How do I install Manjaro MATE with LVM on LUKS and dual boot with Windows?

Support
, , ,
61

I made a slight change to the script myself to try and accommodate the encrypted separate LUKS home partition on /dev/sda6 and add basically follow the same process as for the root partition. I know it will wipe the partition but I will have to wipe my existing setup anyway and restore it from my external backup anyway so it will do for now. Could you review the script and let me know if you think it looks ok? Just wanted to give it a try…thanks :slight_smile:

#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <https://www.gnu.org/licenses/>.
#
# Copyright (c) 2021 @linux-aarhus
#
# This script is based on
#    https://forum.manjaro.org/t/root-tip-diy-installer-script-base-sdboot-luks/88502
#
# MODIFIED TO FIT A SPECIFIC FORUM TOPIC
#    https://forum.manjaro.org/t/how-do-i-install-manjaro-mate-with-lvm-on-luks-and-dual-boot-with-windows/87358
#
#  ! IMPORTANT !
#  ! GREAT CARE SHOULD BE EXCERCISED !
#  ! A lot of assumptions are made - please review carefully !
#
#    The script assumes the system is booted using a recent Manjaro Mate ISO
#    The disk is pre-installed using Windows in EFI mode
#    The Manjaro ISO is booted in EFI mode (firmware Legacy boot disabled)
#    The existing Windows EFI partition ($esp) is located at /dev/sda1
#    An empty partition has been created to hold a Linux filesystem (0x8300) as /dev/sda5
#    systemd-boot is installed as bootloader
#
#  ! PLEASE REVIEW THE VARIABLES SECTION !
#  ! AMEND THE VARIABLES AS NECESSARY !
#
 
if [ "$(id -u)" != "0" ]; then
    echo "Please change to root context using su or sudo"
    echo ""
    exit
fi
 
#############################################################
#### VARIABLES SECTION
 
EFI_PART="/dev/sda1"                         # existing Windows $esp
LUKS_PART="/dev/sda5"                        # root partition to hold LUKS container
LUKS_PART2="/dev/sda6"                       # home partition to hold LUKS container
TUSER=vittorio                                # first user == wheel group
TDISPLAYMANAGER=lightdm                      # display manager
KERNEL="5.10"                                # linux kernel number
KERNELPKG=$(echo linux$2 | sed 's/\.//')     # kernel package name
MIRROR='https://mirrors.manjaro.org/repo/'   # build mirror
BRANCH='stable'                            # target branch
TKEYMAP='gb'                                 # target keyboard layout
TLOCALE_CONF='en_GB.UTF-8'                   # target locale.conf
TLOCALE_PRIMARY='en_GB.UTF-8 UTF-8'          # target primary locale
TLOCALE_FALLBACK='en_US.UTF-8 UTF-8'         # target fallback locale
TTIMEZONE='Europe/London                # target timezone
THOSTNAME='manjaro'                          # target hostname
ITER_TIME="10000"                            # luks iteration time
RETRIES="3"                                  # luks decryption retries
BASE_PKGS="base $KERNELPKG mkinitcpio networkmanager bash-completion"
TGROUPS='lp,network,power,wheel'
TSERVICES='bluetooth cronie ModemManager NetworkManager cups tlp tlp-sleep avahi-daemon add-autologin-group haveged apparmor snapd.apparmor snapd'
 
#### VARIABLES END
#############################################################
 
echo "==> Unmounting $EFI_PART"
umount -f "$EFI_PART"
 
echo "==> Unmounting $LUKS_PART"
umount -f "$LUKS_PART"
 
echo "==> Unmounting $LUKS_PART2"
umount -f "$LUKS_PART2"
 
echo "==> wiping root partition"
wipefs -af "$LUKS_PART"
 
echo "==> wiping home partition"
wipefs -af "$LUKS_PART2"
 
echo "==> ------------------------------------------"
echo "==> Setting up root LUKS container"
echo "  -> WATCHOUT FOR THE UPPERCASE CONFIRMATION"
echo "  -> If using CapsLock remember to toggle back"
cryptsetup --type luks2 \
           --hash sha512 \
           --iter-time $ITER_TIME \
           --tries $RETRIES \
            --use-urandom luksFormat \
            "$LUKS_PART"
            
echo "==> Setting up home LUKS container"
echo "  -> WATCHOUT FOR THE UPPERCASE CONFIRMATION"
echo "  -> If using CapsLock remember to toggle back"
cryptsetup --type luks2 \
           --hash sha512 \
           --iter-time $ITER_TIME \
           --tries $RETRIES \
            --use-urandom luksFormat \
            "$LUKS_PART2"
            
echo "==> ------------------------------------------"
echo "==> Open root LUKS container"
cryptsetup open "$LUKS_PART" cryptroot
 
echo "==> Formatting root LUKS using ext4"
mkfs.ext4 /dev/mapper/cryptroot
 
echo "==> Open home LUKS container"
cryptsetup open "$LUKS_PART2" crypthome
 
echo "==> Formatting home LUKS using ext4"
mkfs.ext4 /dev/mapper/crypthome
 
echo "==> Mounting root partition"
mount /dev/mapper/cryptroot /mnt
 
echo "==> Creating /boot"
mkdir /mnt/boot
 
echo "==> Mounting EFI partition"
mount "$EFI_PART" /mnt/boot
 
echo "==> Creating /home"
mkdir /mnt/home
 
echo "==> Mounting home partition"
mount /dev/mapper/crypthome /mnt/home
 
echo "==> Setting branch and mirror"
pacman-mirrors --api --set-branch $BRANCH --url $MIRROR
 
echo "==> Syncronizing pacman databases"
pacman -Syy
 
echo "==> installing base system with Linux kernel $2"
basestrap /mnt $BASE_PKGS
 
echo "==> Configure base ..."
echo "  -> Creating file: vconsole.conf"
echo KEYMAP=$TKEYMAP > /mnt/etc/vconsole.conf
 
echo "  -> Creating file: locale.conf"
echo LANG=$TLOCALE_CONF > /mnt/etc/locale.conf
 
echo "  -> Creating file: hostname"
echo Manjaro-ThinkPad-E560 > /mnt/etc/hostname
 
echo "  -> Creating file: hosts"
cat > /mnt/etc/hosts <<EOF
127.0.0.1 localhost
127.0.1.1 $THOSTNAME.localdomain $THOSTNAME
EOF
 
echo "  -> Creating symlink: localtime"
ln -sf /usr/share/zoneinfo/$TTIMEZONE /mnt/etc/localtime
 
echo "  -> Setting hardware clock"
manjaro-chroot /mnt hwclock --systohc
 
echo "  -> Enabling services"
manjaro-chroot /mnt systemctl enable NetworkManager systemd-timesyncd
 
echo "  -> Modifying file: locale.gen"
echo "$TLOCALE_PRIMARY" >> /mnt/etc/locale.gen
echo "$TLOCALE_FALLBACK" >> /mnt/etc/locale.gen
 
echo "  -> Generating locale"
manjaro-chroot /mnt locale-gen
 
echo "  -> Setting up mkinitcpio.conf"
sed -i '/MODULES=/c\MODULES=(ext4)' \
       /mnt/etc/mkinitcpio.conf
sed -i '/HOOKS=/c\HOOKS=(systemd keyboard keymap sd-vconsole block sd-encrypt autodetect modconf filesystems fsck)' \
       /mnt/etc/mkinitcpio.conf
 
echo "  -> Generating initrd"
manjaro-chroot /mnt mkinitcpio -P
 
echo "  -> Installing bootloader"
bootctl --path=/mnt/boot install
 
echo "  -> Updating entries with device UUID"
devuuid=$(lsblk -no uuid "$LUKS_PART" | head -n1)
devuuid=$(lsblk -no uuid "$LUKS_PART2" | head -n1)
 
echo "  -> Creating loader entry: manjaro.conf"
cat > /mnt/boot/loader/entries/manjaro.conf <<EOF
title   Manjaro
linux   /vmlinuz-$KERNEL-x86_64
initrd  /initramfs-$KERNEL-x86_64.img
options root=/dev/mapper/cryptroot rd.luks.name=$devuuid=cryptroot
EOF
 
echo "  -> Creating fallback entry: manjaro-fallback.conf"
cat > /mnt/boot/loader/entries/manjaro-fallback.conf <<EOF
title   Manjaro (fallback)
linux   /vmlinuz-$KERNEL-x86_64
initrd  /initramfs-$KERNEL-fallback-x86_64.img
options root=/dev/mapper/cryptroot rd.luks.name=$devuuid=cryptroot
EOF
 
echo "  -> Setting default loader"
sed -i '/default/c\/default manjaro\*/' /mnt/boot/loader/loader.conf
 
echo "==> Setting target branch and mirror"
pacman-mirrors --api --prefix /mnt --set-branch $BRANCH --url $MIRROR
 
#############################################################
#### ISO SPECIFIC SETUP
 
echo "==> Installing ISO package lists"
manjaro-chroot /mnt pacman -S $(comm -12 <(awk '{print $1}' /rootfs-pkgs.txt | sort) <(awk '{print $1}' /desktopfs-pkgs.txt | sort) | sed '/^grub/d' | sed '/^os-prober/d' | sed '/^kernel-modules-hook/d' | sed '/^kernel-alive/d')
 
echo "==> Copying ISO specific settings
cp /etc/lightdm/lightdm-gtk-greeter.conf /mnt/etc/lightdm
cp /etc/lightdm/slick-greeter.conf /mnt/etc/lightdm
cp /etc/environment /mnt/etc
cp /usr/share/icons/default /mnt/usr/share/icons
 
echo "==> Setting up wheel group"
cat > /mnt/etc/sudoers.d/100-wheel <<EOF
%wheel ALL=(ALL) ALL
EOF
 
echo "==> Create new admin user $TUSER ($TGROUPS)"
manjaro-chroot /mnt useradd -mUG $TGROUPS $TUSER
 
echo "==> Set admin user password"
manjaro-chroot /mnt passwd $TUSER
 
echo "==> Enable display manager"
manjaro-chroot /mnt systemctl enable $TDISPLAYMANAGER
 
echo "==> Enable ISO services"
manjaro-chroot /mnt systemctl enable $TSERVICES
 
#### ISO SETUP END
#############################################################
 
echo " ==> Setup your root password"
manjaro-chroot /mnt passwd
 
echo "==> Cleaning up"
echo "  -> Unmounting partitions"
umount -R /mnt
 
echo "  -> Closing LUKS container"
cryptsetup close /dev/mapper/cryptroot
sync
 
echo "==> Done! You have succesfully mimicked a Manjaro Mate Edition"
echo "==> TODO: Configure swapfile ..."
echo "  -> Swap configuration <https://wiki.manjaro.org/index.php/Swap>"
echo ""
62

Ok, so I’ve just tried to run the script and straight away I get these two errors:

line 177: syntax error near unexpected token ‘(’
line 177: 'sed -i ‘/MODULES=/c\MODULES=(ext4)’ ’
:confused:

63

It is not necesarry to add ext4 to the MODULES=()

64

Same error. I followed a guide to try to solve the error and it says that apparently things like ‘(’ in bash language is a special character therefore it throws an error. If instead you put a ‘’ before the character it won’t throw the error. And the compiler seemed like going ahead to the next lines. Which I do have error too.

line 218: unexpected EOF while looking for matching ‘’’
line 261: syntax error: unexpected end of file

I think I’ll now try to do it manually instead

65

Right, so unfortunately I’ve had no luck manually either. Apparently my 100MB EFI partition is too small for the installation which seems odd. I even tried to expand it to 300MB with gparted and even though it threw an error it did seem to expand it. But it was still too small for the installation.
It all seems far too complicated of a process and I’ve tried so many different ways and ideas and none of them worked. I wanted to switch to Manjaro as I am not a fan of the way Canonical does things with Ubuntu (mainly snap) but at least their setup guides work and it may just be me but I’ve come to the conclusion that Manjaro and all the Arch world simply isn’t ready to work with LUKS or LVM on LUKS unless you destroy the whole drive to do a full disk encryption. Whereas with Ubuntu I can just encrypt the whole Ubuntu installation without affecting the Windows side. I did fancy more updated software and getting away from Canonical but at this moment in time, until the default installer supports my kind of setup, which I hope it will I will have to stick with Ubuntu. At least it does work.

Thank you to everyone who sticked with me throughout this journey and for all your very much appreciated help and support. And glad we all learned new things along the way.

66

I don’t know why I didn’t catch this - it is complicated to create a script for another to use - and easily makes a typo when the test environment is not as the target environment.

I found a missing character here

echo "==> Copying ISO specific settings

Should have been - I have probably added to the string as an after thought and forgot the closing dquote.

echo "==> Copying ISO specific settings"

You can do the exact same thing on Manjaro - just not using an installer - it is a manual process - even though I have tried to foresee what could fail - it can fail due to circumstances local to your environment.

I have fixed the typo - and checked the script twice on bare metal - it doesn’t fail the test environment.

67

Thank you, upon inspection myself I did notice that too and corrected it. However it did not seem to make any difference. But as I said I did try the commands manually without using the script and still it wouldn’t work. At the end it wouldn’t even ask me for the decryption password at boot but I suspect that’s something to do with the ESP partition not being big enough as the error would tell me during the installation. I think I’ll just stick with Ubuntu MATE to be honest. But thank you again :slight_smile: