介绍
本文将介绍如何在当前运行内存或 Live ISO 镜像的服务器上安装一个精简版的 Arch Linux 系统。只要磁盘未被使用,任何 Linux 发行版都可以。本教程将使用一台启动到救援系统的 Hetzner 云服务器。.
重要信息
本教程需要您在不同的 chroot 环境中运行命令。这使我们能够将实际的根目录重定向到新的位置,并像启动系统一样运行命令。.
每当我们切换到新的 chroot 环境时,我都会通知您。我还会使用提示文本显示我们当前所在的 chroot 环境。.
- root@rescue ~ #显示一个无需 chroot 即可运行的命令。
- [root@bootstrap /]#它将运行在 Bootstrap 环境中。
- [root@chroot /]#在磁盘上的 Arch Linux 安装目录内
步骤 1 – 设置 Bootstrap 环境
首先,我们将从可信的 Arch Linux 镜像站点下载最新的引导镜像。这将为我们提供安装 Arch 所需的工具。同时,我们还会下载相应的签名文件,并在继续安装之前验证镜像。.
root@rescue ~ # curl -LO 'https://geo.mirror.pkgbuild.com/iso/latest/archlinux-bootstrap-x86_64.tar.zst'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 164M 100 164M 0 0 115M 0 0:00:01 0:00:01 --:--:-- 115Mroot@rescue ~ # curl -LO 'https://archlinux.org/iso/latest/archlinux-bootstrap-x86_64.tar.zst.sig'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 331 100 331 0 0 4728 0 --:--:-- --:--:-- --:--:-- 4728root@rescue ~ # gpg --keyserver keyserver.ubuntu.com --keyserver-options auto-key-retrieve --verify archlinux-bootstrap-x86_64.tar.zst.sig
gpg: Signature made Sun 01 Sep 2024 02:43:27 PM CEST
gpg: using EDDSA key 3E80CA1A8B89F69CBA57D98A76A5EF9054449A5C
gpg: issuer "[email protected]"
gpg: key 7F2D434B9741E8AC: public key "Pierre Schmitz <[email protected]>" imported
gpg: key 76A5EF9054449A5C: public key "Pierre Schmitz <[email protected]>" imported
gpg: Total number processed: 2
gpg: imported: 2
gpg: no ultimately trusted keys found
gpg: Good signature from "Pierre Schmitz <[email protected]>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 3E80 CA1A 8B89 F69C BA57 D98A 76A5 EF90 5444 9A5C如果没有出现错误,我们就可以继续解压图像了。.
root@rescue ~ # tar xf archlinux-bootstrap-x86_64.tar.zst
tar: Ignoring unknown extended header keyword 'LIBARCHIVE.xattr.security.capability'
tar: Ignoring unknown extended header keyword 'LIBARCHIVE.xattr.security.capability'解压后,我们需要将目录挂载到本地。这样做是为了防止 PackStrap 认为设备上没有剩余空间。.
root@rescue ~ # mount --bind root.x86_64 root.x86_64
步骤 2 – 创建启动盘并安装 Arch Linux
从现在开始,我们需要在刚刚搭建好的引导环境中进行操作。我们使用 arch-chroot 来实现这一点。
root@rescue ~ # ./root.x86_64/usr/bin/arch-chroot root.x86_64
首先我们需要对磁盘进行分区。这里我将使用 gdisk,但您也可以使用任何其他支持 GPT 分区的工具。不过,gdisk 并未安装在引导镜像中。为此,我们首先需要配置一个镜像并设置 pacman 密钥,然后再安装 gdisk:
[root@bootstrap /]# echo 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' > /etc/pacman.d/mirrorlist
[root@bootstrap /]# pacman-key --init
gpg: /etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/etc/pacman.d/gnupg/openpgp-revocs.d/AFB2F3A83C28CC51C20E0752282AC1A0C5C2A266.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u[root@bootstrap /]# pacman-key --populate archlinux
==> Appending keys from archlinux.gpg...
==> Locally signing trusted keys in keyring...
-> Locally signed 5 keys.
==> Importing owner trust values...
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: setting ownertrust to 4
gpg: inserting ownertrust of 4
gpg: setting ownertrust to 4
==> Disabling revoked keys in keyring...
-> Disabled 45 keys.
==> Updating trust database...
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected
gpg: (use option "--allow-weak-key-signatures" to override)
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 5 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1 valid: 5 signed: 101 trust: 0-, 0q, 0n, 5m, 0f, 0u
gpg: depth: 2 valid: 77 signed: 22 trust: 77-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2024-11-09[root@bootstrap /]# pacman --noconfirm -Sy gdisk
现在我们可以开始对磁盘进行分区了。Hetzner 云服务器出厂时仅配备一块磁盘,该磁盘名为 /dev/sda。您的磁盘名称可能不同,因此请务必相应地调整命令。请注意,此操作将删除所有分区,因此分区上的所有数据都将丢失。.
我们的分区方法非常简单。至少需要一个启动分区(1MB大小)和一个根分区(在本例中为硬盘的剩余空间)。.
[root@bootstrap /]# gdisk /dev/sda
GPT fdisk (gdisk) version 1.0.10
Partition table scan:
MBR: protective
BSD: not present
APM: not present
GPT: present
Found valid GPT with protective MBR; using GPT.
Command (? for help): o
This option deletes all partitions and creates a new protective MBR.
Proceed? (Y/N): y
Command (? for help): n
Partition number (1-128, default 1):
First sector (34-40001502, default = 2048) or {+-}size{KMGTP}:
Last sector (2048-40001502, default = 39999487) or {+-}size{KMGTP}: +1M
Current type is 8300 (Linux filesystem)
Hex code or GUID (L to show codes, Enter = 8300): ef02
Changed type of partition to 'BIOS boot partition'
Command (? for help): n
Partition number (2-128, default 2):
First sector (34-40001502, default = 4096) or {+-}size{KMGTP}:
Last sector (4096-40001502, default = 39999487) or {+-}size{KMGTP}:
Current type is 8300 (Linux filesystem)
Hex code or GUID (L to show codes, Enter = 8300):
Changed type of partition to 'Linux filesystem'
Command (? for help): w
Final checks complete. About to write GPT data. THIS WILL OVERWRITE EXISTING
PARTITIONS!!
Do you want to proceed? (Y/N): y
OK; writing new GUID partition table (GPT) to /dev/sda.
The operation has completed successfully.然后我们将根分区格式化为 ext4 文件系统:
[root@bootstrap /]# mkfs.ext4 /dev/sda2
mke2fs 1.47.1 (20-May-2024)
/dev/sda2 contains a vfat file system
Proceed anyway? (y,N) y
Discarding device blocks: done
Creating filesystem with 4999424 4k blocks and 1250928 inodes
Filesystem UUID: c14d23b8-5754-49bc-bc27-d1cb48bd76e3
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done然后我们将其挂载到 /mnt 目录,并从中生成 fstab 文件:
[root@bootstrap /]# mount /dev/sda2 /mnt
[root@bootstrap /]# genfstab -U /mnt >> /etc/fstab现在我们可以通过pacstrap安装Arch Linux。我们不妨借此机会安装OpenSSH,因为稍后我们需要它来连接服务器。安装过程可能需要一些时间,具体取决于您的网络速度和磁盘空间。.
[root@bootstrap /]# pacstrap -G -M /mnt base grub linux linux-firmware openssh
==> Creating install root at /mnt
==> Installing packages to /mnt
:: Synchronizing package databases...
core 117.2 KiB 514 KiB/s 00:00 [########################################] 100% extra 7.4 MiB 37.0 MiB/s 00:00 [########################################] 100%resolving dependencies...
:: There are 2 providers available for libxtables.so=12-64:
:: Repository core
1) iptables 2) iptables-nft
Enter a number (default=1):
:: There are 3 providers available for initramfs:
:: Repository core
1) mkinitcpio
:: Repository extra
2) booster 3) dracut
Enter a number (default=1):
looking for conflicting packages...
[...]
Total Download Size: 520.45 MiB
Total Installed Size: 992.49 MiB
[...]
(13/13) Reloading system bus configuration...
Skipped: Running in chroot.步骤 3 – Arch Linux 的最终安装
现在我们可以退出引导环境,并将根目录切换到已安装的系统,以完成引导:
[root@bootstrap /]# exit
root@rescue ~ # ./root.x86_64/usr/bin/arch-chroot root.x86_64/mnt我们再次从配置镜像和初始化pacman密钥开始:
[root@chroot /]# echo 'Server = https://geo.mirror.pkgbuild.com/$repo/os/$arch' > /etc/pacman.d/mirrorlist
[root@chroot /]# pacman-key --init
[root@chroot /]# pacman-key --populate archlinux现在是时候在你的硬盘上安装引导加载程序了。
[root@chroot /]# grub-install /dev/sda
Installing for i386-pc platform.
Installation finished. No error reported.
[root@chroot /]# grub-mkconfig -o /boot/grub/grub.cfg
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-linux
Found initrd image: /boot/initramfs-linux.img
Found fallback initrd image(s) in /boot: initramfs-linux-fallback.img
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
Adding boot menu entry for UEFI Firmware Settings ...
done该网络将由 systemd-networkd 管理。要启用它,我们需要创建文件 /etc/systemd/network/ether.network,并添加以下内容:
cat << EOF > /etc/systemd/network/ether.network
[Match]
Type=ether
[Network]
DHCP=yes
EOF这将配置所有以太网网络接口以启用 DHCP 服务。.
现在我们启用所需服务:
[root@chroot /]# systemctl enable systemd-networkd
Created symlink '/etc/systemd/system/dbus-org.freedesktop.network1.service' → '/usr/lib/systemd/system/systemd-networkd.service'.
Created symlink '/etc/systemd/system/multi-user.target.wants/systemd-networkd.service' → '/usr/lib/systemd/system/systemd-networkd.service'.
Created symlink '/etc/systemd/system/sockets.target.wants/systemd-networkd.socket' → '/usr/lib/systemd/system/systemd-networkd.socket'.
Created symlink '/etc/systemd/system/sysinit.target.wants/systemd-network-generator.service' → '/usr/lib/systemd/system/systemd-network-generator.service'.
Created symlink '/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service' → '/usr/lib/systemd/system/systemd-networkd-wait-online.service'.
[root@chroot /]# systemctl enable systemd-resolved
Created symlink '/etc/systemd/system/dbus-org.freedesktop.resolve1.service' → '/usr/lib/systemd/system/systemd-resolved.service'.
Created symlink '/etc/systemd/system/sysinit.target.wants/systemd-resolved.service' → '/usr/lib/systemd/system/systemd-resolved.service'.最后,我们需要通过 SSH 访问系统。为此,只需在 `/root/.ssh/authorized_keys` 目录下创建一个授权密钥文件,并将您的 SSH 公钥写入其中。请务必启用 sshd 服务,否则重启后 SSH 服务器将无法启动。.
[root@chroot /]# mkdir /root/.ssh
[root@chroot /]# echo "<your-ssh-pub-key>" >> /root/.ssh/authorized_keys
[root@chroot /]# systemctl enable sshd
Created symlink '/etc/systemd/system/multi-user.target.wants/sshd.service' → '/usr/lib/systemd/system/sshd.service'.现在我们可以退出 chroot 环境并重启系统。几秒钟后,你的服务器应该已经在新安装的 Arch Linux 系统上运行,并且可以通过 SSH 使用你的公钥在 22 端口访问。.
结果
恭喜!您的服务器上现在已经安装了最小化的 Arch Linux 系统。接下来,您可以开始安装其他服务,例如 Docker、nginx、K8S 等。.
