Skip to main content

dicto xyz

Arch Linux on Dell Inspiron

nemo

1 Installation

Reader's familiarity with Linux and command line is assumed.

1.1 Background

My GNU/Linux usage history was, roughly:

Roughly, meaning, briefly others like Fedora or Mandrake or FreeBSD were tried; or MS Windows at workplace or sometimes in dual boot. From 2013 to 2018 Ubuntu was the sole OS on my laptop. Meanwhile the zeitgeist transformed. Google is prefered for references than poring over man pages and HOWTOs for technical references.

The spur to move “ permanently” from Ubuntu was a taste of Arch Linux for Machine Learning about an year ago. This was coincident to shifting from an older laptop to Dell Inspiron 15 7559. The objectives are:

  • To install a full-fledged Arch Linux system with all paraphernalia;

  • To partition and set up for usage both the 250GB SSD and 1TB storage HDD;

  • To get both the Intel 530 HD integrated graphics and NVIDIA Geforce GTX960M GDDR5 Discrete Graphics processor to work;

  • Dual Boot with Windows 10 and enable Secure Boot;

  • Transfer files from old laptop,

  • Set up bells and whistles,

  • etc..

It was done, and this is a transcription (and tutorial). The main reference for everything is the Arch Wiki.

Arch Linux is very comfortable after long Debian use when not so “ user-friendly” and explicitly saying and writing “ GNU/Linux.” May the reader enjoy too.

1.2 Boot Arch from USB

Download Arch Linux using BitTorrent or otherwise. Burn it to a suitable USB drive using dd. I purchased a Sandisk 8GB one just for this purpose. Assuming hard drive device is /dev/sdc and the CD/DVD image is Arch.iso, the command could be:

# dd if =~/Downloads/Arch.iso of=/dev/sdc bs=1M

Unexpectedly there was difficulty booting the image from USB. Starting about 2010, booting from UEFI is an additional headache; but one that was easily fixed in this case. Pressing F12 as laptop booted up gave a list of options, and F2 further gave options to disable Secure Boot and enable Legacy Modes. It is easier to enable Legacy Mode as some images don't work with UEFI. Neverthess it was quite difficult to boot Linux from USB. More than USB drives were formatted, re-formatted, and imagine written with dd and myriad other tools. A short list, just in case someone finds it useful:

The following Arch derivaties were also tried, lest the original image got unusable for some reason:

In desperation, images of other distributions like Ubuntu and Debian were tried, with hope of installing one into another small partition and proceed as in: “Install from existing Linux.” Still no dice.

Next attempt was to use VirtualBox to first boot into another Linux distro, and from there use the Installation Guide. To access the raw hard disks from VirtualBox, refer the section on “Using a raw host hard disk from a guest” in VirtualBox Advanced Topics. In Windows, you have to run the command prompt as administrator and then issue the requisite vboxmanage command(s) and also run VirtualBox as administrator. Here installation worked but for some reason grub didn't install and it was not possible to boot the system into Arch installation. To work around this, iso images of bootloader programs were tried, in particular, EasyBCD and Rescatux. Somehow the disk was adamant about not booting.

In the end I borrowed a few USB drives from my landlord, and an older 2 GB one booted with the Arch iso image. A 4GB drive didn't work. I do not yet know what was the error preventing bigger USB drives from booting. After some months, there was occassion to boot again from a newer 8GB USB drive of mine set up for Air Gapped GPG keys and then it worked fine.

For some reasons that I am not able to fully recall, additional practice probably one, I ended up doing a fresh install from the bootable USB drive than “ fix” the installation made using Virtualbox. The above information is left here to remember all the trouble and just in case someone finds it useful and want to explore, or if someone can explain why the original USB disk didn't boot.

1.3 Wireless

It is convenient to get WiFi enabled during installation. To list the wireless devices, issue:

# iw dev

The interface name was wlp5s0; to connect to a network:

# wifi-menu wlp5s0

which will show a list of networks in the neighborhood, and you can choose the one you use and supply the password. Verify that the internet is connected by pinging to see if server is responding:

1.4 Partitioning

The laptop had Windows 10 already installed. The 250 GB SSD under /dev/sda was already partitioned into an 81GB partition that was C: drive for Windows and 150GB partition that was D:, plus some other reserved space and an EFI partition of 500MB for UEFI. So it was enough to appropriate the D: drive for Linux installation. It was enough to use the fdisk utility of Linux, additional reference for of which is the fdisk (8) man page. although the mess narrated above meant I also got to try gparted and EaseUS. The ~ 1TB HDD under /dev/sdb was partitioned into a 400GB NTFS storage drive also accessible from Windows, and a 498GB ext4 partition for storage in Linux. In the end the partition scheme looked as:

# fdisk -l
Disk /dev/sda: 232.9 GiB, 250059350016 bytes, 488397168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 7502698D-0289-11E7-9390-84EF181A701F

Device         Start       End   Sectors  Size Type
/dev/sda1       2048    923648    921601  450M Windows recovery environment
/dev/sda2     923649   1947649   1024001  500M EFI System
/dev/sda3    1947650   2209794    262145  128M Microsoft reserved
/dev/sda4    2209795 172069636 169859842   81G Microsoft basic data
/dev/sda5  172070912 173823999   1753088  856M Windows recovery environment
/dev/sda6  173824000 488394751 314570752  150G Microsoft basic data


Disk /dev/sdb: 931.5 GiB, 1000204886016 bytes, 1953525168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: gpt
Disk identifier: A1415905-70C8-4EE7-944C-20BB758E4740

Device          Start        End    Sectors   Size Type
/dev/sdb1        2048    1026047    1024000   500M EFI System
/dev/sdb2     1026048    1288191     262144   128M Microsoft reserved
/dev/sdb3     1288192  840968191  839680000 400.4G Microsoft basic data
/dev/sdb4   840968192  908077055   67108864    32G Linux swap
/dev/sdb5   908077056 1952600063 1044523008 498.1G Linux filesystem
/dev/sdb6  1952602112 1953523711     921600   450M Windows recovery environment

Format the partitions using:

# mkfs.ext4 /dev/sda6
# mkfs.ext4 /dev/sdb4
# mkswap /dev/sdb4

It is better to format the NTFS partition /dev/sdb3 from Windows.

It is strictly necessary to mount these at the moment. Storage can be mounted for example after the NTFS partition is formatted from Windows. So for now just mount the root file system at / and the EFI partition at /boot/efi, both relative to the installation target at /mnt:

# mount /dev/sda6 /mnt
# mount /dev/sda2 /mnt/boot/efi

Enable swap space:

# swapon /dev/sdb4

1.5 Base System

Install base sytem with:

pacstrap /mnt base

Generate /etc/fstab:

# genfstab -U /mnt >> /mnt/etc/fstab

Chroot into the newly made Arch system:

# arch-chroot /mnt

The package manager of Arch Linux is called pacman. To familiarize, see pacman Rosetta. Update its package index and install additional packages:

# pacman -Syu
# pacman -S base base-devel pacman-contrib dialog wifi-menu ntfs-3g

base is the base system. base-devel contains sudo and is required to build packages from the Arch User Repository (AUR). pacman-contrib contains a script to find faster mirrors. dialog and wifi-menu are helpful to easily enable WiFi in the installed system.

Set time zone; as I am in India:

# ln -sf /usr/share/zoneinfo/Asia/Kolkata /etc/localtime

To generate corresponding /etc/adjtime:

# hwclock --systohc

Linux has usually hardware clock set to UTC and Windows uses localtime. I am using Linux as main OS; so I follow the Linux standard:

# timedatectl set-local-rtc 0

Let ntp automatically set correct time:

# timedatectl set-ntp true

This will cause Windows to show UTC. Whenever you want to fix it, the suggested solution is to edit the registry using a .reg file with contents:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation]
"RealTimeIsUniversal"=dword:00000001

or do the equivalent using Registry Editor.

Uncomment necessary en_US.UTF-8 UTF-8 locales in /etc/locale.gen and run:

# locale-gen

As I have the websites sahitya.guru and bhasha.guru, locales for Indic languages were generated.

Create /etc/locale.conf with contents:

LANG=en_US.UTF-8

Set hostname in /etc/hostname. For now, mine is guru:

guru

Likewise edit /etc/hosts:

127.0.0.1     localhost
::1           localhost
127.0.1.1     guru

Set root password; in this case, we simply remove the password:

# passwd -d root

1.6 Boot Loader

We use rEFInd with signed shim. rEFInd is a boot loader capable of detecting and booting many configurations. For the moment, just install rEFInd leaving Secure Boot for later. Refer Managing Secure Boot and refind (8) for more details.

# pacman -S refind sbsigntools efibootmgr
# refind-install --localkeys
# sbsign --key /etc/refind.d/keys/refind_local.key --cert /etc/refind.d/keys/refind_local.crt --output /boot/vmlinuz-linux /boot/vmlinuz-linux
# mkrlconf

Edit /boot/refind.conf to insert the option for Intel Microcode:

Boot using default options"     "root=PARTUUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX rw add_efi_memmap initrd=/boot/intel-ucode.img initrd=/boot/initramfs-linux.img"

If bootloader is correctly set up, we can reboot using Ctrl + Alt + Del. Remove the USB drive.

2 Post-Install Setup

Press F12 during BIOS initialization to get a list of boot options and from among the EFI options, choose rEFInd and boot Linux. If there are problems booting, go back to booting from the USB drive and fix it using rEFInd or another boot loader. If everything went correct, the Arch Login screen should be shown:

Arch Linux 4.16.12 (tty1)

guru login:

Login at the terminal as root. As before, use iw and wifi-menu to connect to internet via WiFi. Verify connectivity using ping.

2.1 Set up Normal User and copy files

This section describes creation and set up of a normal user and copying/transfer of data from old machine.

Create user nemo with sudo privilege:

# useradd -m -G wheel nemo

Set a password:

# passwd -nemo

By default, the root login done on start up is at the first terminal, accessed using Alt + F1. Login as the normal user in the second terminal, accessed using Alt + F2. Henceforth, the # prompt indicates root and $ indicates normal user.

Install a better editor than the default one. My choice is vim:

# pacman -S vim

Edit files /etc/group and /etc/gshadow to add user nemo to groups audio, storage and video. Verify that sudo works. If not, suitably edit the /etc/sudoers file. It is better to prevent direct root login. For this, edit /etc/shadow file. This file has columns separated by :. First column is username and second is hashed password. To prevent root login, substitute the password for root by !. Now only sudo access for root will work.

To enable auto-completion on bash prompt, install:

# pacman -S bash-completion

The ~/.bashrc should already be populated with the following content:

#
# ~/.bashrc
#

# If not running interactively, don't do anything
[[ $- != *i* ]] && return

alias ls='ls --color=auto'
PS1='[\u@\h \W]\$ '

Extend the bash history retention with three additional lines:

shopt -s hist
export HISTFILESIZE=
export HISTSIZE=

This stores bash history without limit, and upon each exit the shell appends to the history file if running multiple instances.

We mount the storage directories. For safe use of the NTFS partition, install ntfs-3g package.

# pacman -S ntfs-3g

If not already done in Windows, format the NTFS storage partition:

# mkfs.ntfs  -Q -L "Storage NTFS" /dev/sdb3

Mount the NTFS partition with usage permissions for user nemo with uid=1000.

# mkdir /mnt/ntfs
# mount /dev/sdb3 /mnt/ntfs -t ntfs-3g -o uid=1000,gid=1000,dmask=022,fmask=133,umask=0022

Mount the ext4 storage partition at /mnt/ext4 and set usage rights to the normal user.

# mkdir /mnt/ext4
# mount /dev/sdb5 /mnt/ext4
# chown -R nemo:nemo /mnt/ext4

Populate /etc/fstab to propagate this over reboots:

# Static information about the filesystems.
# See fstab(5) for details.

# <file system> <dir> <type> <options> <dump> <pass>
/dev/sda6       /       ext4    defaults        0       0
/dev/sda2       /boot/efi       vfat    defaults        0       0
/dev/sdb5       /mnt/ext4       ext4    defaults        0       0
/dev/sdb3       /mnt/ntfs       ntfs    uid=1000,gid=1000,dmask=022,fmask=133,umask=0022        0       0
/dev/sdb4       swap    swap    defaults        0       0

To securely and precisely copy files from older laptop, install openssh and rsync:

# pacman -S openssh rsync

On the Ubuntu laptop also, these two programs must be installed and sshd daemon enabled.

The following standard directories may be created as symlinks into directories inside storage:

Symlink

Target

~/Documments

.>

/mnt/ntfs/Documents

~/Downloads

.>

/mnt/ntfs/Downloads

~/Pictures

.>

/mnt/ntfs/Pictures

~/Videos

.>

/mnt/ntfs/Videos

~/.cache

.>

/mnt/ext4/home/.cache

~/.local

.>

/mnt/ext4/home/.local

Copy files from older machine as follows:

$ rsync -vaHz -e ssh username@machine:/home/username/Documents/ ~/Documents/

And repeat for other directories like ~/Downloads, etc.. Whatever remains may be copied to a separate directory. To exclude already copied subdirectories, or temporary or redundant subdirectories, the --exclude option is useful. In the /mnt/ext4 storage directory, the root file system may also be mirrored as back-up after excluding directories like /dev, /proc etc.; refer to Rsync Full System Backup.

As an alternate to sudo, one may connect to localhost via ssh as root and the normal user's public ssh key inserted into to /root/.ssh/authorized_keys. For more, refer to the article on SSH Praxis. For security, allow ssh connections only from localhost. Edit the following three lines in /etc/ssh/sshd_config:

# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0

That is, uncomment the third line and change to:

ListenAddress 127.0.0.1

Enable X11 Forwarding also:

X11Forwarding yes

Enable and start sshd in sytemd:

# systemctl enable sshd
# systemctl start sshd

To prevent unwanted connections from network to our host, install and configure the Uncomplicated FireWall, ufw, with permissions all connections from localhost, and otherwise deny:

# pacman -S ufw
# sytemctl start ufw
# systemctl enble ufw
# ufw default deny incoming
# ufw default allow outgoing
# ufw allow from 127.0.0.1
# ufw enable

2.2 Package installation

We sort Arch Linux package mirrors by speed in order to use the fastest. Uncomment every mirror in /etc/pacman.d/mirrorlist:

# sed -i 's/^#Server/Server/' /etc/pacman.d/mirrorlist

Replace the files with only the top 5 sorted for speed, using rankmirrors:

# cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.backup
# rankmirrors -n 6 /etc/pacman.d/mirrorlist.backup > /etc/pacman.d/mirrorlist

In order to use 32-bit applications, edit /etc/pacman.conf and enable multilib:

....
[multilib]
include = /etc/pacman.d/mirrorlist
...

Refer Pacman Tips and Tricks for a proper pacman overview.

Now pacman can speedily process installation requests. Normal workflow is as follows:

  • To install a package, use pacman -S <package-name>

  • To search for a package in the database, pacman -S <query>

  • To update the package index, and upgrade all packages, pacman -Syu

  • To completely remove a package and automatically installed dependencies, pacman -Rns <package-name>.

Arch Linux has rolling releases. When the cache goes out of date, package installation attempts may show HTTP 404 error at all mirrors even if the sites are available. This indicates that a full system update with pacman -Syu is apposite. It is possible to install only updated versions of the required package and dependencies without doing full system upgrade by running pacman -Sy <package-name. Such a limited upgrade is discouraged as they are not systemically tested.

A lot of packages are not in the pacman repository; rather has to be downloaded and installed from the Arch User Repository (AUR). To ease the process, one may use an AUR helper such as yaourt. To install yaourt, its git file has to be downloaded, and git is required otherwise anyway:

# pacman -S git

Now fetch, build and install package-query that is pre-requisite for yaourt:

$ cd /tmp
$ git clone https://aur.archlinux.org/package-query.git
$ cd package-query
$ makepkg -si

This prompts for root password via sudo for installation of built package. Repeat same to install yaourt:

$ cd /tmp
$ git clone https://aur.archlinux.org/yaourt.git
$ cd package-query
$ makepkg -si

Now the above process can be automated using yaourt. Rather than clone via git, build using makepkg, etc., it is enough to issue yaourt -S in pacman style. Furthermore many facilities of pacman are available using yaourt under the same syntax; e. g.,

  • yaourt -Syu to update package index and update packages,

  • yaourt -S <query> to search for a package in the database,

  • yaourt -Ss <package-name> for searching for <package-name> in the index,

  • yaourt -Rns <package-name> to un-install <package-name>, etc..

Many additional packages have been made from AUR and now these can be easily installed to do a variety of things not available in pacman. For example, to fix the following warnings issued by mkinitcpio:

==> WARNING: Possibly missing firmware for module: aic94xx
==> WARNING: Possibly missing firmware for module: wd719x

the aic94xx-firmware and wd719x-firmware AUR packages can be installed:

$ yaourt -S aic94xx-firmware wd719x-firmware

and mkinitcpio -p linux run again.

To get rid of unnecessary questions during yaourt's install process, create a file ~/.yaourtrc:

$ cat > ~/.yaourtc
NOCONFIRM=1
BUILD_NOCONFIRM=1
EDITFILES=0
^D

^D stands for Ctrl + D, which sends the EOF (end-of-file) character to cat and saves the file.

yaourt has the problem that is development is stalled. For a more up-to-date AUR helper, install yay, albeit requiring go:

$ yaourt -S yay

A few package suggestions to be installed using pacman:

git:

distributed version control system.

Package versioning

To install:

# pacman -S git
p7zip:

Archiver with high compression ratio in 7z format with LZMA and LZMA2 compression

Supported formats:

  • Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM

  • Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT, GPT, HFS, IHEX, ISO, LZH, LZMA, MBR, MSI, NSIS, NTFS, QCOW2, RAR, RPM, SquashFS, UDF, UEFI, VDI, VHD, VMDK, WIM, XAR and Z.

To install:

# pacman -S p7zip p7zip-plugins
zip, unzip:

Zip and unzip utilities for compressing and encrypting files and directories. Winzip format supported.

To install:

# pacman -S zip unzip
unrar:

Extract files from rar archives.

To install:

# pacman -S unrar
aria2:

A command-line download utility. Light-weight multi-protocol & multi-source. Supports HTTP/HTTPS, FTP, SFTP, BitTorrent and Metalink. Supports multiple simultaneous connections unlike wget. Supports resume.

To install:

# pacman -S aria2
screen:

GNU Screen, useful for detachable terminal sessions, and allows to run multiple console applications, or commands, in one terminal. See screen manual.

To install:

# pacman -S screen
tmux:

Alternative for GNU Screen that “lets you tile window panes in a command-line environment. This in turn allows you to run, or keep an eye on, multiple programs within one terminal.” Like screen, this is also useful for detachable ssh sessions.

To install:

# pacman -S screen
imagemagick:

Command line image manipulation tools. For example, convert converts images from one format to other. It can read and write over 200 image file formats. Other operations include resize, flip, mirror, rotate, distort, shear and transform images, adjust image colors, apply various special effects, or draw text, lines, polygons, ellipses and Bézier curves.

To install:

# pacman -S imagemagick
youtube-dl:

To download videos from Youtube.com and a few other sites like vimeo, facebook, etc...

To install:

# pacman -S youtube-dl
pv:

pipeline viewer; shows progress of data output through a pipeline, by giving information such as time elapsed, percentage completed (with progress bar), current throughput rate, total data transferred, and ETA. Insert it in a pipeline between two processes, with the appropriate options. Its standard input will be passed through to its standard output and progress will be shown on standard error.

To install:

# pacman -S pv
rsync:

For backup and synchronization. Fast incremental file transfer. Install on remote host also. If secure connections requireed, openssh should be installed.

To install:

# pacman -S rsync
mlocate:

More secure locate alternative that that only shows files accessible to the user.

To install:

# pacman -S mlocate
pass:

Pass is a simple command line password manager that stores passwords under GPG encryption and obeying directory structure. It is a shell script that makes use of existing tools like GnuPG, tree and Git.

To install:

# pacman -S pass

For a detailed guide to GPG, see GPG setup.

strace:

Traces all system calls issued by a process along with their return codes. It is also useful as a lightweight debugger for eg permission issues. Refer Ch. 7 of [KernighanPike1983] for introduction to system calls. See strace (1) for strace usage.

To install:

# pacman -S strace
socat:

SOcket CAT. One way to think of socat is as the cat command which transfers data between two locations rather than from a file to standard output. For example it can work as a TCP port forwarder, interface to UNIX sockets, intercept network protocols etc.. Refer socat (1) for more.

To install:

# pacman -S socat
rfc:

Collection of RFCs. RFC stands for Requests For Comments. It is a type of publication from the technology community that have often become official documents or standards. The RFC series contains technical and organizational documents about the Internet, including the specifications and policy documents produced by four streams: the Internet Engineering Task Force (IETF), the Internet Research Task Force (IRTF), the Internet Architecture Board (IAB), and Independent Submissions.

An example is RFC 1462: FYI on "What is the Internet?".

To install:

# pacman -S rfc

Please note that the installed size is 515.67 MiB. Also available from rfc-editor.org.

mutt:

Text mode e-mail client. Refer mutt (1) and muttrc (5) man pages and quick guide to mutt.

To install:

# pacman -S mutt

getmail, fetchmail or offlineimap can be installed for local storage of e-mails and procmail can be used for sorting. Each of these packages can be installed as usual using pacman -S <package name>.

notmuch is a mail indexer based on xapian that can be viewed stand-alone or as part of mutt. It also integrates with editors like vim and emacs.

To install:

# pacman -S notmuch notmuch-mutt notmuch-vim

2.3 Graphical Interface

Install xorg:

# pacman -S xorg-server xorg-xinit xorg-utils xorg-server-utils xorg-xset xorg-xinput mesa xf86-input-synaptics

To support the integrated Intel display:

# pacman -S xf86-video-intel

We need a display manager:

# pacman -S gdm
# systemctl enable gdm

This will start gdm automatically at each start-up. To start without rebooting, gdm` can be manually run using: systemctl start gdm after installing a Window manager. My choice of same is Cinnamon, a quite pleasant window manager that I am using since 2013 as part of Fedora or Ubuntu.

# pacman -S cinnamon nemo-fileroller

Install a terminal emulator:

# pacman -S terminator

Install ifconfig provided by net-tools:

# sudo pacman –S net-tools
# ifconfig

Next, install Network Manager.

# sudo pacman -S network-manager-applet

Disable dhcpcd; start end enable Network Manager.

# sudo systemctl stop dhcpcd
# sudo systemctl disable dhcpcd
# sudo systemctl start NetworkManager
# sudo systemctl enable NetworkManager

For NVIDIA support:

# pacman -S nvidia nvidia-settings nvidia-utils
# pacman -S bumblebee

For hardware acceleration with the intel graphics processor, install VP-API:

# pacman -S libva-intel-driver

For NVIDIA support for VP-API:

# pacman -S libva-vpdau-driver

I was not sure that NVIDIA VP-API had to be separately installed; but did just in case.

Edit files /etc/group and /etc/gshadow to add user nemo to group bumblebee.

2.4 Secure Boot

Install the shim AUR package:

$ yay -S shim-signed

Install rEFInd and sign kernel:

# refind-install --shim /usr/share/shim-signed/shimx64.efi --localkeys
# sbsign --key /etc/refind.d/keys/refind_local.key --cert /etc/refind.d/keys/refind_local.crt --output /boot/vmlinuz-linux /boot/vmlinuz-linux

Add a pacman hook to automate this whenever kernel is updated. Create a file in the pacman hooks directory with contents:

/etc/pacman.d/hooks/999-sign_kernel_for_secureboot.hook
-------------------------------------------------------
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = linux

[Action]
Description = Signing kernel with Machine Owner Key for Secure Boot
When = PostTransaction
Exec = /usr/bin/sbsign --key /etc/refind.d/keys/refind_local.key --cert /etc/refind.d/keys/refind_local.crt --output /boot/vmlinuz-linux /boot/vmlinuz-linux
Depends = sbsigntools

To register the shim keys, from BIOS setup, add an additional boot option using the file browser, for the MOKmanager /EFI/refind/mmx64.efi. Reboot, and invoke the boot options menu pressing F12 during BIOS startup, and register the machine key. Later the additional BIOS boot menu option may be removed. Enable Secure Boot in BIOS, disable legacy option and verify that rEFInd loads. For security, edit the /boot/efi/EFI/refind/refind.conf file and remove access for extra options, and remove timeout. If MS Windows is needed, it can be invoked from the BIOS boot menu. Suggested configuration:

...
timeout -1
...
hideui all
...
textonly
...
dont_scan_volumes "EFI system partition","ESP"
...

3 Full-fledged System

3.1 Browsers and Multimedia

Firefox

# pacman -S firefox

Install flashplugin to play videos:

# pacman -S flashplugin

Google Chrome

# yaourt -S google-chrome

Vivaldi

# yaourt -S vivaldi vivaldi-ffmpeg-codes

Install pepper-flash to play flash media:

# pacman -S pepper-flash

Install gstreamer and plugins:

# pacman -S gstreamer gst-libav gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly

# pacman -S gimp inkscape mcomix qiv

# pacman -S mplayer smplayer vlc

Install minimal browser min:

# pacman -S min

3.2 Applications

filezilla:

is a graphical FTP and SFTP client. To install:

# pacman -S filezilla
transmission:

is a Bittorrent client. We install the gtk graphical frontend:

# pacman -S transmission-gtk
kdeconnect:

is useful to connect PC with an Android phone, see notifications on either one on the other, playback control, file transfer, remote control etc.. To install:

# pacman -S kdeconnect

On the Android device, install the KDE Connect Android app.

keepass:

KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can put all your passwords in one database, which is locked with one master key or a key file. So you only have to remember one single master password or select the key file to unlock the whole database.

To install:

# pacman -S keepass

For Timed One Time Passwords (TOTPs), install the KeeOtp plugin also:

# yay -S keepass-plugin-keeotp
copyQ:

Clipboard application that monitors system clipboard and automatically saves its content in customized tabs. Saved clipboard can be later copied and pasted directly into any application.

To install:

# pacman -S copyq

Once started, it stays in the system tray.

3.3 Documents

evince is a general document reader with simple support for PDF, Postscript, djvu, tiff, dvi, XPS, SyncTex support with gedit, comics books (cbr,cbz,cb7 and cbt). acroread is Adobe's PDF reader.

# pacman -S evince

acroread is Adobe's PDF reader.

# yay -S acroread

Ghostview is the associated viewer of ghostscript for .ps files:

# pacman -S gv

PDF Toolkit is a graphical tool to merge, split, rotate, stamp, etc., PDF documents and pages:

# pacman -S pdftk

Install TeX Live for the TeX and LaTeX document preparation sytem and paraphernalia:

# pacman -S texlive-most

The texlive-most package installs the following TeX Live packages:

Package name

Description

texlive-bibtexextra

TeX Live - Additional BibTeX styles and bibliography databases

texlive-core

TeX Live core distribution

texlive-fontsextra

all sorts of extra fonts

texlive-formatsextra

collection of extra TeX 'formats'

texlive-games

Setups for typesetting various board games, including chess

texlive-humanities

LaTeX packages for law, linguistics, social sciences, and humanities

texlive-latexextra

Large collection of add-on packages for LaTeX

texlive-music

Music typesetting packages

texlive-pictures

Packages for drawings graphics

texlive-pstricks

Additional PSTricks packages

texlive-publishers

LaTeX classes and packages for specific publishers

texlive-science

Typesetting for mathematics, natural and computer sciences

Additional TeX Live packages may be installed as necessary. For example, to install the LaTeX class for IEEE transactions:

# yay -S texlive-ieeetrans

For the Alte Schwabacher fraktur font:

# yay -S texlive-alteswab

To typeset Cyrillic:

# pacman -S texlive-langcyrillic

Etc..

Install LibreOffice. It provides the office tools like Writer, Calc, Impress, Draw, Math and Base. I use it only to open MS Office files and would have preferred to avoid even that. Nevertheless it is forced as most laymen are familiar only with MS Windows based programs. Press Enter key on selection (default=all).

# pacman -S libreoffice-still

fbreader

djview

3.4 Development

# pacman -S gedit

Install the useful cURL program for HTTP-related fetching and testing:

# pacman -S curl

# pacman -S mysql-workbench

# pacman -S python-virtualenv

# pacman -S pari-gp scilab

Install the anaconda package manager for python via Miniconda.

https://conda.io/miniconda.html

bash Miniconda3-latest-Linux-x86_64.sh

https://conda.io/docs/user-guide/install/linux.html

anaconda

CUDA

3.5 System Tools

virtualbox:

runs other OS-es inside a virtual machine.

To install:

# pacman -S virtualbox

It is also necessary to install associated kernel modules and the linux kernel headers:

# pacman -S virtualbox-host-modules-arch linux-headers

Add the normal user nemo to the group vboxusers by editing /etc/group and /etc/gshadow files. Before starting virtualbox, either reboot the sytem or manually load the vboxdrv module. For some features such as USB 3.0 access, the Virtualbox Oracle extension pack is required. It is available via AUR and can be installed using:

# yay -S virtualbox-ext-oracle
wine:

is WINdows Emulator and runs MS windows executables in a virtual environment.

To install:

# pacman -S wine winetricks

Install PlayOnLinux for an easier front-end:

# pacman -S playonlinux
gparted:

GNOME partition editor that works also in text mode. Perform partition actions such as:

  • create or delete

  • resize or move

  • check

  • label, UUID

  • copy and paste, etc..

To install:

# pacman -S gparted
testdisk:

Testing disks, fix partition errors.

To install:

# pacman -S testdisk
extundelete:

Recover deleted files from ext3 and ext4 partitions

To install:

# pacman -S extundelete
photorec:

To install:

# pacman -S photorec
bleachbit:

claims to free up disk space on hard drives, improve system performance, and remove private files irreversibly. A CNN report on bleachbit from 2016 US presidential election cycle referred to candidate Hillary Clinton possibly using it. To install:

# pacman -S bleachbit
[KernighanPike1983]

Kernighan, B. W.; Pike, R. , The Unix Programming Environment, Prentice Hall Software Series, ISBN-10: 013937681X, Nov 11 1983, 376pp.