Arch Linux on the Raspberry Pi

I've been tinkering with the Raspberry Pi again, this time it's all about Arch Linux.

Why Arch?

Well besides from my desire to tinker, Arch actually makes a great deal of sense for the Raspberry PI, especially if you're wanting to make the most of the PI's limited resources or exposing any part of it to the Internet. The Arch Way means that Arch is very lean, with only the essentials provided. This makes it comparatively easy on system resources, unless of course you decide to install something resource hungry. Arch's approach also means that there's nothing on there to expose your system, unless you put it there, and you have to get down and dirty with the command line straight off the bat. There is no pretty GUI provided to simplify matters, unless you install one yourself. Because of this you really have no choice but to learn how the system works as you set it up. As you set up and maintain Arch you will gradually become more aware of exactly what’s going on in your system, therefore using Arch will force you to think about how to best make use of the PI.

The other things Arch brings to the table is it's lack of a traditional release cycle and the Pacman package manager. The lack of a traditional release cycle means updates come out when they're ready, so Arch is always up to date. Pacman makes it easy to install packages, or even build your own.

Arch Linux for Raspberry PI is based on Arch Linux for ARM, which is a slightly different beast to regular Arch Linux. However most of the tutorials on the Arch Wiki still apply, so there are plenty of resources around to help you.

Getting started

First things first, follow the instructions here: http://archlinuxarm.org/platforms/armv6/raspberry-pi to get Arch Linux onto your Raspberry PI.

Once you've installed Arch the next thing you'll want to do is log into it, I'm running it headless so I went straight in via SSH:

ssh root@myraspberry.pi

Where myraspberry.pi is either the IP address or fully qualified domain name of your PI. If you don't know the IP address of your PI your router will be able to tell you, alternatively you could just plug a monitor and keyboard into your PI.

The default password is root, as a bare minimum you'll want to change that straight away. You'll also want to resize the Raspberry PI partition to make full use of your SD card (the images default to 2GB).

Resizing the Raspberry PI partition

Some of the other Raspberry PI friendly distributions handle the resizing for you. Arch being Arch you have to do it yourself. First take a look at your partitions:

df -h

Then using fdisk:

fdisk /dev/mmcblk0

You'll see three partitions, we need to delete the second partition. In fdisk enter the following:

Command (m for help): d
Partition number (1,2,5, default 5): 2
Partition 2 is deleted

That's 'd' for delete followed by '2' for partition 2, which also kills partition 5. Next, still in fdisk, we need to create a new larger extended partition:

Command (m for help): n   
Partition type:
   p   primary (1 primary, 0 extended, 3 free)
   e   extended
Select (default p): e 
Partition number (2-4, default 2): 2

The 'n' command sets up a new partition then you select an extended partition 'e' and number it '2' as per the old partition. Then just accept the defaults to maximise the partition on your SD card, make sure to check that the new partition starts on the same block as the old one did. Now we need to recreate the logical partition:

Command (m for help): n
Partition type:
   p   primary (1 primary, 1 extended, 2 free)
   l   logical (numbered from 5)
Select (default p): l
Adding logical partition 5

'n' for new, 'l' for logical and number it partition '5'. Again just pick the default values for size, and check the partition starts on the same block as the old one. With that done finally we write our changes to disk.

Command (m for help): w   
The partition table has been altered!

Reboot the system to make sure the changes stick:

reboot

After the system's restarted we can do the the real legwork of the resizing:

resize2fs /dev/mmcblk0p5

and that's all there is to it, you should now be using the full extent of your SD card's storage.

Set the Hostname

To change the name for your RaspberryPi, you can edit the /etc/hostname and /etc/hosts files:

nano /etc/hostname

Then edit following, replacing yourhostname with your new host name:

127.0.0.1 localhost.localdomain localhost yourhostname

to

nano /etc/hosts

Change the Root password

Simply enter:

passwd root

Then set your new password at the resultant prompt, something nice and long. However, personally I prefer to disable root and use sudo with a different user.

Adding a new user

To add a new user you need to run the useradd command. Make sure to give your new user a suitable name (replace mypiuser with your username) and set a password for it:

useradd -m -g users -s /bin/bash -G wheel,audio,games,lp,optical,power,scanner,storage,video my_pi_user
passwd my_pi_user

Use Sudo

In order to grant the new user sudo access we first need to install sudo, before installing sudo you may need to update Arch:

pacman -Syu

Then you can install sudo:

pacman -S sudo

Then we add the new user to the sudoers file, you should edit the sudoers file with the visudo command (the Arch Wiki recommends that you should you should always use visudo for editing the sudoers file in order to "prevent errors"):

visudo

To allow the new user to sudo, you can either add just the user, e.g.:

##
## User privilege specification
##
root ALL=(ALL) ALL
my_pi_user ALL=(ALL) ALL

or add one of the groups the user belongs to, if you're using all the groups in my example user above you can just un-comment the following line:

# %wheel ALL=(ALL) ALL

to leave:

%wheel ALL=(ALL) ALL

Disable root?

Once you've tested out your new user and their sudoing abilities I personally like to disable the root account:

passwd -l root

Though this isn't necessarily recommended by the Arch Wiki. It really depends on what you're doing with Arch as to whether or not disabling root will be a problem, but I look at it this way: You can always re-enable root if it is a problem, and disabling root is usually the first thing anyone recommends you do to any Linux distribution you're connecting to the internet. If you do have issues after disabling root just re-enable it with:

sudo passwd -u root

SSH

You'll want to use SSH because it's possibly the most useful thing in ever, but it's something you need to make sure is secure. I recommend disabling password access and using keys instead, for example a nice long RSA key:

ssh-keygen -t rsa -b 4096

But if your infrastructure is happy with it you may be better off going with an Elliptic Curve Digital Signature Algorithm (ECDSA) key e.g.

ssh-keygen -t ecdsa -b 521

Which allows smaller key sizes for equivalent security to DSA and RSA. You could also use “dsa” instead of the “rsa” after the -t to generate a DSA key. The number after -b specifies the key length in bits, though if you're using DSA you can only have up to 2048 bits.

If your key file is ~/.ssh/id_rsa.pub (i.e. the default) you can simply enter the following command to copy your key to the remote machine:

ssh-copy-id username@remote-server.org

and you're all set to login via SSH using your new key:

ssh -i .ssh/id_rsa my_pi_user@myraspberry.pi

Next you need to think about securing things a bit. You should secure the authorized_keys file, and personally I always disable password logins. You might also want to prevent root logon via SSH and if you opt not to use keys you should make sure that you to protect against brute force attacks.

That covers the basics, you should now have a good starting point for doing something more exciting like: