|Gentoo user since||2020/06/01|
Hi! My name is David Bryant. I was born in Alaska, attended college in Pasadena, California (Caltech), and worked as an actuary and as an assembly language programmer (IBM S/360 & S/370) for many years, mostly in Denver, Colorado. I'm now retired and living in Canyon Lake, Texas.
I've been using Linux since 2003, mostly openSUSE until recently. A friend of mine, Jack Ostroff, is an avid fan of Gentoo Linux, so about four weeks ago I downloaded the .iso image and started building a Gentoo system. After a couple of false starts I succeeded in getting it working moderately well. I signed up for this wiki because there are a few things in the AMD64 handbook that were not real clear during the installation process: I intend to make a few suggestions about clarifying some ambiguities.
Developing Windows help for the "Handbook"
I've been involved in a long discussion of the "Handbook:AMD64" wiki pages. I'm cooking up some replacement verbiage for section 3.2.1 of "Choosing the right installation medium". I'll construct it here, on my own page, before suggesting it on a talk page. --Davidbryant (talk) 14:19, 20 July 2020 (UTC)
Microsoft Windows based verification
Microsoft Windows has provided hash function support (DOS command
certutil) since the introduction of Windows 7 in 2009. Windows does not support GPG cryptography. Cryptographic software (
gpg4win) must be installed to verify the Gentoo Engineering Team's signature on the
DIGESTS.asc file that contains hash sums for validating the
.iso installation file. (This step is optional.)
To verify the hash sums cryptographically, download and install the GPG4Win program. This is easy -- download the self-extracting archive from the GPG4Win web site, then run the downloaded .exe file. This will add a program named
kleopatra to the Windows start menu.
Next, download a copy of the Gentoo Engineering Team's signing key by pointing a web browser to https://gentoo.org/.well-known/openpg/hu/wtktzo4gyuhzu8a4z5fdj3fgmr1u6tob?l=releng, and saving the "octet-stream" file to your hard disk somewhere. Use any desired filename, but be sure to specify the
.asc filename extension. Then, add the downloaded Gentoo keys to your key ring using
kleopatra. Fire up
kleopatra from the Windows start menu. Choose "Import" from
kleopatra's "File" menu, then select the downloaded octet-stream file.
The cryptographic signature on the
DIGESTS.asc file downloaded in the preceding step can now be verified. Select "Decrypt/Verify" from
kleopatra's "File" menu, then open the
DIGESTS.asc file downloaded previously. Click "Show Audit Log", and compare the fingerprint in the audit log to the fingerprint for Gentoo Engineering shown on the signatures page. They should match.
Even if the optional cryptographic validation step is omitted, the SHA512 checksum total for the Gentoo
.iso file should be verified before burning a bootable CD-ROM or etching a USB stick. This can be done with the
certutil program, which is, most likely, already installed in your copy of Windows. Start up a 32-bit DOS prompt (either Windows System --> Command Prompt, or Windows PowerShell --> Windows PowerShell (x86), from the "Start" menu) and navigate to the folder where you downloaded the Gentoo
.iso file. The following example assumes the file is in your "Downloads" folder.
PS Users\yourname\Downloads $
Directory: C:\Users\yourname\Downloads Mode LastWriteTime Length Name ---- ------------- ------ ---- -a---- 7/19/2020 2:09 PM 442499072 install-amd64-minimal-20200715T214503Z.iso
.iso file has been located, tell Windows to compute a hash total (SHA512SUM) for that file.
PS Users\yourname\Downloads $
certutil -hashfile install-amd64-minimal-20200715T214503Z.iso SHA512
SHA512 hash of install-amd64-minimal-20200715T214503Z.iso: 449dd80f59033f5f273db99b56523d1abd96a8ed7a7d478b5370f72c4c62c638eb1a1a1c180a58505b65db79255011b6e73a1def7828f370b8db012b11f34626 CertUtil: -hashfile command completed successfully.
Finally, open the
DIGESTS.asc file with the Notepad editor. The SHA512 hash total shown there should match the hash total computed by
certutil. If the totals do not match, either the Gentoo installation file or the
DIGESTS.asc file -- or possibly both of them -- was/were not downloaded correctly.
"Those who like the user interface of fdisk can use gdisk (GPT fdisk) as an alternative to parted."
This is misleading, because Gentoo has replaced "gdisk" with "fdisk". The following is from my Gentoo installation.
fdisk /dev/sda -l
Disk /dev/sda: 931.53 GiB, 1000204886016 bytes, 1953525168 sectors Disk model: ST1000DM010-2EP1 Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 4096 bytes I/O size (minimum/optimal): 4096 bytes / 4096 bytes Disklabel type: gpt Disk identifier: 51236531-6D95-4F3E-813E-971F4E1713D1 Device Start End Sectors Size Type /dev/sda1 2048 16001023 15998976 7.6G Linux swap /dev/sda2 16001024 17000447 999424 488M EFI System /dev/sda3 17000448 81000447 64000000 30.5G Linux filesystem ...
gdisk /dev/sda -l
-su: gdisk: command not found
So gdisk no longer exists, and ought not be mentioned. How about this?
Those who prefer fdisk's user interface may use fdisk with either a GPT or an MBR partition scheme.
Note to myself: "Open Discussions" stand at 348 as of 9 August 2020.
347 -- 13 August.
Using this area for experimental purposes.