This machine in 12” 4:3 aspect ratio is great to have on the side, literally. The TN-panel looks awful in picture but is actually good enough to work in terminal environments. The classis 7-row keyboard gives this machine it’s right to exist eternally. I’ve decided to install Void Linux, the musl edition. Here are my notes to guide trough the setup process on the ThinkPad X61!

musl is a new standard library to power a new generation of Linux-based devices. It is lightweight, fast, simple, free, and strives to be correct in the sense of standards-conformance and safety.

voidlinux.org

First download the void-live-x86_64-musl-20181111.iso, current release, sha256sums.txt, sha256sums.txt.sig and verify the image:

$ wget https://alpha.de.repo.voidlinux.org/live/current/void-live-x86_64-musl-20181111.iso
$ wget http://alpha.de.repo.voidlinux.org/live/current/sha256sums.txt{,.sig}

Verify image integrity

Verify the integrity of these files using sha256sum:

$ sha256sum -c --ignore-missing sha256sums.txt void-live-x86_64-musl-20181111.iso
void-live-x86_64-musl-20181111.iso: OK

The integrity check should return OK, which means we can proceed using this .iso Image file. In all other cases, the file can be corrupt or has been modified. Don’t use it, change to tier 1 mirrors and re-download instead.

Verify image authenticity

The sha256sums.txt file is published and digitally signed by the Void Linux maintainers with the Void Images key:

  • Signer: Void Linux Image Signing Key images@voidlinux.eu
  • KeyID: B48282A4
  • Fingerprint: CF24 B9C0 3809 7D8A 4495 8E2C 8DEB DA68 B482 82A4

To download this key:

$ gpg --recv-keys B48282A4
gpg: requesting key B48282A4 from hkp server keys.gnupg.net
gpg: key B48282A4: public key "Void Linux Image Signing Key <images@voidlinux.eu>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

Use this key to verify the signature of sha256sums.txt in sha256sums.txt.sig:

$ gpg --verify sha256sums.txt.sig
gpg: assuming signed data in 'sha256sums.txt'
gpg: Signature made Sun 18 Nov 2018 11:39:33 PM CET
gpg: using RSA key CF24B9C038097D8A44958E2C8DEBDA68B48282A4
gpg: Good signature from "Void Linux Image Signing Key <images@voidlinux.eu>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: CF24 B9C0 3809 7D8A 4495 8E2C 8DEB DA68 B482 82A4

The signature for the checksums is authentic. The hash is valid for the Void Image file. We can proceed to create the installation media. This could either be a USB drive or SD card.

Write the image file to bootable media. First identify the device you’ll write to using fdisk. Make sure it’s plugged in already.

# fdisk -l
Disk /dev/sdb: 28.99 GiB, 31104958464 bytes, 60751872 sectors
Disk model: Ultra Fit Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

The output shows my USB-flashdrive as /dev/sdb. In linux, the path to the device will typically be in this form: /dev/sdX for USB, /dev/mmcblkX for SD cards.

Ensure the correct state by using this command: umount.

# umount /dev/sdb
umount: /dev/sdb: not mounted.

Write image-file to USB-flashdrive

Write the image file to USB drive using dd:

# dd bs=4M if=~/void-live-x86_64-musl-20181111.iso of=/dev/sdb
86+1 records in
86+1 records out
361758720 bytes (362 MB, 345 MiB) copied, 9.07791 s, 39.9 MB/s

Finally, flush all data with sync, unplug the installation media and give it a kiss:

$ sync

Plug in the USB-flashdrive when the X61 is off and turn it on. Hold F12 to open “boot menu” and select -USB HDD. Grub will show up. Select Void Linux 4.18.17_1 x86_64-musl (RAM) to load the entire image to RAM. Loading like so will take a bit more time but speed up the rest of the installation process.

We’ll be greeted by the void-live login prompt. Login with root using password voidlinux:

void-live login: root
Password:
Last login: Tue Aug 22 06:35:54 on tty1
# _

There is a GUI installer available and can be run with void-installer, but we’ll skip this for the sake of learning. Gain more understanding and proceed with manual isntallation.

Setup network connection

The easiest way is to plug in the good old RJ45-cable. The dhcpcd service is enabled by default. If using this, skip the configuration for wifi. We should be online by now, check connection with ping (use ctrl+c to exit)

$ ping voidlinux.org
PING voidlinux.org (185.199.109.153) 56(84) bytes of data.
64 bytes from 185.199.109.153 (185.199.109.153): icmp_seq=1 ttl=57 time=14.1 ms
64 bytes from 185.199.109.153 (185.199.109.153): icmp_seq=2 ttl=57 time=15.3 ms
64 bytes from 185.199.109.153 (185.199.109.153): icmp_seq=3 ttl=57 time=17.3 ms

If neccesary, enable dhcpcd service manually using:

# ln -s /etc/sv/dhcpcd /var/service/
# _

Now the service has been activated with no response. According to the UNIX philosphy: “No news is good news”. Challenge this by verifying the current state:

# sv status dhcpcd
run: dhcpcd: (pid 916) 12s

Wifi configuration

Wireless connections are handled by the wpa_supplicant package; it can at least handle WEP, WPA-PSK (Personal) and WPA-EAP (Enterprise).

Modify wpa_supplicant.conf to match your network device:

# wpa_passphrase 'My SSID' >> /etc/wpa_supplicant/wpa_supplicant.conf
my_wifi_password<enter>
# sv restart dhcpcd
ok: run: dhcpcd: (pid 916) 0s

Give it approximately 12 seconds to connect, verify IP address and ping to ensure the internet connection is working. (wifi interface_name should start with wls)

# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP>...
2: enp0: <NO-CARRIER,BORADCAST,MULTICAST,UP>...
3: wls3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff inet 123.123.213.123/24 brd 123.123.123.255 scope global noprefixroute wls3 valid_lft forever preferred_lft forever inet6 1234::1234:1234:1234:1234/64 scope link valid_lft forever preferred_lft forever
# ping voidlinux.org
PING voidlinux.org (185.199.109.153) 56(84) bytes of data...

The filesystem

The BIOS shipped with is only supporting legacy boot. Due a DOS partition table only supports 4 primary partitions, I prefer to go for a GUID partition table. Creating a small MBR partition upfront will do the trick.

Swap space

A swap partition is not required but recommended for systems with low RAM. Since I have 2 GB RAM and plan to use hibernation, i’ll create a swap space 3x the RAM, a total of 6 GB. Set your swap space according to your preference.

Boot partition

A seperate /boot partition isn’t required but I choose to use a /boot partition to manage kernels manually. Each kernel image will take around 18 MB. I’ll create a subersized /boot partition so I don’t have to worry about space. 1 GB it will be. If you don’t plan to customize the Linux kernel, 200 MB should be sufficient (room for 3 kernels).

Root partition

The last but not least is the root / partition. Void Linux will be installed here and it’s recommended to seperate your /home folder into another partition. This is for convenience when reistalling the system. Since i don’t prefer this method of recovery I will not seperate my /home folder. Again, your preference may vary.

Hard drive encryption

A large part will be encrypted. I left the boot partition open because i might change the bootloader later on. Swap and root will be encrypted as one, so create one partition and split them up after.

Create the filesystem

First set the hard drive into parts, than encrypt the relevant partitions and filesystem.

Consider to erase ALL data first to start clean. The point of doing so is to make any previous data unrecoverable, so it’s unlikely you’ll be able to recover any date in case you’ve wiped the wrong disk.

Get some toothpicks to stabilize your eyelids and please pay attention.

suberbower

Wipe the correct disk

To see all available disks, use lsblk. The disk named sda is the target disk in my case. There is no way back after the enter button has been pressed.

# lsblk
NAME WAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 257.1M 1 loop
loop1 7:1 0 618M 1 loop |-live-rw 254:0 0 618M 0 dm /
|-live-base 254:1 0 618M 1 dm
loop2 7:2 0 32G 0 loop
|-live-rw 254:0 0 618M 0 dm /
sda 8:0 0 149.1G 0 disk
sdb 8:16 1 29G 0 disk
|-sdb1 8:17 1 345M 0 part /run/initramfs/live
|-sdb2 8:18 1 32M 0 part
# dd if=/dev/urandom of=/dev/sda
_

This process takes hours, depending on the size of your disk. It’s time to do some Yoga. You may thank me later :P

Create partitions

If you’ve had a Yoga session, you should be as fresh as your disk by now. Let’s seperate the disk into parts. I’ve planned to use three partitions:

Due to swap and / will encrypted as one partition, create one for both and split them up afterwards.

# cfdisk -z /dev/sda

You’ll be prompted to select a label type, select gpt. To be able to actually boot this system we need a small MBR partition. Create the MBR partition by selecting New, define Partition size: 1M and change the type to BIOS boot.

Select New for the second partition, define Partition size: 1G and change the type to EFI System.

Create the third partition for swap and / combined. We will seperate them in logical volume after the partition has been encrypted. Since I plan 6G Swap space and 55G for /, I select New, Partition size: 61G, Type Linux filesystem.

The third partition is basically the space appointed to use in Linux. You can decide to use up remaining space or leave Free space for later, for example dual-boot.

Double check your table and to wriite it to disk, select Write.

Are you sure you want to write the partition table to disk? _

type yes and hit enter with confidence. Select Quit to exit.

Use lsblk and notice the two parts that have been created:

sda 8:0 0 149.1G 0 disk
|-sda1 8:1 1 1M 0 part |-sda2 8:2 1 1G 0 part
|-sda3 8:3 1 61G 0 part
sdb 8:16 1 29G 0 disk
|-sdb1 8:17 1 345M 0 part /run/initramfs/live
|-sdb2 8:18 1 32M 0 part

Setup filesystem for /dev/sda2, use ext2and label it as boot:

# mkfs.ext2 -L boot /dev/sda2

Encrypt the desired partition

Setup encryption with LUKS and create the system volumes within.

# cryptsetup luksFormat /dev/sda3
WARNING!
========
This will overwrite data on /dev/sda3 irrevocably.
Are you sure? (Type uppercase yes) YES
Enter passphrase for /dev/sda2:
Verify passphrase:

Decrypt sda3 and name the drive to void, voidlinux or hunnybunny.

# cryptsetup luksOpen /dev/sda3 hunnybunny
Enter passphrase for /dev/sda3:

Create a volume group within.

# vgcreate voidlinux /dev/mapper/hunnybunny
Physical volume "/dev/mapper/hunnybunny" succesfully created.
Volume group "voidlinux" successfully created.

Create a logical volume for swap and another for /

# lvcreate --name swap -L 6GB voidlinux
Logical volume "swap" created.
# lvcreate --name root -l 100%free voidlinux
Logical volume "root" created.

Give / a filesystem, i chose btrfs:

# mkfs.btrfs -L root /dev/voidlnux/root
...
Devices: ID SIZE PATH 1 55.00GiB /dev/voidlinux/root

Mount the filesystem to prepare for chroot

Almost ready for installation. We need to mount the partitions so they become accessable.

# mount /dev/voidlinux/root /mnt
# mkdir /mnt/boot
# mount /dev/sda1 /mnt/boot
# mkswap /dev/voidlinux/swap
Setting up swapspace version 1, size = 6 GiB (6442446848 bytes)
no label. UUID=hunny-bunny-swap-hunny-bunny-swap

Double check mountpoints

Make sure you work with correct mountpoints. In my case the output of lsblk should be:

sda 8:0 0 149.1G 0 disk
|-sda1 8:1 0 1M 0 part [MBR] |-sda2 8:2 0 1G 0 part /mnt/boot |-sda3 8:3 0 61G 0 part |-hunnybunny 254:2 0 61G 0 crypt |-voidlinux-swap 254:3 0 6G 0 lvm [SWAP] |-voidlinux-root 254:4 0 55G 0 lvm /mnt
sdb 8:16 1 29G 0 disk
|-sdb1 8:17 1 345M 0 part /run/initramfs/live
|-sdb2 8:18 1 32M 0 part

Install base system

Instruct xbps to work with the correct folders.

# for dir in dev proc sys; do >mkdir /mnt/$dir
>mount --rbind /$dir /mnt/$dir
>done
_

It’s time to install the base system and the very neccesary packages: cryptsetup,lvm2, grub. Feel free to add other packages for installation. I’ve added vim. Go for one of the two options.

Option 1: To install with current packages:

# xbps-install -Sy -R https://alpha.de.repo.voidlinux.org/current -r /mnt base-system lvm2 cryptsetup grub vim

Option 2: To install with Installation media packages:

# xbps-install -Sy -r /mnt base-system lvm2 cryptsetup grub vim

Now we can finally proceed with chroot wootwoot! It means that we can change to / and claim ownership.

# chroot /mnt /bin/bash
# chown root:root /
# chmod 755 /
# passwd root
New password:
Retype new password:
passwd: password updated successfully

Setup base system

We need to setup the base system and configure grub to succesfully boot into system hereafter.

Hostname

Set the hostname in /etc/hostname. My hostname is X61.

# echo x61 > /etc/hostname

The filesystem table

We need to add our partitions to this table fstab. If you haven’t installed vim before, you can use vi.

# vim /etc/fstab

After editing my fstab looks like this:

# See fstab(5).
#
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs defaults,nosuid,nodev 0 0
/dev/sda2 /boot ext2 defaults 0 0
/dev/voidlinux/swap swap swap defaults 0 0
/dev/voidlinux/root / btrfs defaults 0 0

Find the Universally Unique Identifier

Use this command to find the root partition / UUID and write it to grub.

# blkid |grep /dev/sda3 >> /etc/default/grub

GRUB

Configure GRUB bootoptions to appoint to /dev/sda3 as target disk for boot.

# vim /etc/default/grub

We have written the UUID to easily append rd.auto=1 cryptdevice=UUID=123a123a-123a-123a-132a123b:lvm within the double quotes to this line GRUB_CMDLINE_LINUX_DEFAULT=

Enable decryption at boot by adding GRUB_ENABLE_CRYPTODISK=y.

Thes two lines under GRUB_DISTRIBUTOR will now look like this:

...
GRUB_DISTRIBUTOR="hunnybunny"
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=4 slub_debug=P page_poison=1 rd.auto=1 cryptdevice=UUID=123a123a-123a-123a-132a123b:lvm"
GRUB_ENABLE_CRYPTODISK=y
...

Protected file key

The ThinkPad X61 doesn’t support UEFI by default. It’s a pity that we cannot use a predefined key to decrypt the system volume. We need to enter the encryption password at boot. If you have custom BIOS with UEFI enabled, proceed to make the key. Create volume.key and add it to /etc/crypttab

# dd bs=512 count=4 if=/dev/urandom of=/boot/volume.key
4+0 records in
4+0 records out
2048 bytes (2.0 kB, 2.0 KiB) copied, 0.00352824 s, 580 kB/s
# cryptsetup luksAddKey /dev/sda2 /boot/volume.key
Enter any existing passphrase:
# chmod 000 /boot/volume.key
# chmod -R g-rwx,o-rwx /boot

Add key to /etc/crypttab.

echo hunnybunny /dev/sda2/ /boot/volume.key luks >> /etc/crypttab

Add to include in bootprocess

Include the volume.key and crypttab to have it loaded toghether with kernel modules.

# cat /etc/dracut.conf.d/10-crypt.conf
install_items+=" /boot/volume.key /etc/crypttab "

Finalize the installation

The boot has been setup by now. Finalize the installation by installing Grub and reconfigure the package manager by selecting the kernel of choice.

Install Grub

# grub-install /dev/sda3
Installing for i386-pc platform.
Installation finished. No error reported.

Reconfigure package manager

# xbps-reconfigure -f linux5.2
linux5.2: configuring ...
Executing post-install kernel hook: 20-dracut ...
Executing post-install kernel hook: 50-grub ...
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-5.2.17_1
Found initrd image: /boot/initramfs-5.2.17_1.img
done
linux5.2: configured successfully.

Unplug USB-flashdrive and reboot! If everything went right, the computer will restart to boot into Void Linux. Good job!