Gentoo setup - hpaluch/hpaluch.github.io GitHub Wiki
Gentoo setup
Here are my terse instructions for Gentoo setup. Please note that they are not complete, because I often use multi-boot configurations and two systems (build system on Azure, and target bare-metal system at home)...
I always use this profile:
- OpenRC (no systemd allowed)
- Desktop (plan to play with Wayland and X is fallback)
Generally I follow:
I currently use Desktop+OpenRC. Typically I look to this mirror for Stage3 tarball:
NOTE: I use two machines:
- Build machine: Azure VM running stock Debian 12 - I made future chroot simple as directory
called
/srv/gentoo-intel
Using Size:Standard_E4s_v5
. In your case ensure that you use same Family of CPU (Intel or AMD) as will be on Target machine. For AMD you can useStandard_E4as_v5
(there has to bea
letter for AMD) - Target machine: local Zotac PC, currently with external USB disk, where I have btrfs partition
with subvolume - BTRFS mounted as
/mnt/gentoo-btrfs
, chroot path with subvolume is/mnt/gentoo-btrfs/ZOTAC-WL
(WL
is shortcut for Wayland)
I download to parent-dir of future boostrap, for example:
curl -fLO https://ftp.linux.cz/pub/linux/gentoo/releases/amd64/autobuilds/current-stage3-amd64-desktop-openrc/stage3-amd64-desktop-openrc-20231224T164659Z.tar.xz
Inside future chroot I use standard command to unpack:
# CWD is in future chroot
tar xpvf ../stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner
Required copies:
# CWD in future chroot
mkdir -p etc/portage/repos.conf
cp usr/share/portage/config/repos.conf etc/portage/repos.conf/gentoo.conf
cp -L /etc/resolv.conf etc
Now here is my etc/portage/package.use/custom
common for all deployments
where I plan to use Wayland with Sway:
# /etc/portage/package.use/custom
# Custom USE flags per app
app-text/ghostscript-gpl -dbus
app-arch/cpio -nls
app-editors/vim -X -acl -crypt -sound
# required to install sway/wayland
>=gui-apps/swaybg-1.2.0 gdk-pixbuf
# required for Wayland
sys-auth/seatd server
www-client/firefox pulseaudio openh264
# required to build firefox
>=media-libs/libvpx-1.13.1 postproc
>=media-plugins/alsa-plugins-1.2.7.1-r1 pulseaudio
And here is common part (for both Azure build host and Target)
of etc/portage/make.conf
# Temporarily we don't use specific CPU flags
COMMON_FLAGS="-O2 -fno-strict-aliasing"
# other flags keep "as is"
MAKEOPTS="-j4"
USE="vaapi vdpau brotli webp -kde -accessibility -openmp -fortran \
-qmanifest -imap -pop3 -qtegrity -tftp compress-zstd zstd \
logrotate wayland kms gles2 vim-syntax lvm lm-sensors contrib \
layers tray wallpapers -bluetooth -joystick alsa"
VIDEO_CARDS="nouveau intel qxl"
ACCEPT_LICENSE="@FREE @BINARY-REDISTRIBUTABLE"
# It is closest mirror for me - you may need to change it
GENTOO_MIRRORS="http://ftp.fi.muni.cz/pub/linux/gentoo/"
# always build binary packages (useful for example if compiler gets corrupted, etc...)
FEATURES="buildpkg"
# which Binary packages to NOT build:
EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --buildpkg-exclude 'acct-*/* sys-kernel/*-sources virtual/*'"
We need to first build 2 cpu utils to later use proper CPU flags for compilers.
- in your chroot prepare script
bind_mounts.sh
with contents:#!/bin/bash set -xeuo pipefail cd `dirname $0` mount --types proc /proc `pwd`/proc mount --rbind /sys `pwd`/sys mount --rbind /dev `pwd`/dev mount --bind /run `pwd`/run exit 0
- and also prepare environment script
init_shell.sh
source /etc/profile # change ZOTAC-WL (ZOTAC PC with Wayland) to your environment name export PS1="(ZOTAC-WL) ${PS1}"
- now OUTSIDE chroot run
/PATH_TO_CHROOT/bind_mounts.sh
- enter chroot:
cd /PATH_TO_CHROOT && chroot
pwdbash
- inside chroot run
source /init_shell.sh
Now fetch portage archives
# inside chroot
emerge-webrsync
Now we have to build 2 CPU feature utilities to prepare intersection of build flags (common build flags for both Build server and Deploy target).
# inside chroot
emerge -an app-portage/cpuid2cpuflags app-misc/resolve-march-native
Now on both (or all planned servers) run these commands to gather CPU information:
Example for Gentoo target (ZOTAC PC with Celeron):
# grep 'model name' /proc/cpuinfo | sort -u
model name : Intel(R) Celeron(R) CPU N3450 @ 1.10GHz
# resolve-march-native
-march=goldmont --param=l1-cache-line-size=64 --param=l1-cache-size=24 --param=l2-cache-size=1024
# cpuid2cpuflags
CPU_FLAGS_X86: aes mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 ssse3
Example for Gentoo Build server (Azure Size Standard_E4s_v5
- you have to use E series without a
because
that is AMD!):
# grep 'model name' /proc/cpuinfo | sort -u
model name : Intel(R) Xeon(R) Platinum 8370C CPU @ 2.80GHz
# resolve-march-native
march=icelake-server -mabm -mno-pconfig -mno-pku -mno-sgx -mno-wbnoinvd -mrtm --param=l1-cache-line-size=64 --param=l1-cache-size=48 --param=l2-cache-size=49152
# cpuid2cpuflags
CPU_FLAGS_X86: aes avx avx2 avx512f avx512dq avx512cd avx512bw avx512vl avx512vbmi f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 ssse3
Now we have to make intersection - in this case it was easy becasue Celeron
is just Subset of Intel Xeon. So in my case I have to add
to /etc/portage/make.conf
on both machines:
COMMON_FLAGS="-O2 -fno-strict-aliasing -march=goldmont -mtune=goldmont"
CPU_FLAGS_X86="aes mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 ssse3"
Here is complete /etc/portage/make.conf
from Azure build server chroot:
# COMMON_FLAGS we intersect Azure intel and ZOTAC
COMMON_FLAGS="-O2 -fno-strict-aliasing -march=goldmont -mtune=goldmont"
CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
FCFLAGS="${COMMON_FLAGS}"
FFLAGS="${COMMON_FLAGS}"
CPU_FLAGS_X86="aes mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 ssse3"
MAKEOPTS="-j4"
USE="vaapi vdpau brotli webp -kde -accessibility -openmp -fortran \
-qmanifest -imap -pop3 -qtegrity -tftp compress-zstd zstd \
logrotate wayland kms gles2 vim-syntax lvm lm-sensors contrib \
layers tray wallpapers -bluetooth -joystick alsa"
VIDEO_CARDS="nouveau intel qxl"
GENTOO_MIRRORS="http://ftp.fi.muni.cz/pub/linux/gentoo/"
ACCEPT_LICENSE="@FREE @BINARY-REDISTRIBUTABLE"
FEATURES="buildpkg"
# Server: which Binary packages to NOT build:
EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --buildpkg-exclude 'acct-*/* sys-kernel/*-sources virtual/*'"
# This sets the language of build output to English.
# Please keep this setting intact when reporting bugs.
LC_MESSAGES=C.utf8
Now on build-server we can rebuild world using:
# in chroot of build server
# around 50 packages will be rebuild
emerge --ask --verbose --update --deep --newuse @world
Merging changes in /etc/
- use for example https://wiki.gentoo.org/wiki/Dispatch-conf
- run command:
dispatch-conf
Now we need to publish binary packages on build server
- following https://wiki.gentoo.org/wiki/Binary_package_guide
- on build server install lighttpd:
# in chroot of build server emerge -an www-servers/lighttpd
- append to
/etc/lighttpd/lighttpd.conf
# in chroot of build server # listen to IPv4 server.bind = "0.0.0.0" server.port = "80" # enable listing for binary packages... server.dir-listing = "enable" server.modules += ( "mod_alias" ) alias.url = ( "/packages" => "/var/cache/binpkgs/" )
- finally run in chroot of build server:
/usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
Now on client Machine do this:
-
verify that your Build server is accessible:
# run on client machine curl -fv http://FQDN_OF_BUILD_SERVER/packages/
-
now edit
/etc/portage/binrepos.conf/gentoobinhost.conf
on client Chroot and REPLACEsync-url
with above URL:[gentoobinhost] priority = 1 #sync-uri = https://gentoo.osuosl.org/releases/amd64/binpackages/17.1/x86-64 sync-uri = http://FQDN_OF_BUILD_SERVER/packages
-
finally append on Client
/etc/portage/make.conf
Client excludes:# Client: do not fetch specified binary packages (use always source) EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --usepkg-exclude 'acct-*/* sys-kernel/*-sources virtual/*'"
-
now conditionally rebuild world on Client Chroot
- notice added
-gk
which will prefer to fetch binary packages if available
emerge --ask --verbose --update --deep --newuse -gk @world
- notice added
-
all packages (with exception of those excluded) should be in magenta color with prefix
binary
-
if it looks correctly press Enter to reinstall these packages from build server.
Now: Client (Target) machine only:
# on Client chroot
echo Europe/Prague > /etc/timezone
emerge --config sys-libs/timezone-data
On both client and server:
- edit chroot file
/etc/locale.gen
- I uncommented only
en_US.*
- I uncommented only
- inside chroot run
locale-gen
- verify selected locale:
eselect locale list
- I use
C.UTF-8
(should be default - with asterisk*
)
- I use
On Client chroot install firmware (not needed on build Server because it is Debian and it will never boot Gentoo)
emerge -an sys-kernel/linux-firmware
Installing kernel source:
- on both (Build Server and Target - because many programs need kernel source in
/usr/src
):# first run on Build Server chroot (in my case it will build 2 CPIO packages and lspci) emerge -a sys-kernel/gentoo-sources sys-apps/pciutils sys-kernel/dracut \ sys-fs/btrfs-progs sys-fs/lvm2
- when build on Server is finished run on Client (
-gk
to install CPIO binaries):# run in Client chroot emerge -angk sys-kernel/gentoo-sources sys-apps/pciutils sys-kernel/dracut \ sys-fs/btrfs-progs sys-fs/lvm2
- on both machines select only source (it will create symbolic link
/usr/src/linux
needed by apps)eselect kernel list eselect kernel set 1
Now we have to build right kernel - follow Gentoo for this...
Installing various programs:
# run on Build server first with -an:
emerge -an sys-fs/ncdu app-portage/gentoolkit app-editors/vim app-misc/mc app-admin/sudo \
app-misc/tmux app-admin/sysstat sys-apps/smartmontools \
net-misc/dhcpcd app-admin/rsyslog sys-process/cronie app-shells/bash-completion \
sys-process/lsof
# repeate with additional -gk on Client machine:
emerge -angk ...
When kernel is build I use script to backup all kernel files (you need to tailor it to your environment:
#!/bin/bash
set -euo pipefail
set -x
kv=6.1.67-gentoo-zotac
tar -cav --numeric-owner --one-file-system \
-f /home/azureuser/az-gentoo-kernel-$kv-`date '+%s'`.tar.zst -C /srv/gentoo-intel \
boot/System.map-$kv boot/config-$kv boot/initramfs-$kv.img boot/vmlinuz-$kv lib/modules/$kv
exit 0
And then unpack it on target.
On Target chroot remember to at least set root password:
passwd root
Set proper default editor - create script etc/profile.d/editor.sh
with contents:
export EDITOR=/usr/bin/vim
Source it in chroot:
source /etc/profile.d/editor.sh
And do few changes using visudo
in chroot:
- add
Defaults !fqdn
to avoid DNS lookups on each sudo invocation - uncomment
%wheel ALL=(ALL:ALL) NOPASSWD: ALL
- now setup user and add it to
wheel
group:
# all commands run in Target chroot:
u=YOUR_USERNAME
/usr/sbin/useradd -G wheel -m -s /bin/bash $u
passwd $u
In chroot ensure that neede services will start:
# run in Target chroot
rc-update add dhcpcd default
rc-update add rsyslog default
rc-update add sshd default
GRUB configuration:
- I use other host Linux to boot Gentoo
- here is my example
/etc/grub.d/40_custom
on Host Linux
# ...
menuentry "Gentoo - BTRFS/ZOTAC-WL - Elements" {
insmod gzio
insmod part_gpt
insmod ext2
search --no-floppy --fs-uuid --set=root 8202950e-f135-43fb-8dbd-7f599ae1ca03
linux /boot/external-hd/vmlinuz-6.1.67-gentoo-zotac root=UUID=7da4d92f-aa4e-441b-893e-39ea40ba42d1 rootflags=noatime,compress=zstd:1,subvolid=257 ro net.ifnames=0
initrd /boot/external-hd/initramfs-6.1.67-gentoo-zotac.img
}
NOTES:
- I was unable to boot from Grub my Gentoo from external USB drive, because BIOS simply does not assign "drive letter" to that drive unless it is selected in BIOS Boot Menu (which I don't plan yet)
- so I have to copy Kernel and Initrd to Host
/boot/
partition in my case folder/boot/external-hd
- the first FS UUID (8202950e-f135-43fb-8dbd-7f599ae1ca03) is UUID of filesystem
that holds
/boot
folder (Host Linux filesystem) - second FS UUID (7da4d92f-aa4e-441b-893e-39ea40ba42d1) is that of main BTRFS filesystem, that holds my Gentoo Linux.
- finally you need to get right
subvolid
(257 in my case) which is BTRFS subvolume ID where is installed my Gentoo - you can get it on Host usingbtrfs su li /BTRFS_MOUNT_POINT
- finally I do on Host (openSUSE LEAP):
grub2-mkconfig -o /tmp/grub.cfg diff -u /tmp/grub.cfg /boot/grub2/grub.cfg # review and finally: cp /tmp/grub.cfg /boot/grub2/grub.cfg
Wayland install
Here is compressed version from Gentoo wiki.
- ensure that you have right contents in
/etc/portage/package.use/custom
- as shown in above text - now on Build Server run:
# chroot of Build Server emerge -an gui-wm/sway sys-auth/seatd gui-apps/foot x11-misc/dmenu media-fonts/terminus-font \ gui-apps/waybar # on Client use -angk emerge -angk ...
TODO:
- XDG, usermod, service seatd,...
X-Window install
It is always usefull to have X-Window as fallback (if Wayland does not work) - we can
follow https://wiki.gentoo.org/wiki/Xorg/Guide - I plan to install X-Window + XFCE and
use startx
to start X-Window and sway
to start Wayland.
NOTE this:
- all my real hardware is NVidia or Intel GPU (no AMD/ATI)
- I plan to also use Gentoo as VM - so qxl, VMware or VirtualBox guest support is wanted.
- here are my settings in
etc/portage/make.conf
INPUT_DEVICES="libinput vmmouse" VIDEO_CARDS="intel nouveau qxl i915 nvidia vesa virtualbox vmware" USE=" ... xvfb xa"
WARNING! In case of my old NVidia GT218 there is bad news, looking at
- https://wiki.gentoo.org/wiki/NVIDIA
- last driver that supports that card is 340
- this should help (but not yet tested) - from https://wiki.gentoo.org/wiki/NVIDIA/nvidia-drivers:
echo '>x11-drivers/nvidia-drivers-340' >> /etc/portage/package.mask/nvidia-gt218
- PROBLEM: As of Dec 2023 - oldest
nvidia-drivers-X
package isx11-drivers/nvidia-drivers-390.157
, but my card is supported by 340 only... In such case the only "solution" is to remove "nvidia" fromVIDEO_CARDS
...
Following: https://wiki.gentoo.org/wiki/Xorg/Guide First we should check if we have correct flags for Driver:
emerge -pv x11-base/xorg-drivers
When it looks reasonable, building with:
emerge -an x11-base/xorg-server
echo XSESSION="Xfce4" > /etc/env.d/90xsession
env-update && source /etc/profile
Additionally I plan to use:
emerge -an x11-apps/xinit x11-terms/xterm
# has to be in this order
echo 'media-libs/libcanberra pulseaudio' >> /etc/portage/package.use/custom
emerge -an xfce-extra/xfce4-notifyd
echo 'gnome-base/gvfs blueray fuse samba gphoto2' >> /etc/portage/package.use/custom
emerge -an xfce-base/xfce4-meta
# TODO startup...
To start X-Window few requirements must be met:
- resolvable hostname - ping below must work properly:
ping `hostname`
- otherwise there will be
xauth
related errors
- otherwise there will be
- due required X-Server privileges, the
elogind
must be running in OpenRC environment (my case)rc-update add elogind boot /etc/init.d/elogind start
- you need to logout and login, because there is
elogind
PAM module executed on login - otherwise X-server will report permission error when accessing
/dev/ttyX
When done you can start X-Window usingstartx
command...
- you need to logout and login, because there is
If mouse and keyboard does not work we need to follow
- https://wiki.gentoo.org/wiki/Libinput
- emerge:
emerge -an x11-misc/xdotool x11-misc/wmctrl
- add your user to
input
group:usermod -a -G input USERNAME
- and login again to become member of
input
group
- and login again to become member of
- to detect PS/2 mouse I needed to reboot machine - than it worked:
libinput list-devices | fgrep -A 1 -i ps/2 Device: ImPS/2 Generic Wheel Mouse Kernel: /dev/input/event15
Importing VM from VirtualBox to libvirt
I simply do this to copy VM from VirtualBox to libvirt (virt-manager):
- exporting VM from VirtualBox to OVA
- unpacking OVA with
tar xvf file.ova
(really!) - converting VMDK to QCOW2 using
qemu-img convert -O qcow2 image.vmdk image.qcow2
- Copying QCOW2 image to target
/var/lib/libvirt/images
and changing owner toroot:root
- invoking
virsh pool-refresh default
- verifying with
virsh vol-list default
- Creating empty VM of type
Gentoo 2022
- Attaching above Volume in pool
default
- Booting VM.
However there are artifacts of VirtualBox Guest tools that should be replaced with QEMU/KVM stuff:
First uninstalling VirtualBox guest tools:
# find packages that looks like virtualbox
find /var/db/pkg/ -type d -name '*box*'
# removing list - answer No!
emerge -Ca app-emulation/virtualbox-guest-additions
# I have to stick these packages (to be not removed)
# Your list will be likely different!
# Answer Yes to make these packages sticky:
emerge -an media-fonts/liberation-fonts app-editors/nano 11-apps/xrefresh x11-apps/xrandr
# run again:
emerge -ca
# verify that only these packages will be removed (I don't need gpgme or w3m):
# acct-group/vboxguest dev-libs/boehm acct-user/vboxguest app-crypt/gpgme
# acct-group/vboxsf virtual/w3m-1 www-client/w3m
# If sure, answer Yes to confirm removal...
Finally we should install QEMU guest agent and SPICE/QXL utilities:
- I have to manually change card type from
Virtio
toQXL
invirt-manager
(some functions not yet work properly with Virtio PV card) - install and run QEMU guest agent:
emerge -an app-emulation/qemu-guest-agent rc-update add qemu-guest-agent default
- and SPICE VDA agent:
emerge -an app-emulation/spice-vdagent rc-update add spice-vdagent default
- reboot system to ensure that all changes will be propagated