MicroOS Desktop on Lenovo X1 Gen 10
Report on MicroOS on a Lenovo X1 Carbon Gen 10. Overal excellent experience, everything feels fast and application graphics and very fast. NB MicroOS for desktop is superseded by Aeon
H/W compatibility problems
-
Webcam not supported out of box, din’t try to fix.
-
Built-in sound not supported out of box, didn’t yet try to fixBuild-in sound works with Kernel V6.4.6
The wwan module interferes with suspend, remove temporarily with:
sudo rmmod mtk_t7xx
or permanently with:
sudo sh -c 'echo "blacklist mtk_t7xx" >> /etc/modprobe.d/blacklist.conf '
Linux 6.8 .. 6.11
Suspend problem on linux 6.8 and later. Keep on longterm kernel:
sudo transactional-update pkg install kernel-longterm
OR: turn off h/w subsystems in BIOS to find which are interfering with suspend.
NB: Later linux kernels substantially further improve subjective performance on this laptop, so worth running them.
Debugging problems between kernels
lsmod > oldkernel_modules.txt
cat oldkernel_modules.txt | cut -f1 -d" " | sort > old_nodeps.txt
On new kernel:
lsmod > newkernel_modules.txt
cat newkernel_modules.txt | cut -f1 -d" " | sort > new_nodeps.txt
SSD
After about 1 year of service replaced the internal NVME with Samsung 980 Pro 2TB. Easy to replace, appears to work very well.
Whole-disk encyption
Can enable whole-disk encryption during installation using following sequence:
- Boot install media as normal and go through setup steps up until “summary of changes”
- In summary click on the partitioning entry
- Do advanced partition
- Click “start with current”
- Simply click on the encryption checkbox for the main BTRFS partition
The password needs to be entered during the boot sequence, any automatic reboot will stop at that stage.
Flatpack notes
Install flatseal and use to tighten up the security of flatpacks.
Firefox flatpack profiles are in /home/bnikolic/.var/app/org.mozilla.firefox/.mozilla/firefox
For Zotero add .zotero to persisent directories, I’ve added
~/Zotero for the sqllite and ~/ZFiles for ZotFile-managed
attachments.
For Davmail add persistent directory .davmail, then start with
flatpak run org.davmail.DavMail .davmail/props to ensure
properties are saved there. Generate certificates as described
https://davmail.sourceforge.net/sslsetup.html for clients which
require encrypted access. Office 365 works well, imap and smptp.
- Use O365Modern, check logs for the URL for authenticate the devmail app. O365Interactive did not work, perhaps due to flatpak sandbox
For offlineimap send SIGUSR1 to force re-sync after suspend. (M-x proced; k ; USR1)
If slowdown in starting flatpaks, use:
systemctl --user --type=service restart xdg-document-portal.service
Flatpak Emacs & Tex
Install texlive matching emacs runtime:
flatpak install --user --verbose flathub org.freedesktop.Sdk.Extension.texlive/x86_64/24.08
then run with
FLATPAK_ENABLE_SDK_EXT=texlive flatpak run --verbose org.gnu.emacs
Flatpak document portal
Technology for flatpak to give access on a file-by-file basis to applications.
See all files with permissions in this wasy
flatpak documents --columns=origin,application
To see info about individual file:
flatpak document-info <filename>
Distrobox
Use distrobox for creating application and development environments with easy connections to the window system, sound etc. To create isolated environment, generate a command with “distrobox create …. -d” then edit the output to remove the host home directory bindings.
Snapper
Use snapper to do snapshots of filesystems. It is enabled by default
for root, to enable for /home do:
sudo snapper -c home create-config /home
See snapshots:
sudo snapper -c home list
See what has changed since a snapshot (0 is current version, 167 appens to be the last snapshot at time of writing)
sudo snapper -c home status 167..0 | less
Workloads with a lot of churn of generated data do not do well with snapper, e.g.:
- Big compiled software builds
- Container images, PIP packages
- Data processing intermediate products
Keep these on separate btrfs volumes so they can be not snapshotted/are done to a different schedule:
sudo btrfs subvolume create /path/of/subvol
sudo chown -R bnikolic /path/of/subvol
sudo chgrp -R bnikolic /path/of/subvol
Or as user:
/usr/sbin/btrfs subvolume create .var/app/org.recoll.recoll
Eventually managed to corrupt the BTRFS volume… perhaps due to fatigue in the NVME drive or due to unclean shutdowns. The following command is very useful for recovery of data. Do this first, before any write operations!
mount -t btrfs -o ro,rescue=all /dev/dvc /mnt/target
Snapper can not create snapshot
If a “Creating snapshot failed.” error is seen, for example :
sudo transactional-update
[sudo] password for :
Checking for newer version.
transactional-update 4.6.6 started
Options:
Separate /var detected.
2024-05-01 15:07:36 tukit 4.6.6 started
2024-05-01 15:07:36 Options: -c20 open
Creating snapshot failed.
ERROR: `snapper create --from 20 --read-write --cleanup-algorithm number --print-number --description 'Snapshot Update of #20' --userdata 'transactional-update-in-progress=yes'` returned with error code 1.
transactional-update finished
the issue is possibly to do with quotas again. Fix by replacing the
# btrfs qgroup for space aware cleanup algorithms
QGROUP="1/0"
with something empty
QGROUP=""
in snapper conf file (e.g. /etc/snapper/configs/root)
See https://github.com/openSUSE/snapper/issues/894#issuecomment-2054220427 and https://forum.armbian.com/topic/37473-snapper-fails-to-create-a-btrfs-snapshot-if-cleanup-algorithm-is-used/
Software issues
Came across big issue with “btrfs_cleaner” consuming CPU cycles and slowing down the system. Solved by disable quotas:
sudo btrfs quota disable /home
See https://www.suse.com/support/kb/doc/?id=000020696 for background for the problem.
Automatic reboots
OS will request automatic reboots after updates, control this as follows:
https://users.suse.com/~kukuk/SUSE-CaaSP-Docu/rebootmgrctl.1.html
See strategy:
sudo rebootmgrctl get-strategy
See the reboot/maintenance window:
sudo rebootmgrctl get-window
Is machine requested to reboot?
sudo rebootmgrctl status
To disable automatic system updates:
systemctl --now disable transactional-update.timer
SELinux
Version starting with Linux kernel 6.3 enable SELinux. This will force a re-labelling of all filesystems, which will take a significant amount of time during boot making it look like the system is not responding. The message is like: “A start job is running Relabel /home (x / unlimited) “
To debug issues like this:
- Remove “quiet” boot option to be able to see what is going on
- Remove selinux boot options in order to confirm SELinux is causing the issue
After the first relabel, boot continues fine and further reboots are quick as normal
VMs
Gnome Boxes flatpack works for basic VMs but ended up installing and using virt-manager and friends, as per:
https://en.opensuse.org/Portal:MicroOS/Virtualization
Install emu-hw-display-qxl for qxl, qemu-spice, qemu-hw-usb-host for host device usb etc.
Ensure virtio disk driver (install, boot in safe mode so kernel picks this up) for good io performance. Ensure QXL for good graphics. Fix poor text by using cleartype.
sudo transactional-update pkg install libvirt libvirt-daemon-qemu qemu-tools virt-install qemu-hw-display-qxl qemu-spice qemu-hw-usb-host virt-manager
sudo systemctl enable --now libvirtd
sudo virsh net-define /etc/libvirt/qemu/networks/default.xml
sudo virsh net-autostart default
sudo virsh net-start default
DNS
Setup dnsmasq so that containers continue to have DHCP after moving networks:
# echo -e "[main] \ndns=dnsmasq" > /etc/NetworkManager/conf.d/dns.conf
NB: -e flag so that the newline combination \n is interpreted
See: https://wiki.archlinux.org/title/NetworkManager, https://github.com/containers/podman/issues/14412
Thermal management
Possible to overheat the laptop CPU to lockup… Hence install thermald:
sudo transactional-update pkg install thermald
Smartctl
Install
sudo transactional-update pkg install smartmontools
to monitor drive health.
Strongswan
For VPN. Install packages NetworkManager-applet-strongswan,
NetworkManager-strongswan.
By default the nm component looks for certificates in wrong place:
https://bugzilla.opensuse.org/show_bug.cgi?id=1216564.
Temp fix:
sudo n/microos-tools/devel-tools/microos-rw
sudo ln -s /var/lib/ca-certificates/pem /usr/share/ca-certificates
sudo n/microos-tools/devel-tools/microos-ro
Midi
- Install Qsynth flatpak
- Find soundfont file, load in to Qsynth
- Check midi in seen with
aconnect -o -l - If using lilipond, gen midi with
\midi {}
Wifi Suspend
Unload/reload wifi drivers:
bnikolic@localhost:~> sudo rmmod iwlmvm iwlwifi bnikolic@localhost:~> sudo modprobe iwlmvm iwlwifi
Wifi drops?
? Fix band to one , e.g.
nmcli connection modify
No - does not resolve the problem
Graphics slowdown
Turn off UI animations
opensnitch
Can download and install rpms:
https://github.com/evilsocket/opensnitch/releases
But need following supporting packages: sudo transactional-update pkg install python313-notify2 python313-python-slugify python313-protobuf python313-packaging python313-grpcio
mitm proxy
sudo transactional-update pkg install python313-mitmproxy
Offlineimap patch
Somewhere between Microsoft and davmail there is a regression vs IMAP std and return messages can have more than on SP. This patch works around this flaw.
*** /usr/lib/python3/dist-packages/imaplib2.py 2025-04-23 10:14:14.865987508 +0100
--- /usr/lib/python3/dist-packages/imaplib2.py_orig 2021-01-18 10:58:10.000000000 +0000
***************
*** 282,288 ****
# These must be encoded according to utf8 setting in _mode_xxx():
_literal = br'.*{(?P<size>\d+)}$'
! _untagged_status = br'\*[ ]+(?P<data>\d+) (?P<type>[A-Z-]+)( (?P<data2>.*))?'
continuation_cre = re.compile(br'\+( (?P<data>.*))?')
mapCRLF_cre = re.compile(br'\r\n|\r|\n')
--- 282,288 ----
# These must be encoded according to utf8 setting in _mode_xxx():
_literal = br'.*{(?P<size>\d+)}$'
! _untagged_status = br'\* (?P<data>\d+) (?P<type>[A-Z-]+)( (?P<data2>.*))?'
continuation_cre = re.compile(br'\+( (?P<data>.*))?')
mapCRLF_cre = re.compile(br'\r\n|\r|\n')