejavu and bitstream-vera are good, general-purpose font sets. You may also want to have the Microsoft font sets, which are especially popular on websites.
Install with:
# pacman -S ttf-dejavu ttf-bitstream-vera
# yaourt ttf-ms-fonts
Allocine is missing one font that needs to be added manually!
Install Gnome
Base system
# pacman -S gnome gnome-extra
Remove tracker to enable old-fashion search in nautilus/nemo.
GDM
GDM is part of gnome-extra.
To make GDM the default graphical login method for the system, use the packaged systemd service file, gdm.service. Simply run the following command once to bring up GDM on boot:
# systemctl enable gdm
Starting GNOME manually
If you prefer to start GNOME manually from the console, add the following line to your ~/.xinitrc file:
~/.xinitrc
exec gnome-session
You can get .xinitrc template from /etc/skel/.xinitc
Enable Gnome NetworkManager
# systemctl enable NetworkManager
GNOME tweak tool
This graphical tool customizes fonts, themes, titlebar buttons and other settings.
# pacman -S gnome-tweak-tool
NOT DONE YET
Configure sound
Install the alsa-utils package:
# pacman -S alsa-utils
Also, you may want to install the alsa-oss package, which wraps applications written for OSS in a compatibility library, allowing them to work with ALSA. To install the alsa-oss package:
# pacman -S alsa-oss
As normal, non-root user, invoke /usr/bin/alsamixer:
# su - yourusername
# alsamixer
Unmute the Master and PCM channels by scrolling to them with cursor left/right and pressing M. Increase the volume levels with the cursor-up key. (70-90 Should be a safe range.) Some machines, (like the Thinkpad T61), have a Speaker channel which must be unmuted and adjusted as well. Leave alsamixer by pressing ESC.
Ensure your speakers are properly connected, and test your sound configuration as normal user using :
# speaker-test -c 2
You should hear a very eloquent woman say, “Front, center.”
FOLLOWING… NOT SURE !!! Exit your normal user shell and run /usr/sbin/alsactl as root to save settings:
# exit
# alsactl store
Not sure about the following one… doens’t save anything. This will create the file ‘/etc/asound.state’, saving the alsamixer settings.
TO DO & CHECK
pcie_aspm=force ??? in GRUB LINE ??
Guake
# pacman -S guake
Guake autostart, add an entry to gnome-session
zsh
# pacman -S zsh grml-zsh-config
# yaourt oh-my-zsh-git
Change the default shell for the current user:
# chsh -s $(which zsh)
TO ADD !!!! Vim Powerline patched font. Many different ones on the AUR Make sure terminal is using 256-colors mode with export TERM=“xterm-256color”.
Enable autologin
You can have GDM to directly log into your sessions without promptint for any password (safe since the whole disk is encrypted).
Edit /etc/gdm/custom.conf
# GDM configuration storage
[daemon]
AutomaticLogin=alpha
AutomaticLoginEnable=True
Check if SSD TRIM is working
https://sites.google.com/site/lightrush/random-1/checkiftrimonext4isenabledandworking
http://worldsmostsecret.blogspot.fr/2012/04/how-to-activate-trim-on-luks-encrypted.html
sudo dmsetup table /dev/mapper/vgroup –showkeys
Enable predicatable network interface name
For motherboards that have integrated NICs, it is important to have fixed device name. Many configuration problems are caused by interface name changing.
Udev is responsible for which device gets which name. Systemd v197 introduced Predictable Network Interface Names, which automatically assigns static names to network devices. Interfaces are now prefixed with en (ethernet), wl (WLAN), or ww (WWAN) followed by an automatically generated identifier, creating an entry such as enp0s25.
This behavior may be disabled by adding a symlink:
# sudo ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules
VirtualBox
# sudo pacman -S virtualbox virtualbox-guest-iso virtualbox-host-source linux-headers
# yaourt virtualbox-ext-oracle
virtualbox-modules can be used if not using custom kernel
Add the desired username to the vboxusers group. Everything may work fine without this step but shared folders and possibly some other optional stuff require it to work. The new group does not automatically apply to existing sessions; the user has to log in again.
# gpasswd -a username vboxusers
Load module on boot
Edit /etc/modules-load.d/virtualbox.conf and add:
vboxdrv
Frequency scaling
Normally the CPU frequency driver should be loaded automatically.
For example for Intel:
# lsmod | grep acpi_cpufreq
If not To load the driver automatically at start-up, add a file specifying the appropriate driver to the /etc/modules-load.d/ directory. For example:
/etc/modules-load.d/cpufreq.conf
Install cpupower to monitor it:
# pacman -S cpupower
Change governor on boot
/etc/modules-load.d/cpufreq_gov.conf
# Load cpufreq governors
cpufreq_powersave
cpufreq_userspace
cpupower includes a daemon which allows users to set the desired scaling governor and min/max clock speeds for all processor cores at boot-time.
Before starting the daemon, edit /etc/conf.d/cpupower as root, selecting the desired governor and setting the min/max speed for your CPU(s). Note: The exact min/max values of the CPU(s) can be determined by running cpupower frequency-info. However, these values are optional. Users may omit them entirely by deleting or commenting out the min/max_freq lines; scaling will work automatically.
With the appropriate configuration, start the daemon with the following command:
# systemctl start cpupower
To start the daemon automatically at startup:
# systemctl enable cpupower
threshold can be tweaked for better performance: https://wiki.archlinux.org/index.php/Cpupower
Mplayer
mplayer2, smplayer, vlc
codecs:
# pacman -S gstreamer0.10-plugins
Java
# pacman -S jre7-openjdk jre7-openjdk-headless icedtea-web-java7
Flash
# pacman -S flashplugin
Flash Player: Bad (choppy) sound on the 64-bit version
There is a problem with Flash plugin 11 on 64-bit systems and a new memcpy routine in glibc (for more details see this Fefora bug report), which makes the sound choppy on MP3 streams. Current workarounds are:
replacing the memcpy routine as suggested in this thread.
installing flashplugin-square from the AUR (this is a version of the Flash plugin with working hardware acceleration).
NTFS
# pacman -S ntfs-3g ntfsprogs
GIMP
# pacman -S gimp-devel
# pacman -S gimp-dbp gimp-plugin-gmic gimp-plugin-fblur gimp-plugin-lqr gimp-plugin-wavelet-decompose gimp-plugin-wavelet-denoise gimp-refocus gimp-ufraw
Yaourt for: - gimp-fix-ca (erro) - gimp-plugin-image-reg (error) - *gimp-plugin-saveforweb - *gimp-plugin-separate+ - *gimp-plugin-wavelet-sharpen - *gimp-resynth-heal-selection - *gimpfx-foundry
PDF reader
evince, mupdf, acroread
Firefox pdf
External PDF viewers
To use an external PDF viewer you need #MozPlugger or #kpartsplugin.
If you want to use MozPlugger with Evince, for example, you have to find the lines containing pdf in the /etc/mozpluggerrc file and modify the corresponding line after GV() as below:
repeat noisy swallow(evince) fill: evince “$file”
(replace evince with something else if it is not your viewer of choice).
acroread + firefox
Be advised that the Firefox plugin cannot be used directly with this binary – it will not load in the 64-bit browser. To load it install the nspluginwrapper plackage from the official [multilib] repository and run:
$ nspluginwrapper -v -a -i
as a normal user. This checks the plugin directory and links the plugins as needed.
NTP
# pacman ntpd
# sytstemctl enable ntpd
File change detection
Is it required? Installed by samba. No longer required by gnome or Nautilus.
# pacman -S gamin
GO
mkdir ~/go
export GOPATH=~/go
go get website.com/user/module
mozplugger
==> You may need to delete your local
==> ~/.mozilla/firefox/
CUPS
cups cups-filters cups-pdf system-config-printer-gnome
sudo pacman -S foomatic-db foomatic-db-engine foomatic-db-nonfree foomatic-filters
- explaing PDF setup To use cups-pdf, restart cups and visit the cups web interface at http://localhost:631/
You can now add a “Virtual Printer (PDF Printer)” and use the Postscript/Generic postscript color printer driver.
Note that cups-pdf has a configuration file in /etc/cups. The default location for pdf output is /var/spool/cups-pdf/$username.
Fingerprint
Please make sure your user is a member of “plugdev” group if you use UPEK non-free library, and modify your PAM configuration (e.g., /etc/pam.d/{login,su,sudo,gdm}).
fingerprint-polkit-agent conflicts with files in /etc/xdg/autostart that must be removed: “polkit-gnome-authentication-agent-1.desktop” and “polkit-kde-authentication-agent-1.desktop”.
Add “debug” switch to fingerprint-gui, you can see the debug log in /var/log/auth.log
Refer to “Manual_en.html” and “CHANGELOG” for more information. Dépendances optionnelles pour fingerprint-gui libusb: for libbsapi yaourt fingerprint 134,43s user 10,13s system 53% cpu 4:31,06 total
Digikam
- kipi + require for video thumbnails? + gtk theme manager!!
Disable pc speaker sound
créer le fichier /etc/modprobe.d/blacklist.conf avec pour contenu :
blacklist pcspkr
Cette petite ligne permet de désactiver le « beep » atroce et faisant saigner les oreilles sortant parfois des entrailles de la machine – pour un dispositif nomade, donc coutumier des salles de cours, c’est un comportement indisposant.
Intel Audio
DO NOT USE
créer le fichier /etc/modprobe.d/snd_hda_intel.conf avec le contenu :
options snd-hda-intel model=laptop
options snd_hda_intel power_save=1
options snd-hda-intel enable_msi=1
CK kernel
ajouter le répertoire à /etc/pacman.conf
[repo-ck]
SigLevel = PackageRequired
Server = http://repo-ck.com/$arch
ajouter la signature de graysky
# pacman-key -r 5EE46C4C
# pacman-key --lsign-key 5EE46C4C
mettre à jour la base de pacman (et avoir la musique en tête, accessoirement, de rien c’est gratuit)
# pacman -Syy
installer le noyau qui va bien (ici optimisé pour un Intel Atom)
# pacman -S linux-ck-corex linux-ck-corex-headers
If using SSD you might want to stick to deadline schedule as mentioned earlier.
If using HDD you might want ot use CK bfq scheduler. Append “elevator=bfq” to the kernel boot line in /boot/grub/menu.lst if using grub or in /etc/default/grub under the GRUB_CMDLINE_LINUX_DEFAULT=“quiet” line followed by rebuilding /boot/grub/grub.cfg via the standard “grub-mkconfig -o /boot/grub/grub.cfg” command.
Default application
xdg-open
xdg-open is a desktop-independent tool for configuring default applications.
Daemons
Can stay in rc.conf Alternatively, you may remove the /etc/rc.conf file entirely and enable services in systemd (see wiki).
Kernel modules
Tip: Normally all needed modules are automatically loaded by udev, so you will rarely need to add something here. Only add modules that you know are missing.
Edit /etc/modules-load.d/ to configure kernel modules to load during boot in a static list. Each configuration file is named in the style of /etc/modules-load.d/
/etc/modules-load.d/virtio-net.conf # Load virtio-net.ko at boot virtio-net
Browser Profiles
One can easily mount browser profile(s) such as chromium, firefox, opera, etc. into RAM via tmpfs and also use rsync to keep them synced with HDD-based backups. In addition to the obvious speed enhancements, users will also save read/write cycles on their SSD by doing so.
The AUR contains several packages to automate this process, for example profile-sync-daemon.
the underlying device must be aligned (if using partitions, be sure you have start of partition aligned, better use “fdisk -u” to calculate in sectors. If not sure, align to 1M or even 4M offset, this will always fit:-) (fdisk from latest util-linux-ng should support automatic alignment)
be sure that lvm2 PV metadata (data start) is always aligned (see pvcreate –dataalignment parameter) (latest lvm2 already have support for automatic data alignment if kernel exports proper alignment data)
for cryptetup/LUKS - use “–align-payload” parameter (default is alignment to 4k boundary, not enough for SSD). Note that parameter is in 512 bytes sectors!
e.g. you want to align to 4MB boundary ( = 8192 * 512 bytes), use
cryptsetup luksFormat –align-payload=8192 …
verify with cryptsetup luksDump (see Payload offset)
(I usually set lvm2 extent size to 4MB and aling LUKS the same, so the LUKS header takes exactly one extent.)
- and finally, you should optimize FS above that device stack
(From the kernel point of view, there is no difference if you put lvm2 over LUKS or vice versa - both should work the same. Just configuration is different, I have some old slides describing activation of volumes here http://mbroz.fedorapeople.org/talks/LinuxAlt2008-eng/ )
properly align partition (use sectors, not default: fdisk -u, or use parted)
align data on LUKS drive (e.g. cryptsetup luksFormat … –align-payload=8192 to align to 4MB)
pvcreate –dataalignment 4M to align PV to 4M offset, all LVs will be aligned automagically when created (option available in recent lvm2)
FOLLOWING IS NOT UPDATED YET
Add initial user
useradd -m -G users,audio,lp,optical,storage,video,wheel,power,network -s /bin/bash yourname
Next, add a password for your new user using
passwd yourname
Build mirrolist
Build a mirrorlist using the rankmirrors script
/usr/bin/rankmirrors is a python script which will attempt to detect the mirrors which are closest to the installation machine based on the mirrors specified in /etc/pacman.d/mirrorlist. Faster mirrors will dramatically improve pacman performance, and the overall Arch Linux experience. This script may be run periodically, especially if the chosen mirrors provide inconsistent throughput and/or updates.
First, use pacman to install python & curl :
pacman -Sy python curl
cd to the /etc/pacman.d/ directory:
cd /etc/pacman.d
Backup the existing /etc/pacman.d/mirrorlist:
cp mirrorlist mirrorlist.backup
Edit mirrorlist.backup and uncomment all mirrors on the same continent or within geographical proximity to test with rankmirrors.
nano mirrorlist.backup
Run the script against the mirrorlist.backup with the -n switch and redirect output to a new /etc/pacman.d/mirrorlist file:
rankmirrors -n 6 mirrorlist.backup > mirrorlist
-n 6: rank the 6 fastest mirrors<
After creating/editing /etc/pacman.d/mirrorlist, (manually or by /usr/bin/rankmirrors) issue the following command:
pacman -Syy
Install a logon manager
Install a graphical network manager
Disable default network manager
Edit /etc/rc.conf as root:
nano /etc/rc.conf
Disable (!) any devices in the INTERFACES array that you wish to manage with Wicd. For example:
INTERFACES=(!eth0 !wlan0)
#NETWORKS=(main)
#Static IP example
#eth0="eth0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"
eth0="dhcp"
INTERFACES=(!eth0 !eth1)
# Routes to start at boot-up (in this order)
# Declare each route then list in ROUTES
# - prefix an entry in ROUTES with a ! to disable it
#
gateway="default gw 192.168.0.1"
ROUTES=(!gateway)
Option 1: wicd
If you don’t use OpenVPN, CiscoVPN or 3G broadband connection then wicd offers the best choice (fast, both GUI and CLI interface). When using the above modes it is recommended to use Gnome network manager
pacman -S wicd pacman -S hicolor-icon-theme gksu python-notify
DO NOT INSTALL notification-daemon!!!
Now, add wicd to the DAEMONS array (hal before wicd). The DAEMONS array should now look something like this:
DAEMONS=(syslog-ng hal !network !dhcdbd !networkmanager wicd ...)
Disable (!) any other existing network management daemons in the DAEMONS array, including network, dhcdbd, and networkmanager. Note: wicd uses dbus but as we have with hal in DAEMONS array the Hal daemon will automatically start dbus for you.
Save and close.
the Unix group that dbus allows to access wicd is subject to change, and may be different than network. Check which policy group is specified in /etc/dbus-1/system.d/wicd.conf, and add your user to that group.
Lastly, reboot your PC. Note: There is no need to reboot your computer after installing and configuring wicd. Arch != Windows so there’s no need to reboot after installing some (trivial) stuff like wicd. Start /etc/rc.d/dbus (or hal) and /etc/rc.d/wicd. If you want your new group for a user to be active you can just logout and login.
How to bypass Gnome keyring for normal users connecting with wireless
It’s super simple! First, create a group called networkmanager with the following command (or any other method you prefer):
# groupadd networkmanager
Then add your user to that group using the following command (or any other preferred method):
# gpasswd -a username networkmanager
Replace username in the above command with your actual username.
Now, as root, launch nm-connection-editor and configure the connections:
# nm-connection-editor
Put a check mark next to “Available to all users” and apply the settings. Note: on gnome3 you can just clik on Wireless settings, it will probably ask for password to run with root privileges.
Now you won’t be bothered by Gnome keyring! (citation needed) Also, if you additionally enable “connect automatically”, your connection will be available and connected before you even log in to your desktop, making your whole startup process even faster!
ADDED SLIM with autologin!
modified /etc/slim.conf login_cmd exec /bin/bash -login ~/.xinitrc %session auto_login yes
modified .xinitrc exec ck-launch-session dbus-launch gnome-session
for intel graphic cards edit /etc/mkinitcpio.conf
MODULES=“i915”
+++ Backup keys
dmsetup table --showkey
cryptsetup luksDump /dev/sda3 | grep "Payload offset"
Note Payload offset: 4040
then
dd if=/dev/sda3 of=./backup.img bs=512 count=4040
dmsetup info -c
How do I backup a LUKS header?
While you could just copy the appropriate number of bytes from the start of the LUKS partition, the best way is to use command option “luksHeaderBackup” of cryptsetup. This protects also against errors when non-standard parameters have been used in LUKS partition creation. Example:
cryptsetup luksHeaderBackup --header-backup-file h /dev/mapper/c1
cryptsetup luksHeaderBackup --header-backup-file h /dev/sda3
To restore, use the inverse command, i.e.
cryptsetup luksHeaderRestore --header-backup-file h /dev/mapper/c1
LVM header backup vgcfgbackup -f x201-lvm vgroup
+++ Restore keys
If you have live mapping still, you are not lost completely yet. Do not reboot! First run “dmsetup table –showkeys” and “dmsetup info -c” and store the full mapping to some file.
If you see dm-crypt mapping there mapped to proper drive, you can still recreate LUKS header with some some magic.
(If you have saved that dmsetup mapping, I’ll describe hot to save you data - still depends how many of fs was overwritten.)
If you want help with that, paste here “dmsetup table” (without using –showkeys, we do not want see your master key:-). For recovery you will need to know that key, so be sure you have full table with key stored as written above.
(Table is created according to LUKS header which is lost, so after reboot you are lost completely. BTW Passphrase will not help here at all.) http://www.spinics.net/lists/dm-crypt/msg02914.html https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions#6._Backup_and_Data_Recovery
UUID http://www.datadisk.co.uk/html_docs/redhat/rh_lvm.htm https://www.centos.org/docs/5/html/Cluster_Logical_Volume_Manager/mdatarecover.html
p dd if=./backup.img of=/dev/sda3 bs=512 count=4040
+++ Mount from recovery CD - modprobe dm-crypt (not required) - cryptsetup luksOpen /dev/sda3 mylvm - vgscan - vgchange -ay - mkdir /mnt/oldroot - mount /dev/mapper/vgroup-root /mnt/oldroot
+++ fsck on lvm fsck on lvm can be a bit tricky. Like a the normal process, the partition needs to be umounted and we can boot up using the rescue cd or in emergency mode. Normally, you fsck /dev/sda1
if the partition is lvm, you need to activate the lvm first like so
vgchange –ignorelockingfailure -ay lvscan –ignorelockingfailure (this command should now work) fsck /dev/volumegroup/lvname
if the logical volume contains a partition, you need to kpartx the lv.
+++ LVM snapshot
http://www.thegoldfish.org/2011/09/reverting-to-a-previous-snapshot-using-linux-lvm/ http://www.redhatlinux.info/2010/11/lvm-logical-volume-manager.html http://doc.ubuntu-fr.org/lvm
LVM snapshot
lvcreate -L 10g -s -n mysnapshot /dev/vgroup/root
Revert back to LVM snapshot
Reboot with USB Archlinu key - loadkeys fr - cryptsetup luksOpen /dev/sda4 mylvm - vgscan - vgchange -ay - lvconvert –merge /dev/vgroup/mysnapshot - reboot for root partition
then for non root umount /home lvchange -an vgroup/home dmsetup status vgroup-snaphome lvchange -ay vgroup/home
remove snapshot
umount /dev/vgroup/mysnapshot
lvremove /dev/vgrou/mysnapshot
++ Manual Luks volume
dd if=/dev/zero of=/bigsecret bs=1M count=10 losetup /dev/loop0 /bigsecret cryptsetup luksFormat /dev/loop0 ===> cryptsetup luksFormat -c cast5-cbc-plain -s 128 -h sha256 /dev/$DEVICE cryptsetup luksOpen /dev/loop0 secret
FORMAT mkfs.ext2 /dev/mapper/secret
MOUNT mkdir /mnt/secret mount -t ext2 /dev/mapper/secret /mnt/secret
UMOUNT umount /mnt/secret cryptsetup luksClose secret losetup -d /dev/loop0 # free the loopdevice.
REMOUNT losetup /dev/loop0 /bigsecret cryptsetup luksOpen /dev/loop0 secret mount -t ext2 /dev/mapper/secret /mnt/secret
check if trim is enabled https://sites.google.com/site/lightrush/random-1/checkiftrimonext4isenabledandworking
Optimization
optimization http://postblue.info/netbook-archlinux-i3-optimisation/
power saving https://github.com/Unia/powersave http://crunchbang.org/forums/viewtopic.php?id=11954&p=1
nice example from postblue http://bin.postblue.info/powersave
Forcer ASPM powersave par un argument dans GRUB ;
Insérez pcie_aspm=force dans /etc/default/grub à la ligne GRUB_CMDLINE_LINUX, puis régénérez GRUB2 d’un grub-mkconfig -o /boot/grub/grub.cfg.
Change what systemd can control
permettre à systemd de gérer les événements du matériel en éditant le fichier /etc/systemd/logind.conf ;
Enable governors
créer le fichier /etc/modules-load.d/cpufreq.conf afin d’activer les modules de contrôle de la fréquence du processeur, avec le contenu suivant ; ici j’utilise le module acpi_cpufreq mais choisissez le module qui convient le mieux à votre matériel :
# Load cpufreq driver
acpi_cpufreq
# Load cpufreq governors
cpufreq_performance
cpufreq_powersave
cpufreq_ondemand
Powersave
/etc/udev/rules.d/50-powersave.rules SUBSYSTEM==“power_supply”, ENV{POWER_SUPPLY_ONLINE}==“0”, RUN+=“/usr/bin/powersave true” SUBSYSTEM==“power_supply”, ENV{POWER_SUPPLY_ONLINE}==“1”, RUN+=“/usr/bin/powersave false” KERNEL==“sr0”, SUBSYSTEM==“block”, ENV{POWER_SUPPLY_ONLINE}==“0”, ENV{UDISKS_DISABLE_POLLING}=“1” KERNEL==“sr0”, SUBSYSTEM==“block”, ENV{POWER_SUPPLY_ONLINE}==“1”, ENV{UDISKS_DISABLE_POLLING}=“0”
/usr/lib/systemd/system-sleep/powersave.sh
#!/bin/sh
case $1 in
pre) /usr/bin/powersave false ;;
post)
if cat /sys/class/power_supply/ADP1/online | grep 0 > /dev/null 2>&1
then
/usr/bin/powersave true
else
/usr/bin/powersave false
fi
;;
esac
exit 0
Change execution flag
# chmod +x /usr/lib/systemd/system-sleep/powersave.sh
/usr/bin/powersave #!/bin/sh
case “$1” in true) # Enable power saving settings on battery # bus for i in /sys/bus//devices//power/control; do echo auto > $i; done # usb autosuspend for i in /sys/bus/usb/devices//power/autosuspend; do echo 1 > $i; done for i in /sys/bus/usb/devices//power/control; do echo auto > $i; done # sata powersave for i in /sys/class/scsi_host/host/link_power_management_policy; do echo min_power > $i; done # disk powersave #for dev in /dev/sd[a-z]; do hdparm -S 12 -B 200 -a 2048 $dev; done # nmi_watchdog echo 0 > /proc/sys/kernel/nmi_watchdog # cpu for i in /sys/devices/system/cpu/cpu/cpufreq/scaling_governor; do echo powersave > $i; done #echo 1 > /sys/devices/system/cpu/sched_smt_power_savings #echo 1 > /sys/devices/system/cpu/sched_mc_power_savings #echo 80 > /sys/devices/system/cpu/cpufreq/conservative/up_threshold #echo 40 > /sys/devices/system/cpu/cpufreq/conservative/down_threshold #echo 20000 > /sys/devices/system/cpu/cpufreq/conservative/sampling_rate #echo 1 > /sys/devices/system/cpu/cpufreq/conservative/sampling_down_factor #echo 20 > /sys/devices/system/cpu/cpufreq/conservative/freq_step # aspm echo powersave > /sys/module/pcie_aspm/parameters/policy # kernel write mode echo 5 > /proc/sys/vm/laptop_mode echo 90 > /proc/sys/vm/dirty_ratio echo 1 > /proc/sys/vm/dirty_background_ratio echo 1500 > /proc/sys/vm/dirty_expire_centisecs echo 1500 > /proc/sys/vm/dirty_writeback_centisecs # sound card powersave echo 1 > /sys/module/snd_hda_intel/parameters/power_save echo Y > /sys/module/snd_hda_intel/parameters/power_save_controller #echo 1 > sys/module/snd_ac97_codec/parameters/power_save # wlan0/eth0 powersave iwconfig wlan0 power on ethtool -s eth0 wol d # i915 echo 1 > /sys/module/i915/parameters/i915_enable_rc6 echo 1 > /sys/module/i915/parameters/i915_enable_fbc echo 1 > /sys/module/i915/parameters/powersave echo 1 > /sys/module/i915/parameters/semaphores echo 1 > /sys/module/i915/parameters/lvds_downclock ;; false) # Return to default on AC power # bus for i in /sys/bus//devices//power/control; do echo on > $i; done # usb autosuspend for i in /sys/bus/usb/devices//power/autosuspend; do echo 0 > $i; done for i in /sys/bus/usb/devices//power/control; do echo on > $i; done # sata powersave for i in /sys/class/scsi_host/host/link_power_management_policy; do echo max_performance > $i; done # disk powersave rotational only #for dev in /dev/sd[a-z]; do hdparm -S 120 -B 255 -a 128 $dev; done # nmi_watchdog echo 1 > /proc/sys/kernel/nmi_watchdog # cpu for i in /sys/devices/system/cpu/cpu/cpufreq/scaling_governor; do echo performance > $i; done #echo 0 > /sys/devices/system/cpu/sched_smt_power_savings #echo 0 > /sys/devices/system/cpu/sched_mc_power_savings # aspm echo performance > /sys/module/pcie_aspm/parameters/policy # kernel write mode echo 0 > /proc/sys/vm/laptop_mode echo 10 > /proc/sys/vm/dirty_ratio echo 5 > /proc/sys/vm/dirty_background_ratio echo 500 > /proc/sys/vm/dirty_expire_centisecs echo 500 > /proc/sys/vm/dirty_writeback_centisecs # sound card powersave echo 0 > /sys/module/snd_hda_intel/parameters/power_save echo Y > /sys/module/snd_hda_intel/parameters/power_save_controller #echo 0 > sys/module/snd_ac97_codec/parameters/power_save # wlan0/eth0 powersave iwconfig wlan0 power off ethtool -s eth0 wol d # i915 echo 0 > /sys/module/i915/parameters/i915_enable_rc6 echo 0 > /sys/module/i915/parameters/i915_enable_fbc echo 0 > /sys/module/i915/parameters/powersave echo 0 > /sys/module/i915/parameters/semaphores echo 0 > /sys/module/i915/parameters/lvds_downclock ;; esac exit 0
chmod +x /usr/bin/powersave
disabled for now echo 1 > /sys/module/snd_hda_intel/parameters/power_save echo Y > /sys/module/snd_hda_intel/parameters/power_save_controller #echo 1 > sys/module/snd_ac97_codec/parameters/power_save
xdg-user-dirs uses a configuration file located at ~/.config/user-dirs.dir. Its format is as follows
## Localized folders
# This file is written by xdg-user-dirs-update
# If you want to change or add directories, just edit the line you're
# interested in. All local changes will be retained on the next run
# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
# absolute path. No other format is supported.
#
XDG_DESKTOP_DIR="$HOME/Bureau"
XDG_DOWNLOAD_DIR="$HOME/Téléchargements"
XDG_TEMPLATES_DIR="$HOME/Modèles"
XDG_PUBLICSHARE_DIR="$HOME/Public"
XDG_DOCUMENTS_DIR="$HOME/Documents"
XDG_MUSIC_DIR="$HOME/Musique"
XDG_PICTURES_DIR="$HOME/Images"
XDG_VIDEOS_DIR="$HOME/Vidéos"
Remove or rename the one you like/don’t like and also delete the folders from the drives for the one you no longer want.
Remove guake title
# gconf-editor
/apps/guake/general/use_vte_titles
Fix Nautilus sort
Create/Edit ~/.gnomerc
and add
#export LC_COLLATE=C That was the original post
replaced by
#export LC_COLLATE="fr_FR.UTF-8"
IMPORTANT NOTE: You must make the ‘.gnomerc’ file executable before restarting your computer. You can use a command like
chmod 755 .gnomerc or chmod 700 .gnomerc
https://bbs.archlinux.org/viewtopic.php?pid=1081952
In the end I got it working with: /etc/locale.conf
LANG=fr_FR.UTF-8
#LC_COLLATE="C"
LC_COLLATE="fr_FR.UTF-8"
and adding/modifying the following in ~/.zshrc.local
export LC_ALL="fr_FR.UTF-8"
#export LC_COLLATE="C"
export LC_COLLATE="fr_FR.UTF-8"
CUPS
# systemctl enable cups.service
CUPS PDF
PDF virtual printer
CUPS-PDF is a nice package that allows one to setup a virtual printer that will generate a PDF from anything sent to it. Obviously this package is not necessary, but it can be quite useful.
Find generated PDF documents in a sub-directory located at /var/spool/cups-pdf. Normally, the subdirectory is named after the user who performed the job. A little tweak helps you to find your printed PDF documents more easily. Edit /etc/cups/cups-pdf.conf by changing the line
#Out /var/spool/cups-pdf/${USER}
to
Out /home/${USER}
This package can be installed by the following command:
pacman -S cups-pdf
After installing the package, set it up as if it were for any other printer by using the web interface. For the Device, select CUPS-PDF (Virtual PDF Printer); Make/Manufacturer, choose Generic; Model/Driver, select Generic postscript color printer or Generic Cups-PDF Printer.
Quality sucks!
Cron
Not enabled by default
# systemctl enable cronie.service
Journal
Since version 38, systemd has its own logging system, the journal. Therefore, running a syslog daemon is no longer required. To read the log, use:
# journalctl
By default (when Storage= is set to auto in /etc/systemd/journald.conf), the journal writes to /var/log/journal/. If the directory /var/log/journal/ does not exist (e.g. if you or some program delete it), systemd will not create it automatically, but instead write its logs to /run/systemd/journal. This means that logs will be lost on reboot.
On default installation it appears to be using /var/log/journal
Disable IPV6
Adding ipv6.disable=1 to the kernel line disables the whole IPv6 stack, which is likely what you want if you are experiencing issues. See Kernel parameters for more information.
Crpyptostick & Gnome
Disabled gnome-keyring in gnome-session-properties
disable gpg-agent in ~/.gnupg.conf
create /etc/profile.d/gpg-agent.sh
#!/bin/sh
envfile=“${HOME}/.gnupg/gpg-agent.env” if test -f “$envfile” && kill -0 $(grep GPG_AGENT_INFO “$envfile” | cut -d: -f 2) 2>/dev/null; then eval “$(cat “$envfile”)” else eval “$(gpg-agent –daemon –write-env-file “$envfile”)”
eval “$(gpg-agent –daemon –enable-ssh-support –write-env-file “$envfile”)”
fi export GPG_AGENT_INFO # the env file does not contain the export statement
chmod + x /etc/profile/d/gpg-agent.sh
create /etc/udev/rules.d/40-cryptostick.rules
do not edit this file, it will be overwritten on update
SUBSYSTEM!=“usb”, GOTO=“cryptostick_rules_end” ACTION!=“add”, GOTO=“cryptostick_rules_end”
ATTR{idVendor}==“20a0”, ATTR{idProduct}==“4107”, ENV{ID_SMARTCARD_READER}=“1”, ENV{ID_SMARTCARD_READER_DRIVER}=“gnupg”
LABEL=“cryptostick_rules_end”
sudo lvcreate -L 2g -s -n home-snapshot /dev/vgroup/home sudo lvcreate -L 2g -s -n root-snapshot /dev/vgroup/root sudo cp /boot/vmlinuz-linux /boot/vmlinuz-linux-PREVIOUS sudo cp /boot/vmlinuz-linux-ck /boot/vmlinuz-linux-ck-PREVIOUS sudo cp /boot/initramfs-linux.img /boot/initramfs-linux-PREVIOUS.img sudo cp /boot/initramfs-linux-ck.img /boot/initramfs-linux-ck-PREVIOUS.img
if everything is ok, remove snapshots: sudo lvremove /dev/vgroup/root-snapshot sudo lvremove /dev/vgroup/home-snapshot
issues with i915
removed echo 0 > /sys/module/i915/parameters/i915_enable_rc6 echo 0 > /sys/module/i915/parameters/i915_enable_fbc echo 0 > /sys/module/i915/parameters/powersave
from /usr/bin/powersave
Added i915 in /etc/mkinitcpio.conf Created /etc/modprobe.d/i915.conf
options i915 i915_enable_rc6=1 options i915 i915_enable_fbc=1 options i915 lvds_downclock=1
Removed from grub default
apparement si i915 est dans mkinitcpio.conf alors on ne peut plus l’écrire après, uniquement via i915.conf (a investiguer)
in case of duplicate vgroup, rename
vgs -v
vgrename UUID new-vgroup-name
prezto powerline-fonts-git
Il y a 2 fournisseurs disponibles pour phonon-qt4-backend : :: Dépôt extra 1) phonon-qt4-gstreamer 2) phonon-qt4-vlc
- I took gstreamer !
- :: Il y a 2 fournisseurs disponibles pour phonon-qt5-backend : :: Dépôt extra 1) phonon-qt5-gstreamer 2) phonon-qt5-vlc
alsa oss acpi gnochm didn’t work gtk-engine gtk-theme
glance already installed (nice monitoring tool)
pkgcleaner instead f cachecleaner
needed ? extra/gstreamer-vaapi 0.7.0-1 GStreamer Multimedia Framework VA Plugins 8 extra/gstreamer0.10-bad 0.10.23-12 GStreamer Multimedia Framework Bad Plugin libraries (gst-plugins-bad) 9 extra/gstreamer0.10-bad-plugins 0.10.23-12 (gstreamer0.10-plugins) GStreamer Multimedia Framework Bad Plugins (gst-plugins-bad) 10 extra/gstreamer0.10-base-plugins 0.10.36-3 (gstreamer0.10-plugins) GStreamer Multimedia Framework Base Plugins (gst-plugins-base) 11 extra/gstreamer0.10-good-plugins 0.10.31-10 (gstreamer0.10-plugins) GStreamer Multimedia Framework Good Plugins (gst-plugins-good) 12 extra/gstreamer0.10-ugly-plugins 0.10.19-16 (gstreamer0.10-plugins) GStreamer Multimedia Framework Ugly Plugins (gst-plugins-ugly)
i2p dep? pm-quirks pm-utils
==> You may need to delete your local
==> ~/.mozilla/firefox/
nemo ? rabbitvcs nemo
enable ntp!!
zim bzr: Version Control plugin [installé] git: Version Control plugin [installé] mercurial: Version Control plugin [installé] gnuplot: Insert Gnuplot plugin ditaa: Insert Ditaa plugin graphviz: Insert Diagram & Link Map plugins [installé] python2-gtkspell: Spell Checker plugin r: Insert GNU R Plot plugin scrot: Insert Screenshot plugin libzeitgeist: Log events with Zeitgeist plugin [installé] lilypond: Insert Score plugin texlive-bin: Insert Equation plugin [installé]
4f1e7ab5-699c-4866-ab61-ee9c350959c8
sda3
/etc/udev/rules.d/10-local.rules:
KERNEL==“sda3”, ENV{UDISKS_IGNORE}=“1”
ENV{ID_PART_ENTRY_TYPE}==“c1”, ENV{UDISKS_IGNORE}=“1”
Installation: ==> Add theme to your /etc/default/grub: GRUB_THEME=“/boot/grub/themes/Archlinux/theme.txt” ==> Preferred resolution 1024x768: GRUB_GFXMODE=1024x768 ==> Update grub:# grub-mkconfig -o /boot/grub/grub.cfg
macchanger on boot /etc/systemd/system/macspoof@.service
[Unit] Description=macchanger on %I Before=NetworkManager.service After=sys-subsystem-net-devices-%I.device
[Service] ExecStart=/usr/bin/macchanger -r %I Type=oneshot
[Install] WantedBy=multi-user.target
Then enable for each network interface.
systemctl enable macspoof@
sudo systemctl enable macspoof@enp0s25
sudo systemctl enable macspoof@wlp3s0
dns cache + dns encrypt
pacman -S dnsmasq dnscrypt-proxy
/etc/dnsmasq.conf no-resolv server=127.0.0.1#40 listen-address=127.0.0.1 proxy-dnssec domain-needed bogus-priv dns-forward-max=150 cache-size=1000 no-negcache
Restart dnsmasq.service to apply the changes.
Enable on boot: systemctl enable dnsmasq.service
/etc/NetworkManager/NetworkManager.conf [main] plugins=keyfile dhcp=dhclient dns=default #dns=dnsmasq
## Set static hostname
#[keyfile]
#hostname=foobar
## HTTP-based connectivity check
#[connectivity]
#uri=http://nmcheck.gnome.org/check_network_status.txt
#interval=100
Then launch: # systemctl edit dnscrypt-proxy.socket
[Socket]
ListenStream=
ListenDatagram=
ListenStream=127.0.0.1:40
ListenDatagram=127.0.0.1:40
Then restart dnscrypt-proxy.socket and stop dnscrypt-proxy.service if already running to let it be started by the .socket unit.
Enable on boot:
systemctl enable dnscrypt-proxy.socket
Create an lock down /etc/resolv.conf echo “nameserver 127.0.0.1” > /etc/resolv.conf chattr +i resolv.conf
Script to enable dnscrypt & auto
~/dns-auto.sh #!/bin/sh sudo systemctl stop NetworkManager.service sleep 1 sudo nmcli networking off sleep 1 sudo chattr -i /etc/resolv.conf sudo rm /etc/resolv.conf sudo systemctl start NetworkManager.service sleep 1 sudo nmcli networking on sleep 1
Then change mode: chmod +x dns-auto.sh
~dns-dnscrypt.sh #!/bin/sh sudo systemctl stop NetworkManager.service sleep 1 sudo nmcli networking off sleep 1 sudo chattr -i /etc/resolv.conf sudo sh -c “echo nameserver 127.0.0.1 > /etc/resolv.conf” sudo chattr +i /etc/resolv.conf sudo systemctl start NetworkManager.service sleep 1 sudo nmcli networking on
Then change mode: chmod +x dns-dnscrypt.sh
to make sure resolv.conf is the right one on boot (and also locked down):
/etc/systemd/system/dnscrypt-reset.service [Unit] Description=Reset /etc/resolv.conf and lock it After=NetworkManager.service
[Service]
ExecStart=/home/alpha/dns-dnscrypt.sh
Type=oneshot
[Install]
WantedBy=multi-user.target
Enable on boot:
systemctl enable dnscrypt-reset.service
Change default server systemctl edit dnscrypt-proxy.service –full
soltysiak
dnscrypt.eu-dk
https://www.grc.com/dns/dns.htm http://dnssec.vs.uni-due.de/
https://forum.pfsense.org/index.php?topic=78446.msg570518#msg570518
Note: Including DNSSEC checking significantly increases DNS lookup times for initial lookups. Once an address is cached locally, then the lookup is virtually instantaneous. bYou can now test if DNSSEC is working, using drill in ldns (installed as dependency): drill sigfail.verteiltesysteme.net # should return rcode: SERVFAIL drill sigok.verteiltesysteme.net # should return rcode: NOERROR
trim test https://unix.stackexchange.com/questions/85865/trim-with-lvm-and-dm-crypt/85880#85880
This is just a script I would like to share if some lazy person come here. It was made out of the accepted answer from frostschutz. http://unix.stackexchange.com/a/85880/6661
!/bin/bash
#
# This script is provided "as is" without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
#
# License GPL2
#
# by desgua 2014/04/29
function CLEAN {
cd "$pasta"
[ -f test-trim-by-desgua ] && rm test-trim-by-desgua && echo "Temp file removed"
echo "Goodbye"
exit 0
}
trap 'echo ; echo "Aborted." ; CLEAN; echo ; exit 0' INT HUP
if "$(echo $USER)" != "root" ; then
read -n 1 -p 'Become root? [Y/n]' a
if $a == "y" || $a == "" ; then
sudo $0 $1
exit 0
else
echo "
This script needs root privilege.
"
exit 1
fi
fi
name=$(echo $0 | sed 's/.*\///')
if [ $# -ne 1 ]; then
echo "
Usage: $name /folder/to/test/
"
exit 1
fi
pasta=$1
read -n 1 -p 'Use fstrim? [y/N]' a
if $a == "y" ; then
fs=1
fi
method=
while "$method" != "1" && "$method" != "2" ; do
read -n 1 -s -p 'Choose a method:
[1] hdparm (will fail in LUKS on LVM)
[2] filefrag (warning: you may have to force quit - close the terminal - in some cases of success trim if you see an output that never ends)
' method
done
function SDATEST {
disk=$(fdisk -l | grep /dev/sda)
if [ "$disk" == "" ]; then
echo "
fdisk did not found /dev/sda
"
exit 1
fi
}
function TEST {
echo "Entrying /" ; echo
cd $pasta
echo "Creating the file test-trim-by-desgua at $pasta" ; echo
dd if=/dev/urandom of=test-trim-by-desgua count=10 bs=512k
echo "Syncing and sleeping 2 seconds." ; echo
sync
sleep 2
hdparm --fibmap test-trim-by-desgua
lbab=$(hdparm --fibmap test-trim-by-desgua | tail -n1 | awk '{ print $2 }')
echo "As you can see, the file was created and its LBA begins at $lbab" ; echo
echo "Syncing and sleeping 2 seconds." ; echo
sync
sleep 2
echo "Removing file test-trim-by-desgua" ; echo
rm test-trim-by-desgua
trap 'echo ; echo ; echo "Aborted." ; echo ; exit 0' INT
echo "Syncing and sleeping 2 seconds." ; echo
sync
sleep 2
if "$fs" == "1" ; then
echo "fstrim $pasta && sleep 2" ; echo
fstrim $pasta
sleep 2
fi
echo "This is readed from sector $lbab: "
hdparm --read-sector $lbab /dev/sda
pass=$(hdparm --read-sector $lbab /dev/sda | grep "0000 0000 0000 0000")
if $pass == "" ; then
echo "
Trim failed...
You should see only 0000 0000 0000 0000 ...
"
else
echo "Success!!!"
fi
exit 0
}
function LUKSTEST {
# Reference: http://unix.stackexchange.com/questions/85865/trim-with-lvm-and-dm-crypt#
echo 1 > /proc/sys/vm/drop_caches
cd $pasta
echo "Creating a \"yes\" file."
yes | dd iflag=fullblock bs=1M count=1 of=test-trim-by-desgua
#position=`filefrag -s -v test-trim-by-desgua | grep "eof" | awk '{ print $3 }'`
position=`filefrag -s -v test-trim-by-desgua | grep "eof" | sed 's| ||g ; s|.*255:|| ; s|\.\..*||'`
"$position" == "" && echo "Could not find the position of the file. Are you on a LUKS on LVM?" && CLEAN;
device=`df test-trim-by-desgua | grep "dev/" | awk '{ print $1 }'`
yes=`dd bs=4096 skip=$position count=256 if=$device | hexdump -C`
echo "In the next line you should see a pattern like:
00000000 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a |y.y.y.y.y.y.y.y.|
$yes
"
if grep "y.y.y"`" == "" ; then
echo "The pattern could not be checked. Something went wrong. Exiting."
CLEAN;
else
echo "Pattern confirmed."
fi
echo "Removing the temp file."
rm test-trim-by-desgua
echo "Syncing."
sync
sleep 1
if "$fs" == "1" ; then
echo "fstrim -v $pasta && sleep 2" ; echo
fstrim -v $pasta
sleep 2
fi
# Drop cache
echo 1 > /proc/sys/vm/drop_caches
echo "In the next line you should NOT see a yes pattern like:
00000000 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a 79 0a |y.y.y.y.y.y.y.y.|
If you see, then trim is not working:
`dd bs=4096 skip=$position count=256 if=$device | hexdump -C`"
yes=`dd bs=4096 skip=$position count=256 if=$device | hexdump -C`
if grep "y.y.y"`" != "" ; then
echo "TRIM not working."
else
echo "TRIM is working!"
fi
CLEAN;
}
if "$method" == "1" ; then
SDATEST;
TEST;
elif "$method" == "2" ; then
LUKSTEST;
fi
exit 0
prezto only (no grml or ohmyzsh) not via yaourt, only git
Launch Zsh: zsh
Clone the repository: git clone –recursive https://github.com/sorin-ionescu/prezto.git “${ZDOTDIR:-$HOME}/.zprezto”
Create a new Zsh configuration by copying the Zsh configuration files provided:
setopt EXTENDED_GLOB for rcfile in “${ZDOTDIR:-$HOME}“/.zprezto/runcoms/^README.md(.N); do ln -s “$rcfile” “${ZDOTDIR:-$HOME}/.${rcfile:t}” done
Updating
Pull the latest changes and update submodules.
git pull && git submodule update –init –recursive
Paste my .zshrz and .zpreztorc examples!!
cursors !!! https://github.com/sorin-ionescu/prezto/issues/424
ssh keychain for .zshrc but also
eval $(keychain –eval –nogui –quiet id_ed25519-nopass id_rsa_key-nopass) &
in .delayed_apps for the keys without password
issues with CUPS https://bbs.archlinux.org/viewtopic.php?id=192525 https://bugs.archlinux.org/task/43708
issue with package keys pacman-key –refresh-keys