installing gentoo on a lenovo thinkpad X61

although there are rumors that gentoo has problems right now and there has not been a release in a long time i decided to install gentoo since i really like the source-based approach, i was really satisfied using it about 3 years ago and i don't mind fixing a few problems myself.

now, after the installation i would say that it was pretty easy to install, although it is in some places obvious nobody cared to update documentation or ebuilds to the latest versions and "advanced" features like suspend-to-ram or network manager probably work better out of the box on other distributions. the great thing about gentoo however is that there is a lot of documentation out there (http://gentoo-wiki.com/) and that it's quite easy to fix things yourself - you just have to decide for yourself which approach to follow and which information to believe. a few things need to be made more consistent but otherwise it is still a great distribution for people who (want to) know what they are doing.

UPDATE: i got annoyed by the fact that it was always so difficult with gentoo to compile modern programs like networkmanager, avahi, etc, and switched to 64bit kubuntu.

using the unofficial pre 2088 gentoo release

there is a new gentoo release coming up soon, so i decided to install from the unofficial pre 2008.1 release snapshots.

unofficial live cd didn't work

someone even made a Unofficial LiveCD, so i started with that. after partitioning with cfdisk /dev/sda and formatting the harddisk (mkfs.ext3 /dev/sda1), unfortunately grub refused to install. it turned out grub could not read the partition at all. also another other grub version from an external ubuntu boot could not read the filesystem and would fail with

"Error 2: Bad file or directory type

it seems like the unofficial(!) gentoo liveCD has some problems with either cfdisk or mkfs.ext3 which results in some format grub cannot read. mounting the partition from other linux worked, however.

base install from ubuntu

so i started the install process again, from within a kubuntu install i had already on an external HD and this time i didn't have a problem with grub!

i basically followed the gentoo handbook install but took the the pre 2008 release stage3 and portage snapshots from http://www.funtoo.org/linux/ instead and everything worked fine.

my partition scheme: sda1 for gentoo, sda2 for another linux install (maybe), sda3 swap, sda4 encrypted data partition.

     Name            Flags          Part Type      FS Type               [Label]             Size (MB)
 ----------------------------------------------------------------------------------------------------------
     sda1            Boot            Primary       Linux ext3                                 24996.63
     sda2                            Primary       Linux ext2                                 10001.95
     sda3                            Primary       Linux swap / Solaris                        2500.49
     sda4                            Primary       Linux                                     122540.23

here are the CFLAGS i used:

CFLAGS="-march=prescott -O2 -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
CHOST="i686-pc-linux-gnu"
MAKEOPTS="-j3"

i use the 32bit mode of the CPU although it is capable of 64bit.

kernel build

i built kernel 2.6.24 (from emerge gentoo-sources) and ran into the second problem: the X61 uses serial ATA (SATA) and had problems at first to mount my rootfs on SATA. http://gentoo-wiki.com/HARDWARE_SATA was of great help - needed to compile SATA and SCSI into the kernel and build normal ATA as a module:

--- ATA/ATAPI/MFM/RLL support
  <M>   Enhanced IDE/MFM/RLL disk/cdrom/tape/floppy support

<*> Serial ATA (prod) and Parallel ATA (experimental) drivers  --->  
  <*>   AHCI SATA support
-*- SCSI device support 
<*> SCSI disk support

now i'm running kernel 2.6.25-rc8. here is my kernel .config: x61-kernel-config.

finishing the basic gentoo installation

after i got the kernel config right, i was finally able to boot into my fresh gentoo and continue the installation from there.

emerge vim
emerge pciutils
emerge eselect

bash beautification

add to USE flags: bash-completion

cp /etc/skel/.bash_profile /root/
cp /etc/skel/.bashrc /root/
emerge gentoo-bashcomp    
eselect bashcomp enable eselect
eselect bashcomp enable gentoo

add to .bashrc:

alias ll='ls -la'
alias make='make -j3' 

- ahh, relief

useful gentoo tools

dispatch-conf

instead of env-update.

unicode UTF-8

follow http://www.gentoo.org/doc/en/utf-8.xml

create the file /etc/env.d/02locale:

LANG="en_US.UTF-8"

add some fonts:

emerge terminus-font intlfonts freefonts cronyx-fonts corefonts

wireless lan

i was positively surprised when i saw that udev already loaded iwl4965 for the built in wireless card. the firmware was missing and had to be emerged:

emerge iwl4965-ucode
emerge wireless-tools

monitor mode worked, ad-hoc mode didn't join IBSS, managed mode worked but it has some problems associating to an AP some times. will look at that again later.

kde

don't forget, like i did on the first emerge, the xinerama USE flag if you want to have dual screen support in kde. my use flags (i use profile desktop):

USE="-gnome -kerberos -ldap mplayer kde bash-completion xinerama gpm"

emerge kdbase-meta
emerge kde-meta

set in /etc/conf.d/xdm

DISPLAYMANAGER="kdm"

X.org configuration

here is my xorg.conf prepared for dual sceen.

knetworkmanager

getting knetworkmanager and NetworkManager to work was a bit troublesome. it didn't work until i used

• libnl 1.1-r1
• hal 0.5.10
• networkmanager 0.6.6
• knetworkmanager 0.2.1_p20071228

/etc/portage/package.keywords:

=dev-libs/libnl-1.1-r1
=kde-misc/knetworkmanager-0.2.1_p20071228
net-misc/networkmanager
sys-apps/hal
app-misc/hal-info

emerge =dev-libs/libnl-1.1-r1
emerge networkmanager
emerge =kde-misc/knetworkmanager-0.2.1_p20071228

now, networkmanager worked, but it could not interpret my DNS servers which i had for a static eth0 configuration in /etc/conf.d/net so /etc/resolv.conf stayed empty. i had to change dns_servers in /etc/conf.d/net to a space serparated list - no "( )"!

dns_servers_eth0="192.168.3.1 215.170.93.234 210.145.254.170"

next problem: when connecting to a WEP secured network knetworkmanager did not pop up a dialog for entering a key. running NetworkManager --no-daemon showed:

NetworkManager: <WARN>  nm_dbus_get_wireless_user_key_done(): nm_dbus_get_user_key_for_network_cb(): dbus returned an error.
  (org.freedesktop.DBus.Error.ServiceUnknown) The name org.freedesktop.NetworkManagerInfo was not provided by any .service files

and when i started knetworkmanager from the command line it complained:

Error requesting name, org.freedesktop.DBus.Error.AccessDenied: Connection ":1.1" is not allowed to own the service "org.freedesktop.NetworkManagerInfo" due to security policies in the configuration file

the reason was that in /etc/dbus-1/system.d/knetworkmanager.conf only the group plugdev and root are allowed. SOLUTION: add my user to the plugdev group.

now networkmanager wors fine for the ethernet but still has troube with iwl4965.

encrypted home

i wanted to encrypt my home directory and swap. i have taken most of my steps from http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS.

emerge sharutils

i use a gpg protected key file:

head -c 45 /dev/random | uuencode -m - | head -n 2 | tail -n 1 | gpg --symmetric -a >/root/diskkey.gpg
gpg --quiet --decrypt /root/diskkey.gpg | cryptsetup -v --key-size 256 luksFormat /dev/sda4
gpg --decrypt /root/diskkey.gpg 2>/dev/null | cryptsetup luksOpen /dev/sda4 home
mkfs.ext3 /dev/mapper/home

enable in /etc/conf.d/dmcrypt:

swap=crypt-swap
source='/dev/sda3'

target=crypt-home
source='/dev/sda4'
key='/root/diskkey.gpg:gpg'

change /etc/fstab to look like this

/dev/sda1               /               ext3            noatime         0 1
/dev/mapper/crypt-swap  none            swap            sw              0 0
/dev/cdrom              /mnt/cdrom      auto            noauto,ro       0 0

/dev/mapper/crypt-home  /home/br1       ext3            defaults        0 0

when i mage a mistake and crypt home was not mounted, i got the following error after kde login:

Could not start Kstartupconfig. Check your installation

this indicates that the users home directory was not readable (wrong permissions).

using pam_mount

the previously mentioned solution worked fine but i was getting annoyed that i had to enter the password twice on every boot. pam_mount provides a much more convenient solution, reusing the login password for mounting the encrypted partition and was easy to set up:

echo =sys-auth/pam_mount-0.32 >> /etc/portage/package.keywords
emerge pam_mount

since pam_mount uses openssl encrypted disk keys instead of gpg i had to decrypt my gpg key and then re-encrypt it using openssl:

gpg diskkey.gpg | openssl enc -aes-256-cbc -out br1-home.key

add to /etc/security/pam_mount.conf.xml:

<volume fstype="crypt" path="/dev/sda4" mountpoint="/home/br1"
        options="cipher=aes" fskeycipher="aes-256-cbc"
                fskeypath="/root/br1-home.key" />

remove the crypt-home entries in /etc/fstab and /etc/conf.d/dmcrypt.

my /etc/pam.d/system-auth:

#%PAM-1.0

auth       required     pam_env.so
# next 2 lines added for pam mount *br1*
auth       required     pam_unix.so try_first_pass likeauth nullok
auth       optional     pam_mount.so use_first_pass
auth       sufficient   pam_unix.so try_first_pass likeauth nullok
auth       required     pam_deny.so

account    required     pam_unix.so

password   required     pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 try_first_pass retry=3
password   sufficient   pam_unix.so try_first_pass use_authtok nullok md5 shadow
password   required     pam_deny.so

session    required     pam_limits.so
session    required     pam_unix.so
session    optional     pam_mount.so

nice - now the partition is mounted when i log in and unmounted when i log out

ACPI

suspend to RAM

without installing any additional software suspend to ram worked by 'echo "mem" > /sys/power/state', but on resume the LCD backlight stayed OFF, so the screen was black. switching to another console (Ctrl-Alt-F1) turned in on again.

emerge acpi
emerge acpid
update-rc add acpid default
emerge hibernate-script
echo =sys-apps/vbetool-1.0 >> /etc/portage/package.keywords
emerge vbetool

set in /etc/hibernate/ram.conf:

TryMethod sysfs-ram.conf

my laptop would wake up a few seconds after suspend, so i had to unload the USB modules before suspend. i also wanted to lock my KDE session (optional), therefore i had to add in /etc/hibernate/common.conf:

IbmAcpi yes
UnloadModules uhci_hcd ehci_hcd iwl4965
LockKDE yes

when you lock the KDE screen, the display stays black after resume and at first i thought it's the LCD backlight problem but it's just the locked session - just move your mouse to get a login window...

adding acpi_sleep=s3_bios to /boot/grub/menu.lst seems to help, but still sometimes it takes a long time to wake up.

kernel  /boot/vmlinuz root=/dev/sda1 vga=791 acpi_sleep=s3_bios

since kernel 2.6.25-rc8 it suspend to ram and resume seems to work much better...

i emerged s2ram too, but i think it's not necessary:

echo =sys-power/suspend-0.8 >> /etc/portage/package.keywords 
echo =dev-libs/libx86-0.99 >> /etc/portage/package.keywords 
emerge suspend
# now i can suspend with that too:
s2ram -f -a 1

thinkpad keys

to enable the sleep button i added the file etc/acpi/events/btn-sleep:

event=ibm/hotkey HKEY 00000080 00001004
action=hibernate-ram

to make use of the volume buttons in kde:

emerge kmilo

now i get a nice on screen display with the volume.

kernel 2.4.24 has a problem with the alsa driver though and the volume setting will not work. i only saw the OSD of 0% or 11% but no change in the volume happened. it works again since 2.5.25-rc5 so i didn't bother any more.

2.5.25-rc5 on the other hand has a problem with all other button events from the thinkpad, so the suspend to ram button, etc don't work right now. well - it's just buttons and i hope it will be fixed for the 2.6.25 release.

bluetooth

emerge bluez-libs bluez-utils
echo "dev-libs/openobex bluetooth usb" >> /etc/portage/package.use
emerge net-wireless/kdebluetooth

do as instructed: set in /etc/bluetooth/hcid.conf

pin_helper /usr/lib/kdebluetooth/kbluepin;

hardware features

most things worked out of the box, if i had to do something special i have described it above. here is an overview of what i have tested.

config files

• x61-kernel-config - linux 2.4.25-rc8 (last update: 05.04.2008)

• xorg.conf - X server (last update: 04.04.2008)

... more to come...