Slackware Linux 15 with FDE on UEFI laptop
Slackware Linux was my first Linux distribution. I can’t recall if it was 1.x or 2.x. Anyway, I’ve always loved that distrib. Since Slackware 15.0 has recently been released and I’ve not been using Linux as a desktop since decades, let’s experiment with it.
I’ll install it on my ThinkPad T460s using Full Disk Encryption.
Grab the slackware64-15.0-install-dvd.iso ISO file from the nearest mirror.
Plug a USB stick in the computer and write the ISO content:
# dd if=slackware64-15.0-install-dvd.iso of=/dev/rsd2c bs=10m
Take a moment to read a few documentation.
- Slackware installation
- Beginner’s Guide
- Slackware package management
Time to reboot and select the USB stick from the BIOS/UEFI menu.
When the boot process is done, you have the opportunity to setup a
custom keyboard layout. I chose
Log in as
root. There is no password.
I have an HiDPI screen on that laptop. So let’s get a bigger font to actually see what we’re doing:
# setfont /usr/share/kbd/consolefonts/ter-732b.psf.gz
We’ll configure what’s referenced in the README as “combining luks and lvm”.
Prepare the disk
Check what disks are available:
# fdisk -l
The disk I’m looking for is
The disk had stuff on it, so let’s nuke it:
# dd if=/dev/zero of=/dev/nvme0n1 bs=10M
Check that the disk is clean:
# gdisk -l /dev/nvme0n1 (...) Partition table scan: MBR: not present BSD: not present APM: not present GPT: not present (...)
Depending on wether you run
dd on the whole disk or only a small part
of it, it may not be cleaned. In this case, wipe the disk layout:
# gdisk /dev/nvme0n1 Command (? for help): x Expert command (? for help): z About to wipe out GPT on /dev/nvme0n1. Proceed? (Y/N): Y GPT data structures destroyed! Blank out MBR? (Y/N): Y
Build the basic partitionning
Create the required partitions:
# cgdisk /dev/nvme0n1 (...) Press any key to continue...
cgdisk, the steps are:
- EFI System Partition
- Select [New].
- Hit “Enter” to accept default first sector.
- Enter “100M” as the partition size.
- Enter “ef00” as the partition Hex code.
- Enter “EFI System” as a partition name.
- Select the biggest free space part.
- Unencrypted boot partition
- Select [New].
- Hit “Enter” to accept default first sector.
- Enter “512M” as the partition size.
- Enter “8300” as the partition Hex code.
- Enter “boot” as a partition name.
- Select the biggest free space part.
- Encrypted partition
- Select [New].
- Hit “Enter” to accept default first sector.
- Hit “Enter” as the partition size.
- Hit “Enter” as the partition Hex code to set “8300”.
- Enter “luks” as a partition name.
- Select [ Write ] and confirm with “yes”.
- Select [ Quit ].
Format the EFI partition:
# mkfs.vfat -n "EFI System" /dev/nvme0n1p1
Prepare the partition for encryption:
# cryptsetup -y luksFormat /dev/nvme0n1p3
Confirm with “YES"and enter the passphrase when asked.
Prepare the encrypted partitions
Open the encrypted partition:
# cryptsetup luksOpen /dev/nvme0n1p3 luks
Enter the passphrase to unlock the disk.
Create the encrypted partitions for the OS using LVM incantations:
# pvcreate /dev/mapper/luks # vgcreate cryptvg /dev/mapper/luks # lvcreate -L 64G -n root cryptvg # lvcreate -L 32G -n swap cryptvg # lvcreate -l 100%FREE -n home cryptvg
Review the storage information
# fdisk -l /dev/nvme0n1 Disk /dev/nvme0n1: 953.87 GiB, 1024209543168 bytes, 2000409264 sectors Disk model: Sabrent Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt (...) Device Start End Sectors Size Type /dev/nvme0n1p1 2048 206847 204800 100M EFI System /dev/nvme0n1p2 206848 1255423 1048576 512M Linux filesystem /dev/nvme0n1p3 1255424 2000409230 1999153807 953.3G Linux filesystem # pvdisplay --- Physical volume --- PV Name /dev/mapper/luksnvme0n1p3 VG Name cryptvg PV Size <953.26 GiB / not usable <1.32 MiB (...) # lvdisplay --- Logical volume --- LV Path /dev/cryptvg/root LV Name root VG Name cryptvg (...) LV Size 64.00 GiB --- Logical volume --- LV Path /dev/cryptvg/swap LV Name swap VG Name cryptvg (...) LV Size 32.00 GiB --- Logical volume --- LV Path /dev/cryptvg/home LV Name home VG Name cryptvg (...) LV Size 857.25 GiB
Prepare the swap partition:
# mkswap /dev/cryptvg/swap
Follow the installation wizard
setup and answer the questions:
- (A)dd swap, selecting /dev/cryptvg/swap.
/dev/cryptvg/rootas the root (/) partition, formatting it as “ext4”.
/dev/cryptvg/home, format it (ext4) and assign it the “/home” mount point.
/dev/nvme0n1p2, format it (ext4) and assign it the “/boot” mount point.
- Select <continue>.
Note the message that says “EFI SYSTEM PARTITION RECOGNIZED”. It
/dev/sda2 has been mounted on
/boot/efi. Which means
the USB stick will be updated during installation. And that’s not what
Ctrl-Z to switch to a shell and mount the proper partition:
# umount /mnt/boot/efi # mount -t vfat /dev/nvmen0p1 /mnt/boot/efi # mkdir /tmp/usbefi # mount -t vfat /dev/sda2 /tmp/usbefi # cd /tmp/usbefi # tar cpf - . | tar xpf - -C /mnt/boot/efi/ # cd /; umount /tmp/usbefi; fg
Installation can then continue. Those were my options.
- Select the source media using “2 … USB stick”.
- Select the packages to install. I kept the default selection. And selected the “terse” prompting mode.
- (S)kip making a USB boot stick.
- (s)kip installing LILO and proceed to ELILO installation. Because this is an UEFI laptop.
- (i)install ELILO on the EFI System Partition.
- (i)nstall a boot menu entry.
- Select “YES” when asked if you want to remove the old slackware entry from the EFI boot.
- Select the imps2 Microsoft PS/2 Intellimouse configuration. I don’t care about mouse on console. So don’t run gpm at boot time.
- Configure the network. Entering a hostname, a domain, no VLAN ID.
- Select (N)etworkManager to autoconfigure network with wired & wireless interfaces.
- Select the services to run. I only added rc.ntpd to the default selection.
- I selected a custom screen font. Because the resolution is high and my eyes are old, I chose “ter-932b.psf.gz” ; 932b provides accented characters.
- Set the clock to local time.
- Select the timezone, I used Europe/Paris.
- Select the defaut editor. I went for (v)im.
- Select the defaut Window Manager. I chose XFCE.
- Set up a root password.
Now that setup is completed, select (E)xit. But don’t reboot. Select the (S)hell option to fix the bootloader. Remove the USB stick.
We need a special kernel configuration to have a French keyboard layout at boot (to enter the LUKS passphrase) and be able to hibernate using the encrypted swap:
# chroot /mnt # /usr/share/mkinitrd/mkinitrd_generator.sh -r -a "-l fr -h /dev/cryptvg/swap" # eval $(/usr/share/mkinitrd/mkinitrd_generator.sh -r -a "-l fr -h /dev/cryptvg/swap")
Reconfigure the bootloader to apply our changes:
- Select (i)nstall ELILO on the EFI System Partition.
- Select (i)nstall a boot menu entry.
- Accept to remove the old Slackware EFI boot entry.
When done, time to reboot
#exit exit #reboot
Linux boots and asks for the passphrase. It can be entered with the configured keyboard layout. When the boot process is done, log in as root to continue the adventure.
Configure sudo to be able to run high-privileged commands without logging in as root:
# visudo (...) %wheel ALL=(ALL:ALL) ALL
Create the user that we’ll use to log in:
Don’t forget to add the user to wheel when the option appears.
Configure the global french localization:
# vi /etc/profile.d/lang.sh (...) export LANG=fr_FR.UTF-8
I noticed that NTP is not setting the date & time properl. Let’s correct this:
# /etc/rc.d/rc.ntpd stop # ntpdate fr.pool.ntp.org # vi /etc/ntp.conf (...) # NTP server (list one or more) to synchronize with: server fr.pool.ntp.org iburst server fr.pool.ntp.org iburst server fr.pool.ntp.org iburst server fr.pool.ntp.org iburst # /etc/rc.d/rc.ntpd start # ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== +x.ns.gin.ntt.ne 184.108.40.206 2 u 634 1024 377 3.322 -0.409 0.299 *ip139.ip-5-196- 220.127.116.11 2 u 608 1024 377 6.897 -0.213 0.556 -ntp19.kashra-se 18.104.22.168 2 u 730 1024 353 7.651 -2.585 1.140 +time.cloudflare 10.19.12.255 3 u 84 1024 377 3.729 +0.919 0.274
To be able to mount remote NFS shares, simply enable the RPC services:
# chmod 755 /etc/rc.d/rc.rpc # /etc/rc.d/rc.rpc start
Configure X Window System
We’ll need to setup a localized keyboard layout. And also add a feature to be able to switch to US layout from time to time:
# cp /usr/share/X11/xorg.conf.d/90-keyboard-layout-evdev.conf /etc/X11/xorg.conf.d/ # vi /etc/X11/xorg.conf.d/90-keyboard-layout-evdev.conf Section "InputClass" Identifier "keyboard-all" MatchIsKeyboard "on" MatchDevicePath "/dev/input/event*" Driver "evdev" Option "XkbLayout" "fr,us" Option "XkbOptions" "terminate:ctrl_alt_bksp,grp:shifts_toggle" EndSection
I don’t want to use sddm(1) ; I’d rather use xdm(1):
echo 'exec /usr/bin/xdm -nodaemon' > /etc/rc.d/rc.4.local chmod 0755 /etc/rc.d/rc.4.local
You may want to run
startx to test if X11 works properly. But running
it as root is not great. Either switch to the normal user, test and come
back to root. Or run the test as root ; maybe using xwmconfig(1) to
configure a minimal X environment for root rather than starting KDE or
To have the login Manager starting automatically, set the default runlevel to 4:
# vi /etc/inittab (...) # Default runlevel. (Do not set to 0 or 6) id:4:initdefault:
init 4 && exit to have xdm start and the root session
terminated. Logging in with a user will start the default desktop
environment configured during installation. One can use
console or xterm to setup a different DE. This will create an
~/.xsession file that can also be customized by hand. Mine goes like
source $HOME/.bashrc export QT_AUTO_SCREEN_SCALE_FACTOR=0 QT_SCREEN_SCALE_FACTORS=1.5 exec /usr/bin/startxfce4
In XFCE, I also configure a custom DPI, set to 144, to get decent font size ; and match the 1.5 QT factor.
While in X11, wifi configuration can be done using the NetworkManager Applet.
Packages and applications
All the official Slackware packages are available from the DVD and/or the web repository. To obtain any other (unofficial) software, either find a binary package repository or compile from sources.
By default, you get pkgtools, which is the set of package management tools (installpkg, removepkg….). Those work with installed packages or locally available package archives (*.tgz *.txz). You also get slackpkg, which goes on top of pkgtools and allows install/removal/update from remote official Slackware package repositories.
Configure the package manager to use a near mirror:
# vi /etc/slackpkg/mirrors (...) https://mirrors.slackware.com/slackware/slackware64-15.0/ # slackpkg update gpg # slackpkg update
The general routine goes:
# slackpkg update # slackpkg install-new # slackpkg upgrade-all # slackpkg clean-system
slackpkg clean-system will offer you to remove old
packages but also those not known as official.
If you’d like to add some extra binary package repository while using
slackpkg, you can install slackpkg+. This utility will extend the stock
slackpkg by providing extra packages storage while maintaining the
To get, install and configure slackpkg+, simply:
# wget -O slackpkg+-1.8.0-noarch-1mt.txz \ https://sourceforge.net/projects/slackpkgplus/files/slackpkg%2B-1.8.0-noarch-1mt.txz/download # installpkg slackpkg+-1.8.0-noarch-1mt.txz (...) Executing install script for slackpkg+-1.8.0-noarch-1mt.txz. Package slackpkg+-1.8.0-noarch-1mt.txz installed. # man slackpkgplus.conf # vim /etc/slackpkg/slackpkgplus.conf (...) MIRRORPLUS['alienbob']=http://nephtys.lip6.fr/pub/linux/distributions/slackware/people/alien/sbrepos/15.0/x86_64 MIRRORPLUS['slackpkgplus']=https://slakfinder.org/slackpkg+15/ # slackpkg update gpg # slackpkg update
You can now benefits from the official and additionnal binary packages.
Install new packages
Here’s how to check if KeePassXC is available:
# slackpkg search keepassxc Looking for keepassxc in package list. Please wait... DONE The list below shows all packages with name matching "keepassxc". [unin] alienbob : keepassxc-2.6.6-x86_64-1alien You can search specific files using "slackpkg file-search file".
To install it, simply run:
# slackpkg install keepassxc
Note that using the Secret Service feature of KeePassXC requires disabling gnome-keyring ; which is started by default in XFCE session. In the autostart XFCE dialog box, look for, and disable, Polkit Authentication Agent.
When there is no available packages, you need to compile from sources. The most complicated way is to get each source code, compile it and install it. But this leaves you with a bunch of non-packages resources that may be difficult to maintain and clean.
SlackBuilds dot org
provides a bunch of
resources that will guide you through building Slackware packages, ready to
be managed by
pkgtools. You basically get a ready-to-compile archive,
read the provided documentation, get the software source and launch a
For example, to get redshift compiled and packaged:
# wget https://slackbuilds.org/slackbuilds/14.2/desktop/redshift.tar.gz # wget https://slackbuilds.org/slackbuilds/14.2/desktop/redshift.tar.gz.asc # gpg --verify redshift.tar.gz # tar xzf redshift.tar.gz # cd redshift # grep DOWNLOAD redshift.info DOWNLOAD="https://github.com/jonls/redshift/releases/download/v1.12/redshift-1.12.tar.xz" DOWNLOAD_x86_64="" # wget https://github.com/jonls/redshift/releases/download/v1.12/redshift-1.12.tar.xz # less README # ./redshift.SlackBuild (...) Slackware package /tmp/redshift-1.12-x86_64-2_SBo.tgz created. # installpkg /tmp/redshift-1.12-x86_64-2_SBo.tgz
In reality, there may be dependencies that need to be compiled before redshift can be. The information is described in the redshift.info file. And the process is recursive. To be able to compile and run redshift from a stock Slackware installation, you would have to run the previous process for the following software :
Note that the whole process has to be done as root.
To automate the building process described above, one can use sbotools . This provides a set of tools to search for, compile and install packages automatically based on the SlackBuils.org repository.
# wget http://slackbuilds.org/slackbuilds/14.2/system/sbotools.tar.gz # tar xzf sbotools.tar.gz # cd sbotools # grep DOWNLOAD sbotools.info DOWNLOAD="https://pink-mist.github.io/sbotools/downloads/sbotools-2.7.tar.gz" DOWNLOAD_x86_64="" # wget https://pink-mist.github.io/sbotools/downloads/sbotools-2.7.tar.gz # ./sbotools.SlackBuild (...) Slackware package /tmp/sbotools-2.7-noarch-1_SBo.tgz created. # installpkg /tmp/sbotools-2.7-noarch-1_SBo.tgz (...) Package sbotools-2.7-noarch-1_SBo.tgz installed.
Start with fetching the repository:
# sbosnap fetch (...) # ls /usr/sbo/repo/ ChangeLog.txt audio/ gis/ misc/ python/ README business/ graphics/ multimedia/ ruby/ SLACKBUILDS.TXT desktop/ ham/ network/ system/ academic/ development/ haskell/ office/ thirdparty/ accessibility/ games/ libraries/ perl/
Then, regularly update the repository:
# sbocheck Updating SlackBuilds tree... Updating files: 100% (27631/27631), done. (...) A copy of the above result is kept in /var/log/sbocheck.log
To install redshift, we would run:
# sbofind redshift SBo: redshift 1.12 Path: /usr/sbo/repo/desktop/redshift # sboinstall redshift (...) Proceed with geoclue2? [y] y geoclue2 added to install queue. (...) Proceed with redshift? [y] y redshift added to install queue. Install queue: geoclue2 redshift Are you sure you wish to continue? [y] y (...) Slackware package /tmp/redshift-1.12-x86_64-2_SBo.tgz created. (...) Installing package redshift-1.12-x86_64-2_SBo.tgz: (...) Executing install script for redshift-1.12-x86_64-2_SBo.tgz. Package redshift-1.12-x86_64-2_SBo.tgz installed. Cleaning for redshift-1.12...
All packages are left in
/tmp and may be saved to apply later on.
What’s really great is that Slackware is still Slackware. Even after 27 years. The installation process and wizard looks the same. The way of doing things is still the same. It has no systemd and it still ships with BSD-style and System V compatible init scripts.
The UEFI + LUKS stuff is not straight-forward but reading the proper documentation makes it not that hard. AND you learn about the boot process of x86_64.
Everything works out of the box. No real tweaking is required. And the distribution comes with a whole set of decent software. On a server configuration, I would probably only install A, AP and N packages. Then add some more things manually with slackpkg.
The only thing that does not really suit me is the need to compile the extra-packages. I’ve stopped compiling stuff a long time ago and only do it when I have no other choice. I’d rather use binary packages when it’s possible.
To me, Slackware is a great distribution. It’s clean and easy to use. And it’s well designed to learn about the ?N*X world. Great job Pat and the Slackware crew!