I performed my periodic refresh of my Arch Linux install and wanted to improve how my full disc encryption was handled. Previously I used LVM on LUKS with an encrypted boot partition. However, that limits which bootloader you can use to GRUB, and GRUB is not the quickest to unlock the LUKS partition.

I was also curious if I could use my YubiKey for part of the encryption process rather than just a long password to type on boot. I can’t say that I made it much more convenient though, as now I have to have my YubiKey inserted and press the button on it to boot my computer, but it was fun implementing it and getting it to work.

I recently purchased a new Yubikey and found myself needing to set it up and configure it with PGP keys. As I use it for SSH authentication and commit signing. I of course forgot how I initially configured my older Yubikey for this. Thankfully a quick google search later I was able to figure out how to set it up. I am going to document it this time for future reference and as a more condensed version of the results I found.

When I setup my GPG keys on my Yubikey I set the expiration of the keys to be two years and forgot all about it. Until recently when the keys hit the two-year mark and expired. I had of course forgotten how exactly I set up the keys initially and how to renew them. After some research and experimenting with the gpg2 commands, I was able to renew them.

I decided I would document the process for when this inevitably happens again in two years.

Part 1: Basic Bootable Installation

I wanted to reinstall Arch Linux on my laptop and after having just re-installed it and configured it how I liked on my desktop, I thought there had to be a better way than manually installing packages and doing configuration every time I install. I was in no rush to get a working installation on my laptop, I decided now would be the time to explore a way to automate the installation.

As I was working on creating my automated installation script for Arch Linux, I realized that I would also like to install packages from the AUR. Building the packages in the installation would be time-consuming, and a bit cumbersome due needing to make the packages as a non-root user, but needing to be a root user to install the packages. Having a repo with the packages already pre-built sounds like a much better option. Plus I can continue to use this repo after the installation and let my server spend the time building the packages, rather than me waiting at the command line.