Setting a hostname
One of the choices the user has to make is name his/her system. This seems to be quite easy, but lots of users are having difficulties finding the appropriate name for their Linux system. To speed things up, know that the decision is not final - it can be changed afterwards. The example below sets the target system's hostname to tux.
nano -w /mnt/gentoo/etc/conf.d/hostname
# Set the hostname variable to the selected host name hostname="tux"
Setting a temporary root password
Don't set a temporary root password lightheartedly as it always carries a certain security risk should one forget to change the root password as soon as indicated adequate.
The root Linux account is an all-powerful account, so pick a strong password. The temporary root password must be changed on first login as soon as the target system successfully booted Gentoo. This will of course be mentioned later on in the instructions again, but better set up a reminder now so no oversight will happen.
To set a temporary root password the file /mnt/gentoo/etc/shadow needs to be manipulated. For basic security reasons passwords in /etc/shadow are not stored in plaintext, instead only a hash of the password is recorded.
To calculate such a hash for the password of choice the openssl passwd command from the openssl program can be used. Add the
-6 option to use the relatively secure SHA512 algorithm.
First, openssl passwd will ask for the password, so type it in. While typing in the password of choice there will be no indication that any input is received, as this would allow an onlooker to record the length of the password. Press Enter when done. Second, openssl passwd will ask for verification of the password, so type it in once more (as before there will be no indication that any input is received) and again conclude with pressing Enter. Finally the hash of the password will be displayed as output:
openssl passwd -6
Password: Verifying - Password: $6$I9Q9AyTL$Z76H7wD8mT9JAyrp/vaYyFwyA5wRVN0tze8pvM.MqScC7BBm2PU7pLL0h5nSxueqUpYAlZTox4Ag2Dp5vchjJ0
In the example the password "gentoo" was used. It is strongly advised not to use the same.
The calculated hash now has to be placed in the /etc/shadow file.
-6option that produces a SHA512 password hash is only available with openssl version 1.1.1. or newer. Older versions can only produce an insecure MD5 password hash with the
-1option. While setting a temporary root password also works with an MD5 hash, it is not recommended to do so. Try updating openssl first. The command openssl version can be used to determine the version of the openssl program that is currently installed in the command line environment on the host system.
To place the calculated hash in the /etc/shadow file in a graphical environment simply use the mouse to copy the hash. In case no mouse is available use pen and paper to note the hash down. Now, open /mnt/gentoo/etc/shadow:
nano -w /mnt/gentoo/etc/shadow
Be careful not to replace or delete any characters within the /etc/shadow file.
Modify the line that begins with the string
root by pasting the hash directly behind the first colon. With the hash that was calculated for the example password "gentoo" the resulting line would look like this:
Init and boot configuration
Gentoo (at least when using OpenRC) uses /etc/rc.conf to configure the services, startup, and shutdown of a system. Open up /mnt/gentoo/etc/rc.conf and enjoy all the comments in the file. Review the settings and change where needed.
nano -w /mnt/gentoo/etc/rc.conf
Next, open /mnt/gentoo/etc/conf.d/keymaps to handle keyboard configuration. Edit it to configure and select the right keyboard.
nano -w /mnt/gentoo/etc/conf.d/keymaps
Take special care with the keymap variable. If the wrong keymap is selected, then weird results will come up when typing on the keyboard.
Finally, edit /mnt/gentoo/etc/conf.d/hwclock to set the clock options. Edit it according to personal preference.
nano -w /mnt/gentoo/etc/conf.d/hwclock
If the hardware clock is not using UTC, then it is necessary to set
clock="local" in the file. Otherwise the system might show clock skew behavior.
If firmware=rockchip Configuring the bootloader for Rockchip devices
If firmware=uefi Configuring the bootloader for UEFI devices
If firmware=raspi4 Configuring the bootloader for Raspi 4
If firmware=depthcharge Configuring the bootloader for depthcharge devices