What else is different from Arch?

You are right, so it is actually easier. You probably just need to pacstrap base linux linux-headers dracut

I think you will get it actually. It will get pulled in by any kernel package since it is the first choice for the initcpio dependency.

That means if you specific dracut in the pacstrap package list, that should be enough to replace mkinitcpio with dracut.

1 Like

Yes, on a recent Arch install I used a list of packages that included dracut for my pacstrap and my resulting installation did not include mkinitcpio at all.

It is interesting that mkinitcpio and dracut do not conflict with each other from a package management perspective. Do you know if there is some reason they have decided to allow them both to be installed? It seems like it would cause nothing but problems.

I don’t have any inside information but it is probably because they don’t technically conflict. Since the dracut package ships without any hooks, it doesn’t hurt to have it installed. However, if you actually start using it, you will likely have a problem…

2 Likes

So, to sum this up, if you install Arch Linux The ArchWiki way without any intervention (as described in the ArchWiki), and without explicitly installing dracut, you will always end up with an mkinitcpio-installation.

Thank you all! :v:

Is there a resource that explains these sane defaults?

That would be my main reason to switch to EndeavourOS.

A summary of the distro’s out-of-the-box features.

https://endeavouros.com/latest-release/

That is quite useful as an update, but what I wonder is the little, yet important things, such as standard(-ish) out-of-the-box ssh hardening, login brute-force prevention etc.

I imagine vanilla Arch would leave all that to the user, as opposed to a more curated distro. So I wonder how much I need to dive into these things myself on EndeavourOS.

The only security-related changes we make is installing and enabling a firewall by default.

Is there any documentation on what makes sense to do from the security PoV (apart from disk encryption and the firewall)?

That is very individual. For example, I don’t do disk encryption at all, I just encrypt the individual files that contain sensitive information and I am mindful never to write them to disk when I decrypt them.

There is no EOS specific documentation on that.

The Arch wiki has a security section:
https://wiki.archlinux.org/title/Security

So nothing extra on top of what Arch already does, got it.

Thanks, will look into it :+1:

1 Like

This is concise and more than enough plusses for the new user who is intimidated by the arch installation and/or community. I should know, I am one. It’s been 2 weeks and I appreciate and even love the ā€œterminal-centricā€ existence as I prefer it. I really dig it. I have a #1 and this is my #2…but I don’t spend much time on my #1 lately. Endeavour is that kind of OS.

3 Likes

I agree. My comment was not trying to diminish it. I’m merely trying to understand what are the ā€œsane defaultsā€ we are talking about, so I can plan my installation properly.

I’ve used Gentoo for a decade or so (and Manjaro lately), so I have no problem with the console and tweaking, but I know that I am quite rusty. I am also – as probably others looking at EndeavourOS – lacking the time to go LFS, so knowing the defaults helps a lot.

I hope that if something was in any way (widely) dangerous, it would be either already fixed by default in EndeavourOS or documented as a step in its installation documentation.