Project:Lemote Yeeloong Gentoo Desktop

Project Description
The Lemote Yeeloong netbook is based on a 64-bit little endian MIPS processor, named the loongson2f, and is manufactured by lemote.com. It is celebrated as sporting only hardware that respects your freedom, that is, hardware that will run purely with open source software at every level. There are no proprietary binary blobs required to make any hardware work, and even its boot firmware (PMON) is released under a copyleft licence. As the netbook of choice for Richard Stallman, it is distributed in the United States by Freedom Included. Take a look at their web site for why the choice of hardware is a political choice and why freedom matters.

The "Lemote Yeeloong Gentoo Desktop" initiative is part of a bigger initiative in Gentoo to support MIPS based systems. We started this because compiling on the Yeeloong is slow enough that it is annoying for the average person to build a useful system from a classical Gentoo stage3 tarball. One could cross compile from a different, faster, architecture; but, that's involved and doesn't always produce the best native code. So, with a prebuilt desktop, we hope to give the end user a quick start to a productive environment that they are (hopefully) mostly happy with. One can always tweak from there. The drawback to this approach is that it does rub against the "Gentoo way" which is to maximize choice, but we still provide a stage3 for those who want --- so choose!

Currently the desktop of choice is based on XFCE4. We did not even attemp Gnome or KDE becuase of their bloat, and because much of that software is in a bad state with respect to all MIPS architecture. The bloat, however, was the deciding factor. We can always hack Gnome back into a MIPS friendly state, but on a system with a ~600MHz processor with 1GB of RAM, do we really want to follow bloatware development? We may expand into other light desktop systems, like LXDE. Tell us what you want!

We are also working with two "flavors" of each desktop, what we call "vanilla" and "hardened". The two are identical in term of what packages they provide, except the hardened image is built using the completely hardened toolchain maintained by the Hardened Gentoo team. This means that all the ELF binaries are ET_DYN (not ET_EXE so their address space is better randomized), have SSP (stack smashing protection against buffer overflows), PIE (position independant executable, also better address space randomization) and FORTIFY_SOURCES=2 (extra hardening of glibc functions). They are also linked relro (relocation read-only) and bind-now to prevent redirection of symbols.

Sounds like hardened is a clear winner over vanilla, except that there is a small performance hit. Not anything like i686, but still noticeable. Maybe five to ten percent, but we haven't made a good measure. Also, if you're compiling your own binaries, there may be some exotic breakage with the hardened that you won't get with the vanilla. Again its much rarer than on i686. There, the issue is often poorly written assembly that isn't PIC/PIE friendly, but since you're on a mips64el arch, chances are that that assembly hasn't even been ported, so there's nothing there to break!

If you're just an ordinary user, choose hardened. The extra security will outweigh the other factors.

Goals
The purpose of the "Lemote Yeeloong Gentoo Desktop" initiative is to make ready to install Gentoo based desktops for the Lemote Yeeloong netbook to ease the long process of building a full desktop system from a stage3 tarball. As a secondary goal, it aims to port the hardening toolchains and kernel features currently available in amd64 and x86 to mips architecture.

Installation
First, where do you find the images you'll need? Everything you'll need is on the gentoo mirrors, under experimental/mips/desktop-loongson2f. You'll need two images, the boot image called netboot-yeeloong.img and the desktop image, a simple tarball called desktop-loongson2f-[flavor]-[date].tar.lzma, where the [flavor] is either "hardened" or "vanilla" and [date] is the release date. We'll try to produce a new release every month. As stated above, this is just for XFCE4, but when/if we get more desktops, that will also be make explicit in the image name.

So, how do I install it on my Lemote Yeeloong?


 * Prepare the boot image: Get the file called netboot-yeeloong.img and put it either on a tftp server or a pen drive at some /path/to/. Make sure you prepare the pen drive with a FAT32, EXT2 or EXT3, but not EXT4 filesystem. PMON doesn't understand EXT4.
 * Boot into a rescue environment: Turn the lemote on and hit the Del key multiple times. You should see a PMON> prompt appear with possibly some trailing garbage characters, usually repeated G's. Backspace over the garbage to delete it.
 * If you are booting off the network with a tftp server, then the enter:

Replace [my_ip] with the ip of the lemote yeeloong and [tftp_ip] with the ip of your tftp server.
 * If, however, you want to boot off a pen drive, enter:


 * At this point you'll come up in a ramdisk image with busybox and a few other utilities to get your system ready. Hit enter a couple of times if you don't see a shell prompt right away.
 * Prepare a root partition and mount:
 * Using fdisk, prepare at least three partitions:


 * /boot only has to hold a kernel or two, so you can get away with less, but the others are minima. I use 4GB for swap and 40GB for root.
 * mdev needs to rescan the devices after (re)partioning. You could reboot, but its easier to just do:


 * Format the partitons:


 * Mount it


 * Download and unpack the tarball images:


 * Replace [mirror] with the FQDN of your favorite Gentoo mirror, replace [flavor] with either "hardened" or "vanilla" and replace [date] with the date of the release.
 * If you changed any of the above values for /dev/sda* then edit the boot.cfg file. It can be found at /mnt/gentoo/boot/boot.cfg.
 * Reboot your yeeloong. PMON should find the kernel, but if it doesn't then enter


 * Log in and enjoy!

or

Bug Reporting
Please submit feature requests and bug reports at bugs.gentoo.org and make your bug a blocker to bug #282265. Assign your bug to [mailto:mips@gentoo.org mips@gentoo.org].