← ludocode.com

Setting up a Headless Raspberry Pi with Arch Linux ARM

Original date: 2016-01-23.
Last updated: 2020-09-18.

This is a simple set of instructions for installing Arch Linux ARM on a Raspberry Pi, and first-time booting it headless (without a monitor or keyboard/mouse.) See the official instructions for more information.

These instructions are meant to be run as an unpriveledged user, so most of them use sudo. They also add some safety to setup the Raspberry Pi as a headless public-facing server.

We're assuming you're already on a Linux PC. Let's start downloading the latest ArchLinuxARM RPI tarball to your home folder first if you don't already have it:

cd ~
curl -LO http://archlinuxarm.org/os/ArchLinuxARM-rpi-latest.tar.gz

Next we'll set an environment variable to the device so you can copy-paste the rest of the instructions. You should still enter them one at a time to fully understand what's going on.

RPIDEV=/dev/sdX

Replace sdX above with the device name for the SD card on which you'll be installing Arch. This should be just a device like sdg, not a partition like sdg1. Make sure you choose the correct device! Its contents will be erased!

You can check the existing partition table like this to make sure you've got the right device:

sudo fdisk -l $RPIDEV

You'll need to install parted to create the partition table. On Arch, make sure you have dosfstools installed as well because it provides mkfs.vfat. The Raspberry Pi can only boot from a FAT32 filesystem, so we'll create a 100 MB FAT32 partition for /boot, and the rest will be the ext4 root:

sudo parted -s -a optimal ${RPIDEV} \
        mklabel msdos \
        mkpart primary fat32 0% 100M \
        mkpart primary ext4 100M 100%
sudo mkfs.vfat -F 32 ${RPIDEV}1
sudo mkfs.ext4 ${RPIDEV}2

Next we create a mount point and mount the partitions:

cd /mnt   # or /media, depending on your distribution
sudo mkdir rpidev
sudo mount ${RPIDEV}2 rpidev
cd rpidev
sudo mkdir boot
sudo mount ${RPIDEV}1 boot

Now we can extract Arch. (We use bsdtar instead of GNU tar because the tarball is built using bsdtar. GNU tar throws warnings about unrecognized extended headers on decompressing it, although it seems to work fine otherwise.)

sudo bsdtar -xpzf ~/ArchLinuxARM-rpi-latest.tar.gz

The system is now installed to the SD card. You'll probably want to set the hostname at this point before the first boot. Make sure you use etc/hostname here, not /etc/hostname!

echo your-server-name | sudo tee etc/hostname

There's one last thing we can do before we unmount the SD card. The default root password is root, which can be unsafe. If you're setting up a headless Raspberry Pi, there's a moment of vulnerability where an attacker could log in as root before you get a chance to change it. This is especially true if the device is publicly available on the internet (which mine is.)

We'd like to avoid connecting with a serial cable or crossover cable to fix this, or modifying the firewall to block it until it's ready. We want to just plug it in and go. Unfortunately we can't change the password with chroot or passwd --root (unless you're setting this up from another ARM system) since the chroot environment contains ARM binaries. Instead of trying to set it by hand, we'll instead install our public key, and use key authentication only. This will prevent password-based root login through SSH entirely.

You should have an SSH key pair already. If you don't, use ssh-keygen. We can install our key on the RPI and disable password logins like this:

sudo mkdir -p root/.ssh
cat $(ls -t1 ~/.ssh/id_*.pub|head -n 1) | sudo tee root/.ssh/authorized_keys > /dev/null
sudo sed -i 's/#*\(PermitRootLogin\).*/\1 without-password/' etc/ssh/sshd_config

We're now done configuring the boot media. The kernel may take a while to finish flushing the data to the SD card, so let's block until it's done:

sync

This could take a few minutes depending on how long you spent configuring things. We can now unmount:

cd ..
sudo umount -R rpidev
sudo rmdir rpidev

You can now place the SD card in your Raspberry Pi and boot it up safely. After a few moments you'll be able to SSH in as root without a password. You can get its IP address from your router, or you may be able to connect directly from the hostname.

Once started, update pgp keys and bring the system up-to-date:

pacman-key --init
pacman-key --populate archlinuxarm
pacman -Syu

← ludocode.com