Installing Arch Linux on a Raspberry Pi
ArchLinux
=========
https://archlinuxarm.org/platforms/armv6/raspberry-pi
https://archlinuxarm.org/platforms/armv7/broadcom/raspberry-pi-2
https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-3
https://archlinuxarm.org/platforms/armv8/broadcom/raspberry-pi-4
===============================================================================================================
Installation via an existing Linux system!
bsdtar --version
[root@sandbox ~]# bsdtar --version bsdtar 3.1.2 - libarchive 3.1.2
wget https://www.libarchive.org/downloads/libarchive-3.4.0.zip
./configure
make
make install
/usr/local/bin/bsdtar --version
Replace sdX in the following instructions with the device name for the SD card as it appears on your computer.
Start fdisk to partition the SD card:
fdisk /dev/sdX
At the fdisk prompt, delete old partitions and create a new one:
Type o. This will clear out any partitions on the drive.
Type p to list partitions. There should be no partitions left.
Type n, then p for primary, 1 for the first partition on the drive, press ENTER to accept the default first sector, then type +200M for the last sector.
Type t, then c to set the first partition to type W95 FAT32 (LBA).
Type n, then p for primary, 2 for the second partition on the drive, and then press ENTER twice to accept the default first and last sector.
Write the partition table and exit by typing w.
Create and mount the FAT filesystem:
mkfs.vfat /dev/sdX1
mkdir boot
mount /dev/sdX1 boot
Create and mount the ext4 filesystem:
mkfs.ext4 /dev/sdX2
mkdir root
mount /dev/sdX2 root
Download and extract the root filesystem (as root, not via sudo):
wget http://os.archlinuxarm.org/os/ArchLinuxARM-rpi-latest.tar.gz
/usr/local/bin/bsdtar -xpf ArchLinuxARM-rpi-latest.tar.gz -C root
#bsdtar -xpf ArchLinuxARM-rpi-latest.tar.gz -C root
sync
Move boot files to the first partition:
mv root/boot/* boot
sync
Unmount the two partitions:
umount boot root
Insert the SD card into the Raspberry Pi, connect ethernet, and apply 5V power.
Use the serial console or SSH to the IP address given to the board by your router.
Login as the default user alarm with the password alarm.
The default root password is root.
Initialize the pacman keyring and populate the Arch Linux ARM package signing keys:
pacman-key --init
pacman-key --populate archlinuxarm
=====================================================================================================================================================
==================================================================================================================
===================================
Username: alarm
Password: alarm (initial password)
Username: root
Password: root (initial password)
===================================
pacman-key --init
pacman-key --populate archlinuxarm
pacman -Syu
Install a package:
pacman -S package_name
To remove a single package, leaving all of its dependencies installed:
pacman -R package_name
Pacman can search for packages in the database, searching both in packages' names and descriptions:
pacman -Ss string1 string2 ...
To search for already installed packages:
pacman -Qs string1 string2 ...
Update&upgrade:
pacman -Syu
#pacman --noconfirm -Syyu
pacman --noconfirm -S autoconf gcc glibc make openssl wget perl gettext net-snmp perl-net-snmp automake autoconf libmcrypt openssl unzip apache php gd traceroute php-apache libmariadbclient dnsutils openssh sudo inetutils cronie man-db man-pages s-nail
pacman --noconfirm -S git dstat lsof ethtool nmap arp-scan zip unzip bc sysstat nmon speedtest-cli msmtp msmtp-mta mailutils mutt wiringpi iperf screen expect
mandb
#Remove the alarm user & group (already using 1000)
groupadd -g 1001 pi
useradd -u 1001 -g pi -G adm,wheel,users -c "Default pi user" -d /home/pi -m pi
passwd pi
Update: /etc/sudoers
EXTRA LINE: alarm ALL=(ALL) NOPASSWD: ALL
Disable direct root login (not with keys):
passwd root
passwd alarm
systemctl get-default
systemctl set-default multi-user.target
hostnamectl set-hostname sandbox
ssh-keygen
cd .ssh
vi authorized_keys
chmod 400 authorized_keys
(Connect via ssh from remote system)
cat unix4life:/root/.ssh/id_rsa.pub > sandbox:/root/.ssh/authorized_keys
> /etc/motd
vi /etc/systemd/network/eth0.network
[Match]
Name=eth0
#[Network]
#DHCP=yes
#DNSSEC=no
[Network]
Address=192.168.178.###/24
Gateway=192.168.178.1
DNS=208.67.222.222
DNS=208.67.220.220
[root@sandbox ~]#
vi /etc/sysctl.d/40-ipv6.conf
# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.eth0.disable_ipv6 = 1
systemctl restart systemd-sysctl.service
systemctl enable cronie
#Add: ipv6.disable=1 & audit=0
vi /boot/cmdline.txt
root=/dev/mmcblk0p2 rw rootwait console=ttyAMA0,115200 console=tty1 selinux=0 plymouth.enable=0 smsc95xx.turbo_mode=N dwc_otg.lpm_enable=0 kgdboc=ttyAMA0,115200 elevator=noop ipv6.disable=1 (audit=0 ??)
vi /etc/hosts (disable all ip6 lines)
timedatectl set-timezone Europe/Amsterdam
shutdown -r now
==================================================================================================================
vi /etc/systemd/system/rclocal.service
[Unit]
Description=rclocal
[Service]
ExecStart=/etc/rc.local
[Install]
WantedBy=multi-user.target
systemctl enable rclocal.service
vi /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
touch /forcefsck
echo 100 > /sys/devices/system/cpu/cpufreq/ondemand/sampling_down_factor
echo performance > /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor
sleep 5
mount -t tmpfs -o size=10M tmpfs /var/log/sysstat/
#echo "0" > /sys/bus/w1/devices/w1_bus_master1/w1_master_search
sleep 10
sync;sync; echo 1 > /proc/sys/vm/drop_caches
exit 0
chmod 755 /etc/rc.local
==================================================================================================================
==================================================================================================================
vi /etc/ssh/sshd_config
ChallengeResponseAuthentication no
UsePAM no
VersionAddendum none
Banner none
systemctl restart sshd
=========================================================================================================
NRPE/NSCA client:
groupadd -g 5666 nagios
useradd -u 5666 -g nagios -c "Nagios user for monitoring" -d /usr/local/nagios -m nagios
mkdir /usr/local/nagios
mkdir /usr/local/nagios/etc
mkdir /usr/local/nagios/etc/inputs
mkdir /usr/local/nagios/tmp
mkdir /usr/local/nagios/bin
mkdir /usr/local/nagios/libexec
mkdir /usr/local/nagios/libexec/ak72
mkdir /usr/local/nagios/var
mkdir /usr/local/nagios/var/tmp
chown -R nagios:nagios /usr/local/nagios
Nagios plugins:
tar zxvf nagios-plugins-2.3.3.tar.gz
cd ../nagios-plugins-2.#.#
./configure --with-nagios-user=nagios --with-nagios-group=nagios
make
make install
cp -p /usr/local/nagios/libexec/check_http /usr/local/nagios/libexec/check_https
NRPE Client:
tar zxvf nrpe-4.#.#.tar.gz
./configure
make all
make install
make install-config
make install-init
(/lib/systemd/system/nrpe.service)
systemctl enable nrpe
systemctl start nrpe
NSCA Client:
tar zxvf nsca-2.#.#.tar.gz
./configure
make all
#cp -p src/nsca /usr/local/nagios/bin/
#chown nagios:nagios /usr/local/nagios/bin/nsca
cp -p src/send_nsca /usr/local/nagios/libexec/
chown nagios:nagios /usr/local/nagios/libexec/send_nsca
#cp -p sample-config/nsca.cfg /usr/local/nagios/etc/
#chown nagios:nagios /usr/local/nagios/etc/nsca.cfg
#chmod 600 /usr/local/nagios/etc/nsca.cfg
scp -p unix4life:/usr/local/nagios/libexec/send_nsca.cfg <remotehost>:/usr/local/nagios/libexec/send_nsca.cfg
scp -p unix4life:/usr/local/nagios/etc/nrpe.cfg sandbox:/usr/local/nagios/etc/
scp -p -r unix4life:/usr/local/nagios/libexec/eventhandlers sandbox:/usr/local/nagios/libexec/
scp -p -r unix4life:/usr/local/nagios/libexec/ak72 sandbox:/usr/local/nagios/libexec/
chown -R nagios:nagios /usr/local/nagios
==================================================================================================================
Configure the bootloader to enable the i2c hardware by appending to /boot/config.txt:
dtparam=i2c_arm=on
#dtparam=i2s=on
dtparam=spi=on
dtoverlay=dht11,gpiopin=4
Rsyslog config
vi /etc/rsyslog.conf => is now done via /etc/systemd/journald.conf
vi /etc/systemd/journald.conf
#Storage=none
MaxLevelStore=warning
MaxLevelSyslog=warning
MaxLevelKMsg=warning
MaxLevelConsole=warning
vi /etc/audit/auditd.conf
#write_logs = yes
write_logs = no
log_file = /var/log/audit/audit.log
service auditd reload
scp -p unix4life:/root/Check_cache_memory.ksh sandbox:
Crontab:
crontab crontab_sandbox
crontab -l
==================================================================================================================
sysstat
#http://pagesperso-orange.fr/sebastien.godard/
#tar xf sysstat.....xz
#cd sysstat...
#./configure --prefix=/usr
#make
#make install
mkdir /var/log/sysstat
ln -s /usr/lib/sa /usr/lib/sysstat
scp -p unix4life:/etc/cron.d/sysstat sandbox:/etc/cron.d/
scp -p unix4life:/etc/cron.daily/sysstat sandbox:/etc/cron.daily/
scp -p unix4life:/etc/sysstat/sysstat sandbox:/etc/conf.d/
(in /etc/rc.d/rc.local enable the mount command)
mount -t tmpfs -o size=10M tmpfs /var/log/sysstat/
sleep 1
#restorecon /var/log/sysstat => Important SELinux!!!
==================================================================================================================
Configure mail:
touch /etc/msmtprc
chmod 640 /etc/msmtprc
vi /etc/msmtprc
# Gmail specifics
# Accounts will inherit settings from this section
defaults
auth on
tls on
tls_certcheck off
# tls_trust_file /etc/ssl/certs/ca-certificates.crt
logfile /var/log/msmtp.log
aliases /etc/aliases
# Gmail specifics
account gmail
host smtp.gmail.com
port 587
from <info@FQDN>
user <Username>@gmail.com
password <Password>
# Default
account default : gmail
=============================================================================================================================
MariaDB (mysql):
pacman --noconfirm -S mariadb mariadb-clients
mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
systemctl enable/start mariadb
#firewall-cmd --permanent --add-service mysql
vi /etc/my.cnf
mysql_secure_installation
Enter current password for root (enter for none):
Switch to unix_socket authentication [Y/n] Y
Change the root password? [Y/n] Y
New password: (........)
Re-enter new password: (........)
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
mysql -u root -h localhost -p
mkdir /var/log/mariadb
chown mysql:mysql /var/log/mariadb
vi /etc/my.cnf.d/server.cnf
[mariadb]
log_error=/var/log/mariadb/mariadb.log
systemctl restart mariadb
Apache HTTPD:
##yum install httpd mod_ssl mod_wsgi mod_php php-mysql
pacman --noconfirm -S apache php php-apache libmariadbclient
systemctl enable/start httpd
vi /etc/httpd/conf/httpd.conf
#Place at the end of the module load:
#LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#Place this at the end of the LoadModule list:
LoadModule php7_module modules/libphp7.so
AddHandler php7-script .php
#Place this at the end of the Include list:
Include conf/extra/php7_module.conf
Restart httpd.service using systemd.
firewall-cmd --zone=public --permanent --add-service http
firewall-cmd --zone=public --permanent --add-service https
#firewall-cmd --zone=public --add-port=http/tcp --permanent
#semanage fcontext –a –t httpd_sys_content_t ‘/dir/subdir(/.*)?’
#restorecon –Rv /dir
#cd /etc/pki/tls/certs (example-ca.crt & webapp5.crt)
#cd /etc/pki/tls/private (webapp5.key ;chmod 400)
#Andere poort: semanage port –a –t http_port_t –p tcp 444 firewall-cmd --permanent --add-port 444/tcp
vi /srv/http/phpinfo.php
<?php
// Show all information, defaults to INFO_ALL
phpinfo();
// Show just the module information.
// phpinfo(8) yields identical results.
phpinfo(INFO_MODULES);
?>
##########TOT HIER##################
=======================================================================================================================================
/opt/vc/bin/vcgencmd measure_temp
temp=49.8'C
GPIO
To be able to use the GPIO pins from Python, use the RPi.GPIO library. Install the python-raspberry-gpio package from the AUR.
SPI
To enable the /dev/spidev* devices, uncomment the following line in /boot/config.txt:
device_tree_param=spi=on
I2C
Install i2c-tools and lm_sensors packages.
Configure the bootloader to enable the i2c hardware by appending to /boot/config.txt:
dtparam=i2c_arm=on
#dtparam=i2s=on
dtparam=spi=on
dtoverlay=dht11,gpiopin=4
Configure the i2c-dev and i2c-bcm2708 (if not blacklisted for the camera) modules to be loaded at boot in /etc/modules-load.d/raspberrypi.conf:
i2c-dev i2c-bcm2708
Reboot the Raspberry Pi and issue the following command to get the hardware address:
i2cdetect -y 0
Note: When using the I2C1 port instead of I2C0, one will need to run i2cdetect -y 1 instead and replace i2c-0 with i2c-1 in the following steps.
Now instantiate the device. Change the hardware address to the address found in the previous step with '0x' as prefix (e.g. 0x48) and choose a device name:
echo <devicename> <hardware address> >/sys/class/i2c-adapter/i2c-0/new_device
Check dmesg for a new entry:
i2c-0: new_device: Instantiated device ds1621 at 0x48
Finally, read the sensor output: sensors
1-WIRE
To enable the 1-wire interface add this line to /boot/config.txt and reboot. dtoverlay=w1-gpio