Gentoo Linux mips Podręcznik: Instalowanie Gentoo

From Gentoo Wiki
Jump to:navigation Jump to:search
This page is a translated version of the page Handbook:MIPS/Full/Installation and the translation is 100% complete.


Wprowadzenie

Witaj

Przede wszystkim, witamy w Gentoo! Zamierzasz wkroczyć w świat wyboru i możliwości. Gentoo polega na wyborach. Podczas instalacji Gentoo, jest to wielokrotnie jasno przedstawione - użytkownicy mogą wybrać co ma zawierać ich kompilacja, jak zainstalować Gentoo, jakiego loggera systemowego użyć, etc.

Openness

Gentoo's premier tools are built from simple programming languages. Portage, Gentoo's package maintenance system, is written in Python. Ebuilds, which provide package definitions for Portage are written in bash. Our users are encouraged to review, modify, and enhance the source code for all parts of Gentoo.

By default, packages are only patched when necessary to fix bugs or provide interoperability within Gentoo. They are installed to the system by compiling source code provided by upstream projects into binary format (although support for precompiled binary packages is included too). Configuring Gentoo happens through text files.

For the above reasons and others: openness is built-in as a design principle.

Choice

Gentoo to szybka, nowoczesna metadystrybucja o przejrzystym i elastycznym wyglądzie. Jest zbudowany w oparciu o ekosystem wolnego oprogramowania i nic nie ukrywa przed swoimi użytkownikami. Portage, system zarządzania pakietami, z którego korzysta Gentoo, został napisany w języku Python. Oznacza to, że użytkownik może łatwo przeglądać i modyfikować kod źródłowy. System pakowania Gentoo używa kodu źródłowego (dostępne jest również wsparcie dla wstępnie skompilowanych pakietów), a konfiguracja Gentoo odbywa się za pomocą zwykłych plików tekstowych. Innymi słowy, otwartość wszędzie.

When installing Gentoo, choice is made clear throughout the Handbook. System administrators can choose two fully supported init systems (Gentoo's own OpenRC and Freedesktop.org's systemd), partition structure for storage disk(s), what file systems to use on the disk(s), a target system profile, remove or add features on a global (system-wide) or package specific level via USE flags, bootloader, network management utility, and much, much more.

As a development philosophy, Gentoo's authors try to avoid forcing users onto a specific system profile or desktop environment. If something is offered in the GNU/Linux ecosystem, it's likely available in Gentoo. If not, then we'd love to see it so. For new package requests please file a bug report or create your own ebuild repository.

Power

Being a source-based operating system allows Gentoo to be ported onto new computer instruction set architectures and also allows all installed packages to be tuned. This strength surfaces another Gentoo design principal: power.

A system administrator who has successfully installed and customized Gentoo has compiled a tailored operating system from source code. The entire operating system can be tuned at a binary level via the mechanisms included in Portage's make.conf file. If so desired, adjustments can be made on a per-package basis, or a package group basis. In fact, entire sets of functionality can be added or removed using USE flags.

Jest to bardzo ważne, by każdy użytkownik zrozumiał, iż możliwość wyboru jest głównym czynnikiem istnienia Gentoo. Staramy się nie zmuszać użytkowników do robienia czegokolwiek, co im się nie podoba. Jeśli ktoś uważa inaczej, prosimy o zgłoszenie raportu o błędzie.

Jak zbudowana jest instalacja

Instalacja Gentoo może być przedstawiona jako 10-etapowa procedura, odpowiadająca następnym zestawom działań. Wyniki każdego działaia w danym etapie:

Etap Wynik
1 Użytkownik znajduje się w środowisku roboczym, które jest gotowe do zainstalowania Gentoo.
2 Połączenie internetowe jest gotowe do zainstalowania Gentoo.
3 Dyski twarde są przygotowane do obsługi instalacji Gentoo.
4 Środowisko instalacyjne jest przygotowane, a użytkownik jest gotowy do wykonania chroot w nowym środowisku.
5 Instalowane są podstawowe pakiety, które są takie same we wszystkich instalacjach Gentoo.
6 Jądro Linuksa jest zainstalowane.
7 Większość plików konfiguracyjnych systemu Gentoo jest utworzona.
8 Zainstalowane są niezbędne narzędzia systemowe.
9 Odpowiedni system rozruchowy został zainstalowany i skonfigurowany.
10 Świeżo zainstalowane środowisko Gentoo Linux jest gotowe do eksploracji.

Za każdym razem, gdy w podręczniku przedstawiany jest pewien wybór, staramy się wyjaśnić zalety i wady każdego wyboru. Chociaż podręcznik jest następnie kontynuowany z domyślnym wyborem (oznaczonym jako "Domyślne:" w tytule), inne możliwości również zostaną udokumentowane (oznaczone jako "Alternatywa:" w tytule). Nie myśl, że społeczność Gentoo zaleca ustawienie domyślne. Jest to jednak wybór, którego zdaniem społeczności Gentoo dokona większość użytkowników.

Czasami można wykonać opcjonalny krok. Takie kroki są oznaczone jako „Opcjonalne:” i nie są potrzebne do instalacji Gentoo. Niektóre opcjonalne kroki zależą jednak od wcześniej podjętej decyzji. Instrukcje poinformują czytelnika, gdy nastąpi taka sytuacja, zarówno po podjęciu decyzji, jak i tuż przed opisem opcjonalnego kroku.

Opcje instalacyjne Gentoo

Gentoo można zainstalować na wiele różnych sposobów. Można go pobrać i zainstalować z oficjalnych nośników instalacyjnych Gentoo, takich jak nasze płyty CD i DVD. Nośnik instalacyjny można zainstalować na pamięci USB lub uzyskać do niego dostęp za pośrednictwem środowiska sieciowego. Alternatywnie, Gentoo można zainstalować z nieoficjalnych nośników, takich jak już zainstalowana dystrybucja lub dysk startowy inny niż Gentoo (np. Knoppix).

Ten dokument opisuje instalację przy użyciu oficjalnego nośnika instalacyjnego Gentoo, a w niektórych przypadkach instalację sieciową.

Informacja
Aby uzyskać pomoc dotyczącą innych podejść do instalacji, w tym używania płyt CD innych niż Gentoo, przeczytaj nasz Alternatywny przewodnik instalacji.

Udostępniamy również dokument Wskazówki i triki dotyczące instalacji Gentoo, który może okazać się przydatny.

Problemy

Jeśli wystąpił problem w instalacji (lub dokumentacji instalacji), odwiedź nasz system śledzenia błędów i sprawdź czy błąd jest już znany. Jeśli nie, utwórz raport o błędzie, abyśmy mogli się tym zająć. Nie bój się programistów, którzy są przypisani do błędów - (zazwyczaj) nie jedzą ludzi.

Chociaż ten dokument jest specyficzny dla architektury, może zawierać również odniesienia do innych architektur. Duża część Podręcznika Gentoo używa tekstu, który jest identyczny dla wszystkich architektur (aby uniknąć powielania). Takie odniesienia zostały ograniczone do minimum, aby uniknąć nieporozumień.

Jeśli istnieje niepewność, czy problem jest problemem użytkownika (błąd popełniony pomimo dokładnego przeczytania dokumentacji), czy wystąpił problem z oprogramowaniem (błąd, który popełniliśmy pomimo dokładnego przetestowania instalacji/dokumentacji), zapraszamy na międzynarodowy kanał #gentoo (webchat) (oraz polski kanał #gentoo-pl (webchat)) w sieci irc.freenode.net. Oczywiście wszyscy są mile widziani, ponieważ nasz kanał czatu obejmuje szerokie spektrum Gentoo.

A propos, jeśli masz dodatkowe pytania dotyczące Gentoo, zajrzyj do artykułu Najczęściej Zadawane Pytania. Istnieje również wątek Najczęściej Zadawane Pytania na Forum Gentoo.





Wymagania sprzętowe


CPU (port Big Endian) MIPS3, MIPS4, MIPS5 lub procesor klasy MIPS64
CPU (port Little Endian) MIPS4, MIPS5 lub procesor klasy MIPS64
Pamięć 128 MB
Przestrzeń dyskowa 3.0 GB (wyłączając przestrzeń wymiany)
Przestrzeń wymiany Co najmniej 256 MB

For more information, read MIPS Hardware Requirements.

Installation notes

On many architectures, the processor has gone through several generations, each newer generation builds on the foundation of the previous one. MIPS is no exception. There are several generations of CPU covered under the MIPS architecture. In order to choose the right netboot image stage tarball and CFLAGS appropriately, it is necessary to be aware of which family the system's CPU belongs in. These families are referred to as the Instruction Set Architecture.

MIPS ISA 32/64-bit CPUs Covered
MIPS 1 32-bit R2000, R3000
MIPS 2 32-bit R6000
MIPS 3 64-bit R4000, R4400, R4600, R4700
MIPS 4 64-bit R5000, RM5000, RM7000 R8000, R9000, R10000, R12000, R14000, R16000
MIPS 5 4-bit None As Yet
MIPS32 32-bit AMD Alchemy series, 4kc, 4km, many others... There are a few revisions in the MIPS32 ISA.
MIPS64 64-bit Broadcom SiByte SB1, 5kc ... etc... There are a few revisions in the MIPS64 ISA.
Informacja
The MIPS5 ISA level was designed by Silicon Graphics back in 1994, but never actually got used in a real life CPU. It lives on as part of the MIPS64 ISA.
Informacja
The MIPS32 and MIPS64 ISAs are a common source of confusion. The MIPS64 ISA level is actually a superset of the MIPS5 ISA, so it includes all instructions from MIPS5 and earlier ISAs. MIPS32 is the 32-bit subset of MIPS64, it exists because most applications only require 32-bit processing.

Also, another important concept to grasp is the concept of endianness. Endianness refers to the way that a CPU reads words from main memory. A word can be read as either big endian (most significant byte first), or little endian (least significant byte first). Intel x86 machines are generally Little endian, whilst Apple and Sparc machines are Big Endian. On MIPS, they can be either. To separate them apart, we append el to the architecture name to denote little endian.

Architecture 32/64-bit Endianness Machines covered
mips 32-bit Big Endian Silicon Graphics
mipsel 32-bit Little Endian Cobalt Servers
mips64 64-bit Big Endian Silicon Graphics
mips64el 64-bit Little Endian Cobalt Servers

For those willing to learn more about ISAs, the following websites may be of assistance:

Netbooting overview

In this section, we'll cover what is needed to successfully network boot a Silicon Graphics workstation or Cobalt Server appliance. This is just a brief guide, it is not intended to be thorough, for more information, it is recommended to read the Diskless nodes article.

Depending on the machine, there is a certain amount of hardware that is needed in order to successfully netboot and install Linux.

  • In General:
    • DHCP/BOAMD Alchemy series, 4kc, 4km, many others... There are a few revisions in the MIPS32 ISA.OTP server (ISC DHCPd recommended)
    • Patience -- and lots of it
  • For Silicon Graphics workstations:
    • TFTP server (tftp-hpa recommended)
    • When the serial console needs to be used:
      • MiniDIN8 --> RS-232 serial cable (only needed for IP22 and IP28 systems)
      • Null-modem cable
      • VT100 or ANSI compatible terminal capable of 9600 baud
  • For Cobalt Servers (NOT the original Qube):
    • NFS server
    • Null-modem cable
    • VT100 or ANSI compatible terminal capable of 115200 baud
Informacja
SGI machines use a MiniDIN 8 connector for the serial ports. Apparently Apple modem cables work just fine as serial cables, but with Apple machines being equipped with USB & internal modems, these are getting harder to find. One wiring diagram is available from the Linux/MIPS Wiki, and most electronics stores should stock the plugs required.
Informacja
For the terminal, this could be a real VT100/ANSI terminal, or it could be a PC running terminal emulation software (such as HyperTerminal, Minicom, seyon, Telex, xc, screen - whatever your preference). It doesn't matter what platform this machine runs - just so long as it has one RS-232 serial port available, and appropriate software.
Informacja
This guide does NOT cover the original Qube. The original Qube server appliance lacks a serial port in its default configuration, and therefore it is not possible to install Gentoo onto it without the aid of a screwdriver and a surrogate machine to do the installation.

Setting up TFTP and DHCP

As mentioned earlier -- this is not a complete guide, this is a bare-bones config that will just get things rolling. Either use this when starting a setup from scratch, or use the suggestions to amend an existing setup to support netbooting.

It is worth noting that the servers used need not be running Gentoo Linux, they could very well be using FreeBSD or any Unix-like platform. However, this guide will assume to be using Gentoo Linux. If desired, it is also possible to run TFTP/NFS on a separate machine to the DHCP server.

Uwaga
The Gentoo/MIPS Team cannot help with setting up other operating systems as netboot servers.

First Step -- configuring DHCP. In order for the ISC DHCP daemon to respond to BOOTP requests (as required by the SGI & Cobalt BOOTROM) first enable dynamic BOOTP on the address range in use; then set up an entry for each client with pointers to the boot image.

root #emerge --ask net-misc/dhcp

Once installed, create the /etc/dhcp/dhcpd.conf file. Here's a bare-bones config to get started.

FILE /etc/dhcp/dhcpd.confBare Bones dhcpd.conf
# Tell dhcpd to disable dynamic DNS.
# dhcpd will refuse to start without this.
ddns-update-style none;
  
# Create a subnet:
subnet 192.168.10.0 netmask 255.255.255.0 {
  # Address pool for our booting clients. Don't forget the 'dynamic-bootp' bit!
  pool {
    range dynamic-bootp 192.168.10.1 192.168.10.254;
  }
  
  # DNS servers and default gateway -- substitute as appropriate
  option domain-name-servers 203.1.72.96, 202.47.56.17;
  option routers 192.168.10.1;
  
  # Tell the DHCP server it's authoritative for this subnet.
  authoritative;
  
  # Allow BOOTP to be used on this subnet.
  allow bootp;
}

With that setup, one can then add any number of clients within the subnet clause. We will cover what to put in later in this guide.

Next step - Setting up TFTP server. It is recommended to use tftp-hpa as it is the only TFTP daemon known to work correctly. Proceed by installing it as shown below:

root #emerge --ask net-ftp/tftp-hpa

This will create /tftproot to store the netboot images. Move this elsewhere if necessary. For the purposes of this guide, it is assumed that it is kept in the default location.

Netbooting on SGI stations

Downloading a netboot image

Depending on the system the installation is meant for, there are several possible images available for download. These are all labelled according to the system type and CPU they are compiled for. The machine types are as follows:

Codename Machines
IP22 Indy, *Indigo 2, Challenge S
IP26 *Indigo 2 Power
IP27 Origin 200, Origin 2000
IP28 *Indigo 2 Impact
IP30 Octane
IP32 O2
Informacja
Indigo 2 - It is a common mistake to mix up the IRIS Indigo (IP12 w/ R3000 CPU or IP20 with a R4000 CPU, neither of which run Linux), the Indigo 2 (IP22, which runs Linux fine), the R8000-based Indigo 2 Power (which doesn't run Linux at all) and the R10000-based Indigo 2 Impact (IP28, which is highly experimental). Please bear in mind that these are different machines.

Also in the filename, r4k refers to R4000-series processors, r5k for R5000, rm5k for the RM5200 and r10k for R10000. The images are available on the Gentoo mirrors.

DHCP configuration for an SGI client

After downloading the file, place the decompressed image file in the /tftproot/ directory. (Use bzip2 -d to decompress). Then edit the /etc/dhcp/dhcpd.conf file and add the appropriate entry for the SGI client.

FILE /etc/dhcp/dhcpd.confsnippet for SGI Workstation
subnet xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx {
  # ... usual stuff here ...
  
  # SGI Workstation... change 'sgi' to your SGI machine's hostname.
  host sgi {
  
    # MAC Address of SGI Machine. Normally this is written on the back
    # or base of the machine.
    hardware ethernet 08:00:69:08:db:77;
  
    # TFTP Server to download from (by default, same as DHCP server)
    next-server 192.168.10.1;
  
    # IP address to give to the SGI machine
    fixed-address 192.168.10.3;
  
    # Filename for the PROM to download and boot
    filename "/gentoo-r4k.img";
  }
}

Kernel options

We're almost done, but there's a couple of little tweaks still to be done. Pull up a console with root privileges.

Disable "Path Maximum Transfer Unit", otherwise SGI PROM won't find the kernel:

root #echo 1 > /proc/sys/net/ipv4/ip_no_pmtu_disc

Set the port range usable by the SGI PROM:

root #echo "2048 32767" > /proc/sys/net/ipv4/ip_local_port_range

This should be sufficient to allow the Linux server to play nice with SGI's PROM.

Starting the daemons

At this point, start the daemons.

root #/etc/init.d/dhcp start
root #/etc/init.d/in.tftpd start

If nothing went wrong in that last step then everything is all set to power on the workstation and proceed with the guide. If the DHCP server isn't firing up for whatever reason, try running dhcpd on the command line and see what it says - if all is well, it should just fork into the background, otherwise it will display 'exiting.' just below its complaint.

An easy way to verify if the tftp daemon is running is to type the following command and confirm the output:

root #netstat -al | grep ^udp
udp        0      0 *:bootpc                *:*
udp        0      0 *:631                   *:*
udp        0      0 *:xdmcp                 *:*
udp        0      0 *:tftp                  *:* <-- (look for this line)

Netbooting the SGI station

Okay, everything is set, DHCP is running as is TFTP. Now it is time to fire up the SGI machine. Power the unit on - when "Running power-on diagnostics" comes on the screen, either click "Stop For Maintenance" or press Escape. A menu similar to the following will show up.

Running power-on diagnostics
System Maintenance Menu
  
1) Start System
2) Install System Software
3) Run Diagnostics
4) Recover System
5) Enter Command Monitor
Option?

Type in 5 to enter the command monitor. On the monitor, start the BootP process:

>>bootp(): root=/dev/ram0

From this point, the machine should start downloading the image, then, roughly 20 seconds later, start booting Linux. If all is well, a busybox ash shell will be started as shown below and the installation of Gentoo Linux can continue.

CODE When things are going right...
init started:  BusyBox v1.00-pre10 (2004.04.27-02:55+0000) multi-call binary
  
Gentoo Linux; http://www.gentoo.org/
 Copyright 2001-2004 Gentoo Technologies, Inc.; Distributed under the GPL
  
 Gentoo/MIPS Netboot for Silicon Graphics Machines
 Build Date: April 26th, 2004
  
 * To configure networking, do the following:
  
 * For Static IP:
 * /bin/net-setup <IP Address> <Gateway Address> [telnet]
  
 * For Dynamic IP:
 * /bin/net-setup dhcp [telnet]
  
 * If you would like a telnetd daemon loaded as well, pass "telnet"
 * As the final argument to /bin/net-setup.
  
Please press Enter to activate this console.

Troubleshooting

If the machine is being stubborn and refusing to download its image, it can be one of two things:

  1. The instructions were not followed correctly, or
  2. It needs a little gentle persuasion (No, put that sledge hammer down!)

Here's a list of things to check:

  • dhcpd is giving the SGI Machine an IP Address. There should be some messages about a BOOTP request in the system logs. tcpdump is also useful here.
  • Permissions are set properly in the tftp folder (typically /tftproot/ - should be world readable)
  • Check system logs to see what the tftp server is reporting (errors perhaps)

If everything on the server is checked, and timeouts or other errors occur on the SGI machine, try typing this into the console.

>>resetenv
>>unsetenv netaddr
>>unsetenv dlserver
>>init
>>bootp(): root=/dev/ram0

Netbooting on Cobalt stations

Overview of the netboot procedure

Unlike the SGI machines, Cobalt servers use NFS to transfer their kernel for booting. Boot the machine by holding down the left & right arrow buttons whilst powering the unit on. The machine will then attempt to obtain an IP number via BOOTP, mount the /nfsroot/ directory from the server via NFS, then try to download and boot the file vmlinux_raq-2800.gz (depending on the model) which it assumes to be a standard ELF binary.

Downloading a Cobalt netboot image

Inside http://distfiles.gentoo.org/experimental/mips/historical/netboot/cobalt/ the necessary boot images for getting a Cobalt up and running are made available. The files will have the name nfsroot-KERNEL-COLO-DATE-cobalt.tar - select the most recent one and unpack it to / as shown below:

root #tar -C / -xvf nfsroot-2.6.13.4-1.19-20051122-cobalt.tar

NFS server configuration

Since this machine uses NFS to download its image, it is necessary to export /nfsroot/ on the server. Install the net-fs/nfs-utils package:

root #emerge --ask net-fs/nfs-utils

Once that is done, place the following in the /etc/exports file.

FILE /etc/exportsExporting the /nfsroot directory
/nfsroot      *(ro,sync)

Now, once that is done, start the NFS server:

root #/etc/init.d/nfs start

If the NFS server was already running at the time, tell it to take another look at its exports file using exportfs.

root #exportfs -av

DHCP configuration for a Cobalt machine

Now, the DHCP side of things is relatively straightforward. Add the following to the /etc/dhcp/dhcpd.conf file.

FILE /etc/dhcp/dhcpd.confSnippet for Cobalt server
subnet xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx {
  # ... usual stuff here ...
  
  # Configuration for a Cobalt Server
  # Set the hostname here:
  host qube {
    # Path to the nfsroot directory.
    # This is mainly for when using the TFTP boot option on CoLo
    # You shouldn't need to change this.
    option root-path "/nfsroot";
  
    # Cobalt server's ethernet MAC address
    hardware ethernet 00:10:e0:00:86:3d;
  
    # Server to download image from
    next-server 192.168.10.1;
  
    # IP address of Cobalt server
    fixed-address 192.168.10.2;
  
    # Location of the default.colo file relative to /nfsroot
    # You shouldn't need to change this.
    filename "default.colo";
  }
}

Starting daemons

Now start the daemons. Enter the following:

root #/etc/init.d/dhcp start
root #/etc/init.d/nfs start

If nothing went wrong in that last step all should be set to power on the workstation and proceed with the guide. If the DHCP server isn't firing up for whatever reason, try running dhcpd on the command line and see what it tells - if all is well, it should just fork into the background, otherwise it will show 'exiting.' just below its complaint.

Netbooting the Cobalt machine

Now it is time to fire up the Cobalt machine. Hook up the null modem cable, and set the serial terminal to use 115200 baud, 8 bits, no parity, 1 stop bit, VT100 emulation. Once that is done, hold down the left and right arrow buttons whilst powering the unit on.

The back panel should display "Net Booting", and some network activity should be visible, closely followed by CoLo kicking in. On the rear panel, scroll down the menu until the "Network (NFS)" option then press Enter. Notice that the machine starts booting on the serial console.

...
elf: 80080000 <-- 00001000 6586368t + 192624t
elf: entry 80328040
net: interface down
CPU revision is: 000028a0
FPU revision is: 000028a0
Primary instruction cache 32kB, physically tagged, 2-way, linesize 32 bytes.
Primary data cache 32kB 2-way, linesize 32 bytes.
Linux version 2.4.26-mipscvs-20040415 (root@khazad-dum) (gcc version 3.3.3...
Determined physical RAM map:
 memory: 08000000 @ 00000000 (usable)
Initial ramdisk at: 0x80392000 (3366912 bytes)
On node 0 totalpages: 32768
zone(0): 32768 pages.
zone(1): 0 pages.
zone(2): 0 pages.
Kernel command line: console=ttyS0,115200 root=/dev/ram0
Calibrating delay loop... 249.85 BogoMIPS
Memory: 122512k/131072k available (2708k kernel code, 8560k reserved, 3424k dat)

A busybox ash shell will pop up as shown below, from which the Gentoo Linux installation can continue.

CODE When things are going right...
VFS: Mounted root (ext2 filesystem) readonly.
Freeing unused kernel memory: 280k freed
init started:  BusyBox v1.00-pre10 (2004.04.27-02:55+0000) multi-call binary
  
Gentoo Linux; http://www.gentoo.org/
 Copyright 2001-2004 Gentoo Technologies, Inc.; Distributed under the GPL
  
 Gentoo/MIPS Netboot for Cobalt Microserver Machines
 Build Date: April 26th, 2004
  
 * To configure networking, do the following:
  
 * For Static IP:
 * /bin/net-setup <IP Address> <Gateway Address> [telnet]
  
 * For Dynamic IP:
 * /bin/net-setup dhcp [telnet]
  
 * If you would like a telnetd daemon loaded as well, pass "telnet"
 * As the final argument to /bin/net-setup.
  
Please press Enter to activate this console.

Troubleshooting

If the machine is being stubborn and refusing to download its image, it can be one of two things:

  1. the instructions have not been followed correctly, or
  2. it needs a little gentle persuasion. (No, put that sledge hammer down!)

Here's a list of things to check:

  • dhcpd is giving the Cobalt Machine an IP Address. Notice messages about a BOOTP request in the system logs. tcpdump is also useful here.
  • Permissions are set properly in the /nfsroot/ folder (should be world readable).
  • Make sure the NFS server is running and exporting the /nfsroot/ directory. Check this using exportfs -v on the server.


Using an installation CD


On Silicon Graphics machines, it is possible to boot from a CD in order to install operating systems. (This is how one installs IRIX for instance) Recently, images for such bootable CDs to install Gentoo have been made possible. These CDs are designed to work in the same way.

At the moment the Gentoo/MIPS Live CD will only work on the SGI Indy, Indigo 2 and O2 workstations equipped with R4000 and R5000-series CPUs, however other platforms may be possible in future.

The Live CD images can be found under the experimental/mips/livecd/ directory on a Gentoo mirror.

Uwaga
These CDs are highly experimental at this time. They may or may not work at this time. Please report success or failures either on Bugzilla, this forum thread or in the #gentoo-mips IRC channel.




Automatyczne wykrywanie sieci

Może to po prostu działa?

Jeśli system jest podłączony do sieci Ethernet z serwerem DHCP, jest bardzo prawdopodobne, że sieć została już skonfigurowana automatycznie. Jeśli tak, to wiele poleceń obsługujących sieć na płycie instalacyjnej, takich jak ssh, scp, ping, irssi, wget i links, będzie działać natychmiast.

Używając DHCP

DHCP (Dynamic Host Configuration Protocol) umożliwia automatyczne otrzymywanie informacji sieciowych (adres IP, maska sieci, adres rozgłoszeniowy, brama, serwery nazw itp.). Działa to tylko wtedy, gdy w sieci znajduje się serwer DHCP (lub jeśli dostawca usług internetowych zapewnia usługę DHCP). Aby interfejs sieciowy odbierał te informacje automatycznie, użyj dhcpcd:

DHCP requires that a server be running on the same Layer 2 (Ethernet) segment as the client requesting a lease. DHCP is often used on RFC1918 (private) networks, but is also used to acquire public IP information from ISPs.

Wskazówka
Official Gentoo boot media runs dhcpcd automatically at startup. This behavior can be disabled by adding the nodhcp argument to the boot media kernel commandline.

If it is not already running, dhcpcd can be started on enp1s0 with:

root #dhcpcd eth0

Niektórzy administratorzy sieci wymagają, aby system używał nazwy hosta i nazwy domeny podanych przez serwer DHCP. W takim przypadku użyj:

root #dhcpcd -HD eth0

To stop dhcpcd, -x can be used:

root #dhcpcd -x
sending signal Term to pid 10831
waiting for pid 10831 to exit
See also
Dhcpcd usage

Testowanie sieci

A properly configured default route is a critical component of Internet connectivity, route configuration can be checked with:

root #ip route
default via 192.168.0.1 dev enp1s0

If no default route is defined, Internet connectivity is unavailable, and additional configuration is required.

Basic internet connectivity can be confirmed with a ping:

root #ping -c 3 1.1.1.1
Wskazówka
It's helpful to start by pinging a known IP address instead of a hostname. This can isolate DNS issues from basic Internet connectivity issues.

Outbound HTTPS access and DNS resolution can be confirmed with:

root #curl --location gentoo.org --output /dev/null

Jeśli wszystko zadziała, to pozostałą część tego rozdziału można pominąć i przejść od razu do następnego kroku instrukcji instalacji (Przygotowanie dysków).

If curl reports an error, but Internet-bound pings work, DNS may need configuration.

If Internet connectivity has not been established, first interface information should be verified, then:

Ustal nazwy interfejsów

If networking doesn't work out of the box, additional steps must be taken to enable Internet connectivity. Generally, the first step is to enumerate host network interfaces.

Jako alternatywę dla ifconfig można użyć polecenia ip do określenia nazw interfejsów. Poniższy przykład przedstawia dane wyjściowe funkcji ip addr (z innego systemu, więc wyświetlane informacje różnią się od poprzedniego przykładu):

The link argument can be used to display network interface links:

root #ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
4: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether e8:40:f2:ac:25:7a brd ff:ff:ff:ff:ff:ff

The address argument can be used to query device address information:

root #ip addr
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether e8:40:f2:ac:25:7a brd ff:ff:ff:ff:ff:ff
    inet 10.0.20.77/22 brd 10.0.23.255 scope global eno1
       valid_lft forever preferred_lft forever
    inet6 fe80::ea40:f2ff:feac:257a/64 scope link 
       valid_lft forever preferred_lft forever

The output of this command contains information for each network interface on the system. Entries begin with the device index, followed by the device name: enp1s0.

Wskazówka
Jeśli nie zostały wyświetlone żadne interfejsy, gdy użyto standardowego polecenia ifconfig, spróbuj użyć tego samego polecenia z opcją -a. Ta opcja wymusza na narzędziu wyświetlanie wszystkich interfejsów sieciowych wykrytych przez system, niezależnie od tego, czy są włączone, czy wyłączone. Jeśli ifconfig -a nie daje żadnych wyników, oznacza to, że sprzęt jest uszkodzony lub sterownik interfejsu nie został załadowany do jądra. Obie sytuacje wykraczają poza zakres niniejszego podręcznika. Aby uzyskać pomoc, skontaktuj się z #gentoo (webchat).

W pozostałej części tego podręcznika zakładamy, że działający interfejs sieciowy nosi nazwę eth0.

W wyniku przejścia w kierunku przewidywalnych nazw interfejsów sieciowych, nazwa interfejsu eth0 w systemie może się znacznie różnić od starej konwencji nazewnictwa. Najnowsze nośniki instalacyjne mogą pokazywać zwykłe nazwy interfejsów sieciowych, takie jak eno0, ens1 lub enp5s0. Poszukaj interfejsu w danych wyjściowych ifconfig, który ma adres IP powiązany z siecią lokalną.

Optional: Application specific configuration

The following methods are not generally required, but may be helpful in situations where additional configuration is required for Internet connectivity.

Opcjonalnie: Konfiguracja serwera proxy

Jeśli dostęp do Internetu odbywa się za pośrednictwem serwera proxy, podczas instalacji konieczne jest skonfigurowanie informacji o serwerze proxy. Definiowanie proxy jest bardzo łatwe: wystarczy zdefiniować zmienną, która zawiera informacje o serwerze proxy.

Certain text-mode web browsers such as links can also make use of environment variables that define web proxy settings; in particular for the HTTPS access it also will require the https_proxy environment variable to be defined. While Portage will be influenced without passing extra run time parameters during invocation, links will require proxy settings to be set.

W większości przypadków wystarczy zdefiniować zmienne za pomocą nazwy hosta serwera. Na przykład zakładamy, że serwer proxy nazywa się proxy.gentoo.org, a port to 8080.

Informacja
The # symbol in the following commands is a comment. It has een added for clarity only and does not need to be typed when entering the commands.

Aby skonfigurować HTTP proxy (dla ruchu HTTP i HTTPS):

root #export http_proxy="http://proxy.gentoo.org:8080"

Jeśli serwer proxy wymaga nazwy użytkownika i hasła, użyj następującej składni zmiennej:

CODE Dodawanie nazwy użytkownika i hasła do zmiennej proxy
http://nazwa_użytkownika:hasło@proxy.gentoo.org:8080

Start links using the following parameters for proxy support:

user $links -http-proxy ${http_proxy} -https-proxy ${https_proxy}

Aby skonfigurować FTP proxy:

root #export ftp_proxy="ftp://proxy.gentoo.org:8080"

Start links using the following parameter for a FTP proxy:

user $links -ftp-proxy ${ftp_proxy}

Aby skonfigurować RSYNC proxy:

root #export RSYNC_PROXY="proxy.gentoo.org:8080"

Alternatywa: Używając PPP

If PPPoE is required for Internet access, the Gentoo boot media includes the pppoe-setup script to simplify ppp configuration.

During setup, pppoe-setup will ask for:

  • The name of the Ethernet interface connected to the ADSL modem.
  • The PPPoE username and password.
  • DNS server IPs.
  • Whether or not a firewall is needed.
root #pppoe-setup
root #pppoe-start

In the event of failure, credentials in /etc/ppp/pap-secrets or /etc/ppp/chap-secrets should be verified. If credentials are correct, PPPoE Ethernet interface selection should be checked.

Alternatywa: Używając PPTP

Jeśli potrzebna jest obsługa PPTP, użyj pptpclient, który jest dostarczany na instalacyjnych dyskach CD. Jednak najpierw upewnij się, że konfiguracja jest prawidłowa. Edytuj /etc/ppp/pap-secrets lub /etc/ppp/chap-secrets, aby zawierały poprawną kombinację nazwy użytkownika i hasła:

Edit /etc/ppp/pap-secrets or /etc/ppp/chap-secrets so it contains the correct username/password combination:

root #nano -w /etc/ppp/chap-secrets

Następnie dostosuj /etc/ppp/options.pptp, jeśli jest to konieczne:

root #nano -w /etc/ppp/options.pptp

Po wykonaniu wszystkich czynności uruchom pptp (wraz z opcjami, których nie można ustawić w options.pptp), aby połączyć się z serwerem:

root #pptp <adres ip serwera>

Przygotowanie do dostępu bezprzewodowego

Uwaga
Do not use WEP unless it is the only option. WEP provides essentially no security over an open network.
Ważne
The iw command is only available on the following architectures: amd64, x86, arm, arm64, ppc, ppc64, and riscv.

When using a wireless (802.11) card, the wireless settings need to be configured before going any further. To see the current wireless settings on the card, one can use iw. Running iw might show something like:

root #iw dev wlp9s0 info
Interface wlp9s0
	ifindex 3
	wdev 0x1
	addr 00:00:00:00:00:00
	type managed
	wiphy 0
	channel 11 (2462 MHz), width: 20 MHz (no HT), center1: 2462 MHz
	txpower 30.00 dBm

Aby sprawdzić bieżące połączenie:

root #iw dev wlp9s0 link
Not connected.

lub

root #iw dev wlp9s0 link
Connected to 00:00:00:00:00:00 (on wlp9s0)
	SSID: GentooNode
	freq: 2462
	RX: 3279 bytes (25 packets)
	TX: 1049 bytes (7 packets)
	signal: -23 dBm
	tx bitrate: 1.0 MBit/s
Informacja
Some wireless cards may have a device name of wlan0 or ra0 instead of wlp9s0. Run ip link to determine the correct device name.

For most users, there are only two settings needed to connect, the ESSID (aka wireless network name) and, optionally, the WEP key.

  • Najpierw upewnij się, że interfejs jest aktywny:
root #ip link set dev wlp9s0 up
  • Aby połączyć się z otwartą siecią o nazwie "GentooNode":
root #iw dev wlp9s0 connect -w GentooNode
  • Aby połączyć się za pomocą szesnastkowego klucza WEP, poprzedź klucz przedrostkiem d::
root #iw dev wlp9s0 connect -w GentooNode key 0:d:1234123412341234abcd
  • Aby połączyć się za pomocą klucza ASCII WEP:
root #iw dev wlp9s0 connect -w GentooNode key 0:jakies-haslo
Informacja
Jeśli sieć bezprzewodowa jest wymaga szyfrowania WPA lub WPA2, należy użyć wpa_supplicant. Więcej informacji na temat konfigurowania sieci bezprzewodowych w Gentoo Linux można znaleźć w rozdziale Sieć bezprzewodowa w Podręczniku Gentoo.

Confirm the wireless settings by using iw dev wlp9s0 link. Once wireless is working, continue configuring the IP level networking options as described in the next section (Understanding network terminology) or use the net-setup tool as described previously.

Automatyczna konfiguracja sieci

In cases where automatic network configuration is unsuccessful, the Gentoo boot media provides scripts to aid in network configuration. net-setup can be used to configure wireless network information and static IPs.

root #net-setup eth0

net-setup zada kilka pytań dotyczących środowiska sieciowego. Kiedy wszystko zostanie zrobione, połączenie sieciowe powinno działać. Przetestuj połączenie sieciowe zgodnie z wcześniejszym opisem. Jeśli testy wypadną pozytywnie, gratulujemy! Pomiń resztę tej sekcji i przejdź do Przygotowanie dysków.

Ważne
Network status should be tested after any configuration steps are taken. In the event that configuration scripts do not work, manual network configuration is required.

Zrozumienie terminologii sieciowej

If all of the above fails, the network must be configured manually. This is not particularly difficult, but should be done with consideration. This section serves to clarify terminology and introduce users to basic networking concepts pertaining to manually configuring an Internet connection.

Wskazówka
Some CPE (Carrier Provided Equipment) combines the functions of a router, access point, modem, DHCP server, and DNS server into one unit. It's important to differentiate the functions of a device from the physical appliance.

Interfaces and addresses

Network interfaces are logical representations of network devices. An interface needs an address to communicate with other devices on the network. While only a single address is required, multiple addresses can be assigned to a single interface. This is especially useful for dual stack (IPv4 + IPv6) configurations.

For consistency, this primer will assume the interface enp1s0 will be using the address 192.168.0.2.

Ważne
IP addresses can be set arbitrarily. As a result, it's possible for multiple devices to use the same IP address, resulting in an address conflict. Address conflicts should be avoided by using DHCP or SLAAC.
Wskazówka
IPv6 typically uses StateLess Address AutoConfiguration (SLAAC) for address configuration. In most cases, manually setting IPv6 addresses is a bad practice. If a specific address suffix is preferred, interface identification tokens can be used.

Networks and CIDR

Once an address is chosen, how does a device know how to talk to other devices?

IP addresses are associated with networks. IP networks are contiguous logical ranges of addresses.

Classless Inter-Domain Routing or CIDR notation is used to distinguish network sizes.

  • The CIDR value, often notated starting with a /, represents the size of the network.
    • The formula 2 ^ (32 - CIDR) can be used to calculate network size.
    • Once network size is calculated, usable node count must be reduced by 2.
      • The first IP in a network is the Network address, and the last is typically the Broadcast address. These addresses are special and cannot be used by normal hosts.
Wskazówka
The most common CIDR values are /24, and /32, representing 254 nodes and a single node respectively.

A CIDR of /24 is the de-facto default network size. This corresponds to a subnet mask of 255.255.255.0, where the last 8 bits are reserved for IP addresses for nodes on a network.

The notation: 192.168.0.2/24 can be interpreted as:

  • The address 192.168.0.2
  • On the network 192.168.0.0
  • With a size of 254 (2 ^ (32 - 24) - 2)
    • Usable IPs are in the range 192.168.0.1 - 192.168.0.254
  • With a broadcast address of 192.168.0.255
    • In most cases, the last address on a network is used as the broadcast address, but this can be changed.

Using this configuration, a device should be able to communicate with any host on the same network (192.168.0.0).

The Internet

Once a device is on a network, how does it know how to talk to devices on the Internet?

To communicate with devices outside of local networks, routing must be used. A router is simply a network device that forwards traffic for other devices. The term default route or gateway typically refers to whatever device on the current network is used for external network access.

Wskazówka
It's a standard practice to make the gateway the first or last IP on a network.

If an Internet-connected router is available at 192.168.0.1, it can be used as the default route, granting Internet access.

To summarize:

  • Interfaces must be configured with an address and network information, such as the CIDR value.
  • Local network access is used to access a router on the same network.
  • The default route is configured, so traffic destined for external networks is forwarded to the gateway, providing Internet access.

The Domain Name System

Remembering IPs is hard. The Domain Name System was created to allow mapping between Domain Names and IP addresses.

Linux systems use /etc/resolv.conf to define nameservers to be used for DNS resolution.

Wskazówka
Many routers can also function as a DNS server, and using a local DNS server can augment privacy and speed up queries through caching.

Many ISPs run a DNS server that is generally advertised to the gateway over DHCP. Using a local DNS server tends to improve query latency, but most public DNS servers will return the same results, so server usage is largely based on preference.

Ręczna konfiguracja sieci

Interface address configuration

Ważne
When manually configuring IP addresses, the local network topology must be considered. IP addresses can be set arbitrarily; conflicts may cause network disruption.

To configure enp1s0 with the address 192.168.0.2 and CIDR /24:

root #ip address add 192.168.0.2/24 dev enp1s0
Wskazówka
The start of this command can be shortened to ip a.

Default route configuration

Configuring address and network information for an interface will configure link routes, allowing communication with that network segment:

root #ip route
192.168.0.0/24 dev enp1s0 proto kernel scope link src 192.168.0.2
Wskazówka
This command can be shortened to ip r.

The default route can be set to 192.168.0.1 with:

root #ip route add default via 192.168.0.1

DNS configuration

Nameserver info is typically acquired using DHCP, but can be set manually by adding nameserver entries to /etc/resolv.conf.

Uwaga
If dhcpcd is running, changes to /etc/resolv.conf will not persist. Status can be checked with ps x | grep dhcpcd.

nano is included in Gentoo boot media and can be used to edit /etc/resolv.conf with:

root #nano /etc/resolv.conf

Lines containing the keyword nameserver followed by a DNS server IP address are queried in order of definition:

FILE /etc/resolv.confUse Quad9 DNS.
nameserver 9.9.9.9
nameserver 149.112.112.112
FILE /etc/resolv.confUse Cloudflare DNS.
nameserver 1.1.1.1
nameserver 1.0.0.1

DNS status can be checked by pinging a domain name:

root #ping -c 3 gentoo.org

Once connectivity has been verified, continue with Preparing the disks.



Introduction to block devices

Block devices

Let's take a good look at disk-oriented aspects of Gentoo Linux and Linux in general, including block devices, partitions, and Linux filesystems. Once the ins and outs of disks are understood, partitions and filesystems can be established for installation.

To begin, let's look at block devices. SCSI and Serial ATA drives are both labeled under device handles such as: /dev/sda, /dev/sdb, /dev/sdc, etc. On more modern machines, PCI Express based NVMe solid state disks have device handles such as /dev/nvme0n1, /dev/nvme0n2, etc.

The following table will help readers determine where to find a certain type of block device on the system:

Type of device Default device handle Editorial notes and considerations
IDE, SATA, SAS, SCSI, or USB flash /dev/sda Found on hardware from roughly 2007 until the present, this device handle is perhaps the most commonly used in Linux. These types of devices can be connected via the SATA bus, SCSI, USB bus as block storage. As example, the first partition on the first SATA device is called /dev/sda1.
NVM Express (NVMe) /dev/nvme0n1 The latest in solid state technology, NVMe drives are connected to the PCI Express bus and have the fastest transfer block speeds on the market. Systems from around 2014 and newer may have support for NVMe hardware. The first partition on the first NVMe device is called /dev/nvme0n1p1.
MMC, eMMC, and SD /dev/mmcblk0 embedded MMC devices, SD cards, and other types of memory cards can be useful for data storage. That said, many systems may not permit booting from these types of devices. It is suggested to not use these devices for active Linux installations; rather consider using them to transfer files, which is their typical design intention. Alternatively this storage type could be useful for short-term file backups or snapshots.

The block devices above represent an abstract interface to the disk. User programs can use these block devices to interact with the disk without worrying about whether the drives are SATA, SCSI, or something else. The program can simply address the storage on the disk as a bunch of contiguous, randomly-accessible 4096-byte (4K) blocks.


Partitions

Although it is theoretically possible to use a full disk to house your Linux system, this is almost never done in practice. Instead, full disk block devices are split up in smaller, more manageable block devices. These are called partitions.


Designing a partition scheme

How many partitions and how big?

The design of disk partition layout is highly dependent on the demands of the system and the file system(s) applied to the device. If there are lots of users, then it is advised to have /home on a separate partition which will increase security and make backups and other types of maintenance easier. If Gentoo is being installed to perform as a mail server, then /var should be a separate partition as all mails are stored inside the /var directory. Game servers may have a separate /opt partition since most gaming server software is installed therein. The reason for these recommendations is similar to the /home directory: security, backups, and maintenance.

In most situations on Gentoo, /usr and /var should be kept relatively large in size. /usr hosts the majority of applications available on the system and the Linux kernel sources (under /usr/src). By default, /var hosts the Gentoo ebuild repository (located at /var/db/repos/gentoo) which, depending on the file system, generally consumes around 650 MiB of disk space. This space estimate excludes the /var/cache/distfiles and /var/cache/binpkgs directories, which will gradually fill with source files and (optionally) binary packages respectively as they are added to the system.

How many partitions and how big very much depends on considering the trade-offs and choosing the best option for the circumstance. Separate partitions or volumes have the following advantages:

  • Choose the best performing filesystem for each partition or volume.
  • The entire system cannot run out of free space if one defunct tool is continuously writing files to a partition or volume.
  • If necessary, file system checks are reduced in time, as multiple checks can be done in parallel (although this advantage is realized more with multiple disks than it is with multiple partitions).
  • Security can be enhanced by mounting some partitions or volumes read-only, nosuid (setuid bits are ignored), noexec (executable bits are ignored), etc.


However, multiple partitions have certain disadvantages as well:

  • If not configured properly, the system might have lots of free space on one partition and little free space on another.
  • A separate partition for /usr/ may require the administrator to boot with an initramfs to mount the partition before other boot scripts start. Since the generation and maintenance of an initramfs is beyond the scope of this handbook, we recommend that newcomers do not use a separate partition for /usr/.
  • There is also a 15-partition limit for SCSI and SATA unless the disk uses GPT labels.
Informacja
Installations that intend to use systemd as the service and init system must have the /usr directory available at boot, either as part of the root filesystem or mounted via an initramfs.

What about swap space?

Recommendations for swap space size
RAM size Suspend support? Hibernation support?
2 GB or less 2 * RAM 3 * RAM
2 to 8 GB RAM amount 2 * RAM
8 to 64 GB 8 GB minimum, 16 maximum 1.5 * RAM
64 GB or greater 8 GB minimum Hibernation not recommended! Hibernation is not recommended for systems with very large amounts of memory. While possible, the entire contents of memory must be written to disk in order to successfully hibernate. Writing tens of gigabytes (or worse!) out to disk can can take a considerable amount of time, especially when rotational disks are used. It is best to suspend in this scenario.

There is no perfect value for swap space size. The purpose of the space is to provide disk storage to the kernel when internal dynamic memory (RAM) is under pressure. A swap space allows for the kernel to move memory pages that are not likely to be accessed soon to disk (swap or page-out), which will free memory in RAM for the current task. Of course, if the pages swapped to disk are suddenly needed, they will need to be put back in memory (page-in) which will take considerably longer than reading from RAM (as disks are very slow compared to internal memory).

When a system is not going to run memory intensive applications or has lots of RAM available, then it probably does not need much swap space. However do note in case of hibernation that swap space is used to store the entire contents of memory (likely on desktop and laptop systems rather than on server systems). If the system requires support for hibernation, then swap space larger than or equal to the amount of memory is necessary.

As a general rule for RAM amounts less than 4 GB, the swap space size is recommended to be twice the internal memory (RAM). For systems with multiple hard disks, it is wise to create one swap partition on each disk so that they can be utilized for parallel read/write operations. The faster a disk can swap, the faster the system will run when data in swap space must be accessed. When choosing between rotational and solid state disks, it is better for performance to put swap on the solid state hardware.

It is worth noting that swap files can be used as an alternative to swap partitions; this is mostly helpful for systems with very limited disk space.


Using fdisk

SGI machines: Creating an SGI disk label

All disks in an SGI System require an SGI Disk Label, which serves a similar function as Sun & MS-DOS disklabels -- It stores information about the disk partitions. Creating a new SGI Disk Label will create two special partitions on the disk:

  • SGI Volume Header (9th partition): This partition is important. It is where the bootloader will reside, and in some cases, it will also contain the kernel images.
  • SGI Volume (11th partition): This partition is similar in purpose to the Sun Disklabel's third partition of "Whole Disk". This partition spans the entire disk, and should be left untouched. It serves no special purpose other than to assist the PROM in some undocumented fashion (or it is used by IRIX in some way).
Uwaga
The SGI Volume Header must begin at cylinder 0. Failure to do so means a failure to boot from the disk.

The following is an example excerpt from an fdisk session. Read and tailor it to personal preference...

root #fdisk /dev/sda

Switch to expert mode:

Command (m for help):x

With m the full menu of options is displayed:

Expert command (m for help):m
Command action
   b   move beginning of data in a partition
   c   change number of cylinders
   d   print the raw data in the partition table
   e   list extended partitions
   f   fix partition order
   g   create an IRIX (SGI) partition table
   h   change number of heads
   m   print this menu
   p   print the partition table
   q   quit without saving changes
   r   return to main menu
   s   change number of sectors/track
   v   verify the partition table
   w   write table to disk and exit

Build an SGI disk label:

Expert command (m for help):g
Building a new SGI disklabel. Changes will remain in memory only,
until you decide to write them. After that, of course, the previous
content will be irrecoverably lost.

Return to the main menu:

Expert command (m for help):r

Take a look at the current partition layout:

Command (m for help):p
Disk /dev/sda (SGI disk label): 64 heads, 32 sectors, 17482 cylinders
Units = cylinders of 2048 * 512 bytes
  
----- partitions -----
Pt#     Device  Info     Start       End   Sectors  Id  System
 9:  /dev/sda1               0         4     10240   0  SGI volhdr
11:  /dev/sda2               0     17481  35803136   6  SGI volume
----- Bootinfo -----
Bootfile: /unix
----- Directory Entries -----
Informacja
If the disk already has an existing SGI Disklabel, then fdisk will not allow the creation of a new label. There are two ways around this. One is to create a Sun or MS-DOS disklabel, write the changes to disk, and restart fdisk. The second is to overwrite the partition table with null data via the following command: dd if=/dev/zero of=/dev/sda bs=512 count=1

Resizing the SGI volume header

Ważne
This step is often needed, due to a bug in fdisk. For some reason, the volume header isn't created correctly, the end result being it starts and ends on cylinder 0. This prevents multiple partitions from being created. To get around this issue... read on.

Now that an SGI Disklabel is created, partitions may now be defined. In the above example, there are already two partitions defined. These are the special partitions mentioned above and should not normally be altered. However, for installing Gentoo, we'll need to load a bootloader, and possibly multiple kernel images (depending on system type) directly into the volume header. The volume header itself can hold up to eight images of any size, with each image allowed eight-character names.

The process of making the volume header larger isn't exactly straight-forward; there's a bit of a trick to it. One cannot simply delete and re-add the volume header due to odd fdisk behavior. In the example provided below, we'll create a 50MB Volume header in conjunction with a 50MB /boot/ partition. The actual layout of a disk may vary, but this is for illustrative purposes only.

Create a new partition:

Command (m for help):n
Partition number (1-16): 1
First cylinder (5-8682, default 5): 51
 Last cylinder (51-8682, default 8682): 101

Notice how fdisk only allows Partition #1 to be re-created starting at a minimum of cylinder 5? If we attempted to delete & re-create the SGI Volume Header this way, this is the same issue we would have encountered. In our example, we want /boot/ to be 50MB, so we start it at cylinder 51 (the Volume Header needs to start at cylinder 0, remember?), and set its ending cylinder to 101, which will roughly be 50MB (+/- 1-5MB).

Delete the partition:

Command (m for help):d
Partition number (1-16): 9

Now recreate it:

Command (m for help):n
Partition number (1-16): 9
First cylinder (0-50, default 0): 0
 Last cylinder (0-50, default 50): 50

If unsure how to use fdisk have a look down further at the instructions for partitioning on Cobalts. The concepts are exactly the same -- just remember to leave the volume header and whole disk partitions alone.

Once this is done, create the rest of your partitions as needed. After all the partitions are laid out, make sure to set the partition ID of the swap partition to 82, which is Linux Swap. By default, it will be 83, Linux Native.

Partitioning Cobalt drives

On Cobalt machines, the BOOTROM expects to see a MS-DOS MBR, so partitioning the drive is relatively straightforward -- in fact, it's done the same way as done for an Intel x86 machine. However there are some things you need to bear in mind.

  • Cobalt firmware will expect /dev/sda1 to be a Linux partition formatted EXT2 Revision 0. EXT2 Revision 1 partitions will NOT WORK! (The Cobalt BOOTROM only understands EXT2r0)
  • The above said partition must contain a gzipped ELF image, vmlinux.gz in the root of that partition, which it loads as the kernel

For that reason, it is recommended to create a ~20MB /boot/ partition formatted EXT2r0 upon which to install CoLo & kernels. This allows the user to run a modern filesystem (EXT3 or ReiserFS) for the root filesystem.

In the example, it is assumed that /dev/sda1 is created to mount later as a /boot/ partition. To make this /, keep the PROM's expectations in mind.

So, continuing on... To create the partitions type fdisk /dev/sda at the prompt. The main commands to know are these:

CODE List of important fdisk commands
o: Wipe out old partition table, starting with an empty MS-DOS partition table
n: New Partition
t: Change Partition Type
    Use type 82 for Linux Swap, 83 for Linux FS
d: Delete a partition
p: Display (print) Partition Table
q: Quit -- leaving old partition table as is.
w: Quit -- writing partition table in the process.
root #fdisk /dev/sda
The number of cylinders for this disk is set to 19870.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)

Start by clearing out any existing partitions:

Command (m for help):o
Building a new DOS disklabel. Changes will remain in memory only,
until you decide to write them. After that, of course, the previous
content won't be recoverable.
  
  
The number of cylinders for this disk is set to 19870.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

Now verify the partition table is empty using the p command:

Command (m for help):p
Disk /dev/sda: 10.2 GB, 10254827520 bytes
16 heads, 63 sectors/track, 19870 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes
  
   Device Boot      Start         End      Blocks   Id  System

Create the /boot partition:

Command (m for help):n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-19870, default 1):
Last cylinder or +size or +sizeM or +sizeK (1-19870, default 19870): +20M

When printing the partitions, notice the newly created one:

Command (m for help):p
Disk /dev/sda: 10.2 GB, 10254827520 bytes
16 heads, 63 sectors/track, 19870 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes
  
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1          40       20128+  83  Linux

Let's now create an extended partition that covers the remainder of the disk. In that extended partition, we'll create the rest (logical partitions):

Command (m for help):n
Command action
   e   extended
   p   primary partition (1-4)
e
Partition number (1-4): 2
First cylinder (41-19870, default 41):
Using default value 41
Last cylinder or +size or +sizeM or +sizeK (41-19870, default 19870):
Using default value 19870

Now we create the / partition, /usr, /var, et.

Command (m for help):n
Command action
   l   logical (5 or over)
   p   primary partition (1-4)
l
First cylinder (41-19870, default 41):<Press ENTER>
Using default value 41
Last cylinder or +size or +sizeM or +sizeK (41-19870, default 19870): +500M

Repeat this as needed.

Last but not least, the swap space. It is recommended to have at least 250MB swap, preferrably 1GB:

Command (m for help):n
Command action
   l   logical (5 or over)
   p   primary partition (1-4)
l
First cylinder (17294-19870, default 17294): <Press ENTER>
Using default value 17294
Last cylinder or +size or +sizeM or +sizeK (1011-19870, default 19870): <Press ENTER>
Using default value 19870

When checking the partition table, everything should be ready - one thing notwithstanding.

Command (m for help):p
Disk /dev/sda: 10.2 GB, 10254827520 bytes
16 heads, 63 sectors/track, 19870 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes
  
Device Boot      Start         End      Blocks      ID  System
/dev/sda1               1          21       10552+  83  Linux
/dev/sda2              22       19870    10003896    5  Extended
/dev/sda5              22        1037      512032+  83  Linux
/dev/sda6            1038        5101     2048224+  83  Linux
/dev/sda7            5102        9165     2048224+  83  Linux
/dev/sda8            9166       13229     2048224+  83  Linux
/dev/sda9           13230       17293     2048224+  83  Linux
/dev/sda10          17294       19870     1298776+  83  Linux

Notice how #10, the swap partition is still type 83? Let's change that to the proper type:

Command (m for help):t
Partition number (1-10): 10
Hex code (type L to list codes): 82
Changed system type of partition 10 to 82 (Linux swap)

Now verify:

Command (m for help):p
Disk /dev/sda: 10.2 GB, 10254827520 bytes
16 heads, 63 sectors/track, 19870 cylinders
Units = cylinders of 1008 * 512 = 516096 bytes
  
Device Boot      Start         End      Blocks      ID  System
/dev/sda1               1          21       10552+  83  Linux
/dev/sda2              22       19870    10003896    5  Extended
/dev/sda5              22        1037      512032+  83  Linux
/dev/sda6            1038        5101     2048224+  83  Linux
/dev/sda7            5102        9165     2048224+  83  Linux
/dev/sda8            9166       13229     2048224+  83  Linux
/dev/sda9           13230       17293     2048224+  83  Linux
/dev/sda10          17294       19870     1298776+  82  Linux Swap

We write out the new partition table:

Command (m for help):w
The partition table has been altered!
  
Calling ioctl() to re-read partition table.
Syncing disks.


Creating file systems

Uwaga
When using SSD or NVMe drive, it is wise to check for firmware upgrades. Some Intel SSDs in particular (600p and 6000p) require a firmware upgrade for possible data corruption induced by XFS I/O usage patterns. The problem is at the firmware level and not any fault of the XFS filesystem. The smartctl utility can help check the device model and firmware version.

Introduction

Now that the partitions have been created, it is time to place a filesystem on them. In the next section the various file systems that Linux supports are described. Readers that already know which filesystem to use can continue with Applying a filesystem to a partition. The others should read on to learn about the available filesystems...

Filesystems

Linux supports several dozen filesystems, although many of them are only wise to deploy for specific purposes. Only certain filesystems may be found stable on the mips architecture - it is advised to read up on the filesystems and their support state before selecting a more experimental one for important partitions. XFS is the recommended all-purpose, all-platform filesystem. The below is a non-exhaustive list:

btrfs
Newer generation filesystem. Provides advanced features like snapshotting, self-healing through checksums, transparent compression, subvolumes, and integrated RAID. Kernels prior to 5.4.y are not guaranteed to be safe to use with btrfs in production because fixes for serious issues are only present in the more recent releases of the LTS kernel branches. RAID 5/6 and quota groups unsafe on all versions of btrfs.
ext4
Ext4 is a reliable, all-purpose all-platform filesystem, although it lacks modern features like reflinks.
f2fs
The Flash-Friendly File System was originally created by Samsung for the use with NAND flash memory. It is a decent choice when installing Gentoo to microSD cards, USB drives, or other flash-based storage devices.
XFS
Filesystem with metadata journaling which comes with a robust feature-set and is optimized for scalability. It has been continuously upgraded to include modern features. The only downside is that XFS partitions cannot yet be shrunk, although this is being worked on. XFS notably supports reflinks and Copy on Write (CoW) which is particularly helpful on Gentoo systems because of the amount of compiles users complete. XFS is the recommended modern all-purpose all-platform filesystem. Requires a partition to be at least 300MB.
VFAT
Also known as FAT32, is supported by Linux but does not support standard UNIX permission settings. It is mostly used for interoperability/interchange with other operating systems (Microsoft Windows or Apple's macOS) but is also a necessity for some system bootloader firmware (like UEFI). Users of UEFI systems will need an EFI System Partition formatted with VFAT in order to boot.
NTFS
This "New Technology" filesystem is the flagship filesystem of Microsoft Windows since Windows NT 3.1. Similarly to VFAT, it does not store UNIX permission settings or extended attributes necessary for BSD or Linux to function properly, therefore it should not be used as a root filesystem for most cases. It should only be used for interoperability or data interchange with Microsoft Windows systems (note the emphasis on only).

More extensive information on filesystems can be found in the community maintained Filesystem article.

Applying a filesystem to a partition

Informacja
Please make sure to emerge the relevant user space utilities package for the chosen filesystem before rebooting. There will be a reminder to do so near the end of the installation process.

To create a filesystem on a partition or volume, there are user space utilities available for each possible filesystem. Click the filesystem's name in the table below for additional information on each filesystem:

Filesystem Creation command Within the live environment? Package
btrfs mkfs.btrfs Yes sys-fs/btrfs-progs
ext4 mkfs.ext4 Yes sys-fs/e2fsprogs
f2fs mkfs.f2fs Yes sys-fs/f2fs-tools
xfs mkfs.xfs Yes sys-fs/xfsprogs
vfat mkfs.vfat Yes sys-fs/dosfstools
NTFS mkfs.ntfs Yes sys-fs/ntfs3g
Ważne
The handbook recommends new partitions as part of the installation process, but it is important to note running any mkfs command will erase any data contained within the partition. When necessary, ensure any data that exists within is appropriately backed up before creating a few filesystem.

For instance, to have the root partition (/dev/sda5) as xfs as used in the example partition structure, the following commands would be used:

root #mkfs.xfs /dev/sda5

EFI system partition filesystem

The EFI system partition (/dev/sda1) must be formatted as FAT32:

root #mkfs.vfat -F 32 /dev/sda1

Legacy BIOS boot partition filesystem

Systems booting via legacy BIOS with a MBR/DOS disklabel can use any filesystem format supported by the bootloader.

For example, to format with XFS:

root #mkfs.xfs /dev/sda1

Small ext4 partitions

When using the ext4 filesystem on a small partition (less than 8 GiB), the filesystem should be created with the proper options to reserve enough inodes. This can specified using the -T small option:

root #mkfs.ext4 -T small /dev/<device>

Doing so will quadruple the number of inodes for a given filesystem, since its "bytes-per-inode" reduces from one every 16kB to one every 4kB.

Activating the swap partition

mkswap is the command that is used to initialize swap partitions:

root #mkswap /dev/sda10

To activate the swap partition, use swapon:

root #swapon /dev/sda10

This 'activation' step is only necessary because the swap partition is newly created within the live environment. Once the system has been rebooted, as long as the swap partition is properly defined within fstab or other mount mechanism, swap space will activate automatically.

Mounting the root partition

Informacja
Installations which were previously started, but did not finish the installation process can resume the installation from this point in the handbook. Use this link as the permalink: Resumed installations start here.

Certain live environments may be missing the suggested mount point for Gentoo's root partition (), or mount points for additional partitions created in the partitioning section:

root #mkdir --parents

For EFI installs only, the ESP should be mounted under the root partition location:

root #mkdir --parents

Continue creating additional mount points necessary for any additional (custom) partition(s) created during previous steps by using the mkdir command.

With mount points created, it is time to make the partitions accessible via mount command.

Mount the root partition:

root #mount /dev/sda5

Continue mounting additional (custom) partitions as necessary using the mount command.

Informacja
If /tmp/ needs to reside on a separate partition, be sure to change its permissions after mounting:
root #chmod 1777 /tmp
This also holds for /var/tmp.

Later in the instructions, the proc filesystem (a virtual interface with the kernel) as well as other kernel pseudo-filesystems will be mounted. But first the Gentoo stage file must be extracted.



Choosing a stage file

Wskazówka
On supported architectures, it is recommended for users targeting a desktop (graphical) operating system environment to use a stage file with the term desktop within the name. These files include packages such as sys-devel/llvm and dev-lang/rust-bin and USE flag tuning which will greatly improve install time.

The stage file acts as the seed of a Gentoo install. Stage files are generated with Catalyst by the Release Engineering Team. Stage files are based on specific profiles, and contain an almost-complete system.

When choosing a stage file, it's important to pick one with profile targets corresponding to the desired system type.

Ważne
While it's possible to make major profile changes after an installation has been established, switching requires substantial effort and consideration, and is outside the scope of this installation manual. Switching init systems is difficult, but switching from no-multilib to multilib requires extensive Gentoo and low-level toolchain knowledge.
Wskazówka
Most users should not need to use the 'advanced' tarballs options; they are for atypical or advanced software or hardware configurations.

OpenRC

OpenRC is a dependency-based init system (responsible for starting up system services once the kernel has booted) that maintains compatibility with the system provided init program, normally located in /sbin/init. It is Gentoo's native and original init system, but is also deployed by a few other Linux distributions and BSD systems.

OpenRC does not function as a replacement for the /sbin/init file by default and is 100% compatible with Gentoo init scripts. This means a solution can be found to run the dozens of daemons in the Gentoo ebuild repository.

systemd

systemd is a modern SysV-style init and rc replacement for Linux systems. It is used as the primary init system by a majority of Linux distributions. systemd is fully supported in Gentoo and works for its intended purpose. If something seems lacking in the Handbook for a systemd install path, review the systemd article before asking for support.

Multilib (32 and 64-bit)

Informacja
Not every architecture has a multilib option. Many only run with native code. Multilib is most commonly applied to amd64.

The multilib profile uses 64-bit libraries when possible, and only falls back to the 32-bit versions when strictly necessary for compatibility. This is an excellent option for the majority of installations because it provides a great amount of flexibility for customization in the future.

Wskazówka
Using multilib targets makes it easier to switch profiles later, compared to no-multilib

No-multilib (pure 64-bit)

Uwaga
Readers who are just starting out with Gentoo should not choose a no-multilib tarball unless it is absolutely necessary. Migrating from a no-multilib to a multilib system requires an extremely well-working knowledge of Gentoo and the lower-level toolchain (it may even cause our Toolchain developers to shudder a little). It is not for the faint of heart and is beyond the scope of this guide.

Selecting a no-multilib tarball to be the base of the system provides a complete 64-bit operating system environment - free of 32-bit software. This effectively renders the ability to switch to multilib profiles burdensome, although still technically possible.

Downloading the stage file

Setting the date and time

Stage archives are generally obtained using HTTPS which requires relatively accurate system time. Clock skew can prevent downloads from working, and can cause unpredictable errors if the system time is adjusted by any considerable amount after installation.

The current date and time can be verified with date:

root #date
Mon Oct  3 13:16:22 PDT 2021

If the displayed date/time is more than few minutes off, it should be updated using one of the following methods.

Automatic

Using NTP to correct clock skew is typically easier and more reliable than manually setting the system clock.

chronyd, part of net-misc/chrony can be used to update the system clock to UTC with:

root #chronyd -q
Ważne
Systems without a functioning Real-Time Clock (RTC) must sync the system clock at every system start, and on regular intervals thereafter. This is also beneficial for systems with a RTC, as the battery could fail, and clock skew can accumulate.
Uwaga
Standard NTP traffic not authenticated, it is important to verify time data obtained from the network.

Manual

When NTP access is unavailable, date can be used to manually set the system clock.

Informacja
UTC time is recommended for all Linux systems. Later, a system timezone is defined, which changes the offset when the date is displayed.

The following argument format is used to set the time: MMDDhhmmYYYY syntax (Month, Day, hour, minute and Year).

For instance, to set the date to October 3rd, 13:16 in the year 2021, issue:

root #date 100313162021

Before downloading the stage file, the current directory should be set to the location of the mount used for the install, (most likely /mnt/gentoo):

root #cd /mnt/gentoo

Graphical browsers

Those using environments with fully graphical web browsers will have no problem copying a stage file URL from the main website's download section. Simply select the appropriate tab, right click the link to the stage file, then Copy Link to copy the link to the clipboard, then paste the link to the wget utility on the command-line to download the stage file:

root #wget <PASTED_STAGE_FILE_URL>

Command-line browsers

More traditional readers or 'old timer' Gentoo users, working exclusively from command-line may prefer using links (www-client/links), a non-graphical, menu-driven browser. To download a stage, surf to the Gentoo mirror list like so:

root #links https://www.gentoo.org/downloads/mirrors/

To use an HTTP proxy with links, pass on the URL with the -http-proxy option:

root #links -http-proxy proxy.server.com:8080 https://www.gentoo.org/downloads/mirrors/

Next to links there is also the lynx (www-client/lynx) browser. Like links it is a non-graphical browser but it is not menu-driven.

root #lynx https://www.gentoo.org/downloads/mirrors/

If a proxy needs to be defined, export the http_proxy and/or ftp_proxy variables:

root #export http_proxy="http://proxy.server.com:port"
root #export ftp_proxy="http://proxy.server.com:port"

On the mirror list, select a mirror close by. Usually HTTP mirrors suffice, but other protocols are available as well. Move to the releases/mips/autobuilds/ directory. There all available stage files are displayed (they might be stored within subdirectories named after the individual sub-architectures). Select one and press d to download.

After the stage file download completes, it is possible to verify the integrity and validate the contents of the stage file. Those interested should proceed to the next section.

Those not interested in verifying and validating the stage file can close the command-line browser by pressing q and can move directly to the Unpacking the stage file section.

Verifying and validating

Informacja
Most stages are now explicitly suffixed with the init system type (openrc or systemd), although some architectures may still be missing these for now.

Like with the minimal installation CDs, additional downloads to verify and validate the stage file are available. Although these steps may be skipped, these files are provided for users who care about the integrity of the file(s) they just downloaded. The extra files are available under the root of the mirrors directory. Browse to the appropriate location for the hardware architecture and the system profile and download the associated .CONTENTS.gz, .DIGESTS, and .sha265 files.

root #wget https://distfiles.gentoo.org/releases/
  • .CONTENTS.gz - A compressed file that contains a list of all files inside the stage file.
  • .DIGESTS - Contains checksums of the stage file in using several cryptographic hash algorithms.
  • .sha256 - Contains a PGP signed SHA256 checksum of the stage file. This file may not be available for download for all stage files.

Cryptographic tools and utilities such as openssl, sha256sum, or sha512sum can be used to compare the output with the checksums provided by the .DIGESTS file.

To verify the SHA512 checksum with openssl:

root #openssl dgst -r -sha512 stage3-mips-<release>-<init>.tar.xz

dgst instructs the openssl command to use the Message Digest sub-command, -r prints the digest output in coreutils format, and -sha512 selects the SHA512 digest.

To verify the BLAKE2B512 checksum with openssl:

root #openssl dgst -r -blake2b512 stage3-mips-<release>-<init>.tar.xz

Compare the output(s) of the checksum commands with the hash and filename paired values contained within the .DIGESTS file. The paired values need to match the output of the checksum commands, otherwise the downloaded file is corrupt can should be discarded and re-downloaded.

To verify the SHA256 hash from an associated .sha265 file using the sha256sum utility:

root #sha256sum --check stage3-mips-<release>-<init>.tar.xz.sha256

The --check option instructs sha256sum to read a list of expected files and associated hashes, and then print an associated "OK" for each file that calculates correctly or a "FAILED" for files that do not.

Just like with the ISO file, the cryptographic signature of the tar.xz file can be verified using gpg to ensure no tampering has been performed on the tarball.

For official Gentoo live images, the sec-keys/openpgp-keys-gentoo-release package provides PGP signing keys for automated releases. The keys must first be imported into the user's session in order to be used for verification:

root #gpg --import /usr/share/openpgp-keys/gentoo-release.asc

For all non-official live images which offer gpg and wget in the live environment, a bundle containing Gentoo keys can be fetched and imported:

root #wget -O - https://qa-reports.gentoo.org/output/service-keys.gpg | gpg --import

Verify the signature of the tarball and, optionally, associated checksum files:

root #gpg --verify stage3-mips-<release>-<init>.tar.xz.asc
root #gpg --verify stage3-mips-<release>-<init>.tar.xz.DIGEST
root #gpg --verify stage3-mips-<release>-<init>.tar.xz.sha256

If verification succeeds, "Good signature from" will be in the output of the previous command(s).

The fingerprints of the OpenPGP keys used for signing release media can be found on the release media signatures page.

Installing a stage file

Once the stage file has been downloaded and verified, it can be extracted using tar:

root #tar xpvf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner

Before extracting verify the options:

  • x extract, instructs tar to extract the contents of the archive.
  • p preserve permissions.
  • v verbose output.
  • f file, provides tar with the name of the input archive.
  • --xattrs-include='*.*' Preserves extended attributes in all namespaces stored in the archive.
  • --numeric-owner Ensure that the user and group IDs of files being extracted from the tarball remain the same as Gentoo's release engineering team intended (even if adventurous users are not using official Gentoo live environments for the installation process).

Now that the stage file is unpacked, proceed with Configuring compile options.

Configuring compile options

Introduction

To optimize the system, it is possible to set variables which impact the behavior of Portage, Gentoo's officially supported package manager. All those variables can be set as environment variables (using export) but setting via export is not permanent.

Informacja
Technically variables can be exported via the shell's profile or rc files, however that is not best practice for basic system administration.

Portage reads in the make.conf file when it runs, which will change runtime behavior depending on the values saved in the file. make.conf can be considered the primary configuration file for Portage, so treat its content carefully.

Wskazówka
{{{1}}}

Fire up an editor (in this guide we use nano) to alter the optimization variables we will discuss hereafter.

root #nano /mnt/gentoo/etc/portage/make.conf

From the make.conf.example file it is obvious how the file should be structured: commented lines start with #, other lines define variables using the VARIABLE="value" syntax. Several of those variables are discussed in the next section.

CFLAGS and CXXFLAGS

The CFLAGS and CXXFLAGS variables define the optimization flags for GCC C and C++ compilers respectively. Although those are defined generally here, for maximum performance one would need to optimize these flags for each program separately. The reason for this is because every program is different. However, this is not manageable, hence the definition of these flags in the make.conf file.

In make.conf one should define the optimization flags that will make the system the most responsive generally. Don't place experimental settings in this variable; too much optimization can make programs misbehave (crash, or even worse, malfunction).

We will not explain all possible optimization options. To understand them all, read the GNU Online Manual(s) or the gcc info page (info gcc). The make.conf.example file itself also contains lots of examples and information; don't forget to read it too.

A first setting is the -march= or -mtune= flag, which specifies the name of the target architecture. Possible options are described in the make.conf.example file (as comments). A commonly used value is native as that tells the compiler to select the target architecture of the current system (the one users are installing Gentoo on).

A second one is the -O flag (that is a capital O, not a zero), which specifies the gcc optimization class flag. Possible classes are s (for size-optimized), 0 (zero - for no optimizations), 1, 2 or even 3 for more speed-optimization flags (every class has the same flags as the one before, plus some extras). -O2 is the recommended default. -O3 is known to cause problems when used system-wide, so we recommend to stick to -O2.

Another popular optimization flag is -pipe (use pipes rather than temporary files for communication between the various stages of compilation). It has no impact on the generated code, but uses more memory. On systems with low memory, gcc might get killed. In that case, do not use this flag.

Using -fomit-frame-pointer (which doesn't keep the frame pointer in a register for functions that don't need one) might have serious repercussions on the debugging of applications.

When the CFLAGS and CXXFLAGS variables are defined, combine the several optimization flags in one string. The default values contained in the stage file archive should be good enough. The following one is just an example:

CODE Example CFLAGS and CXXFLAGS variables
# Compiler flags to set for all languages
COMMON_FLAGS="-mabi=32 -mips4 -pipe -O2"
# Use the same settings for both variables
CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
Wskazówka
Although the GCC optimization article has more information on how the various compilation options can affect a system, the Safe CFLAGS article may be a more practical place for beginners to start optimizing their systems.

MAKEOPTS

The MAKEOPTS variable defines how many parallel compilations should occur when installing a package. As of Portage version 3.0.31[1], if left undefined, Portage's default behavior is to set the MAKEOPTS jobs value to the same number of threads returned by nproc.

Further, as of Portage 3.0.53[2], if left undefined, Portage's default behavior is to set the MAKEOPTS load-average value to the same number of threads returned by nproc.

A good choice is the smaller of: the number of threads the CPU has, or the total amount of system RAM divided by 2 GiB.

Uwaga
Using a large number of jobs can significantly impact memory consumption. A good recommendation is to have at least 2 GiB of RAM for every job specified (so, e.g. -j6 requires at least 12 GiB). To avoid running out of memory, lower the number of jobs to fit the available memory.
Wskazówka
When using parallel emerges (--jobs), the effective number of jobs run can grow exponentially (up to make jobs multiplied by emerge jobs). This can be worked around by running a localhost-only distcc configuration that will limit the number of compiler instances per host.
FILE /etc/portage/make.confExample MAKEOPTS declaration
# If left undefined, Portage's default behavior is to:
# - set the MAKEOPTS jobs value to the same number of threads returned by `nproc`
# - set the MAKEOPTS load-average value to the same number of threads returned by `nproc`
# Please replace '4' as appropriate for the system (min(RAM/2GB, threads), or leave it unset.
MAKEOPTS="-j4 -l4"

Search for MAKEOPTS in man 5 make.conf for more details.

Ready, set, go!

Update the /mnt/gentoo/etc/portage/make.conf file to match personal preference and save (nano users would press Ctrl+o to write the change and then Ctrl+x to quit).



Chrooting

Copy DNS info

One thing still remains to be done before entering the new environment and that is copying over the DNS information in /etc/resolv.conf. This needs to be done to ensure that networking still works even after entering the new environment. /etc/resolv.conf contains the name servers for the network.

To copy this information, it is recommended to pass the --dereference option to the cp command. This ensures that, if /etc/resolv.conf is a symbolic link, that the link's target file is copied instead of the symbolic link itself. Otherwise in the new environment the symbolic link would point to a non-existing file (as the link's target is most likely not available inside the new environment).

root #cp --dereference /etc/resolv.conf /etc/

Mounting the necessary filesystems

In a few moments, the Linux root will be changed towards the new location.

The filesystems that need to be made available are:

  • /proc/ is a pseudo-filesystem. It looks like regular files, but is generated on-the-fly by the Linux kernel
  • /sys/ is a pseudo-filesystem, like /proc/ which it was once meant to replace, and is more structured than /proc/
  • /dev/ is a regular file system which contains all device. It is partially managed by the Linux device manager (usually udev)
  • /run/ is a temporary file system used for files generated at runtime, such as PID files or locks

The /proc/ location will be mounted on /mnt/gentoo/proc/ whereas the others are bind-mounted. The latter means that, for instance, /mnt/gentoo/sys/ will actually be /sys/ (it is just a second entry point to the same filesystem) whereas /mnt/gentoo/proc/ is a new mount (instance so to speak) of the filesystem.

Wskazówka
If using Gentoo's install media, this step can be replaced with simply: arch-chroot /mnt/gentoo.
root #mount --types proc /proc /mnt/gentoo/proc
root #mount --rbind /sys /mnt/gentoo/sys
root #mount --make-rslave /mnt/gentoo/sys
root #mount --rbind /dev /mnt/gentoo/dev
root #mount --make-rslave /mnt/gentoo/dev
root #mount --bind /run /mnt/gentoo/run
root #mount --make-slave /mnt/gentoo/run
Informacja
The --make-rslave operations are needed for systemd support later in the installation.
Uwaga
When using non-Gentoo installation media, this might not be sufficient. Some distributions make /dev/shm a symbolic link to /run/shm/ which, after the chroot, becomes invalid. Making /dev/shm/ a proper tmpfs mount up front can fix this:
root #test -L /dev/shm && rm /dev/shm && mkdir /dev/shm
root #mount --types tmpfs --options nosuid,nodev,noexec shm /dev/shm

Also ensure that mode 1777 is set:

root #chmod 1777 /dev/shm /run/shm

Entering the new environment

Now that all partitions are initialized and the base environment installed, it is time to enter the new installation environment by chrooting into it. This means that the session will change its root (most top-level location that can be accessed) from the current installation environment (installation CD or other installation medium) to the installation system (namely the initialized partitions). Hence the name, change root or chroot.

This chrooting is done in three steps:

  1. The root location is changed from / (on the installation medium) to /mnt/gentoo/ (on the partitions) using chroot or arch-chroot, if available.
  2. Some settings (those in /etc/profile) are reloaded in memory using the source command
  3. The primary prompt is changed to help us remember that this session is inside a chroot environment.
root #chroot /mnt/gentoo /bin/bash
root #source /etc/profile
root #export PS1="(chroot) ${PS1}"

From this point, all actions performed are immediately on the new Gentoo Linux environment.

Wskazówka
If the Gentoo installation is interrupted anywhere after this point, it should be possible to 'resume' the installation at this step. There is no need to re-partition the disks again! Simply mount the root partition and run the steps above starting with copying the DNS info to re-enter the working environment. This is also useful for fixing bootloader issues. More information can be found in the chroot article.

Preparing for a bootloader

Now that the new environment has been entered, it is necessary to prepare the new environment for the bootloader. It will be important to have the correct partition mounted when it is time to install the bootloader.

UEFI systems

For UEFI systems, was formatted with the FAT32 filesystem and will be used as the EFI System Partition (ESP). Create a new directory (if not yet created), and then mount ESP there:

root #mkdir # May have been created in a previous step
root #mount

DOS/Legacy BIOS systems

For DOS/Legacy BIOS systems, the bootloader will be installed into the directory, therefore mount as follows:

root #mount /dev/sda1

Configuring Portage

Gentoo ebuild repository

A second important step in selecting mirrors is to configure the Gentoo ebuild repository via the /etc/portage/repos.conf/gentoo.conf file. This file contains the sync information needed to update the package repository (the collection of ebuilds and related files containing all the information Portage needs to download and install software packages).

Configuring the repository can be done in a few simple steps. First, if it does not exist, create the repos.conf directory:

root #mkdir --parents /etc/portage/repos.conf

Next, copy the Gentoo repository configuration file provided by Portage to the (newly created) repos.conf directory:

root #cp /usr/share/portage/config/repos.conf /etc/portage/repos.conf/gentoo.conf

Take a peek with a text editor or by using the cat command. The inside of the file should be in .ini format and look like this:

FILE /mnt/gentoo/etc/portage/repos.conf/gentoo.conf
[DEFAULT]
main-repo = gentoo
 
[gentoo]
location = /var/db/repos/gentoo
sync-type = rsync
sync-uri = rsync://rsync.gentoo.org/gentoo-portage
auto-sync = yes
sync-rsync-verify-jobs = 1
sync-rsync-verify-metamanifest = yes
sync-rsync-verify-max-age = 24
sync-openpgp-key-path = /usr/share/openpgp-keys/gentoo-release.asc
sync-openpgp-key-refresh-retry-count = 40
sync-openpgp-key-refresh-retry-overall-timeout = 1200
sync-openpgp-key-refresh-retry-delay-exp-base = 2
sync-openpgp-key-refresh-retry-delay-max = 60
sync-openpgp-key-refresh-retry-delay-mult = 4
sync-webrsync-verify-signature = yes
sync-git-verify-commit-signature = yes

The default sync-uri variable value listed above will determine a mirror location based on a rotation. This will aid in easing bandwidth stress on Gentoo's infrastructure and will provide a fail-safe in the event a specific mirror is offline. It is recommended the default URI is retained unless a local or private mirror will be used instead.

Wskazówka
The specification for Portage's plug-in sync API can be found in the Portage project's Sync page.

Installing a Gentoo ebuild repository snapshot from the web

Next step is to install a snapshot of the Gentoo ebuild repository. This snapshot contains a collection of files that informs Portage about available software titles (for installation), which profiles the system administrator can select, package or profile specific news items, etc.

The use of emerge-webrsync is recommended for those who are behind restrictive firewalls (it uses HTTP/FTP protocols for downloading the snapshot) and saves network bandwidth. Readers who have no network or bandwidth restrictions can happily skip down to the next section.

This will fetch the latest snapshot (which is released on a daily basis) from one of Gentoo's mirrors and install it onto the system:

root #emerge-webrsync
Informacja
During this operation, emerge-webrsync might complain about a missing /var/db/repos/gentoo/ location. This is to be expected and nothing to worry about - the tool will create the location.

From this point onward, Portage might mention that certain updates are recommended to be executed. This is because system packages installed through the stage file might have newer versions available; Portage is now aware of new packages because of the repository snapshot. Package updates can be safely ignored for now; updates can be delayed until after the Gentoo installation has finished.


Optional: Selecting mirrors

In order to download source code quickly it is recommended to select a fast, geographically close mirror. Portage will look in the make.conf file for the GENTOO_MIRRORS variable and use the mirrors listed therein. It is possible to surf to the Gentoo mirror list and search for a mirror (or multiple mirrors) close to the system's physical location (as those are most frequently the fastest ones).

A tool called mirrorselect provides a pretty text interface to more quickly query and select suitable mirrors. Just navigate to the mirrors of choice and press Spacebar to select one or more mirrors.

root #emerge --ask --verbose --oneshot app-portage/mirrorselect
root #mirrorselect -i -o >> /etc/portage/make.conf

Alternatively, a list of active mirrors are available online.

Opcjonalne: Aktualizowanie repozytorium Gentoo

It is possible to update the Gentoo ebuild repository to the latest version. The previous emerge-webrsync command will have installed a very recent snapshot (usually recent up to 24h) so this step is definitely optional.

Suppose there is a need for the latest package updates (up to 1 hour), then use emerge --sync. This command will use the rsync protocol to update the Gentoo ebuild repository (which was fetched earlier on through emerge-webrsync) to the latest state.

root #emerge --sync

On slow terminals, such as certain frame buffers or serial consoles, it is recommended to use the --quiet option to speed up the process:

root #emerge --sync --quiet

Reading news items

When the Gentoo ebuild repository is synchronized, Portage may output informational messages similar to the following:

* IMPORTANT: 2 news items need reading for repository 'gentoo'.
* Use eselect news to read news items.

News items were created to provide a communication medium to push critical messages to users via the Gentoo ebuild repository. To manage them, use eselect news. The eselect application is a Gentoo-specific utility that allows for a common management interface for system administration. In this case, eselect is asked to use its news module.

For the news module, three operations are most used:

  • With list an overview of the available news items is displayed.
  • With read the news items can be read.
  • With purge news items can be removed once they have been read and will not be reread anymore.
root #eselect news list
root #eselect news read

More information about the news reader is available through its manual page:

root #man news.eselect

Choosing the right profile

Wskazówka
Desktop profiles are not exclusively for desktop environments. They are also suitable for minimal window managers like i3 or sway.

A profile is a building block for any Gentoo system. Not only does it specify default values for USE, CFLAGS, and other important variables, it also locks the system to a certain range of package versions. These settings are all maintained by Gentoo's Portage developers.

To see what profile the system is currently using, run eselect using the profile module:

root #eselect profile list
Available profile symlink targets:
  [1]   default/linux/mips/ *
  [2]   default/linux/mips//desktop
  [3]   default/linux/mips//desktop/gnome
  [4]   default/linux/mips//desktop/kde
Informacja
The output of the command is just an example and evolves over time.
Informacja
To use systemd, select a profile which has "systemd" in the name and vice versa, if not

There are also desktop sub-profiles available for some architectures which include software packages commonly necessary for a desktop experience.

Uwaga
Profile upgrades are not to be taken lightly. When selecting the initial profile, use the profile corresponding to the same version as the one initially used by the stage file (e.g. ). Each new profile version is announced through a news item containing migration instructions; be sure to carefully follow the instructions before switching to a newer profile.

After viewing the available profiles for the mips architecture, users can select a different profile for the system:

root #eselect profile set 2



Informacja
The developer sub-profile is specifically for Gentoo Linux development and is not meant to be used by casual users.

Optional: Adding a binary package host

Since December 2023, Gentoo's Release Engineering team has offered an official binary package host (colloquially shorted to just "binhost") for use by the general community to retrieve and install binary packages (binpkgs).[1]

Adding a binary package host allows Portage to install cryptographically signed, compiled packages. In many cases, adding a binary package host will greatly decrease the mean time to package installation and adds much benefit when running Gentoo on older, slower, or low power systems.

Repository configuration

The repository configuration for a binhost is found in Portage's /etc/portage/binrepos.conf/ directory, which functions similarly to the configuration mentioned in the Gentoo ebuild repository section.

When defining a binary host, there are two important aspects to consider:

  1. The architecture and profile targets within the sync-uri value do matter and should align to the respective computer architecture (mips in this case) and system profile selected in the Choosing the right profile section.
  2. Selecting a fast, geographically close mirror will generally shorten retrieval time. Review the mirrorselect tool mentioned in the Optional: Selecting mirrors section or review the online list of mirrors where URL values can be discovered.

FILE /etc/portage/binrepos.conf/gentoo.confCDN-based binary package host example
[binhost]
priority = 9999
sync-uri = https://distfiles.gentoo.org/releases/<arch>/binpackages/<profile>/x86-64/

Installing binary packages

Portage will compile packages from code source by default. It can be instructed to use binary packages in the following ways:

  1. The --getbinpkg option can be passed when invoking the emerge command. This method of for binary package installation is useful to install only a particular binary package.
  2. Changing the system's default via Portage's FEATURES variable, which is exposed through the /etc/portage/make.conf file. Applying this configuration change will cause Portage to query the binary package host for the package(s) to be requested and fall back to compiling locally when no results are found.

For example, to have Portage always install available binary packages:

FILE /etc/portage/make.confConfigure Portage to use binary packages by default
# Appending getbinpkg to the list of values within the FEATURES variable
FEATURES="${FEATURES} getbinpkg"
# Require signatures
FEATURES="${FEATURES} binpkg-request-signature"

Additional Portage features will be discussed in the the next chapter of the handbook.

Optional: Configuring the USE variable

USE is one of the most powerful variables Gentoo provides to its users. Several programs can be compiled with or without optional support for certain items. For instance, some programs can be compiled with support for GTK+ or with support for Qt. Others can be compiled with or without SSL support. Some programs can even be compiled with framebuffer support (svgalib) instead of X11 support (X-server).

Most distributions compile their packages with support for as much as possible, increasing the size of the programs and startup time, not to mention an enormous amount of dependencies. With Gentoo, users can define what options for which a package should be compiled. This is where USE comes into play.

In the USE variable users define keywords which are mapped onto compile-options. For instance, ssl will compile SSL support in the programs that support it. -X will remove X-server support (note the minus sign in front). gnome gtk -kde -qt5 will compile programs with GNOME (and GTK+) support, and not with KDE (and Qt) support, making the system fully tweaked for GNOME (if the architecture supports it).

The default USE settings are placed in the make.defaults files of the Gentoo profile used by the system. Gentoo uses a complex inheritance system for system profiles, which will not be covered in depth during the installation process. The easiest way to check the currently active USE settings is to run emerge --info and select the line that starts with USE:

root #emerge --info | grep ^USE
USE="X acl alsa amd64 berkdb bindist bzip2 cli cracklib crypt cxx dri ..."
Informacja
The above example is truncated, the actual list of USE values is much, much larger.

A full description on the available USE flags can be found on the system in /var/db/repos/gentoo/profiles/use.desc.

root #less /var/db/repos/gentoo/profiles/use.desc

Inside the less command, scrolling can be done using the and keys, and exited by pressing q.

As an example we show a USE setting for a KDE-based system with DVD, ALSA, and CD recording support:

root #nano /etc/portage/make.conf
FILE /etc/portage/make.confEnabling flags for a KDE/Plasma-based system with DVD, ALSA, and CD recording support
USE="-gtk -gnome qt5 kde dvd alsa cdr"

When a USE value is defined in /etc/portage/make.conf it is added to the system's USE flag list. USE flags can be globally removed by adding a - minus sign in front of the value in the the list. For example, to disable support for X graphical environments, -X can be set:

FILE /etc/portage/make.confIgnoring default USE flags
USE="-X acl alsa"
Uwaga
Although possible, setting -* (which will disable all USE values except the ones specified in make.conf) is strongly discouraged and unwise. Ebuild developers choose certain default USE flag values in ebuilds in order to prevent conflicts, enhance security, and avoid errors, and other reasons. Disabling all USE flags will negate default behavior and may cause major issues.

CPU_FLAGS_*

Some architectures (including AMD64/X86, ARM, PPC) have a USE_EXPAND variable called CPU_FLAGS_<ARCH>, where <ARCH> is replaced with the relevant system architecture name.

Ważne
Do not be confused! AMD64 and X86 systems share some common architecture, so the proper variable name for AMD64 systems is CPU_FLAGS_X86.

This is used to configure the build to compile in specific assembly code or other intrinsics, usually hand-written or otherwise extra, and is not the same as asking the compiler to output optimized code for a certain CPU feature (e.g. -march=).

Users should set this variable in addition to configuring their COMMON_FLAGS as desired.

A few steps are needed to set this up:

root #emerge --ask app-portage/cpuid2cpuflags

Inspect the output manually if curious:

root #cpuid2cpuflags

Then copy the output into package.use:

root #echo "*/* $(cpuid2cpuflags)" > /etc/portage/package.use/00cpu-flags

VIDEO_CARDS

The VIDEO_CARDS USE_EXPAND variable should be configured appropriately depending on the available GPU(s). Setting VIDEO_CARDS is not required for a console only install.

Below is an example of a properly set VIDEO_CARDS variable. Substitute the name of the driver(s) to be used.

FILE /etc/portage/make.conf
VIDEO_CARDS="amdgpu radeonsi"

Details for various GPU(s) can be found at the AMDGPU, Intel, Nouveau (Open Source), or NVIDIA (Proprietary) articles.

Optional: Configure the ACCEPT_LICENSE variable

Starting with Gentoo Linux Enhancement Proposal 23 (GLEP 23), a mechanism was created to allow system administrators the ability to "regulate the software they install with regards to licenses... Some want a system free of any software that is not OSI-approved; others are simply curious as to what licenses they are implicitly accepting."[2] With a motivation to have more granular control over the type of software running on a Gentoo system, the ACCEPT_LICENSE variable was born.

During the installation process, Portage considers the value(s) set within the ACCEPT_LICENSE variable to determine if the requested package(s) meet the sysadmin's determination of an acceptable license. Here in lies a problem: the Gentoo ebuild repository is filled with thousands of ebuilds which results in hundreds of distinct software licenses... Does this implicate sysadmin into individually approving each and every new software license? Thankfully no; GLEP 23 also outlines a solution to this problem, a concept called license groups.

For the convenience of system administration, legally-similar software licenses have been bundled together - each according to its like-kind. License group definitions are available for viewing and are managed by the Gentoo Licenses project. While an individual license is not, license groups are syntactically preceded with an @ symbol, enabling them to be easily distinguished in the ACCEPT_LICENSE variable.

Some common license groups include:

A list of software licenses grouped according to their kinds.
Name Description
@GPL-COMPATIBLE GPL compatible licenses approved by the Free Software Foundation [a_license 1]
@FSF-APPROVED Free software licenses approved by the FSF (includes @GPL-COMPATIBLE)
@OSI-APPROVED Licenses approved by the Open Source Initiative [a_license 2]
@MISC-FREE Misc licenses that are probably free software, i.e. follow the Free Software Definition [a_license 3] but are not approved by either FSF or OSI
@FREE-SOFTWARE Combines @FSF-APPROVED, @OSI-APPROVED, and @MISC-FREE.
@FSF-APPROVED-OTHER FSF-approved licenses for "free documentation" and "works of practical use besides software and documentation" (including fonts)
@MISC-FREE-DOCS Misc licenses for free documents and other works (including fonts) that follow the free definition [a_license 4] but are NOT listed in @FSF-APPROVED-OTHER.
@FREE-DOCUMENTS Combines @FSF-APPROVED-OTHER and @MISC-FREE-DOCS.
@FREE Metaset of all licenses with the freedom to use, share, modify and share modifications. Combines @FREE-SOFTWARE and @FREE-DOCUMENTS.
@BINARY-REDISTRIBUTABLE Licenses that at least permit free redistribution of the software in binary form. Includes @FREE.
@EULA License agreements that try to take away your rights. These are more restrictive than "all-rights-reserved" or require explicit approval

Currently set system wide acceptable license values can be viewed via:

user $portageq envvar ACCEPT_LICENSE
@FREE

As visible in the output, the default value is to only allow software which has been grouped into the @FREE category to be installed.

Specific licenses or licenses groups for a system can be defined in the following locations:

  • System wide within the selected profile - this sets the default value.
  • System wide within the /etc/portage/make.conf file. System administrators override the profile's default value within this file.
  • Per-package within a /etc/portage/package.license file.
  • Per-package within a /etc/portage/package.license/ directory of files.

The system wide license default in the profile is overridden within the /etc/portage/make.conf:

FILE /etc/portage/make.confAccept licenses with ACCEPT_LICENSE system wide
# Overrides the profile's ACCEPT_LICENSE default value
ACCEPT_LICENSE="-* @FREE @BINARY-REDISTRIBUTABLE"

Optionally system administrators can also define accepted licenses per-package as shown in the following directory of files example. Note that the package.license directory will need created if it does not already exist:

root #mkdir /etc/portage/package.license

Software license details for an individual Gentoo package are stored within the LICENSE variable of the associated ebuild. One package may have one or many software licenses, therefore it be necessary to specify multiple acceptable licenses for a single package.

FILE /etc/portage/package.license/kernelAccepting licenses on a per-package basis
app-arch/unrar unRAR
sys-kernel/linux-firmware @BINARY-REDISTRIBUTABLE
sys-firmware/intel-microcode intel-ucode
Ważne
The LICENSE variable in an ebuild is only a guideline for Gentoo developers and users. It is not a legal statement, and there is no guarantee that it will reflect reality. It is recommended to not solely rely on a ebuild developer's interpretation of a software package's license; but check the package itself in depth, including all files that have been installed to the system.

Optional: Updating the @world set

Updating the system's @world set is optional and will be unlikely to perform functional changes unless one or more of the following optional steps have been performed:

  1. A profile target different from the stage file has been selected.
  2. Additional USE flags have been set for installed packages.

Readers who are performing an 'install Gentoo speed run' may safely skip @world set updates until after their system has rebooted into the new Gentoo environment.

Readers who are performing a slow run can have Portage perform updates for package, profile, and/or USE flag changes at the present time:

root #emerge --ask --verbose --update --deep --newuse @world

Removing obsolete packages

It is important to always depclean after system upgrades to remove obsolete packages. Review the output carefully with emerge --depclean --pretend to see if any of the to-be-cleaned packages should be kept if personally using them. To keep a package which would otherwise be depcleaned, use emerge --noreplace foo.

root #emerge --ask --pretend --depclean

If happy, then proceed with a real depclean:

root #emerge --ask --depclean
Wskazówka
If a desktop environment profile target has been selected from a non-desktop stage file, the @world update process could greatly extend the amount of time necessary for the install process. Those in a time crunch can work by this 'rule of thumb': the shorter the profile name, the less specific the system's @world set. The less specific the @world set, the fewer packages the system will require. E.g.:
  • Selecting default/linux/amd64/ will likely require fewer packages to be updated, whereas
  • Selecting default/linux/amd64//desktop/gnome/systemd will likely require more packages to be installed since the profile target has a larger @system and @profile sets: dependencies supporting the GNOME desktop environment.

Timezone

Informacja
This step does not apply to users of the musl libc. Users who do not know what that means should perform this step.
Uwaga
Please avoid the /usr/share/zoneinfo/Etc/GMT* timezones as their names do not indicate the expected zones. For instance, GMT-8 is in fact GMT+8.

Select the timezone for the system. Look for the available timezones in /usr/share/zoneinfo/:

root #ls -l /usr/share/zoneinfo
total 352
drwxr-xr-x 2 root root   1120 Jan  7 17:41 Africa
drwxr-xr-x 6 root root   2960 Jan  7 17:41 America
drwxr-xr-x 2 root root    280 Jan  7 17:41 Antarctica
drwxr-xr-x 2 root root     60 Jan  7 17:41 Arctic
drwxr-xr-x 2 root root   2020 Jan  7 17:41 Asia
drwxr-xr-x 2 root root    280 Jan  7 17:41 Atlantic
drwxr-xr-x 2 root root    500 Jan  7 17:41 Australia
drwxr-xr-x 2 root root    120 Jan  7 17:41 Brazil
-rw-r--r-- 1 root root   2094 Dec  3 17:19 CET
-rw-r--r-- 1 root root   2310 Dec  3 17:19 CST6CDT
drwxr-xr-x 2 root root    200 Jan  7 17:41 Canada
drwxr-xr-x 2 root root     80 Jan  7 17:41 Chile
-rw-r--r-- 1 root root   2416 Dec  3 17:19 Cuba
-rw-r--r-- 1 root root   1908 Dec  3 17:19 EET
-rw-r--r-- 1 root root    114 Dec  3 17:19 EST
-rw-r--r-- 1 root root   2310 Dec  3 17:19 EST5EDT
-rw-r--r-- 1 root root   2399 Dec  3 17:19 Egypt
-rw-r--r-- 1 root root   3492 Dec  3 17:19 Eire
drwxr-xr-x 2 root root    740 Jan  7 17:41 Etc
drwxr-xr-x 2 root root   1320 Jan  7 17:41 Europe
...
root #ls -l /usr/share/zoneinfo/Europe/
total 256
-rw-r--r-- 1 root root 2933 Dec  3 17:19 Amsterdam
-rw-r--r-- 1 root root 1742 Dec  3 17:19 Andorra
-rw-r--r-- 1 root root 1151 Dec  3 17:19 Astrakhan
-rw-r--r-- 1 root root 2262 Dec  3 17:19 Athens
-rw-r--r-- 1 root root 3664 Dec  3 17:19 Belfast
-rw-r--r-- 1 root root 1920 Dec  3 17:19 Belgrade
-rw-r--r-- 1 root root 2298 Dec  3 17:19 Berlin
-rw-r--r-- 1 root root 2301 Dec  3 17:19 Bratislava
-rw-r--r-- 1 root root 2933 Dec  3 17:19 Brussels
...

Suppose the timezone of choice is Europe/Brussels.

OpenRC

The desired timezone name can be written to /etc/timezone:

root #echo "Europe/Brussels" > /etc/timezone

Finally, the sys-libs/timezone-data package can be reconfigured - updating /etc/localtime, based on the /etc/timezone entry:

root #emerge --config sys-libs/timezone-data
Informacja
The /etc/localtime file is used by the system C library to know the timezone the system is in.

systemd

A slightly different approach is employed when using systemd. A symbolic link is generated:

root #ln -sf ../usr/share/zoneinfo/Europe/Brussels /etc/localtime

Later, when systemd is running, the timezone and related settings can be configured with the timedatectl command.

Configure locales

Informacja
This step does not apply to users of the musl libc. Users who do not know what that means should perform this step.

Locale generation

Most users will want to use only one or two locales on their system.

Locales specify not only the language that the user should use to interact with the system, but also the rules for sorting strings, displaying dates and times, etc. Locales are case sensitive and must be represented exactly as described. A full listing of available locales can be found in the /usr/share/i18n/SUPPORTED file.

Supported system locales must be defined in the /etc/locale.gen file.

root #nano /etc/locale.gen

The following locales are an example to get both English (United States) and German (Germany/Deutschland) with the accompanying character formats (like UTF-8).

FILE /etc/locale.genEnabling US and DE locales with the appropriate character formats
en_US ISO-8859-1
en_US.UTF-8 UTF-8
de_DE ISO-8859-1
de_DE.UTF-8 UTF-8
Uwaga
Many applications require least one UTF-8 locale to build properly.

The next step is to run the locale-gen command. This command generates all locales specified in the /etc/locale.gen file.

root #locale-gen

To verify that the selected locales are now available, run locale -a.

On systemd installs, localectl can be used, e.g. localectl set-locale ... or localectl list-locales.

Locale selection

Once done, it is now time to set the system-wide locale settings. Again eselect is used, now with the locale module.

With eselect locale list, the available targets are displayed:

root #eselect locale list
Available targets for the LANG variable:
  [1]  C
  [2]  C.utf8
  [3]  en_US
  [4]  en_US.iso88591
  [5]  en_US.utf8
  [6]  de_DE
  [7]  de_DE.iso88591
  [8]  de_DE.utf8
  [9] POSIX
  [ ]  (free form)

With eselect locale set <NUMBER> the correct locale can be selected:

root #eselect locale set 9

Manually, this can still be accomplished through the /etc/env.d/02locale file and for systemd the /etc/locale.conf file:

FILE /etc/env.d/02localeManually setting system locale definitions
LANG="de_DE.UTF-8"
LC_COLLATE="C.UTF-8"

Setting the locale will avoid warnings and errors during kernel and software compilations later in the installation.

Now reload the environment:

root #env-update && source /etc/profile && export PS1="(chroot) ${PS1}"

For additional guidance through the locale selection process read also the Localization guide and the UTF-8 guide.



Optional: Installing firmware and/or microcode

Firmware

Linux Firmware

Before getting to configuring kernel sections, it is beneficial to be aware that some hardware devices require additional, sometimes non-FOSS compliant, firmware to be installed on the system before they will operate correctly. This is often the case for wireless network interfaces commonly found in both desktop and laptop computers. Modern video chips from vendors like AMD, Nvidia, and Intel, often also require external firmware files to be fully functional. Most firmware for modern hardware devices can be found within the sys-kernel/linux-firmware package.

It is recommended to have the sys-kernel/linux-firmware package installed before the initial system reboot in order to have the firmware available in the event that it is necessary:

root #emerge --ask sys-kernel/linux-firmware
Informacja
Installing certain firmware packages often requires accepting the associated firmware licenses. If necessary, visit the license handling section of the Handbook for help on accepting licenses.

It is important to note that kernel symbols that are built as modules (M) will load their associated firmware files from the filesystem when they are loaded by the kernel. It is not necessary to include the device's firmware files into the kernel's binary image for symbols loaded as modules.

SOF Firmware

Ważne
Use of this firmware requires enabling certain Kernel options and is only supported on AMD64 currently. Enabling these options are only necessary if a manual configuration is planned, as the Distribution Kernels have them enabled already. The necessary options are covered in architecture specific kernel configuration.

Sound Open Firmware (SOF) is a new open source audio driver meant to replace the proprietary Smart Sound Technology (SST) audio driver from Intel. 10th gen+ and Apollo Lake (Atom E3900, Celeron N3350, and Pentium N4200) Intel CPUs require this firmware for certain features and certain AMD APUs also have support for this firmware. SOF's supported platforms matrix can be found here for more information.

root #emerge --ask sys-firmware/sof-firmware

Microcode

In addition to discrete graphics hardware and network interfaces, CPUs also can require firmware updates. Typically this kind of firmware is referred to as microcode. Newer revisions of microcode are sometimes necessary to patch instability, security concerns, or other miscellaneous bugs in CPU hardware.

Microcode updates for AMD CPUs are distributed within the aforementioned sys-kernel/linux-firmware package. Microcode for Intel CPUs can be found within the sys-firmware/intel-microcode package, which will need to be installed separately. See the Microcode article for more information on how to apply microcode updates.

Kernel configuration and compilation

Now it is time to configure and compile the kernel sources. For the purposes of the installation, three approaches to kernel management will be presented, however at any point post-installation a new approach can be employed.

Ranked from least involved to most involved:

Full automation approach: Distribution kernels
A Distribution Kernel is used to configure, automatically build, and install the Linux kernel, its associated modules, and (optionally, but enabled by default) an initramfs file. Future kernel updates are fully automated since they are handled through the package manager, just like any other system package. It is possible provide a custom kernel configuration file if customization is necessary. This is the least involved process and is perfect for new Gentoo users due to it working out-of-the-box and offering minimal involvement from the system administrator.
Hybrid approach: Genkernel
New kernel sources are installed via the system package manager. System administrators may use Gentoo's genkernel tool to configure, build, and install the Linux kernel, its associated modules, and (optionally, but not enabled by default) an initramfs file. It is possible provide a custom kernel configuration file if customization is necessary. Future kernel configuration, compilation, and installation require the system administrator's involvement in the form of running eselect kernel, genkernel, and potentially other commands for each update.
Full manual approach
New kernel sources are installed via the system package manager. The kernel is manually configured, built, and installed using the eselect kernel and a slew of make commands. Future kernel updates repeat the manual process of configuring, building, and installing the kernel files. This is the most involved process, but offers maximum control over the kernel update process.

The core around which all distributions are built is the Linux kernel. It is the layer between the user's programs and the system hardware. Although the handbook provides its users several possible kernel sources, a more comprehensive listing with more detailed descriptions is available at the Kernel overview page.

Installing the kernel sources

Informacja
This section is only relevant when using the following genkernel (hybrid) or manual kernel management approach.

When installing and compiling the kernel for mips-based systems, Gentoo recommends the sys-kernel/mips-sources package.

Choose an appropriate kernel source and install it using emerge:

root #emerge --ask sys-kernel/mips-sources

This will install the Linux kernel sources in /usr/src/ using the specific kernel version in the path. It will not create a symbolic link by itself without the symlink USE flag being enabled on the chosen kernel sources package.

It is conventional for a /usr/src/linux symlink to be maintained, such that it refers to whichever sources correspond with the currently running kernel. However, this symbolic link will not be created by default. An easy way to create the symbolic link is to utilize eselect's kernel module.

For further information regarding the purpose of the symlink, and how to manage it, please refer to Kernel/Upgrade.

First, list all installed kernels:

root #eselect kernel list
Available kernel symlink targets:
  [1]   linux-3.16.5-gentoo

In order to create a symbolic link called linux, use:

root #eselect kernel set 1
root #ls -l /usr/src/linux
lrwxrwxrwx    1 root   root    12 Oct 13 11:04 /usr/src/linux -> linux-3.16.5-gentoo

Alternative: Genkernel

Informacja
In case it was missed, this section requires the kernel sources to be installed. Be sure to obtain the relevant kernel sources, then return here for the rest of section.

If an entirely manual configuration looks too daunting, system administrators should consider using genkernel as a hybrid approach to kernel maintenance.

Genkernel provides a generic kernel configuration file and will compile the kernel and initramfs, then install the resulting binaries to the appropriate locations. This results in minimal and generic hardware support for the system's first boot, and allows for additional update control and customization of the kernel's configuration in the future.

Be informed: while using genkernel to maintain the kernel provides system administrators with more update control over the system's kernel, initramfs, and other options, it will require a time and effort commitment to perform future kernel updates as new sources are released. Those looking for a hands-off approach to kernel maintenance should use a distribution kernel.

For additional clarity, it is a misconception to believe genkernel automatically generates a custom kernel configuration for the hardware on which it is run; it uses a predetermined kernel configuration that supports most generic hardware and automatically handles the make commands necessary to assemble and install the kernel, the associate modules, and the initramfs file.

Binary redistributable software license group

If the linux-firmware package has been previously installed, then skip onward to the to the installation section.

As a prerequisite, due to the firwmare USE flag being enabled by default for the sys-kernel/genkernel package, the package manager will also attempt to pull in the sys-kernel/linux-firmware package. The binary redistributable software licenses are required to be accepted before the linux-firmware will install.

This license group can be accepted system-wide for any package by adding the @BINARY-REDISTRIBUTABLE as an ACCEPT_LICENSE value in the /etc/portage/make.conf file. It can be exclusively accepted for the linux-firmware package by adding a specific inclusion via a /etc/portage/package.license/linux-firmware file.

If necessary, review the methods of accepting software licenses available in the Installing the base system chapter of the handbook, then make some changes for acceptable software licenses.

If in analysis paralysis, the following will do the trick:

root #mkdir /etc/portage/package.license
FILE /etc/portage/package.license/linux-firmwareAccept binary redistributable licenses for the linux-firmware package
sys-kernel/linux-firmware @BINARY-REDISTRIBUTABLE

Installation

Explanations and prerequisites aside, install the sys-kernel/genkernel package:

root #emerge --ask sys-kernel/genkernel

Generation

Compile the kernel sources by running genkernel all. Be aware though, as genkernel compiles a kernel that supports a wide array of hardware for differing computer architectures, this compilation may take quite a while to finish.

Informacja
If the root partition/volume uses a filesystem other than ext4, it may be necessary to manually configure the kernel using genkernel --menuconfig all to add built-in kernel support for the particular filesystem(s) (i.e. not building the filesystem as a module).
Informacja
Users of LVM2 should add --lvm as an argument to the genkernel command below.
root #genkernel --mountboot --install all

Once genkernel completes, a kernel and an initial ram filesystem (initramfs) will be generated and installed into the /boot directory. Associated modules will be installed into the /lib/modules directory. The initramfs will be started immediately after loading the kernel to perform hardware auto-detection (just like in the live disk image environments).

root #ls /boot/vmlinu* /boot/initramfs*
root #ls /lib/modules

Alternative: Manual configuration

Introduction

Informacja
In case it was missed, this section requires the kernel sources to be installed. Be sure to obtain the relevant kernel sources, then return here for the rest of section.

Manually configuring a kernel is commonly seen as one of the most difficult procedures a system administrator has to perform. Nothing is less true - after configuring a few kernels no one remembers that it was difficult!

However, one thing is true: it is vital to know the system when a kernel is configured manually. Most information can be gathered by emerging sys-apps/pciutils which contains the lspci command:

root #emerge --ask sys-apps/pciutils
Informacja
Inside the chroot, it is safe to ignore any pcilib warnings (like pcilib: cannot open /sys/bus/pci/devices) that lspci might throw out.

Another source of system information is to run lsmod to see what kernel modules the installation CD uses as it might provide a nice hint on what to enable.

Now go to the kernel source directory and execute make menuconfig. This will fire up menu-driven configuration screen.

root #cd /usr/src/linux
root #make menuconfig

The Linux kernel configuration has many, many sections. Let's first list some options that must be activated (otherwise Gentoo will not function, or not function properly without additional tweaks). We also have a Gentoo kernel configuration guide on the Gentoo wiki that might help out further.

Enabling required options

When using sys-kernel/gentoo-sources, it is strongly recommend the Gentoo-specific configuration options be enabled. These ensure that a minimum of kernel features required for proper functioning is available:

KERNEL Enabling Gentoo-specific options
Gentoo Linux --->
  Generic Driver Options --->
    [*] Gentoo Linux support
    [*]   Linux dynamic and persistent device naming (userspace devfs) support
    [*]   Select options required by Portage features
        Support for init systems, system and service managers  --->
          [*] OpenRC, runit and other script based systems and managers
          [*] systemd

Naturally the choice in the last two lines depends on the selected init system (OpenRC vs. systemd). It does not hurt to have support for both init systems enabled.

When using sys-kernel/vanilla-sources, the additional selections for init systems will be unavailable. Enabling support is possible, but goes beyond the scope of the handbook.

Enabling support for typical system components

Make sure that every driver that is vital to the booting of the system (such as SATA controllers, NVMe block device support, filesystem support, etc.) is compiled in the kernel and not as a module, otherwise the system may not be able to boot completely.

Next select the exact processor type. It is also recommended to enable MCE features (if available) so that users are able to be notified of any hardware problems. On some architectures (such as x86_64), these errors are not printed to dmesg, but to /dev/mcelog. This requires the app-admin/mcelog package.

Also select Maintain a devtmpfs file system to mount at /dev so that critical device files are already available early in the boot process (CONFIG_DEVTMPFS and CONFIG_DEVTMPFS_MOUNT):

KERNEL Enabling devtmpfs support (CONFIG_DEVTMPFS)
Device Drivers --->
  Generic Driver Options --->
    [*] Maintain a devtmpfs filesystem to mount at /dev
    [*]   Automount devtmpfs at /dev, after the kernel mounted the rootfs

Verify SCSI disk support has been activated (CONFIG_BLK_DEV_SD):

KERNEL Enabling SCSI disk support (CONFIG_SCSI, CONFIG_BLK_DEV_SD)
Device Drivers --->
  SCSI device support  ---> 
    <*> SCSI device support
    <*> SCSI disk support
KERNEL Enabling basic SATA and PATA support (CONFIG_ATA_ACPI, CONFIG_SATA_PMP, CONFIG_SATA_AHCI, CONFIG_ATA_BMDMA, CONFIG_ATA_SFF, CONFIG_ATA_PIIX)
Device Drivers --->
  <*> Serial ATA and Parallel ATA drivers (libata)  --->
    [*] ATA ACPI Support
    [*] SATA Port Multiplier support
    <*> AHCI SATA support (ahci)
    [*] ATA BMDMA support
    [*] ATA SFF support (for legacy IDE and PATA)
    <*> Intel ESB, ICH, PIIX3, PIIX4 PATA/SATA support (ata_piix)

Verify basic NVMe support has been enabled:

KERNEL Enable basic NVMe support for Linux 4.4.x (CONFIG_BLK_DEV_NVME)
Device Drivers  --->
  <*> NVM Express block device
KERNEL Enable basic NVMe support for Linux 5.x.x (CONFIG_DEVTMPFS)
Device Drivers --->
  NVME Support --->
    <*> NVM Express block device

It does not hurt to enable the following additional NVMe support:

KERNEL Enabling additional NVMe support (CONFIG_NVME_MULTIPATH, CONFIG_NVME_MULTIPATH, CONFIG_NVME_HWMON, CONFIG_NVME_FC, CONFIG_NVME_TCP, CONFIG_NVME_TARGET, CONFIG_NVME_TARGET_PASSTHRU, CONFIG_NVME_TARGET_LOOP, CONFIG_NVME_TARGET_FC, CONFIG_NVME_TARGET_FCLOOP, CONFIG_NVME_TARGET_TCP
[*] NVMe multipath support
[*] NVMe hardware monitoring
<M> NVM Express over Fabrics FC host driver
<M> NVM Express over Fabrics TCP host driver
<M> NVMe Target support
  [*]   NVMe Target Passthrough support
  <M>   NVMe loopback device support
  <M>   NVMe over Fabrics FC target driver
  < >     NVMe over Fabrics FC Transport Loopback Test driver (NEW)
  <M>   NVMe over Fabrics TCP target support

Now go to File Systems and select support for the filesystems that will be used by the system. Do not compile the file system that is used for the root filesystem as module, otherwise the system may not be able to mount the partition. Also select Virtual memory and /proc file system. Select one or more of the following options as needed by the system:

KERNEL Enable file system support (CONFIG_EXT2_FS, CONFIG_EXT3_FS, CONFIG_EXT4_FS, CONFIG_BTRFS_FS, CONFIG_XFS_FS, CONFIG_MSDOS_FS, CONFIG_VFAT_FS, CONFIG_PROC_FS, and CONFIG_TMPFS)
File systems --->
  <*> Second extended fs support
  <*> The Extended 3 (ext3) filesystem
  <*> The Extended 4 (ext4) filesystem
  <*> Btrfs filesystem support
  <*> XFS filesystem support
  DOS/FAT/NT Filesystems  --->
    <*> MSDOS fs support
    <*> VFAT (Windows-95) fs support
  Pseudo Filesystems --->
    [*] /proc file system support
    [*] Tmpfs virtual memory file system support (former shm fs)

If PPPoE is used to connect to the Internet, or a dial-up modem, then enable the following options (CONFIG_PPP, CONFIG_PPP_ASYNC, and CONFIG_PPP_SYNC_TTY):

KERNEL Enabling PPPoE support (PPPoE, CONFIG_PPPOE, CONFIG_PPP_ASYNC, CONFIG_PPP_SYNC_TTY
Device Drivers --->
  Network device support --->
    <*> PPP (point-to-point protocol) support
    <*> PPP over Ethernet
    <*> PPP support for async serial ports
    <*> PPP support for sync tty ports

The two compression options won't harm but are not definitely needed, neither does the PPP over Ethernet option, that might only be used by ppp when configured to do kernel mode PPPoE.

Don't forget to include support in the kernel for the network (Ethernet or wireless) cards.

Most systems also have multiple cores at their disposal, so it is important to activate Symmetric multi-processing support (CONFIG_SMP):

KERNEL Activating SMP support (CONFIG_SMP)
Processor type and features  --->
  [*] Symmetric multi-processing support
Informacja
In multi-core systems, each core counts as one processor.

If USB input devices (like keyboard or mouse) or other USB devices will be used, do not forget to enable those as well:

KERNEL Enable USB and human input device support (CONFIG_HID_GENERIC, CONFIG_USB_HID, CONFIG_USB_SUPPORT, CONFIG_USB_XHCI_HCD, CONFIG_USB_EHCI_HCD, CONFIG_USB_OHCI_HCD, (CONFIG_HID_GENERIC, CONFIG_USB_HID, CONFIG_USB_SUPPORT, CONFIG_USB_XHCI_HCD, CONFIG_USB_EHCI_HCD, CONFIG_USB_OHCI_HCD, CONFIG_USB4)
Device Drivers --->
  HID support  --->
    -*- HID bus support
    <*>   Generic HID driver
    [*]   Battery level reporting for HID devices
      USB HID support  --->
        <*> USB HID transport layer
  [*] USB support  --->
    <*>     xHCI HCD (USB 3.0) support
    <*>     EHCI HCD (USB 2.0) support
    <*>     OHCI HCD (USB 1.1) support
  <*> Unified support for USB4 and Thunderbolt  --->

Optional: Signed kernel modules

To automatically sign the kernel modules enable CONFIG_MODULE_SIG_ALL:

KERNEL Sign kernel modules CONFIG_MODULE_SIG_ALL
[*] Enable loadable module support  
  -*-   Module signature verification    
    [*]     Automatically sign all modules    
    Which hash algorithm should modules be signed with? (Sign modules with SHA-512) --->

Optionally change the hash algorithm if desired.

To enforce that all modules are signed with a valid signature, enable CONFIG_MODULE_SIG_FORCE as well:

KERNEL Enforce signed kernel modules CONFIG_MODULE_SIG_FORCE
[*] Enable loadable module support  
  -*-   Module signature verification    
    [*]     Require modules to be validly signed
    [*]     Automatically sign all modules
    Which hash algorithm should modules be signed with? (Sign modules with SHA-512) --->

To use a custom key, specify the location of this key in CONFIG_MODULE_SIG_KEY, if unspecified the kernel build system will generate a key. It is recommended to generate one manually instead. This can be done with:

root #openssl req -new -nodes -utf8 -sha256 -x509 -outform PEM -out kernel_key.pem -keyout kernel_key.pem

OpenSSL will ask some questions about the user generating the key, it is recommended to fill in these questions as detailed as possible.

Store the key in a safe location, at the very least the key should be readable only by the root user. Verify this with:

root #ls -l kernel_key.pem
 -r-------- 1 root root 3164 Jan  4 10:38 kernel_key.pem 

If this outputs anything other then the above, correct the permissions with:

root #chown root:root kernel_key.pem
root #chmod 400 kernel_key.pem
KERNEL Specify signing key CONFIG_MODULE_SIG_KEY
-*- Cryptographic API  ---> 
  Certificates for signature checking  --->  
    (/path/to/kernel_key.pem) File name or PKCS#11 URI of module signing key

To also sign external kernel modules installed by other packages via linux-mod-r1.eclass, enable the modules-sign USE flag globally:

FILE /etc/portage/make.confEnable module signing
USE="modules-sign"
</div>

<div lang="en" dir="ltr" class="mw-content-ltr">
# Optionally, when using custom signing keys.
MODULES_SIGN_KEY="/path/to/kernel_key.pem"
MODULES_SIGN_CERT="/path/to/kernel_key.pem" # Only required if the MODULES_SIGN_KEY does not also contain the certificate
MODULES_SIGN_HASH="sha512" # Defaults to sha512
Informacja
The MODULES_SIGN_KEY and MODULES_SIGN_CERT may be different files. For this example the pem file generated by OpenSSL includes both the key and the accompanying certificate, and thus both variables are set to the same value.

Optional: Signing the kernel image (Secure Boot)

When signing the kernel image (for use on systems with Secure Boot enabled) it is recommended to set the following kernel config options:

KERNEL Lockdown for secureboot
General setup  --->
  Kexec and crash features  --->   
    [*] Enable kexec system call                                                                                          
    [*] Enable kexec file based system call                                                                               
    [*]   Verify kernel signature during kexec_file_load() syscall                                                        
    [*]     Require a valid signature in kexec_file_load() syscall                                                        
    [*]     Enable ""image"" signature verification support
</div>  

<div lang="en" dir="ltr" class="mw-content-ltr">
[*] Enable loadable module support  
  -*-   Module signature verification    
    [*]     Require modules to be validly signed
    [*]     Automatically sign all modules
    Which hash algorithm should modules be signed with? (Sign modules with SHA-512) --->
</div>  

<div lang="en" dir="ltr" class="mw-content-ltr">
Security options  ---> 
[*] Integrity subsystem   
  [*] Basic module for enforcing kernel lockdown                                                                       
  [*]   Enable lockdown LSM early in init                                                                       
        Kernel default lockdown mode (Integrity)  --->
</div>            

  <div lang="en" dir="ltr" class="mw-content-ltr">
[*]   Digital signature verification using multiple keyrings                                                            
  [*]     Enable asymmetric keys support                                                                                     
  -*-       Require all keys on the integrity keyrings be signed                                                              
  [*]       Provide keyring for platform/firmware trusted keys                                                                
  [*]       Provide a keyring to which Machine Owner Keys may be added                                                        
  [ ]         Enforce Machine Keyring CA Restrictions

Where ""image"" is a placeholder for the architecture specific image name. These options, from the top to the bottom: enforces that the kernel image in a kexec call must be signed (kexec allows replacing the kernel in-place), enforces that kernel modules are signed, enables lockdown integrity mode (prevents modifying the kernel at runtime), and enables various keychains.

On arches that do not natively support decompressing the kernel (e.g. arm64 and riscv), the kernel must be built with its own decompressor (zboot):

KERNEL zboot CONFIG_EFI_ZBOOT
Device Drivers --->                                                                                                                           
  Firmware Drivers --->                                                                                                                       
    EFI (Extensible Firmware Interface) Support --->                                                                                               
      [*] Enable the generic EFI decompressor

After compilation of the kernel, as explained in the next section, the kernel image must be signed. First install app-crypt/sbsigntools and then sign the kernel image:

root #emerge --ask app-crypt/sbsigntools
root #sbsign /usr/src/linux-x.y.z/path/to/kernel-image --cert /path/to/kernel_key.pem --key /path/to/kernel_key.pem --out /usr/src/linux-x.y.z/path/to/kernel-image
Informacja
For this example the same key that was generated to sign the modules is used to sign the kernel image. It is also possible to generate and use a second sperate key for signing the kernel image. The same OpenSSL command as in the previous section may be used again.

Then proceed with the installation.

To automatically sign EFI executables installed by other packages, enable the secureboot USE flag globally:

FILE /etc/portage/make.confEnable Secure Boot
USE="modules-sign secureboot"
</div>

<div lang="en" dir="ltr" class="mw-content-ltr">
# Optionally, to use custom signing keys.
MODULES_SIGN_KEY="/path/to/kernel_key.pem"
MODULES_SIGN_CERT="/path/to/kernel_key.pem" # Only required if the MODULES_SIGN_KEY does not also contain the certificate.
MODULES_SIGN_HASH="sha512" # Defaults to sha512
</div>

<div lang="en" dir="ltr" class="mw-content-ltr">
# Optionally, to boot with secureboot enabled, may be the same or different signing key.
SECUREBOOT_SIGN_KEY="/path/to/kernel_key.pem"
SECUREBOOT_SIGN_CERT="/path/to/kernel_key.pem"
Informacja
The SECUREBOOT_SIGN_KEY and SECUREBOOT_SIGN_CERT may be different files. For this example the pem file generated by OpenSSL includes both the key and the accompanying certificate, and thus both variables are set to the same value.
Informacja
When generating an Unified Kernel Image with systemd's ukify the kernel image will be signed automatically before inclusion in the unified kernel image and it is not necessary to sign it manually.


Preparing the configuration

Ważne
On the Origin 200/2000, Indigo2 Impact (R10000), Octane/Octane2 and O2, a 64-bit kernel is required to boot these systems. For these machines, emerge sys-devel/kgcc64 to create a cross-compiler for building 64-bit kernels.

Many of the systems supported have sample default .config files hiding in amongst the kernel source. Not all systems have configs distributed in this way. Those that do, can be configured using the commands mentioned in the table below.

System Configure command
Cobalt Servers make cobalt_defconfig
Indy, Indigo2 (R4k), Challenge S make ip22_defconfig
Origin 200/2000 make ip27_defconfig
Indigo2 Impact (R10k) make ip28_defconfig
O2 make ip32_defconfig

All of the Gentoo installation images provide a kernel config option as part of the image itself, accessible as /proc/config.gz. This may be used in many cases. It is best though if the kernel source matches closely the kernel that is currently running. To extract it, simply run it through zcat as shown below.

root #zcat /proc/config.gz > .config
Ważne
This kernel config is set up for a netboot image. That is, it will expect to find a root filesystem image somewhere nearby, either as a directory for initramfs, or a loopback device for initrd. When executing make menuconfig, don't forget to go into General Setup and disable the options for initramfs.

Customizing the configuration

Once a configuration is found, download it into the kernel source directory, and rename it to .config. From there, run make oldconfig to bring everything up to date according to the instructions above, and customize the configuration before compiling.

root #cd /usr/src/linux
root #cp /path/to/example-config .config
root #make oldconfig

Just press the ENTER (or Return) key at each prompt to accept the defaults for now ...

root #make menuconfig
Ważne
In the Kernel Hacking section, there is an option named "Are You Using A Cross Compiler?". This tells the kernel Makefiles to prepend "mips-linux-" (or mipsel-linux ... etc) to gcc and as commands when compiling the kernel. This should be turned off, even if cross-compiling. Instead, if a cross-compiler needs to be called, specify the prefix using the CROSS_COMPILE variable as shown in the next section.
Ważne
There is a known issue with JFS and ALSA on Octane systems where the ALSA fails to work. Given the experimental nature of JFS on MIPS, it is recommended that people avoid using JFS for the time being.

Compiling and installing

Now that the kernel is configured, it is time to compile and install it. Exit the configuration and start the compilation process:

Informacja
On 64-bit machines, specify CROSS_COMPILE=mips64-unknown-linux-gnu- (or mips64el-... if on a little-endian system) to use the 64-bit compiler.

To compile natively:

root #make vmlinux modules modules_install

Cross-compiling on target machine, adjust the mips64-unknown-linux-gnu- accordingly:

root #make vmlinux modules modules_install CROSS_COMPILE=mips64-unknown-linux-gnu-

When compiling on another machine, such as an x86 box, use the following commands to compile the kernel & install modules into a specific directory to be transferred to the target machine.

root #make vmlinux modules CROSS_COMPILE=mips64-unknown-linux-gnu-
root #make modules_install INSTALL_MOD_PATH=/somewhere
Ważne
When compiling a 64-bit kernel for the Indy, Indigo2 (R4k), Challenge S and O2, use the vmlinux.32 target instead of vmlinux. Otherwise, the machine will not be able to boot. This is to work around the PROM not understanding the ELF64 format.
root #make vmlinux.32
Informacja
It is possible to enable parallel builds using make -jN with N being the number of parallel tasks that the build process is allowed to launch. This is similar to the instructions about /etc/portage/make.conf earlier, with the MAKEOPTS variable.

The above will create vmlinux.32, which is the final kernel.

When the kernel has finished compiling, copy the kernel image to /boot/.

Informacja
On Cobalt servers, the bootloader will expect to see a compressed kernel image. Remember to gzip -9 the file once it is in /boot/.
root #cp vmlinux /boot/kernel-3.16.5-gentoo

For Cobalt servers, compress the kernel image:

root #gzip -9v /boot/kernel-3.16.5-gentoo


Kernel installation

Installkernel

Installkernel may be used to automate, the kernel installation, initramfs generation, unified kernel image generation and/or bootloader configuration among other things. sys-kernel/installkernel implements two paths of achieving this: the traditional installkernel originating from Debian and systemd's kernel-install. Which one to choose depends, among other things, on the system's bootloader. By default systemd's kernel-install is used on systemd profiles, while the traditional installkernel is the default for other profiles.

If unsure, follow the 'Traditional layout' subsection below.

systemd-boot

When using systemd-boot (formerly gummiboot) as the bootloader, systemd's kernel-install must be used. Therefore ensure the systemd and the systemd-boot USE flags are enabled on sys-kernel/installkernel, and then install the relevant package for systemd-boot.

On OpenRC systems:

FILE /etc/portage/package.use/systemd-boot
sys-apps/systemd-utils boot kernel-install
sys-kernel/installkernel systemd systemd-boot
root #emerge --ask sys-apps/systemd-utils

On systemd systems:

FILE /etc/portage/package.use/systemd
sys-apps/systemd boot
sys-kernel/installkernel systemd-boot
# Needed for <systemd-254
sys-apps/systemd gnuefi
root #emerge --ask sys-apps/systemd

GRUB

Users of GRUB can use either systemd's kernel-install or the traditional Debian installkernel. The systemd USE flag switches between these implementations. To automatically run grub-mkconfig when installing the kernel, enable the grub USE flag.

FILE /etc/portage/package.use/installkernel
sys-kernel/installkernel grub
root #emerge --ask sys-kernel/installkernel

When systemd's kernel-install is used, it should be configured to use the grub layout, this is the default if the grub USE flag is enabled:

FILE /etc/kernel/install.conf
layout=grub

Traditional layout, other bootloaders (e.g. lilo, etc.)

The traditional /boot layout (for e.g. LILO, etc.) is used by default if the grub, systemd-boot and uki USE flags are not enabled. No further action is required.


Building an initramfs

In certain cases it is necessary to build an initramfs - an initial ram-based file system. The most common reason is when important file system locations (like /usr/ or /var/) are on separate partitions. With an initramfs, these partitions can be mounted using the tools available inside the initramfs. The default configuration of the Project:Distribution Kernel requires an initramfs.

Without an initramfs, there is a risk that the system will not boot properly as the tools that are responsible for mounting the file systems require information that resides on unmounted file systems. An initramfs will pull in the necessary files into an archive which is used right after the kernel boots, but before the control is handed over to the init tool. Scripts on the initramfs will then make sure that the partitions are properly mounted before the system continues booting.

Ważne
If using genkernel, it should be used for both building the kernel and the initramfs. When using genkernel only for generating an initramfs, it is crucial to pass --kernel-config=/path/to/kernel.config to genkernel or the generated initramfs may not work with a manually built kernel. Note that manually built kernels go beyond the scope of support for the handbook. See the kernel configuration article for more information.

Installkernel can automatically generate an initramfs when installing the kernel if the dracut USE flag is enabled:

FILE /etc/portage/package.use/installkernel
sys-kernel/installkernel dracut

Alternatively, dracut may be called manually to generate an initramfs. Install sys-kernel/dracut first, then have it generate an initramfs:

root #emerge --ask sys-kernel/dracut
root #dracut --kver=3.16.5-gentoo

The initramfs will be stored in /boot/. The resulting file can be found by simply listing the files starting with initramfs:

root #ls /boot/initramfs*

Optional: Building an Unified Kernel Image

An Unified Kernel Image (UKI) combines, among other things, the kernel, the initramfs and the kernel command line into a single executable. Since the kernel command line is embedded into the unified kernel image it should be specified before generating the unified kernel image (see below). Note that any kernel command line arguments supplied by the bootloader or firmware at boot are ignored when booting with secure boot enabled.

An unified kernel image requires a stub loader, currently the only one available is systemd-stub. To enable it:

For systemd systems:

FILE /etc/portage/package.use/systemd
sys-apps/systemd boot

For OpenRC systems:

FILE /etc/portage/package.use/systemd-utils
sys-apps/systemd-utils boot

Installkernel can automatically generate an unified kernel image using either dracut or ukify, by enabling the respective flag. The uki USE flag should be enabled as well to install the generated unified kernel image to the $ESP/EFI/Linux directory on the EFI system partition (ESP).

For dracut:

FILE /etc/portage/package.use/installkernel
sys-kernel/installkernel dracut uki
FILE /etc/dracut.conf
uefi="yes"
kernel_cmdline="some-kernel-command-line-arguments"

For ukify:

FILE /etc/portage/package.use/installkernel
sys-kernel/installkernel dracut ukify uki
FILE /etc/kernel/cmdline
some-kernel-command-line-arguments

Note that while dracut can generate both an initramfs and an unified kernel image, ukify can only generate the latter and therefore the initramfs must be generated separately with dracut.

Generic Unified Kernel Image

The prebuilt sys-kernel/gentoo-kernel-bin can optionally install a prebuilt generic unified kernel image containing a generic initramfs that is able to boot most systemd based systems. It can be installed by enabling the generic-uki USE flag, and configuring installkernel to not generate a custom initramfs or unified kernel image:

FILE /etc/portage/package.use/generic-uki
sys-kernel/gentoo-kernel-bin generic-uki
sys-kernel/installkernel -dracut -ukify uki

Secure Boot

The generic Unified Kernel Image optionally distributed by sys-kernel/gentoo-kernel-bin is already pre-signed. How to sign a locally generated unified kernel image depends on whether dracut or ukify is used. Note that the location of the key and certificate should be the same as the SECUREBOOT_SIGN_KEY and SECUREBOOT_SIGN_CERT as specified in /etc/portage/make.conf.

For dracut:

FILE /etc/dracut.conf
uefi="yes"
kernel_cmdline="some-kernel-command-line-arguments"
uefi_secureboot_key="/path/to/kernel_key.pem"
uefi_secureboot_cert="/path/to/kernel_key.pem"

For ukify:

FILE /etc/kernel/uki.conf
[UKI]
SecureBootPrivateKey=/path/to/kernel_key.pem
SecureBootCertificate=/path/to/kernel_key.pem

Rebuilding external kernel modules

External kernel modules installed by other packages via linux-mod-r1.eclass must be rebuilt for each new kernel version. When the distribution kernels are used this may be automated by enabling the dist-kernel flag globally.

FILE /etc/portage/package.use/module-rebuild
*/* dist-kernel

External kernel modules may also be rebuilt manually with:

root #emerge --ask @module-rebuild

Kernel modules

Listing available kernel modules

Informacja
Hardware modules are optional to be listed manually. udev will normally load all hardware modules that are detected to be connected in most cases. However, it is not harmful for modules that will be automatically loaded to be listed. Modules cannot be loaded twice; they are either loaded or unloaded. Sometimes exotic hardware requires help to load their drivers.

The modules that need to be loaded during each boot in can be added to /etc/modules-load.d/*.conf files in the format of one module per line. When extra options are needed for the modules, they should be set in /etc/modprobe.d/*.conf files instead.

To view all modules available for a specific kernel version, issue the following find command. Do not forget to substitute "<kernel version>" with the appropriate version of the kernel to search:

root #find /lib/modules/<kernel version>/ -type f -iname '*.o' -or -iname '*.ko' | less

Force loading particular kernel modules

To force load the kernel to load the 3c59x.ko module (which is the driver for a specific 3Com network card family), edit the /etc/modules-load.d/network.conf file and enter the module name within it.

root #mkdir -p /etc/modules-load.d
root #nano -w /etc/modules-load.d/network.conf

Note that the module's .ko file suffix is insignificant to the loading mechanism and left out of the configuration file:

FILE /etc/modules-load.d/network.confForce loading 3c59x module
3c59x

Continue the installation with Configuring the system.



Filesystem information

Filesystem labels and UUIDs

Both MBR (BIOS) and GPT include support for filesystem labels and filesystem UUIDs. These attributes can be defined in /etc/fstab as alternatives for the mount command to use when attempting to find and mount block devices. Filesystem labels and UUIDs are identified by the LABEL and UUID prefix and can be viewed with the blkid command:

root #blkid
Uwaga
If the filesystem inside a partition is wiped, then the filesystem label and the UUID values will be subsequently altered or removed.

Because of uniqueness, readers that are using an MBR-style partition table are recommended to use UUIDs over labels to define mountable volumes in /etc/fstab.

Ważne
UUIDs of the filesystem on a LVM volume and its LVM snapshots are identical, therefore using UUIDs to mount LVM volumes should be avoided.

Partition labels and UUIDs

Systems with GPT disklabel support offer additional 'robust' options to define partitions in /etc/fstab. Partition labels and partition UUIDs can be used to identify the block device's individual partition(s), regardless of what filesystem has been chosen for the partition itself. Partition labels and UUIDs are identified by the PARTLABEL and/or PARTUUID prefixes and can be viewed nicely in the terminal by running the blkid command.

Output for an amd64 EFI system using the Discoverable Partition Specification UUIDs may like the following:

root #blkid
/dev/sr0: BLOCK_SIZE="2048" UUID="2023-08-28-03-54-40-00" LABEL="ISOIMAGE" TYPE="iso9660" PTTYPE="PMBR"
/dev/loop0: TYPE="squashfs"
/dev/sda2: PARTUUID="0657fd6d-a4ab-43c4-84e5-0933c84b4f4f"
/dev/sda3: PARTUUID="1cdf763a-5b4c-4dbf-99db-a056c504e8b2"
/dev/sda1: PARTUUID="c12a7328-f81f-11d2-ba4b-00a0c93ec93b"

While not always true for partition labels, using a UUID to identify a partition in fstab provides a guarantee that the bootloader will not be confused when looking for a certain volume, even if the filesystem is changed or re-written in the future. Using the older default block device files (/dev/sd*N) for defining the partitions in fstab is risky for systems that have SATA block devices regularly added or removed.

The naming for block device files depends on a number of factors, including how and in what order the disks are attached to the system. They also could show up in a different order depending on which of the devices are detected by the kernel first during the early boot process. With this being stated, unless the system administrator intends to constantly fiddle with the disk ordering, using default block device files is a simple and straightforward approach.

About fstab

Under Linux, all partitions used by the system must be listed in /etc/fstab. This file contains the mount points of those partitions (where they are seen in the file system structure), how they should be mounted and with what special options (automatically or not, whether users can mount them or not, etc.)

Creating the fstab file

The /etc/fstab file uses a table-like syntax. Every line consists of six fields, separated by whitespace (space(s), tabs, or a mixture of the two). Each field has its own meaning:

  1. The first field shows the block special device or remote filesystem to be mounted. Several kinds of device identifiers are available for block special device nodes, including paths to device files, filesystem labels and UUIDs, and partition labels and UUIDs.
  2. The second field shows the mount point at which the partition should be mounted.
  3. The third field shows the type of filesystem used by the partition.
  4. The fourth field shows the mount options used by mount when it wants to mount the partition. As every filesystem has its own mount options, so system admins are encouraged to read the mount man page (man mount) for a full listing. Multiple mount options are comma-separated.
  5. The fifth field is used by dump to determine if the partition needs to be dumped or not. This can generally be left as 0 (zero).
  6. The sixth field is used by fsck to determine the order in which filesystems should be checked if the system wasn't shut down properly. The root filesystem should have 1 while the rest should have 2 (or 0 if a filesystem check is not necessary).
Ważne
The default /etc/fstab file provided in Gentoo stage files is not a valid fstab file but instead a template that can be used to enter in relevant values.
root #nano /etc/fstab

DOS/Legacy BIOS systems

Let us take a look at how to write down the options for the /boot partition. This is just an example, and should be modified according to the partitioning decisions made earlier in the installation. In the mips partitioning example, /boot is usually the /dev/sda1 partition, with xfs recommended for the filesystem. It needs to be checked during boot, so we would write down:

FILE /etc/fstabAn example DOS/Legacy BIOS boot line for /etc/fstab
# Adjust for any formatting differences and/or additional partitions created from the "Preparing the disks" step
/dev/sda1        ext2    defaults        0 2

Some system administrators want the /boot partition to be mounted automatically to improve their system's security. Those people should substitute the defaults with noauto. This does mean that those users will need to manually mount this partition every time they want to use it.

Add the rules that match the previously decided partitioning scheme and append rules for devices such as CD-ROM drive(s), and of course, if other partitions or drives are used, for those too.

Below is a more elaborate example of an /etc/fstab file:

FILE /etc/fstabA full /etc/fstab example for a DOS/Legacy BIOS system
# Adjust for any formatting differences and/or additional partitions created from the "Preparing the disks" step
/dev/sda1           ext2    defaults    0 2
/dev/sda10   none         swap    sw                   0 0
/dev/sda5   /            xfs    defaults,noatime              0 1
</div>

<div lang="en" dir="ltr" class="mw-content-ltr">
/dev/cdrom  /mnt/cdrom   auto    noauto,user          0 0

UEFI systems

Below is an example of an /etc/fstab file for a system that will boot via UEFI firmware:

FILE /etc/fstabA full /etc/fstab example for an UEFI system
# Adjust for any formatting differences and/or additional partitions created from the "Preparing the disks" step
                    0 2
/dev/sda10   none             sw                   0 0
/dev/sda5   /            xfs    defaults,noatime              0 1
</div>

<div lang="en" dir="ltr" class="mw-content-ltr">
/dev/cdrom  /mnt/cdrom   auto    noauto,user          0 0

DPS UEFI PARTUUID

Below is an example of an /etc/fstab file for a disk formatted with a GPT disklabel and Discoverable Partition Specification (DPS) UUIDs set for UEFI firmware:

FILE /etc/fstabGPT disklabel DPS PARTUUID fstab example
# Adjust any formatting difference and additional partitions created from the "Preparing the disks" step.
# This example shows a GPT disklabel with Discoverable Partition Specification (DSP) UUID set:
PARTUUID=c12a7328-f81f-11d2-ba4b-00a0c93ec93b                                  0 2
PARTUUID=0657fd6d-a4ab-43c4-84e5-0933c84b4f4f   none            sw                           0 0
PARTUUID=   /           xfs    defaults,noatime              0 1

When auto is used in the third field, it makes the mount command guess what the filesystem would be. This is recommended for removable media as they can be created with one of many filesystems. The user option in the fourth field makes it possible for non-root users to mount the CD.

To improve performance, most users would want to add the noatime mount option, which results in a faster system since access times are not registered (those are not needed generally anyway). This is also recommended for systems with solid state drives (SSDs). Users may wish to consider lazytime instead.

Wskazówka
Due to degradation in performance, defining the discard mount option in /etc/fstab is not recommended. It is generally better to schedule block discards on a periodic basis using a job scheduler such as cron or a timer (systemd). See Periodic fstrim jobs for more information.

Double-check the /etc/fstab file, then save and quit to continue.

Networking information

It is important to note the following sections are provided to help the reader quickly setup their system to partake in a local area network.

For systems running OpenRC, a more detailed reference for network setup is available in the advanced network configuration section, which is covered near the end of the handbook. Systems with more specific network needs may need to skip ahead, then return here to continue with the rest of the installation.

For more specific systemd network setup, please review see the networking portion of the systemd article.

Hostname

One of the choices the system administrator has to make is name their PC. This seems to be quite easy, but lots of users are having difficulties finding the appropriate name for the hostname. To speed things up, know that the decision is not final - it can be changed afterwards. In the examples below, the hostname tux is used.

Set the hostname (OpenRC or systemd)

root #echo tux > /etc/hostname

systemd

To set the system hostname for a system currently running systemd, the hostnamectl utility may be used. During the installation process however, systemd-firstboot command must be used instead (see later on in handbook).

For setting the hostname to "tux", one would run:

root #hostnamectl hostname tux

View help by running hostnamectl --help or man 1 hostnamectl.

Network

There are many options available for configuring network interfaces. This section covers a only a few methods. Choose the one which seems best suited to the setup needed.

DHCP via dhcpcd (any init system)

Most LAN networks operate a DHCP server. If this is the case, then using the dhcpcd program to obtain an IP address is recommended.

To install:

root #emerge --ask net-misc/dhcpcd

To enable and then start the service on OpenRC systems:

root #rc-update add dhcpcd default
root #rc-service dhcpcd start

To enable the service on systemd systems:

root #systemctl enable dhcpcd

With these steps completed, next time the system boots, dhcpcd should obtain an IP address from the DHCP server. See the Dhcpcd article for more details.

netifrc (OpenRC)

Wskazówka
This is one particular way of setting up the network using Netifrc on OpenRC. Other methods exist for simpler setups like Dhcpcd.
Configuring the network

During the Gentoo Linux installation, networking was already configured. However, that was for the live environment itself and not for the installed environment. Right now, the network configuration is made for the installed Gentoo Linux system.

Informacja
More detailed information about networking, including advanced topics like bonding, bridging, 802.1Q VLANs or wireless networking is covered in the advanced network configuration section.

All networking information is gathered in /etc/conf.d/net. It uses a straightforward - yet perhaps not intuitive - syntax. Do not fear! Everything is explained below. A fully commented example that covers many different configurations is available in /usr/share/doc/netifrc-*/net.example.bz2.

First install net-misc/netifrc:

root #emerge --ask --noreplace net-misc/netifrc

DHCP is used by default. For DHCP to work, a DHCP client needs to be installed. This is described later in Installing Necessary System Tools.

If the network connection needs to be configured because of specific DHCP options or because DHCP is not used at all, then open /etc/conf.d/net:

root #nano /etc/conf.d/net

Set both config_eth0 and routes_eth0 to enter IP address information and routing information:

Informacja
This assumes that the network interface will be called eth0. This is, however, very system dependent. It is recommended to assume that the interface is named the same as the interface name when booted from the installation media if the installation media is sufficiently recent. More information can be found in the Network interface naming section.
FILE /etc/conf.d/netStatic IP definition
config_eth0="192.168.0.2 netmask 255.255.255.0 brd 192.168.0.255"
routes_eth0="default via 192.168.0.1"

To use DHCP, define config_eth0:

FILE /etc/conf.d/netDHCP definition
config_eth0="dhcp"

Please read /usr/share/doc/netifrc-*/net.example.bz2 for a list of additional configuration options. Be sure to also read up on the DHCP client man page if specific DHCP options need to be set.

If the system has several network interfaces, then repeat the above steps for config_eth1, config_eth2, etc.

Now save the configuration and exit to continue.

Automatically start networking at boot

To have the network interfaces activated at boot, they need to be added to the default runlevel.

root #cd /etc/init.d
root #ln -s net.lo net.eth0
root #rc-update add net.eth0 default

If the system has several network interfaces, then the appropriate net.* files need to be created just like we did with net.eth0.

If, after booting the system, it is discovered the network interface name (which is currently documented as eth0) was wrong, then execute the following steps to rectify:

  1. Update the /etc/conf.d/net file with the correct interface name (like enp3s0 or enp5s0, instead of eth0).
  2. Create new symbolic link (like /etc/init.d/net.enp3s0).
  3. Remove the old symbolic link (rm /etc/init.d/net.eth0).
  4. Add the new one to the default runlevel.
  5. Remove the old one using rc-update del net.eth0 default.

The hosts file

An important next step may be to inform this new system about other hosts in its network environment. Network host names can be defined in the /etc/hosts file. Adding host names here will enable host name to IP addresses resolution for hosts that are not resolved by the nameserver.

root #nano /etc/hosts
FILE /etc/hostsFilling in the networking information
# This defines the current system and must be set
127.0.0.1     tux.homenetwork tux localhost
  
# Optional definition of extra systems on the network
192.168.0.5   jenny.homenetwork jenny
192.168.0.6   benny.homenetwork benny

Save and exit the editor to continue.

System information

Root password

Set the root password using the passwd command.

root #passwd

Later an additional regular user account will be created for daily operations.

Init and boot configuration

OpenRC

When using OpenRC with Gentoo, it uses /etc/rc.conf to configure the services, startup, and shutdown of a system. Open up /etc/rc.conf and enjoy all the comments in the file. Review the settings and change where needed.

root #nano /etc/rc.conf

Next, open /etc/conf.d/keymaps to handle keyboard configuration. Edit it to configure and select the right keyboard.

root #nano /etc/conf.d/keymaps

Take special care with the keymap variable. If the wrong keymap is selected, then weird results will come up when typing on the keyboard.

Finally, edit /etc/conf.d/hwclock to set the clock options. Edit it according to personal preference.

root #nano /etc/conf.d/hwclock

If the hardware clock is not using UTC, then it is necessary to set clock="local" in the file. Otherwise the system might show clock skew behavior.

systemd

First, it is recommended to run systemd-machine-id-setup and then systemd-firstboot which will prepare various components of the system are set correctly for the first boot into the new systemd environment. The passing the following options will include a prompt for the user to set a locale, timezone, hostname, root password, and root shell values. It will also assign a random machine ID to the installation:

root #systemd-machine-id-setup
root #systemd-firstboot --prompt

Next users should run systemctl to reset all installed unit files to the preset policy values:

root #systemctl preset-all --preset-mode=enable-only

It's possible to run the full preset changes but this may reset any services which were already configured during the process:

root #systemctl preset-all

These two steps will help ensure a smooth transition from the live environment to the installation's first boot.



System logger

OpenRC

Some tools are missing from the stage3 archive because several packages provide the same functionality. It is now up to the user to choose which ones to install.

The first tool to decision is a logging mechanism for the system. Unix and Linux have an excellent history of logging capabilities - if needed, everything that happens on the system can be logged in a log file.

Gentoo offers several system logger utilities. A few of these include:

  • app-admin/sysklogd - Offers the traditional set of system logging daemons. The default logging configuration works well out of the box which makes this package a good option for beginners.
  • app-admin/syslog-ng - An advanced system logger. Requires additional configuration for anything beyond logging to one big file. More advanced users may choose this package based on its logging potential; be aware additional configuration is a necessity for any kind of smart logging.
  • app-admin/metalog - A highly-configurable system logger.

There may be other system logging utilities available through the Gentoo ebuild repository as well, since the number of available packages increases on a daily basis.

Wskazówka
If syslog-ng is going to be used, it is recommended to install and configure logrotate. syslog-ng does not provide any rotation mechanism for the log files. Newer versions (>= 2.0) of sysklogd however handle their own log rotation.

To install the system logger of choice, emerge it. On OpenRC, add it to the default runlevel using rc-update. The following example installs and activates app-admin/sysklogd as the system's syslog utility:

root #emerge --ask app-admin/sysklogd
root #rc-update add sysklogd default

systemd

While a selection of logging mechanisms are presented for OpenRC-based systems, systemd includes a built-in logger called the systemd-journald service. The systemd-journald service is capable of handling most of the logging functionality outlined in the previous system logger section. That is to say, the majority of installations that will run systemd as the system and service manager can safely skip adding a additional syslog utilities.

See man journalctl for more details on using journalctl to query and review the systems logs.

For a number of reasons, such as the case of forwarding logs to a central host, it may be important to include redundant system logging mechanisms on a systemd-based system. This is a irregular occurrence for the handbook's typical audience and considered an advanced use case. It is therefore not covered by the handbook.

Optional: Cron daemon

OpenRC

Although it is optional and not required for every system, it is wise to install a cron daemon.

A cron daemon executes commands on scheduled intervals. Internals could be daily, weekly, or monthly, once every Tuesday, once every other week, etc. A wise system administrator will leverage the cron daemon to automate routine system maintenance tasks.

All cron daemons support high levels of granularity for scheduled tasks, and generally include the ability to send an email or other form of notification if a scheduled task does not complete as expected.

Gentoo offers several possible cron daemons, including:

  • sys-process/cronie - cronie is based on the original cron and has security and configuration enhancements like the ability to use PAM and SELinux.
  • sys-process/dcron - This lightweight cron daemon aims to be simple and secure, with just enough features to stay useful.
  • sys-process/fcron - A command scheduler with extended capabilities over cron and anacron.
  • sys-process/bcron - A younger cron system designed with secure operations in mind. To do this, the system is divided into several separate programs, each responsible for a separate task, with strictly controlled communications between parts.

cronie

The following example uses sys-process/cronie:

root #emerge --ask sys-process/cronie

Add cronie to the default system runlevel, which will automatically start it on power up:

root #rc-update add cronie default

Alternative: dcron

root #emerge --ask sys-process/dcron

If dcron is the go forward cron agent, an additional initialization command needs to be executed:

root #crontab /etc/crontab

Alternative: fcron

root #emerge --ask sys-process/fcron

If fcron is the selected scheduled task handler, an additional emerge step is required:

root #emerge --config sys-process/fcron

Alternative: bcron

bcron is a younger cron agent with built-in privilege separation.

root #emerge --ask sys-process/bcron

systemd

Similar to system logging, systemd-based systems include support for scheduled tasks out-of-the-box in the form of timers. systemd timers can run at a system-level or a user-level and include the same functionality that a traditional cron daemon would provide. Unless redundant capabilities are necessary, installing an additional task scheduler such as a cron daemon is generally unnecessary and can be safely skipped.

Optional: File indexing

In order to index the file system to provide faster file location capabilities, install sys-apps/mlocate.

root #emerge --ask sys-apps/mlocate

Optional: Remote shell access

Wskazówka
opensshd's default configuration does not allow root to login as a remote user. Please create a non-root user and configure it appropriately to allow access post-installation if required, or adjust /etc/ssh/sshd_config to allow root.

To be able to access the system remotely after installation, sshd must be configured to start on boot.

OpenRC

To add the sshd init script to the default runlevel on OpenRC:

root #rc-update add sshd default

If serial console access is needed (which is possible in case of remote servers), agetty must be configured.

Uncomment the serial console section in /etc/inittab:

root #nano -w /etc/inittab
# SERIAL CONSOLES
s0:12345:respawn:/sbin/agetty 9600 ttyS0 vt100
s1:12345:respawn:/sbin/agetty 9600 ttyS1 vt100

systemd

To enable the SSH server, run:

root #systemctl enable sshd

To enable serial console support, run:

root #systemctl enable getty@tty1.service

Optional: Shell completion

Bash

Bash is the default shell for Gentoo systems, and therefore installing completion extensions can aid in efficiency and convenience to managing the system. The app-shells/bash-completion package will install completions available for Gentoo specific commands, as well as many other common commands and utilities:

root #emerge --ask app-shells/bash-completion

Post installation, bash completion for specific commands can managed through eselect. See the Shell completion integrations section of the bash article for more details.

Time synchronization

It is important to use some method of synchronizing the system clock. This is usually done via the NTP protocol and software. Other implementations using the NTP protocol exist, like Chrony.

To set up Chrony, for example:

root #emerge --ask net-misc/chrony

OpenRC

On OpenRC, run:

root #rc-update add chronyd default

systemd

On systemd, run:

root #systemctl enable chronyd.service

Alternatively, systemd users may wish to use the simpler systemd-timesyncd SNTP client which is installed by default.

root #systemctl enable systemd-timesyncd.service

Filesystem tools

Depending on the filesystems used, it may be necessary to install the required file system utilities (for checking the filesystem integrity, (re)formatting file systems, etc.). Note that ext4 user space tools (sys-fs/e2fsprogs are already installed as a part of the @system set.

The following table lists the tools to install if a certain filesystem tools will be needed in the installed environment.

Filesystem Package
XFS sys-fs/xfsprogs
ext4 sys-fs/e2fsprogs
VFAT (FAT32, ...) sys-fs/dosfstools
Btrfs sys-fs/btrfs-progs
ZFS sys-fs/zfs
JFS sys-fs/jfsutils

It's recommended that sys-block/io-scheduler-udev-rules is installed for the correct scheduler behavior with e.g. nvme devices:

root #emerge --ask sys-block/io-scheduler-udev-rules
Wskazówka
For more information on filesystems in Gentoo see the filesystem article.

Networking tools

If networking was previously configured in the Configuring the system step and network setup is complete, then this 'networking tools' section can be safely skipped. In this case, proceed with the section on Configuring a bootloader.

Installing a DHCP client

Ważne
Most users will need a DHCP client to connect to their network. If none was installed, then the system might not be able to get on the network thus making it impossible to download a DHCP client afterwards.

A DHCP client obtains automatically an IP address for one or more network interface(s) using netifrc scripts. We recommend the use of net-misc/dhcpcd (see also dhcpcd):

root #emerge --ask net-misc/dhcpcd

Optional: Installing a PPPoE client

If PPP is used to connect to the internet, install the net-dialup/ppp package:

root #emerge --ask net-dialup/ppp

Optional: Install wireless networking tools

If the system will be connecting to wireless networks, install the net-wireless/iw package for Open or WEP networks and/or the net-wireless/wpa_supplicant package for WPA or WPA2 networks. iw is also a useful basic diagnostic tool for scanning wireless networks.

root #emerge --ask net-wireless/iw net-wireless/wpa_supplicant

Now continue with Configuring the bootloader.



Handbook:MIPS/Blocks/Bootloader/pl

Ponowne uruchomienie systemu

Wyjdź z środowiska chroot i odmontuj wszystkie zamontowane partycje. Następnie wpisz magiczne polecenie, które inicjuje ostateczny, prawdziwy test: reboot.

root #exit
cdimage ~#cd
cdimage ~#umount -l /mnt/gentoo/dev{/shm,/pts,}
cdimage ~#umount -R /mnt/gentoo
cdimage ~#reboot

Nie zapomnij usunąć medium instalacyjnego, w przeciwnym razie zamiast nowego systemu Gentoo może zostać ponownie uruchomione medium instalacyjne.

Po uruchomieniu świeżo zainstalowanego środowiska Gentoo, kontynuuj Finalizowanie instalacji Gentoo.




User administration

Adding a user for daily use

Working as root on a Unix/Linux system is dangerous and should be avoided as much as possible. Therefore it is strongly recommended to add one or more standard user account(s) for day-to-day use.

The groups the user is member of define what activities the user can perform. The following table lists a number of important groups:

Group Description
audio Enable the user account to access the audio devices.
cdrom Enable the user account to directly access optical devices.
cron Enable the user account to access time-based job scheduling via cron. Note: user accounts on systems running the systemd service system can use systemd timers and user service files instead of cron jobs.
floppy Enable the user account to directly access ancient mechanical devices known floppy as drives. This group is not generally used on modern systems.
games Enable the user account to able to play games. See also the video group below as well.
portage Enable the account to be able to access certain resources available to the Portage group. This is useful for Gentoo development and troubleshooting purposes.
usb Enable the user account able to access USB devices.
video Enables the user account to access video capturing hardware and hardware acceleration. See also the games group above.
wheel Enables the user account able to use the su (substitute user) command, which allows switching to the root account or other accounts. For single user systems that include a root account, it is a good idea to add this group for the primary standard user.

For instance, to create a user called larry who is a member of the wheel, users, and audio groups, log in as root first (only root can create users) and run useradd:

Login:root
Password: (Enter the root password)

When setting passwords for standard user accounts, it is good security practice to avoid using the same or a similar password as set for the root user.

Handbook authors recommended to use a password at least 16 characters in length, with a value fully unique from every other user on the system.

root #useradd -m -G users,wheel,audio -s /bin/bash larry
root #passwd larry
Password: (Enter the password for larry)
Re-enter password: (Re-enter the password to verify)

If a user ever needs to perform some task as root, they can use su - to temporarily receive root privileges. Another way is to use the sudo (app-admin/sudo) or doas (app-admin/doas) utilities which are, if correctly configured, very secure.

Disk cleanup

Removing installation artifacts

With the Gentoo installation finished and the system rebooted, if everything has gone well, the stage file and other installation artifacts - such as DIGEST, CONTENT, or *.asc (PGP signature) files - can now be safely removed.

The files are located in the / directory and can be removed with the following command:

root #rm /stage3-*.tar.*

Where to go from here

Not sure where to go from here? There are many paths to explore... Gentoo provides its users with lots of possibilities and therefore has lots of documented (and less documented) features to explore here on the wiki and on other Gentoo related sub-domains (see the Gentoo online section below).

Additional documentation

It is important to note that, due to the number of choices available in Gentoo, the documentation provided by the handbook is limited in scope - it mainly focuses on the basics of getting a Gentoo system up and running and basic system management activities. The handbook intentionally excludes instructions on graphical environments, details on hardening, and other important administrative tasks. That being stated, there are more sections of the handbook to assist readers with more basic functions.

Readers should definitely take a look at the next part of the handbook entitled Working with Gentoo which explains how to keep the software up to date, install additional software packages, details on USE flags, the OpenRC init system, and various other informative topics relating to managing a Gentoo system post-installation.

Apart from the handbook, readers should also feel encouraged to explore other corners of the Gentoo wiki to find additional, community-provided documentation. The Gentoo wiki team also offers a documentation topic overview which lists a selection of wiki articles by category. For instance, it refers to the localization guide to make a system feel more at home (particularly useful for users who speak English as a second language).

The majority of users with desktop use cases will setup graphical environments in which to work natively. There are many community maintained 'meta' articles for supported desktop environments (DEs) and window managers (WMs). Readers should be aware that each DE will require slightly different setup steps, which will lengthen add complexity to bootstrapping.

Many other Meta articles exist to provide our readers with high level overviews of available software within Gentoo.

Gentoo online

Ważne
Readers should note that all official Gentoo sites online are governed by Gentoo's code of conduct. Being active in the Gentoo community is a privilege, not a right, and users should be aware that the code of conduct exists for a reason.

With the exception of the Libera.Chat hosted internet relay chat (IRC) network and the mailing lists, most Gentoo websites require an account on a per site basis in order to ask questions, open a discussion, or enter a bug.

Forums and IRC

Every user is welcome on our Gentoo forums or on one of our internet relay chat channels. It is easy to search for the forums to see if an issue experienced on a fresh Gentoo install has been discovered in the past and resolved after some feedback. The likelihood of other users experiencing the installation issues by first-time Gentoo can be surprising. It is advised users search the forums and the wiki before asking for assistance in Gentoo support channels.

Mailing lists

Several mailing lists are available to the community members who prefer to ask for support or feedback over email rather than create a user account on the forums or IRC. Users will need to follow the instructions in order to subscribe to specific mailing lists.

Bugs

Sometimes after reviewing the wiki, searching the forums, and seeking support in the IRC channel or mailing lists there is no known solution to a problem. Generally this is a sign to open a bug on Gentoo's Bugzilla site.

Development guide

Readers who desire to learn more about developing Gentoo can take a look at the Development guide. This guide provides instructions on writing ebuilds, working with eclasses, and provides definitions for many general concepts behind Gentoo development.

Closing thoughts

Gentoo is a robust, flexible, and excellently maintained distribution. The developer community is happy to hear feedback on how to make Gentoo an even better distribution.

As a reminder, any feedback for this handbook should follow the guidelines detailed in the How do I improve the Handbook? section at the beginning of the handbook.

We look forward to seeing how our users will choose to implement Gentoo to fit their unique use cases and needs.


Warning: Display title "Gentoo Linux mips Podręcznik: Instalowanie Gentoo" overrides earlier display title "Handbook:MIPS/Full/Installation".