28Feb/150
install gentoo from liveCD
suppose we booted up for a liveCD/USB
#mount the destination device, DEV
mount DEV /mnt/gentoo
cd /mnt/gentoo
wget http://mirror.mdfnet.se/gentoo/releases/amd64/autobuilds/current-stage3-amd64-nomultilib/stage3-amd64-20150226.tar.bz2
tar xjpf stage3*
cd /
mkdir -p /mnt/{dev,proc,sys}
mount -t proc proc /mnt/gentoo/proc
mount --rbind /dev /mnt/gentoo/dev
mount --rbind /sys /mnt/gentoo/sys
cp -L /etc/resolv.conf /mnt/gentoo/etc/
chroot /mnt/gentoo /bin/bash
source /etc/profile
emerge-webrsync
eselect profile list
passwd
#timezone
cp /usr/share/zoneinfo/Europe/Oslo /etc/localtime
echo "Europe/Oslo" > /etc/timezone
emerge --config timezone-data
# glibc will generate lang files according to:
nano locale.gen
locale-gen
eselect locale list
# check /etc/fstab
28Feb/150
ZFS dataset hierarchy on a single user machine
# the pool zpool create -o ashift=12 -O mountpoint=none -O atime=off -O snapdir=visible rpool /dev/mapper/crypt_zfs # Create filesystems: rootfs, var and home # rootfs and home has 2 copy of each file as a mirror in single dev. zfs create -o copies=2 -o compress=lz4 -o mountpoint=/ rpool/rootfs zfs create -o copies=2 -o compress=lz4 -o mountpoint=/home rpool/home # var is not a child of rootfs and the zfs daemon will mount it # after systemd creates it, leading to a: cannot mount /var, # dir already exists error. see link[1] zfs create -o compress=lz4 -o quota=20G -o mountpoint=legacy rpool/var # on the second thought, copies=2 makes more sence than quota zfs create -o copies=2 -o compress=lz4 -o mountpoint=legacy rpool/var # /etc/fstab should be this line only: rpool/var /var zfs defaults 0 0 # var has 2 children with no compression zfs create -o compress=off -o mountpoint=/var/portage/distfiles rpool/var/portage_distfiles zfs create -o compress=off -o mountpoint=/var/portage/packeges rpool/var/portage_packages # swap check blocksize with: getconf PAGESIZE, default is 4K zfs create -V 4G -b 4K rpool/swap mkswap -f /dev/zvol/rpool/swap swapon /dev/zvol/rpool/swap # snapshot of rootfs before sysupdates # snapshot of home regularly # reset var to initial (right after bootstrap) snapshot when it's too big zfs umount -a zpool set bootfs=rpool/rootfs rpool zpool export rpool zpool import -R /mnt/rpool rpool chroot /mnt/rpool # install...
TODO: making rootfs readonly and mounting it readwrite only at system updatws.
28Feb/150
gentoo gcc optimalization – make.conf
edit you /etc/portage/make.conf
# chost [4]
# 64bit intel processors are AMD64 or x86_64, IA64 is for ithanium
CHOST="x86_64-gentoo-linux-gnu"
# CPU arch
# use gcc to detech your arch: gcc -c -Q -march=native --help=target | grep march
CFLAGS="-march=broadwell -O2 -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"
# emerge -1v app-portage/cpuinfo2cpuflags
# cpuinfo2cpuflags
CPU_FLAGS_X86="mmx mmxext sse sse2 sse3"
USE="${CPU_FLAGS_X86} ..."
# N = #CPUs + 1 or just #CPUs, see link[3]
# interl 5y10 has 2 cores (x2 hyper threading):
MAKEOPTS="-j4"
ABI_X86="64"
# debug symbols stripped
FEATURES="splitdebug"
#misc:
# accept all unstable packages too
ACCEPT_KEYWORDS="~amd64"
# accept all licenses
ACCEPT_LICENSE="*"
# x11-base/xorg-drivers
VIDEO_CARDS="intel i965"
INPUT_DEVICES="evdev keyboard mouse mutouch virtualbox synaptics"
# pick the highest if possible
PYTHON_TARGETS="pypy python3_4"
RUBY_TARGETS="ruby22"
[1] Gentoo wiki: http://wiki.gentoo.org/wiki/GCC_optimization
[2] Look up your CPU architecture https://gcc.gnu.org/onlinedocs/gcc-4.9.2/gcc/i386-and-x86-64-Options.html#i386-and-x86-64-Options
[3]https://blogs.gentoo.org/ago/2013/01/14/makeopts-jcore-1-is-not-the-best-optimization
[4]http://wiki.gentoo.org/wiki/CHOST
26Feb/150
gentoo packages after minimal install
# step zero: update gentoo #first step emerge -av eix gentoolkit # networking emerge -av iw dhcpcd wpa_supplicant iwl7265-ucode # kernel update gentoo-sources zfs cryptsetup staticpgp (gnupg) genkernel-next # misc emerge -av vim genlop parted # X i3 i3lock i3status dmenu mesa xorg-server # everyday vlc libreoffice mupdf thunderbird firefox #develop kdevelop cmake lcov valgrind gdb # monitor pciutils sysstat htop util-linux usbutils iotop acpi
23Feb/150
monitoring I/O
With iostat, which is in the gentoo package: app-admin/sysstat.
$ iostat -dm 2 Linux 3.15.6-gentoo () 02/23/15 _x86_64_ (12 CPU) Device: tps MB_read/s MB_wrtn/s MB_read MB_wrtn sda 144.86 9.30 8.70 40364 37740 sdb 0.03 0.00 0.00 3 0 sdc 9.13 0.00 1.07 0 4636
16Feb/150
zfs backup to file
#create snapshot zfs snapshot POOL/FS@DESCRIPTION #list snapshots zfs list -t snapshot #save zfs send SNAPSHOT | xz --threads=12 --verbose > FILE.img.xz #restore xz --threads=12 --decompress --verbose FILE.img.xz -c | zfs receive POOL/NEW_FS
15Feb/150
LUKS with remote header, encrypted key
# create encrypted key export GPG_TTY=$(tty) dd if=/dev/urandom bs=8388607 count=1 | gpg --symmetric --cipher-algo AES256 --output KEY.gpg # allocate empty file for hader with size truncate -s 2M HEADER.img #encrypt # NOTE: the LUKS header will be overriden with mkfs gpg --decrypt KEY.gpg | cryptsetup --cipher serpent-xts-plain64 --key-size 512 --hash sha512 --header HEADER.img --key-file - luksFormat DEV #check result (instead of DEv it is the header) cryptsetup luksDump HEADER.img #add fallback password if the KEYFILE is lost (to the header not to DEV) mkfifo /tmp/gpgpipe gpg --decrypt KEYFILE | cat - >/tmp/KEYFILE2 cryptsetup --key-file /tmp/KEYFILE2 luksAddKey HEADER.img rm -vf /tmp/KEYFILE2 #open gpg --decrypt KEY.gpg | cryptsetup --header HEADER.img --key-file - open DEV enc # and close cryptsetup close enc
15Feb/150
block device from file
Mounting a loopback device.
In the kernel config, CONFIG_BLK_DEV_LOOP needs to be set.
# Check the used devices: losetup -a # Create the file dd if=/dev/zero of=FILENAME bs=1024k count=MEGABYTES # Attach loopback device to file losetup /dev/loopN FILENAME # Creating filesystem on device mkfs.ext3 /dev/loopN # Mounting dev mount /dev/loopN MOUNTPOINT # umount umount MOUNTPOINT # detach losetup -d /dev/loopN