Arch Linux

Installing Arch Linux on a Raspberry Pi

 

ArchLinux
=========
https://archlinuxarm.org/platforms/armv6/raspberry-pi
https://archlinuxarm.org/platforms/armv7/broadcom/raspberry-pi-2
https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-3
https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-4


===============================================================================================================
Installation via an existing Linux system!

bsdtar --version
[root@sandbox ~]# bsdtar --version bsdtar 3.1.2 - libarchive 3.1.2

wget https://www.libarchive.org/downloads/libarchive-3.4.0.zip
./configure
make
make install

/usr/local/bin/bsdtar --version


Replace sdX in the following instructions with the device name for the SD card as it appears on your computer.
Start fdisk to partition the SD card:
fdisk /dev/sdX
At the fdisk prompt, delete old partitions and create a new one:
Type o. This will clear out any partitions on the drive.
Type p to list partitions. There should be no partitions left.
Type n, then p for primary, 1 for the first partition on the drive, press ENTER to accept the default first sector, then type +200M for the last sector.
Type t, then c to set the first partition to type W95 FAT32 (LBA).
Type n, then p for primary, 2 for the second partition on the drive, and then press ENTER twice to accept the default first and last sector.
Write the partition table and exit by typing w.
Create and mount the FAT filesystem:
mkfs.vfat /dev/sdX1
mkdir boot
mount /dev/sdX1 boot
Create and mount the ext4 filesystem:
mkfs.ext4 /dev/sdX2
mkdir root
mount /dev/sdX2 root
Download and extract the root filesystem (as root, not via sudo):
wget http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-latest.tar.gz
/usr/local/bin/bsdtar -xpf ArchLinuxARM-rpi-latest.tar.gz -C root
#bsdtar -xpf ArchLinuxARM-rpi-latest.tar.gz -C root
sync
Move boot files to the first partition:
mv root/boot/* boot
sync
Unmount the two partitions:
umount boot root
Insert the SD card into the Raspberry Pi, connect ethernet, and apply 5V power.
Use the serial console or SSH to the IP address given to the board by your router.
Login as the default user alarm with the password alarm.
The default root password is root.

Initialize the pacman keyring and populate the Arch Linux ARM package signing keys:
pacman-key --init
pacman-key --populate archlinuxarm


=====================================================================================================================================================
==================================================================================================================
===================================
Username: alarm
Password: alarm (initial password)

Username: root
Password: root (initial password)
===================================

pacman-key --init
pacman-key --populate archlinuxarm

pacman -Syu

 

Install a package:
pacman -S package_name
To remove a single package, leaving all of its dependencies installed:
pacman -R package_name
Pacman can search for packages in the database, searching both in packages' names and descriptions:
pacman -Ss string1 string2 ...
To search for already installed packages:
pacman -Qs string1 string2 ...
Update&upgrade:
pacman -Syu


#pacman --noconfirm -Syyu

pacman --noconfirm -S autoconf gcc glibc make openssl wget perl gettext net-snmp perl-net-snmp automake autoconf libmcrypt openssl unzip apache php gd traceroute php-apache libmariadbclient dnsutils openssh sudo inetutils cronie man-db man-pages s-nail
pacman --noconfirm -S git dstat lsof ethtool nmap arp-scan zip unzip bc sysstat nmon speedtest-cli msmtp msmtp-mta mailutils mutt wiringpi iperf screen expect

mandb

#Remove the alarm user & group (already using 1000)

groupadd -g 1001 pi
useradd -u 1001 -g pi -G adm,wheel,users -c "Default pi user" -d /home/pi -m pi
passwd pi

Update: /etc/sudoers
EXTRA LINE: alarm ALL=(ALL) NOPASSWD: ALL


Disable direct root login (not with keys):
passwd root
passwd alarm


systemctl get-default
systemctl set-default multi-user.target

 

hostnamectl set-hostname sandbox


ssh-keygen
cd .ssh
vi authorized_keys
chmod 400 authorized_keys
(Connect via ssh from remote system)
cat unix4life:/root/.ssh/id_rsa.pub > sandbox:/root/.ssh/authorized_keys

> /etc/motd

vi /etc/systemd/network/eth0.network
[Match]
Name=eth0
#[Network]
#DHCP=yes
#DNSSEC=no
[Network]
Address=192.168.178.###/24
Gateway=192.168.178.1
DNS=208.67.222.222
DNS=208.67.220.220
[root@sandbox ~]#

vi /etc/sysctl.d/40-ipv6.conf
# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1

systemctl restart systemd-sysctl.service
systemctl enable cronie


#Add: ipv6.disable=1 & audit=0
vi /boot/cmdline.txt
root=/dev/mmcblk0p2 rw rootwait console=ttyAMA0,115200 console=tty1 selinux=0 plymouth.enable=0 smsc95xx.turbo_mode=N dwc_otg.lpm_enable=0 kgdboc=ttyAMA0,115200 elevator=noop ipv6.disable=1 (audit=0 ??)


vi /etc/hosts (disable all ip6 lines)

timedatectl set-timezone Europe/Amsterdam

shutdown -r now

==================================================================================================================


vi /etc/systemd/system/rclocal.service
[Unit]
Description=rclocal
[Service]
ExecStart=/etc/rc.local
[Install]
WantedBy=multi-user.target


systemctl enable rclocal.service

 

vi /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
touch /forcefsck
echo 100 > /sys/devices/system/cpu/cpufreq/ondemand/sampling_down_factor
echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
sleep 5
mount -t tmpfs -o size=10M tmpfs /var/log/sysstat/
#echo "0" > /sys/bus/w1/devices/w1_bus_master1/w1_master_search
sleep 10
sync;sync; echo 1 > /proc/sys/vm/drop_caches
exit 0


chmod 755 /etc/rc.local
==================================================================================================================

==================================================================================================================

vi /etc/ssh/sshd_config
ChallengeResponseAuthentication no
UsePAM no
VersionAddendum none
Banner none


systemctl restart sshd


=========================================================================================================

NRPE/NSCA client:
groupadd -g 5666 nagios
useradd -u 5666 -g nagios -c "Nagios user for monitoring" -d /usr/local/nagios -m nagios

mkdir /usr/local/nagios
mkdir /usr/local/nagios/etc
mkdir /usr/local/nagios/etc/inputs
mkdir /usr/local/nagios/tmp
mkdir /usr/local/nagios/bin
mkdir /usr/local/nagios/libexec
mkdir /usr/local/nagios/libexec/ak72
mkdir /usr/local/nagios/var
mkdir /usr/local/nagios/var/tmp
chown -R nagios:nagios /usr/local/nagios

Nagios plugins:
tar zxvf nagios-plugins-2.3.3.tar.gz
cd ../nagios-plugins-2.#.#
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install

cp -p /usr/local/nagios/libexec/check_http /usr/local/nagios/libexec/check_https

NRPE Client:
tar zxvf nrpe-4.#.#.tar.gz
./configure
make all
make install
make install-config
make install-init
(/lib/systemd/system/nrpe.service)

systemctl enable nrpe
systemctl start nrpe

 

NSCA Client:

tar zxvf nsca-2.#.#.tar.gz
./configure
make all

#cp -p src/nsca /usr/local/nagios/bin/
#chown nagios:nagios /usr/local/nagios/bin/nsca

cp -p src/send_nsca /usr/local/nagios/libexec/
chown nagios:nagios /usr/local/nagios/libexec/send_nsca

#cp -p sample-config/nsca.cfg /usr/local/nagios/etc/
#chown nagios:nagios /usr/local/nagios/etc/nsca.cfg
#chmod 600 /usr/local/nagios/etc/nsca.cfg

scp -p unix4life:/usr/local/nagios/libexec/send_nsca.cfg <remotehost>:/usr/local/nagios/libexec/send_nsca.cfg
scp -p unix4life:/usr/local/nagios/etc/nrpe.cfg sandbox:/usr/local/nagios/etc/
scp -p -r unix4life:/usr/local/nagios/libexec/eventhandlers sandbox:/usr/local/nagios/libexec/
scp -p -r unix4life:/usr/local/nagios/libexec/ak72 sandbox:/usr/local/nagios/libexec/

chown -R nagios:nagios /usr/local/nagios

==================================================================================================================
Configure the bootloader to enable the i2c hardware by appending to /boot/config.txt:
dtparam=i2c_arm=on
#dtparam=i2s=on
dtparam=spi=on
dtoverlay=dht11,gpiopin=4

 

Rsyslog config
vi /etc/rsyslog.conf => is now done via /etc/systemd/journald.conf

vi /etc/systemd/journald.conf
#Storage=none
MaxLevelStore=warning
MaxLevelSyslog=warning
MaxLevelKMsg=warning
MaxLevelConsole=warning

vi /etc/audit/auditd.conf
#write_logs = yes
write_logs = no
log_file = /var/log/audit/audit.log

service auditd reload

scp -p unix4life:/root/Check_cache_memory.ksh sandbox:

Crontab:
crontab crontab_sandbox
crontab -l

==================================================================================================================
sysstat
#http://pagesperso-orange.fr/sebastien.godard/

#tar xf sysstat.....xz
#cd sysstat...
#./configure --prefix=/usr
#make
#make install

mkdir /var/log/sysstat
ln -s /usr/lib/sa /usr/lib/sysstat

scp -p unix4life:/etc/cron.d/sysstat sandbox:/etc/cron.d/
scp -p unix4life:/etc/cron.daily/sysstat sandbox:/etc/cron.daily/
scp -p unix4life:/etc/sysstat/sysstat sandbox:/etc/conf.d/

(in /etc/rc.d/rc.local enable the mount command)
mount -t tmpfs -o size=10M tmpfs /var/log/sysstat/
sleep 1
#restorecon /var/log/sysstat => Important SELinux!!!


==================================================================================================================

Configure mail:
touch /etc/msmtprc
chmod 640 /etc/msmtprc

vi /etc/msmtprc
# Gmail specifics
# Accounts will inherit settings from this section
defaults
auth on
tls on
tls_certcheck off
# tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile /var/log/msmtp.log
aliases /etc/aliases
# Gmail specifics
account gmail
host smtp.gmail.com
port 587
from <info@FQDN>
user <Username>@gmail.com
password <Password>
# Default
account default : gmail

 

=============================================================================================================================
MariaDB (mysql):
pacman --noconfirm -S mariadb mariadb-clients

mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql

systemctl enable/start mariadb

#firewall-cmd --permanent --add-service mysql

vi /etc/my.cnf

mysql_secure_installation
Enter current password for root (enter for none):
Switch to unix_socket authentication [Y/n] Y
Change the root password? [Y/n] Y
New password: (........)
Re-enter new password: (........)
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y


mysql -u root -h localhost -p
mkdir /var/log/mariadb
chown mysql:mysql /var/log/mariadb

vi /etc/my.cnf.d/server.cnf
[mariadb]
log_error=/var/log/mariadb/mariadb.log


systemctl restart mariadb

 


Apache HTTPD:
##yum install httpd mod_ssl mod_wsgi mod_php php-mysql

pacman --noconfirm -S apache php php-apache libmariadbclient
systemctl enable/start httpd


vi /etc/httpd/conf/httpd.conf
#Place at the end of the module load:
#LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

#Place this at the end of the LoadModule list:
LoadModule php7_module modules/libphp7.so
AddHandler php7-script .php

#Place this at the end of the Include list:
Include conf/extra/php7_module.conf


Restart httpd.service using systemd.


firewall-cmd --zone=public --permanent --add-service http
firewall-cmd --zone=public --permanent --add-service https
#firewall-cmd --zone=public --add-port=http/tcp --permanent

#semanage fcontext –a –t httpd_sys_content_t ‘/dir/subdir(/.*)?’
#restorecon –Rv /dir
#cd /etc/pki/tls/certs (example-ca.crt & webapp5.crt)
#cd /etc/pki/tls/private (webapp5.key ;chmod 400)
#Andere poort: semanage port –a –t http_port_t –p tcp 444 firewall-cmd --permanent --add-port 444/tcp


vi /srv/http/phpinfo.php
<?php
// Show all information, defaults to INFO_ALL
phpinfo();
// Show just the module information.
// phpinfo(8) yields identical results.
phpinfo(INFO_MODULES);
?>

##########TOT HIER##################

=======================================================================================================================================

/opt/vc/bin/vcgencmd measure_temp
temp=49.8'C

GPIO
To be able to use the GPIO pins from Python, use the RPi.GPIO library. Install the python-raspberry-gpio package from the AUR.

SPI
To enable the /dev/spidev* devices, uncomment the following line in /boot/config.txt:

device_tree_param=spi=on
I2C
Install i2c-tools and lm_sensors packages.

Configure the bootloader to enable the i2c hardware by appending to /boot/config.txt:
dtparam=i2c_arm=on
#dtparam=i2s=on
dtparam=spi=on
dtoverlay=dht11,gpiopin=4

Configure the i2c-dev and i2c-bcm2708 (if not blacklisted for the camera) modules to be loaded at boot in /etc/modules-load.d/raspberrypi.conf:

i2c-dev i2c-bcm2708

Reboot the Raspberry Pi and issue the following command to get the hardware address:

i2cdetect -y 0
Note: When using the I2C1 port instead of I2C0, one will need to run i2cdetect -y 1 instead and replace i2c-0 with i2c-1 in the following steps.

Now instantiate the device. Change the hardware address to the address found in the previous step with '0x' as prefix (e.g. 0x48) and choose a device name:

echo <devicename> <hardware address> >/sys/class/i2c-adapter/i2c-0/new_device
Check dmesg for a new entry:

i2c-0: new_device: Instantiated device ds1621 at 0x48
Finally, read the sensor output: sensors

1-WIRE
To enable the 1-wire interface add this line to /boot/config.txt and reboot. dtoverlay=w1-gpio

  Donate now via the Paypal button on the top in US Dollar and on the bottom in Euro