From 52caa0b75ffb62511e4f73317243258bfa24d701 Mon Sep 17 00:00:00 2001 From: Francis Rowe Date: Fri, 10 Oct 2014 23:49:14 +0100 Subject: Documentation: configuring_parabola.html Shows some basic post-install configuration steps for Parabola GNU/Linux-libre, as a follow up to encrypted_parabola.html which showed how to setup a fully encrypted Parabola system. --- docs/howtos/configuring_parabola.html | 784 ++++++++++++++++++++++++++++++++++ docs/howtos/encrypted_parabola.html | 112 +++-- docs/index.html | 7 +- 3 files changed, 877 insertions(+), 26 deletions(-) create mode 100644 docs/howtos/configuring_parabola.html diff --git a/docs/howtos/configuring_parabola.html b/docs/howtos/configuring_parabola.html new file mode 100644 index 0000000..56c5420 --- /dev/null +++ b/docs/howtos/configuring_parabola.html @@ -0,0 +1,784 @@ + + + + + + + + + Configuring Parabola (post-install) + + + +
+

Configuring Parabola (post-install)

+ +
+ +
+ +

Table of Contents

+ + +
+ +

+ While not strictly related to the libreboot project, this guide + is intended to be useful for those interested in installing + Parabola on their libreboot machine. This is also beneficial because development + is now being done on Parabola, where Trisquel is no longer used by the maintainer + at the time of writing. +

+ +

+ It details configuration steps that I took after installing the base system, + as a follow up to encrypted_parabola.html. + This guide is likely to become obsolete at a later date (due to the volatile + 'rolling-release' model that Arch/Parabola both use), but attempts will be made to maintain it. +

+ +

+ + This guide was valid on 2014-09-21. If you see any changes that should to be made at the present date, please get in touch + with the libreboot project! + +

+ +

+ You do not necessarily have to follow this guide word-for-word; parabola is extremely flexible. + The aim here is to provide a common setup that most users will be happy with. While Parabola + can seem daunting at first glance (especially for new GNU/Linux users), with a simple guide it can provide + all of the same usability as Trisquel, without hiding any details from the user. +

+ +

+ Paradoxically, as you get more advanced Parabola can actually become easier to use + when you want to setup your machine in a special way compared to what most distributions provide. + You will find over time that other distributions tend to get in your way. +

+ +

+ + This guide assumes that you already have Parabola installed. If you have not yet installed Parabola, + then this guide is highly recommended! + +

+ +

+ A lot of the steps in this guide will refer to the Arch wiki. Arch is the upstream distribution that Parabola uses. + Most of this guide will also tell you to read wiki articles, other pages, manuals, and so on. In general it tries + to cherry pick the most useful information but nonetheless you are encouraged to learn as much as possible. + It might take you a few days to fully install your system how you like, depending on how much you need to read. Patience is key, + especially for new users. +

+ +

+ The Arch wiki will sometimes use bad language, such as calling the whole system Linux, using the term open-source (or closed-source), + and it will sometimes recommend the use of proprietary software. You need to be careful about this when reading anything on the + Arch wiki. +

+ +

+ Some of these steps require internet access. I'll go into networking later but for now, I just connected + my machine to a switch and did:
+ # systemctl start dhcpcd.service
+ You can stop it later by running:
+ # systemctl stop dhcpcd.service
+ For most people this should be enough, but if you don't have DHCP on your network then you should setup your network connection first:
+ Setup network connection in Parabola +

+ +
+ +

Configure pacman

+

+ pacman (package manager) is the name of the package management system in Arch, which Parabola + (as a deblobbed parallel effort) also uses. Like with 'apt-get' on debian-based systems like Trisquel, + this can be used to add/remove and update the software on your computer. +

+

+ Based on https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman + and from reading https://wiki.archlinux.org/index.php/Pacman (make sure to read and understand this, + it's very important) and + https://wiki.parabolagnulinux.org/Official_Repositories +

+

+ Back to top of page. +

+

Updating Parabola

+

+ In the end, I didn't change my configuration for pacman. When you are updating, resync with the latest package names/versions:
+ # pacman -Syy
+ (according to the wiki, -Syy is better than Sy because it refreshes the package list even if it appears to be up to date, + which can be useful when switching to another mirror).
+ Then, update the system:
+ # pacman -Syu +

+

+ + Before installing packages with 'pacman -S', always update first, using the notes above. + +

+

+ Keep an eye out on the output, or read it in /var/log/pacman.log. Sometimes, pacman will show messages + about maintenance steps that you will need to perform with certain files (typically configurations) + after the update. Also, you should check both the Parabola and Arch home pages to see if they mention any issues. + If a new kernel is installed, you should also update to be able to use it (the currently running kernel will + also be fine). It's generally good enough to update Parabola once every week, or maybe twice. As a + rolling release distribution, it's a good idea never to leave your install too outdated; update regularly. This + is simply because of the way the project works; old packages are deleted from the repositories quickly, once they are updated. + A system that hasn't been updated for quite a while will mean potentially more reading of previous posts through the website, + and more maintenance work. +

+

+ The Arch forum can also be useful, if others have the same issue as you (if you encounter issues, that is). Parabola's + IRC channel (#parabola on freenode) can also help you. +

+

+ Due to this and the volatile nature of Parabola/Arch, you should only update when you have at least a couple hours of spare time + in case of issues that need to be resolved. You should never update, for example, if you need your system for an important event, + like a presentation or sending an email to an important person before an allocated deadline, and so on. +

+

+ Relax - packages are well-tested regularly when new updates are made to the repositories. Separate 'testing' repositories + exist for this exact reason. Despite what many people will tell you, Parabola is fairly stable and trouble-free, + so long as you are aware of how to check for issues, and are willing to spend some time fixing issues in + the rare event that they do occur. +

+

+ Back to top of page. +

+

Maintaining Parabola

+

+ Parabola is a very simple distro, in the sense that you are in full control + and everything is made transparent to you. One consequence is + that you also need to know what you are doing, and what you have done before. In general, keeping notes (such as what I have done + with this page) can be very useful as a reference in the future (if you wanted to re-install it or install the distro + on another computer, for example). +

+

+ Back to top of page. +

+

Cleaning the package cache

+

+ + The following is very important as you continue to use, update and maintain your Parabola system:
+ https://wiki.archlinux.org/index.php/Pacman#Cleaning_the_package_cache. + Essentially, this guide talks about a directory that has to be cleaned once in a while, to prevent it from growing too big (it's a cache + of old package information, updated automatically when you do anything in pacman). + +

+

+ To clean out all old packages that are cached:
+ # pacman -Sc +

+

+ The wiki cautions that this should be used with care. For example, since older packages are deleted from the repo, + if you encounter issues and want to revert back to an older package then it's useful to have the caches available. + Only do this if you are sure that you won't need it. +

+

+ The wiki also mentions this method for removing everything from the cache, including currently installed packages that are cached:
+ # pacman -Scc
+ This is inadvisable, since it means re-downloading the package again if you wanted to quickly re-install it. This should only be used + when disk space is at a premium. +

+

+ Back to top of page. +

+

pacman command equivalents

+

+ The following table lists other distro package manager commands, and their equivalent in pacman:
+ https://wiki.archlinux.org/index.php/Pacman_Rosetta +

+

+ Back to top of page. +

+ +

your-freedom

+

+ your-freedom is a package specific to Parabola, and it is installed by default. What it does is conflict with packages + from Arch that are known to be non-free (proprietary) software. When migrating from Arch (there is a guide on the Parabola + wiki for migrating - converting - an existing Arch system to a Parabola system), installing + your-freedom will also fail if these packages are installed, citing them as conflicts; the recommended solution + is then to delete the offending packages, and continue installing your-freedom. +

+

+ Back to top of page. +

+ +
+ +

Add a user

+

+ Based on https://wiki.archlinux.org/index.php/Users_and_Groups. +

+

+ It is important (for security reasons) to create and use a non-root (non-admin) user account for every day use. The default 'root' account is intended + only for critical administrative work, since it has complete access to the entire operating system. +

+

+ Read the entire document linked to above, and then continue. +

+

+ Add your user:
+ # useradd -m -G wheel -s /bin/bash yourusername
+ Set a password:
+ # passwd yourusername +

+ +

Back to top of page

+ +
+ +

systemd

+

+ This is the name of the system used for managing services in Parabola. It is a good idea to become familiar with it. + Read https://wiki.archlinux.org/index.php/systemd + and https://wiki.archlinux.org/index.php/systemd#Basic_systemctl_usage + to gain a full understanding. This is very important! Make sure to read them. +

+

+ An example of a 'service' could be a webserver (such as lighttpd), or sshd (openssh), dhcp, etc. There are countless others. +

+

+ https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530 explains + the background behind the decision by Arch (Parabola's upstream supplier) to use systemd. +

+ +

+ The manpage should also help:
+ # man systemd
+ The section on 'unit types' is especially useful. +

+ +

+ According to the wiki, systemd 'journal' keeps logs of a size up to 10% of the total size your / partition takes up. + on a 60GB root this would mean 6GB. That's not exactly practical, and can have performance implications later when the + log gets too big. Based on instructions from the wiki, I will reduce the total size of the journal to 50MiB (the wiki + recommends 50MiB). +

+

+ Open /etc/systemd/journald.conf and find the line that says:
+ #SystemMaxUse=
+ Change it to say:
+ SystemMaxUse=50M +

+

+ The wiki also recommended a method for forwarding journal output to TTY 12 (accessible by pressing ctrl+alt+f12, + and you use ctrl+alt+[F1-F12] to switch between terminals). I decided not to enable it. +

+

+ Restart journald:
+ # systemctl restart systemd-journald +

+ +

+ The wiki recommends that if the journal gets too large, you can also simply delete (rm -rf) everything inside /var/log/journald/* + but recommends backing it up. This shouldn't be necessary, since you already set the size limit above and systemd will automatically + start to delete older records when the journal size reaches it's limit (according to systemd developers). +

+ +

+ Finally, the wiki mentions 'temporary' files and the utility for managing them.
+ # man systemd-tmpfiles
+ The command for 'clean' is:
+ # systemd-tmpfiles --clean
+ According to the manpage, this "cleans all files and directories with an age parameter". + According to the Arch wiki, this reads information in /etc/tmpfiles.d/ and /usr/lib/tmpfiles.d/ + to know what actions to perform. Therefore, it is a good idea to read what's stored in these locations + to get a better understanding. +

+

+ I looked in /etc/tmpfiles.d/ and found that it was empty on my system. However, /usr/lib/tmpfiles.d/ contained some files. + The first one was etc.conf, containing information and a reference to this manpage:
+ # man tmpfiles.d
+ Read that manpage, and then continue studying all of the files. +

+

+ The systemd developers tell me that it usually isn't necessary to touch the systemd-tmpfiles utility manually at all. +

+ +

Back to top of page

+ +
+ +

Interesting repositories

+

+ Parabola wiki at https://wiki.parabolagnulinux.org/Repositories#kernels + mentions about a repository called [kernels] for custom kernels that aren't in the default base. It might be worth looking into what is available + there, depending on your use case. +

+

+ I enabled it on my system, to see what was in it. Edit /etc/pacman.conf and below the 'extra' section add:
+ + [kernels]
+ Include = /etc/pacman.d/mirrorlist + +

+

+ Now sync with the repository:
+ # pacman -Syy +

+

+ List all available packages in this repository:
+ # pacman -Sl kernels +

+

+ In the end, I decided not to install anything from it but I kept the repository enabled regardless. +

+

Back to top of page.

+ +
+ +

Setup a network connection in Parabola

+

+ Read https://wiki.archlinux.org/index.php/Configuring_Network. +

+

+ Back to top of page. +

+

Set the hostname

+

+ This should be the same as the hostname that you set in /etc/hostname when installing Parabola. You can also do it with systemd (do so now, if you like):
+ # hostnamectl set-hostname yourhostname
+ This writes the specified hostname to /etc/hostname. More information can be found in these manpages:
+ # man hostname
+ # info hostname
+ # man hostnamectl +

+

+ Add the same hostname to /etc/hosts, on each line. Example:
+ + 127.0.0.1 localhost.localdomain localhost myhostname
+ ::1 localhost.localdomain localhost myhostname + +

+

+ You'll note that I set both lines; the 2nd line is for IPv6. More and more ISP's are providing this now (mine does) + so it's good to be forward-thinking here. +

+

+ The hostname utility is part of the inetutils package and is in core/, installed by default (as part of base). +

+

+ Back to top of page. +

+

Network Status

+

+ According to the Arch wiki, udev should already detect the ethernet chipset + and load the driver for it automatically at boot time. You can check this in the "Ethernet controller" section + when running this command:
+ # lspci -v +

+

+ Look at the remaining sections 'Kernel driver in use' and 'Kernel modules'. In my case it was as follows:
+ + Kernel driver in use: e1000e
+ Kernel modules: e1000e + +

+

+ Check that the driver was loaded by issuing dmesg | grep module_name. In my case, I did:
+ # dmesg | grep e1000e +

+

Network device names

+

+ According to https://wiki.archlinux.org/index.php/Configuring_Network#Device_names, + it is important to note that the old interface names like eth0, wlan0, wwan0 and so on no longer apply. Instead, systemd + creates device names starting with en (for enternet), wl (for wifi) and ww (for wwan) with a fixed identifier that systemd automatically generates. + An example device name for your ethernet chipset would be enp0s25, where it is never supposed to change. +

+

+ If you want to enable the old names (eth0, wlan0, wwan0, etc), the Arch wiki recommends + adding net.ifnames=0 to your kernel parameters (in libreboot context, this would be accomplished by following the + instructions in grub_cbfs.html). +

+

+ For background information, + read Predictable Network Interface Names +

+

+ Show device names:
+ # ls /sys/class/net +

+

+ Changing the device names is possible (I chose not to do it):
+ https://wiki.archlinux.org/index.php/Configuring_Network#Change_device_name +

+

+ Back to top of page. +

+

Network setup

+

+ I actually chose to ignore most of Networking section on the wiki. Instead, I plan to setup LXDE desktop with the graphical + network-manager client. Here is a list of network managers:
+ https://wiki.archlinux.org/index.php/List_of_applications/Internet#Network_managers. + If you need to, set a static IP address (temporarily) using the networking guide an the Arch wiki, or start the dhcpcd service in systemd. + NetworkManager will be setup later, after installing LXDE. +

+

+ Back to top of page. +

+ +
+ +

System Maintenance

+

+ Read https://wiki.archlinux.org/index.php/System_maintenance before continuing. + Also read https://wiki.archlinux.org/index.php/Enhance_system_stability. + This is important, so make sure to read them! +

+

+ Install smartmontools (can be used to check smart data - note: HDD's use non-free firmware inside, it's transparent to you + but the smart data comes from it. Therefore, don't rely on it too much):
+ # pacman -S smartmontools
+ Read https://wiki.archlinux.org/index.php/S.M.A.R.T. to learn how to use it. +

+

+ Back to top of page. +

+ +
+ +

Configuring the desktop

+

+ Based on steps from + General Recommendations on the Arch wiki. + The plan is to use LXDE and LXDM/LightDM, along with everything else that you would expect on other distributions that provide LXDE + by default. +

+

+ Back to top of page. +

+ +

Installing Xorg

+

+ Based on https://wiki.archlinux.org/index.php/Xorg. +

+

+ Firstly, install it!
+ # pacman -S xorg-server
+ I also recommend installing this (contains lots of useful tools, including xrandr):
+ # pacman -S xorg-server-utils +

+

+ Install the driver. For me this was xf86-video-intel on the ThinkPad X60. T60 and macbook11/21 should be the same.
+ # pacman -S xf86-video-intel
+ For other systems you can try:
+ # pacman -Ss xf86-video- | less
+ Combined with looking at your lspci output, you can determine which driver is needed. + By default, Xorg will revert to xf86-video-vesa which is a generic driver and doesn't provide true hardware acceleration. +

+

+ Other drivers (not just video) can be found by looking at the xorg-drivers group:
+ # pacman -Sg xorg-drivers
+

+

+ Mostly you will rely on a display manager, but in case you ever want to start X without one:
+ # pacman -S xorg-xinit +

+

+ <optional>
+    Arch wiki recommends installing these, for testing that X works:
+    # pacman -S xorg-twm xorg-xclock xterm
+    Refer to https://wiki.archlinux.org/index.php/Xinitrc. + and test X:
+    # startx
+    When you are satisfied, type exit in xterm, inside the X session.
+    Uninstall them (clutter. eww): # pacman -S xorg-xinit xorg-twm xorg-xclock xterm
+ </optional> +

+

+ Back to top of page. +

+ +

Xorg keyboard layout

+

+ Refer to https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg. +

+

+ Xorg uses a different configuration method for keyboard layouts, so you will notice that the layout you + set in /etc/vconsole.conf earlier might not actually be the same in X. +

+

+ To see what layout you currently use, try this on a terminal emulator in X:
+ # setxkbmap -print -verbose 10 +

+

+ In my case, I wanted to use the Dvorak (UK) keyboard which is quite different from Xorg's default Qwerty (US) layout. +

+

+ I'll just say it now: XkbModel can be pc105 in this case (ThinkPad X60, with a 105-key UK keyboard). + If you use an American keyboard (typically 104 keys) you will want to use pc104. +

+

+ XkbLayout in my case would be gb, and XkbVariant would be dvorak. +

+

+ The Arch wiki recommends two different methods for setting the keyboard layout:
+ https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_X_configuration_files and
+ https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_localectl. +

+

+ In my case, I chose to use the configuration file method:
+ Create the file /etc/X11/xorg.conf.d/10-keyboard.conf and put this inside:
+ + Section "InputClass"
+         Identifier "system-keyboard"
+         MatchIsKeyboard "on"
+         Option "XkbLayout" "gb"
+         Option "XkbModel" "pc105"
+         Option "XkbVariant" "dvorak"
+ EndSection + +

+

+ For you, the steps above may differ if you have a different layout. If you use a US Qwerty keyboard, then + you don't even need to do anything (though it might help, for the sake of being explicit). +

+

+ Back to top of page. +

+ +

Install LXDE

+

+ Desktop choice isn't that important to me, so for simplicity I decided to use LXDE. It's lightweight + and does everything that I need. + If you would like to try something different, refer to + https://wiki.archlinux.org/index.php/Desktop_environment +

+

+ Refer to https://wiki.archlinux.org/index.php/LXDE. +

+

+ Install it, choosing 'all' when asked for the default package list:
+ # pacman -S lxde obconf +

+

+ I didn't want the following, so I removed them:
+ # pacman -R lxmusic lxtask +

+

+ I also lazily installed all fonts:
+ # pacman -S $(pacman -Ssq ttf-) +

+

+ LXDE comes with a terminal. You probably want a browser to go with that; I choose GNU IceCat, part of the GNU project:
+ # pacman -S icecat
+ And a mail client:
+ # pacman -S icedove +

+

+ In IceCat, go to Preferences :: Advanced and disable GNU IceCat Health Report. +

+

+ I also like to install these:
+ # pacman -S xsensors stress htop +

+

+ Enable LXDM (the default display manager, providing a graphical login):
+ # systemctl enable lxdm.service
+ It will start when you boot up the machine. To start it now, do:
+ # systemctl start lxdm.service +

+

+ Log in with your standard (non-root) user that you created earlier. + It is advisable to also create an xinitrc rule in case you ever want to start lxde without lxdm. + Read https://wiki.archlinux.org/index.php/Xinitrc. +

+

+ Open LXterminal:
+ $ cp /etc/skel/.xinitrc ~
+ Open .xinitrc and add the following plus a line break at the bottom of the file.
+ + # Probably not needed. The same locale info that we set before
+ # Based on advice from the LXDE wiki + export LC_ALL=en_GB.UTF-8
+ export LANGUAGE=en_GB.UTF-8
+ export LANG=en_GB.UTF-8
+
+ # Start lxde desktop
+ exec startlxde
+ + Now make sure that it is executable:
+ $ chmod +x .xinitrc +

+

+ Back to top of page. +

+ +

LXDE - clock

+

+ In Digital Clock Settings (right click the clock) I set the Clock Format to %Y/%m/%d %H:%M:%S +

+

+ Back to top of page. +

+ +

LXDE - font

+

+ NOTE TO SELF: come back to this later. +

+

+ Back to top of page. +

+ +

LXDE - screenlock

+

+ Arch wiki recommends to use xscreensaver:
+ # pacman -S xscreensaver +

+

+ Under Preferences :: Screensaver in the LXDE menu, I chose Mode: Blank Screen Only, + setting Blank After, Cycle After and Lock Screen After (checked) to 10 minutes. +

+

+ You can now lock the screen with Logout :: Lock Screen in the LXDE menu. +

+

+ Back to top of page. +

+ +

LXDE - automounting

+

+ Refer to https://wiki.archlinux.org/index.php/File_manager_functionality. +

+

+ I chose to ignore this for now. NOTE TO SELF: come back to this later. +

+

+ Back to top of page. +

+

LXDE - disable suspend

+

+ When closing the laptop lid, the machine suspends. This is annoying at least to me. + NOTE TO SELF: disable it, then document the steps here. +

+

+ Back to top of page. +

+

LXDE - battery monitor

+

+ Right click lxde panel and Add/Remove Panel Items. Click Add and select Battery Monitor, then click Add. + Close and then right-click the applet and go to Battery Monitor Settings, check the box that says Show Extended Information. + Now click Close. When you hover the cursor over it, it'll show information about the battery. +

+

+ Back to top of page. +

+

LXDE - Network Manager

+

+ Refer to https://wiki.archlinux.org/index.php/LXDE#Network_Management. + Then I read: https://wiki.archlinux.org/index.php/NetworkManager. +

+

+ Install Network Manager:
+ # pacman -S networkmanager +

+

+ You will also want the graphical applet:
+ # pacman -S network-manager-applet
+ Arch wiki says that an autostart rule will be written at /etc/xdg/autostart/nm-applet.desktop +

+

+ I want to be able to use a VPN at some point, so the wiki tells me to do:
+ # pacman -S networkmanager-openvpn +

+

+ LXDE uses openbox, so I refer to:
+ https://wiki.archlinux.org/index.php/NetworkManager#Openbox. +

+

+ It tells me for the applet I need:
+ # pacman -S xfce4-notifyd gnome-icon-theme
+ Also, for storing authentication details (wifi) I need:
+ # pacman -S gnome-keyring +

+

+ I wanted to quickly enable networkmanager:
+ # systemctl stop dhcpcd
+ # systemctl start NetworkManager
+ Enable NetworkManager at boot time:
+ # systemctl enable NetworkManager +

+

+ Restart LXDE (log out, and then log back in). +

+

+ I added the volume control applet to the panel (right click panel, and add a new applet). + I also later changed the icons to use the gnome icon theme, in lxappearance. +

+

+ Back to top of page. +

+ +
+ +

+ Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
+ This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

+ +

+ This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

+ + + diff --git a/docs/howtos/encrypted_parabola.html b/docs/howtos/encrypted_parabola.html index b7f2359..c7a9210 100644 --- a/docs/howtos/encrypted_parabola.html +++ b/docs/howtos/encrypted_parabola.html @@ -35,6 +35,10 @@

+ For this guide I used the 2013 09 01 image to boot the live installer and install the system. +

+ +

Parabola is much more flexible than Trisquel, but also more involved to setup. Use Parabola. It's 10 million times better than Trisquel.

@@ -45,17 +49,42 @@

+ If you are using an SSD for this, make sure it's brand-new (or barely used). Or, otherwise, be sure that it never previously + contained plaintext copies of your data. +

+ +

Wipe the MBR (if you use MBR):
# lsblk
Your HDD is probably /dev/sda: - # dd if=/dev/zero of=/dev/sda bs=446 count=1
+ # dd if=/dev/zero of=/dev/sda bs=446 count=1; sync
Never use SeaBIOS! The MBR section can easily be changed with malicious code, which SeaBIOS will blindly execute. This guide is for libreboot with GRUB-as-payload only.

Securely wipe the drive:
- # dd if=/dev/urandom of=/dev/sda + # dd if=/dev/urandom of=/dev/sda; sync
+ NOTE: If you have an SSD, only do this the first time. If it was already LUKS-encrypted before, + use the info below to wipe the LUKS header. Also, check online for your SSD what the recommended + erase block size is. For example if it was 2MiB:
+ # dd if=/dev/urandom of=/dev/sda bs=2M; sync +

+

+ If your drive was already LUKS encrypted (maybe you are re-installing your distro) then + it is already 'wiped'. You should just wipe the LUKS header. + https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/ + showed me how to do this. It recommends to do the first 3MiB. Now, that guide is recommending putting zero there. I'm doing to use urandom. Do this:
+ # head -c 3145728 /dev/urandom > /dev/sda; sync
+ (wiping the LUKS header is important, since it has hashed passphrases and so on. It's 'secure', but 'potentially' a risk). +

+

+ + If you do plan to use an SSD, make sure to read + https://wiki.archlinux.org/index.php/Solid_State_Drives
+ Edit /etc/fstab later on when chrooted into your install. Also, read the whole article and keep all points in mind, adapting + them for this guide. +

@@ -197,30 +226,43 @@ Otherwise, refer to https://wiki.archlinux.org/index.php/Configuring_Network. You can test to see if internet is already working by pinging a few domains.

+

- The following is based on 'Verification of package signatures' in the Parabola install guide. Check there first to see if steps differ by now. - Now you have to update the default Parabola keyring. This is used for signing and verifying packages:
- # pacman -Sy parabola-keyring
- It says that you you get GPG errors, it's probably an expired key so do:
- # pacman-key --populate parabola
- # pacman-key --refresh-keys
- # pacman -Sy parabola-keyring
- To be honest, you should do the above anyway. Parabola has a lot of maintainers, and a lot of keys. Really!
- Also, it says that if the clock is set incorrectly then you have to manually set the correct time (if keys are listed as expired because of it):
- # date MMDDhhmm[[CC]YY][.ss] + I commented out all lines except the Server line for the UK Parabola server (main server) in /etc/pacman.d/mirrorlist and then did:
+ # pacman -Syy
+ # pacman -Syu
+ # pacman -Sy pacman (and then I did the other 2 steps above, again)
+ In my case I did the steps in the next paragraph, and followed the steps in this paragraph again. +

+

+ <troubleshooting>
+    The following is based on 'Verification of package signatures' in the Parabola install guide.
+    Check there first to see if steps differ by now.
+    Now you have to update the default Parabola keyring. This is used for signing and verifying packages:
+    # pacman -Sy parabola-keyring
+    It says that you you get GPG errors, it's probably an expired key so do:
+    # pacman-key --populate parabola
+    # pacman-key --refresh-keys
+    # pacman -Sy parabola-keyring
+    To be honest, you should do the above anyway. Parabola has a lot of maintainers, and a lot of keys. Really!
+    Also, it says that if the clock is set incorrectly then you have to manually set the correct time
+    (if keys are listed as expired because of it):
+    # date MMDDhhmm[[CC]YY][.ss]
+    I also had to install:
+    # pacman -S archlinux-keyring
+    # pacman-key --populate archlinux
+    In my case I saw some conflicting files reported in pacman, stopping me from using it.
+    I deleted the files that it mentioned + and then it worked. Specifically, I had this error:
+    licenses: /usr/share/licenses/common/MPS exists in filesystem
+    I rm -rf'd the file and then pacman worked. I'm told that the following would have also made it work:
+    # pacman -Sf licenses
+ </troubleshooting>
+

+

+ I also like to install other packages (base-devel, compilers and so on) and wpa_supplicant/dialog are needed for wireless after the install:
+ # pacstrap /mnt base base-devel wpa_supplicant dialog

- -

Install the base system

-

- I commented out all lines except the Server line for the UK Parabola server (main server) in /etc/pacman.d/mirrorlist and then did:
- # pacman -Syu
- I also had to upgrade pacman and then do the above again:
- # pacman -Sy pacman -

-

- I also like to install other packages (base-devel, compilers and so on) and wpa_supplicant/dialog are needed for wireless after the install:
- # pacstrap /mnt base base-devel wpa_supplicant dialog -

Configure the system

@@ -345,7 +387,7 @@ Or just delete it. Above it, put:
auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog
To unlock a user manually (if a password attempt is failed 3 times), do:
- # pam_tally --user --reset + # pam_tally --user theusername --reset What the above configuration does is lock the user out for 10 minutes, if they make 3 failed login attempts.

@@ -418,6 +460,10 @@

+ Personally, I opted to have the entry for linux-libre-grsec at the top, so that it would load by default. +

+ +

Above the 'Load Operating System' menu entry you should also add a GRUB password, like so: 

set superusers="root"
@@ -469,6 +515,12 @@ password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB97
 			# pacman -S dmidecode
 		

 
+		

+			When done, deleted GRUB (remember, we only needed it for the grub-mkpasswd-pbkdf2 utility;
+			GRUB is already part of libreboot, flashed alongside it as a payload):

+			# pacman -R grub
+		

+
 

 
 	

@@ -487,6 +539,16 @@ password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB97
 
 

 
+	
Follow-up tutorial: configuring Parabola

+		

+			configuring_parabola.html shows my own notes post-installation. Using these, you can get a basic
+			system similar to the one that I chose for myself. You can also cherry pick useful notes and come up with your own system. 
+			Parabola is user-centric, which means that you are in control. For more information, read The Arch Way
+			(Parabola also follows it).
+		

+
+

+
 	

 		Copyright © 2014 Francis Rowe <info@gluglug.org.uk>

 		This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
diff --git a/docs/index.html b/docs/index.html
index e703df9..e00aec3 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -45,7 +45,12 @@
 		

 
-- 
cgit v1.1-4-g5e80