Report on MiroOS on a Lenovo X1 Carbon Gen 10. Overal excellent experience, everything feels fast and application graphics and very fast.

H/W compatibility problems

  • Webcam not supported out of box, din’t try to fix.

  • Built-in sound not supported out of box, didn’t yet try to fix Build-in sound works with Kernel V6.4.6

The wwan module interferes with suspend, remove temporarily with:

sudo rmmod mtk_t7xx

or permanently with:

sudo sh -c 'echo "blacklist mtk_t7xx" >> /etc/modprobe.d/blacklist.conf '

Linux 6.8

Suspend problem on linux 6.8 only. Keep on longterm kernel:

sudo transactional-update pkg install kernel-longterm 

SSD

After about 1 year of service replaced the internal NVME with Samsung 980 Pro 2TB. Easy to replace, appears to work very well.

Whole-disk encyption

Can enable whole-disk encryption during installation using following sequence:

  1. Boot install media as normal and go through setup steps up until “summary of changes”
  2. In summary click on the partitioning entry
  3. Do advanced partition
  4. Click “start with current”
  5. Simply click on the encryption checkbox for the main BTRFS partition

The password needs to be entered during the boot sequence, any automatic reboot will stop at that stage.

Flatpack notes

Install flatseal and use to tighten up the security of flatpacks.

Firefox flatpack profiles are in /home/bnikolic/.var/app/org.mozilla.firefox/.mozilla/firefox

For Zotero add .zotero to persisent directories, I’ve added ~/Zotero for the sqllite and ~/ZFiles for ZotFile-managed attachments.

For Davmail add persistent directory .davmail, then start with flatpak run org.davmail.DavMail .davmail/props to ensure properties are saved there. Generate certificates as described https://davmail.sourceforge.net/sslsetup.html for clients which require encrypted access. Office 365 works well, imap and smptp.

  • Use O365Modern, check logs for the URL for authenticate the devmail app. O365Interactive did not work, perhaps due to flatpak sandbox

Flatpak document portal

Technology for flatpak to give access on a file-by-file basis to applications.

See all files with permissions in this wasy

flatpak documents --columns=origin,application

To see info about individual file:

flatpak document-info <filename>

Distrobox

Use distrobox for creating application and development environments with easy connections to the window system, sound etc. To create isolated environment, generate a command with “distrobox create …. -d” then edit the output to remove the host home directory bindings.

Snapper

Use snapper to do snapshots of filesystems. It is enabled by default for root, to enable for /home do:

sudo snapper -c home create-config /home

See snapshots:

sudo snapper -c home list

See what has changed since a snapshot (0 is current version, 167 appens to be the last snapshot at time of writing)

sudo snapper -c home status 167..0  | less

Workloads with a lot of churn of generated data do not do well with snapper, e.g.:

  1. Big compiled software builds
  2. Container images, PIP packages
  3. Data processing intermediate products

Keep these on separate btrfs volumes so they can be not snapshotted/are done to a different schedule:

sudo btrfs subvolume create /path/of/subvol
sudo chown -R bnikolic  /path/of/subvol
sudo chgrp -R bnikolic  /path/of/subvol

Eventually managed to corrupt the BTRFS volume… perhaps due to fatigue in the NVME drive or due to unclean shutdowns. The following command is very useful for recovery of data. Do this first, before any write operations!

mount -t btrfs -o ro,rescue=all /dev/dvc /mnt/target

Snapper can not create snapshot

If a “Creating snapshot failed.” error is seen, for example :

sudo transactional-update 
[sudo] password for : 
Checking for newer version.
transactional-update 4.6.6 started
Options: 
Separate /var detected.
2024-05-01 15:07:36 tukit 4.6.6 started
2024-05-01 15:07:36 Options: -c20 open 
Creating snapshot failed.
ERROR: `snapper create --from 20 --read-write --cleanup-algorithm number --print-number --description 'Snapshot Update of #20' --userdata 'transactional-update-in-progress=yes'` returned with error code 1.
transactional-update finished

the issue is possibly to do with quotas again. Fix by replacing the

# btrfs qgroup for space aware cleanup algorithms
QGROUP="1/0"

with something empty

QGROUP=""

in snapper conf file (e.g. /etc/snapper/configs/root)

See https://github.com/openSUSE/snapper/issues/894#issuecomment-2054220427 and https://forum.armbian.com/topic/37473-snapper-fails-to-create-a-btrfs-snapshot-if-cleanup-algorithm-is-used/

Software issues

Came across big issue with “btrfs_cleaner” consuming CPU cycles and slowing down the system. Solved by disable quotas:

sudo btrfs quota disable /home

See https://www.suse.com/support/kb/doc/?id=000020696 for background for the problem.

Automatic reboots

OS will request automatic reboots after updates, control this as follows:

https://users.suse.com/~kukuk/SUSE-CaaSP-Docu/rebootmgrctl.1.html

See strategy:

sudo rebootmgrctl get-strategy

See the reboot/maintenance window:

sudo rebootmgrctl get-window

Is machine requested to reboot?

sudo rebootmgrctl status

To disable automatic system updates:

systemctl --now disable transactional-update.timer

SELinux

Version starting with Linux kernel 6.3 enable SELinux. This will force a re-labelling of all filesystems, which will take a significant amount of time during boot making it look like the system is not responding. The message is like: “A start job is running Relabel /home (x / unlimited) “

To debug issues like this:

  • Remove “quiet” boot option to be able to see what is going on
  • Remove selinux boot options in order to confirm SELinux is causing the issue

After the first relabel, boot continues fine and further reboots are quick as normal

VMs

Gnome Boxes flatpack works for basic VMs but ended up installing and using virt-manager and friends, as per:

https://en.opensuse.org/Portal:MicroOS/Virtualization

Install emu-hw-display-qxl for qxl, qemu-spice, qemu-hw-usb-host for host device usb etc.

Ensure virtio disk driver (install, boot in safe mode so kernel picks this up) for good io performance. Ensure QXL for good graphics. Fix poor text by using cleartype.

DNS

Setup dnsmasq so that containers continue to have DHCP after moving networks:

# echo -e "[main] \ndns=dnsmasq" > /etc/NetworkManager/conf.d/dns.conf

NB: -e flag so that the newline combination \n is interpreted

See: https://wiki.archlinux.org/title/NetworkManager, https://github.com/containers/podman/issues/14412

Thermal management

Possible to overheat the laptop CPU to lockup… Hence install thermald:

sudo transactional-update pkg install thermald

Smartctl

Install

sudo transactional-update pkg install smartmontools 

to monitor drive health.

Strongswan

For VPN. Install packages NetworkManager-applet-strongswan, NetworkManager-strongswan.

By default the nm component looks for certificates in wrong place: https://bugzilla.opensuse.org/show_bug.cgi?id=1216564.

Temp fix:

sudo n/microos-tools/devel-tools/microos-rw
sudo ln -s /var/lib/ca-certificates/pem /usr/share/ca-certificates
sudo n/microos-tools/devel-tools/microos-ro