The Complete Installation Guide for Xubuntu 18.04
This is a guide for installing Xubuntu 18.04 - the hard way. The partitioning scheme is laid out as
+-----------++-------------------------------------------------------+
| || Logical vol1 20GB | Logical vol2 20GB+ |
| || /dev/mapper/system-root | /dev/mapper/system-home |
| Boot ||_ _ _ _ _ _ _ _ _ _ _ _ _ _|_ _ _ _ _ _ _ _ _ _ _ _ _ _|
| partition || dm-crypt LUKS LVM partition |
| 500MB || /dev/mapper/sdb2_crypt |
| /dev/sda1 ||_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
| || dm-crypt LUKS encrypted partition |
| || /dev/sda2 |
+-----------++-------------------------------------------------------+
Warnings
- You may need to change some options for your install
- Test in a virtual machine before use. Real hardware will still be different.
- If grub gets installed on the USB installation device, simply reboot with the installation USB, login, and run
sudo dpkg-reconfigure grub-pc
. This will show a text interface where you can choose the installation disk(s).
Sections
Install Xubuntu 18.04 with dm-crypt LUKS encryption for root and home partitions
- Download minimal Ubuntu 18.04 at https://help.ubuntu.com/community/Installation/MinimalCD
- Disable secure boot and uefi from the bios.
- If that doesn’t work, you could also try a uefi install by extracting the
EFI
directory from themini.iso
image and placing it in the top level directory of the usb. You would then need to create a 200MB EFI partition in the partitioning step.
- If that doesn’t work, you could also try a uefi install by extracting the
- Create a bootable USB
- Use the amazing bootiso utility from https://github.com/jsamr/bootiso.
- Reboot computer from USB
- Installer boot menu
- Advanced options
- Expert install
- Installer main menu
- Choose language
- Language: English
- Country: United States
- Country for default settings: United States
- Additional Locales: none (continue)
- Configure the keyboard
- No, don’t detect keyboard layout
- Country of origin: English (US)
- Keyboard layout: English (US)
- Detect network hardware
- Configure the network
- Primary network interface: wlan0 (wireless) or eth0 (wired)
- Wireless network: choose ssid
- Wireless network type: wpa/wpa2 psk
- wpa/wpa2 passphrase: password
- Yes, autoconfigure networking
- Continue with 3 seconds wait time
- Hostname: ubuntu
- Domain name: none (continue)
- Choose a mirror of the Ubuntu archive
- Protocol for file downloads: http
- Ubuntu archive for mirror country: United States
- Ubuntu archive mirror: us.archive.ubuntu.com
- HTTP proxy: none (continue)
- Download installer components
- Installer components to load: none (continue)
- Detect virtual driver disks
- Set up users and passwords
- Yes, enable shadow passwords
- No, do not allow login as root
- Name for new user: name
- Username for account: name
- Password for new user: pass
- No, do not encrypt home directory (this is eCryptfs-based)
- Configure the clock
- Yes, set the clock using NTP
- NTP server: ntp.ubuntu.com
- Yes, time zone is correct
- Detect disks
- Partition disks
- Manual
- Select the disk for partitioning (Only if safe to wipe current partition table! Otherwise select free space or already created partitions.)
- Yes, create new empty partition table
- Choose gpt partition table type
- Select free space – to create /boot partition
- Create a new partition
- Create partition size of 500 MB in size
- Beginning of partition
- Name: boot
- Use as: EXT4 file system
- Mount point: /boot
- Mount options: relatime
- Done setting up the partitioning
- Select free space – to create encrypted partition
- Create a new partition
- Partition size needs to be enough for both / (root) ~20GB and /home ~20GB-4TB (sizes dependent upon individual use cases)
- Beginning of partition
- Name: crypt
- Use as: Physical volume for encryption
- Done setting up the partitioning
- Configure the encrypted volumes
- Yes, write changes to disk
- Finish
- Enter passphrase for the encrypted partition
- Select the partition below ‘Encrypted volume (sdX2_crypt)’
- Use as: physical volume for LVM
- Done setting up the partitioning
- Configure the Logical Volume Manager
- Yes, write changes to disk
- Create volume group
- Name: system
- Select encrypted volume partition: /dev/mapper/sdX2_crypt
- Create logical volume (for root)
- Select system
- Name: root
- Volume size around 20GB
- Create logical volume (for /home)
- Select system
- Name: home
- Volume size: the rest of the volume or whatever you desire
- Finish
- Create partitions for / (root) and /home
- Select LVM partition for / (root)
- Use as: btrfs file system (backup on a different filesystem. Use ext4 or xfs for stability)
- Mount point: / (root)
- Mount options: relatime
- Done setting up the partitioning
- Select LVM partition for /home
- Use as: btrfs file system (backup on a different filesystem. Use ext4 or xfs for stability)
- Mount point: /home
- Mount options: relatime
- Done setting up the partitioning
- Select LVM partition for / (root)
- Finish partitioning and write to disk
- No, ignore swap partition warning
- Yes, write changes to disk
- Enter maximum size for swap file (512MB?)
- Install Base System
- Kernel to install: Linux-signed-generic
- Drivers to include in the initrd: targeted
- Configure package manager
- Yes, use restricted software
- Yes, use universe software
- Yes, use multiverse software
- Yes, use backported software
- Yes, use software from the partner repository
- No, do not enable source repositories in APT
- Select all services to use
- Select and install software
- Install security updates manually
- Select Xubuntu desktop
- Install GRUB boot loader
- Yes, Install GRUB boot loader to the MBR
- Choose internal ssd
- No, Don’t install grub to removable media path
- Finish the installation
- Yes, system clock is set to UTC
- Remove install media and continue for reboot
- Choose language
Post install suggestions
-
Update the Linux kernel.
- If you want a specific kernel
- Download the following from http://kernel.ubuntu.com/~kernel-ppa/mainline/
linux-headers-4.*-generic_*_amd64.deb
linux-headers-4.*_all.deb
linux-image-unsigned-4.*-generic_*_amd64.deb
linux-modules-4.*-generic_*_amd64.deb
- Open terminal in download location and run
sudo dpkg -i linux-headers*.deb
sudo dpkg -i linux-modules*.deb
sudo dpkg -i linux-image*.deb
sudo update-grub
- Restart computer
- Check kernel being used with
uname -a
- Remove old kernels if
/boot
gets full
- Download the following from http://kernel.ubuntu.com/~kernel-ppa/mainline/
- If you want the LTS updated Kernel. Reference https://wiki.ubuntu.com/Kernel/LTSEnablementStack.
- If you want a specific kernel
-
Enable the firewall.
# https://help.ubuntu.com/community/UFW # https://www.linode.com/docs/security/firewalls/configure-firewall-with-ufw/ sudo ufw enable sudo ufw default allow outgoing sudo ufw default deny incoming
-
Disable hyperthreading (if option not available in the bios).
-
Update btrfs.
- Check version with
btrfs --version
- Download from https://launchpad.net/ubuntu/+source/btrfs-tools
- Install using software center
- Check disk io/r/w transactions
sudo iotop -oPa
- Check version with
-
If there is a separate partition or disk that needs to be mounted and unencrypted at boot. Reference http://ubuntuforums.org/showthread.php?t=837416.
- Check UUID of partitioning
sudo blkid
- Check block size of / (root) partition for nice key size (likely 4096)
sudo blockdev --getbsz /dev/mapper/system-root
- Create random keyfile in /root
sudo dd if=/dev/urandom of=/root/keyfile bs=4096 count=1
- the bs= value should be the block size we just found
- Make keyfile read only to root
sudo chmod 0400 /root/keyfile
- Add keyfile to LUKS partition of /dev/sdX#_crypt
sudo cryptsetup luksAddKey /dev/sdX#_crypt /root/keyfile
- Enter existing password for /dev/sdX#_crypt
- Create mapper
sudo mousepad /etc/crypttab
- add ‘/root/keyfile’ to replace ’none’ for /dev/sdX#_crypt
- example:
sdX#_crypt UUID=XXX /root/keyfile luks
- example:
- Mount the drive (if needed)
sudo mousepad /etc/fstab
- example:
/dev/mapper/sdX#_crypt /<mount point> btrfs relatime 0 2
- example:
- Update settings in initramfs images
sudo update-initramfs -u -k all
- Check UUID of partitioning
-
TRIM for SSDs.
- Reference http://blog.neutrino.es/2013/howto-properly-activate-trim-for-your-ssd-on-linux-fstrim-lvm-and-dmcrypt/.
- Enable Trim on dm-crypt
- Open
/etc/crypttab
sudo mousepad /etc/crypttab
- If needed, add ‘discard’ to the options for
sdX#_crypt
.
- Open
- Make sure LVM has ‘issue_discards=1’ in
sudo mousepad /etc/lvm/lvm.conf
- Check encrypted drive with
sudo dmsetup table /dev/mapper/sdX#_crypt
- make sure it has ‘1 allow_discards’
- Remove or check “discard” is not used in the
fstab
sudo mousepad /etc/fstab
- Run TRIM manually or check for errors
sudo fstrim -v /home
- If any changes were made, run
sudo update-initramfs -c -k all
-
If installing in Virtualbox, install additions by
sudo apt install virtualbox-guest-utils virtualbox-guest-dkms dkms
- To share a folder, make a permanent machine folder then run
sudo usermod -a -G vboxsf username
- To share a USB port
sudo usermod -a -G vboxusers username
-
Set window tile keybinds similar to Microsoft Windows.
- Open terminal and run
xfce4-settings-manager
- Go to window manager
- Open the Keyboard tab
- Set the “Tile window to the left” (and right)
- Open the Keyboard tab
- Open terminal and run
-
Backbutton in firefox to backsapce.
- Type
about:config
in the address bar - Look for
browser.backspace_action
in the list - Change the Value to 0.
- Type
-
If needed, install Intel wireless driver.
- Download driver from http://intellinuxwireless.org/?n=Downloads
- Navigate to download folder
tar xvzf iwlwifi-XXX.tgz
cd iwlwifi-XXX/
sudo cp iwlwifi-XXX.ucode /lib/firmware
-
Check partition sizes.
df -h
btrfs filesystem df
btrfs filesystem show
-
Install packages from a newer release.
- http://askubuntu.com/questions/103320/install-packages-from-newer-release-without-building-apt-pinning
apt install <package> -t yakkety
-
Modify or redirect home folder names.
- change in
/home/username/.config/user-dir.dirs
- change in
-
Change ownership of extra storage drives or partitions.
sudo chown -R username /partition
-
Change desktop lock keybind.
- Go to settings editor
- xfce4-keyboard-shortcuts
- new commands custom property
- property:
/commands/custom/<super>l
- type:
string
- value:
xflock4
- property:
-
Format a USB drive.
df
umount /dev/sdc1
mkfs.vfat /dev/sdc1
-
Create a dm-crypt LUKS encrypted external drive. Reference https://gitlab.com/cryptsetup/cryptsetup/wikis/FrequentlyAskedQuestions.
-
Find the external drive (assume the filesystem is /dev/sdb1 and it’s mount location /media/USERNAME/*)
df
-
Unmount it
umount /media/USERNAME/*
-
Quickly wipe old filesystems. wipefs clears the first superblock.
sudo wipefs -a /dev/sdb1
-
Create the LUKS container (follow on-screen intructions)
sudo cryptsetup luksFormat /dev/sdb1
-
Check the passphrase iteration count. The key slot default is 1 second of PBKDF2 hashing. The volume key default (MK iterations) is 0.125 seconds. You can set the key slot with
cryptsetup luksFormat -i 15000 <target device>
sudo cryptsetup luksDump /dev/sdb1
-
Map the container to /dev/mapper/backup1
sudo cryptsetup luksOpen /dev/sdb1 backup1
-
Create a filesystem in the mapped container
sudo mkfs.btrfs --label backup1 /dev/mapper/backup1
-
Mount the filesystem (right after creation; using lzo compression)
mount -o compress=lzo /dev/mapper/backup1 /mnt
-
Mount the filesystem (day to day use as a portable external drive; using lzo compression). You can either create an fstab entry or mount using the command line.
-
Using an fstab entry
# Get the UUID of the mounted and unlocked /dev/mapper/ filesystem sudo blkid
Add the following entry to
/etc/fstab
~~~bash UUID=YOUR-UUID /media/backup1 btrfs noauto,defaults,noatime,compress=lzo 0 0 ~~~
Now it will automatically mount at
/media/backup1
. Thenoauto
option is used in the fstab entry to prevent automatically mounting the drive at boot time. If you leave this option off, then your computer will fail to boot and you will need to edit the fstab in recovery mode. Thenofail
option can be used for drives that are usually going to be mounted at boot time.Change ownership of the new mount point so you can perform cut/copy/paste, etc. ~~~bash sudo chown -R USERNAME /media/backup1 ~~~
-
Using the terminal
# The OS will automatically mount the drive and ask for passphrase to unlock. Then... df sudo umount /media/USERNAME/* sudo mount -o compress=lzo /dev/dm-4 /media/backup1 sudo chown -R USERNAME /media/backup1
-
-
-
Fix backlight adjustment issues.
sudo apt install xbacklight
xbacklight -set XX
-
Turn on USB keyboard password input for dmcrypt login.
- Check current modules being used with
lsmod
- In a terminal, open
-
sudo /etc/initramfs-tools/mousepad modules
Then add the followingusbhid hid hid_logitech_dj hid_logitech_hidpp
-
sudo update-initramfs -u
-
- Check current modules being used with
-
Add icons to desktop panel.
- Go to
/usr/share/applications/
and drag the application to the panel.
- Go to
-
If unable to boot because fstab is bad (This is also helpful for situations that do not involve fstab).
-
Reboot computer
-
At grub menu, choose advanced options and boot into recovery mode.
-
Enter the Root Session.
-
Because you’re in read only mode, remount with write privileges.
mount -o remount,rw /
-
Edit the fstab
nano /etc/fstab
-
-
Re-label a btrfs filesystem.
# First unmount, then rename sudo umount /dev/dm-4 sudo btrfs filesystem label /dev/dm-4 NEWNAME
-
Stop system error pop ups.
Sometimes a system error will be reported and cause a warning pop up over multiple restarts. You can remove this by either
sudo rm /var/crash/*
gksu nano /etc/default/apport
and setenabled=0
-
Randomize MAC address.
This is based on https://fedoramagazine.org/randomize-mac-address-nm/. To randomize wifi connections, create the file
/etc/NetworkManager/conf.d/00-macrandomize.conf
and add the following:# can use 'random' or 'stable' below [device] wifi.scan-rand-mac-address=yes [connection] wifi.cloned-mac-address=stable ethernet.cloned-mac-address=stable connection.stable-id=${CONNECTION}/${BOOT}
Then restart networkmanager with
systemctl restart NetworkManager
. -
Change owner of entire directory.
sudo chown -R <username> *
-
Let apt fix dependency issues automatically.
sudo apt --fix-broken install
-
GPG bug fix when adding keys behind a proxy: use the option
http-proxy=
sudo apt-key adv --keyserver keyserver.ubuntu.com --keyserver-options http-proxy=http://PROXYADDRESS --recv-keys GPGKEY
Software install suggestions
Apt packages
#======================================================================
# Update
#======================================================================
sudo apt update
sudo apt dist-upgrade
#======================================================================
# Remove unwanted software from xubuntu-desktop recommends
#======================================================================
sudo apt purge '^brltty.*' '^espeak.*' '^hplip.*' '^libhpmud0.*' '^libsane-hpaio.*' '^parole.*' '^printer-driver.*' '^speech-dispatcher.*' '^whoopsie.*' '^libwhoopsie0.*' '^popularity-contest.*' '^pidgin.*'
sudo apt autoremove
sudo apt autoclean
#======================================================================
# Install software
#======================================================================
# general
sudo apt install iotop software-properties-common p7zip-full curl libdbd-sqlite3 audacious usb-creator-gtk chromium-browser texinfo libimobiledevice-dev
#sudo apt --no-install-recommends install gnucash
# r
sudo apt install jags pandoc pandoc-citeproc gcc gfortran libudunits2-dev libssl-dev libgit2-dev libssh2-1-dev
# git
sudo apt install make libssl-dev libghc-zlib-dev libcurl4-gnutls-dev libexpat1-dev gettext unzip
# power
sudo apt install tlp tlp-rdw powertop
sudo tlp start
sudo powertop --auto-tune
#======================================================================
# Install other repository software
#======================================================================
#------
# Repos
#------
# R
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E298A3A825C0D65DFD57CBB651716619E084DAB9
sudo add-apt-repository "deb https://cloud.r-project.org/bin/linux/ubuntu $(lsb_release -cs)-cran35/"
sudo add-apt-repository ppa:marutter/c2d4u3.5
# KeepassXC
sudo add-apt-repository ppa:phoerious/keepassxc
# Lyx
sudo add-apt-repository ppa:lyx-devel/release
# Libreoffice
sudo add-apt-repository ppa:libreoffice/ppa
# mpv
sudo add-apt-repository ppa:mc3man/mpv-tests
# git
sudo add-apt-repository ppa:git-core/ppa
# Virtualbox
sudo add-apt-repository "deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian $(lsb_release -cs) contrib" && wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -
# Gimp
sudo apt-add-repository ppa:otto-kesselgulasch/gimp
# Inkscape
sudo add-apt-repository ppa:inkscape.dev/stable
# sublime text
wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg | sudo apt-key add -
echo "deb https://download.sublimetext.com/ apt/stable/" | sudo tee /etc/apt/sources.list.d/sublime-text.list
#--------
# Install
#--------
sudo apt update
# R
sudo apt install r-base r-base-dev libopenblas-base liblapack3 libcairo2-dev libxt-dev
# keepassXC
sudo apt install keepassxc
# Lyx
sudo apt --no-install-recommends install lyx
# libreoffice
sudo apt --no-install-recommends install libreoffice-writer
sudo apt install libreoffice-calc
# mpv
sudo apt install mpv
# git
sudo apt install git
# Virtualbox
sudo apt install virtualbox
# Gimp
sudo apt install gimp
# Inkscape
sudo apt install inkscape
# sublime text
sudo apt-get install sublime-text
#======================================================================
# Cleanup
#======================================================================
sudo apt update
sudo apt dist-upgrade
sudo apt autoclean
sudo apt autoremove
Manual packages
-
Install texlive 2018. Reference http://tex.stackexchange.com/a/95373.
-
Download Texlive and run
wget http://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz tar -zxvf install-tl-unx.tar.gz sudo apt install perl-tk cd install-tl* sudo ./install-tl --gui
- Choose the small scheme (just download fonts and packages as you need them)
- Choose Recommended fonts, Mathematics packages, and LuaTeX packages
- Make sure to “create symlinks in system directories”
-
Edit
/etc/environment
by adding:/usr/local/texlive/2018/bin/x86_64-linux:/usr/local/texlive/2018/texmf-dist/doc/man:/usr/local/texlive/2018/texmf-dist/doc/info:
-
Make apt see the local install by:
sudo apt install equivs --no-install-recommends sudo apt install freeglut3 mkdir /tmp/tl-equivs cd /tmp/tl-equivs equivs-control texlive-local # copy this http://www.tug.org/texlive/files/debian-equivs-2018-ex.txt to mousepad texlive-local equivs-build texlive-local sudo dpkg -i texlive-local_2018-1_all.deb
-
Access tlmgr using either of
sudo env PATH="$PATH" tlmgr --gui
sudo /usr/local/texlive/2018/bin/x86_64-linux/tlmgr --gui
-
Update texlive. Remove the old texlive with the commands below, then Re-run the install commands.
# Remove old apt local install sudo apt remove texlive-local # Remove the old texlive directories sudo rm -rf /usr/local/texlive/2018/ sudo rm -rf /usr/local/texlive/texmf-local/ sudo rm -rf /home/USERNAME/.texlive2018/ sudo rm -rf /var/lib/texmf/ # Remove the old texlive symlinks (Make sure there's nothing else in there) sudo rm /usr/local/bin/* sudo -rf rm /usr/local/share/man/* sudo rm /usr/local/share/info/* # Update the font cash sudo fc-cache -fsv
-
-
Install Gnucash
The current version of gnucash is 3.3, but only 2.6.19 is available in the 18.04 archives. The following will allow you to install gnucash 3.3 on ubuntu 18.04
-
See the reference documentation at https://wiki.gnucash.org/wiki/Ubuntu.
-
Since the current package in the ubuntu package repo is too old, from https://packages.debian.org/sid/amd64/libboost-regex1.62.0/download, download and install:
libboost-regex1.62.0_1.62.0+dfsg-10_amd64.deb
-
Install
sudo apt install guile-2.2-libs libaqbanking35 libboost-date-time1.62.0 libboost-filesystem1.62.0 libboost-locale1.62.0 libboost-system1.62.0 libgwenhywfar60 libktoblzcheck1v5 libofx7 libaqbanking35-plugins guile-2.2 libfinance-quote-perl libhtml-tableextract-perl libdate-manip-perl libjs-jquery libcrypt-ssleay-perl
-
From http://ftp.us.debian.org/debian/pool/main/g/gnucash/, download and install:
gnucash-common_3.3-2_all.deb gnucash_3.3-2_amd64.deb
-
-
Install redshift
-
Install from repo
sudo apt-get install redshift redshift-gtk
-
Append the following to geoclue’s config with
sudo nano /etc/geoclue/geoclue.conf
[redshift] allowed=true system=false users=
-
Create a redshift config file with
nano ~/.config/redshift.conf
[redshift] temp-day=5500 temp-night=2700 location-provider=manual [manual] lat=4X lon=-8X
-
-
Modify sublime text’s settings
- at Preferences -> Distration Free, add the line
"update_check": false,
- Add
127.0.0.1 license.sublimehq.com
to/etc/hosts
.
- at Preferences -> Distration Free, add the line
-
Install Grub Customizer (used to modify the grub menu for dual boot).
sudo add-apt-repository ppa:danielrichter2007/grub-customizer
sudo apt update
sudo apt install grub-customizer
-
Install Texmaker.
-
Download from http://www.xm1math.net/texmaker/download.html
sudo dpkg -i *.deb sudo apt install -f
-
-
Install Rstudio.
-
Download from https://www.rstudio.com/products/rstudio/download/preview/
sudo dpkg -i *.deb sudo apt install -f
-
-
Install Teamviewer.
-
Download from https://www.teamviewer.com/en/download/linux/
sudo dpkg -i *.deb sudo apt install -f
-
-
Install Anydesk.
-
Download from https://anydesk.com/download?os=linux
sudo dpkg -i *.deb sudo apt install -f
-
Anydesk uses a dark pattern of forcing autostart of a background service/system tray icon. Just deleting the /etc/xdg/autostart/anydesk* file no longer prevents the auto startup. To stop it, you needed to comment out all lines/delete the following file:
/etc/systemd/system/anydesk.service
-
-
Install Skype.
-
Download from https://www.skype.com/en/get-skype/
sudo dpkg -i *.deb sudo apt install -f
-
-
Install Bleachbit.
-
Download from https://www.bleachbit.org/download/linux
sudo dpkg -i *.deb sudo apt install -f
-
-
Install Brother printer drivers.
- Download from http://support.brother.com/g/b/productsearch.aspx?c=us&lang=en&content=dl
gunzip linux-brprinter-installer-2.*.gz
sudo bash linux-brprinter-installer-2.*
- Enter machine name
- When you see the message “Will you specify the DeviceURI ?” USB Users: Choose N(No). Network Users: Choose Y(Yes).
- If scanner isn’t working
brsaneconfig4 -a name=Scanner model='modelname' ip='ip-address'
- Check network mapping with
nmap 'IP range'/24
- Download from http://support.brother.com/g/b/productsearch.aspx?c=us&lang=en&content=dl
Last Updated: 2018-11-11