Ros Rolling
ros-rolling Host Configuration
Role: ROS development on Arch Linux Platform: x86_64-linux
This document describes the manual installation and configuration of the ros-rolling host, which runs a rolling Arch Linux distribution optimized for ROS (Robot Operating System) development.
ROS on rolling archlinux
1 Pre-installation
1.1 Acquire an installation image and verify signature
wget -c https://mirrors.tuna.tsinghua.edu.cn/archlinux/iso/latest/archlinux-2025.03.01-x86_64.iso
wget -c https://mirrors.tuna.tsinghua.edu.cn/archlinux/iso/latest/archlinux-2025.03.01-x86_64.iso.sig
gpg --keyserver-options auto-key-retrieve --verify archlinux-2025.03.01-x86_64.iso.sig
# pacman-key -v archlinux-2025.03.01-x86_64.iso.sig1.2 Prepare an installation medium
1.3 Boot the live environment
1.4 Set the console keyboard layout and font
localectl list-keymaps
loadkeys us
setfont ter-132b1.5 Verify the boot mode
cat /sys/firmware/efi/fw_platform_size1.6 Connect to the internet
ip link
ping archlinux.org
wpa_supplicant -i<wlan_interface> \
-s -u -Dnl80211,wext \
-c /etc/wpa_supplicant.conf \
-I wpa_supplicant.conf
# or
iwctl --passphrase <psk> station <device> connect <SSID>1.7 Update the system clock
timedatectl set-ntp true
timedatectl1.8 Partition the disks
1.8.1 Partitioning the disk
# list disk
fdisk -l
parted /dev/nvme0n1 -- mklabel gpt
parted /dev/nvme0n1 -- mkpart ESP fat32 1MiB 2048MiB
parted /dev/nvme0n1 -- mkpart primary 2048MiB 100%
parted /dev/nvme0n1 -- set 1 esp on1.8.2 Encrypting the root partition
# show disk status
lsblk
# encrypt the root partition with luks2 and argon2id
# will prompt for a passphrase
# which will be used to unlock the partition
cryptsetup luksFormat \
--type luks2 --cipher aes-xts-plain64 \
--hash sha512 --iter-time 5000 \
--key-size 256 --pbkdf argon2id \
--use-random --verify-passphrase /dev/nvme0n1p2
# show status
cryptsetup luksDump /dev/nvme0n1p2
# open(unlock) the device with the passphrase you just set
cryptsetup luksOpen /dev/nvme0n1p2 cryptroot
# show disk status
lsblk1.8.3 Formating and mount
# EFI 和 ESP 是两种常见的命名习惯,但功能上无本质差异。
## EFI(Extensible Firmware Interface)通常指代 UEFI 固件接口。
## ESP(EFI System Partition)是 UEFI 规范中系统分区的正式名称。
## 操作系统和引导程序通常通过文件系统类型(FAT32)和分区类型 GUID
## (如 C12A7328-F81F-11D2-BA4B-00A0C93EC93B)识别 EFI 系统分区,而非卷标名称。
## 无论是 EFI 还是 ESP 卷标,只要分区格式化为 FAT32 并正确挂载到 /boot/efi(或 /efi)
## 均可作为 UEFI 系统分区使用。
## 若需修改卷标,可使用 fatlabel 工具(无需重新格式化):
```sh
fatlabel /dev/nvme0n1p1 ESP#mkfs.fat -F32 -n EFI /dev/nvme0n1p1
mkfs.fat -F32 -n ESP /dev/nvme0n1p1
# format the root partition with btrfs and label it
mkfs.btrfs -L cryptroot /dev/mapper/cryptroot
# mount the root partition and create subvolumes
mount /dev/mapper/cryptroot /mnt
## @root:名称中直接包含 "root",明确表示该子卷用于系统的根目录(/)。
## @:短名称,通过约定俗成表示根目录,常见于标准化配置中。
#btrfs subvolume create /mnt/@
btrfs subvolume create /mnt/@root
btrfs subvolume create /mnt/@home
btrfs subvolume create /mnt/@nix
btrfs subvolume create /mnt/@guix
btrfs subvolume create /mnt/@persist
btrfs subvolume create /mnt/@tmp
btrfs subvolume create /mnt/@swap
btrfs subvolume create /mnt/@snapshots
chattr +C /mnt/@tmp
umount /mnt
# Enable zstd compression to:
# 1. Reduce the read/write operations, which helps to:
# 1. Extend the life of the SSD.
# 2. improve the performance of disks with low IOPS / RW throughput, such as HDD and SATA SSD.
# 2. Save the disk space.
# Unlock: sudo /lib/systemd/systemd-cryptsetup attach cryptroot /dev/nvme0n1p2 - fido2-device=auto
mount -o defaults,compress-force=zstd:1,noatime,subvol=@root /dev/mapper/cryptroot /mnt
mkdir -p /mnt/{home,nix,gnu,tmp,swap,persist,snapshots}
mount -o defaults,compress-force=zstd:1,noatime,subvol=@home /dev/mapper/cryptroot /mnt/home
mount -o defaults,compress-force=zstd:1,noatime,subvol=@nix /dev/mapper/cryptroot /mnt/nix
mount -o defaults,compress-force=zstd:1,noatime,subvol=@guix /dev/mapper/cryptroot /mnt/gnu
mount -o defaults,compress-force=zstd:1,subvol=@tmp /dev/mapper/cryptroot /mnt/tmp
mount -o defaults,subvol=@swap /dev/mapper/cryptroot /mnt/swap
mount -o defaults,compress-force=zstd:1,noatime,subvol=@persist /dev/mapper/cryptroot /mnt/persist
mount -o defaults,compress-force=zstd:1,noatime,subvol=@snapshots /dev/mapper/cryptroot /mnt/snapshots
mount /dev/nvme0n1p1 /mnt/boot
# create a swapfile on btrfs file system
# This command will disable CoW / compression on the swap subvolume and then create a swapfile.
# because the linux kernel requires that swapfile must not be compressed or have copy-on-write(CoW) enabled.
btrfs filesystem mkswapfile --size 96g --uuid clear /mnt/swap/swapfile
# check whether the swap subvolume has CoW disabled
# the output of `lsattr` for the swap subvolume should be:
# ---------------C------ /swap/swapfile
# if not, delete the swapfile, and rerun the commands above.
lsattr /mnt/swap
# mount the swapfile as swap area
swapon /mnt/swap/swapfile2 Installation
2.1 Select the mirrors
2.2 Install essential packages
pacstrap -K /mnt base linux linux-firmware intel-ucode btrfs-progs3 Configure the system
3.1 Fstab
genfstab -U /mnt >> /mnt/etc/fstab3.2 Chroot
arch-chroot /mnt3.3 Time
ln -sf /usr/share/zoneinfo/Region/Hong_Kong /etc/localtime
hwclock --systohc3.4 Localization
locale-gen
echo LANG=en_US.UTF-8 > /etc/locale.conf
echo KEYMAP=us > /etc/vconsole.conf
echo FONT=ter-132b >> /etc/vconsole.conf3.5 Network configuration
echo ros-rolling > /etc/hostname3.6 Password
passwd root3.7 Base software
pacman -Syu openssh networkmanager base-devel vim sbctl efibootmgr terminus-font3.8 Update initramfs, kernel cmdline
vim /etc/mkinitcpio.conf
# HOOKS=(base systemd udev autodetect modconf kms keyboard sd-vconsole block sd-encrypt filesystems fsck)
vim /etc/kernel/cmdline
# fbcon=nodefer rw rd.luks.allow-discards cryptdevice=/dev/disk/by-uuid/YOUR_DEVICE_UUID:system bgrt_disable root=LABEL=system rootflags=subvol=@,rw splash vt.global_cursor_default=0
vim /etc/crypttab.initramfs
# system /dev/disk/by-uuid/YOUR_DEVICE_UUID none timeout=1803.9 sbctl
sbctl create-keys3.10 Create the initramfs image
vim /etc/mkinitcpio.d/linux.preset
# default_config
# fallback_config
# default_uki
# fallback_uki
mkdir -P /efi/EFI/Linux
mkinitcpio -P3.11 Add boot item
efibootmgr --disk /dev/nvme0n1 --part 4 --create --label "Arch Linux" --loader "\EFI\Linux\arch-linux.efi"3.11 Add bootloader
title Arch Linux
linux /vmlinuz-linux
initrd /initramfs-linux.img
options rd.luks.name=<Your-UUID>=luks root=/dev/mapper/luks rootflags=subvol=@ rd.luks.options=<Your-UUID>=fido2-device=auto,discard rw4 Reboot
exit
umount /mnt/swap
umount -R /mnt
reboot5 Secure Boot
Go to UEFI setting, reset Secure Boot mode to Setup Mode, then go to system
sbctl enroll-keys -mcftThen reboot, enable Secure Boot
6 TPM + PIN
sudo systemd-cryptenroll --wipe-slot tpm2 --tpm2-device auto --tpm2-pcrs 7 --tpm2-with-pin=yes /dev/nvme0n1p27 Disk auto scrub
# Scrub 对整个文件系统进行检查,而非单个子卷。故而我们只需要对挂载点 / 进行配置即可。
sudo systemctl enable $(systemd-escape [email protected] --path /)8 Post-installation
8.1 Install KDE desktop
pacman -S plasma-meta sddm konsole dolphin kwrite ark
systemctl enable sddm8.2 Input method
sudo pacman -S fcitx5-im fcitx5-chinese-addons fcitx5-rimeReference
- https://wiki.archlinux.org/title/User:ZachHilman/Installation_-_Btrfs_%2B_LUKS2_%2B_Secure_Boot
- https://gist.github.com/mjkstra/96ce7a5689d753e7a6bdd92cdc169bae
- https://gist.github.com/Raymo111/5771e425d6e0b9b095660696b92e1a3e
- https://alampy.com/2024/03/23/arch-luks2-installation-notes/
- https://blog.azurezeng.com/archlinux-windows11-dual-boot-notes-1/
- https://viflythink.com/New-Install-Arch/