[SOLVED] Hook for Arch to optionally run "LIVE"

Similar Messages

• [SOLVED] Advice for Arch install with rEFInd dual boot Lenovo laptop?

  I am trying to plan an Arch install on a new laptop for dual boot with Windows 8.1, but I know there is a potential to cause huge problems so I have been trying to read and learn about the hard disk partition structure and how I might install the rEFInd boot files so that I am still able to boot Windows once Arch is installed. (Unfortunately for some tasks such as updating the maps on my satnav box Windows is essential). However I am really quite unsure if I am doing the right thing in the way I am thinking about the Arch install so I would appreciate any help from experts on the forum.
  The laptop is a Lenovo IdeaPad Y510p which came with Windows 8 pre-installed, with the option to upgrade to Windows 8.1.  The upgrade was completed without issue and I then looked into the question of hard drive partitions and boot.  I had read posts on the Ubuntu forums about users who had installed Ubuntu on this same laptop and ended up being unable to boot Windows afterwards so I wanted to tread very carefully before executing anything which might cause really major damage. I had also read on the Lenovo forums replies about people who had replaced the hard drive and installed linux only to find that they could  not boot to the recovery partitions, with replies from Lenovo moderators saying that if the partition structure had been changed then the laptop would have to be sent back to Lenovo for a factory repair.
  On this laptop to get into the bios or boot options you do not just press the power button and hit an F key, but instead there is a special small "OneKey Recovery" button next to the power jack, which opens up with options for BIOS setup and boot options as well as normal boot or recovery. This OneKey Recovery button is therefore needed to boot a usbkey - the power button only allows it to boot to windows presumably until/unless a different bootloader and NVRAM entry is amended.
  I have done all the initial ( safe!)changes necessary to move to the point at which I can execute the Arch install. From within Windows (switched off fastboot, and shrunk the "C:" drive to make space for linux partitions).  I have also switched off Secure Boot from the BIOS, and made sure that Windows still boots up fine.
  The current arch install iso (February 2014) boots under uefi just fine - and of course once booted I have access to the gdisk programme.  That certainly showed the pre-existing partitions on the drive (8 partitions with partition number 2 being the EFI partition, and three recovery partitions!) with a GPT partition table, and it should therefore be possible to make the necessary new linux partitions in the now unallocated space on the disk that was freed up with the internal disk management facility within Windows 8.1.  So at that point I created three partitions for a root partition (type 8300), a swap partition (type 8200) and another type 8300 partition which will become /opt in the installed Arch system.
  In order to try and not make any changes to the partition structure I let the three new linux partitions be number 9, 10 and 11.
  I am told that for a GPT disk it is a definite no-no to try to create more than one EFI partition. So I will need to use the existing EFI partition to place the rEFInd files and the kernel once I install Arch.
  In this (Y510p) laptop the EFI partition contains the following structure:
  BOOT/ - containing only boot.sdi
  BOOTSECT.BAK
  EFI/ which contains two directories Boot/ and Microsoft/
  so EFI/Boot/ contains only Boot64.efi which is likely a fallback copy of the Windows 8.1 bootloader
  and EFI/Microsoft/ contains a Boot/ directory - so
  EFI/Microsoft/Boot/ contains loads of language specific directories like en-GB/
  plus bootmgfw.efi (which I believe is the Windows main efi loader file)
  bootmgr.efi
  memtest.efi
  The scheme that I am planning to use which I have previously used in pure Arch uefi machines, is that /boot is a directory in the root partition, /. That way /boot is an ext4 directory and will contain the kernel and initramfs plus the rEFInd linux config file.
  Then I can mount the EFI (vfat) partition as /boot/efi and so I can then make a /boot partition under /.  Then the EFI /BOOT/ directory would be seen in Linux as /boot/efi/BOOT/ and the Windows efi stuff would be in /boot/efi/EFI/Boot/Microsoft/Boot/ in which case I would presume that I have to make a new directory in /boot/efi/EFI/refind/ and put the refind stuff including the filesystem drivers there, and let the kernel go into the (ext4) /boot/ directory which would be preferred!  However I am not 100% confident that this is what will work and I need to read more before trying to do the install. The thing that concerns me is how the system will handle the uefi boot process, and whether it would auto-detect the Windows efi file as well as the Arch refind efi file once the system has started up?
  ... and then there is the issue of the NVRAM entries and I am no longer confident that if I use the usual tools to create an entry (efiboomgr or bcfg), that I will get a successful dual boot system!
  There is still a chance that I would irrevocably damage being able to boot to the Windows and Recovery partition boot options by messing up the EFI and/or the NVRAM so I have to tread very very carefully with this.
  If anyone has gone through this kind of dual boot install with a Windows 8 or 8.1 machine using rEFInd for the bootloader, and can offer advice or help here I would very much appreciate it.  I have another pure Arch system which uses rEFInd that works extremely well, but it seems that dual boot with uefi is a rather more complex animal than a pure linux system!
  Last edited by mcloaked (2014-02-22 10:06:03)

  vipin wrote:I have recently bought the y510p , im planning to install Arch , this is my 4th laptop , i had installed Arch in all the other 3 with no problems, but im a bit worried with the installation as this is the first laptop which has EFI , im a linux user for the past 6 years , i started with fedora , now i like Arch , mike documentation is excellent, i just had one question when i had grub , it automatically finds the new kernel when i update (grub.conf/menu.lst gets updated), does rEFInd also do that.
  When there is an update to the rEFInd package you need to copy the files across to your ESP from the files contained in /usr/share/refind/  usually you need to copy the refind_x64.efi binary as well as the icons, fonts, and drivers directories.  Since there is flexibility in how you configure the kernel and initrd files in terms of where they are located whether you need to do anything else when a new kernel update arrives depends on how you set your system up.  If you have the /boot directory as your ESP partition which will then have the kernel and initrd files updated by default then there no need to do anything else when there is a kernel update. If the ESP is then at /boot/EFI and within that is your refind/ directory then that is where the replacement files go if refind-efi gets a pacman update. So it is actually fairly straight forward. If you configure rEFInd to look for kernels in some other directory than /boot/ then you may need to copy the files there after a kernel update but there is more information in the arch wiki about this.
  During a refind-efi package update there are helpful files in the pacman output (and log) reminding you of what you need to do.  eg for the latest refind-efi update you get:
  [2014-06-18 18:48] [PACMAN] upgraded radvd (1.12-1 -> 1.13-1)
  [2014-06-18 18:48] [ALPM-SCRIPTLET]
  [2014-06-18 18:48] [ALPM-SCRIPTLET] rEFInd UEFI application has been installed at /usr/share/refind/refind_*.efi
  [2014-06-18 18:48] [ALPM-SCRIPTLET]
  [2014-06-18 18:48] [ALPM-SCRIPTLET] Other UEFI applications have been installed at /usr/share/refind/tools_*/
  [2014-06-18 18:48] [ALPM-SCRIPTLET]
  [2014-06-18 18:48] [ALPM-SCRIPTLET] UEFI drivers have been installed at /usr/share/refind/drivers_*/
  [2014-06-18 18:48] [ALPM-SCRIPTLET]
  [2014-06-18 18:48] [ALPM-SCRIPTLET] Copy the efi application (according to your UEFI ARCH)
  [2014-06-18 18:48] [ALPM-SCRIPTLET] and /usr/share/refind/refind.conf-sample to a sub-directory of <EFISYS>/EFI/
  [2014-06-18 18:48] [ALPM-SCRIPTLET] as refind.conf and add an entry to firmware boot menu using efibootmgr
  [2014-06-18 18:48] [ALPM-SCRIPTLET] or mactel-boot (for Macs)
  [2014-06-18 18:48] [ALPM-SCRIPTLET]
  [2014-06-18 18:48] [ALPM-SCRIPTLET] rEFInd Icons have been installed at /usr/share/refind/icons/
  [2014-06-18 18:48] [ALPM-SCRIPTLET] rEFInd Fonts have been installed at /usr/share/refind/fonts/
  [2014-06-18 18:48] [ALPM-SCRIPTLET]
  [2014-06-18 18:48] [ALPM-SCRIPTLET] HTML Documentation is available at /usr/share/refind/docs/html/
  [2014-06-18 18:48] [ALPM-SCRIPTLET]
  [2014-06-18 18:48] [ALPM-SCRIPTLET] More info: [url]https://wiki.archlinux.org/index.php/UEFI_Bootloaders#Using_rEFInd[/url]
  [2014-06-18 18:48] [ALPM-SCRIPTLET]
  [2014-06-18 18:48] [PACMAN] upgraded refind-efi (0.8.1-1 -> 0.8.2-1)
  I hope that helps.
  By the way you can also boot uefi using grub and in fact you can get rEFInd to chainload grub as a backup bootloader as an added safety factor and have both rEFInd as well as grub installed simultaneously. How that can be done is explained in the thread at https://bbs.archlinux.org/viewtopic.php?id=181906
  Last edited by mcloaked (2014-06-25 17:41:12)

• [Solved] Looking for arch's original man page color codes

  Hey everyone. I'm new to arch, and enjoying having everything begin to work out for me. One thing I was wondering though is what the color codes are that the man pages use before X is loaded or anything similar.
  Per the archwiki, I'm using the following to provide myself with colored man pages in urxvt:
  From .Xresources:
  ! colored man pages on rxvt-unicode-256color
  URxvt.colorIT: #87af5f
  URxvt.colorBD: #d7d7d7
  URxvt.colorUL: #87afd7
  This works, but it's not the same colorscheme as what arch starts out with initially. Anyone know what that colorscheme is? Or where I could look to find it?
  Last edited by zematis (2014-05-12 22:21:30)

  ayekat, thanks for the warm welcome!
  ayekat wrote:What article in the wiki?
  Here's the section in the Wiki I was referring to:
  https://wiki.archlinux.org/index.php/ma … vt-unicode
  karol wrote:Are you talking about using man pages before installing Arch or after installing but in the tty? Do you want to get the same colors in X?
  (I think) I was talking about the colors that the man pages are in the TTY. Specifically, my processes is:
  Boot up arch
  Login (X yet not started)
  Look at a man page - like the colors
  Startx - boot to window manager (i3)
  Look at a man page - want to change the colors
  That said, I liked the colors the man pages had before installing Arch quite a bit, and wouldn't object to learning what those are.
  ayekat wrote:Here you are changing how urxvt displays characters that are marked as underline, italic or bold; in particular you are changing their colours.
  The thing is, it won't only affect man pages viewed in urxvt, but everything.
  Makes sense
  ayekat wrote:As for changing the colour scheme of the manpage, you'll probably want to do it more properly, using the LESS_TERMCAP environment variables.
  I tried copying your format to my .bashrc and it worked great! So that's a win. Now I just need to figure out what the '\e[#;#;#m' numbers mean. I think I can probably handle that one on my own though. I found a resource here at:
  http://misc.flogisoft.com/bash/tip_colo … ng#colors2
  And it looks like it covers what I need to know.
  Thanks for your help!
  And honestly, at this point I think I can figure out what colorscheme I like given the info at hand. So I think we can call this one taken care of.
  If it interests anyone, I found a .sh script at the above link to display all 256 colors, then modified it to show the colors bolded, italicized etc. Here's the script:
  #!/bin/bash
  # This program is free software. It comes without any warranty, to
  # the extent permitted by applicable law. You can redistribute it
  # and/or modify it under the terms of the Do What The Fuck You Want
  # To Public License, Version 2, as published by Sam Hocevar. See
  # http://sam.zoy.org/wtfpl/COPYING for more details.
  for coltype in {0..8} ; do # Bold, Italic etc.
    for fgbg in 38 48 ; do #Foreground/Background
      for color in {0..256} ; do #Colors
        #Display the color
        echo -en "\e[(0${coltype});(${fgbg};5;${color}m ${color}\t\e[0m"
        #Display 10 colors per lines
        if [ $((($color + 1) % 10)) == 0 ] ; then
          echo #New line
        fi
      done
      echo #New line
      echo #New line
    done
    echo #New line
  done
  exit 0

• How To... Change the Data Type for a SELECT-OPTIONS at run time.

  Hello,
  I am trying to restrict the values available for entry into a SELECT-OPTIONS at run time depending on user input.
  The logic is as follows. The user has two input fields. A PARAMETER field which has the type RSDIOBJNM and allows them to choose an InfoObject. And the user has a SELECT-OPTIONS field to allow them to select the Characteristic values for that InfoObject.
  I would like the following example to be possible:
  The user enters 0MATERIAL into the PARAMETER. When the user clicks on the SELECT-OPTIONS control code will derive a list of possible options the user can enter in the SELECT-OPTIONS. In this case only values found in the master data or at least no values greater than 18 characters.
  I have looked at the following function module SELECT_OPTIONS_RESTRICT and this do not appear to be helpful as they only restrict on the signs allowed for the values (unless I misunderstand, it is a complex function module!).
  The code I have so far is (thus the user enters a InfoObject into p_char1 and the select options so_char1 should only accept active values of that InfoObject):
  declaration of variables for user interface
    DATA c_char(32) TYPE c.
  declaration of count variable
    DATA i_count TYPE i.
  declaration of user interface
    SELECTION-SCREEN BEGIN OF BLOCK a1 WITH FRAME TITLE text-001.
      PARAMETERS: p_ipack TYPE RSLOGDPID.
    SELECTION-SCREEN END OF BLOCK a1.
    SELECTION-SCREEN BEGIN OF BLOCK b1 WITH FRAME TITLE text-002.
      PARAMETERS: p_char1 TYPE RSDIOBJNM.
      SELECT-OPTIONS: so_char1  for c_char NO INTERVALS.
      PARAMETERS: p_char2 TYPE RSDIOBJNM.
      SELECT-OPTIONS: so_char2  for c_char NO INTERVALS.
      PARAMETERS: p_char3 TYPE RSDIOBJNM.
      SELECT-OPTIONS: so_char3  for c_char NO INTERVALS.
    SELECTION-SCREEN END OF BLOCK b1.
  Is what I am trying to do possible???
  Thanks for any help. Ross.

  You really want to restrict possible values of a select-option based on another field, not change the length of type of the select-option field, right?
  Here is what you do:  Code a custom F4 value help for the select-option at event AT SELECTION-SCREEN ON VALUE REQUEST FOR..  The first thing you do here is read the value of the parameter field (p_ipack in your example).  You can use function module DYNP_VALUES_READ.  Based on this value, you can propose values for the select-option fields.  Note that the use can still enter whatever s(he) wishes in to the select-option field without pressing F4. In this case, you will have to code some input validations taking into account the value in the p_ipack field.

• Recently downloaded FLAC app. and want to stream 96/24 to my stereo system. Whats best wireless and hard wired option for a 30 foot run.

  Recently downloaded FLAC app. and want to stream 96/24 to my stereo system. Whats best wireless and hard wired option for a 30 foot run?

  Try these 3 possible solutions:
  1. Restart iPad
  Hold down the Sleep/Wake button until the red slider appears. Slide your finger across the slider to turn off iPad. To turn iPad back on, hold down the Sleep/Wake until the Apple logo appears.
  2. Close inactive Apps
  Double-click the Home button; hold Apps down (in the Task Bar) for a second or two until you see the minus sign. Tap and close all inactive Apps.
  3. Reset iPad
  Hold down the Sleep/Wake button and the Home button at the same time for at least ten seconds, until the Apple logo appears. Ignore the red slider.

• Why not? kdemod + arch kde, same for arch live +chakra

  Sorry for bug you people, but now that the waters are calm, i wanna ask a simple cuestion, why 2 proyects for the same task, arch kde and kdemod, same for arch live and chakra.
  as user of both i think if all join the efforts, arch could be even better and erase the problems  spesific for kde  or kdemod, i now... linux is choice, and diferent aproachs(now are very close i think). but, ARCH Linux is one of the finnest distros and unified it, could make ready for be a popular wide users target distro.
  linux is choice, but community is common efforts for a greater resoults.

  drelyn86 wrote:Maybe the Chakra project should use Arch KDE rather than KDEmod. Then they could spend less time splitting packages, and more time fixing that god-awful Shaman application. I understand their liveCD is still in Alpha testing.
  Agree! Altho arch should have used kdemod as its kde in the first place

• My iTunes is not opening it says this version of iTunes has not been correctly localized for this language.Please run the english version, what can i do to solve it, this problem occurs in all user accounts.

  My iTunes is not working, it says This version of iTunes has not been correctly localized for this language.Please run the english version. But it is already the english version, and this problem occurs in all the user accounts. What can I do?

  Let's try a repair install of iTunes.
  Restart the PC first.
  If you're using Vista or 7, now head into your Uninstall a program control panel, select "iTunes" and then click "Repair".
  If you're using XP, head into your Add or Remove Programs control panel, select "iTunes", and click "Change". Select "Repair" and click "Next" as per the following screenshot:
  Can you launch your iTunes now?

• [solved]Waiting for UDEV .... and other issues. ARCH magi please help!

  see what i did there? with "ARCH" mage? haha
  Anyways........
  Attempting an install and cant get passe the waiting for udev events to be processed phase.
  -ASRock 890FX DELUXE3 AM3 AMD 890FX SATA 6Gb/s USB 3.0 ATX AMD Motherboard
  -AMD Phenom II X4 965 Black Edition Deneb 3.4GHz Socket AM3 125W Quad-Core Processor
  - G.SKILL Ripjaws Series 8GB (2 x 4GB) 240-Pin DDR3 SDRAM DDR3 1333 (PC3 10666) Desktop Memory
  - COOLER MASTER Silent Pro Gold Series RS800-80GAD3-US 800W ATX 12V v2.3 / EPS 12V v2.92 SLI Ready CrossFire Ready 80 PLUS GOLD Certified Modular Active PFC Power Supply
  -Sony Optiarc Black IDE DVD-ROM Drive
  - (x2) 250 gb hdd
  Peripherals (tried with these unplugged as well)
  - Saitek CCB437050002/04/1 Black USB Wired Laser Cyborg R.A.T. 5 Gaming Mouse
  - Microsoft SideWinder X6 Black Keyboard Win USB
  - Creative Fatal1ty Gaming Headset
  I tried downloading other versions (releases whatever) and still no dice. It always hangs on waiting for Udev events.
  The Net install gets further and asks for a password and user name ( trying the default root password isn't working, after multiple attempts returns me to login prompt).
  I have various issues with other distributions as well here are some of the others I have tried so far:
  Gentoo: hangs at Syslinux 3.86 2010-04-01 ebios line
  Ubuntu: hangs after selecting boot/ install ubuntu
  Arch linux: see above
  Chakra: does not recognize anything no boot screen or anything just hangs at blinking cursor or boots into windows
  PeppermintOS: hangs at SYS LINUX screen as well.
  Please help me Arch linux wan kanobi you are my only hope!
  Im lost... and am new to Arch linux though I have done allot of research on it and cant find an answer. I have been using linux for a while in the past, and have installed multiple distributions before without issue. The udev error is from a cd boot....
  Last edited by 3picgillftw (2012-05-15 08:04:44)

  I'm having this same problem, but the machine locks up for no less than 10 hours (I let it set all night). At the startup screen, it still shows "Starting udevd..." and remains there. I tried looking at the logs, but nothing gives any sort of indication of what is causing it to hang up forever. I don't have a Realtek (dmesg shows Intel(R) PRO/1000 Network Driver - 1.5.1-k). As I'm still struggling with Linux at such a low level, it would probably be best to wait for the fix.
  BTW, Thank you to the developers, tech support, helpers, etc. etc. for Arch Linux and all their hard work/support, without which I would be totally lost and wandering aimlessly through a barren desert with a canteen full of sand and no direction in which to go and have no real meaning or purpose in life (a.k.a. using Windows).
  In case this is helpful to anyone else:
  ASUS Crosshair V Formula
  AMD 6100 FX cpu
  USB N13 Wireless-N adapter
  ASUS GTX550 Ti
  Corsair Vengance 16GB
  Last edited by 12o (2012-01-24 21:48:57)

• [SOLVED] Grub entry for Arch console-mode

  Is there any way to add a grub menuentry to start arch without x?
  Last edited by Quatro (2014-08-21 00:14:42)

  By menuentry i assume you mean one other than the default for arch.
  There is, I believe this may help you. https://wiki.archlinux.org/index.php/GR … b-mkconfig
  Currently on phone so its too hard to give exact instructions atm. Internets out -.-

• [Solved]Are there any ipv6 sources for arch ?

  I'm a arch user in Edu net, I have only 6G flows each month, so I want to find  source repositories in ipv6,
  are there any ipv6 sources for arch ?
  Last edited by mihail (2011-10-08 15:04:54)

  mihail wrote:
  SidK wrote:https://www.archlinux.org/mirrorlist/ lets you create a mirrorlist file of ipv6 hosts only
  谢谢～
  I don't understand your answer.
  What do you mean by "source repositories"? The term 'repository' means 'a bunch of precompiled packages', Arch repositories host binaries, not source tarballs.

• System encryption using LUKS and GPG encrypted keys for arch linux

  Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
  Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
  Update: 2013-01-13: Updated the hook files using the corrections by Deth.
  Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
  I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
  Intro
  Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
  Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
  Conventions
  In this short guide, I use the following disk/partition names:
  /dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
  /dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
  /dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
  Credits
  Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
  Guide
  1. Boot the arch live cd
  I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
  2. Set keymap
  Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
  3. Wipe your discs
  ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
  Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
  shred -v /dev/sda
  shred -v /dev/sdb
  4. Partitioning
  Fire up fdisk and create the following partitions:
  /dev/sda1, type linux swap.
  /dev/sda2: type linux
  /dev/sda3: type linux
  /dev/sdb1, type linux
  Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
  5. Format  and mount the usb stick
  Create an ext2 filesystem on /dev/sdb1:
  mkfs.ext2 /dev/sdb1
  mkdir /root/usb
  mount /dev/sdb1 /root/usb
  cd /root/usb # this will be our working directory for now.
  Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
  6. Configure the network (if not already done automatically)
  ifconfig eth0 192.168.0.2 netmask 255.255.255.0
  route add default gw 192.168.0.1
  echo "nameserver 192.168.0.1" >> /etc/resolv.conf
  (this is just an example, your mileage may vary)
  7. Install gnupg
  pacman -Sy
  pacman -S gnupg
  Verify that gnupg works by launching gpg.
  8. Create the keys
  Just to be sure, make sure swap is off:
  cat /proc/swaps
  should return no entries.
  Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
  dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
  dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
  Choose a strong password!!
  Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
  Note that the default cipher for gpg is cast5, I just chose to use a different one.
  9. Create the encrypted devices with cryptsetup
  Create encrypted swap:
  cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
  You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
  Important: From the Cryptsetup 1.1.2 Release notes:
  Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
      if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
        as normal binary file and no new line is interpreted.
      if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
        stop after new line is detected.
  If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
  gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
  gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
  Check for any errors.
  10. Open the luks devices
  gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
  gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
  If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
  11. Start the installer /arch/setup
  Follow steps 1 to 3.
  At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
  Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
  Select DONE to start formatting.
  At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
  Start step 6 (Install packages).
  Go to step 7 (Configure System).
  By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
  Edit /etc/fstab:
  /dev/mapper/root / ext4 defaults 0 1
  /dev/mapper/swap swap swap defaults 0 0
  /dev/mapper/var /var ext4 defaults 0 1
  # /dev/sdb1 /boot ext2 defaults 0 1
  Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
  Go to step 8 (install boot loader).
  Be sure to change the kernel line in menu.lst:
  kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
  Don't forget the :root suffix in cryptdevice!
  Also, my root line was set to (hd1,0). Had to change that to
  root (hd0,0)
  Install grub to /dev/sdb (the usb stick).
  Now, we can exit the installer.
  12. Install mkinitcpio with the etwo hook.
  Create /mnt/lib/initcpio/hooks/etwo:
  #!/usr/bin/ash
  run_hook() {
  /sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
  if [ -e "/sys/class/misc/device-mapper" ]; then
  if [ ! -e "/dev/mapper/control" ]; then
  /bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
  fi
  [ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
  # Get keyfile if specified
  ckeyfile="/crypto_keyfile"
  usegpg="n"
  if [ "x${cryptkey}" != "x" ]; then
  ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
  ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
  ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
  if poll_device "${ckdev}" ${rootdelay}; then
  case ${ckarg1} in
  *[!0-9]*)
  # Use a file on the device
  # ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
  if [ "${ckarg2#*.}" = "gpg" ]; then
  ckeyfile="${ckeyfile}.gpg"
  usegpg="y"
  fi
  mkdir /ckey
  mount -r -t ${ckarg1} ${ckdev} /ckey
  dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
  umount /ckey
  # Read raw data from the block device
  # ckarg1 is numeric: ckarg1=offset, ckarg2=length
  dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
  esac
  fi
  [ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
  fi
  if [ -n "${cryptdevice}" ]; then
  DEPRECATED_CRYPT=0
  cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
  cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
  else
  DEPRECATED_CRYPT=1
  cryptdev="${root}"
  cryptname="root"
  fi
  warn_deprecated() {
  echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
  echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
  if poll_device "${cryptdev}" ${rootdelay}; then
  if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
  [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
  dopassphrase=1
  # If keyfile exists, try to use that
  if [ -f ${ckeyfile} ]; then
  if [ "${usegpg}" = "y" ]; then
  # gpg tty fixup
  if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
  cp -a /dev/console /dev/tty
  while [ ! -e /dev/mapper/${cryptname} ];
  do
  sleep 2
  /usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
  dopassphrase=0
  done
  rm /dev/tty
  if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
  else
  if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
  dopassphrase=0
  else
  echo "Invalid keyfile. Reverting to passphrase."
  fi
  fi
  fi
  # Ask for a passphrase
  if [ ${dopassphrase} -gt 0 ]; then
  echo ""
  echo "A password is required to access the ${cryptname} volume:"
  #loop until we get a real password
  while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
  sleep 2;
  done
  fi
  if [ -e "/dev/mapper/${cryptname}" ]; then
  if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
  export root="/dev/mapper/root"
  fi
  else
  err "Password succeeded, but ${cryptname} creation failed, aborting..."
  exit 1
  fi
  elif [ -n "${crypto}" ]; then
  [ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
  msg "Non-LUKS encrypted device found..."
  if [ $# -ne 5 ]; then
  err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
  err "Non-LUKS decryption not attempted..."
  return 1
  fi
  exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
  tmp=$(echo "${crypto}" | cut -d: -f1)
  [ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f2)
  [ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f3)
  [ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f4)
  [ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
  tmp=$(echo "${crypto}" | cut -d: -f5)
  [ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
  if [ -f ${ckeyfile} ]; then
  exe="${exe} --key-file ${ckeyfile}"
  else
  exe="${exe} --verify-passphrase"
  echo ""
  echo "A password is required to access the ${cryptname} volume:"
  fi
  eval "${exe} ${CSQUIET}"
  if [ $? -ne 0 ]; then
  err "Non-LUKS device decryption failed. verify format: "
  err " crypto=hash:cipher:keysize:offset:skip"
  exit 1
  fi
  if [ -e "/dev/mapper/${cryptname}" ]; then
  if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
  export root="/dev/mapper/root"
  fi
  else
  err "Password succeeded, but ${cryptname} creation failed, aborting..."
  exit 1
  fi
  else
  err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
  fi
  fi
  rm -f ${ckeyfile}
  fi
  Create /mnt/lib/initcpio/install/etwo:
  #!/bin/bash
  build() {
  local mod
  add_module dm-crypt
  if [[ $CRYPTO_MODULES ]]; then
  for mod in $CRYPTO_MODULES; do
  add_module "$mod"
  done
  else
  add_all_modules '/crypto/'
  fi
  add_dir "/dev/mapper"
  add_binary "cryptsetup"
  add_binary "dmsetup"
  add_binary "/usr/bin/gpg"
  add_file "/usr/lib/udev/rules.d/10-dm.rules"
  add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
  add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
  add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
  add_runscript
  help ()
  cat<<HELPEOF
  This hook allows for an encrypted root device with support for gpg encrypted key files.
  To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
  to your BINARIES var in /etc/mkinitcpio.conf.
  HELPEOF
  Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
  MODULES=”ext2 ext4” # not sure if this is really nessecary.
  BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
  HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
  Copy the initcpio stuff over to the live cd:
  cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
  cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
  cp /mnt/etc/mkinitcpio.conf /etc/
  Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
  Now reinstall the initcpio:
  mkinitcpio -g /mnt/boot/kernel26.img
  Make sure there were no errors and that all hooks were included.
  13. Decrypt the "var" key to the encrypted root
  mkdir /mnt/keys
  chmod 500 /mnt/keys
  gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
  chmod 400 /mnt/keys/var
  14. Setup crypttab
  Edit /mnt/etc/crypttab:
  swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
  var /dev/sda2 /keys/var
  15. Reboot
  We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names.  I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
  Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
  Last edited by fabriceb (2013-01-15 22:36:23)

  I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
  Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
  any idea ?
  #!/bin/bash
  # This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
  # prereqs:
  # EFI "BIOS" set to boot *only* from EFI
  # successful EFI boot of Archboot USB
  # mount /dev/sdb1 /src
  set -o nounset
  #set -o errexit
  # Host specific configuration
  # this whole script needs to be customized, particularly disk partitions
  # and configuration, but this section contains global variables that
  # are used during the system configuration phase for convenience
  HOSTNAME=daniel
  USERNAME=user
  # Globals
  # We don't need to set these here but they are used repeatedly throughout
  # so it makes sense to reuse them and allow an easy, one-time change if we
  # need to alter values such as the install target mount point.
  INSTALL_TARGET="/install"
  HR="--------------------------------------------------------------------------------"
  PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
  TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
  CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
  FILE_URL="file:///packages/core-$(uname -m)/pkg"
  FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
  HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
  # Functions
  # I've avoided using functions in this script as they aren't required and
  # I think it's more of a learning tool if you see the step-by-step
  # procedures even with minor duplciations along the way, but I feel that
  # these functions clarify the particular steps of setting values in config
  # files.
  SetValue () {
  # EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
  VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
  sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
  CommentOutValue () {
  VALUENAME="$1" FILEPATH="$2"
  sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
  UncommentValue () {
  VALUENAME="$1" FILEPATH="$2"
  sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
  # Initialize
  # Warn the user about impending doom, set up the network on eth0, mount
  # the squashfs images (Archboot does this normally, we're just filling in
  # the gaps resulting from the fact that we're doing a simple scripted
  # install). We also create a temporary pacman.conf that looks for packages
  # locally first before sourcing them from the network. It would be better
  # to do either *all* local or *all* network but we can't for two reasons.
  # 1. The Archboot installation image might have an out of date kernel
  # (currently the case) which results in problems when chrooting
  # into the install mount point to modprobe efivars. So we use the
  # package snapshot on the Archboot media to ensure our kernel is
  # the same as the one we booted with.
  # 2. Ideally we'd source all local then, but some critical items,
  # notably grub2-efi variants, aren't yet on the Archboot media.
  # Warn
  timer=9
  echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
  echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
  while [[ $timer -gt 0 ]]
  do
  sleep 1
  let timer-=1
  echo -en "$timer seconds..."
  done
  echo "STARTING"
  # Get Network
  echo -n "Waiting for network address.."
  #dhclient eth0
  dhcpcd -p eth0
  echo -n "Network address acquired."
  # Mount packages squashfs images
  umount "/packages/core-$(uname -m)"
  umount "/packages/core-any"
  rm -rf "/packages/core-$(uname -m)"
  rm -rf "/packages/core-any"
  mkdir -p "/packages/core-$(uname -m)"
  mkdir -p "/packages/core-any"
  modprobe -q loop
  modprobe -q squashfs
  mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
  mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
  # Create temporary pacman.conf file
  cat << PACMANEOF > /tmp/pacman.conf
  [options]
  Architecture = auto
  CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
  CacheDir = /packages/core-$(uname -m)/pkg
  CacheDir = /packages/core-any/pkg
  [core]
  Server = ${FILE_URL}
  Server = ${FTP_URL}
  Server = ${HTTP_URL}
  [extra]
  Server = ${FILE_URL}
  Server = ${FTP_URL}
  Server = ${HTTP_URL}
  #Uncomment to enable pacman -Sy yaourt
  [archlinuxfr]
  Server = http://repo.archlinux.fr/\$arch
  PACMANEOF
  # Prepare pacman
  [[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
  [[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
  ${PACMAN} -Sy
  ${TARGET_PACMAN} -Sy
  # Install prereqs from network (not on archboot media)
  echo -e "\nInstalling prereqs...\n$HR"
  #sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
  UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
  ${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
  # Configure Host
  # Here we create three partitions:
  # 1. efi and /boot (one partition does double duty)
  # 2. swap
  # 3. our encrypted root
  # Note that all of these are on a GUID partition table scheme. This proves
  # to be quite clean and simple since we're not doing anything with MBR
  # boot partitions and the like.
  echo -e "format\n"
  # shred -v /dev/sda
  # disk prep
  sgdisk -Z /dev/sda # zap all on disk
  #sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
  sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
  #sgdisk -a 2048 -o /dev/mmcb1k0
  # create partitions
  sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
  sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
  sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
  #sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
  # set partition types
  sgdisk -t 1:ef00 /dev/sda
  sgdisk -t 2:8200 /dev/sda
  sgdisk -t 3:8300 /dev/sda
  #sgdisk -t 1:0700 /dev/mmcb1k0
  # label partitions
  sgdisk -c 1:"UEFI Boot" /dev/sda
  sgdisk -c 2:"Swap" /dev/sda
  sgdisk -c 3:"LUKS" /dev/sda
  #sgdisk -c 1:"Key" /dev/mmcb1k0
  echo -e "create gpg file\n"
  # create gpg file
  dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
  echo -e "format LUKS on root\n"
  # format LUKS on root
  gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
  echo -e "open LUKS on root\n"
  gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
  # NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
  # NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
  # make filesystems
  # following swap related commands not used now that we're encrypting our swap partition
  #mkswap /dev/sda2
  #swapon /dev/sda2
  #mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
  echo -e "\nCreating Filesystems...\n$HR"
  # make filesystems
  mkfs.ext4 /dev/mapper/root
  mkfs.vfat -F32 /dev/sda1
  #mkfs.vfat -F32 /dev/mmcb1k0p1
  echo -e "mount targets\n"
  # mount target
  #mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
  mount /dev/mapper/root ${INSTALL_TARGET}
  # mount target
  mkdir ${INSTALL_TARGET}
  # mkdir ${INSTALL_TARGET}/key
  # mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
  mkdir ${INSTALL_TARGET}/boot
  mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
  # Install base, necessary utilities
  mkdir -p ${INSTALL_TARGET}/var/lib/pacman
  ${TARGET_PACMAN} -Sy
  ${TARGET_PACMAN} -Su base
  # curl could be installed later but we want it ready for rankmirrors
  ${TARGET_PACMAN} -S curl
  ${TARGET_PACMAN} -S libusb-compat gnupg
  ${TARGET_PACMAN} -R grub
  rm -rf ${INSTALL_TARGET}/boot/grub
  ${TARGET_PACMAN} -S grub2-efi-x86_64
  # Configure new system
  SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
  sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
  SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
  #following replaced due to netcfg
  #SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
  # write fstab
  # You can use UUID's or whatever you want here, of course. This is just
  # the simplest approach and as long as your drives aren't changing values
  # randomly it should work fine.
  cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
  # /etc/fstab: static file system information
  # <file system> <dir> <type> <options> <dump> <pass>
  tmpfs /tmp tmpfs nodev,nosuid 0 0
  /dev/sda1 /boot vfat defaults 0 0
  /dev/mapper/cryptswap none swap defaults 0 0
  /dev/mapper/root / ext4 defaults,noatime 0 1
  FSTAB_EOF
  # write etwo
  mkdir -p /lib/initcpio/hooks/
  mkdir -p /lib/initcpio/install/
  cp /src/etwo_hooks /lib/initcpio/hooks/etwo
  cp /src/etwo_install /lib/initcpio/install/etwo
  mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
  mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
  cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
  cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
  # write crypttab
  # encrypted swap (random passphrase on boot)
  echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
  # copy configs we want to carry over to target from install environment
  mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
  cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
  mkdir -p ${INSTALL_TARGET}/tmp
  cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
  # mount proc, sys, dev in install root
  mount -t proc proc ${INSTALL_TARGET}/proc
  mount -t sysfs sys ${INSTALL_TARGET}/sys
  mount -o bind /dev ${INSTALL_TARGET}/dev
  echo -e "umount boot\n"
  # we have to remount /boot from inside the chroot
  umount ${INSTALL_TARGET}/boot
  # Create install_efi script (to be run *after* chroot /install)
  touch ${INSTALL_TARGET}/install_efi
  chmod a+x ${INSTALL_TARGET}/install_efi
  cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
  # functions (these could be a library, but why overcomplicate things
  SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
  CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
  UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
  echo -e "mount boot\n"
  # remount here or grub et al gets confused
  mount -t vfat /dev/sda1 /boot
  # mkinitcpio
  # NOTE: intel_agp drm and i915 for intel graphics
  SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
  SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
  SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
  mkinitcpio -p linux
  # kernel modules for EFI install
  modprobe efivars
  modprobe dm-mod
  # locale-gen
  UncommentValue de_AT /etc/locale.gen
  locale-gen
  # install and configure grub2
  # did this above
  #${CHROOT_PACMAN} -Sy
  #${CHROOT_PACMAN} -R grub
  #rm -rf /boot/grub
  #${CHROOT_PACMAN} -S grub2-efi-x86_64
  # you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
  # even omit the cryptdevice altogether, though it will wag a finger at you for using
  # a deprecated syntax, so we're using the correct form here
  # NOTE: take out i915.modeset=1 unless you are on intel graphics
  SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
  # set output to graphical
  SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
  SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
  SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
  # install the actual grub2. Note that despite our --boot-directory option we will still need to move
  # the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
  grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
  # create our EFI boot entry
  # bug in the HP bios firmware (F.08)
  efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
  # copy font for grub2
  cp /usr/share/grub/unicode.pf2 /boot/grub
  # generate config file
  grub-mkconfig -o /boot/grub/grub.cfg
  exit
  EFI_EOF
  # Install EFI using script inside chroot
  chroot ${INSTALL_TARGET} /install_efi
  rm ${INSTALL_TARGET}/install_efi
  # Post install steps
  # anything you want to do post install. run the script automatically or
  # manually
  touch ${INSTALL_TARGET}/post_install
  chmod a+x ${INSTALL_TARGET}/post_install
  cat > ${INSTALL_TARGET}/post_install <<POST_EOF
  set -o errexit
  set -o nounset
  # functions (these could be a library, but why overcomplicate things
  SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
  CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
  UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
  # root password
  echo -e "${HR}\\nNew root user password\\n${HR}"
  passwd
  # add user
  echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
  groupadd sudo
  useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
  passwd ${USERNAME}
  # mirror ranking
  echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
  cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
  mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
  sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
  rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
  # temporary fix for locale.sh update conflict
  mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
  # yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
  echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
  echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
  # additional groups and utilities
  pacman --noconfirm -Syu
  pacman --noconfirm -S base-devel
  pacman --noconfirm -S yaourt
  # sudo
  pacman --noconfirm -S sudo
  cp /etc/sudoers /tmp/sudoers.edit
  sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
  sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
  visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
  # power
  pacman --noconfirm -S acpi acpid acpitool cpufrequtils
  yaourt --noconfirm -S powertop2
  sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
  sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
  # following requires my acpi handler script
  echo "/etc/acpi/handler.sh boot" > /etc/rc.local
  # time
  pacman --noconfirm -S ntp
  sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
  # wireless (wpa supplicant should already be installed)
  pacman --noconfirm -S iw wpa_supplicant rfkill
  pacman --noconfirm -S netcfg wpa_actiond ifplugd
  mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
  echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
  # make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
  sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
  sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
  echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
  echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
  echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
  # sound
  pacman --noconfirm -S alsa-utils alsa-plugins
  sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
  mv /etc/asound.conf /etc/asound.conf.orig || true
  #if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
  # video
  pacman --noconfirm -S base-devel mesa mesa-demos
  # x
  #pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
  #yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
  #TODO: cut down the install size
  #pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
  # TODO: wacom
  # environment/wm/etc.
  #pacman --noconfirm -S xfce4 compiz ccsm
  #pacman --noconfirm -S xcompmgr
  #yaourt --noconfirm -S physlock unclutter
  #pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
  #pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
  #pacman --noconfirm -S ghc
  # note: try installing alex and happy from cabal instead
  #pacman --noconfirm -S haskell-platform haskell-hscolour
  #yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
  #yaourt --noconfirm -S xmobar-git
  # TODO: edit xfce to use compiz
  # TODO: xmonad, but deal with video tearing
  # TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
  # switching to cabal
  # fonts
  pacman --noconfirm -S terminus-font
  yaourt --noconfirm -S webcore-fonts
  yaourt --noconfirm -S fontforge libspiro
  yaourt --noconfirm -S freetype2-git-infinality
  # TODO: sed infinality and change to OSX or OSX2 mode
  # and create the sym link from /etc/fonts/conf.avail to conf.d
  # misc apps
  #pacman --noconfirm -S htop openssh keychain bash-completion git vim
  #pacman --noconfirm -S chromium flashplugin
  #pacman --noconfirm -S scrot mypaint bc
  #yaourt --noconfirm -S task-git stellarium googlecl
  # TODO: argyll
  POST_EOF
  # Post install in chroot
  #echo "chroot and run /post_install"
  chroot /install /post_install
  rm /install/post_install
  # copy grub.efi file to the default HP EFI boot manager path
  mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
  mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
  cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
  cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
  cp /root/root.gpg ${INSTALL_TARGET}/boot/
  # NOTES/TODO

• Arch: Install to & run from External USB Hard Disk Drive (HDD)

  I wanted to play with ArchLinux 2009.02, but replacing the existing Debian-Lenny on the laptop's HDD wasn't an option. So I experimented with installing Arch on an external USB Hard Disk Drive.
  I have tried to make this "newbie-friendly", so I hope the more experienced will forgive the detail.
  Materials:
  Three year old Dell Inspiron 6000
       CPU = 2.0 GHz Pentium
       RAM = 2.0 GB
       Internal HDD = 80 GB
       Internal CD/DVD R/RW
  External USB HDD = Freecom FHD-2 Pro 80 GB
  Archlinux 2009.02 install CD
  Steps to install:
  1. I put the Archlinux install CD in the drive and connected the external 80 GB HDD in the USB port.
  2. When the Dell laptop was booted, I pressed F2 to enter the BIOS setup. I edited the boot sequence to the following:
       Internal CD/DVD
       External USB device
       Internal HDD
  On the Dell, you can also press F12 to select the preferred boot device for that boot.
  3. I started the laptop and the Archlinux installation menu came up and I proceeded with installation following the "Official Arch Linux Install Guide" and the "Beginners Guide".
  4. Used km to change to UK keyboard layout and then began the installer script (/arch/setup). I was installing from the core CD so I skipped the network steps.
  5. HDD preparation.
  This was fairly straightforward with two cautions:
       (a) Make very sure that the external HDD (sdb) is selected for the operations.
       (b) Remember to set the Bootable Flag for the first (/) partition on the HDD.
  I chose 20 GB for /, 2 GB for swap and the remainder for /home.
  6. The package selection and installation was fairly straightforward.
  7. Configuration of System
  This was section was straightforward with one warning:
       USB had to be added to the HOOKS in the /etc/mkinitcpio.conf file!
  I found this to be essential for my external USB HDD to function as a bootable device. Otherwise I got the same sorts of errors relating to unrecognisable file system types that other people have reported in the forum.
  The relevant line from the end of the edited /etc/mkinitcpio.conf file is below:
  HOOKS="base udev autodetect pata scsi sata usb filesystems"
  8. Installation of GRUB was the other point where caution and/or correction was necessary.
  When it asked where GRUB should be installed, I had to select sdb (my external USB HDD) and not any of the particular partitions on sdb. If the root partition sdb1 was selected then the laptop won't boot from the external USB HDD.
  The GRUB /boot/grub/menu.lst as written by the installation routine specifies hd(1,0) which doesn't work when you try to reboot from the external USB HDD. When you boot Arch from the external USB HDD, as far as Arch is concerned - at that point in time - the external USB HDD is the first drive in the system. To fix this:
       (a) When the Arch boot menu comes up, press e to edit the grub entries.
       (b) Change the first line to hd(0,0)
       (c) To the end of the kernel line add rootdelay=8
       (d) Press b to boot the system with these temporary corrections.
       (e) Once your Arch system has booted, edit the /boot/grub/menu.lst to make the above changes permanent.
  The relevant portion of my /boot/grub/menu.lst looks like the following:
  # (0) Arch Linux
  title  Arch Linux
  root   (hd0,0)
  kernel /boot/vmlinuz26 root=/dev/disk/by-uuid/... ro rootdelay=8
  initrd /boot/kernel26.img
  # (1) Arch Linux
  title  Arch Linux Fallback
  root   (hd0,0)
  kernel /boot/vmlinuz26 root=/dev/disk/by-uuid/... ro rootdelay=8
  initrd /boot/kernel26-fallback.img
  9. The laptop happily and consistently boots Arch Linux from the external USB HDD when it's plugged in before startup/booting.
  Running Arch from the external USB HDD seems as quick as running Debian from the internal HDD.
  So if there is a performance penalty associated with using an external USB HDD, my wife and I haven't noticed.
  In summary, the three essential points to address during installation to an external USB HDD are:
       Remember to set the bootable flag for the first partition.
       Add USB to the HOOKS for /etc/mkinitcpio.conf file.
       Correct the /etc/grub/menu.lst file.
  I hope this is helpful.
  Ted

  Hi Rookie,
  As you say, it is worth remembering the rootfstype= option for the kernel line just in case someone still has problems with GRUB after making all the other changes.
  I was working with the most recent Arch 2009.2 release.
  I only got messages about unrecognisable file system type when I tried booting with the "stock" or "as-installed" GRUB (before I edited /boot/grub/menu.lst). After editing /boot/grub/menu.lst to identify the drive correctly and add rootdelay, GRUB was able to do the rest and everything worked OK without any error messages.
  Best wishes,
  Ted

• solved Setting up Arch to print to remote cups printer?

  Any useful info on setting up Arch to print to remote cups printer? I did'nt succeed using the Cups Setup guide:
  http://wiki.archlinux.org/index.php/CUPS_Setup
  I have tried the localhost:631 admin interface and kprint. I get  /usr/lib/cups/backend/ipp failure and "stopped with status 22!" errors.
  I will set the cupsd.conf LogLevel to debug2 and post anything needed from those results.
  Brother hl1240 laser on a remote Suse system.
  lynch
  Last edited by lynch (2007-01-28 15:30:17)

  After a bit of searching I have managed to get remote printing to my cups server to work.
  I reference 2 documents that helped me resolve this issue.
  My searches were specific to my Brother hl1240 laser printer, Arch and cups but I think the resolution is general enough to help others who may have a different model of printer.
  http://linuxprinting.org/cups-doc.html
  4.   Install the Foomatic scripts.
  (If you are using a native CUPS Raster driver, or are using a PostScript printer with a PPD from your printer vendor, you probably do not need Foomatic and should skip this step). Download foomatic-rip and foomatic-gswrapper:
  cd /usr/bin
  wget http://www.linuxprinting.org/foomatic-rip
  wget http://www.linuxprinting.org/foomatic-gswrapper
  chmod 755 foomatic-rip foomatic-gswrapper
  ln -s /usr/bin/foomatic-rip /usr/lib/cups/filter/foomatic-rip
  The location of the CUPS filter directory may differ on other installations; look around for it. Also, be sure that your Perl interpreter is in /usr/bin (if not, edit the first line of the scripts).
  http://www.archlinux.org/pipermail/arch … 03203.html
  Here's what solved this for me. I browsed
  http://linuxprinting.org/cups-doc.html and notice the following:
  "Download foomatic-rip and foomatic-gswrapper."
  Well, Arch only seems to supply foomatic-gswrapper, not foomatic-rip. When I
  attempted to install the Arch foomatic-filters package, it complained,
  saying foomatic-gswrapper is already contained in filesystem, with no
  mention at all of foomatic-rip. The foomatic package also failed to install
  foomatic-rip.
  So I downloaded foomatic-rip from the above web site, copied it to /usr/bin,
  where foomatic-gswrapper lives. Then I followed the next set of
  instructions in the above mentioned document:
  chmod 755 foomatic-rip foomatic-gswrapper
  ln -s /usr/bin/foomatic-rip /usr/lib/cups/filter/foomatic-rip
  I was never able to use the http://localhost:631 interface to get printing to work even after:
  [1] installing foomatic-rip and foomatic-gswrapper in the proper directory
  [2] running chmod to make them executable
  [3] creating the link as in the above quote
  [4] running /etc/rc.d/cups restart
  Setting up remote printing with kprint in administrative mode works very well, though.
  This seems to be somthing that needs to be addressed in future releases ( I'm running 0.7.2) or maybe it was fixed in 0.8, though I have not seen mention of it.
  Hopefully this will help someone else with a similar problem.
  lynch

• Can FI run live first, then AA run later?

  Dear Experts,
  I just wonder could we let the customer to use FI first in the first phase, and subsequently they run AA in the 2nd phase (maybe 3-6months later after FI run live).
  Will there be any problem in period-end depreciation run?
  I guess the periodic P&L and BS may not be accurate since there is no depreciation postings.
  regards,
  Abraham
  Moderator: Please, avoid asking basic questions

  Hi Abraham
  You can create manual GLs for assets and depreciation initially where the amounts needs to posted manually. So it will take care of P&L, reatained earnings and B/S.
  Once you are ready with AA implementation you can reverse the above postings and start with the option of Legacy assets.
  If you dont want to go for legacy assets creation, then you create normal assets and post unplanned depreciation to specific assets which is equal to the amounts posted to manual GL accounts.
  Regards
  Kapil

• ST22 timeout for all LC related transactions  LIVE cache start stop working from LC10

  Hi Team
  we are a getting a  ST22 timeout for all LC related transactions  LIVE cache start stop working from LC10
  LC version 7.9
  OS AIX
  SAP SCM 7
  SDBVERIFY giving the following error
  Checking package Redist Python
  Checking package Loader
  Checking package ODBC
  Checking package Messages
  Checking package JDBC
  Checking package DB Analyzer
  ERR: Failed
  ERR: Checking installation "Legacy" failed
  ERR: Group of directory /sapdb/data/config/install changed [0 =>
  sdbregview -l is showing good.
  any idea what might went wrong.
  trying to use sdbverify -repair_permissions , but not sure about the exact syntax to use.
  and it is not related to timeout parameter, we tested with different timeout values, but still the same error.
  thanks
  Kishore Ch

  Hello Kishore,
  you could check the sizing of the liveCache data.
  * Report  /SAPAPO/TS_LCM_REORG_SNP has checks  of the SNP planning areas for superfluous objects.
  * Delete old/temporary APO data.
  * /SAPAPO/TS_LCM_REORG report checked TS superfluous objects.
  If you didn't create the planning versions, copy of planning versions & data load to liveCache, then create the SAP message to check your system on the question of the dataarea usage.
  If you have the long running APO transactions => performance of the SCM system has to be checked.
  If you have the bottleneck in liveCache & could not solve the case by yourself => create the SAP message to BC-DB-LVC and get SAP support.
  Best regards, Natalia Khlopina