I've been tinkering with the Raspberry Pi again, this time it's all about Arch Linux.
Well besides from my desire to tinker, Arch actually makes a great deal of sense for the Raspberry PI, especially if you're wanting to make the most of the PI's limited resources or exposing any part of it to the Internet. The Arch Way means that Arch is very lean, with only the essentials provided. This makes it comparatively easy on system resources, unless of course you decide to install something resource hungry. Arch's approach also means that there's nothing on there to expose your system, unless you put it there, and you have to get down and dirty with the command line straight off the bat. There is no pretty GUI provided to simplify matters, unless you install one yourself. Because of this you really have no choice but to learn how the system works as you set it up. As you set up and maintain Arch you will gradually become more aware of exactly what’s going on in your system, therefore using Arch will force you to think about how to best make use of the PI.
The other things Arch brings to the table is it's lack of a traditional release cycle and the Pacman package manager. The lack of a traditional release cycle means updates come out when they're ready, so Arch is always up to date. Pacman makes it easy to install packages, or even build your own.
Arch Linux for Raspberry PI is based on Arch Linux for ARM, which is a slightly different beast to regular Arch Linux. However most of the tutorials on the Arch Wiki still apply, so there are plenty of resources around to help you.
First things first, follow the instructions here: http://archlinuxarm.org/platforms/armv6/raspberry-pi to get Arch Linux onto your Raspberry PI.
Once you've installed Arch the next thing you'll want to do is log into it, I'm running it headless so I went straight in via SSH:
myraspberry.pi is either the IP address or fully qualified domain name of your PI. If you don't know the IP address of your PI your router will be able to tell you, alternatively you could just plug a monitor and keyboard into your PI.
The default password is root, as a bare minimum you'll want to change that straight away. You'll also want to resize the Raspberry PI partition to make full use of your SD card (the images default to 2GB).
Resizing the Raspberry PI partition
Some of the other Raspberry PI friendly distributions handle the resizing for you. Arch being Arch you have to do it yourself. First take a look at your partitions:
Then using fdisk:
You'll see three partitions, we need to delete the second partition. In fdisk enter the following:
Command (m for help): d Partition number (1,2,5, default 5): 2 Partition 2 is deleted
That's 'd' for delete followed by '2' for partition 2, which also kills partition 5. Next, still in fdisk, we need to create a new larger extended partition:
Command (m for help): n Partition type: p primary (1 primary, 0 extended, 3 free) e extended Select (default p): e Partition number (2-4, default 2): 2
The 'n' command sets up a new partition then you select an extended partition 'e' and number it '2' as per the old partition. Then just accept the defaults to maximise the partition on your SD card, make sure to check that the new partition starts on the same block as the old one did. Now we need to recreate the logical partition:
Command (m for help): n Partition type: p primary (1 primary, 1 extended, 2 free) l logical (numbered from 5) Select (default p): l Adding logical partition 5
'n' for new, 'l' for logical and number it partition '5'. Again just pick the default values for size, and check the partition starts on the same block as the old one. With that done finally we write our changes to disk.
Command (m for help): w The partition table has been altered!
Reboot the system to make sure the changes stick:
After the system's restarted we can do the the real legwork of the resizing:
and that's all there is to it, you should now be using the full extent of your SD card's storage.
Set the Hostname
To change the name for your RaspberryPi, you can edit the /etc/hostname and /etc/hosts files:
Then edit following, replacing yourhostname with your new host name:
127.0.0.1 localhost.localdomain localhost yourhostname
Change the Root password
Then set your new password at the resultant prompt, something nice and long. However, personally I prefer to disable root and use sudo with a different user.
Adding a new user
To add a new user you need to run the
useradd command. Make sure to give your new user a suitable name (replace mypiuser with your username) and set a password for it:
useradd -m -g users -s /bin/bash -G wheel,audio,games,lp,optical,power,scanner,storage,video my_pi_user passwd my_pi_user
In order to grant the new user
sudo access we first need to install
sudo, before installing sudo you may need to update Arch:
Then you can install
pacman -S sudo
Then we add the new user to the sudoers file, you should edit the sudoers file with the
visudo command (the Arch Wiki recommends that you should you should always use
visudo for editing the sudoers file in order to "prevent errors"):
To allow the new user to
sudo, you can either add just the user, e.g.:
## ## User privilege specification ## root ALL=(ALL) ALL my_pi_user ALL=(ALL) ALL
or add one of the groups the user belongs to, if you're using all the groups in my example user above you can just un-comment the following line:
# %wheel ALL=(ALL) ALL
%wheel ALL=(ALL) ALL
Once you've tested out your new user and their sudoing abilities I personally like to disable the root account:
passwd -l root
Though this isn't necessarily recommended by the Arch Wiki. It really depends on what you're doing with Arch as to whether or not disabling root will be a problem, but I look at it this way: You can always re-enable root if it is a problem, and disabling root is usually the first thing anyone recommends you do to any Linux distribution you're connecting to the internet. If you do have issues after disabling root just re-enable it with:
sudo passwd -u root
You'll want to use SSH because it's possibly the most useful thing in ever, but it's something you need to make sure is secure. I recommend disabling password access and using keys instead, for example a nice long RSA key:
ssh-keygen -t rsa -b 4096
But if your infrastructure is happy with it you may be better off going with an Elliptic Curve Digital Signature Algorithm (ECDSA) key e.g.
ssh-keygen -t ecdsa -b 521
Which allows smaller key sizes for equivalent security to DSA and RSA. You could also use “dsa” instead of the “rsa” after the -t to generate a DSA key. The number after -b specifies the key length in bits, though if you're using DSA you can only have up to 2048 bits.
If your key file is
~/.ssh/id_rsa.pub (i.e. the default) you can simply enter the following command to copy your key to the remote machine:
and you're all set to login via SSH using your new key:
ssh -i .ssh/id_rsa email@example.com
Next you need to think about securing things a bit. You should secure the authorized_keys file, and personally I always disable password logins. You might also want to prevent root logon via SSH and if you opt not to use keys you should make sure that you to protect against brute force attacks.
That covers the basics, you should now have a good starting point for doing something more exciting like:
- Setting up an encrypted tunnel, useful for staying secure when connecting to the internet via public or similarly untrustworthy Wi-Fi connections.
- Setting up a webserver, just remember you'll want a firewall too if you're staring to open ports up to the internet.
- Adding a desktop, everyone likes a GUI. Right?