Alternatives & Notes - dslm4515/BMLFS GitHub Wiki
Replacing elogind with seatd
elogind setups XDG_RUNTIME_DIR which is needs to be set for wayfire or other wlroot-based compositors
Create a seatd service that creates /run/user with permissions 0770 and runs seatd -g seat. There should be a group called seat with a GID of 28. Any users that will need a seat managed by seatd should be part of this group. Each user should have a .bashrc that creates a directory /run/user/$(id -u) with permissions 700 and sets XDG_RUNTIME_DIR=/run/user/$(id -u) source
An example to add to .bashrc:
# Setup XDG_RUNTIME_DIR
if [ ! -e /run/user/$(id -u) ](/dslm4515/BMLFS/wiki/-!--e-/run/user/$(id--u)-); then
install -m0770 -d /run/user/$(id -u)
touch /run/user/$(id -u)/created_by_bashrc
fi
export XDG_RUNTIME_DIR="/run/user/$(id -u)"
Setting up sudo to allow only users of group sudo
Make a group sudo with GID of 27. All users that will use sudo should be part of this group.
Via visudo, uncomment this line:
# %sudo ALL=(ALL) ALL
D-Bus Machine ID Generation
A new machine-id can be generated by:
rm -v /var/lib/dbus/machine-id
dbus-uuidgen --ensure=/etc/machine-id
dbus-uuidgen --ensure
Remote Desktop with Wayland (Wlroots)
Install wayvnc for the host and tigervnc-client for the client.
wlvncc can be used if host and client are on the same nework and no ecryption or authorization used.
Create a self-signed X509 certificate on the host with gnutls. For IP address, enter public facing IP address of host:
certtool --generate-privkey --outfile ca-key.pem
certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca-cert.pem
This should produce a certificate (ca-cert.pem) and key (ca-key.pem). Store both to a directory like /etc/wayvnc
Then create the config file for wayvnc. Address can be set to 0.0.0.0 for local access or use host's local IP address:
cat > wayvnc.config << "EOF"
address=0.0.0.0
enable_auth=true
username=user
password=password
private_key_file=/etc/wayvnc/ca-key.pem
certificate_file=/etc/wayvnc/ca-cert.pem
EOF
Copy ca-cert.pem to client, like /etc/wayvnc/ca-cert.pem on the client.
Configure tigervnc client:
Security
> Encryption
>> [ ] none
>> [x] TLS with anonymous certificates
>> [x] TLS with X509 certificates
>>> Path to CA X509 Certificate file
[ /etc/wayvnc/ca-cert.pem ]
>>> Path to CA X509 CRL File
[ /etc/wayvnc/ca-cert.pem ]
> Authentication
>> [ ] none
>> [x] Standard VNC
>> [x] User name & password
Building and Setting up NetworkManager with IWD
*iwd should be running before NetworkManager starts.
Configure NetworkManager source with:
--with-crypto=gnutls
--without-wext # if not using wpa_supplicant
--with-iwd
Then configure build with /etc/NetworkManager/conf.d/nm.conf
[device]
wifi.backend=iwd
wifi.iwd.autoconnect=yes
iwd-config-path=/var/lib/iwd
Desktop Notifications under Wayland
For Wayfire, install mako (mako-notifications, not the Mako python module).
Test it by using firefox to visit https://www.bennish.net/web-notifications.html
Gamepads
For the Xbox One Controller (model 1708), use xpadneo:
$ git clone https://github.com/atar-axis/xpadneo.git
$ cd xpadneo
# Make sure kernel source of running is linked at /usr/src/linux
$ cd hid-xpadneo && make modules && sudo make modules_install
Tested Xbox One Controller (model 1708) to work fine via bluetooth and tested with 'Don't Starve' game
Display Managers
So far I have tested ly with Wayfire on a S6+S6-rc init system. ly is unresponsive if launched as a longrun boot service but works fine as a oneshot service (any errors, ly will exit, leaving the tty without a login).
As a oneshot service, ly can be launched as:
# To launch on tty1:
exec setsid agetty -J -nl /usr/bin/ly tty1 38400 linux
CPU Microcode
Source: BLFS - About Firmware
Late-loading of microcode no longer supported, only early loading via initrd or baked in kernel image.
Determine the decimal values of the cpu family, model and stepping by running the following command (it will also report the current microcode version). For example:
$ head -n7 /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 94
model name : Intel(R) Core(TM) i5-6500T CPU @ 2.50GHz
stepping : 3
microcode : 0x8c
Intel CPU's
Using the example above, the 'CPU ID tag' [as I call it] will be 6-94-3 (family-model-stepping), but the the Intel microcode package uses hexadecimal. So 6-94-3 will be 06-5e-03. Microcode version is 0x8c in hex, therefore 140 in decimal (this helps to determine if CPU has a newer, as in larger, version number for microcode).
Go to the Intel's Intel-Linux-Processor-Microcode-Data-Files and search for the latest release that has the 'CPU ID tag' (in hexadecimal). As of 24-OCT-2023, release microcode-20220510 has a microcode for the above example CPU:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products |
|---|---|---|---|---|---|
| SKL-H/S | R0/N0 | 06-5e-03/36 | 000000ec | 000000f0 | Core Gen6; Xeon E3 v5 |
Example CPU has microcode version 0x8c(v140) and update has 0xf0(v240), therefore microcode update is newer than CPU.
Download and unpack microcode release bundle. There is a directory with many microcodes:
$ ls Intel-Linux-Processor-Microcode-Data-Files-microcode-20220510
README.md intel-ucode-with-caveats linux-kernel-patches security.md
intel-ucode license releasenote.md
$ ls Intel-Linux-Processor-Microcode-Data-Files-microcode-20220510/intel-ucode
06-03-02 06-08-06 06-0f-0b 06-26-01 06-3e-07 06-55-07 06-7a-01 06-9a-03 06-bf-02 0f-04-03
06-05-00 06-08-0a 06-0f-0d 06-2a-07 06-3f-02 06-55-0b 06-7a-08 06-9a-04 06-bf-05 0f-04-04
06-05-01 06-09-05 06-16-01 06-2c-02 06-3f-04 06-56-02 06-7e-05 06-9c-00 0f-00-07 0f-04-07
06-05-02 06-0a-00 06-17-06 06-2d-06 06-45-01 06-56-03 06-8a-01 06-9e-09 0f-00-0a 0f-04-08
06-05-03 06-0a-01 06-17-07 06-2d-07 06-46-01 06-56-04 06-8c-01 06-9e-0a 0f-01-02 0f-04-09
06-06-00 06-0b-01 06-17-0a 06-2e-06 06-47-01 06-56-05 06-8c-02 06-9e-0b 0f-02-04 0f-04-0a
06-06-05 06-0b-04 06-1a-04 06-2f-02 06-4c-03 06-5c-02 06-8d-01 06-9e-0c 0f-02-05 0f-06-02
06-06-0a 06-0d-06 06-1a-05 06-37-08 06-4c-04 06-5c-09 06-8e-09 06-9e-0d 0f-02-06 0f-06-04
06-06-0d 06-0e-08 06-1c-02 06-37-09 06-4d-08 06-5c-0a 06-8e-0a 06-a5-02 0f-02-07 0f-06-05
06-07-01 06-0e-0c 06-1c-0a 06-3a-09 06-4e-03 06-5e-03 06-8e-0b 06-a5-03 0f-02-09 0f-06-08
06-07-02 06-0f-02 06-1d-01 06-3c-03 06-55-03 06-5f-01 06-8e-0c 06-a5-05 0f-03-02
06-07-03 06-0f-06 06-1e-05 06-3d-04 06-55-04 06-66-03 06-96-01 06-a6-00 0f-03-03
06-08-01 06-0f-07 06-25-02 06-3e-04 06-55-05 06-6a-05 06-97-02 06-a6-01 0f-03-04
06-08-03 06-0f-0a 06-25-05 06-3e-06 06-55-06 06-6a-06 06-97-05 06-a7-01 0f-04-01
It does not matter where you prepare the initrd, and once it is working you can apply the same initrd to later LFS systems or newer kernels on this same machine, at least until any newer microcode is released. Use the following commands:
$ mkdir -p initrd/kernel/x86/microcode
$ cd initrd
For an Intel machine, like the example CPU, copy the appropriate blob using this command:
$ cp -v ../Intel-Linux-Processor-Microcode-Data-Files-microcode-20220510/intel-ucode/06-5e-03 \
kernel/x86/microcode/GenuineIntel.bin
Now prepare the initrd:
find . | cpio -o -H newc > /tmp/microcode.img
The initrd is made. For example, move it to /boot and modify bootloader to load it with kernel. To check after booting with microcode, check kernel log:
$ dmesg | grep microcode | grep updated
[ 0.000000] microcode: updated early: 0x8a -> 0xf0, date = 2021-11-12
Combining microcode image and initramfs
Per Arch Linux, concatinate both:
$ cat cpu-ucode.img initramfs.img > /tmp/combined_initrd.img
NOTE: This test pending
Turn off display after another 5 mins
Some DE's, like Wayfire have this feature built in. Others, like labwc may not.
For labwc, add these lines to ~/ .config/labwc/autostart:
# Lock screen after 5mins, turn off display after another 5 mins (300,600)
swayidle -w \
timeout 300 'swaylock -f -i /usr/share/wallpapers/red_abstract_wallpaper_by_norbert_ah_d1vv7qp.png' \
timeout 600 'wlopm --off \*' \
resume 'wlopm --on \*' &
# before-sleep 'swaylock -f -c 000000' & # required systemd or elogind