selfjungle Just another WordPress weblog

1Mar/150

update gentoo

emerge --update --newuse --deep --with-bdeps=y @world -av
emerge --depclean -av
emerge @preserved-rebuild -av
perl-cleaner --all
python-updater
revdep-rebuild -pv
rm -rf /usr/share/man/??
rm -rf /usr/share/man/??_*
eix-test-obsolete
glsa-check -t all
Tagged as: No Comments
1Mar/150

migrating from openrc to systemd

# remove blocking package, systemd provides the functionality.
emerge -C sys-fs/udev openrc netifrc virtual/service-manager sysvinit
# comment out service manager and openrc from your @system set, defined in /usr/portage/profiles/base/packages 

# add systemd to use flags
emerge -av systemd
emerge -av virtual/udev virtual/libudev

# set kernel options& recompile
Gentoo Linux --->
  Support for init systems, system and service managers --->
    [*] systemd


# to kernel command line:
init=/usr/lib/systemd/systemd

http://wiki.gentoo.org/wiki/Systemd

http://forums.gentoo.org/viewtopic-p-7656898.html

Tagged as: No Comments
28Feb/150

install gentoo from liveCD

suppose we booted up for a liveCD/USB

#mount the destination device, DEV
mount DEV /mnt/gentoo
cd /mnt/gentoo
wget http://mirror.mdfnet.se/gentoo/releases/amd64/autobuilds/current-stage3-amd64-nomultilib/stage3-amd64-20150226.tar.bz2
tar xjpf stage3*

cd /
mount -t proc proc /mnt/gentoo/proc
mount --rbind /dev /mnt/gentoo/dev
mount --rbind /sys /mnt/gentoo/sys
cp -L /etc/resolv.conf /mnt/gentoo/etc/ 
chroot /mnt/gentoo /bin/bash
source /etc/profile
emerge-webrsync

eselect profile list
passwd

#timezone
cp /usr/share/zoneinfo/Europe/Oslo /etc/localtime
echo "Europe/Oslo" > /etc/timezone
emerge --config timezone-data

# glibc will generate lang files according to:
nano locale.gen
locale-gen
eselect locale list

# check /etc/fstab
Tagged as: No Comments
28Feb/150

ZFS dataset hierarchy on a single user machine

# the pool
zpool create -o ashift=12 -O mountpoint=none -O atime=off -O
snapdir=visible rpool /dev/mapper/crypt_zfs

# Create filesystems: rootfs, var and home
zfs create -o compress=lz4 -o mountpoint=/ rpool/rootfs
zfs create -o compress=lz4 -o mountpoint=/home rpool/home
# var has 2 children with no compression
zfs create -o compress=lz4 -o quota=20G -o mountpoint=/var rpool/var
zfs create -o compress=off -o mountpoint=/var/portage/distfiles
rpool/var/portage_distfiles
zfs create -o compress=off -o mountpoint=/var/portage/packeges
rpool/var/portage_packages
# swap check blocksize with: getconf PAGESIZE, default is 4K
zfs create -V 4G -b 4K rpool/swap
mkswap -f /dev/zvol/rpool/swap
swapon /dev/zvol/rpool/swap

# snapshot of rootfs before sysupdates
# snapshot of home regularly
# reset var to initial (right after bootstrap) snapshot when it's too big
zfs umount -a
zpool set bootfs=rpool/rootfs rpool
zpool export rpool
zpool import -R /mnt rpool

chroot /mnt/rpool
# install...

TODO: making rootfs readonly and mounting it readwrite only at system updatws.

Tagged as: No Comments
28Feb/150

gentoo gcc optimalization – make.conf

edit you /etc/portage/make.conf

# chost [4] 
# 64bit intel processors are AMD64 or x86_64, IA64 is for ithanium
CHOST="x86_64-gentoo-linux-gnu"

# CPU arch
CFLAGS="-march=broadwell -O2 -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"

# emerge -1v app-portage/cpuinfo2cpuflags
# cpuinfo2cpuflags
CPU_FLAGS_X86="mmx mmxext sse sse2 sse3"
USE="${CPU_FLAGS_X86} ..."

# N = #CPUs + 1 or just #CPUs, see link[3]
# interl 5y10 has 2 cores (x2 hyper threading):
MAKEOPTS="-j4"
ABI_X86="64"

# debug symbols stripped
FEATURES="splitdebug"

#misc:

# accept all unstable packages too
ACCEPT_KEYWORDS="~amd64"
# accept all licenses
ACCEPT_LICENSE="*"
# x11-base/xorg-drivers
VIDEO_CARDS="intel"
INPUT_DEVICES="evdev keyboard mouse mutouch virtualbox synaptics"
# pick the highest if possible
#PYTHON_TARGETS="pypy python2_7 python3_3 python3_4"

[1] Gentoo wiki: http://wiki.gentoo.org/wiki/GCC_optimization
[2] Look up your CPU architecture https://gcc.gnu.org/onlinedocs/gcc-4.9.2/gcc/i386-and-x86-64-Options.html#i386-and-x86-64-Options
[3]https://blogs.gentoo.org/ago/2013/01/14/makeopts-jcore-1-is-not-the-best-optimization
[4]http://wiki.gentoo.org/wiki/CHOST

Tagged as: No Comments
26Feb/150

gentoo packages after minimal install

# step zero: update gentoo

#first step
emerge -av eix gentoolkit

# networking
emerge -av iw dhcpcd wpa_supplicant iwl7265-ucode

# kernel update
gentoo-sources zfs cryptsetup staticpgp (gnupg) layman mirrorselect genkernel-next pciutils usbutils mcelog

# misc
emerge -av vim genlop parted

# X
i3 vlc libreoffice mupdf thunderbird firefox

#develop
kdevelop cmake lcov valgrind gdb htop iostat iotop sysstat
Filed under: Uncategorized No Comments
23Feb/150

monitoring I/O

With iostat, which is in the gentoo package: app-admin/sysstat.

$ iostat -dm 2
Linux 3.15.6-gentoo ()    02/23/15        _x86_64_        (12 CPU)

Device:            tps    MB_read/s    MB_wrtn/s    MB_read    MB_wrtn
sda             144.86         9.30         8.70      40364      37740
sdb               0.03         0.00         0.00          3          0
sdc               9.13         0.00         1.07          0       4636
Filed under: Uncategorized No Comments
20Feb/150

copy DEVs to files

dd if=DEV of=FILE bs=8192
# and back
dd if=FILE of=DEV bs=8192
Filed under: Uncategorized No Comments
16Feb/150

zfs backup to file

#create snapshot
zfs snapshot POOL/FS@DESCRIPTION
#list snapshots
zfs list -t snapshot
#save
zfs send SNAPSHOT | xz --threads=12 --verbose > FILE.img.xz
#restore
unxz FILE.img.xz -c | zfs receive POOL/NEW_FS
Tagged as: No Comments
15Feb/150

LUKS with remote header, encrypted key

# create encrypted key
export GPG_TTY=$(tty) 
dd if=/dev/urandom bs=8388607 count=1 | gpg --symmetric --cipher-algo AES256 --output KEY.gpg
# allocate empty file for hader with size
truncate -s 2M HEADER.img

#encrypt
# NOTE: the LUKS header will be overriden with mkfs
gpg --decrypt KEY.gpg | cryptsetup --cipher serpent-xts-plain64 --key-size 512 --hash sha512 --header HEADER.img --key-file - luksFormat DEV

#check result (instead of DEv it is the header)
cryptsetup luksDump HEADER.img

#add fallback password if the KEYFILE is lost (to the header not to DEV)
mkfifo /tmp/gpgpipe 
gpg --decrypt KEYFILE | cat - >/tmp/KEYFILE2
cryptsetup --key-file /tmp/KEYFILE2 luksAddKey HEADER.img

rm -vf /tmp/KEYFILE2

#open
gpg --decrypt KEY.gpg  | cryptsetup --header HEADER.img --key-file - open DEV enc

# and close
cryptsetup close enc

Tagged as: No Comments