Lo primero que necesitamos para instalar nuestro Gentoo es un entorno live-cd con UEFI vars habilitado.

Para asegurarnos de que arrancamos en modo UEFI, ejecutando:

efivar -l

Si el comando enumera las variables UEFI, estamos listos para ir 🏁

parted -l

Model: WDC PC SN530 SDBPMPZ-512G-1101 (nvme)
Disk /dev/nvme0n1: 512GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:

parted /dev/nvme0n1 mklabel gpt 

parted -a opt /dev/nvme0n1 mkpart ESP fat32 1MB 512MB

parted /dev/nvme0n1 set 1 esp on

parted -a opt /dev/nvme0n1 mkpart primary  512MB 100%

parted /dev/nvme0n1 set 2 lvm on

parted -l

Number  Start   End    Size   File system  Name     Flags
 1      1049kB  512MB  511MB  fat32        ESP      boot, esp
 2      512MB   512GB  512GB               primary  lvm

Lo bueno de los volúmenes lógicos es que puedes modificarlos en cualquier momento. En este ejemplo, voy a crear los volúmenes lógicos, uno para:

• root
• home
• var
• var/tmp
• opt
• tmp
• swap

NOTA:

Pero siéntete libre de crear tantos como quieras.

Además, usaré el nombre vg para identificar este grupo de volúmenes. Este es un nombre trivial, así que de nuevo, se creativo :D

pvcreate /dev/nvme0n1p2
vgcreate vg /dev/nvme0n1p2

vgs

VG  #PV #LV #SN Attr   VSize    VFree   
vg   1   0   0 wz--n- <476.45g <476.45g

Si lo que ves tiene sentido, vamos a crear los volúmenes:

lvcreate --size 20G vg --name root
lvcreate --size 4G vg --name var
lvcreate --size 10G vg --name var_tmp
lvcreate --size 1G vg --name opt
lvcreate --size 2G vg --name tmp
lvcreate --size 2G vg --name swap
lvcreate --size 100G vg --name home

Para volver a comprobar lo que hemos hecho, ejecuta:

lvs

Deberías ver algo como:

    LV      VG  Attr       LSize   Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  home    vg -wi-a----- 100.00g                                                    
  opt     vg -wi-a-----   1.00g                                                    
  root    vg -wi-a-----  20.00g                                                    
  swap    vg -wi-a-----   2.00g                                                    
  tmp     vg -wi-a-----   2.00g                                                    
  var     vg -wi-a-----   4.00g                                                    
  var_tmp vg -wi-a-----  10.00g

Lo bueno de Linux es que tenemos un montón de sistemas de archivos que podemos usar, pero esto también es lo malo 😅 "qué elegir" y "cuándo" es muy probable que te venga a la cabeza en algún momento.

Puedes leer todo lo que quieras aquí, pero lo haremos fácil. Usaremos ext4, el sistema de archivos por defecto de muchas distribuciones de Linux.

Vamos a crear nuestros volúmenes principales de sistemas de ficheros, uno FAT32 para UEFI (:fearful: sí, lo sé, pero así es como funciona UEFI), y luego nuestros principales sistemas de ficheros ext4. Si has creado más volúmenes, recuerda crear un sistema de ficheros para todos ellos:

mkfs.vfat -F32 /dev/nvme0n1p1
mkfs.ext4 -F /dev/mapper/vg-root
mkfs.ext4 -F /dev/mapper/vg-home
mkfs.ext4 -F /dev/mapper/vg-opt
mkfs.ext4 -F /dev/mapper/vg-tmp
mkfs.ext4 -F /dev/mapper/vg-var
mkfs.ext4 -F /dev/mapper/vg-var_tmp
mkswap /dev/vg/swap

mkdir -p /mnt/gentoo
mount /dev/mapper/vg-root /mnt/gentoo
mkdir -p  /mnt/gentoo/{home,opt,tmp,var}
mount /dev/mapper/vg-home /mnt/gentoo/home
mount /dev/mapper/vg-opt /mnt/gentoo/opt
mount /dev/mapper/vg-tmp /mnt/gentoo/tmp
mount /dev/mapper/vg-var /mnt/gentoo/var
mkdir /mnt/gentoo/var/tmp
mount /dev/mapper/vg-var_tmp /mnt/gentoo/var/tmp
swapon /dev/vg/swap

NOTA:

• Si /tmp/ y /var/tmp necesita residir en una partición separada, asegúrate de cambiar sus permisos después de montarlo:

  chmod 1777 /mnt/gentoo/tmp
  chmod 1777 /mnt/gentoo/var/tmp
  

date

Seleccione la zona horaria:

tzselect

A continuación, utiliza NTP para sincronizar la hora y la fecha:

chronyd -q

Primero descargamos el tarball:

cd /mnt
wget -c https://distfiles.gentoo.org/releases/amd64/autobuilds/20240229T194908Z/stage3-amd64-systemd-mergedusr-20240229T194908Z.tar.xz

tar xpvf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner

nano -w /mnt/gentoo/etc/portage/make.conf

COMMON_FLAGS="-march=native -O2 -pipe"
CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
FCFLAGS="${COMMON_FLAGS}"
FFLAGS="${COMMON_FLAGS}"

Ahora vamos a configurar MAKEOPTS. MAKEOPTS describe el número de trabajos paralelos utilizados por Portage.

Siempre ha habido alguna discusión sobre qué establecer aquí, pero yo voy a seguir lo que recomienda la wiki de Gentoo, que es: menos o igual al mínimo del tamaño de RAM/2GB o del número de hilos de la CPU.

Utilizaremos el número de hilos de la CPU en ejecución:

lscpu | awk '/^CPU\(s\):/ {print $2}'

Además, para mantener la capacidad de respuesta del sistema al compilar, el sistema de compilación permite limitar la carga máxima de compilación con el parámetro --load-average.

Con todo lo que hemos dicho en esta sección, vamos a editar el archivo make.conf de nuevo:

nano /mnt/gentoo/etc/portage/make.conf

And this time, we set MAKEOPTS:

MAKEOPTS="-j6 -l6"

Copie la información DNS de su entorno live-cd de trabajo en el nuevo sistema para asegurarse de que podremos resolver los nombres de dominio una vez que cambiemos a él:

cp --dereference /etc/resolv.conf /mnt/gentoo/etc/

mount --types proc /proc /mnt/gentoo/proc
mount --rbind /sys /mnt/gentoo/sys
mount --make-rslave /mnt/gentoo/sys
mount --rbind /dev /mnt/gentoo/dev
mount --make-rslave /mnt/gentoo/dev
mount --bind /run /mnt/gentoo/run
mount --make-slave /mnt/gentoo/run

mirrorselect -s3 -b10 -D >> /mnt/gentoo/etc/portage/make.conf

mkdir -p /mnt/gentoo/etc/portage/repos.conf
cp /mnt/gentoo/usr/share/portage/config/repos.conf /mnt/gentoo/etc/portage/repos.conf/gentoo.conf

Chroot en el nuevo entorno:

chroot /mnt/gentoo /bin/bash

source /etc/profile
export PS1="(chroot) $PS1"

mkdir /efi
mount /dev/nvme0n1p1 /efi

Además del sistema de ficheros LVM que creamos en nuestro disco local, durante el arranque del sistema se crean otros pseudo-sistemas de ficheros necesarios para hacer chroot en nuestro nuevo entorno:

⚠️ Si está configurando un entorno sin SystemD, puede omitir las líneas --make-rslave

¡¡¡Genial!!! Estamos dentro de nuestro sistema Gentoo 🎉 Por desgracia, todavía necesita un poco más de tiempo de cocción 🍰.

Por favor, respiren hondo y sigamos rodando.

A continuación, actualice la instantánea con la última versión del repositorio:

emerge-webrsync -v
emerge --sync -v

Un perfil Portage especifica valores por defecto para banderas USE globales y por paquete, especifica valores por defecto para la mayoría de las variables que se encuentran en /etc/portage/make.conf, y define un conjunto de paquetes del sistema. Los desarrolladores de Gentoo mantienen los perfiles como parte del árbol Portage.

Enumera los perfiles disponibles:

eselect profile list | grep stable | grep systemd

De la lista de salida, debemos seleccionar nuestra mejor opción de ajuste. Como el sistema que estamos construyendo está basado en SystemD, el mejor perfil que podemos elegir es systemd. Por supuesto, podemos elegir cualquier otro que tenga systemd, como default/linux/amd64/17.0/desktop/gnome/systemd, pero queremos que se configure un entorno mínimo.

From the output list, we must select our best fitting option. Because the system we're building is based on SystemD, the best profile we can choose is the systemd. Of course, we can choose any other that has systemd in it, like default/linux/amd64/17.0/desktop/gnome/systemd, but we want a minimal environment to be configured.

[..]
 [17]  default/linux/amd64/17.1/systemd/merged-usr (stable) *
[..]

Este debería ser el perfil seleccionado por defecto, como podemos ver por el * al final. Pero si no es así, asegúrese de elegirlo con eselect:

eselect profile set 17 # o el número que tiene en su lista

Como hemos dicho, las banderas USE flags son una característica central de Gentoo. Por lo tanto, una buena comprensión de cómo tratar con ellos es necesaria para tener un sistema Gentoo personalizado y saludable.

As we said, are a core feature of Gentoo. Therefore, a good understanding of how to deal with them is needed to have a customized and healthy Gentoo system.

Las variables USE pueden definirse para todo el sistema o por dominio de paquete. Puede obtener más información aquí:

• Todo el sistema en /etc/portage/make.conf
• Por envase en /etc/portage/package.use

Podemos ver la lista de banderas USE que están configuradas en nuestro sistema ejecutando:

emerge --info | grep ^USE

No te asustes por la lista. Lo más probable es que la aumentes cuando acabemos con esta sección.

Podemos encontrar una descripción de todas las banderas USE en less /var/db/repos/gentoo/profiles/use.desc.

Además, la utilidad llamada quse del paquete portage-utils puede decirnos qué paquete utiliza qué banderas USE.

For example, if you want to know which packages use the systemd flag we simply need to run:

quse systemd

Por ejemplo, si queremos saber qué paquetes utilizan la bandera systemd sólo tenemos que ejecutar:

Hemos dicho que vamos a utilizar una herramienta llamada ufed que nos ayudará a establecer las banderas USE que queramos en cualquier dominio..

emerge -aqv app-portage/eix app-portage/ufed

Y luego, ejecútalo para seleccionar las banderas USE con una 😄 interfaz de usuario 😄 Este paso te llevará algo de tiempo, así que ¡coge una 🍵 o :coffee y hagámoslo!

ufed

USE flags that are available for our system. We could use the advantages of some CPU instruction sets using what are called CPU flags. You can read more on the Gentoo wiki page.

To know what optimizations we can use for our CPU, we're going to use a tool called cpuid2cpuflags:

emerge -q app-portage/cpuid2cpuflags

And then run it to get those values:

cpuid2cpuflags

You should see an output like:

CPU_FLAGS_X86: aes avx avx2 avx512_bitalg avx512_vbmi2 avx512_vnni avx512_vp2intersect avx512_vpopcntdq avx512bw avx512cd avx512dq avx512f avx512ifma avx512vbmi avx512vl f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 ssse3 vpclmulqdq

echo "*/* $(cpuid2cpuflags)" > /etc/portage/package.use/00cpu-flags

After setting up the USE and CPU flags, we're ready to re-compile and update all packages that we have installed in our base system before moving forward:

nano  /etc/portage/make.conf

VIDEO_CARDS="intel" ACCEPT_LICENSE="*"

emerge -aq --verbose --update --deep --newuse @world

### Timezone

Set our time zone. We can use the tool `tzselect` to interactively select our country, and it will tell us what the value of `/etc/timezone` file should be.

```shell
tzselect

Take the last line from the output and add it to the timezone file like:

ln -sf ../usr/share/zoneinfo/America/Caracas /etc/localtime

nano -w /etc/locale.gen

es_VE ISO-8859-1
es_VE.UTF-8 UTF-8
en_US ISO-8859-1
en_US.UTF-8 UTF-8

locale-gen

eselect locale list

 eselect locale set 9

nano /etc/env.d/02locale

LANG="es_VE.utf8"
LC_COLLATE="C.UTF-8"

env-update && source /etc/profile && export PS1="(chroot) ${PS1}"

echo ">=sys-kernel/installkernel dracut" > /etc/portage/package.use/installkernel

emerge -q  sys-kernel/gentoo-kernel-bin

echo "sys-apps/systemd boot" > /etc/portage/package.use/systemd

echo "sys-kernel/installkernel dracut grub" > /etc/portage/package.use/installkernel

emerge -aqv sys-apps/systemd

nano etc/fstab

/dev/nvme0n1p1          /efi            vfat    umask=0077              0 2
/dev/mapper/vg-root     /               ext4    defaults,noatime        0 1
/dev/mapper/vg-home     /home           ext4    defaults,noatime        0 1
/dev/mapper/vg-opt      /opt            ext4    defaults,noatime        0 1
/dev/mapper/vg-tmp      /tmp            ext4    defaults,noatime        0 1
/dev/mapper/vg-var      /var            ext4    defaults,noatime        0 1
/dev/mapper/vg-var_tmp  /var/log        ext4    defaults,noatime        0 1
/dev/mapper/vg-swap     none            swap    sw                      0 0

mount -a

echo le > /etc/hostname

echo ">=net-wireless/wpa_supplicant-2.10-r3 dbus" > /etc/portage/package.use/wpa_supplicant

emerge -aqv net-misc/networkmanager

systemctl enable NetworkManager

passwd

systemd-machine-id-setup

systemd-firstboot --prompt

systemctl preset-all --preset-mode=enable-only

systemctl preset-all

Systemd incluye un registrador integrado llamado servicio systemd-journald. El servicio systemd-journald es capaz de manejar la mayor parte de la funcionalidad de registro descrita en la sección anterior del registrador del sistema. Es decir, la mayoría de las instalaciones que ejecutarán systemd como gestor de sistemas y servicios pueden omitir con seguridad la adición de utilidades syslog adicionales.

Vea man journalctl para más detalles sobre el uso de journalctl para consultar y revisar los registros del sistema.

Por varias razones, como en el caso de reenviar los registros a un host central, puede ser importante incluir mecanismos redundantes de registro del sistema en un sistema basado en systemd. Esta es una ocurrencia irregular para la audiencia típica del manual y se considera un caso de uso avanzado. Por lo tanto, no está cubierto por el manual.

Los temporizadores de systemd pueden ejecutarse a nivel de sistema o a nivel de usuario e incluyen la misma funcionalidad que un demonio cron tradicional. A menos que se necesiten capacidades redundantes, instalar un programador de tareas adicional como un demonio cron es generalmente innecesario y puede omitirse con seguridad.

emerge -q sys-apps/mlocate

systemctl enable sshd

emerge -q app-shells/bash-completion

emerge -q net-misc/chrony systemctl enable chronyd.service

emerge -q sys-fs/e2fsprogs sys-fs/dosfstools sys-block/io-scheduler-udev-rules

echo 'GRUB_PLATFORMS="efi-64"' >> /etc/portage/make.conf

emerge -q sys-boot/grub

emerge -q sys-fs/lvm2

systemctl enable lvm2-monitor.service

nano /etc/default/grub

GRUB_CMDLINE_LINUX="dolvm"

grub-install --efi-directory=/efi

grub-mkconfig -o /boot/grub/grub.cfg

useradd -m -G users,wheel,audio -s /bin/bash freddy passpasswd freddy

emerge -q sudo

nano /etc/sudoers

%wheel ALL=(ALL:ALL) ALL

```shell
emerge --ask sys-apps/pciutils
```

2. Configure the kernel by running make menuconfig inside /usr/src/linux:

   cd /usr/src/linux
   make menuconfig

3. After the required options are activated either as a module or part of the kernel binary, compile the kernel and the modules, and install them by:

   make && make modules_install
   make install

4. Install sys-kernel/dracut. This package will help you create an initrmfs (Init Ram Filesystem) with the required tools to make the kernel bootable:

   emerge --ask sys-kernel/dracut

5. Run dracut to generate an initramfs for our kernel version:

   dracut --kver=5.15.59-gentoo

For those who prefer a more pleasant initial experience, I'll explain how to use genkernel.

What genkernel really does is configure a generic kernel that works with most of the hardware. Like the LiveCD that we're using does.

1. Install genkernel:

   emerge --ask sys-kernel/genkernel

2. Genkernel needs the /boot entry in the /etc/fstab file. So go to the fstab section now and continue with point 2 when you're done.

3. Edit /etc/genkernel.conf:

   nano -w /etc/genkernel.conf

   Ensure that LVM and LUKS are set to yes; otherwise, the system will not boot. Leave the rest of the options as they are:

   # Add LVM support
   LVM="yes"
   
   # Add LUKS support
   LUKS="yes"

4. Once genkernel is configured, then run to generate the kernel binary:

   genkernel all

If we need to auto-load a kernel module each time to system boots, we should specify it in /etc/conf.d/modules file.

You can list your available modules with:

find /lib/modules/<kernel version>/ -type f -iname '*.o' -or -iname '*.ko' | less

Install lvm2 tools if it is not yet installed:

emerge --ask sys-fs/lvm2

Then edit the package configurations:

nano -w /etc/lvm/lvm.conf

use_lvmetad = 1
issue_discards = 1
volume_list = ["vg"] # Our VG volume name, check with vgdisplay

Before editing fstab we need to know which UUID are using our devices inside and outside lvm and luks volumes:

blkid /dev/mapper/vg-root | awk '{print $2}' | sed 's/"//g'
UUID="576e229c-cf68-4010-8d85-ff8149158416"
blkid /dev/mapper/vg-home | awk '{print $2}' | sed 's/"//g'
UUID="95fa5807-ea57-4cf5-b717-74f4aba190e2"

Then edit /etc/fstab:

nano -w /etc/fstab

/dev/sda1                                       /boot   vfat    noatime                                         1 2
UUID="576e229c-cf68-4010-8d85-ff8149158416"     /       ext4    discard,noatime,commit=600,errors=remount-ro    0 1
UUID="95fa5807-ea57-4cf5-b717-74f4aba190e2"     /home   ext4    discard,noatime,commit=600                      0 0
tmpfs                                           /var/tmp tmpfs  nodev,nosuid                    0 0
tmpfs                                           /tmp    tmpfs   nodev,nosuid                    0 0

Warning!!! As we don't have encrypted partitions other than root, which the systemd must mount before the whole system start, we don't need to set it up there, so our crypttab must be empty.

In the past, some utilities wrote information (like mount options) into /etc/mtab; thus, it was supposed to be a regular file. Nowadays all software is supposed to avoid this problem. Still, before switching the file to become a symbolic link to /proc/self/mounts.

To create the symlink, run:

ln -sf /proc/self/mounts /etc/mtab

Systemd-boot is a simple UEFI boot manager which executes configured EFI images. The default entry is selected by an on-screen menu.

It is simple to configure, but can only start EFI executables, such as the Linux kernel EFISTUB, UEFI Shell, GRUB, and go on.

Before installing the EFI binaries we need to check if EFI variables are accessible:

emerge --ask sys-libs/efivar
efivar -l

Verify that you have mounted /boot:

mount | grep boot

Once got it mounted then install the systemd-boot binaries:

bootctl --path=/boot install

This command will copy the systemd-boot binary to your EFI System Partition ($esp/EFI/systemd/systemd-bootx64.efi and $esp/EFI/Boot/BOOTX64.EFI - both of which are identical - on x64 systems) and add systemd-boot itself as the default EFI application (default boot entry) loaded by the EFI Boot Manager.

Every time there's a new version of the systemd you should copy the new binaries to that System Partition by running:

bootctl --path=/boot update

Add one entry into bootloader with this options:

nano -w /boot/loader/entries/gentoo.conf

title    Gentoo Linux
efi      /kernel-genkernel-x86_64-4.4.6-gentoo
options  initrd=/initramfs-genkernel-x86_64-4.4.6-gentoo crypt_root=/dev/sda2 root=/dev/mapper/vg-root root_trim=yes init=/usr/lib/systemd/systemd ro dolvm

Edit default loader:

nano -w /boot/loader/loader.conf

default gentoo
timeout 3

Efibootmgr is not a bootloader itself it's a tool that interacts with the EFI firmware of the system, which itself is acting as a boot loader. With the efibootmgr application, boot entries can be created, reshuffled and updated.

First we need to install the package:

emerge --ask sys-boot/efibootmgr

To list the current boot entries:

efibootmgr -v

BootCurrent: 0003
Timeout: 1 seconds
BootOrder: 0003
Boot0000* Linux Boot Manager  HD(1,GPT,3eb8effe-8e1d-4670-987c-9b49b5f605b2,0x800,0x1ff801)/File(\EFI\systemd\systemd-bootx64.efi)
Boot0001* gentoo  HD(1,GPT,02f231b8-8f9a-471c-b3a9-dc7edb1bd70e,0x800,0xee000)/File(\EFI\gentoo\grubx64.efi)
Boot0003* Gentoo Linux  PciRoot(0x0)/Pci(0x1f,0x2)/Sata(2,32768,0)/HD(1,GPT,73f682fe-e07b-4870-be82-d85077f8aaa2,0x800,0x100000)/File(\EFI\systemd\systemd-bootx64.efi)

I'm only Gentoo in my system so I don't really need anything but the Gentoo entry so I just delete everything with:

efibootmgr -b <entry_id> -B

Once everything is delete we can add our new systemd-boot loader entry:

efibootmgr -c -d /dev/sda -p 2 -L "Gentoo" -l "\efi\boot\bootx64.efi"

Perfect, we're almost ready to reboot.

systemctl enable lvm2-lvmetad.service

While in chroot we need to change the root password of our new system just before rebooting it.

passwd

Don't worry you don't need to cross your fingers, everything should goes fine 😏

exit # To exit from chroot
sync # To sync filesystems
reboot

When booted using systemd, a tool called hostnamectl exists for editing /etc/hostname and /etc/machine-info. So we don't need to edit the file manually simlpy run:

hostnamectl set-hostname <hostname>

Let's plug our new Gentoo system to the world!! 🌍

We can choose between two options, to use systemd as network manager or standalone one, I prefer networkmanager but here are the two options:

systemd-networkd is useful for simple configuration of wired network interfaces. As it's disabled by default we need to configure it by creating a *.network file under /etc/systemd/network.

Here is an example for a simple ethernet DHCP configuration:

nano -w /etc/systemd/network/50-dhcp.network

[Match]
Name=en*
[Network]
DHCP=yes

And then tell systemd to manage and start that service:

systemctl enable systemd-networkd.service
systemctl start systemd-networkd.service

Often NetworkManager is used to configure network settings. I personally use nmtui because it's easy and has a ncurses client. Just install it:

emerge --ask networkmanager

And now simply run the following command and follow a guided configuration process through nmtui:

nmtui

Yes, you're right, we set the locales before but once booted with systemd, the tool localectl is used to set locale and console or X11 keymaps. So, let's set it again to be sure that everything goes fine.

To change the system locale, run the following command:

localectl set-locale LANG=en_US.utf8

Change the virtual console keymap:

localectl set-keymap es

And finally, to set the X11 layout:

localectl set-x11-keymap es

Time and date can be set using the timedatectl utility. That will also allow users to set up synchronization without needing to rely on net-misc/ntp or other providers than systemd's own implementation.

To set the local time of the system clock directly:

timedatectl set-time "yyyy-MM-dd hh:mm:ss"

To set time zone:

timedatectl list-timezones
timedatectl set-timezone Europe/Madrid

Set systemd-timesyncd as a simple SNTP daemon. Systemd-timesyncd that only implements a client side, focusing only on querying time from one remote server. It should be more than appropriate for most installations.

timedatectl set-ntp true

To check the status of the daemon:

timedatectl status

When starting, systemd-timesyncd will read the configuration file from /etc/systemd/timesyncd.conf. To add time servers or change the provided ones, uncomment the relevant line and list their host name or IP separated by a space. I'm using the NTP pool project for the main servers and the default Gentoo as fallback:

nano -w /etc/systemd/timesyncd.conf

[Time]
NTP=0.europe.pool.ntp.org 1.europe.pool.ntp.org 2.europe.pool.ntp.org 3.europe.pool.ntp.org
FallbackNTP=0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org

In order to index the file system to provide faster file location capabilities we will install sys-apps/mlocate:

emerge --ask sys-apps/mlocate

To keep databse update we need to run updatedb often.

Additional to the tools for managing ext2, ext3, or ext4 filesystems (sys-fs/e2fsprogs) which are already installed as a part of the @system set I like to install other filesystem utilities like VFAT, XFS, NTFS and so on:

emerge --ask sys-fs/xfsprogs sys-fs/exfat-utils sys-fs/dosfstools sys-fs/ntfs3g

Until now we have done everything as root but working as root on a Unix/Linux system is dangerous and should be avoided as much as possible. Therefore it is strongly recommended to add a user for day-to-day use.

The groups the user is member of define what activities the user can perform. The following table lists a number of important groups:

Once you selected which groups would you like to add simply run:

useradd -m -G users,wheel,audio,video,audio,usb -s /bin/bash <username>

To set the user password run:

passwd <username>

Sudo is a way that a regular user could run commands as root user. It's very useful to avoid using root password each time we need to run a command which needs root perms. To install run:

emerge --ask app-admin/sudo

Then edit config file with command:

visudo

There's lot of examples inside the config file so we should not have any problem to set it up.

With the Gentoo installation finished and the system rebooted, if everything has gone well, we can now remove the downloaded stage3 tarball from the hard disk. Remember that they were downloaded to the / directory.

rm /stage3-*.tar.bz2*

emerge --ask sys-power/powertop

The first step we need to do is to calibrate it, it's quite long process but the most important is to keep our system until the whole process is finished.

powertop --calibrate

To apply automatically optimal settings at boot we need to create a new Systemd unit:

nano -w /etc/systemd/system/powertop.service

[Unit]
Description=Powertop tunings

[Service]
Type=oneshot
ExecStart=/usr/sbin/powertop --auto-tune

[Install]
WantedBy=multi-user.target

Enable at each boot:

systemctl enable powertop.service

Prior to install xorg we will configure our video card, mine is Intel Generation 6 so we need to add this line into make.conf:

nano -w /etc/portage/make.conf

VIDEO_CARDS="intel i965"

Before installing xorg we need to configure it again by adding custom graphic card information:

nano -w /etc/X11/xorg.conf.d/20-intel.conf

Section "Device"
   Identifier  "Intel Graphics"
   Driver      "intel"
  Option      "AccelMethod"  "sna"
  Option      "DRI"          "3"
  Option      "Backlight"    "intel_backlight"
EndSection

We need to do the same with the input devices. I'm using a laptop so check if you need to add joystick, mouse, keyboard, ... 😉

nano -w /etc/portage/make.conf

INPUT_DEVICES="evdev synaptics

At the time to write this guide wayland is available but I'ld like to use bspwm which only support xorg so I'll continue with xorg server installation and configuration:

emerge --ask xorg-server

emerge --ask app-admin/ccze app-arch/unp app-editors/vim app-eselect/eselect-awk app-misc/screen app-shells/gentoo-zsh-completions app-shells/gentoo-zsh-completions app-vim/colorschemes app-vim/eselect-syntax app-vim/genutils app-vim/ntp-syntax media-gfx/feh sys-process/htop x11-terms/rxvt-unicode

We're running portage with modified scheduling priority, to not impact whole system performance during compilation.

echo 'PORTAGE_NICENESS="15"' >> /etc/portage/make.conf

Branch defines if portage use stable or testing packages. Every package in the portage tree has it stable and testing version. The ACCEPT_KEYWORDS variable defines what software branch to use on the system. It defaults to the stable software branch for the system's architecture, for instance amd64.

I recommend to stick with the stable branch. However, if stability is not that much important for you and/or want to help out Gentoo by submitting bug reports to https://bugs.gentoo.org, then the testing is your way.

There are two ways to approach the testing branch for packages:

1. System wide setting: to make or system set to testing branch.

nano -w /etc/portage/make.conf

ACCEPT_KEYWORDS="~amd64"

2. Per package setting: we can set testing branch only for particular packages (This is and example, set whatever you want).

nano -w /etc/portage/package.accept_keywords

sys-kernel/gentoo-sources
sys-power/powertop
app-admin/pass

Masking a package the way where Gentoo Developers block a package version from being auto installed. The reason why that package is masked is mentioned in the package.mask file (situated in /usr/portage/profiles/ by default). But if we still wants to use this package, then add the desired version (usually this will be the exact same line from the package.mask file in the profile) to the /etc/portage/package.unmask file (or in a file in that directory if it is a directory).

nano -w /etc/portage/package.unmask

>=app-emulation/docker-compose-1.5.2
>=app-emulation/docker-swarm-1.1.3
>=app-emulation/docker-1.7.1

It is also possible to ask Portage not to take a certain package or a specific version of a package into account. To do so, mask the package by adding an appropriate line to the /etc/portage/package.mask location (either in that file or in a file in this directory).

nano -w /etc/portage/package.mask

=sys-kernel/gentoo-sources-4.5.0

Overlays contain additional packages for your Gentoo system while the main repository contains all the software packages maintained by Gentoo developers, additional package trees are usually hosted by repositories. Users can add such additional repositories to the tree that are "laid over" the main tree - hence the name, overlays.

emerge --ask app-portage/layman

To list all available overlays simply run:

layman -L

To install an overlay run:

layman -a <overlay_name>

To keep your installed overlays up to date, run:

layman -S

If we want to maintain a custom set of ebuilds we just only need to create a local overlay doing these few steps:

mkdir -p /usr/local/portage/{metadata,profiles}
echo '<overlay_name>' > /usr/local/portage/profiles/repo_name
echo 'masters = gentoo' > /usr/local/portage/metadata/layout.conf
chown -R portage:portage /usr/local/portage

Next, tell portage about the overlay:

mkdir -p /etc/portage/repos.conf

nano -w /etc/portage/repos.conf/local.conf

[<overlay_name>]
location = /usr/local/portage
auto-sync = no

Virtualization is widely use nowadays. Everybody wants to test some environments, apps, or simply have a virtualized machine with other operating systems. In order to do that we should use any virtualization platform available for desktop use such as virtualbox, kvm/qemu, xen or vmware. Among all these options I choose kvm/qemu because its performance and simplicity. So here we are!

First we need to check if our hardware support virtualization:

grep --color -E "vmx|svm" /proc/cpuinfo

We could also check if kvm device is available in our /dev directory:

ls /dev/kvm

If both are available we can continue installing kvm, otherwise you shouldn't use virtualization on your machine.

Before continue building kvm with should check if we have some kernel options enabled as module or build-in.

[*] Virtualization  --->
    <*>   Kernel-based Virtual Machine (KVM) support
    <*>   KVM for Intel processors support <-- if we use Intel cpu, otherwise disable it
    <*>   KVM for AMD processors support <-- if we use AMD cpu, otherwise disable it
    <*>   Host kernel accelerator for virtio net
Device Drivers  --->
   [*] Network device support  --->
      [*]   Network core driver support
      <*>   Universal TUN/TAP device driver support
   [*] Networking support  --->
      Networking options  --->
         <*> The IPv6 protocol
         <*> 802.1d Ethernet Bridging
   File systems  --->
      <*> The Extended 4 (ext4) filesystem
      [*]   Ext4 Security Labels

Once we have kernel compiled and running with new options we can continue by installing package:

emerge --askv app-emulation/qemu

In order to run kvm as normal user and not as root we should add our user account to the kvm group:

gpasswd -a <username> kvm

Finally, to be sure that libvirt daemon is running all the time we should enable with systemd:

systemctl enable libvirtd.service

What is Prelink and how can it help me? I'm sure that most of you are asking this question right now well, most applications we have installed in our system use shared libraries. Every time a program call this libraries they need to be loaded into memory. As more libraries program needs as more time it takes to resolve all symbol references. So prelink simply "maps" this symbol references and makes applications run faster. Of course this is a summary of what it does, but it's enough for us.

The only thing we need to do is to prelink binaries every time we upgrade or install any new program o library. But don't worry, portage will automatically prelink our system for us each time we install a package if we have prelink installed in our system. That's great!!

So we will simply install prelink:

emerge --askv prelink

Then configure the package by running env-update and then editing config file:

env-update

Unfortunately we can't prelink files that were compiled by old versions of binutils. Be default prelink define a number of libraries and directories which as blacklisted to avoid prelinking them. We can add or remove directories in prelink config files:

nano /etc/prelink.conf
nano /etc/prelink.conf.d/*

Finally we will prelink our system with:

prelink -amR

Which is:

• a: prelink all binary files.
• m: conserve virtual memory space. If we have a lot of binaries to prelink it takes a lot of space during the process, this parameter will ensure that we not run out of memory.
• R: randomize the address ordering to enhance security against buffer overflows.

Although there's a lot of work to do, I stop this guide at that point which I think that is far from base system installation now you'd walk you path little padawan 😄

Hope you enjoyed!