Arch Linux
I'm currently playing with https://archlinux.org/ to see if it will fit my needs (simple customizable and fast Linux distribution without containers - because containers are another threat to freedom).
Currently I use openSUSE 15.4 + XFCE4 as main GUI. But I'm more more and more scared by
Which locks everything and forces users to use selected container registries (bye bye freedom of choice)...
So in future I will have only 2 options:
- Use Linux distribution that will keep using packages - currently Debian and/or Arch and several others (but the list is slowly shrinking) to avoid container trap pursued by Canonical (snap), RedHat (flatpack) and SUSE (what's name?)
- Switch to FreeBSD, NetBSD or OpenBSD - there is additional benefit that there is no systemd. Especially systemd case is painful remainder to all its preachers that it is necessary for Unix system to work - so how could BSDs run without systemd? Miracle?
Several complex packages are missing or challenging on Arch Linux:
-
GitLab - no official Omnibus packages, you have to carefully follow custom installation guide at: https://wiki.archlinux.org/title/GitLab
Update: I did it (with small changes regarding new sidekiq-cluster startup). But later found that https://gitlab.archlinux.org does NOT use that package. They rather use Docker image - see https://gitlab.archlinux.org/archlinux/infrastructure/-/blob/master/roles/gitlab/tasks/main.yml?ref_type=heads#L13
-
OpenStack - installation (Host!) is entirely missing as one can see an empty chapter: https://wiki.archlinux.org/title/OpenStack#Deploy_OpenStack (all remainder of Wiki describes Guest images, but not Host installation). There are several AUR packages at the begining, but without guide you are done.
Pacman is Arch Linux's Package manager. Nice feature is that it is fast.
- To update all packages:
pacman -Syu
- To search for package starting with
vim:pacman -Ss ^vim
- To install
vim package:pacman -S vim
- To install
vimpackage and dependencies, but avoid reinstall of already present packages:pacman -S --needed vim
- To list all files owned by
alsa-utilspackage:pacman -Ql alsa-utils
Various things I install:
sudo pacman -S --needed lsof curl wget mc vim wget tmuxTo have SMB client install
sudo pacman -S --needed smbclientHowever there is missing /etc/samba/smb.conf as pointed out on:
- https://bbs.archlinux.org/viewtopic.php?id=234432
- you can download it using:
cd curl -fsSL 'https://git.samba.org/samba.git/?p=samba.git;a=blob_plain;f=examples/smb.conf.default;hb=HEAD' > smb.conf
- and install:
sudo mkdir -p /etc/samba sudo cp smb.conf /etc/samba
- in my case I need to enable NT1 protocol to connect to very old NAS:
diff -u /etc/samba/smb.conf{.orig,} --- /etc/samba/smb.conf.orig 2023-06-07 12:44:39.969302787 +0200 +++ /etc/samba/smb.conf 2023-06-07 12:46:08.328958183 +0200 @@ -21,6 +21,8 @@ # #======================= Global Settings ===================================== [global] +client min protocol = NT1 +server min protocol = NT1 # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH workgroup = MYGROUP
- and test it:
smbclient -N -L IP_OF_YOUR_SMB_SERVER
Many packages are available on 3rd party repositories
called Arch User Repository (AUR)
for various reasons (for example license).
I will show example for streamripper (it allows saving songs
from Internet radios).
As can be easily googled it is available only on AUR:
So now we have to follow https://wiki.archlinux.org/title/Arch_User_Repository to setup our Arch linux for building package from AUR repositories:
First we have to install development package and git:
sudo pacman -S --needed base-devel devtools gitNow checkout our AUR package:
mkdir -p ~/aur
cd ~/aur
git clone https://aur.archlinux.org/streamripper.git
cd streamripperEnsure there is PKGBUILD file and run build:
ls -l PKGBUILD
makepkg -cs --nosign- confirm installation of dependencies.
- after a while package should be build:
ls -og *.zst -rw-r--r-- 1 81618 Jun 7 11:08 streamripper-1.64.6-4-x86_64.pkg.tar.zst - and install it:
sudo pacman -U streamripper-1.64.6-4-x86_64.pkg.tar.zst
- and command like this should start saving radio streams (see Audio section below):
cd streamripper http://stream.antenne.de:80/heavy-metal # it should create folder named by your RADIO station and store streamed MP3s there
To see all your pacman installation command history try this:
grep PACMAN /var/log/pacman.logBy default IPv6 announces your MAC based address (which is perfect for tracking your PC around whole Internet). To use rather temporary IPv6 address you have to follow https://wiki.archlinux.org/title/IPv6#Privacy_extensions
In my case I created file /etc/sysctl.d/40-ipv6.conf with contents:
# replace MAC based IPv6 addresses with temporary IP addresses
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.eth0.use_tempaddr = 2
And reloaded it with systemctl restart systemd-sysctl
NF tables is replacement of all existing Linux kernel firewalls (iptables, ip6tables, ebtables,...). It is poorly documented (as most stuff today) with rather incomplete examples.
WARNING!
Direct use of nftables (
/etc/nftables.conf) clashes with libvirt - you have to rather usefirewalldpackage that is well integrated with libvirt.
To use nftables on Arch Linux you have to install first:
pacman -S nftablesHere is my /etc/nftables.conf for workstation - based on Arch's original:
table inet filter
delete table inet filter
table inet filter {
chain input {
type filter hook input priority filter
policy drop
ct state invalid log prefix "[NFT] Input INVALID: " \
drop comment "early drop of invalid connections"
# allow DHCPv4 server -> client
udp dport 68 ct state { new, untracked } accept
# allow DHCPv6 server -> client
udp dport 546 ct state { new, untracked } accept
ct state {established, related} accept comment "allow tracked connections"
iifname lo accept comment "allow from loopback"
ip protocol icmp accept comment "allow icmp"
meta l4proto ipv6-icmp accept comment "allow icmp v6"
tcp dport ssh accept comment "allow sshd"
counter log prefix "[NFT] Input DROP: " drop
}
chain forward {
type filter hook forward priority filter
policy drop
counter log prefix "[NFT] Forward DROP: " drop
}
}
WARNING! Above configuration will not work if you will use libvirt (there are needed many rules for libvirt's NAT network, etc...)
Known features:
- intentionally dropping IPv4 multicasts (224.0.0.1) - I have no use for them
Known bugs:
- dropping some IPv6 multicasts - not yet resolved
To test it you need to run as root:
/usr/sbin/nft -cf /etc/nftables.confWhen you are ready, enable and start nftables service:
systemctl enable --now nftablesYou can reload it any time with:
/usr/sbin/nft -f /etc/nftables.confMy plan is to evaluate Arch Linux as standard X-Window workstation with sound video, Firefox, LibreOffice - to see how it will compare to existing openSUSE 15.4. I will use XFCE on both environments.
Let's start with sound card support - on kernel side, today standard is ALSA (which replaced OSS some time ago). Following https://wiki.archlinux.org/title/ALSA we have to:
pacman -S alsa-utilsTo list available sound cards you can use:
aplay -L
null
Discard all samples (playback) or generate zero samples (capture)
default:CARD=NVidia_1
HDA NVidia, ALC883 Analog
Default Audio Device
sysdefault:CARD=NVidia_1
HDA NVidia, ALC883 Analog
Default Audio Device
...Default is usually fine.
Now you have to add yourself to group audio using command like:
sudo /usr/sbin/usermod -G audio -a $USER- and logout/login (you can also use
newgrp audiobut it has side effects)
Setting default volume:
-
ALSA is "kind" to mute Master volume by default - so you will here nothing...
-
on 1st terminal run some kind of sound generator
# random noise generator speaker-test # play samples while true;do aplay /usr/share/sounds/alsa/*.wav;done
-
on 2nd terminal run
alsamixerand:- press
Munmute Master channelMMshould change toOO - press
Uparrow to set desired volume - when done press ESC once
- press
-
now you can abort sound/noise generator on 1st terminal using Ctrl-C
-
to store settings we have to follow https://unix.stackexchange.com/questions/210113/default-sound-volume-for-all-alsa-devices and run:
sudo alsactl store
Usefull CLI sound application:
-
mp3 player for both local files and streamed (shoutcast) mp3:
pacman -S mpg123
-
to play streamed mp3 radio you can do this:
-
point your browser to radio list, for example on:
-
download Winamp list (pls) - and extract suitable URL from that list.
-
in my case I can run:
mpg123 http://stream.antenne.de:80/heavy-metal
-
there is also great program to save songs from radio:
-
please see section on AUR on this wiki, how to build and install AUR streamripper package.
Please note that situation is much worse on X-Windows side, because:
- Gnome pushed their own
esounddaemon as new standard, how should X-apps access sound device (to solve problem with exclusive device access) - also KDE pushed their own
artssound daemon (of course incompatible withesound) - later there was another innovation -
Pulse Audio - and now we have another innovation
Pipe Wire
So far it seems that most X-apps prefer Pulse Audio with fallback do direct access to
kernel ALSA device. However nobody knows for how long.
Once we have working Audio we can install X-Window GUI system.
NOTE: For people from Microsoft OS it may look confusing, becasue:
- X-Server is the main process that provides GUI for applications
- X-app is client application that connects to GUI X-Server - using DISPLAY environment variable.
So first we have to find X-Server that will work with our graphics card and install start scripts. We have to follow: https://wiki.archlinux.org/title/Xorg
First we have to know what king of graphics card we have, in my case:
lspci -v | grep -A1 -e VGA -e 3D
06:00.0 VGA compatible controller: NVIDIA Corporation GT218 [GeForce 210] (rev a2) (prog-if 00 [VGA controller])
Subsystem: ZOTAC International (MCO) Ltd. GeForce 210 1GB [Synergy Edition]As pointed out you have 2 choices regarding nVidia:
- using proprietary closed-source drivers (this is generally issue because significant portion is in Linux kernel)
- using open-source 2D driver - my case
Here is command to install opens-source 2D driver for nVidia:
sudo pacman -S --needed xf86-video-nouveauAll X-server installations also needs common X-server package:
sudo pacman -S --needed xorg-serverWe now have 2 choices how to run X-Window:
- using GUI login manager that always starts when system boots (original was called XDM - X-Window Display Manager)
- using
startxscript
I prefer later option - because sometimes I simply don't need local GUI (or I will do ssh -Y and run command
remotely). So we have to follow: https://wiki.archlinux.org/title/Xinit
sudo pacman -S --needed xorg-xinitNow we need to install suitable Window Manager or whole environment - I always vote for XFCE. So we have to follow: https://wiki.archlinux.org/title/Xfce
For the first time I will install both xfce4 and additions:
pacman -S --needed xfce4 xfce4-goodies
# I always press ENTER to accept default options
# It will install around 500MB of filesNow we have to modify session startup script /etc/X11/xinit/xinitrc this way:
diff -u /etc/X11/xinit/xinitrc{.orig,}
--- /etc/X11/xinit/xinitrc.orig 2023-06-07 11:29:18.176548108 +0200
+++ /etc/X11/xinit/xinitrc 2023-06-07 11:30:07.213023532 +0200
@@ -48,8 +48,8 @@
unset f
fi
-twm &
-xclock -geometry 50x50-1+1 &
-xterm -geometry 80x50+494+51 &
-xterm -geometry 80x20+494-0 &
-exec xterm -geometry 80x66+0+0 -name login
+/usr/bin/xfce4-terminal &
+exec /usr/bin/startxfce4
+# here we will get only in case of failure
+exit 1
+To start X-Window:
- login on LOCAL console as non-root user
- run
startx - after a while you should see
xfce4-terminal - few seconds later XFCE4 Window manager with menus should initialize
If you are lucky you can test 3D graphics:
sudo pacman -S --needed mesa-demosAnt try something famous - for example gears (you can use Arrows keys
to rotate view and ESC to quit) or also famous teapot.
There is already installed Thunar file manager (included with XFCE). To support:
- MTP (Android devices connected via USB)
- SMB (Windows shares)
We have to install Gnome VFS packages:
pacman -S --needed gvfs-mtp gvfs-smb- WARNING! You may need to restart whole system in some cases so Thunar will now support
smb://...or some gvfsd services.
New we will gradually add various components to have comfort X-Environment
Installing additional fonts: I tried:
# traditonal X-Window fonts
pacman -S --needed xorg-font-util xorg-fonts-100dpi xorg-fonts-75dpi xorg-fonts-misc xorg-fonts-type1
# various fixed size fonts for terminals
pacman -S --needed terminus-font
pacman -S --needed ttf-fantasque-sans-mono ttf-fira-mono ttf-jetbrains-mono ttf-monofur ttf-monoid
pacman -S --needed otf-crimson-pro ttf-anonymous-pro ttf-crimson-proBest PDF viewer:
sudo pacman -S --needed evinceWARNING! Latest Evince has annoying "popup" feature. As true Gnome application it can't be disabled:
WinAmp like player:
pacman -S --needed qmmpTo install right Firefox + uBlock plugin we may follow:
pacman -S --needed firefox firefox-ublock-originWARNING! If you install firefox-developer-edition you will need
to install external plugins - those one provided packages (for example above
firefox-ublock-origin will not work, becasue there is different path:
- plugin packages install into
/usr/lib/firefox/browser/extensions/ - but
firefox-developer-editionuses/usr/lib/firefox-developer-edition/browser/....
To be able to download videos from various sites (that are flooded with ads and thus unusable):
sudo pacman -S --needed ffmpeg yt-dlpNOTE: yt-dlp is not X-Windows application - you can happily use it even from CLI
TODO: Proper audio support - testing:
sudo pacman -S --needed pulseaudio-alsa pavucontrolIf you like GUI for SMART disk utility (smartctl on CLI) you can install:
sudo pacman -S --needed gsmartcontrolNow something controversial: There are some websites and applications that do not work under Firefox (Teams, Skype) or have issues under Firefox (tme.eu e-shop). For such cases I have to install Chromium (open-source base for Chrome):
sudo pacman -S --needed chromiumIf you clone or transfer Arch filesystem to another hardware or another filesystem you have
to regenerate initrd with additional -P (presets) option, e.g., mkinitcpio -P
- Infrastructure
- nice overview: https://wiki.archlinux.org/title/DeveloperWiki:Staff_Services
- key project with ansible roles: https://gitlab.archlinux.org/archlinux/infrastructure
- creating custom packages (TODO)
Copyright © Henryk Paluch. All rights reserved.
