# Archlinux解決方案
###### tags: `Archlinux`
## Archinstall
> archinstall
目前使用2024.07打包的版本,已經改版相當穩定好用
## Archinstall無線網路設定方式
> iwctl
> station wlan0 scan
> station wlan0 connect APNAME
## 安裝yay
> sudo pacman -S base-devel git
> git clone https://aur.archlinux.org/yay-git.git
> cd yay
> makepkg -si
## 安裝輸入法fcitx
1. 選擇輸入法
使用fcitx5才能完整在kde環境使用
2. 安裝
> sudo pacman -S fcitx5-im
> sudo pacman -S fcitx5-chewing fcitx5-table-extra
> yay -S fcitx5-input-support
[參考](https://wiki.archlinuxcn.org/zh-tw/Fcitx5)
## 安裝輸入法ibus,ibus-chewing
> sudo pacman -S ibus ibus-chewing
可安裝gnome extension Customize iBus做一些優化
## 中文化
目前gnome支援很好,重點在安裝字型
## 自然人憑證與讀卡機
1. 下載跨平台元件
(內政部跨平台元件下載連結)[https://moica.nat.gov.tw/rac_plugin.html]
2. 解壓縮後,將start.sh可當作程式執行
3. 執行跨平台元件服務
> /home/ted/下載/HiPKILocalSignServerApp/HiPKILocalSignServer
> Server has started at 127.0.0.1:61161
4. 安裝smart card相關元件
安裝ccid opensc pcsc-tools
[參考文件](https://wiki.archlinux.org/title/Smartcards#Installation)
5. 啟動服務
> systemctl start/enable pcscd.service
6. 測試環境
> [http://localhost:61161/selfTest.htm](http://localhost:61161/selfTest.htm)
## 截圖與螢幕錄影
1. 截圖
以下為KDE的工具:
> sudo pacman -S flameshot
> sudo pacman -S spectacle
gnome可以使用內建的
2. 螢幕錄影
> yay -S wayfarer-git
## virtualbox 核心與usb讀取問題
> sudo pacman -S virtualbox-host-modules-arch
> modprobe vboxdrv
> sudo usermod -aG vboxusers ted
https://wiki.archlinux.org/title/VirtualBox
## 藍牙環境
預設藍牙服務沒有開,請記得啟用bluetooth 服務
> sudo systemctl enable bluetooth.service
> sudo systemctl start bluetooth.service
### 無法傳檔案:
> sudo pacman -S bluez-obex
## pacman 更新來源排序
reflector套件
[ArchWiki說明](https://wiki.archlinux.org/title/Reflector)
[更新來源排序](https://discovery.endeavouros.com/pacman/automatically-ranking-the-mirror-list/2021/03/)
[手動修改](https://archlinux.org/mirrorlist/)
## 字型問題
noto-fonts-cjk
adobe-source-han-sans-tw-fonts
yay -S ttf-tw
//教育部字型
目前發現flatpak安裝以下軟體會有字型問題,建議以下軟體改用yay或pacman安裝
- firefox
- brave-bin
- joplin-appimage
- spotify-launcher
[字型下載參考文章](https://key.chtouch.com/cv.aspx?p=2688)
## 內接硬碟自動掛載
> pacman -S arch-install-scripts //取得genfstab指令
> genfstab -L /run //取得uuid
> nano /etc/fstab //將掛載資料附加上去即可完成
這部份請注意,一定要寫好,不然重開機讀取到錯誤的掛載資訊會無法正常啟動,就要到grub直接改/etc/fstab
## brave或chromium瀏覽器無法上傳檔案
- 使用brave或chromium無法經由網頁上傳檔案,測試結果是kde設定為英文語系,然後路徑有中文
1. 先檢查語系有沒有問題
2. 安裝kdewallet跟kdewalletmanager
## 手機畫面同步到筆電
> sudo pacman -S scrcpy
以下是scrcpy官網提供免usb就可以連線的方式:
1. Plug the device into a USB port on your computer.
2. Connect the device to the same Wi-Fi network as your computer.
3. Get your device IP address, in Settings → About phone → Status, or by executing this command:
> adb shell ip route | awk '{print $9}'
4. Enable adb over TCP/IP on your device:
> adb tcpip 5555.
注意,如果手機重開機,要從這個步驟開始
5. Unplug your device.
6. Connect to your device:
> adb connect DEVICE_IP:5555
> (replace DEVICE_IP with the device IP address you found).
9. Run scrcpy as usual.
> scrcpy -e
10. Run adb disconnect once you're done.
> adb disconnect
### Turn screen off
It is possible to turn the device screen off while mirroring on start with a command-line option:
> scrcpy --turn-screen-off
> scrcpy -S # short version
請注意,如果要維持螢幕關閉,必須先解鎖螢幕後,再連線
所以推薦的指令為:
> scrcpy -Swe
w:keep awake
S:keey screen of
e:connect from tcpip
注意:如果手機沒有接usb,是用tcpip,那keep awake就沒效
If the device is not plugged in (i.e. only connected over TCP/IP), --stay-awake has no effect (this is the Android behavior).
可以增加-t 用來顯示touch的指標
-f則是全螢幕
### Rotation
Alt+r
[參考資料](https://github.com/Genymobile/scrcpy/blob/master/doc/control.md)
## 網路管理相關指令
> sudo pacman -S net-tools
## heif格式問題
請安裝kimageformats與libheif
> pacman -S kimageformats libheif
[參考Reddit說明](https://www.reddit.com/r/kde/comments/s4bres/heifheic_support_in_dolphingwenview/)
## KDE看圖軟體
> pacman -S gwenview
## NTFS問題
> pacman -S ntfs-3g
## firmware更新
> sudo pacman -S fwupd
> sudo fwupdmgr refresh
> sudo fwupdmgr update
# 調整Grub
> sudo nano /etc/default/grub
> Add set GRUB_TIMEOUT_STYLE=hidden.
To remind you use Ctrl+O to save and Ctrl+X to exit the nano editor.
Update the GRUB config:
> sudo grub-mkconfig -o /boot/grub/grub.cfg
# 清除系統
清除家目錄快取
> sudo du -sh ~/.cache/
> rm -rf ~/.cache/*
清除沒有人用的套件
> sudo pacman -Rns $(pacman -Qtdq)
清除pacman快取
> sudo pacman -Sc
或是用官方指令清除
> sudo pacman -S pacman-contrib
> sudo paccache -r
移除group
> sudo pacman -Rs gnome
上例為移除整個gnome套件,也一同移除其他軟體不會用到的相依套件
# Kwallet解密問題
不使用密碼,改使用gpg加密金鑰
> gpg --full-generate-key
安裝Kleopatra管理gpg金鑰
> sudo pacman -S kleopatra
取消密語(謹慎使用)
新增kwallet錢包,使用gpg加密
# Appimage
libreoffice跟Logseq都有出官方釋出的Appimage
appimage比flatpak檔案小,不過缺點就是暫時找不到比較持續更新的appimage store(不如flatpak有redhat 陣營的hub,不過實際比較,appimage跟flathub差不多,都還是比pacman緩慢),所以目前使用libreoffice是很棒,可以自動更新,但其他應用程式則是看有無官方版本的,如果沒有官方的,建議是不要使用
不過如果要跟桌面系統整合,建議安裝appimagelauncher
> yay -S appimagelauncher
記得初始化要指向appimage集中存放的路徑
[Libreoffice appimage下載](https://www.libreoffice.org/download/appimage/)
# Cockpit
使用cockpit管理虛擬主機、podman、log
> pacman -S cockpit cockpit-podmam cockpit-machines cockpit-storaged cockpit-pcp
cockpit-machines:虛擬主機
cockpit-storaged:掛載
cockpit-pcp:metric,需要啟動pmlogger服務
# File-Roller或Ark裡頭檔案亂碼問題
經測試安裝AUR unzip-natspec即可正常解壓縮,gnome用file roller,kde用ark
# Firewall-cmd語法
注意,firewalld跟docker container與host之間的連線會有bug,建議改用ufw
[firewall-cmd設定方式](https://hoohoo.top/blog/firewalld-firewall-installation-allow-disable-ip-port-usage-introduction/)
查看目前防火牆名單
> firewall-cmd --list-all
查看詳細內容
> firewall-cmd --list-rich-rules
重新載入防火牆規則
每次重新設定防火牆後,firewalld 並不會自動生效,需要透過 reload 重新載入規則讓設定生效
> firewall-cmd --reload
GUI 設定畫面
> firewall-config
# VirtIO Driver for windows guest share folder
[參考資料](https://pve.proxmox.com/wiki/Windows_VirtIO_Drivers)
# 使用wayland造成sddm重開機會hang
請改用sddm-git
[參考說明](https://wiki.archlinux.org/title/SDDM)
# 修改cockpit的預設port
1. mkdir /etc/systemctl/system/cockpit.socket.d
2. nano /etc/systemd/system/cockpit.socket.d/listen.conf
```
[Socket]
ListenStream=
ListenStream=127.0.0.1:9091
FreeBind=yes
```
3. systemctl daemon-reload
4. systemctl restart cockpit.socket
# kdeconnect 無法連線
ufw
If your firewall is ufw, you can open the necessary ports with:
> sudo ufw allow 1714:1764/udp
> sudo ufw allow 1714:1764/tcp
> sudo ufw reload
[參考](https://userbase.kde.org/KDEConnect)
# zsh改造
[參考文件](https://www.linuxfordevices.com/tutorials/linux/make-arch-terminal-awesome)
> sudo pacman -S zsh
安裝zsh
> chsh
調整預設的shell,記得kconsole也要調整
> sh -c "$(curl -fsSL https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"
安裝套件
> git clone --depth=1 https://github.com/romkatv/powerlevel10k.git ${ZSH_CUSTOM:-$HOME/.oh-my-zsh/custom}/themes/powerlevel10k
安裝主題
> nano .zshrc
> “ZSH_THEME” (Mostly on line 11). The default value is "robbyrussell“, change it to "powerlevel10k/powerlevel10k".
離開後,重新進入zsh,會開始設定主題
> git clone https://github.com/zsh-users/zsh-autosuggestions.git $ZSH_CUSTOM/plugins/zsh-autosuggestions
> git clone https://github.com/zsh-users/zsh-syntax-highlighting.git $ZSH_CUSTOM/plugins/zsh-syntax-highlighting
> nano .zshrc
> plugins=(git zsh-autosuggestions zsh-syntax-highlighting)
設定外掛
> ENABLE_CORRECTION="true
啟動自動修正
# Flatpak 安裝後無法執行,出現ldconfig 256 錯誤
先嘗試使用指令執行
> flatpak list
> flatpak APP_ID
就會出現以下提示:
```
flatpak run org.kde.gwenview
bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces.
On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
錯誤: ldconfig 失敗,離開狀態為 256
```
> sudo sysctl kernel.unprivileged_userns_clone=1
即可正常執行flatpak的應用程式
不過這只能暫時啟用,如果重開機又不行了
# Gnome shell extension
安裝gnome-browser-connector,就可以直接用firefox或chrome相關的瀏覽器直接管理gnome擴充元件
> yay -S gnome-browser-connector
# Gnome 沒有thumbnail
因為使用linux-hardened,需要針對bubblewrap套件改用bubblewrap-suid
> sudo pacman -S bubblewrap-suid
即可排除
[參考來源](https://bbs.archlinux.org/viewtopic.php?id=266953)
# 安裝特定repos套件
sudo pacman -S unstable-gnome/gnome
To remove a single package, leaving all of its dependencies installed:
# 移除的各種作法
## pacman -R package_name
To remove a package and its dependencies which are not required by any other installed package:
> pacman -Rs package_name
Warning: When removing a group, such as gnome, this ignores the install reason of the packages in the group, because it acts as though each package in the group is listed separately. Install reason of dependencies is still respected.
The above may sometimes refuse to run when removing a group which contains otherwise needed packages. In this case try:
> pacman -Rsu package_name
To remove a package, its dependencies and all the packages that depend on the target package:
Warning: This operation is recursive, and must be used with care since it can remove many potentially needed packages.
> pacman -Rsc package_name
To remove a package, which is required by another package, without removing the dependent package:
Warning: The following operation can break a system and should be avoided. See System maintenance#Avoid certain pacman commands.
> pacman -Rdd package_name
Pacman saves important configuration files when removing certain applications and names them with the extension: .pacsave. To prevent the creation of these backup files use the -n option:
> pacman -Rn package_name
# Logseq
```
FATAL:http://setuid_sandbox_host.cc(158)] The SUID sandbox
helper binary was found, but is not configured correctly.
Rather than run without sandboxing I'm aborting now. You need
to make sure that /home/user/Desktop/candy/source/build
/linux-unpacked/chrome-sandbox is owned by root and has mode
4755.
```
sudo chown root $CHROME-SANDBOX-PATH/chrome-sandbox && sudo chmod 4755 $CHROME-SANDBOX-PATH/chrome-sandbox
# 更換kernel
sudo grub-mkconfig -o /boot/grub/grub.cfg
https://zhuanlan.zhihu.com/p/599669994
# Secure Boot的解決方案
[解決方法](https://www.cnblogs.com/wswind/p/archlinux-secure-boot.html)
> sudo pacman -S grub efibootmgr
> sudo grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
https://razonyang.com/zh-hans/archlinux-guide/grub/
## 重新安装 Grub
grub-install --target=x86_64-efi --efi-directory=esp --bootloader-id=GRUB --modules="tpm" --disable-shim-lock
## 生成启动项
grub-mkconfig -o /boot/grub/grub.cfg
## 安装 sbctl (Secure Boot配置工具)
pacman -S sbctl
## 下面的命令执行前需要在 BIOS 的 UEFI 配置中,设置 Secure Boot 为 Setup 模式,文末有图。
## 重启后校验是否进入进入了安装模式
sbctl status
## 创建 keys
sbctl create-keys
## 使用微软的CA证书注册 keys
sbctl enroll-keys -m
## enroll-keys 会提示一些 efivars 不可写
## 通过 chattr -i 修改后再次执行 enroll-keys
chattr -i /sys/firmware/efi/efivars/<filename>
## 查看状态
sbctl status
## 检测状态,会看到启动项未签名
sbctl verify
## 启动项签名
sbctl sign -s /boot/EFI/GRUB/grubx64.efi
## 检测状态,会看到启动项已签名
sbctl verify
## 重启,并在 UEFI 中开启 Secure Boot
## 再次查看状态
sbctl status
https://www.cnblogs.com/wswind/p/archlinux-secure-boot.html
# gnome extension
目前嘗試安裝gnome-browser-connector 套件,還是常常無法抓到
建議直接安裝manager
[官方連結](https://wiki.gnome.org/action/show/Projects/GnomeShellIntegration/Installation?action=show&redirect=Projects%2FGnomeShellIntegrationForChrome%2FInstallation)
# Docker Rootless
You must install newuidmap and newgidmap on the host. These commands are provided by the uidmap package on most distros.
/etc/subuid and /etc/subgid should contain at least 65,536 subordinate UIDs/GIDs for the user. In the following example, the user testuser has 65,536 subordinate UIDs/GIDs (231072-296607).
id -u
whoami
grep ^$(whoami): /etc/subuid
grep ^$(whoami): /etc/subgid
>sudo pacman -S fuse-overlayfs.
Add kernel.unprivileged_userns_clone=1 to /etc/sysctl.conf (or /etc/sysctl.d) and run sudo sysctl --system
> curl -fsSL https://get.docker.com/rootless | sh
> export PATH=/home/USERNAME/bin:$PATH
> export DOCKER_HOST=unix:///run/user/1000/docker.sock
https://docs.docker.com/engine/security/rootless/
如果rootless有異常,建議移除再安裝即可
systemctl --user stop docker
rm -f /home/ted/bin/dockerd
curl -fsSL https://get.docker.com/rootless | sh
# gnome 無法登入wayland
出現以下問題
org.gnome.Shell@wayland.service: Skipped due to 'exec-condition'
解決方法:
先移除nvidia所有相關的套件,再重新安裝,會看到一些提示訊息
If you run into trouble with CUDA not being available, run nvidia-modprobe first.
If you use GDM on Wayland, you might have to run systemctl enable --now nvidia-resume.service
記得要照著做,才可以正常運作
後來我是安裝nvidia-open
cuda有套件無法下載,只能等archlinux解決
```
gcc12-12.2.1-1-x86_64.pkg.tar.zst 下載失敗
```
## 套件audit工具
https://archlinux.org/packages/community/x86_64/arch-audit/
https://www.netadmin.com.tw/netadmin/zh-tw/technology/7E5B845FA29B449BA8AFF55AC81CA8B0
dnssec
https://wiki.archlinux.org/title/Systemd-resolved
設定完成後請啟用
sudo systemctl start systemd-resolved.service
systemd-analyze security
https://towardsdev.com/linux-hardening-systemd-services-8742eaa1a645
## 使用Linux-hardened kernel後,docker rootless問題的解決方法
https://wiki.archlinux.org/title/security#Sandboxing_applications
bubblewrap-suid與GUI設定工具
https://github.com/igo95862/bubblejail
## user management linux stop job too long
A workaround to this problem is to reduce this timeout in /etc/systemd/system.conf down from 90s to for example 10s:
DefaultTimeoutStopSec=10s
and run the following command in terminal after making changes
$ systemctl daemon-reload
## Gnome擴充套件
sudo pacman -S gnome-browser-connector
即可使用瀏覽器安裝
# 備份策略
針對毀損可能性來擬定備份還原機制
快照限制:必須相同的fs,如使用btrfs,快照的媒介就要格式化為btrfs
備份什麼:基本上快照就不看快照什麼,但備份就要挑選,可以參考鳥哥的教學
不備份的如下:
/dev:動態的device
/mnt:掛載的裝置
/proc:記憶體的東西
/run:動態的東西
/srv:
/tmp:
/media
/sys:
我會選擇備份的有:
/bin:執行檔
/home:很多設定都在這
/lib64
/var:log還有套件下載檔案
/boot:開機必要的東西
/etc
/lib
/opt
/root
/sbin
/usr
如果快照不能,資料也有,其實使用備份的可能性就不太高,因為一些動態資料還原後還是很難確認已經到什麼階段了,所以會再準備自動安裝指令,提供當系統故障時,打算乾脆重新安裝,要如何自動化
archlinux使用archinstall --dry-run,並將設定檔放到usb安裝媒體上
以下是preinstall script
sudo archinstall --config user_configuration.json --creds user_credentials.json --disk_layouts user_disk_layout.json
事先安裝的套件有 firefox libreoffice-fresh libreoffice-fresh-zh-tw docker code gthumb file-roller git base-devel arch-install-scripts scrcpy ntfs-3g fwupd ufw gnome-browser-connector noto-fonts-cjk adobe-source-han-sans-tw-fonts adobe-source-han-serif-tw-fonts
https://archinstall.readthedocs.io/installing/guided.html
後面是postinstall script
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si
yay -S python-validity brave-bin joplin-appimage spotify-launch ttf-tw
sudo systemctl enable python3-validity
sudo systemctl enable bluetooth.service
sudo systemctl start bluetooth.service
curl -fsSL https://get.docker.com/rootless | sh
export PATH=/home/USERNAME/bin:$PATH
export DOCKER_HOST=unix:///run/user/1000/docker.sock
因為安裝後會回到fakeroot畫面,可以執行script,所以後面一些可以指令化的都會寫成script
無法弄的就是firefox登入跟bitwarden登入、joplin密碼與onedrive登入、spotify登入、code擴充套件、docker rootless設定、gnome擴充套件與設定
```
/etc/ 整個目錄
/home 整個目錄
/var/spool/mail
/boot
/root
如果您自行安裝過其他的套件,那麼 /usr/local/ 也最好備份一下!
from https://linux.vbird.org/linux_basic/mandrake9/0580backup.php
```
1. 日常資料備份
儲存區塊分成兩種,高度異動與低度異動,系統因為常更新,所以放ssd,資料則放到hdd,因為同時兩顆掛的機率低,hdd就當備份硬碟
- 快照:每天
- 備份:每週
- 異機備份:每月
- 還原測試:想到的時候
2. 異動造成毀損
- 使用快照優先還原
3. 硬體造成毀損
- 快照就沒辦法了,就要改用hdd備份還原
4. 重新安裝
-
## btrfs備份與snapshot、btrbk
https://linuxhint.com/back_up_btrfs_snapshots_external_drives/
https://github.com/digint/btrbk
## rsync備份(天荒地老很難用)
rsync
https://blog.gtwang.org/linux/rsync-local-remote-file-synchronization-commands/
https://blog.longwin.com.tw/2018/12/rsync-scp-exclude-file-dir-copy-destination-2018/
https://linux.vbird.org/linux_basic/mandrake9/0580backup.php
## 在archlinux上格式化usb stick到可以在windows環境使用
fdisk /dev/sdX
d->n->0b->w
sudo pacman -S dosfstools
sudo mkfs.vfat /dev/sdX1
https://blog.longwin.com.tw/2023/06/linux-fdisk-windows-fat32-vfat-type-2023/
Sign in with Wallet
Connect another wallet