HOWTO: Repairing a headless Arch Linux system that fails to boot

Similar Messages

• [SOLVED] Arch Linux Duke (2007) Fails to Boot

  Folks, I have a unique and challenging problem that has exhausted my Arch Linux skills, and so I am now turning to you.
  I have a vintage Pentium Pro 200 system (that’s 200 MHz folks! – 200 MHz 686 architecture – the original 686!), two CPUs, running a dual boot between Windows NT 4.0 and Arch Linux Duke (2007). It has 512 MB of RAM and a 120 GB hard drive, partitioned up between Windows NT and Linux. I built this system new in 2007, hence the dated version of Arch.  It has run like a charm all these years, granted not getting that much use. After about a year of no use at all, I fired the system up last week to help with a little research for a blog post I was writing on networking Windows NT 4.0 and Mac OS 8.6. Windows NT 4.0 fired right up with no issue, and after I was done testing what needed to be tested I tried to boot over to Arch.
  After a year of disuse, Arch unexpectedly and stubbornly refused to boot. The boot process started up just fine, but towards the end, it declared that it could not mount the root file system on the root device and took a kernel panic and stopped. My Arch skills have gotten a bit rusty in the last few years, but I dusted them off and went to work. My guess was a file system or superblock error. Arch wouldn’t boot, but I dragged out my trusty RIPLinux 2.9 Rescue Live CD and fired it up. It came right up and ran, and I was able to mount the Arch partition and view all the files… everything seemed to be there; it just wouldn’t boot. Windows NT 4.0 AND RIPLinux both boot and run on the machine, so the hardware is fine as well.
  A little information on the disk layout. Windows NT 4.0 is in the first partition on the hard drive. The extended partition has a second Windows NT 4.0 partition (sort of a /home partition for Windows NT 4.0), followed by the main Arch partition (the one I am trying to boot), followed by a swap partition and then the largest partition, which I use to share data between Arch and Windows NT 4.0 (I have loaded an ext2/3 driver into Windows NT 4.0 and it happily accesses the Linux partitions on the box).
  RIPLinux’s e2fsck did find some issues with the Arch partition and I had it repair them all. I checked again afterwards that all the files were still there, and they were. With the partition now known to be clean, and the superblock repaired from one of the backups, all should have been well. However, Arch still wouldn’t (and still won’t) boot.
  RIPLinux has a kind of a chain loader function, so I had it attempt to start up Arch for me. However, this was flummoxed by the fact that Arch addresses all my hard drive partitions as /dev/sdax and RIPLinux addresses them as /dev/hdax. Hence, without a common language, it was hard to get the one to start the other. Still, using this function, I have been able to get a crippled version of Arch running on the machine again. No modules had been loaded, and so it couldn’t do almost anything, but there it was (and is), Arch Linux Duke, at the CLI level. From there, I can see all the files, I can move freely in and out of my user account and the root account, but I can’t make the thing actually boot properly.
  If you have read this far, you are a trooper.  Summarizing what I know, the hardware is good, the file system is clean, the superblock is good, I can mount it cleanly from a live CD and I can chain load a crippled version of Arch. Here is the boot process blow-by-blow. When I try to do a normal boot, the Windows NT 4.0 loader passes control to the Lilo boot sector I have placed on hda1 (sda1 in Duke’s parlance). Lilo takes over, present a menu and when I select Duke, takes off. Arch Linux Duke starts to boot. It gets a good long way along, all the way along to:
  :: Loading udev events                [Pass]
  :: Mount root Read-only
  :: Checking file systems
  This is where it stops.
  The next thing I see is:
  /dev/sda6
  The superblock could not be read or does not describe a correct ext2 filesystem. If the device is valid and it really contains an ext2 filesystem (and not swap or ufs or something else) then the superblock is corrupt and you might try running e2fsck with an alternate superblock:
      E2fsck –b 8193 <device>
  I then get a sort of character based splash screen that says
  **********FILE SYSTEM CHECK FAILED ****************************
  *   Please repair manually and reboot. Note that the root file system
  *   is currently mounted read-only. To remount it read-write, type:
  *   mount –n –o remount,rw /.  When you exit the maintenance
  *   shell, the system will reboot automatically
  Give root password for maintenance
  At this point, I give the root password and enter the maintenance shell as root. I typed in “mount” and the first entry I got back is
  /dev/sda6 on / type ext3 (rw)
  This is exactly the root partition that the start up complains about. It is clearly there.  I can see it, I can walk around it… it is clearly there. Why won’t it boot? Despite the message, the superblock is fine – it passes every test e2fsck can throw at it.
  At this point, I did a “e2fsck /dev/hda6 (which is how RIPLinux would have passed it into Arch” and it says it is “clean”. I suspect that the Superblock message is because Arch sees root as sda6, while RIP passed it in as hda6...
  Deciding to see what Arch would be seeing as it tried to set things up in the boot sequence, I tried the following next:
  # mknod “/dev/root2” b 3 6   
  (“3” because RIPLinux refers to my hard drive as IDE, while Arch refers to it by major number “8”, which is SCSI. By the way, it IS an IDE drive – not sure why Arch insists on using the sdx nomenclature instead of hdx)
  Then I entered “mount /dev/root2 /mnt/hda6” and “ls /mnt/hda6”
  All was well. I can make the node, I can mount it, and I can see the contents. All is clearly well, but something is clearly wrong enough that Arch can’t boot.
  I am totally out of ideas. I have tried every trick I know and am out of tricks. I would welcome any insights as to what I could try to get this venerable Arch installation back on its legs.
  By the way, the key section of the /etc/lilo.conf file (lest anyone want to know) is:
  image = /boot/vmlinuz26
     root = /dev/sda6
     label = ArchLinux-Duke
     initrd = /boot/kernel26.img
     read-only
  I am stumped. Thanks in advance for any and all pointers you may be able to offer.
  Last edited by mac57 (2014-06-02 17:42:21)

  Folks, thanks for all your helpful comments, and I wanted to report back to you that I finally overcame the issue, and ArchLinux-Duke (2007) is once again executing flawlessly on my old Pentium Pro 200 system. I won't bother reporting here all the blind allies I went down as I tried to figure out what was wrong, but in the end, literally moments before I was about to give up and overwrite my Arch installation with a new Linux variant (antiX seemed well suited for such old and low power hardware), my attention was drawn to a note I had made in my files back in 2007 about a problem with similar symptoms. In that case, I had just deleted ZenWalk Linux from the hard drive (both Arch and Zen had been on the drive), and merged several partitions to make use of the newly free space. This had changed Arch's view of the drive lettering, and what had been its /dev/sddx root device was now /dev/sdcx. Arch failed to boot, throwing off the same errors I was seeing now. I wish I had recalled that note a month or so ago! It would have saved me a lot of work and a lot of frustration.
  At any rate, as a last step, and testing the idea that maybe the drive lettering had changed for some reason, I repeatedly manually booted Arch, specifying root=/dev/sda6, then /dev/sdb6, then /dev/sdd6, and finally, /dev/sdc6. Eureka! Arch now considered itself to be on /dev/sdc6 whereas previously it had been on /dev/sda6. This got me part way there, but the boot failed at the filesystem check stage and threw me into root. I disabled the file system check in /etc/rc.sysinit and got farther. Then I cleaned up /etc/fstab to agree with the new sdc naming, and I was back on the air fully.
  So, what had happened was that Arch had changed its view of the drive it was on from sda6 to sdc6. While I could not understand why this "sudden" change had occurred, at least I had a solution, and had Arch back up and running.
  Trolling through the rest of my notes, I found the answer. In 2012, the Tekram SCSI card in the machine failed, and I ultimately replaced it with an Adaptec card. The Tekram card did not have a BIOS segment on it. The Adaptec card did. My guess is that this caused the two internal SCSI devices I have built into the system (Iomega ZIP and Jaz respectively) to be enumerated first, claiming the "sda" and "sdb". device names. That left "sdc" for the root device, and that is where Arch went next.  This is my guess anyway.
  I should have caught this issue back in 2012, at the time, but from my notes, I can see that I tested the new card thoroughly using the  Windows NT 4.0 side of the machine, but never thought to bring up Arch as well. Hence, this problem lay dormant for two years, before I attempted to fire up Arch last month and blundered right into it.
  It has not all been bad. I have learned more about the ext2 and ext3 file systems and superblocks in the intervening time than I will ever need to use. I have learned how to manually boot Linux on a machine whose BIOS is so old that it cannot address the disk cylinder that the kernel is on and I have completely refreshed the many general Linux skills that used to just flow from my finger tips. It has been a frustrating experience, but ultimately a successful and useful one.
  Just wanted to let everyone know that this is now [SOLVED]. I would mark the post as such, but I don't see any obvious way to do that. Thanks again everyone.

• Arch Linux System Maintenance

  I have a few questions regarding maintenance of Arch Linux.
  I come from Gentoo where I typically execute the following:
  emerge --sync
  emerge -uDNv world
  emerge --depclean
  revdep-rebuild
  I suppose emerge --sync && emerge -uDNv world is equivalent to pacman -Syu. But as for emerge --depclean, I have not seen what command could be used to find stray/obsoleted dependencies and have them removed. Should I be using pacman -Rs <package_name> every time I want to delete a package?
  revdep-rebuild probably does not apply to Arch Linux as it is binary based.
  Additionally, I was wondering if there are more things I should do to ensure that my installation is healthy. Any help/tips would be appreciated.

  sitquietly wrote:
  John5788 wrote:
  I have a few questions regarding maintenance of Arch Linux.
  I come from Gentoo where I typically execute the following:
  emerge --sync
  emerge -uDNv world
  emerge --depclean
  revdep-rebuild
  .....revdep-rebuild probably does not apply to Arch Linux as it is binary based.....
  For most users Archlinux is not a pure binary distro in practice.  We need packages from AUR for a complete system.  On my Arch system today I see that that there are 182 binary packages available in abs/core, 1957 packages in abs/extra, and 2340 packages in abs/community; so there are a total of 4479 binary packages available in Archlinux.  By comparison my Gentoo system has 17348 packages available in portage, and more packages available in various overlays, and they are all updated properly by emerge -auDN @world.
  There are 41182 source-based packages available in my copy of Archlinux's AUR.  Unfortunately pacman -Syu does not know how to update AUR packages and they may be left with dangling references to libraries that got updated out from under them.
  AUR packages tend to get broken by updates.  So we do need something like revdep-rebuild but so far as I know we don't have any equivalent maintenance tool.  I use my own script for checking my system for AUR packages that need to be rebuilt: 
  #!/bin/sh
  # check all binaries in /usr/bin for any with "not found"
  # library links
  cd /usr/bin
  for file in $(find . -type f -executable -readable)
  do
  ldd $file | grep "not found" >/dev/null && echo -n $file " links to an missing library " && \
  echo "(rebuild `pacman -Qq --owns $file`)"
  done
  Good luck with your new Archlinux system.
  Thanks very much, I added that script to my system! I am half surprised that something like this doesn't exist natively in pacman.
  ewaller wrote:
  John5788 wrote:
  I come from Gentoo where I typically execute the following:
  emerge --sync
  emerge -uDNv world
  emerge --depclean
  revdep-rebuild
  <tear forms in ewaller's eye>I miss those commands </tear>
  Welcome from a fellow Gentoo refugee !  I miss that distribution sometimes, but I love Archlinux; mostly because it does not seem to suffer the sort of bit rot with age as does Gentoo.  I recall that subtle changes in use flags could come back to bite weeks later when you update something seemingly unrelated (especially +doc) Spend some time around here and you will find that housekeeping is really not an issue.  I do still build custom kernels and don't use initrd; one cannot completely break old habits
  Good to see some former Gentoo users here. I still use Gentoo as my desktop OS, but my new Ultrabook will have to use Arch Linux. I'd rather not kill the life of the SSD by constantly compiling packages (not to mention that the emerge times for installing something trivial could get stupid on a laptop). I've been doing as much reading as I can to get familiarized with Arch Linux and I am liking everything so far. It is a nice change to go to a binary distro that isn't Ubuntu.

• Arch linux through vmware in dual boot

  Hi guys,
  I've reinstalled arch again on a fake (intel) raid system with dual boot with Windows 7. Right now arch runs just fine natively on the machine, but I want to set it up so I can run it from vmware in windows as well. I have most things figured out but I have a small problem which I have yet to tackle.
  Natively the disks are mapped through dmraid in the following manner (etc/fstab):
  /dev/mapper/isw_cidbgaibjd_Systemp3 /boot ext2 defaults 0 1
  /dev/mapper/isw_cidbgaibjd_Systemp5 swap swap defaults 0 0
  /dev/mapper/isw_cidbgaibjd_Systemp6 / ext4 defaults 0 1
  /dev/mapper/isw_cidbgaibjd_Systemp2 /mnt/Win7 ntfs-3g defaults 0 0
  /dev/mapper/isw_cidbgaibjd_Datap1 /mnt/Data ntfs-3g defaults 0 0
  To access from vmware in Win7 I have set up vmware to map the physical (raid) drive where the arch partitions are for the virtual machine. The difference is that in Win7 the raid drive /dev/mapper/isw_cidbgaibjd_System is seen as /dev/sda (vmware abstracts the raid drive as a regular scsi/sata drive).
  I've used mkinitcpio to generate a separate profile "kernel26-vmware" to load different hooks to boot arch linux in a virtual machine and create a separate runlevel (runlevel 7) to load different daemons at boot and added a new entry in grub to load the kernel26-vmware mkinitcpio image and go into runlevel 7. The only problem remaining is to switch out /etc/fstab so that it loads proper device paths to the raid drive partitions e.g.:
  /dev/sda3 /boot ext2 defaults 0 1
  /dev/sda5 swap swap defaults 0 0
  /dev/sda6 / ext4 defaults 0 1
  /dev/sda2 /mnt/Win7 ntfs-3g defaults 0 0
  /dev/sdb1 /mnt/Data ntfs-3g defaults 0 0
  So the question is, is there anyway to tell mkinitcpio to rewrite fstab at boot with what I want depending on if I'm booting arch natively through dual boot, or booting from vmware in Win7? I've seen that mkinitcpio has "FILES" directive which enables it to load additional custom files. Can this be used to load two separate fstabs and a small script that will ovewrite /etc/fstab on boot?
  Last edited by digivampire (2009-09-24 17:32:48)

  Nevermind, I figured out the solution. Since UUIDs are preserved on the filesystem, setting fstab to use /dev/disk/by-uuid... works when booting both native and from vmware.

• [Solved] Installing on a system that does not boot from cdrom or usb

  I have a very old and stuborn gateway solo 5300 laptop that refuses to boot form the disk I burned for arch linux, as well it refuses to boot from the usb disk I made with dd acording to Usb Flash Installation Media on the wiki
  I also tryed UNetbootin: Install Arch Linux Without a CD From FTP. 
  It currently boots to windows xp, has two partitions and I wish to overwrite the entire hardrive.  Do you have any sugestions?
  Last edited by meschael (2014-06-27 02:03:56)

  ewaller wrote:... Even a fully loaded machine (512MB) would be of little (if any) use
  Really?  I have a netbook with a total of 1G, and I never get anywhere close to using even half of that.  Certainly this depends on the programs used - but for terminal only, 512MB would be more than enough IMHO.  On my 1GB, I boot into X with a simple WM, and can use lightweight (but fully functional graphical) web browsers like luakit and dwb without getting anywhere near half RAM use.
  If it is just 128MB, I agree that may be more of a problem.  I wonder if Slitaz is still going - that was my favorite "micro" distro, but I have not kept track of the development in some time.
  As for the main problem of the thread, I've reread your OP a couple of times, but I'm not sure I'm fully clear on your steps.  First, unetbootin is expected to not work for arch.  Have you made an iso using `dd`?  Can you boot other live cds or usbs on the machine?  In other words, is it a limitation of your hardware, or have the isos you've tried for arch just not worked yet?
  Last edited by Trilby (2014-06-22 23:41:36)

• Setup bootdisk for systems that do not boot from cd

  I have a compaq lte 5400 that will not boot off the cd on the docking unit, nor the notebook even though it can be set in Bio. Will a boot disk come with the new dest top? Or can it be down loaded? It has the latest Bio update.

  It sounds like you are asking for a bootable floppy. JDS 2.0 also comes in the form of CDs or downloadable CD images. If you are able to install JDS on an alternate system, there is a utility for creating bootable floppy images.

• Arch Linux USB installation does not boot Correctly [SOLVED]

  Hello,
  I created a bootable USB stick with Universal USB Installer on a Windows System.
  When I try to boot it, it shows me a Gummiboot Boot Loader Switch, where I can switch between two EFI shells and ArchLinux installation media.
  When choosing the installation media, the screen flashes and after that, it shows the following lines:
  :: running early hook [udev]
  :: running hook [udev]
  :: Triggering uevents ...
  :: running hook [memdisk]
  :: running hook [archiso]
  :: running hook [archiso_loop_mnt]
  :: running hook [archiso_pxe_common]
  :: running hook [archiso_pxe_nbd]
  :: running hook [archiso_pxe_http]
  :: running hook [archiso-pxe_nfs]
  :: Mounting '/dev/disk/by-label/ARCH_201403' to '/run/archiso/bootmnt'
  Waiting 30 seconds for device /dev/disk/by-label/ARCH_201403 ...
  [     5.060855] sd 6:0:0:0: [sdc] No Caching mode page found
  [     5.060960] sd 6:0:0:0: [sdc] Asuming drive cache: write trough
  [     5.062636] sd 6:0:0:0: [sdc] No Caching mode page found
  [     5.062688] sd 6:0:0:0: [sdc] Asuming drive cache: write through
  [     5.064566] sd 6:0:0:0: [sdc] No Caching mode page found
  [     5.064614] sd 6:0:0:0: [sdc] Asuming drive cache: write through
  ERROR: 'dev/desc/by-label/ARCH_201403' device did not show up after 30 seconds ...
      Falling back to interactive promt
      You can try to fix the problem manually, log out when you are finished
  sh: can't accsess tty; job control turned off
  [rootfs /]#
  In UEFI menu I unabled secure boot and fast boot.
  Can anybody tell me what I can do to boot the istallation media correctly?
  Thanks for your suggestions
  Last edited by outschi (2014-03-20 00:31:18)

  Welcome to arch.  I suspect this is the problem:
  outschi wrote:I created a bootable USB stick with Universal USB Installer on a Windows System.
  The error message you get is the same as those encountered by people who try to use unetbootin (eg here).  I know Unetbootin does not work to create bootable arch media - perhaps the windows tool also doesn't.
  Did you see and follow the tip here?  It seems that tool will create working usbs, but you have to fix the label.
  Last edited by Trilby (2014-03-19 16:52:22)

• Oracle Linux virtual machines failing to boot

  We have 2 oracle linux virtual machines on one host machine, both running Oracle Linux release 6 update 2 for X86_64. Both were built identically with oracle 11 installed on them. Both machines were working ok until this morning when the host machine rebooted. After the reboot, the virtual machines now hang during the boot process. The login prompt never comes up. The database does not start up on both machines. The machines are up enough that I could putty into them. In  startup.log, the following is listed for the two machines. One is named demo, the other test.
  SQL*Plus: Release 11.2.0.1.0 Production on Fri Oct 4 12:24:02 2013
  Copyright (c) 1982, 2009, Oracle.  All rights reserved.
  SQL> Connected to an idle instance.
  SQL> ORACLE instance started.
  Total System Global Area  438423552 bytes
  Fixed Size            2214136 bytes
  Variable Size          331351816 bytes
  Database Buffers      100663296 bytes
  Redo Buffers            4194304 bytes
  Database mounted.
  ORA-00313: open failed for members of log group 2 of thread 1
  ORA-00312: online log 2 thread 1: '/u02/oradata/demo/redo02.log'
  ORA-27037: unable to obtain file status
  Linux-x86_64 Error: 2: No such file or directory
  Additional information: 3
  SQL> Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  /u01/app/oracle/dbhome_1/bin/dbstart: Database instance "demo" warm started.
  SQL*Plus: Release 11.2.0.1.0 Production on Fri Oct 4 13:06:49 2013
  Copyright (c) 1982, 2009, Oracle.  All rights reserved.
  SQL> Connected to an idle instance.
  SQL> ORACLE instance started.
  Total System Global Area  438423552 bytes
  Fixed Size            2214136 bytes
  Variable Size          331351816 bytes
  Database Buffers      100663296 bytes
  Redo Buffers            4194304 bytes
  Database mounted.
  ORA-03113: end-of-file on communication channel
  Process ID: 3665
  Session ID: 1 Serial number: 5
  SQL> Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  /u01/app/oracle/dbhome_1/bin/dbstart: Database instance "test" warm started.
  The demo machine is looking for a redo log file. The file does not exist. If that file ever existed, what would make that file disappear? The test machine does not have any redo log files either but the test one is not even looking for it.
  What could have gone wrong with these?

  user7222768 wrote:
  We have 2 oracle linux virtual machines on one host machine, both running Oracle Linux release 6 update 2 for X86_64. Both were built identically with oracle 11 installed on them. Both machines were working ok until this morning when the host machine rebooted. After the reboot, the virtual machines now hang during the boot process. The login prompt never comes up. The database does not start up on both machines. The machines are up enough that I could putty into them. In  startup.log, the following is listed for the two machines. One is named demo, the other test.
  SQL*Plus: Release 11.2.0.1.0 Production on Fri Oct 4 12:24:02 2013
  Copyright (c) 1982, 2009, Oracle.  All rights reserved.
  SQL> Connected to an idle instance.
  SQL> ORACLE instance started.
  Total System Global Area  438423552 bytes
  Fixed Size            2214136 bytes
  Variable Size          331351816 bytes
  Database Buffers      100663296 bytes
  Redo Buffers            4194304 bytes
  Database mounted.
  ORA-00313: open failed for members of log group 2 of thread 1
  ORA-00312: online log 2 thread 1: '/u02/oradata/demo/redo02.log'
  ORA-27037: unable to obtain file status
  Linux-x86_64 Error: 2: No such file or directory
  Additional information: 3
  SQL> Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  /u01/app/oracle/dbhome_1/bin/dbstart: Database instance "demo" warm started.
  SQL*Plus: Release 11.2.0.1.0 Production on Fri Oct 4 13:06:49 2013
  Copyright (c) 1982, 2009, Oracle.  All rights reserved.
  SQL> Connected to an idle instance.
  SQL> ORACLE instance started.
  Total System Global Area  438423552 bytes
  Fixed Size            2214136 bytes
  Variable Size          331351816 bytes
  Database Buffers      100663296 bytes
  Redo Buffers            4194304 bytes
  Database mounted.
  ORA-03113: end-of-file on communication channel
  Process ID: 3665
  Session ID: 1 Serial number: 5
  SQL> Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
  With the Partitioning, OLAP, Data Mining and Real Application Testing options
  /u01/app/oracle/dbhome_1/bin/dbstart: Database instance "test" warm started.
  The demo machine is looking for a redo log file. The file does not exist. If that file ever existed, what would make that file disappear? The test machine does not have any redo log files either but the test one is not even looking for it.
  What could have gone wrong with these?
  Perhaps not all the file system mounted.
  Does /u02/oradata/demo exist?
  How about /u02/oradata
  How about /u02

• System encryption using LUKS and GPG encrypted keys for arch linux

  Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
  Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
  Update: 2013-01-13: Updated the hook files using the corrections by Deth.
  Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
  I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
  Intro
  Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
  Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
  Conventions
  In this short guide, I use the following disk/partition names:
  /dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
  /dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
  /dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
  Credits
  Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
  Guide
  1. Boot the arch live cd
  I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
  2. Set keymap
  Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
  3. Wipe your discs
  ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
  Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
  shred -v /dev/sda
  shred -v /dev/sdb
  4. Partitioning
  Fire up fdisk and create the following partitions:
  /dev/sda1, type linux swap.
  /dev/sda2: type linux
  /dev/sda3: type linux
  /dev/sdb1, type linux
  Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
  5. Format  and mount the usb stick
  Create an ext2 filesystem on /dev/sdb1:
  mkfs.ext2 /dev/sdb1
  mkdir /root/usb
  mount /dev/sdb1 /root/usb
  cd /root/usb # this will be our working directory for now.
  Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
  6. Configure the network (if not already done automatically)
  ifconfig eth0 192.168.0.2 netmask 255.255.255.0
  route add default gw 192.168.0.1
  echo "nameserver 192.168.0.1" >> /etc/resolv.conf
  (this is just an example, your mileage may vary)
  7. Install gnupg
  pacman -Sy
  pacman -S gnupg
  Verify that gnupg works by launching gpg.
  8. Create the keys
  Just to be sure, make sure swap is off:
  cat /proc/swaps
  should return no entries.
  Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
  dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
  dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
  Choose a strong password!!
  Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
  Note that the default cipher for gpg is cast5, I just chose to use a different one.
  9. Create the encrypted devices with cryptsetup
  Create encrypted swap:
  cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
  You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
  Important: From the Cryptsetup 1.1.2 Release notes:
  Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
      if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
        as normal binary file and no new line is interpreted.
      if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
        stop after new line is detected.
  If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
  gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
  gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
  Check for any errors.
  10. Open the luks devices
  gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
  gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
  If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
  11. Start the installer /arch/setup
  Follow steps 1 to 3.
  At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
  Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
  Select DONE to start formatting.
  At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
  Start step 6 (Install packages).
  Go to step 7 (Configure System).
  By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
  Edit /etc/fstab:
  /dev/mapper/root / ext4 defaults 0 1
  /dev/mapper/swap swap swap defaults 0 0
  /dev/mapper/var /var ext4 defaults 0 1
  # /dev/sdb1 /boot ext2 defaults 0 1
  Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
  Go to step 8 (install boot loader).
  Be sure to change the kernel line in menu.lst:
  kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
  Don't forget the :root suffix in cryptdevice!
  Also, my root line was set to (hd1,0). Had to change that to
  root (hd0,0)
  Install grub to /dev/sdb (the usb stick).
  Now, we can exit the installer.
  12. Install mkinitcpio with the etwo hook.
  Create /mnt/lib/initcpio/hooks/etwo:
  #!/usr/bin/ash
  run_hook() {
  /sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
  if [ -e "/sys/class/misc/device-mapper" ]; then
  if [ ! -e "/dev/mapper/control" ]; then
  /bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
  fi
  [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
  # Get keyfile if specified
  ckeyfile="/crypto_keyfile"
  usegpg="n"
  if [ "x${cryptkey}" != "x" ]; then
  ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
  ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
  ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
  if poll_device "${ckdev}" ${rootdelay}; then
  case ${ckarg1} in
  *[!0-9]*)
  # Use a file on the device
  # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
  if [ "${ckarg2#*.}" = "gpg" ]; then
  ckeyfile="${ckeyfile}.gpg"
  usegpg="y"
  fi
  mkdir /ckey
  mount -r -t ${ckarg1} ${ckdev} /ckey
  dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
  umount /ckey
  # Read raw data from the block device
  # ckarg1 is numeric: ckarg1=offset, ckarg2=length
  dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
  esac
  fi
  [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
  fi
  if [ -n "${cryptdevice}" ]; then
  DEPRECATED_CRYPT=0
  cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
  cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
  else
  DEPRECATED_CRYPT=1
  cryptdev="${root}"
  cryptname="root"
  fi
  warn_deprecated() {
  echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
  echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
  if poll_device "${cryptdev}" ${rootdelay}; then
  if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
  [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
  dopassphrase=1
  # If keyfile exists, try to use that
  if [ -f ${ckeyfile} ]; then
  if [ "${usegpg}" = "y" ]; then
  # gpg tty fixup
  if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
  cp -a /dev/console /dev/tty
  while [ ! -e /dev/mapper/${cryptname} ];
  do
  sleep 2
  /usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
  dopassphrase=0
  done
  rm /dev/tty
  if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
  else
  if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
  dopassphrase=0
  else
  echo "Invalid keyfile. Reverting to passphrase."
  fi
  fi
  fi
  # Ask for a passphrase
  if [ ${dopassphrase} -gt 0 ]; then
  echo ""
  echo "A password is required to access the ${cryptname} volume:"
  #loop until we get a real password
  while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
  sleep 2;
  done
  fi
  if [ -e "/dev/mapper/${cryptname}" ]; then
  if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
  export root="/dev/mapper/root"
  fi
  else
  err "Password succeeded, but ${cryptname} creation failed, aborting..."
  exit 1
  fi
  elif [ -n "${crypto}" ]; then
  [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
  msg "Non-LUKS encrypted device found..."
  if [ $# -ne 5 ]; then
  err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
  err "Non-LUKS decryption not attempted..."
  return 1
  fi
  exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
  tmp=$(echo "${crypto}" | cut -d: -f1)
  [ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f2)
  [ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f3)
  [ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f4)
  [ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f5)
  [ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
  if [ -f ${ckeyfile} ]; then
  exe="${exe} --key-file ${ckeyfile}"
  else
  exe="${exe} --verify-passphrase"
  echo ""
  echo "A password is required to access the ${cryptname} volume:"
  fi
  eval "${exe} ${CSQUIET}"
  if [ $? -ne 0 ]; then
  err "Non-LUKS device decryption failed. verify format: "
  err " crypto=hash:cipher:keysize:offset:skip"
  exit 1
  fi
  if [ -e "/dev/mapper/${cryptname}" ]; then
  if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
  export root="/dev/mapper/root"
  fi
  else
  err "Password succeeded, but ${cryptname} creation failed, aborting..."
  exit 1
  fi
  else
  err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
  fi
  fi
  rm -f ${ckeyfile}
  fi
  Create /mnt/lib/initcpio/install/etwo:
  #!/bin/bash
  build() {
  local mod
  add_module dm-crypt
  if [[ $CRYPTO_MODULES ]]; then
  for mod in $CRYPTO_MODULES; do
  add_module "$mod"
  done
  else
  add_all_modules '/crypto/'
  fi
  add_dir "/dev/mapper"
  add_binary "cryptsetup"
  add_binary "dmsetup"
  add_binary "/usr/bin/gpg"
  add_file "/usr/lib/udev/rules.d/10-dm.rules"
  add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
  add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
  add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
  add_runscript
  help ()
  cat<<HELPEOF
  This hook allows for an encrypted root device with support for gpg encrypted key files.
  To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
  to your BINARIES var in /etc/mkinitcpio.conf.
  HELPEOF
  Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
  MODULES=”ext2 ext4” # not sure if this is really nessecary.
  BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
  HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
  Copy the initcpio stuff over to the live cd:
  cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
  cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
  cp /mnt/etc/mkinitcpio.conf /etc/
  Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
  Now reinstall the initcpio:
  mkinitcpio -g /mnt/boot/kernel26.img
  Make sure there were no errors and that all hooks were included.
  13. Decrypt the "var" key to the encrypted root
  mkdir /mnt/keys
  chmod 500 /mnt/keys
  gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
  chmod 400 /mnt/keys/var
  14. Setup crypttab
  Edit /mnt/etc/crypttab:
  swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
  var /dev/sda2 /keys/var
  15. Reboot
  We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names.  I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
  Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
  Last edited by fabriceb (2013-01-15 22:36:23)

  I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
  Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
  any idea ?
  #!/bin/bash
  # This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
  # prereqs:
  # EFI "BIOS" set to boot *only* from EFI
  # successful EFI boot of Archboot USB
  # mount /dev/sdb1 /src
  set -o nounset
  #set -o errexit
  # Host specific configuration
  # this whole script needs to be customized, particularly disk partitions
  # and configuration, but this section contains global variables that
  # are used during the system configuration phase for convenience
  HOSTNAME=daniel
  USERNAME=user
  # Globals
  # We don't need to set these here but they are used repeatedly throughout
  # so it makes sense to reuse them and allow an easy, one-time change if we
  # need to alter values such as the install target mount point.
  INSTALL_TARGET="/install"
  HR="--------------------------------------------------------------------------------"
  PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
  TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
  CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
  FILE_URL="file:///packages/core-$(uname -m)/pkg"
  FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
  HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
  # Functions
  # I've avoided using functions in this script as they aren't required and
  # I think it's more of a learning tool if you see the step-by-step
  # procedures even with minor duplciations along the way, but I feel that
  # these functions clarify the particular steps of setting values in config
  # files.
  SetValue () {
  # EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
  VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
  sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
  CommentOutValue () {
  VALUENAME="$1" FILEPATH="$2"
  sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
  UncommentValue () {
  VALUENAME="$1" FILEPATH="$2"
  sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
  # Initialize
  # Warn the user about impending doom, set up the network on eth0, mount
  # the squashfs images (Archboot does this normally, we're just filling in
  # the gaps resulting from the fact that we're doing a simple scripted
  # install). We also create a temporary pacman.conf that looks for packages
  # locally first before sourcing them from the network. It would be better
  # to do either *all* local or *all* network but we can't for two reasons.
  # 1. The Archboot installation image might have an out of date kernel
  # (currently the case) which results in problems when chrooting
  # into the install mount point to modprobe efivars. So we use the
  # package snapshot on the Archboot media to ensure our kernel is
  # the same as the one we booted with.
  # 2. Ideally we'd source all local then, but some critical items,
  # notably grub2-efi variants, aren't yet on the Archboot media.
  # Warn
  timer=9
  echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
  echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
  while [[ $timer -gt 0 ]]
  do
  sleep 1
  let timer-=1
  echo -en "$timer seconds..."
  done
  echo "STARTING"
  # Get Network
  echo -n "Waiting for network address.."
  #dhclient eth0
  dhcpcd -p eth0
  echo -n "Network address acquired."
  # Mount packages squashfs images
  umount "/packages/core-$(uname -m)"
  umount "/packages/core-any"
  rm -rf "/packages/core-$(uname -m)"
  rm -rf "/packages/core-any"
  mkdir -p "/packages/core-$(uname -m)"
  mkdir -p "/packages/core-any"
  modprobe -q loop
  modprobe -q squashfs
  mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
  mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
  # Create temporary pacman.conf file
  cat << PACMANEOF > /tmp/pacman.conf
  [options]
  Architecture = auto
  CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
  CacheDir = /packages/core-$(uname -m)/pkg
  CacheDir = /packages/core-any/pkg
  [core]
  Server = ${FILE_URL}
  Server = ${FTP_URL}
  Server = ${HTTP_URL}
  [extra]
  Server = ${FILE_URL}
  Server = ${FTP_URL}
  Server = ${HTTP_URL}
  #Uncomment to enable pacman -Sy yaourt
  [archlinuxfr]
  Server = http://repo.archlinux.fr/\$arch
  PACMANEOF
  # Prepare pacman
  [[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
  [[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
  ${PACMAN} -Sy
  ${TARGET_PACMAN} -Sy
  # Install prereqs from network (not on archboot media)
  echo -e "\nInstalling prereqs...\n$HR"
  #sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
  UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
  ${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
  # Configure Host
  # Here we create three partitions:
  # 1. efi and /boot (one partition does double duty)
  # 2. swap
  # 3. our encrypted root
  # Note that all of these are on a GUID partition table scheme. This proves
  # to be quite clean and simple since we're not doing anything with MBR
  # boot partitions and the like.
  echo -e "format\n"
  # shred -v /dev/sda
  # disk prep
  sgdisk -Z /dev/sda # zap all on disk
  #sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
  sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
  #sgdisk -a 2048 -o /dev/mmcb1k0
  # create partitions
  sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
  sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
  sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
  #sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
  # set partition types
  sgdisk -t 1:ef00 /dev/sda
  sgdisk -t 2:8200 /dev/sda
  sgdisk -t 3:8300 /dev/sda
  #sgdisk -t 1:0700 /dev/mmcb1k0
  # label partitions
  sgdisk -c 1:"UEFI Boot" /dev/sda
  sgdisk -c 2:"Swap" /dev/sda
  sgdisk -c 3:"LUKS" /dev/sda
  #sgdisk -c 1:"Key" /dev/mmcb1k0
  echo -e "create gpg file\n"
  # create gpg file
  dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
  echo -e "format LUKS on root\n"
  # format LUKS on root
  gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
  echo -e "open LUKS on root\n"
  gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
  # NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
  # NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
  # make filesystems
  # following swap related commands not used now that we're encrypting our swap partition
  #mkswap /dev/sda2
  #swapon /dev/sda2
  #mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
  echo -e "\nCreating Filesystems...\n$HR"
  # make filesystems
  mkfs.ext4 /dev/mapper/root
  mkfs.vfat -F32 /dev/sda1
  #mkfs.vfat -F32 /dev/mmcb1k0p1
  echo -e "mount targets\n"
  # mount target
  #mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
  mount /dev/mapper/root ${INSTALL_TARGET}
  # mount target
  mkdir ${INSTALL_TARGET}
  # mkdir ${INSTALL_TARGET}/key
  # mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
  mkdir ${INSTALL_TARGET}/boot
  mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
  # Install base, necessary utilities
  mkdir -p ${INSTALL_TARGET}/var/lib/pacman
  ${TARGET_PACMAN} -Sy
  ${TARGET_PACMAN} -Su base
  # curl could be installed later but we want it ready for rankmirrors
  ${TARGET_PACMAN} -S curl
  ${TARGET_PACMAN} -S libusb-compat gnupg
  ${TARGET_PACMAN} -R grub
  rm -rf ${INSTALL_TARGET}/boot/grub
  ${TARGET_PACMAN} -S grub2-efi-x86_64
  # Configure new system
  SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
  sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
  SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
  #following replaced due to netcfg
  #SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
  # write fstab
  # You can use UUID's or whatever you want here, of course. This is just
  # the simplest approach and as long as your drives aren't changing values
  # randomly it should work fine.
  cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
  # /etc/fstab: static file system information
  # <file system> <dir> <type> <options> <dump> <pass>
  tmpfs /tmp tmpfs nodev,nosuid 0 0
  /dev/sda1 /boot vfat defaults 0 0
  /dev/mapper/cryptswap none swap defaults 0 0
  /dev/mapper/root / ext4 defaults,noatime 0 1
  FSTAB_EOF
  # write etwo
  mkdir -p /lib/initcpio/hooks/
  mkdir -p /lib/initcpio/install/
  cp /src/etwo_hooks /lib/initcpio/hooks/etwo
  cp /src/etwo_install /lib/initcpio/install/etwo
  mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
  mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
  cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
  cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
  # write crypttab
  # encrypted swap (random passphrase on boot)
  echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
  # copy configs we want to carry over to target from install environment
  mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
  cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
  mkdir -p ${INSTALL_TARGET}/tmp
  cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
  # mount proc, sys, dev in install root
  mount -t proc proc ${INSTALL_TARGET}/proc
  mount -t sysfs sys ${INSTALL_TARGET}/sys
  mount -o bind /dev ${INSTALL_TARGET}/dev
  echo -e "umount boot\n"
  # we have to remount /boot from inside the chroot
  umount ${INSTALL_TARGET}/boot
  # Create install_efi script (to be run *after* chroot /install)
  touch ${INSTALL_TARGET}/install_efi
  chmod a+x ${INSTALL_TARGET}/install_efi
  cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
  # functions (these could be a library, but why overcomplicate things
  SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
  CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
  UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
  echo -e "mount boot\n"
  # remount here or grub et al gets confused
  mount -t vfat /dev/sda1 /boot
  # mkinitcpio
  # NOTE: intel_agp drm and i915 for intel graphics
  SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
  SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
  SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
  mkinitcpio -p linux
  # kernel modules for EFI install
  modprobe efivars
  modprobe dm-mod
  # locale-gen
  UncommentValue de_AT /etc/locale.gen
  locale-gen
  # install and configure grub2
  # did this above
  #${CHROOT_PACMAN} -Sy
  #${CHROOT_PACMAN} -R grub
  #rm -rf /boot/grub
  #${CHROOT_PACMAN} -S grub2-efi-x86_64
  # you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
  # even omit the cryptdevice altogether, though it will wag a finger at you for using
  # a deprecated syntax, so we're using the correct form here
  # NOTE: take out i915.modeset=1 unless you are on intel graphics
  SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
  # set output to graphical
  SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
  SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
  SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
  # install the actual grub2. Note that despite our --boot-directory option we will still need to move
  # the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
  grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
  # create our EFI boot entry
  # bug in the HP bios firmware (F.08)
  efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
  # copy font for grub2
  cp /usr/share/grub/unicode.pf2 /boot/grub
  # generate config file
  grub-mkconfig -o /boot/grub/grub.cfg
  exit
  EFI_EOF
  # Install EFI using script inside chroot
  chroot ${INSTALL_TARGET} /install_efi
  rm ${INSTALL_TARGET}/install_efi
  # Post install steps
  # anything you want to do post install. run the script automatically or
  # manually
  touch ${INSTALL_TARGET}/post_install
  chmod a+x ${INSTALL_TARGET}/post_install
  cat > ${INSTALL_TARGET}/post_install <<POST_EOF
  set -o errexit
  set -o nounset
  # functions (these could be a library, but why overcomplicate things
  SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
  CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
  UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
  # root password
  echo -e "${HR}\\nNew root user password\\n${HR}"
  passwd
  # add user
  echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
  groupadd sudo
  useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
  passwd ${USERNAME}
  # mirror ranking
  echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
  cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
  mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
  sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
  rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
  # temporary fix for locale.sh update conflict
  mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
  # yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
  echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
  echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
  # additional groups and utilities
  pacman --noconfirm -Syu
  pacman --noconfirm -S base-devel
  pacman --noconfirm -S yaourt
  # sudo
  pacman --noconfirm -S sudo
  cp /etc/sudoers /tmp/sudoers.edit
  sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
  sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
  visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
  # power
  pacman --noconfirm -S acpi acpid acpitool cpufrequtils
  yaourt --noconfirm -S powertop2
  sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
  sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
  # following requires my acpi handler script
  echo "/etc/acpi/handler.sh boot" > /etc/rc.local
  # time
  pacman --noconfirm -S ntp
  sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
  # wireless (wpa supplicant should already be installed)
  pacman --noconfirm -S iw wpa_supplicant rfkill
  pacman --noconfirm -S netcfg wpa_actiond ifplugd
  mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
  echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
  # make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
  sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
  sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
  echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
  echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
  echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
  # sound
  pacman --noconfirm -S alsa-utils alsa-plugins
  sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
  mv /etc/asound.conf /etc/asound.conf.orig || true
  #if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
  # video
  pacman --noconfirm -S base-devel mesa mesa-demos
  # x
  #pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
  #yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
  #TODO: cut down the install size
  #pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
  # TODO: wacom
  # environment/wm/etc.
  #pacman --noconfirm -S xfce4 compiz ccsm
  #pacman --noconfirm -S xcompmgr
  #yaourt --noconfirm -S physlock unclutter
  #pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
  #pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
  #pacman --noconfirm -S ghc
  # note: try installing alex and happy from cabal instead
  #pacman --noconfirm -S haskell-platform haskell-hscolour
  #yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
  #yaourt --noconfirm -S xmobar-git
  # TODO: edit xfce to use compiz
  # TODO: xmonad, but deal with video tearing
  # TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
  # switching to cabal
  # fonts
  pacman --noconfirm -S terminus-font
  yaourt --noconfirm -S webcore-fonts
  yaourt --noconfirm -S fontforge libspiro
  yaourt --noconfirm -S freetype2-git-infinality
  # TODO: sed infinality and change to OSX or OSX2 mode
  # and create the sym link from /etc/fonts/conf.avail to conf.d
  # misc apps
  #pacman --noconfirm -S htop openssh keychain bash-completion git vim
  #pacman --noconfirm -S chromium flashplugin
  #pacman --noconfirm -S scrot mypaint bc
  #yaourt --noconfirm -S task-git stellarium googlecl
  # TODO: argyll
  POST_EOF
  # Post install in chroot
  #echo "chroot and run /post_install"
  chroot /install /post_install
  rm /install/post_install
  # copy grub.efi file to the default HP EFI boot manager path
  mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
  mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
  cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
  cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
  cp /root/root.gpg ${INSTALL_TARGET}/boot/
  # NOTES/TODO

• Linux users cannot open Firefox on multiple systems that are mounting the same network drive as their home directory

  I am supporting a user who is logging into multiple linux systems that all have the same /home directory mounted to a network filer.
  When the user opens firefox on one system, he is unable to open firefox on other systems.
  I'm assuming this is because firefox is storing his profile in /home.
  These are Centos 5.4 x64 systems, authenticatiing to a Windows 2003 Domain. The filer that hosts the home directories is a NetApp with both CIFS and NFS permissions enabled on the volume that /home resides. We are using the version that came with the Centos installation, 3.0.12

  So while this worked well for my computer at home, it does not work for the actual computer the disk is mounted on.  If I try to mount the disk as the "office" user, the computer rejects the connection to itself and tells me to access it locally.  Any ideas on how to handle this?  Thanks again.
  dlr

• Canon PIXMA MP640 WiFi on Arch Linux x86_64

  I have a Canon PIXMA MP640 series multifunctional device connected wirelessly to my home router. On Windows Vista the device works flawlessly, I can print or scan without any problems. Now I decided to configure at least the printer part on my Arch Linux x86_64, which I dual-boot with Vista on the same laptop.
  I went through the Wiki entry for CUPS and SAMBA. I did install all the necessary packages, that is:
  1) cups (ver. 1.4.6), ghostscript (ver. 9.01), gsfonts (ver. 1.0.7pre44) - for CUPS
  2) cnijfilter-mp640 (ver. 3.20) and its dependencies: cnijfilter-common (ver. 3.00), lib32-libcups, lib32-popt - drivers for this particular model
  3) samba (ver. 3.5.6) and gamin (ver. 0.1.10) – for SAMBA
  Then I added cups and samba to DAEMONS section of the /etc/rc.conf file
  DAEMONS=(@syslog-ng !network @netfs @crond hal alsa wicd bluetooth laptop-mode !openntpd @cups @samba)
  copied Samba configuration file
  cp /etc/samba/smb.conf.default /etc/samba/smb.conf
  in which I changed only one entry – name of my workgroup, and then I restarted my system.
  In System Settings as root I went to Sharing→Samba and checked if everything seems fine – see print screen below.
  http://img854.imageshack.us/img854/300/samba1.png
  Then in Printer Configuration I chosed New network printer and I tried to fill all the boxes with information I have about my printer – see below. I also pointed to the specific .ppd file - /usr/share/cups/model/canonmp640.ppd.
  http://img5.imageshack.us/img5/6650/samba2.png
  The printer name and it's localization I got from my router – see below.
  http://img840.imageshack.us/img840/3982/samba3.png
  As you all see on print screen No 2 I'm getting “Bad URI – need printer name” error from CUPS. I “googled” about it, but still haven't been able to solve this issue. What am I doing wrong?
  Last edited by Zibi1981 (2011-03-07 18:13:31)

  No hints??? I believe it's related to Samba. I don't know how to configure it properly, so it can find my WiFi printer.

• Recovering earlier installed Windows 7 after installing Arch Linux

  I'm trying to boot windows on my ASUS notebook.
  There was windows 7 from the very beginning (disks C:\ and D:\), then I divided disk D:\ on several partitions and installed Arch Linux. I overwrited Windows boot information by boot part of Linux. Now I want to recover windows, that I still have on hard drive. It doesn's matter what there will be: dualboot or only windows (but dualboot is prefered).
  Disk info:
  [jhon@fckrsns ~]$ sudo fdisk -l
  Disk /dev/sda: 698.7 GiB, 750156374016 bytes, 1465149168 sectors
  Units: sectors of 1 * 512 = 512 bytes
  Sector size (logical/physical): 512 bytes / 4096 bytes
  I/O size (minimum/optimal): 4096 bytes / 4096 bytes
  Disklabel type: gpt
  Disk identifier: 1AFC9DFF-CD3B-4CE1-8CAF-41C3E5B75772
  Device Start End Size Type
  /dev/sda1 2048 411647 200M EFI System
  /dev/sda2 411648 673791 128M Microsoft reserved
  /dev/sda3 673792 586731519 279.5G Microsoft basic data
  /dev/sda4 586731520 691589119 50G Linux filesystem
  /dev/sda5 1412718592 1465147391 25G Windows recovery environment
  /dev/sda6 691589120 901304319 100G Linux filesystem
  /dev/sda7 901304320 1412718591 243.9G Microsoft basic data
  [jhon@fckrsns ~]$ lsblk
  NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
  sda 8:0 0 698.7G 0 disk
  ├─sda1 8:1 0 200M 0 part /boot
  ├─sda2 8:2 0 128M 0 part
  ├─sda3 8:3 0 279.5G 0 part
  ├─sda4 8:4 0 50G 0 part /
  ├─sda5 8:5 0 25G 0 part
  ├─sda6 8:6 0 100G 0 part /home
  └─sda7 8:7 0 243.9G 0 part
  sr0 11:0 1 1024M 0 rom
  [jhon@fckrsns ~]$ lsblk -f
  NAME FSTYPE LABEL UUID MOUNTPOINT
  sda
  ├─sda1 vfat 4DEB-D6D2 /boot
  ├─sda2
  ├─sda3 ntfs OS 62364BE9364BBCB3
  ├─sda4 ext4 c4da4683-871a-49fa-96a3-4da11387d31d /
  ├─sda5 ntfs Recovery 8ECE4F50CE4F2FAF
  ├─sda6 ext4 3eba01c6-e422-4542-8442-16064c74a563 /home
  └─sda7 ntfs 3B29E7794F6CD932
  sr0
  OS partition (/dev/sda3):
  [jhon@fckrsns /]$ ls /run/media/jhon/OS
  altera Boot djvureader DrWeb Quarantine eSupport hiberfil.sys MSOCache N56VM.BIN pagefile.sys Program Files Recovery SecurityScanner.dll VisualCLibs
  AsusVibeData bootmgr Documents and Settings eclipse Games Intel MS.Office.2007.Portable.micro.v.1.16 N56VZ.BIN PerfLogs Program Files (x86) $Recycle.Bin System Volume Information Windows
  AVScanner.ini BOOTSECT.BAK DOSBox_SIM END gcc Keil_v5 mtd NVIDIA ProgramData Qt R.G. Catalyst Users
  I tried to recover MBR with different ways:
  with syslinux:
  [jhon@fckrsns /]$ sudo dd if=/usr/lib/syslinux/bios/mbr.bin of=/dev/sda
  0+1 records in
  0+1 records out
  440 bytes (440 B) copied, 0.0226394 s, 19.4 kB/s
  with ms-sys:
  [jhon@fckrsns /]$ sudo ms-sys --partition /dev/sda1
  Start sector 2048 (nr of hidden sectors) successfully written to /dev/sda1
  Physical disk drive id 0x80 (C:) successfully written to /dev/sda1
  Number of heads (255) successfully written to /dev/sda1
  [jhon@fckrsns /]$ sudo ms-sys --mbr7 /dev/sda
  Windows 7 master boot record successfully written to /dev/sda
  But there is still no way to boot windows.
  I run grub-mkconfig before and after these manipulations with MBR:
  [jhon@fckrsns ~]$ sudo grub-mkconfig -o /boot/grub/grub.cfg
  Generating grub configuration file ...
  Found linux image: /boot/vmlinuz-linux
  Found initrd image: /boot/initramfs-linux.img
  Found fallback initramfs image: /boot/initramfs-linux-fallback.img
  No volume groups found
  done
  [jhon@fckrsns /]$ sudo os-prober
  /dev/cdrom: open failed: No medium found
  No volume groups found
  I installed rEFInd, now I have two choices on boot screen: vmlinuz-linux, which it founded, and my earlier installed grub bootloader.
  Maybe I missed something, but i don't know what exactly.
  Last edited by Jhon (2014-09-28 16:45:38)

  Now I know that I don't need MBR at all (but google told me that recovering windows = recovering MBR..)
  Are there any ways to recover boot information on EFI system partition from Linux without using Windows Live CD and it's bootrec.exe?
  I have bootmgr and bootmgfw.efi files on /dev/sda3 (partition with windows installed), what else I need? Simple copy of bootmgfw.efi to /boot/EFI/Microsoft/Boot/bootmgfw.efi and addition of custom menu item to /etc/grub.d/40_custom does'nt work. There is Windows now in rEFInd and GRUB menus, but there is error on loading.

• Arch Linux Minumum Base

  Is there a way I could get a list of the most minimum packages required to run an Arch Linux system.
  Naturally If I want to run an X app I need X.  But, I want to know what consists of the most minimal arch install.
  Reason being is I want to make an arch linux base for FreeBSD's compat layer.  Since I compile my FreeBSD systems with the same /similar optimizations as Arch Linux does. I think it would make a better fit than the RH7 default system.
  Basically, I my end result will be a FreeBSD Desktop that can do the following:
  Run Linux applications and have those Linux applications managed by the Linux tools.  FreeBSD uses RH7 as their default base and they rpm install the base system.  Many of the Linux ports in FreeBSD ports tree grab the RH7 rpms.   But.  I would love to be able to from my FreeBSD box do pacman -S acroread or whatever and have it grab the Arch packages and install them to Linux compat location.   
  This is strictly a runtime environment.  I do not want to be generating Linux code via the compat layer.  Just run stuff.
  Thus, I want ports to manage my FreeBSD packages.  But I want pacman to manage my Linux stuff.  I think ports should not manage Linux stuff on a FreeBSD box.
  So, is there anybody willing to give me that list or point me to the right source to look it up. 
  Jeff - who happened to switch his box back to FreeBSD just because he was bored and yes I trashed a perfectly working Arch install.

  I feel like an idiot now.  I found my answer.  I need to first install the base category.  However, I need to automate this.
  On the arch linux ftp site all the packages are lumped into one directory.   Not separated by category.
  For now I will look at the linux_base port and make a list based on that.  Then install the arch specific stuff like pacman.   
  I think once I get the initial base laid out I can then chroot to that and run total linux commands...  like this:
  frontier# uname -srm
  FreeBSD 5.1-RELEASE-p7 i386
  frontier# chroot /usr/compat/linux /bin/sh
  sh-2.04# uname -srm
  Linux 2.4.2 i386
  sh-2.04# exit
  exit
  frontier#
  Jeff

• Arch Linux OS X Boot Menu Label

  Hi guys,
  I am pretty new to Linux. I just finished installing Arch Linux on my macbook pro. I followed the instructions on the wiki and now I'm able to boot into Arch Linux by selecting the "EFI Boot" option from the menu after holding down the alt key on startup. Everything is working pretty smoothly so far but I was wondering if its possible to change the label of the Arch Linux option in the menu from "EFI Boot" to "Arch Linux". On the manpage for bless it says the following:
  --label name Render a text label used in the firmware-based OS picker
  I tried using the following commands to bless the boot partition, but they have no effect on the label.
  $ sudo bless --folder="Arch Linux" --file="Arch Linux/System/Library/CoreServices/boot.efi" --label=ArchLinux
  $ sudo bless --mount="Arch Linux" --file="Arch Linux/System/Library/CoreServices/boot.efi" --label=ArchLinux
  Anyone have any ideas?
  Thanks,
  Ahmed

  heleos wrote:
  This line:
  Waiting for 30 seconds for device /dev/disk/by-label/ARCH-201005...
  You need to make sure that's the exact name of your iso disc. If it's not, it isn't a big deal. I've run into problems on this with my arch USB drive.
  Once you get to the [ramfs /]# prompt, type in:
  mv /dev/disk/by-label/(insert name of the current cd here) /dev/disk/by-label/ARCH-201005
  exit
  It should then be able to boot from the cd
  did:
  mv /dev/disk/by-label/(insert name of the current cd here) /dev/disk/by-label/ARCH-201005
  exit
  shows:
  ERROR: mounting was successful, but /bootmnt/isomounts file doex not exist.
  Then I checked:
  cd /bootmnt
  ls
  archlinux-2010.05-core-i686.iso
  exit
  shows another problem /boot/init does not exist
  exit
  kernel panic!

• [SOLVED] idle headless arch, disables wired lan

  Hey,
  I've recently installed a headless arch linux thats works near-perfectly.
  Although, once its booted I have about 5 minutes to ssh to it without the network disconnecting
  I say disconnecting, because I can't ping it, and as it boot headless i can't connect a monitor to it.
  I've got the same hardware configuration on another arch linux, with a gui - and it runs fine.
  I've set the following in both ssh_config, sshd_config (server and client):
  TCPKeeplAlive yes
  ServerAliveInterval 5
  I dont know if this matters but the computer only has power and network connected to it.
  How do I keep the network alive?
  [X@redhat ~]$ ssh 192.168.1.100 -l root
  [email protected]'s password:
  Last login: Thu Jun 17 23:40:19 2010 from 192.168.1.109
  [root@Archer ~]#Timeout, server not responding. //left idle for 5 minutes
  [X@redhat ~]$ ssh 192.168.1.100 -l root
  ssh: connect to host 192.168.1.100 port 22: No route to host
  [X@redhat ~]$ ping 192.168.1.100
  PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
  From 192.168.1.109 icmp_seq=1 Destination Host Unreachable
  From 192.168.1.109 icmp_seq=2 Destination Host Unreachable
  From 192.168.1.109 icmp_seq=3 Destination Host Unreachable
  ^C
  --- 192.168.1.100 ping statistics ---
  5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4427ms
  pipe 3
  [X@redhat ~]$
  Last edited by scarletxfi (2010-07-19 02:48:10)

  more info :
  dmesg before drop
  Jun 20 00:58:18 Archer init: Entering runlevel: 3
  Jun 20 00:58:18 Archer dhcpcd: version 5.2.2 starting
  Jun 20 00:58:18 Archer dhcpcd: eth0: rebinding lease of 192.168.1.102
  Jun 20 00:58:18 Archer dhcpcd: eth0: acknowledged 192.168.1.102 from 192.168.1.1
  Jun 20 00:58:18 Archer dhcpcd: eth0: checking for 192.168.1.102
  Jun 20 00:58:23 Archer dhcpcd: eth0: leased 192.168.1.102 for 86400 seconds
  Jun 20 00:58:23 Archer dhcpcd: forking to background
  Jun 20 16:04:36 Archer kernel: Initializing cgroup subsys cpuset
  syslog
  Jun 20 00:54:40 Archer syslog-ng[2173]: syslog-ng shutting down; version='3.1.1'
  Jun 20 00:58:18 Archer syslog-ng[1431]: syslog-ng starting up; version='3.1.1'
  Jun 20 16:04:36 Archer syslog-ng[1443]: syslog-ng starting up; version='3.1.1'
  Jun 20 16:10:10 Archer syslog-ng[1443]: Termination requested via signal, terminating;
  Jun 20 16:10:10 Archer syslog-ng[1443]: syslog-ng shutting down; version='3.1.1'
  Jun 20 16:10:45 Archer syslog-ng[1432]: syslog-ng starting up; version='3.1.1'
  kernel.log
  Jun 20 00:58:18 Archer kernel: e100: Intel(R) PRO/100 Network Driver, 3.5.24-k2-NAPI
  Jun 20 00:58:18 Archer kernel: e100: Copyright(c) 1999-2006 Intel Corporation
  Jun 20 00:58:18 Archer kernel: e100 0000:05:08.0: PCI INT A -> GSI 20 (level, low) -> IRQ 20
  Jun 20 00:58:18 Archer kernel: [drm] set up 15M of stolen space
  Jun 20 00:58:18 Archer kernel: [drm] initialized overlay support
  Jun 20 00:58:18 Archer kernel: e100 0000:05:08.0: PME# disabled
  Jun 20 00:58:18 Archer kernel: e100: eth0: e100_probe: addr 0xf8900000, irq 20, MAC addr 00:08:02:c2:53:99
  Jun 20 00:58:18 Archer kernel: No connectors reported connected with modes
  Jun 20 00:58:18 Archer kernel: [drm] Initialized i915 1.6.0 20080730 for 0000:00:02.0 on minor 0
  Jun 20 00:58:18 Archer kernel: EXT4-fs (sda4): mounted filesystem with ordered data mode
  Jun 20 00:58:18 Archer kernel: Adding 265064k swap on /dev/sda2. Priority:-1 extents:1 across:265064k
  Jun 20 00:58:18 Archer kernel: e100: eth0 NIC Link is Up 100 Mbps Full Duplex
  Jun 20 16:04:36 Archer kernel: Initializing cgroup subsys cpuset
  messages
  Jun 20 00:58:18 Archer init: Entering runlevel: 3
  Jun 20 00:58:18 Archer dhcpcd: version 5.2.2 starting
  Jun 20 00:58:18 Archer dhcpcd: eth0: rebinding lease of 192.168.1.102
  Jun 20 00:58:18 Archer dhcpcd: eth0: acknowledged 192.168.1.102 from 192.168.1.1
  Jun 20 00:58:18 Archer dhcpcd: eth0: checking for 192.168.1.102
  Jun 20 00:58:23 Archer dhcpcd: eth0: leased 192.168.1.102 for 86400 seconds
  if needed i will provide more info.