Handbook Talk:AMD64/Installation/Base

True multilib needs modification in make.conf
When installing selecting the multilib profile itself wasn't sufficient. I only got true multilib support after adding the follwing in make.conf. I think it's worth mentioning it upfront so that people wouldn't have to recompile @world ABI_X86="64 32"


 * No, this is not a good suggestion to make for all Gentoo users to read the Handbook. We recommend only setting enable  as-needed on a per-package basis, not globally. As explained by, "if you enable ABI_X86="32" globally up front, you save a little bit of user configuration time up front but you waste a lot of compile time on every upgrade forever". Also, if this was set globally as you suggest, revising those packages later can cause headaches. Kind regards, --Maffblaster (talk) 19:30, 3 October 2016 (UTC)

Chroot on one line
It would be imo convenient to have one-liner for the mounts before the chrooting, instead of five separate commands, so that one could easily copy-paste the one command to terminal and execute it in one take

I.e., instead of (or, placed after)

root #mount -t proc proc /mnt/gentoo/proc root #mount --rbind /sys /mnt/gentoo/sys root #mount --make-rslave /mnt/gentoo/sys root #mount --rbind /dev /mnt/gentoo/dev root #mount --make-rslave /mnt/gentoo/dev

there ought to be also

mount -t proc proc /mnt/gentoo/proc && mount --rbind /sys /mnt/gentoo/sys && mount --make-rslave /mnt/gentoo/sys && mount --rbind /dev /mnt/gentoo/dev && mount --make-rslave /mnt/gentoo/dev

--Renergy (talk) 19:39, 6 June 2015 (UTC)


 * Renergy, I can see that may be easier to copy and paste a one line command such as you posted above. Part of the purpose of the Handbook is to teach people how to install Gentoo Linux, not to make the install as fast as possible, which is why we have each command on a separate line. I will think about putting a one-liner like you suggest as a secondary option for people who are in a hurry. Sincerely, --Maffblaster (talk) 22:14, 21 December 2015 (UTC)

Potential security problem
Going though the handbook normally leads you through getting the minimal .iso and stage 3 tarball over https, checking hashes and verifying with gpg. All good so far. Here, it tells users to run emerge-webrsync, without any warning that it defaults to using http - enabling a MITM attack. If I understand correctly, this is for downloading and setting up portage, while running as root. By default, emerge-webrsync does not verify gpg signatures, so at this point the system must be considered fundamentally insecure.

The user stanley on irc suggested using this procedure: https://wiki.gentoo.org/wiki/Handbook:AMD64/Working/Features#Pulling_validated_Gentoo_ebuild_tree_snapshots - it should definitely be mentioned as an option at this stage, since doing it with an already insecure system at the later stage will make little difference.

Also, emerge-webrsync should default to using HTTPS.

--OliverUv (talk) 12:26, 28 June 2015 (UTC)


 * But this affects all arches, right? See Handbook_Talk:Parts/Installation/Base --Charles17 (talk) 17:43, 20 January 2016 (UTC)


 * Hm...I'll see what we can do about this upstream. It would be nice if the mirrors used HTTPS, but I'm not sure we have a good way of enforcing it. --Maffblaster (talk) 18:21, 18 November 2016 (UTC)

Choosing profiles
I believe profiles should be chosen after the initial reboot at least for and. Choosing a desktop profile, in particular, too early causes increased and unnecessary install time added to a user's experience.

I think it should be saved until the first reboot.

--Grknight (talk) 01:46, 22 October 2015 (UTC)


 * I will experiment on a virtual machine with this. My initial thoughts are that you're right. Rebuilding world after the profile selection is probably not a necessary part of the process. --Maffblaster (talk) 23:28, 1 February 2016 (UTC)