Arch Linux

Installing Arch Linux on a Raspberry Pi



Installation via an existing Linux system!

bsdtar --version
[root@sandbox ~]# bsdtar --version bsdtar 3.1.2 - libarchive 3.1.2

make install

/usr/local/bin/bsdtar --version

Replace sdX in the following instructions with the device name for the SD card as it appears on your computer.
Start fdisk to partition the SD card:
fdisk /dev/sdX
At the fdisk prompt, delete old partitions and create a new one:
Type o. This will clear out any partitions on the drive.
Type p to list partitions. There should be no partitions left.
Type n, then p for primary, 1 for the first partition on the drive, press ENTER to accept the default first sector, then type +200M for the last sector.
Type t, then c to set the first partition to type W95 FAT32 (LBA).
Type n, then p for primary, 2 for the second partition on the drive, and then press ENTER twice to accept the default first and last sector.
Write the partition table and exit by typing w.
Create and mount the FAT filesystem:
mkfs.vfat /dev/sdX1
mkdir boot
mount /dev/sdX1 boot
Create and mount the ext4 filesystem:
mkfs.ext4 /dev/sdX2
mkdir root
mount /dev/sdX2 root
Download and extract the root filesystem (as root, not via sudo):
/usr/local/bin/bsdtar -xpf ArchLinuxARM-rpi-latest.tar.gz -C root
#bsdtar -xpf ArchLinuxARM-rpi-latest.tar.gz -C root
Move boot files to the first partition:
mv root/boot/* boot
Unmount the two partitions:
umount boot root
Insert the SD card into the Raspberry Pi, connect ethernet, and apply 5V power.
Use the serial console or SSH to the IP address given to the board by your router.
Login as the default user alarm with the password alarm.
The default root password is root.

Initialize the pacman keyring and populate the Arch Linux ARM package signing keys:
pacman-key --init
pacman-key --populate archlinuxarm

Username: alarm
Password: alarm (initial password)

Username: root
Password: root (initial password)

pacman-key --init
pacman-key --populate archlinuxarm

pacman -Syu


Install a package:
pacman -S package_name
To remove a single package, leaving all of its dependencies installed:
pacman -R package_name
Pacman can search for packages in the database, searching both in packages' names and descriptions:
pacman -Ss string1 string2 ...
To search for already installed packages:
pacman -Qs string1 string2 ...
pacman -Syu

#pacman --noconfirm -Syyu

pacman --noconfirm -S autoconf gcc glibc make openssl wget perl gettext net-snmp perl-net-snmp automake autoconf libmcrypt openssl unzip apache php gd traceroute php-apache libmariadbclient dnsutils openssh sudo inetutils cronie man-db man-pages s-nail
pacman --noconfirm -S git dstat lsof ethtool nmap arp-scan zip unzip bc sysstat nmon speedtest-cli msmtp msmtp-mta mailutils mutt wiringpi iperf screen expect


#Remove the alarm user & group (already using 1000)

groupadd -g 1001 pi
useradd -u 1001 -g pi -G adm,wheel,users -c "Default pi user" -d /home/pi -m pi
passwd pi

Update: /etc/sudoers

Disable direct root login (not with keys):
passwd root
passwd alarm

systemctl get-default
systemctl set-default


hostnamectl set-hostname sandbox

cd .ssh
vi authorized_keys
chmod 400 authorized_keys
(Connect via ssh from remote system)
cat unix4life:/root/.ssh/ > sandbox:/root/.ssh/authorized_keys

> /etc/motd

vi /etc/systemd/network/
[root@sandbox ~]#

vi /etc/sysctl.d/40-ipv6.conf
# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1

systemctl restart systemd-sysctl.service
systemctl enable cronie

#Add: ipv6.disable=1 & audit=0
vi /boot/cmdline.txt
root=/dev/mmcblk0p2 rw rootwait console=ttyAMA0,115200 console=tty1 selinux=0 plymouth.enable=0 smsc95xx.turbo_mode=N dwc_otg.lpm_enable=0 kgdboc=ttyAMA0,115200 elevator=noop ipv6.disable=1 (audit=0 ??)

vi /etc/hosts (disable all ip6 lines)

timedatectl set-timezone Europe/Amsterdam

shutdown -r now


vi /etc/systemd/system/rclocal.service

systemctl enable rclocal.service


vi /etc/rc.local
#!/bin/sh -e
# rc.local
touch /forcefsck
echo 100 > /sys/devices/system/cpu/cpufreq/ondemand/sampling_down_factor
echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
sleep 5
mount -t tmpfs -o size=10M tmpfs /var/log/sysstat/
#echo "0" > /sys/bus/w1/devices/w1_bus_master1/w1_master_search
sleep 10
sync;sync; echo 1 > /proc/sys/vm/drop_caches
exit 0

chmod 755 /etc/rc.local


vi /etc/ssh/sshd_config
ChallengeResponseAuthentication no
UsePAM no
VersionAddendum none
Banner none

systemctl restart sshd


NRPE/NSCA client:
groupadd -g 5666 nagios
useradd -u 5666 -g nagios -c "Nagios user for monitoring" -d /usr/local/nagios -m nagios

mkdir /usr/local/nagios
mkdir /usr/local/nagios/etc
mkdir /usr/local/nagios/etc/inputs
mkdir /usr/local/nagios/tmp
mkdir /usr/local/nagios/bin
mkdir /usr/local/nagios/libexec
mkdir /usr/local/nagios/libexec/ak72
mkdir /usr/local/nagios/var
mkdir /usr/local/nagios/var/tmp
chown -R nagios:nagios /usr/local/nagios

Nagios plugins:
tar zxvf nagios-plugins-2.3.3.tar.gz
cd ../nagios-plugins-2.#.#
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make install

cp -p /usr/local/nagios/libexec/check_http /usr/local/nagios/libexec/check_https

NRPE Client:
tar zxvf nrpe-4.#.#.tar.gz
make all
make install
make install-config
make install-init

systemctl enable nrpe
systemctl start nrpe


NSCA Client:

tar zxvf nsca-2.#.#.tar.gz
make all

#cp -p src/nsca /usr/local/nagios/bin/
#chown nagios:nagios /usr/local/nagios/bin/nsca

cp -p src/send_nsca /usr/local/nagios/libexec/
chown nagios:nagios /usr/local/nagios/libexec/send_nsca

#cp -p sample-config/nsca.cfg /usr/local/nagios/etc/
#chown nagios:nagios /usr/local/nagios/etc/nsca.cfg
#chmod 600 /usr/local/nagios/etc/nsca.cfg

scp -p unix4life:/usr/local/nagios/libexec/send_nsca.cfg <remotehost>:/usr/local/nagios/libexec/send_nsca.cfg
scp -p unix4life:/usr/local/nagios/etc/nrpe.cfg sandbox:/usr/local/nagios/etc/
scp -p -r unix4life:/usr/local/nagios/libexec/eventhandlers sandbox:/usr/local/nagios/libexec/
scp -p -r unix4life:/usr/local/nagios/libexec/ak72 sandbox:/usr/local/nagios/libexec/

chown -R nagios:nagios /usr/local/nagios

Configure the bootloader to enable the i2c hardware by appending to /boot/config.txt:


Rsyslog config
vi /etc/rsyslog.conf => is now done via /etc/systemd/journald.conf

vi /etc/systemd/journald.conf

vi /etc/audit/auditd.conf
#write_logs = yes
write_logs = no
log_file = /var/log/audit/audit.log

service auditd reload

scp -p unix4life:/root/Check_cache_memory.ksh sandbox:

crontab crontab_sandbox
crontab -l


#tar xf sysstat.....xz
#cd sysstat...
#./configure --prefix=/usr
#make install

mkdir /var/log/sysstat
ln -s /usr/lib/sa /usr/lib/sysstat

scp -p unix4life:/etc/cron.d/sysstat sandbox:/etc/cron.d/
scp -p unix4life:/etc/cron.daily/sysstat sandbox:/etc/cron.daily/
scp -p unix4life:/etc/sysstat/sysstat sandbox:/etc/conf.d/

(in /etc/rc.d/rc.local enable the mount command)
mount -t tmpfs -o size=10M tmpfs /var/log/sysstat/
sleep 1
#restorecon /var/log/sysstat => Important SELinux!!!


Configure mail:
touch /etc/msmtprc
chmod 640 /etc/msmtprc

vi /etc/msmtprc
# Gmail specifics
# Accounts will inherit settings from this section
auth on
tls on
tls_certcheck off
# tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile /var/log/msmtp.log
aliases /etc/aliases
# Gmail specifics
account gmail
port 587
from <info@FQDN>
user <Username>
password <Password>
# Default
account default : gmail


MariaDB (mysql):
pacman --noconfirm -S mariadb mariadb-clients

mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql

systemctl enable/start mariadb

#firewall-cmd --permanent --add-service mysql

vi /etc/my.cnf

Enter current password for root (enter for none):
Switch to unix_socket authentication [Y/n] Y
Change the root password? [Y/n] Y
New password: (........)
Re-enter new password: (........)
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

mysql -u root -h localhost -p
mkdir /var/log/mariadb
chown mysql:mysql /var/log/mariadb

vi /etc/my.cnf.d/server.cnf

systemctl restart mariadb


Apache HTTPD:
##yum install httpd mod_ssl mod_wsgi mod_php php-mysql

pacman --noconfirm -S apache php php-apache libmariadbclient
systemctl enable/start httpd

vi /etc/httpd/conf/httpd.conf
#Place at the end of the module load:
#LoadModule mpm_event_module modules/
LoadModule mpm_prefork_module modules/

#Place this at the end of the LoadModule list:
LoadModule php7_module modules/
AddHandler php7-script .php

#Place this at the end of the Include list:
Include conf/extra/php7_module.conf

Restart httpd.service using systemd.

firewall-cmd --zone=public --permanent --add-service http
firewall-cmd --zone=public --permanent --add-service https
#firewall-cmd --zone=public --add-port=http/tcp --permanent

#semanage fcontext –a –t httpd_sys_content_t ‘/dir/subdir(/.*)?’
#restorecon –Rv /dir
#cd /etc/pki/tls/certs (example-ca.crt & webapp5.crt)
#cd /etc/pki/tls/private (webapp5.key ;chmod 400)
#Andere poort: semanage port –a –t http_port_t –p tcp 444 firewall-cmd --permanent --add-port 444/tcp

vi /srv/http/phpinfo.php
// Show all information, defaults to INFO_ALL
// Show just the module information.
// phpinfo(8) yields identical results.

##########TOT HIER##################


/opt/vc/bin/vcgencmd measure_temp

To be able to use the GPIO pins from Python, use the RPi.GPIO library. Install the python-raspberry-gpio package from the AUR.

To enable the /dev/spidev* devices, uncomment the following line in /boot/config.txt:

Install i2c-tools and lm_sensors packages.

Configure the bootloader to enable the i2c hardware by appending to /boot/config.txt:

Configure the i2c-dev and i2c-bcm2708 (if not blacklisted for the camera) modules to be loaded at boot in /etc/modules-load.d/raspberrypi.conf:

i2c-dev i2c-bcm2708

Reboot the Raspberry Pi and issue the following command to get the hardware address:

i2cdetect -y 0
Note: When using the I2C1 port instead of I2C0, one will need to run i2cdetect -y 1 instead and replace i2c-0 with i2c-1 in the following steps.

Now instantiate the device. Change the hardware address to the address found in the previous step with '0x' as prefix (e.g. 0x48) and choose a device name:

echo <devicename> <hardware address> >/sys/class/i2c-adapter/i2c-0/new_device
Check dmesg for a new entry:

i2c-0: new_device: Instantiated device ds1621 at 0x48
Finally, read the sensor output: sensors

To enable the 1-wire interface add this line to /boot/config.txt and reboot. dtoverlay=w1-gpio