selfjungle Just another WordPress weblog

28Feb/150

install gentoo from liveCD

suppose we booted up for a liveCD/USB

#mount the destination device, DEV
mount DEV /mnt/gentoo
cd /mnt/gentoo
wget http://mirror.mdfnet.se/gentoo/releases/amd64/autobuilds/current-stage3-amd64-nomultilib/stage3-amd64-20150226.tar.bz2
tar xjpf stage3*

cd /
mkdir -p /mnt/{dev,proc,sys}
mount -t proc proc /mnt/gentoo/proc
mount --rbind /dev /mnt/gentoo/dev
mount --rbind /sys /mnt/gentoo/sys
cp -L /etc/resolv.conf /mnt/gentoo/etc/ 
chroot /mnt/gentoo /bin/bash
source /etc/profile
emerge-webrsync

eselect profile list
passwd

#timezone
cp /usr/share/zoneinfo/Europe/Oslo /etc/localtime
echo "Europe/Oslo" > /etc/timezone
emerge --config timezone-data

# glibc will generate lang files according to:
nano locale.gen
locale-gen
eselect locale list

# check /etc/fstab
Tagged as: No Comments
28Feb/150

ZFS dataset hierarchy on a single user machine

# the pool
zpool create -o ashift=12 -O mountpoint=none -O atime=off -O snapdir=visible rpool /dev/mapper/crypt_zfs

# Create filesystems: rootfs, var and home
# rootfs and home has 2 copy of each file as a mirror in single dev.
zfs create -o copies=2 -o compress=lz4 -o mountpoint=/ rpool/rootfs
zfs create -o copies=2 -o compress=lz4 -o mountpoint=/home rpool/home

# var is not a child of rootfs and the zfs daemon will mount it 
# after systemd creates it, leading to a: cannot mount /var, 
# dir already exists error. see link[1]
zfs create -o compress=lz4 -o quota=20G -o mountpoint=legacy rpool/var
# on the second thought, copies=2 makes more sence than  quota
zfs create -o copies=2 -o compress=lz4 -o mountpoint=legacy rpool/var
# /etc/fstab should be this line only:
rpool/var      /var        zfs        defaults    0 0

# var has 2 children with no compression
zfs create -o compress=off -o mountpoint=/var/portage/distfiles
rpool/var/portage_distfiles
zfs create -o compress=off -o mountpoint=/var/portage/packeges
rpool/var/portage_packages

# swap check blocksize with: getconf PAGESIZE, default is 4K
zfs create -V 4G -b 4K rpool/swap
mkswap -f /dev/zvol/rpool/swap
swapon /dev/zvol/rpool/swap

# snapshot of rootfs before sysupdates
# snapshot of home regularly
# reset var to initial (right after bootstrap) snapshot when it's too big
zfs umount -a
zpool set bootfs=rpool/rootfs rpool
zpool export rpool
zpool import -R /mnt/rpool rpool

chroot /mnt/rpool
# install...

TODO: making rootfs readonly and mounting it readwrite only at system updatws.

[1] https://bbs.archlinux.org/viewtopic.php?id=160825

Tagged as: No Comments
28Feb/150

gentoo gcc optimalization – make.conf

edit you /etc/portage/make.conf

# chost [4] 
# 64bit intel processors are AMD64 or x86_64, IA64 is for ithanium
CHOST="x86_64-gentoo-linux-gnu"

# CPU arch
# use gcc to detech your arch: gcc -c -Q -march=native --help=target | grep march
CFLAGS="-march=broadwell -O2 -pipe -fomit-frame-pointer"
CXXFLAGS="${CFLAGS}"

# emerge -1v app-portage/cpuinfo2cpuflags
# cpuinfo2cpuflags
CPU_FLAGS_X86="mmx mmxext sse sse2 sse3"
USE="${CPU_FLAGS_X86} ..."

# N = #CPUs + 1 or just #CPUs, see link[3]
# interl 5y10 has 2 cores (x2 hyper threading):
MAKEOPTS="-j4"
ABI_X86="64"

# debug symbols stripped
FEATURES="splitdebug"

#misc:

# accept all unstable packages too
ACCEPT_KEYWORDS="~amd64"
# accept all licenses
ACCEPT_LICENSE="*"
# x11-base/xorg-drivers
VIDEO_CARDS="intel i965"
INPUT_DEVICES="evdev keyboard mouse mutouch virtualbox synaptics"
# pick the highest if possible
PYTHON_TARGETS="pypy python3_4"
RUBY_TARGETS="ruby22"

[1] Gentoo wiki: http://wiki.gentoo.org/wiki/GCC_optimization
[2] Look up your CPU architecture https://gcc.gnu.org/onlinedocs/gcc-4.9.2/gcc/i386-and-x86-64-Options.html#i386-and-x86-64-Options
[3]https://blogs.gentoo.org/ago/2013/01/14/makeopts-jcore-1-is-not-the-best-optimization
[4]http://wiki.gentoo.org/wiki/CHOST

Tagged as: No Comments
26Feb/150

gentoo packages after minimal install

# step zero: update gentoo

#first step
emerge -av eix gentoolkit

# networking
emerge -av iw dhcpcd wpa_supplicant iwl7265-ucode

# kernel update
gentoo-sources zfs cryptsetup staticpgp (gnupg) genkernel-next

# misc
emerge -av vim genlop parted

# X
i3 i3lock i3status dmenu mesa xorg-server

# everyday
vlc libreoffice mupdf thunderbird firefox

#develop
kdevelop cmake lcov valgrind gdb

# monitor
pciutils sysstat htop util-linux usbutils iotop acpi
Filed under: Uncategorized No Comments
23Feb/150

monitoring I/O

With iostat, which is in the gentoo package: app-admin/sysstat.

$ iostat -dm 2
Linux 3.15.6-gentoo ()    02/23/15        _x86_64_        (12 CPU)

Device:            tps    MB_read/s    MB_wrtn/s    MB_read    MB_wrtn
sda             144.86         9.30         8.70      40364      37740
sdb               0.03         0.00         0.00          3          0
sdc               9.13         0.00         1.07          0       4636
Filed under: Uncategorized No Comments
20Feb/150

copy DEVs to files

dd if=DEV of=FILE bs=8192
# and back
dd if=FILE of=DEV bs=8192
Filed under: Uncategorized No Comments
16Feb/150

zfs backup to file

#create snapshot
zfs snapshot POOL/FS@DESCRIPTION
#list snapshots
zfs list -t snapshot
#save
zfs send SNAPSHOT | xz --threads=12 --verbose > FILE.img.xz
#restore
xz --threads=12 --decompress --verbose  FILE.img.xz -c | zfs receive POOL/NEW_FS
Tagged as: No Comments
15Feb/150

LUKS with remote header, encrypted key

# create encrypted key
export GPG_TTY=$(tty) 
dd if=/dev/urandom bs=8388607 count=1 | gpg --symmetric --cipher-algo AES256 --output KEY.gpg
# allocate empty file for hader with size
truncate -s 2M HEADER.img

#encrypt
# NOTE: the LUKS header will be overriden with mkfs
gpg --decrypt KEY.gpg | cryptsetup --cipher serpent-xts-plain64 --key-size 512 --hash sha512 --header HEADER.img --key-file - luksFormat DEV

#check result (instead of DEv it is the header)
cryptsetup luksDump HEADER.img

#add fallback password if the KEYFILE is lost (to the header not to DEV)
mkfifo /tmp/gpgpipe 
gpg --decrypt KEYFILE | cat - >/tmp/KEYFILE2
cryptsetup --key-file /tmp/KEYFILE2 luksAddKey HEADER.img

rm -vf /tmp/KEYFILE2

#open
gpg --decrypt KEY.gpg  | cryptsetup --header HEADER.img --key-file - open DEV enc

# and close
cryptsetup close enc

Tagged as: No Comments
15Feb/150

block device from file

Mounting a loopback device.
In the kernel config, CONFIG_BLK_DEV_LOOP needs to be set.

# Check the used devices:
losetup -a
# Create the file
dd if=/dev/zero of=FILENAME  bs=1024k count=MEGABYTES
# Attach loopback device to file
losetup /dev/loopN FILENAME
# Creating filesystem on device
mkfs.ext3 /dev/loopN
# Mounting dev
mount /dev/loopN MOUNTPOINT

# umount
umount MOUNTPOINT
# detach
losetup -d /dev/loopN
Tagged as: No Comments