Gentoo Linux 2007.0 PPC64 Networkless Handbook

Content:

• Installing Gentoo
  In this part you learn how to install Gentoo on your system.
  1. About the Gentoo Linux Installation
     Users not familiar with Gentoo do not always know that choice is what Gentoo is all about.
  2. Booting the Universal Installation CD
     Using our Universal Installation CD you can boot up your system into a running environment that allows you to install Gentoo.
  3. Configuring your Network
     If you need networking, this is the place where the network (and Internet connection) is configured.
  4. Preparing the Disks
     To be able to install Gentoo, you must create the necessary partitions. This chapter describes how to partition a disk for future usage.
  5. Installing the Gentoo Installation Files
     In this chapter we describe how you extract a stage3 file and how to configure Portage.
  6. Chrooting into the Gentoo Base System
     Now that the stage3 file is extracted, we chroot into the new system and modify the USE variable.
  7. Configuring the Kernel
     The Linux kernel is the core of every distribution. This chapter explains how to configure your kernel.
  8. Configuring your System
     You need to edit some important configuration files. In this chapter you receive an overview of these files and an explanation on how to proceed.
  9. Installing Necessary System Tools
     As mentioned before, Gentoo is about customization. In this chapter we help you choose and install some important tools.
  10. Configuring the Bootloader
      Several bootloaders exist. Each one of them has its own way of configuration. In this chapter we'll describe all possibilities for you and step you through the process of configuring a bootloader to your needs.
  11. Finalizing your Gentoo Installation
      You're almost done. We'll just create one (or more) users for your system and (optionally) install prebuilt packages.
  12. Where to go from here?
      Now you have your Gentoo system, but what's next?
• Working with Gentoo
  Learn how to work with Gentoo: installing software, altering variables, changing Portage behaviour etc.
  1. A Portage Introduction
     This chapter explains the "simple" steps a user definitely needs to know to maintain the software on his system.
  2. USE flags
     USE flags are a very important aspect of Gentoo. In this chapter, you learn to work with USE flags and understand how USE flags interact with your system.
  3. Portage Features
     Discover the features Portage has, such as support for distributed compiling, ccache and more.
  4. Initscripts
     Gentoo uses a special initscript format which, amongst other features, allows dependency-driven decisions and virtual initscripts. This chapter explains all these aspects and explains how to deal with these scripts.
  5. Environment Variables
     With Gentoo you can easily manage the environment variables for your system. This chapter explains how you do that, and also describes frequently used variables.
• Working with Portage
  "Working with Portage" provides an in-depth coverage of Portage, Gentoo's Software Management Tool.
  1. Files and Directories
     Once you want to know Portage in-depth you need to know where it stores its files and data.
  2. Configuring through Variables
     Portage is completely configurable through various variables you can set in the configuration file or as environment variable.
  3. Mixing Software Branches
     Gentoo provides software separated in several branches, depending on stability and architectural support. "Mixing Software Branches" inform you how these branches can be configured and how you can override this separation individually.
  4. Additional Portage Tools
     Portage comes with a few extra tools that might make your Gentoo experience even better. Read on to discover how to use dispatch-conf and other tools.
  5. Diverting from the Official Tree
     "Diverting from the Official Tree" gives you some tips and tricks on how to use your own Portage tree, how to synchronise only the categories you want, inject packages and more.
• Gentoo Network Configuration
  A comprehensive guide to Networking in Gentoo.
  1. Getting Started
     A guide to quickly get your network interface up and running in most common environments.
  2. Advanced Configuration
     Here we learn about how the configuration works - you need to know this before we learn about modular networking.
  3. Modular Networking
     Gentoo provides you flexible networking - here you are told about choosing different DHCP clients, setting up bonding, bridging, VLANs and more.
  4. Wireless Networking
     Wireless isn't straight-forward. Hopefully we'll get you working!
  5. Adding Functionality
     If you're feeling adventurous, you can add your own functions to networking.
  6. Network Management
     For laptop users or people who move their computer around different networks.

A. Installing Gentoo

1. About the Gentoo Linux Installation

1.a. Introduction

Welcome!

First of all, welcome to Gentoo. You are about to enter the world of customization and performance. When installing Gentoo, this is made clear to you several times -- you can choose how much you want to compile yourself, how to install Gentoo, what system logger you want, etc.

Gentoo is a fast, modern meta-distribution with a clean and flexible design. Gentoo is built around free software and doesn't hide from its users what is beneath the hood. Portage, the package maintenance system which Gentoo uses, is written in Python, meaning you can easily view and modify the source code. Gentoo's packaging system uses source code (although support for precompiled packages is included too) and configuring Gentoo happens through regular text files. In other words, openness everywhere.

It is very important that you understand that empowerment is what makes Gentoo run. We try not to force anything on our users and try our best to empower you to make the choices you wish. If you feel a change should be made, please file a bug report about it.

How is the Installation Structured?

The Gentoo Installation can be seen as a 10-step procedure, corresponding to chapters 2 - 11. Every step results in a certain state:

• After step 1, you are in a working environment ready to install Gentoo
• After step 2, your internet connection is prepared in case you need it (this is however optional)
• After step 3, your hard disks are initialized to house your Gentoo installation
• After step 4, your installation environment is prepared and you are ready to chroot into the new environment
• After step 5, core packages, which are the same on all Gentoo installations, are installed
• After step 6, you have compiled your Linux kernel
• After step 7, you have written most of your Gentoo system configuration files
• After step 8, necessary system tools (which you can choose from a nice list) are installed
• After step 9, your choice of bootloader has been installed and configured and you are logged in into your new Gentoo installation
• After step 10, your Gentoo Linux environment is ready to be explored

When you are given a certain choice, we try our best to explain what the pros and cons are. We will continue then with a default choice, identified by "Default: " in the title. The other possibilities are marked by "Alternative: ". Do not think that the default is what we recommend. It is however what we believe most users will use.

Sometimes you can pursue an optional step. Such steps are marked as "Optional: " and are therefore not needed to install Gentoo. However, some optional steps are dependant on a previous decision you made. We will inform you when this happens, both when you make the decision, and right before the optional step is described.

What are my Options?

You can install Gentoo in many different ways. You can download and install from one of our Installation CDs, from an existing distribution, from a bootable CD (such as Knoppix), from a netbooted environment, from a rescue floppy, etc.

This document covers the installation using a Gentoo Linux Installation CD, a bootable CD that contains everything you need to get Gentoo Linux up and running. There are two types of Installation CDs, the InstallCD and the Installer LiveCD. The InstallCD is a minimal environment which contains only those packages necessary for installing Gentoo Linux. The LiveCD is a complete Gentoo Linux environment and can be used for multiple tasks, one of which is installing Gentoo Linux. The LiveCD is not available on all architectures at this time. If your architecture does not have a LiveCD, then this document will refer to the Universal InstallCD for you.

This installation approach however does not immediately use the latest version of the available packages; if you want this you should check out the Installation Instructions inside our Gentoo Linux Handbooks.

For help on the other installation approaches, please read our Alternative Installation Guide. We also provide a Gentoo Installation Tips & Tricks document that might be useful to read as well. If you feel that the current installation instructions are too elaborate, feel free to use our Quick Installation Guide available from our Documentation Resources if your architecture has such a document available.

Troubles?

If you find a problem in the installation (or in the installation documentation), please check the errata from our Gentoo Release Engineering Project, visit our bug tracking system and check if the bug is known. If not, please create a bug report for it so we can take care of it. Do not be afraid of the developers who are assigned to (your) bugs -- they generally don't eat people.

Note though that, although the document you are now reading is architecture-specific, it will contain references to other architectures as well. This is due to the fact that large parts of the Gentoo Handbook use source code that is common for all architectures (to avoid duplication of efforts and starvation of development resources). We will try to keep this to a minimum to avoid confusion.

If you are uncertain if the problem is a user-problem (some error you made despite having read the documentation carefully) or a software-problem (some error we made despite having tested the installation/documentation carefully) you are free to join #gentoo on irc.freenode.net. Of course, you are welcome otherwise too :)

If you have a question regarding Gentoo, check out our Frequently Asked Questions, available from the Gentoo Documentation. You can also view the FAQs on our forums. If you can't find the answer there ask on #gentoo, our IRC-channel on irc.freenode.net. Yes, several of us are freaks who sit on IRC :-)

1.b. Fast Installation using the Gentoo Reference Platform

What is the Gentoo Reference Platform?

The Gentoo Reference Platform, from now on abbreviated to GRP, is a snapshot of prebuilt packages users (that means you!) can install during the installation of Gentoo to speed up the installation process. The GRP consists of all packages required to have a fully functional Gentoo installation. They are not just the ones you need to have a base installation up to speed in no time, but all lengthier builds (such as xorg-x11, GNOME, OpenOffice, Mozilla, ...) are available as GRP packages too.

However, these prebuilt packages aren't maintained during the lifetime of the Gentoo distribution. They are snapshots released at every Gentoo release and make it possible to have a functional environment in a short amount of time. You can then upgrade your system in the background while working in your Gentoo environment.

How Portage Handles GRP Packages

Your Portage tree - the collection of ebuilds (files that contain all information about a package, such as its description, homepage, sourcecode URLs, compilation instructions, dependencies, etc.) - must be synchronised with the GRP set: the versions of the available ebuilds and their accompanying GRP packages must match.

For this reason you can only benefit from the GRP packages Gentoo provides while performing the current installation approach. GRP is not available for those interested in performing an installation using the latest versions of all available packages.

Is GRP Available?

Not all architectures provide GRP packages. That doesn't mean GRP isn't supported on the other architectures, but it means that we don't have the resources to build and test the GRP packages.

At present we provide GRP packages for the following architectures:

• The amd64 architecture (amd64). Note: The packages are available on the Installer LiveCD.
• The ppc architecture (ppc32)
• The sparc architecture (sparc64)
• The x86 architecture (athlon, athlon-xp, athlon-mp, pentium-pro, pentium2, pentium3, pentium4 and pentium-m) Note: The packages are for i686 and are available on the Installer LiveCD.

If your architecture (or subarchitecture) isn't on this list, you are not able to opt for a GRP installation.

Now that this introduction is over, let's continue with Booting the Universal InstallCD/Installer LiveCD.

2. Booting the Universal Installation CD

2.a. Hardware Requirements

Introduction

Before we start, we first list what hardware requirements you need to successfully install Gentoo on your box.

Hardware Requirements

For a full list of supported systems, please go to http://www.linuxppc64.org/hardware.shtml.

2.b. The Gentoo Universal Installation CD

Introduction

Gentoo Linux can be installed using a stage3 tarball file. Such a tarball is an archive that contains a minimal environment from which you can succesfully install Gentoo Linux onto your system.

Installations using a stage1 or stage2 tarball file are not documented in the Gentoo Handbook - please read the Gentoo FAQ on these matters.

Gentoo Universal Installation CD

An Installation CD is a bootable medium which contains a self-sustained Gentoo environment. It allows you to boot Linux from the CD. During the boot process your hardware is detected and the appropriate drivers are loaded. The Gentoo Installation CDs are maintained by Gentoo developers.

There currently are two Installation CDs available:

• The Universal Installation CD contains everything you need to install Gentoo. It provides stage3 files for common architectures, source code for the extra applications you need to choose from and, of course, the installation instructions for your architecture.
• The Minimal Installation CD contains only a minimal environment that allows you to boot up and configure your network so you can connect to the Internet. It does not contain any additional files and cannot be used during the current installation approach.

Gentoo also provides a Package CD. This is not an Installation CD but an additional resource that you can exploit during the installation of your Gentoo system. It contains prebuilt packages (also known as the GRP set) that allow you to easily and quickly install additional applications immediately after the Gentoo installation and right before you update your Portage tree.

The use of the Package CD is covered later in this document.

Choosing a userland

On PPC64, the kernel is 64-bit and the userland can be 32-bit or 64-bit. The userland is basically the applications you are running, such as bash or mozilla-firefox. They can be compiled and run in either 64-bit or 32-bit modes. The Gentoo/PPC64 team provides both 32-bit and 64-bit userlands, so which one should you use?

You may have heard that 64-bit applications are better, but in fact, 32-bit applications take up slightly less memory and often run a little bit faster than 64-bit applications.

You really only need 64-bit applications when you need more memory than a 32-bit userland allows, or if you do a lot of 64-bit number crunching. If you run applications that require more than 4GB of memory or you run scientific applications, you should choose the 64-bit userland. Otherwise, choose the 32-bit userland, as it is recommended by the Gentoo/PPC64 developers.

Additionally, the 32-bit userland has been available in Portage longer than the 64-bit userland has. This means that there are more applications tested in the 32-bit userland that just work "out of the box." Many applications compiled for the 64-bit userland may be just as stable as the 32-bit version, but they haven't been tested yet. Though testing isn't difficult to do, it can be annoying and time consuming if you want to use many untested 64-bit applications. Also, some programs just won't run in the 64-bit userland until their code is fixed, such as OpenOffice.

The Gentoo/PPC64 team provides stages and Package CDs for both 32-bit and 64-bit userlands, so no matter which one you choose, you'll be able to successfully install Gentoo and get a full system up and running with minimal fuss.

2.c. Download, Burn and Boot a Gentoo Installation CD

Downloading and Burning the Installation CDs

You can download the Universal Installation CD (and, if you want to, the Packages CD as well) from one of our mirrors. The Installation CDs are located in the releases/ppc/2007.0/ppc64/installcd directory; the Package CDs are located in the releases/ppc/2007.0/ppc64/packagecd directory.

Inside those directories you'll find ISO-files. Those are full CD images which you can write on a CD-R.

After downloading the file, you can verify its integrity to see if it is corrupted or not:

• You can check its MD5 checksum and compare it with the MD5 checksum we provide (for instance with the md5sum tool under Linux/Unix or md5sum for Windows). How to verify MD5 checksums with Mac OS X is described in the Gentoo PPC FAQ.
• You can verify the cryptographic signature that we provide. You need to obtain the public key we use (0x17072058) before you proceed though.

To fetch our public key using the GnuPG application, run the following command:

$ gpg --keyserver subkeys.pgp.net --recv-keys 0x17072058

Now verify the signature:

$ gpg --verify <signature file> <downloaded iso>

To burn the downloaded ISO(s), you have to select raw-burning. How you do this is highly program-dependent. We will discuss cdrecord and K3B here; more information can be found in our Gentoo FAQ.

• With cdrecord, you simply type cdrecord dev=/dev/hdc <downloaded iso file> (replace /dev/hdc with your CD-RW drive's device path).
• With K3B, select Tools > Burn CD Image. Then you can locate your ISO file within the 'Image to Burn' area. Finally click Start.

Booting the Installation CD on an Apple

Please check the README.kernel on the Installation CD for the latest information on how to boot various kernels and getting hardware support.

Place the Installation CD in the CD-ROM and reboot the system. Hold down the 'C' key at bootup. You will be greeted by a friendly welcome message and a boot: prompt at the bottom of the screen.

You are also able to tweak some kernel options at this prompt. The following table lists the available boot options you can add:

At this prompt, hit enter, and a complete Gentoo Linux environment will be loaded from the CD. Continue with And When You're Booted....

Booting the Installation CD on an IBM pSeries, OpenPower and Power5 iSeries servers

Please check the README.kernel on the Installation CD for the latest information on how to boot various kernels and getting hardware support.

Most modern pSeries servers can boot from the CDROM drive through SMS ('1' when the “IBM IBM IBM” messages flash across the console). On some older pSeries boxes, sometimes the cds might not autoboot. You might have to set up your cdrom as a bootable device in the multi-boot menu. (F1 at startup) The other option is to jump into OF and do it from there:

1. Boot into OF (this is 8 from the serial cons or F8 from a graphics cons, start hitting the key when you see the keyboard mouse etc etc messages.
2. Run the command 0> boot cdrom:1,yaboot
3. Stand back and enjoy!

And When You're Booted...

You will be greeted by a root ("#") prompt on the current console. You can also switch to other consoles by pressing Alt-fn-F2, Alt-fn-F3 and Alt-fn-F4. Get back to the one you started on by pressing Alt-fn-F1.

If you are installing Gentoo on a system with a non-US keyboard, use loadkeys to load the keymap for your keyboard. To list the available keymaps, execute ls /usr/share/keymaps/i386.

(PPC uses x86 keymaps on most systems. The mac/ppc keymaps provided
 on the Installation CD are ADB keymaps and unusable with the 
 Installation CD kernel)
# ls /usr/share/keymaps/i386

Now load the keymap of your choice:

# loadkeys be-latin1

Now continue with Extra Hardware Configuration.

Extra Hardware Configuration

When the Installation CD boots, it tries to detect all your hardware devices and loads the appropriate kernel modules to support your hardware. In the vast majority of cases, it does a very good job. However, in some cases it may not auto-load the kernel modules you need. If the PCI auto-detection missed some of your system's hardware, you will have to load the appropriate kernel modules manually.

In the next example we try to load the 8139too module (support for certain kinds of network interfaces):

# modprobe 8139too

Optional: Tweaking Hard Disk Performance

If you are an advanced user, you might want to tweak the IDE hard disk performance using hdparm. With the -tT options you can test the performance of your disk (execute it several times to get a more precise impression):

# hdparm -tT /dev/hda

To tweak, you can use any of the following examples (or experiment yourself) which use /dev/hda as disk (substitute with your disk):

Activate DMA:
# hdparm -d 1 /dev/hda
Activate DMA + Safe Performance-enhancing Options:
# hdparm -d 1 -A 1 -m 16 -u 1 -a 64 /dev/hda

Optional: User Accounts

If you plan on giving other people access to your installation environment or you want to chat using irssi without root privileges (for security reasons), you need to create the necessary user accounts and change the root password.

To change the root password, use the passwd utility:

# passwd
New password: (Enter your new password)
Re-enter password: (Re-enter your password)

To create a user account, we first enter their credentials, followed by its password. We use useradd and passwd for these tasks. In the next example, we create a user called "john".

# useradd -m -G users john
# passwd john
New password: (Enter john's password)
Re-enter password: (Re-enter john's password)

You can change your user id from root to the newly created user by using su:

# su - john

Optional: Viewing Documentation while Installing

If you want to view the Gentoo Handbook during the installation, make sure you have created a user account (see Optional: User Accounts). Then press Alt-F2 to go to a new terminal and log in.

If you want to view the documentation on the CD you can immediately run links to read it:

# links /mnt/cdrom/docs/handbook/html/index.html

However, it is preferred that you use the online Gentoo Handbook as it will be more recent than the one provided on the CD.

# links http://www.gentoo.org/doc/en/handbook/2007.0/handbook-ppc64.xml

You can go back to your original terminal by pressing Alt-F1.

Optional: Starting the SSH Daemon

If you want to allow other users to access your computer during the Gentoo installation (perhaps because those users are going to help you install Gentoo, or even do it for you), you need to create a user account for them and perhaps even provide them with your root password (only do that if you fully trust that user).

To fire up the SSH daemon, execute the following command:

# /etc/init.d/sshd start

To be able to use sshd, you first need to set up your networking. Continue with the chapter on Configuring your Network.

3. Configuring your Network

3.a. Do you need Networking?

Who can do without?

Generally, you don't need a working network connection to install Gentoo using either the Universal InstallCD or the Installer LiveCD. However, there are some circumstances where you do want to have a working Internet connection:

• The stage3 files that are stored in the Universal InstallCD do not match your architecture and you need to download the correct stage3 file
• The stage3 file that is generated by the Installer LiveCD does not match your architecture and you need to download the correct stage3 file
• You need to install a specific networking application that will allow you to connect to the Internet which isn't available on the Universal InstallCD or the Installer LiveCD, but is supported by the CD (i.e. you can connect to the Internet using the CD but the necessary sources are not available on the CD)
• You want remote assistance during the installation (using SSH or through direct conversations using IRC)

Do I need Networking?

To find out if the stage3 file for your architecture is available and you are using a Universal InstallCD, take a look inside /mnt/cdrom/stages and check if one of the available stages matches your architecture. If not, you can still opt for a stage3 file of an architecture compatible with yours.

The stage3 file built by the x86 Installer LiveCD is optimized for i686 or better and uses NPTL. The stage3 file built by the amd64 Installer LiveCD is optimized for generic amd64 usage and uses NPTL.

If you, on the other hand, want to use a stage3 file optimized for your architecture and the stage3 file of your choice is not available, then you will need networking to download the appropriate stage3 file.

So, if you don't need networking, you can skip the rest of this chapter and continue with Preparing the Disks. Otherwise, continue with the networking configuration sections below.

3.b. Automatic Network Detection

Maybe it just works?

If your system is plugged into an Ethernet network with a DHCP server, it is very likely that your networking configuration has already been set up automatically for you. If so, you should be able to take advantage of the many included network-aware commands on the Installation CD such as ssh, scp, ping, irssi, wget and links, among others.

If networking has been configured for you, the /sbin/ifconfig command should list some network interfaces besides lo, such as eth0:

# /sbin/ifconfig
(...)
eth0      Link encap:Ethernet  HWaddr 00:50:BA:8F:61:7A
          inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::50:ba8f:617a/10 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1498792 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1284980 errors:0 dropped:0 overruns:0 carrier:0
          collisions:1984 txqueuelen:100
          RX bytes:485691215 (463.1 Mb)  TX bytes:123951388 (118.2 Mb)
          Interrupt:11 Base address:0xe800 

Optional: Configure any Proxies

If you access the Internet through a proxy, you might need to set up proxy information during the installation. It is very easy to define a proxy: you just need to define a variable which contains the proxy server information.

In most cases, you can just define the variables using the server hostname. As an example, we assume the proxy is called proxy.gentoo.org and the port is 8080.

(If the proxy filters HTTP traffic)
# export http_proxy="http://proxy.gentoo.org:8080"
(If the proxy filters FTP traffic)
# export ftp_proxy="ftp://proxy.gentoo.org:8080"
(If the proxy filters RSYNC traffic)
# export RSYNC_PROXY="proxy.gentoo.org:8080"

If your proxy requires a username and password, you should use the following syntax for the variable:

http://username:password@proxy.gentoo.org:8080

Testing the Network

You may want to try pinging your ISP's DNS server (found in /etc/resolv.conf) and a Web site of your choice, just to make sure that your packets are reaching the net, DNS name resolution is working correctly, etc.

# ping -c 3 www.gentoo.org

If you are now able to use your network, you can skip the rest of this section and continue with Preparing the Disks. If not, read on.

3.c. Automatic Network Configuration

If the network doesn't work immediately, some installation media allow you to use net-setup (for regular or wireless networks), pppoe-setup (for ADSL-users) or pptp (for PPTP-users - only available on x86).

If your installation medium does not contain any of these tools or your network doesn't function yet, continue with Manual Network Configuration.

• Regular Ethernet users should continue with Default: Using net-setup
• ADSL users should continue with Alternative: Using PPP
• PPTP users should continue with Alternative: Using PPTP

Default: Using net-setup

The simplest way to set up networking if it didn't get configured automatically is to run the net-setup script:

# net-setup eth0

net-setup will ask you some questions about your network environment. When all is done, you should have a working network connection. Test your network connection as stated before. If the tests are positive, congratulations! You are now ready to install Gentoo. Skip the rest of this section and continue with Preparing the Disks.

If your network still doesn't work, continue with Manual Network Configuration.

Alternative: Using PPP

Assuming you need PPPoE to connect to the internet, the Installation CD (any version) has made things easy for you by including ppp. Use the provided pppoe-setup script to configure your connection. You will be prompted for the ethernet device that is connected to your adsl modem, your username and password, the IPs of your DNS servers and if you need a basic firewall or not.

# pppoe-setup
# pppoe-start

If something goes wrong, double-check that you correctly typed your username and password by looking at /etc/ppp/pap-secrets or /etc/ppp/chap-secrets and make sure you are using the right ethernet device. If your ethernet device doesn't exist, you will have to load the appropriate network modules. In that case you should continue with Manual Network Configuration as we explain how to load the appropriate network modules there.

If everything worked, continue with Preparing the Disks.

Alternative: Using PPTP

If you need PPTP support, you can use pptpclient which is provided by our Installation CDs. But first you need to make sure that your configuration is correct. Edit /etc/ppp/pap-secrets or /etc/ppp/chap-secrets so it contains the correct username/password combination:

# nano -w /etc/ppp/chap-secrets

Then adjust /etc/ppp/options.pptp if necessary:

# nano -w /etc/ppp/options.pptp

When all that is done, just run pptp (along with the options you couldn't set in options.pptp) to connect the server:

# pptp <server ip>

Now continue with Preparing the Disks.

3.d. Manual Network Configuration

Loading the Appropriate Network Modules

When the Installation CD boots, it tries to detect all your hardware devices and loads the appropriate kernel modules (drivers) to support your hardware. In the vast majority of cases, it does a very good job. However, in some cases, it may not auto-load the kernel modules you need.

If net-setup or pppoe-setup failed, then it is possible that your network card wasn't found immediately. This means you may have to load the appropriate kernel modules manually.

To find out what kernel modules we provide for networking, use ls:

# ls /lib/modules/`uname -r`/kernel/drivers/net

If you find a driver for your network card, use modprobe to load the kernel module:

(As an example, we load the pcnet32 module)
# modprobe pcnet32

To check if your network card is now detected, use ifconfig. A detected network card would result in something like this:

# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr FE:FD:00:00:00:00  
          BROADCAST NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

If however you receive the following error, the network card is not detected:

# ifconfig eth0
eth0: error fetching interface information: Device not found

If you have multiple network cards in your system they are named eth0, eth1, etc. Make sure that the network card you want to use works well and remember to use the correct naming throughout this document. We will assume that the network card eth0 is used.

Assuming that you now have a detected network card, you can retry net-setup or pppoe-setup again (which should work now), but for the hardcore people amongst you we explain how to configure your network manually.

Select one of the following sections based on your network setup:

• Using DHCP for automatic IP retrieval
• Preparing for Wireless Access if you have a wireless card
• Understanding Network Terminology explains what you need to know about networking
• Using ifconfig and route explains how to set up your networking manually

Using DHCP

DHCP (Dynamic Host Configuration Protocol) makes it possible to automatically receive networking information (IP address, netmask, broadcast address, gateway, nameservers etc.). This only works if you have a DHCP server in your network (or if your provider provides a DHCP service). To have a network interface receive this information automatically, use dhcpcd:

# dhcpcd eth0
Some network admins require that you use the
hostname and domainname provided by the DHCP server.
In that case, use
# dhcpcd -HD eth0

If this works (try pinging some internet server, like Google), then you are all set and ready to continue. Skip the rest of this section and continue with Preparing the Disks.

Preparing for Wireless Access

If you are using a wireless (802.11) card, you may need to configure your wireless settings before going any further. To see the current wireless settings on your card, you can use iwconfig. Running iwconfig might show something like:

# iwconfig eth0
eth0      IEEE 802.11-DS  ESSID:"GentooNode"                                   
          Mode:Managed  Frequency:2.442GHz  Access Point: 00:09:5B:11:CC:F2    
          Bit Rate:11Mb/s   Tx-Power=20 dBm   Sensitivity=0/65535               
          Retry limit:16   RTS thr:off   Fragment thr:off                       
          Power Management:off                                                  
          Link Quality:25/10  Signal level:-51 dBm  Noise level:-102 dBm        
          Rx invalid nwid:5901 Rx invalid crypt:0 Rx invalid frag:0 Tx          
          excessive retries:237 Invalid misc:350282 Missed beacon:84            

For most users, there are only two settings that might be important to change, the ESSID (aka wireless network name) or the WEP key. If the ESSID and Access Point address listed are already that of your access point and you are not using WEP, then your wireless is working. If you need to change your ESSID, or add a WEP key, you can issue the following commands:

(This sets the network name to "GentooNode")
# iwconfig eth0 essid GentooNode

(This sets a hex WEP key)
# iwconfig eth0 key 1234123412341234abcd

(This sets an ASCII key - prefix it with "s:")
# iwconfig eth0 key s:some-password

You can then confirm your wireless settings again by using iwconfig. Once you have wireless working, you can continue configuring the IP level networking options as described in the next section (Understanding Network Terminology) or use the net-setup tool as described previously.

Understanding Network Terminology

If all of the above fails, you will have to configure your network manually. This is not difficult at all. However, you need to be familiar with some network terminology, as you will need it to be able to configure your network to your satisfaction. After reading this, you will know what a gateway is, what a netmask serves for, how a broadcast address is formed and why you need nameservers.

In a network, hosts are identified by their IP address (Internet Protocol address). Such an address is a combination of four numbers between 0 and 255. Well, at least that is how we perceive it. In reality, such an IP address consists of 32 bits (ones and zeros). Let's view an example:

IP Address (numbers):   192.168.0.2
IP Address (bits):      11000000 10101000 00000000 00000010
                        -------- -------- -------- --------
                           192      168       0        2

Such an IP address is unique to a host as far as all accessible networks are concerned (i.e. every host that you are able to reach must have a unique IP address). In order to distinguish between hosts inside and outside a network, the IP address is divided in two parts: the network part and the host part.

The separation is written down with the netmask, a collection of ones followed by a collection of zeros. The part of the IP that can be mapped on the ones is the network-part, the other one is the host-part. As usual, the netmask can be written down as an IP-address.

IP-address:    192      168      0         2
            11000000 10101000 00000000 00000010
Netmask:    11111111 11111111 11111111 00000000
               255      255     255        0
           +--------------------------+--------+
                    Network              Host

In other words, 192.168.0.14 is still part of our example network, but 192.168.1.2 is not.

The broadcast address is an IP-address with the same network-part as your network, but with only ones as host-part. Every host on your network listens to this IP address. It is truly meant for broadcasting packets.

IP-address:    192      168      0         2
            11000000 10101000 00000000 00000010
Broadcast:  11000000 10101000 00000000 11111111
               192      168      0        255
           +--------------------------+--------+
                     Network             Host

To be able to surf on the internet, you must know which host shares the Internet connection. This host is called the gateway. Since it is a regular host, it has a regular IP address (for instance 192.168.0.1).

We previously stated that every host has its own IP address. To be able to reach this host by a name (instead of an IP address) you need a service that translates a name (such as dev.gentoo.org) to an IP address (such as 64.5.62.82). Such a service is called a name service. To use such a service, you must define the necessary name servers in /etc/resolv.conf.

In some cases, your gateway also serves as nameserver. Otherwise you will have to enter the nameservers provided by your ISP.

To summarise, you will need the following information before continuing:

Using ifconfig and route

Setting up your network consists of three steps. First we assign ourselves an IP address using ifconfig. Then we set up routing to the gateway using route. Then we finish up by placing the nameserver IPs in /etc/resolv.conf.

To assign an IP address, you will need your IP address, broadcast address and netmask. Then execute the following command, substituting ${IP_ADDR} with your IP address, ${BROADCAST} with your broadcast address and ${NETMASK} with your netmask:

# ifconfig eth0 ${IP_ADDR} broadcast ${BROADCAST} netmask ${NETMASK} up

Now set up routing using route. Substitute ${GATEWAY} with your gateway IP address:

# route add default gw ${GATEWAY}

Now open /etc/resolv.conf with your favorite editor (in our example, we use nano):

# nano -w /etc/resolv.conf

Now fill in your nameserver(s) using the following as a template. Make sure you substitute ${NAMESERVER1} and ${NAMESERVER2} with the appropriate nameserver addresses:

nameserver ${NAMESERVER1}
nameserver ${NAMESERVER2}

That's it. Now test your network by pinging some Internet server (like Google). If this works, congratulations then. You are now ready to install Gentoo. Continue with Preparing the Disks.

4. Preparing the Disks

4.a. Introduction to Block Devices

Block Devices

We'll take a good look at disk-oriented aspects of Gentoo Linux and Linux in general, including Linux filesystems, partitions and block devices. Then, once you're familiar with the ins and outs of disks and filesystems, you'll be guided through the process of setting up partitions and filesystems for your Gentoo Linux installation.

To begin, we'll introduce block devices. The most famous block device is probably the one that represents the first IDE drive in a Linux system, namely /dev/hda. If your system uses SCSI drives, then your first hard drive would be /dev/sda. Serial ATA drives are also /dev/sda even if they are IDE drives.

The block devices above represent an abstract interface to the disk. User programs can use these block devices to interact with your disk without worrying about whether your drives are IDE, SCSI or something else. The program can simply address the storage on the disk as a bunch of contiguous, randomly-accessible 512-byte blocks.

Partitions and Slices

Although it is theoretically possible to use a full disk to house your Linux system, this is almost never done in practice. Instead, full disk block devices are split up in smaller, more manageable block devices. On most systems, these are called partitions. Other architectures use a similar technique, called slices.

4.b. Designing a Partitioning Scheme

Default Partitioning Scheme

If you are not interested in drawing up a partitioning scheme for your system, you can use the partitioning scheme we use throughout this book:

If you are interested in knowing how big a partition should be, or even how many partitions you need, read on. Otherwise continue now with Apple G5: Using mac-fdisk to Partition your Disk or IBM pSeries: using fdisk to Partition your Disk

How Many and How Big?

The number of partitions is highly dependent on your environment. For instance, if you have lots of users, you will most likely want to have your /home separate as it increases security and makes backups easier. If you are installing Gentoo to perform as a mailserver, your /var should be separate as all mails are stored inside /var. A good choice of filesystem will then maximise your performance. Gameservers will have a separate /opt as most gaming servers are installed there. The reason is similar for /home: security and backups. You will definitely want to keep /usr big: not only will it contain the majority of applications, the Portage tree alone takes around 500 Mbyte excluding the various sources that are stored in it.

As you can see, it very much depends on what you want to achieve. Separate partitions or volumes have the following advantages:

• You can choose the best performing filesystem for each partition or volume
• Your entire system cannot run out of free space if one defunct tool is continuously writing files to a partition or volume
• If necessary, file system checks are reduced in time, as multiple checks can be done in parallel (although this advantage is more with multiple disks than it is with multiple partitions)
• Security can be enhanced by mounting some partitions or volumes read-only, nosuid (setuid bits are ignored), noexec (executable bits are ignored) etc.

However, multiple partitions have one big disadvantage: if not configured properly, you might result in having a system with lots of free space on one partition and none on another. There is also a 15-partition limit for SCSI and SATA.

4.c. Default: Using mac-fdisk (Apple G5) to Partition your Disk

At this point, create your partitions using mac-fdisk:

# mac-fdisk /dev/sda

First delete the partitions you have cleared previously to make room for your Linux partitions. Use d in mac-fdisk to delete those partition(s). It will ask for the partition number to delete.

Second, create an Apple_Bootstrap partition by using b. It will ask for what block you want to start. Enter the number of your first free partition, followed by a p. For instance this is 2p.

Now create a swap partition by pressing c. Again mac-fdisk will ask for what block you want to start this partition from. As we used 2 before to create the Apple_Bootstrap partition, you now have to enter 3p. When you're asked for the size, enter 512M (or whatever size you want). When asked for a name, enter swap (mandatory).

To create the root partition, enter c, followed by 4p to select from what block the root partition should start. When asked for the size, enter 4p again. mac-fdisk will interpret this as "Use all available space". When asked for the name, enter root (mandatory).

To finish up, write the partition to the disk using w and q to quit mac-fdisk.

Now that your partitions are created, you can now continue with Creating Filesystems.

4.d. IBM pSeries, iSeries and OpenPower: using fdisk to Partition your Disk

If you have an ipr-based SCSI adapter, you should start the ipr utilities now.

# /etc/init.d/iprinit start

The following parts explain how to create the example partition layout described previously, namely:

Change your partition layout according to your own preference.

Viewing the Current Partition Layout

fdisk is a popular and powerful tool to split your disk into partitions. Fire up fdisk on your disk (in our example, we use /dev/sda):

# fdisk /dev/sda

Once in fdisk, you'll be greeted with a prompt that looks like this:

Command (m for help):

Type p to display your disk's current partition configuration:

Command (m for help): p

Disk /dev/sda: 30.7 GB, 30750031872 bytes
141 heads, 63 sectors/track, 6761 cylinders
Units = cylinders of 8883 * 512 = 4548096 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1          12       53266+  83  Linux
/dev/sda2              13         233      981571+  82  Linux swap
/dev/sda3             234         674     1958701+  83  Linux
/dev/sda4             675        6761    27035410+   5  Extended
/dev/sda5             675        2874     9771268+  83  Linux
/dev/sda6            2875        2919      199836   83  Linux
/dev/sda7            2920        3008      395262   83  Linux
/dev/sda8            3009        6761    16668918   83  Linux

Command (m for help):

This particular disk is configured to house six Linux filesystems (each with a corresponding partition listed as "Linux") as well as a swap partition (listed as "Linux swap").

Removing all Partitions

We will first remove all existing partitions from the disk. Type d to delete a partition. For instance, to delete an existing /dev/sda1:

Command (m for help): d
Partition number (1-4): 1

The partition has been scheduled for deletion. It will no longer show up if you type p, but it will not be erased until your changes have been saved. If you made a mistake and want to abort without saving your changes, type q immediately and hit enter and your partition will not be deleted.

Now, assuming that you do indeed want to wipe out all the partitions on your system, repeatedly type p to print out a partition listing and then type d and the number of the partition to delete it. Eventually, you'll end up with a partition table with nothing in it:

Disk /dev/sda: 30.7 GB, 30750031872 bytes
141 heads, 63 sectors/track, 6761 cylinders
Units = cylinders of 8883 * 512 = 4548096 bytes

Device Boot    Start       End    Blocks   Id  System

Command (m for help):

Now that the in-memory partition table is empty, we're ready to create the partitions. We will use a default partitioning scheme as discussed previously. Of course, don't follow these instructions to the letter if you don't want the same partitioning scheme!

Creating the PPC PReP boot partition

We first create a small PReP boot partition. Type n to create a new partition, then p to select a primary partition, followed by 1 to select the first primary partition. When prompted for the first cylinder, hit enter. When prompted for the last cylinder, type +7M to create a partition 7 Mbyte in size. After you've done this, type t to set the partition type, 1 to select the partition you just created and then type in 41 to set the partition type to "PPC PReP Boot". Finally, you'll need to mark the PReP partition as bootable.

Command (m for help): p

Disk /dev/sda: 30.7 GB, 30750031872 bytes
141 heads, 63 sectors/track, 6761 cylinders
Units = cylinders of 8883 * 512 = 4548096 bytes

   Device Boot      Start         End      Blocks   Id  System

Command (m for help): n
Command action
      e   extended
      p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-6761, default 1): 
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-6761, default
6761): +8M

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 41
Changed system type of partition 1 to 41 (PPC PReP Boot)

Command (m for help): a
Partition number (1-4): 1
Command (m for help):

Now, when you type p, you should see the following partition information:

Command (m for help): p

Disk /dev/sda: 30.7 GB, 30750031872 bytes
141 heads, 63 sectors/track, 6761 cylinders
Units = cylinders of 8883 * 512 = 4548096 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1  *            1           3       13293   41  PPC PReP Boot

Command (m for help):

Creating the Swap Partition

Let's now create the swap partition. To do this, type n to create a new partition, then p to tell fdisk that you want a primary partition. Then type 2 to create the second primary partition, /dev/sda2 in our case. When prompted for the first cylinder, hit enter. When prompted for the last cylinder, type +512M to create a partition 512MB in size. After you've done this, type t to set the partition type, 2 to select the partition you just created and then type in 82 to set the partition type to "Linux Swap". After completing these steps, typing p should display a partition table that looks similar to this:

Command (m for help): p

Disk /dev/sda: 30.7 GB, 30750031872 bytes
141 heads, 63 sectors/track, 6761 cylinders
Units = cylinders of 8883 * 512 = 4548096 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1           3       13293   41  PPC PReP Boot
/dev/sda2               4         117      506331   82  Linux swap

Command (m for help):

Creating the Root Partition

Finally, let's create the root partition. To do this, type n to create a new partition, then p to tell fdisk that you want a primary partition. Then type 3 to create the third primary partition, /dev/sda3 in our case. When prompted for the first cylinder, hit enter. When prompted for the last cylinder, hit enter to create a partition that takes up the rest of the remaining space on your disk. After completing these steps, typing p should display a partition table that looks similar to this:

Command (m for help): p

Disk /dev/sda: 30.7 GB, 30750031872 bytes
141 heads, 63 sectors/track, 6761 cylinders
Units = cylinders of 8883 * 512 = 4548096 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1           3       13293   41  PPC PReP Boot
/dev/sda2               4         117      506331   82  Linux swap
/dev/sda3             118        6761    29509326   83  Linux

Command (m for help):

Saving the Partition Layout

To save the partition layout and exit fdisk, type w.

Command (m for help): w

Now that your partitions are created, you can now continue with Creating Filesystems.

4.e. Creating Filesystems

Introduction

Now that your partitions are created, it is time to place a filesystem on them. If you don't care about what filesystem to choose and are happy with what we use as default in this handbook, continue with Applying a Filesystem to a Partition. Otherwise read on to learn about the available filesystems...

Filesystems?

ext2 is the tried and true Linux filesystem but doesn't have metadata journaling, which means that routine ext2 filesystem checks at startup time can be quite time-consuming. There is now quite a selection of newer-generation journaled filesystems that can be checked for consistency very quickly and are thus generally preferred over their non-journaled counterparts. Journaled filesystems prevent long delays when you boot your system and your filesystem happens to be in an inconsistent state.

ext3 is the journaled version of the ext2 filesystem, providing metadata journaling for fast recovery in addition to other enhanced journaling modes like full data and ordered data journaling. It uses an HTree index that enables high performance in almost all situations. In short, ext3 is a very good and reliable filesystem.

ReiserFS is a B+tree-based filesystem that has very good overall performance and greatly outperforms both ext2 and ext3 when dealing with small files (files less than 4k), often by a factor of 10x-15x. ReiserFS also scales extremely well and has metadata journaling. ReiserFS is solid and usable as both general-purpose filesystem and for extreme cases such as the creation of large filesystems, very large files and directories containing tens of thousands of small files.

XFS is a filesystem with metadata journaling that is fully supported under Gentoo Linux's xfs-sources kernel. It comes with a robust feature-set and is optimized for scalability. We only recommend using this filesystem on Linux systems with high-end SCSI and/or fibre channel storage and a uninterruptible power supply. Because XFS aggressively caches in-transit data in RAM, improperly designed programs (those that don't take proper precautions when writing files to disk and there are quite a few of them) can lose a good deal of data if the system goes down unexpectedly.

JFS is IBM's high-performance journaling filesystem. It has recently become production-ready.

Applying a Filesystem to a Partition

To create a filesystem on a partition or volume, there are tools available for each possible filesystem:

For instance, to have the root partition (/dev/sda4 in our example) in ext3 (as in our example), you would use:

# mke2fs -j /dev/sda4

Now create the filesystems on your newly created partitions (or logical volumes).

Activating the Swap Partition

mkswap is the command that is used to initialize swap partitions:

# mkswap /dev/sda3

To activate the swap partition, use swapon:

# swapon /dev/sda3

Create and activate the swap with the commands mentioned above.

4.f. Mounting

Now that your partitions are initialized and are housing a filesystem, it is time to mount those partitions. Use the mount command. Don't forget to create the necessary mount directories for every partition you created. As an example we create a mount point and mount the root partition:

# mkdir /mnt/gentoo
# mount /dev/sda4 /mnt/gentoo 

Continue with Installing the Gentoo Installation Files.

5. Installing the Gentoo Installation Files

5.a. Installing a Stage Tarball

Setting the Date/Time Right

Before you continue you need to check your date/time and update it. A misconfigured clock may lead to strange results in the future!

To verify the current date/time, run date:

# date
Fri Mar 29 16:21:18 UTC 2005

If the date/time displayed is wrong, update it using the date MMDDhhmmYYYY syntax (Month, Day, hour, minute and Year). At this stage, you should use UTC time. You will be able to define your timezone later on. For instance, to set the date to March 29th, 16:21 in the year 2005:

# date 032916212005

5.b. Default: Using a Stage from the Installation CD

Extracting the Stage Tarball

The stages on the CD reside in the /mnt/cdrom/stages directory. To see a listing of available stages, use ls:

# ls /mnt/cdrom/stages

If the system replies with an error, you may need to mount the CD-ROM first:

# ls /mnt/cdrom/stages
ls: /mnt/cdrom/stages: No such file or directory
# mount /dev/cdroms/cdrom0 /mnt/cdrom
# ls /mnt/cdrom/stages

Now go into your Gentoo mountpoint (usually /mnt/gentoo):

# cd /mnt/gentoo

We will now extract the stage tarball of your choice. We will do this with the tar tool. Make sure you use the same options (xvjpf)! The x stands for Extract, the v for Verbose to see what happens during the extraction process (this one is optional), the j for Decompress with bzip2, the p for Preserve permissions and the f to denote that we want to extract a file, not standard input. In the next example, we extract the stage tarball stage3-ppc64-32ul-2007.0.tar.bz2. Be sure to substitute the tarball filename with your stage.

# tar xvjpf /mnt/cdrom/stages/stage3-ppc64-32ul-2007.0.tar.bz2

Now that the stage is installed, continue with Installing Portage.

Unpacking the Stage Tarball

Now unpack your downloaded stage onto your system. We use tar to proceed as it is the easiest method:

# tar xvjpf stage3-*.tar.bz2

Make sure that you use the same options (xvjpf). The x stands for Extract, the v for Verbose to see what happens during the extraction process (this one is optional), the j for Decompress with bzip2, the p for Preserve permissions and the f to denote that we want to extract a file, not standard input.

Now that the stage is installed, continue with Installing Portage.

5.c. Installing Portage

Unpacking a Portage Snapshot

You now have to install a Portage snapshot, a collection of files that inform Portage what software titles you can install, which profiles are available, etc.

Unpack the Snapshot from the Installation CD

To install the snapshot, take a look inside /mnt/cdrom/snapshots/ to see what snapshot is available:

# ls /mnt/cdrom/snapshots

Now extract the snapshot using the following construct. Again, make sure you use the correct options with tar. Also, the -C is with a capital C, not c. In the next example we use portage-<date>.tar.bz2 as the snapshot filename. Be sure to substitute with the name of the snapshot that is on your Installation CD.

# tar xvjf /mnt/cdrom/snapshots/portage-<date>.tar.bz2 -C /mnt/gentoo/usr

Copy Source Code Archives

You also need to copy over all source code from the Universal Installation CD.

# mkdir /mnt/gentoo/usr/portage/distfiles
# cp /mnt/cdrom/distfiles/* /mnt/gentoo/usr/portage/distfiles/

5.d. Configuring the Compile Options

Introduction

To optimize Gentoo, you can set a couple of variables which impact Portage behaviour. All those variables can be set as environment variables (using export) but that isn't permanent. To keep your settings, Portage provides you with /etc/make.conf, a configuration file for Portage. It is this file we will edit now.

Fire up your favorite editor (in this guide we use nano) so we can alter the optimization variables we will discuss hereafter.

# nano -w /mnt/gentoo/etc/make.conf

As you probably noticed, the make.conf.example file is structured in a generic way: commented lines start with "#", other lines define variables using the VARIABLE="content" syntax. The make.conf file uses the same syntax. Several of those variables are discussed next.

CHOST

The CHOST variable declares the target build host for your system. This variable should already be set to the correct value. Do not edit it as that might break your system. If the CHOST variable does not look correct to you, you might be using the wrong stage3 tarball.

CFLAGS and CXXFLAGS

The CFLAGS and CXXFLAGS variables define the optimization flags for the gcc C and C++ compiler respectively. Although we define those generally here, you will only have maximum performance if you optimize these flags for each program separately. The reason for this is because every program is different.

In make.conf you should define the optimization flags you think will make your system the most responsive generally. Don't place experimental settings in this variable; too much optimization can make programs behave bad (crash, or even worse, malfunction).

We cannot explain all possible optimization options here, but if you want to investigate them all, read the GNU Online Manual(s) or the gcc info page (info gcc -- only works on a working Linux system). For common optimizations and architecture specific settings, please read /etc/make.conf.example. This file also contains lots of examples and information; don't forget to read it too.

A first setting is the -march= or -mcpu= flag, which specifies the name of the target architecture. Possible options are described in the make.conf.example file (as comments).

A second one is the -O flag (that is a capital O, not a zero), which specifies the gcc optimization class flag. Possible classes are s (for size-optimized), 0 (zero - for no optimizations), 1, 2 or 3 for more speed-optimization flags (every class has the same flags as the one before, plus some extras). -O2 is the recommended default.

Another popular optimization flag is -pipe (use pipes rather than temporary files for communication between the various stages of compilation). It has no impact on the generated code.

Using -fomit-frame-pointer (which doesn't keep the frame pointer in a register for functions that don't need one) might have serious repercussions on the debugging of applications.

When you define the CFLAGS and CXXFLAGS, you should combine several optimization flags. The default values contained in the stage3 archive you unpacked should be good enough. The following example is just an example:

CFLAGS="-O2 -pipe"
# Use the same settings for both variables
CXXFLAGS="${CFLAGS}"

MAKEOPTS

With MAKEOPTS you define how many parallel compilations should occur when you install a package. A good choice is the number of CPUs in your system plus one, but this guideline isn't always perfect.

MAKEOPTS="-j2"

Ready, Set, Go!

Update your /mnt/gentoo/etc/make.conf to your own preference and save (nano users would hit Ctrl-X). You are now ready to continue with Chrooting into the Gentoo Base System.

6. Chrooting into the Gentoo Base System

6.a. Chrooting

Mounting the /proc and /dev Filesystems

Mount the /proc filesystem on /mnt/gentoo/proc to allow the installation to use the kernel-provided information within the chrooted environment, and then mount-bind the /dev filesystem.

# mount -t proc none /mnt/gentoo/proc
# mount -o bind /dev /mnt/gentoo/dev

Entering the new Environment

Now that all partitions are initialized and the base environment installed, it is time to enter our new installation environment by chrooting into it. This means that we change from the current installation environment to your installation system (namely the initialized partitions).

This chrooting is done in three steps. First we will change the root from / (on the installation medium) to /mnt/gentoo (on your partitions) using chroot. Then we will create a new environment using env-update, which essentially creates environment variables. Finally, we load those variables into memory using source.

# chroot /mnt/gentoo /bin/bash
# env-update
>>> Regenerating /etc/ld.so.cache...
# source /etc/profile
# export PS1="(chroot) $PS1"

Congratulations! You are now inside your own Gentoo Linux environment. Of course it is far from finished, which is why the installation still has some sections left :-)

Creating the Portage cache

You have already installed the Portage tree, but you should now build the Portage cache to speed up future emerges. emerge --metadata does this for you.

# emerge --metadata

6.b. Configuring the USE Variable

What is the USE Variable?

USE is one of the most powerful variables Gentoo provides to its users. Several programs can be compiled with or without optional support for certain items. For instance, some programs can be compiled with gtk-support, or with qt-support. Others can be compiled with or without SSL support. Some programs can even be compiled with framebuffer support (svgalib) instead of X11 support (X-server).

Most distributions compile their packages with support for as much as possible, increasing the size of the programs and startup time, not to mention an enormous amount of dependencies. With Gentoo you can define what options a package should be compiled with. This is where USE comes into play.

In the USE variable you define keywords which are mapped onto compile-options. For instance, ssl will compile ssl-support in the programs that support it. -X will remove X-server support (note the minus sign in front). gnome gtk -kde -qt3 -qt4 will compile your programs with gnome (and gtk) support, and not with kde (and qt) support, making your system fully tweaked for GNOME.

Modifying the USE Variable

The default USE settings are placed in /etc/make.profile/make.defaults. What you place in /etc/make.conf is calculated against these defaults settings. If you add something to the USE setting, it is added to the default list. If you remove something from the USE setting (by placing a minus sign in front of it) it is removed from the default list (if it was in the default list at all). Never alter anything inside the /etc/make.profile directory; it gets overwritten when you update Portage!

A full description on USE can be found in the second part of the Gentoo Handbook, USE flags. A full description on the available USE flags can be found on your system in /usr/portage/profiles/use.desc.

# less /usr/portage/profiles/use.desc
(You can scroll using your arrow keys, exit by pressing 'q')

As an example we show a USE setting for a KDE-based system with DVD, ALSA and CD Recording support:

# nano -w /etc/make.conf

USE="-gtk -gnome qt3 qt4 kde dvd alsa cdr"

7. Configuring the Kernel

5.a. Timezone

You first need to select your timezone so that your system knows where it is located. Look for your timezone in /usr/share/zoneinfo, then copy it to /etc/localtime. Please avoid the /usr/share/zoneinfo/Etc/GMT* timezones as their names do not indicate the expected zones. For instance, GMT-8 is in fact GMT+8.

# ls /usr/share/zoneinfo
(Suppose you want to use GMT)
# cp /usr/share/zoneinfo/GMT /etc/localtime

7.b. Installing the Sources

Choosing a Kernel

The core around which all distributions are built is the Linux kernel. It is the layer between the user programs and your system hardware. Gentoo provides its users several possible kernel sources. A full listing with description is available at the Gentoo Kernel Guide.

For PPC64 you should use gentoo-sources.

# emerge gentoo-sources

When you take a look in /usr/src you should see a symlink called linux pointing to your kernel source. In this case, the installed kernel source points to gentoo-sources-2.6.19-r7. Your version may be different, so keep this in mind.

# ls -l /usr/src/linux
lrwxrwxrwx    1 root    root       12 Aug 10 11:04 /usr/src/linux -> linux-2.6.19-r7

Now it is time to configure and compile your kernel source. There is the ability to use "genkernel" which would create a generic kernel like the ones used on the installation CDs, but it is not fully functional for PPC64 at the moment.

Continue now with Manual Configuration.

7.c. Manual Configuration

Introduction

Manually configuring a kernel is often seen as the most difficult procedure a Linux user ever has to perform. Nothing is less true -- after configuring a couple of kernels you don't even remember that it was difficult ;)

However, one thing is true: you must know your system when you configuring a kernel manually. Most information can be gathered by emerging pciutils (emerge pciutils) which contains lspci. You will now be able to use lspci within the chrooted environment. You may safely ignore any pcilib warnings (like pcilib: cannot open /sys/bus/pci/devices) that lspci throws out. Alternatively, you can run lspci from a non-chrooted environment. The results are the same. You can also run lsmod to see what kernel modules the Installation CD uses (it might provide you with a nice hint on what to enable).

# cd /usr/src/linux
Important: In case you are in 32-bit userland, you must edit the top
level Makefile in /usr/src/linux and change the CROSS_COMPILE option to
CROSS_COMPILE ?= powerpc64-unknown-linux-gnu-. You must do this before you run
make menuconfig or it may result in kernel compilation problems.
# make menuconfig

You will be greeted with several configuration sections. We'll first list some options you must activate (otherwise Gentoo will not function, or not function properly without additional tweaks).

Activating Required Options

First of all, activate the use of development and experimental code/drivers. You need this, otherwise some very important code/drivers won't show up:

General setup --->
  [*] Prompt for development and/or incomplete code/drivers

Now go to File Systems and select support for the filesystems you use. Don't compile them as modules, otherwise your Gentoo system will not be able to mount your partitions. Also select Virtual memory, /proc file system, and /dev/pts file system for Unix98 PTYs:

File systems --->
  [*] Virtual memory file system support (former shm fs)
  [*] /proc file system support
  [*] /dev/pts file system for Unix98 PTYs

(Select one or more of the following options as needed by your system)
  <*> Reiserfs support
  <*> Ext3 journalling file system support
  <*> JFS filesystem support
  <*> Second extended fs support
  <*> XFS filesystem support

If you are using PPPoE to connect to the Internet or you are using a dial-up modem, you will need the following options in the kernel (you will find the mentioned options under Networking support which is a subpart of Device Drivers):

Network device support --->
  <*> PPP (point-to-point protocol) support
  <*>   PPP support for async serial ports
  <*>   PPP support for sync tty ports

The two compression options won't harm but are not definitely needed, neither does the PPP over Ethernet option, that might only be used by ppp when configured to do kernel mode PPPoE.

If you require it, don't forget to include support in the kernel for your ethernet card.

Disable ADB raw keycodes:

Macintosh Device Drivers --->
  [ ] Support for ADB raw keycodes

When you're done configuring your kernel, continue with Compiling and Installing.

Compiling and Installing

Now that your kernel is configured, it is time to compile and install it. Exit the configuration and start the compilation process:

# make && make modules_install

When the kernel has finished compiling, copy the kernel image to /boot. Remember to replace <kernel-version> with your actual kernel version:

# cp vmlinux /boot/<kernel-version>

Now continue with Configuring the Modules.

7.d. Configuring the Modules

You should list the modules you want automatically loaded in /etc/modules.autoload.d/kernel-2.6. You can add extra options to the modules too if you want.

To view all available modules, run the following find command. Don't forget to substitute "<kernel version>" with the version of the kernel you just compiled:

# find /lib/modules/<kernel version>/ -type f -iname '*.o' -or -iname '*.ko'

For instance, to automatically load the 3c59x.ko module, edit the kernel-2.6 file and enter the module name in it.

# nano -w /etc/modules.autoload.d/kernel-2.6

3c59x

Continue the installation with Configuring your System.

8. Configuring your System

5.a. Filesystem Information

What is fstab?

Under Linux, all partitions used by the system must be listed in /etc/fstab. This file contains the mountpoints of those partitions (where they are seen in the file system structure), how they should be mounted and with what special options (automatically or not, whether users can mount them or not, etc.)

Creating /etc/fstab

/etc/fstab uses a special syntax. Every line consists of six fields, separated by whitespace (space(s), tabs or a mixture). Each field has its own meaning:

• The first field shows the partition described (the path to the device file)
• The second field shows the mountpoint at which the partition should be mounted
• The third field shows the filesystem used by the partition
• The fourth field shows the mountoptions used by mount when it wants to mount the partition. As every filesystem has its own mountoptions, you are encouraged to read the mount man page (man mount) for a full listing. Multiple mountoptions are comma-separated.
• The fifth field is used by dump to determine if the partition needs to be dumped or not. You can generally leave this as 0 (zero).
• The sixth field is used by fsck to determine the order in which filesystems should be checked if the system wasn't shut down properly. The root filesystem should have 1 while the rest should have 2 (or 0 if a filesystem check isn't necessary).

# nano -w /etc/fstab

Add the rules that match your partitioning scheme and append rules for your CD-ROM drive(s), and of course, if you have other partitions or drives, for those too.

Now use the example below to create your /etc/fstab:

/dev/sda4   /            ext3    noatime              0 1
/dev/sda3   none         swap    sw                   0 0

/dev/cdrom  /mnt/cdrom   auto    noauto,user          0 0

auto makes mount guess for the filesystem (recommended for removable media as they can be created with one of many filesystems) and user makes it possible for non-root users to mount the CD.

To improve performance, most users would want to add the noatime mount option, which results in a faster system since access times aren't registered (you don't need those generally anyway).

Double-check your /etc/fstab, save and quit to continue.

8.b. Networking Information

Hostname, Domainname etc.

One of the choices the user has to make is name his/her PC. This seems to be quite easy, but lots of users are having difficulties finding the appropriate name for their Linux-pc. To speed things up, know that any name you choose can be changed afterwards. For all we care, you can just call your system tux and domain homenetwork.

We use these values in the next examples. First we set the hostname:

# nano -w /etc/conf.d/hostname

(Set the HOSTNAME variable to your hostname)
HOSTNAME="tux"

Second, if you need a domainname, set it in /etc/conf.d/net. You only need a domain if your ISP or network administrator says so, or if you have a DNS server but not a DHCP server. You don't need to worry about DNS or domainnames if your networking is setup for DHCP.

# nano -w /etc/conf.d/net

(Set the dns_domain variable to your domain name)
dns_domain_lo="homenetwork"

If you have a NIS domain (if you don't know what that is, then you don't have one), you need to define that one too:

# nano -w /etc/conf.d/net

(Set the nis_domain variable to your NIS domain name)
nis_domain_lo="my-nisdomain"

Configuring your Network

Before you get that "Hey, we've had that already"-feeling, you should remember that the networking you set up in the beginning of the Gentoo installation was just for the installation. Right now you are going to configure networking for your Gentoo system permanently.

All networking information is gathered in /etc/conf.d/net. It uses a straightforward yet not intuitive syntax if you don't know how to set up networking manually. But don't fear, we'll explain everything. A fully commented example that covers many different configurations is available in /etc/conf.d/net.example.

DHCP is used by default and does not require any further configuration.

If you need to configure your network connection either because you need specific DHCP options or because you do not use DHCP at all, open /etc/conf.d/net with your favorite editor (nano is used in this example):

# nano -w /etc/conf.d/net

You will see the following file:

# This blank configuration will automatically use DHCP for any net.*
# scripts in /etc/init.d.  To create a more complete configuration,
# please review /etc/conf.d/net.example and save your configuration
# in /etc/conf.d/net (this file :]!).

To enter your own IP address, netmask and gateway, you need to set both config_eth0 and routes_eth0:

config_eth0=( "192.168.0.2 netmask 255.255.255.0 brd 192.168.0.255" )
routes_eth0=( "default via 192.168.0.1" )

To use DHCP and add specific DHCP options, define config_eth0 and dhcp_eth0:

config_eth0=( "dhcp" )
dhcp_eth0="nodns nontp nonis"

Please read /etc/conf.d/net.example for a list of all available options.

If you have several network interfaces repeat the above steps for config_eth1, config_eth2, etc.

Now save the configuration and exit to continue.

Automatically Start Networking at Boot

To have your network interfaces activated at boot, you need to add them to the default runlevel.

# rc-update add net.eth0 default

If you have several network interfaces, you need to create the appropriate net.eth1, net.eth2 etc. initscripts for those. You can use ln to do this:

# cd /etc/init.d
# ln -s net.lo net.eth1
# rc-update add net.eth1 default

Writing Down Network Information

You now need to inform Linux about your network. This is defined in /etc/hosts and helps in resolving hostnames to IP addresses for hosts that aren't resolved by your nameserver. You need to define your system. You may also want to define other systems on your network if you don't want to set up your own internal DNS system.

# nano -w /etc/hosts

(This defines the current system)
127.0.0.1     tux.homenetwork tux localhost

(Define extra systems on your network,
they need to have a static IP to be defined this way.)
192.168.0.5   jenny.homenetwork jenny
192.168.0.6   benny.homenetwork benny

Save and exit the editor to continue.

If you don't have PCMCIA, you can now continue with System Information. PCMCIA-users should read the following topic on PCMCIA.

Optional: Get PCMCIA Working

PCMCIA users should first install the pcmciautils package.

# emerge pcmciautils

8.c. System Information

Root Password

First we set the root password by typing:

# passwd

If you want root to be able to log on through the serial console, add tts/0 to /etc/securetty:

# echo "tts/0" >> /etc/securetty

System Information

Gentoo uses /etc/rc.conf for general, system-wide configuration. Open up /etc/rc.conf and enjoy all the comments in that file :)

# nano -w /etc/rc.conf

When you're finished configuring /etc/rc.conf, save and exit.

As you can see, this file is well commented to help you set up the necessary configuration variables. You can configure your system to use unicode and define your default editor and your display manager (like gdm or kdm).

Gentoo uses /etc/conf.d/keymaps to handle keyboard configuration. Edit it to configure your keyboard.

# nano -w /etc/conf.d/keymaps

Take special care with the KEYMAP variable. If you select the wrong KEYMAP, you will get weird results when typing on your keyboard.

When you're finished configuring /etc/conf.d/keymaps, save and exit.

Gentoo uses /etc/conf.d/clock to set clock options. Edit it according to your needs.

# nano -w /etc/conf.d/clock

If your hardware clock is not using UTC, you need to add CLOCK="local" to the file. Otherwise you will notice some clock skew.

You should define the timezone that you previously copied to /etc/localtime so that further upgrades of the sys-libs/timezone-data package can update /etc/localtime automatically. For instance, if you used the GMT timezone, you would add TIMEZONE="GMT"

When you're finished configuring /etc/conf.d/clock, save and exit.

Configuring the Console

If you are using a virtual console, you must uncomment the appropriate line in /etc/inittab for the virtual console to spawn a login prompt.

hvc0:12345:respawn:/sbin/agetty -L 9600 hvc0
hvsi:12345:respawn:/sbin/agetty -L 19200 hvsi0

You should also take this time to verify that the appropriate console is listed in /etc/securetty.

You may now continue with Installing Necessary System Tools.

9. Installing Necessary System Tools

9.a. System Logger

Some tools are missing from the stage3 archive because several packages provide the same functionality. It is now up to you to choose which ones you want to install.

The first tool you need to decide on has to provide logging facilities for your system. Unix and Linux have an excellent history of logging capabilities -- if you want you can log everything that happens on your system in logfiles. This happens through the system logger.

Gentoo offers several system loggers to choose from. There are sysklogd, which is the traditional set of system logging daemons, syslog-ng, an advanced system logger, and metalog which is a highly-configurable system logger. Others might be available through Portage as well - our number of available packages increases on a daily basis.

If you plan on using sysklogd or syslog-ng you might want to install logrotate afterwards as those system loggers don't provide any rotation mechanism for the log files.

To install the system logger of your choice, emerge it and have it added to the default runlevel using rc-update. The following example installs syslog-ng. Of course substitute with your system logger:

# emerge syslog-ng
# rc-update add syslog-ng default

9.b. Optional: Cron Daemon

Next is the cron daemon. Although it is optional and not required for your system, it is wise to install one. But what is a cron daemon? A cron daemon executes scheduled commands. It is very handy if you need to execute some command regularly (for instance daily, weekly or monthly).

We only provide vixie-cron for networkless installations. If you want another cron daemon you can wait and install it later on.

# emerge vixie-cron
# rc-update add vixie-cron default

9.c. Optional: File Indexing

If you want to index your system's files so you are able to quickly locate them using the locate tool, you need to install sys-apps/slocate.

# emerge slocate

9.d. File System Tools

Depending on what file systems you are using, you need to install the necessary file system utilities (for checking the filesystem integrity, creating additional file systems etc.).

The following table lists the tools you need to install if you use a certain file system. Not all filesystems are available for each and every architecture though.

If you are an EVMS user, you need to install emvs:

# USE="-gtk" emerge evms

The USE="-gtk" will prevent the installation of dependencies. If you want to enable the evms graphical tools, you can recompile evms later on.

Optional: RAID utilities for IBM hardware

If you are using SCSI RAID on a POWER5-based system, you should consider installing the iprutils which will allow you to work with the RAID disk array, get status on the disks in the arrays, and update microcode among other functions.

# emerge iprutils

9.e. Networking Tools

If you don't require any additional networking-related tools (such as ppp or a dhcp client) continue with Configuring the Bootloader.

Optional: Installing a DHCP Client

If you require Gentoo to automatically obtain an IP address for your network interface(s), you need to install dhcpcd (or any other DHCP Client) on your system. If you don't do this now, you might not be able to connect to the internet after the installation!

# emerge dhcpcd

Optional: Installing a PPPoE Client

If you need ppp to connect to the net, you need to install it.

# emerge ppp

Now continue with Configuring the Bootloader.

10. Configuring the Bootloader

10.a. Making your Choice

Introduction

Now that your kernel is configured and compiled and the necessary system configuration files are filled in correctly, it is time to install a program that will fire up your kernel when you start the system. Such a program is called a bootloader.

On Linux/PPC64 we have only yaBoot as a bootloader until grub2 is finished.

10.b. Using yaBoot

Introduction

There are two ways to configure yaBoot for your system. You can use the new and improved yabootconfig included with yaboot-1.3.8-r1 and later to automatically set up yaboot. If for some reason you do not want to run yabootconfig to automatically set up /etc/yaboot.conf or you are installing Gentoo on a G5 (on which yabootconfig does not always work), you can just edit the sample file already installed on your system.

# emerge hfsutils hfsplusutils

(64bit userland)
# emerge --update yaboot-static
(32bit userland)
# emerge --update yaboot

• Default: Using yabootconfig
• Alternative: Manual yaBoot Configuration

Default: Using yabootconfig

yabootconfig will auto-detect the partitions on your machine and will set up dual and triple boot combinations with Linux, Mac OS, and Mac OS X.

To use yabootconfig, your drive must have a bootstrap partition, and /etc/fstab must be configured with your Linux partitions. Both of these should have been done already in the steps above. To start, ensure that you have the latest version of yaboot installed by running emerge --update yaboot-static. This is necessary as the latest version will be available via Portage, but it may not have made it into the stage files.

Now run yabootconfig. The program will run and it will confirm the location of the bootstrap partition. Type Y if it is correct. If not, double check /etc/fstab. yabootconfig will then scan your system setup, create /etc/yaboot.conf and run mkofboot for you. mkofboot is used to format the bootstrap partition, and install the yaboot configuration file into it.

You might want to verify the contents of /etc/yaboot.conf. If you make changes to /etc/yaboot.conf (like setting the default/boot OS), make sure to rerun ybin -v to apply changes to the bootstrap partition.

Now continue with Rebooting your System.

Alternative: Manual yaBoot Configuration

Below you find a completed yaboot.conf file. Alter it at will.

## /etc/yaboot.conf
##
## run: "man yaboot.conf" for details. Do not make changes until you have!!
## see also: /usr/share/doc/yaboot/examples for example configurations.
##
## For a dual-boot menu, add one or more of:
## bsd=/dev/hdaX, macos=/dev/hdaY, macosx=/dev/hdaZ

## our bootstrap partition:

boot=/dev/hda2

## ofboot is the Open Firmware way to specify the bootstrap partition.
## If this isn't defined, yaboot fails on the G5 and some G4s (unless 
## you pass the necessary arguments to the mkofboot/ybin program).
## hd:X means /dev/sdaX (or /dev/hdaX).

ofboot=hd:2

## hd: is open firmware speak for hda
device=hd:

delay=5
defaultos=macosx
timeout=30
install=/usr/lib/yaboot/yaboot
magicboot=/usr/lib/yaboot/ofboot

#################
## This section can be duplicated if you have more than one kernel or set of
## boot options - replace kernel-2.6.19-gentoo-r7 with your kernel-version
#################
image=/boot/kernel-2.6.19-gentoo-r7
  label=Linux
  root=/dev/hda3
  partition=3
  read-only

macos=hd:13
macosx=hd:12
enablecdboot
enableofboot

Once yaboot.conf is set up the way you want it, you run mkofboot -v to install the settings in the bootstrap partition. Don't forget this! Confirm when mkofboot asks you to create a new filesystem.

If all goes well, and you have the same options as the sample above, your next reboot will give you a simple, five-entry boot menu. If you update your yaboot config later on, you'll just need to run ybin -v to update the bootstrap partition - mkofboot is for initial setup only.

For more information on yaboot, take a look at the yaboot project. For now, continue the installation with Rebooting your System.

10.c. Using yaboot on IBM hardware

On IBM hardware you cannot run yabootconfig or ybin. You must proceed with the following steps:

• Install yaboot-static
• Run dd if=/usr/lib/yaboot/yaboot.chrp of=/dev/sdXX (fill in XX with your disk and partition for the PReP partition; this was in our example /dev/sda1)
• Next construct your own yaboot.conf file and place into /etc. (Take a look at the config above, look into the man page of yaboot.conf or look at the below yaboot.conf example.)
• Assuming your boot device in OF is pointing to the harddrive you prep boot partition is on then it'll just work, otherwise at IPL time, go into the multiboot menu and set the boot device to the one with your prep boot partition
• That's it!

device=disk:
partition=2
root=/dev/sda2
default=linux
timeout=50

image=/boot/kernel-2.6.19-gentoo-r7
      label=linux
      append="console=ttyS0,9600"
      read-only

For POWER4, POWER5, and blade-based hardware where the PReP disk partition and the disk partition that contains your kernel are on the same physical disk, you can use a simplified yaboot.conf. The following should be sufficient:

default = linux
timeout = 100
image=/boot/kernel-2.6.19-gentoo-r7
      label=linux
      read-only
      root = /dev/sda2
      append="root=/dev/sda2"

To verify that yaboot has been copied to the PReP partition:

# dd if=/dev/sda1 count=10 | grep ELF
Binary file (standard input) matches
10+0 records in
10+0 records out

A match signifies that yaboot was installed correctly.

10.d. Rebooting the System

Exit the chrooted environment and unmount all mounted partitions. Then type in that one magical command you have been waiting for: reboot.

# exit
~# cd
~# umount /mnt/gentoo/boot /mnt/gentoo/dev /mnt/gentoo/proc /mnt/gentoo
~# reboot

Of course, don't forget to remove the bootable CD, otherwise the CD will be booted again instead of your new Gentoo system.

Once rebooted in your Gentoo installation, finish up with Finalizing your Gentoo Installation.

11. Finalizing your Gentoo Installation

11.a. User Administration

Adding a User for Daily Use

Working as root on a Unix/Linux system is dangerous and should be avoided as much as possible. Therefore it is strongly recommended to add a user for day-to-day use.

The groups the user is member of define what activities the user can perform. The following table lists a number of important groups you might wish to use:

For instance, to create a user called john who is member of the wheel, users and audio groups, log in as root first (only root can create users) and run useradd:

Login: root
Password: (Your root password)

# useradd -m -G users,wheel,audio -s /bin/bash john
# passwd john
Password: (Enter the password for john)
Re-enter password: (Re-enter the password to verify)

If a user ever needs to perform some task as root, they can use su - to temporarily receive root privileges. Another way is to use the sudo package which is, if correctly configured, very secure.

11.b. Optional: Install GRP Packages

Now that your system is booted, log on as the user you created (for instance, john) and use su - to gain root privileges:

$ su -
Password: (Enter your root password)

Now we need to change the Portage configuration to look for the prebuilt binaries from the second CD (Gentoo Packages CD). First mount this CD:

(Put the Gentoo Packages CD in the CD tray)
# mount /mnt/cdrom

Now configure Portage to use /mnt/cdrom for its prebuilt packages:

# ls /mnt/cdrom

(If there is a /mnt/cdrom/packages directory:)
# export PKGDIR="/mnt/cdrom/packages"

(Otherwise:)
# export PKGDIR="/mnt/cdrom"

Now install the packages you want. The Packages CD contains several prebuilt binaries, for instance KDE and GNOME.

# emerge --usepkg gnome

To find out what prebuilt packages are available, do a quick listing of all the files in /mnt/cdrom/All. For instance, to find out if KDE is emergeable:

# ls /mnt/cdrom/All/kde*

Be sure to install the binaries now. When you do an emerge --sync to update Portage (as you will learn later), the prebuilt binaries might not match against the ebuilds in your updated Portage. You can try to circumvent this by using emerge --usepkgonly instead of emerge --usepkg.

Congratulations, your system is now fully equipped! Continue with Where to go from here? to learn more about Gentoo.

12. Where to go from here?

12.a. Documentation

Congratulations! You now have a working Gentoo system. But where to go from here? What are your options now? What to explore first? Gentoo provides its users with lots of possibilities, and therefore lots of documented (and less documented) features.

You should definitely take a look at the next part of the Gentoo Handbook entitled Working with Gentoo which explains how to keep your software up to date, how to install more software, what USE flags are, how the Gentoo Init system works, etc.

If you are interested in optimizing your system for desktop use, or you want to learn how to configure your system to be a full working desktop system, consult our extensive Gentoo Desktop Documentation Resources. Besides, you might want to use our localization guide to make your system feel more at home.

We also have a Gentoo Security Handbook which is worth reading.

For a full listing of all our available documentation check out our Documentation Resources page.

12.b. Gentoo Online

You are of course always welcome on our Gentoo Forums or on one of our many Gentoo IRC channels.

We also have several mailinglists open to all our users. Information on how to join is contained in that page.

We'll shut up now and let you enjoy your installation :)

12.c. Gentoo Changes since 2007.0

Changes?

Gentoo is a fast-moving target. The following sections describe important changes that affect a Gentoo installation. We only list those that have anything in common with the installation, not with package changes that did not occur during the installation.

There have been no significant changes since.

B. Working with Gentoo

1. A Portage Introduction

1.a. Welcome to Portage

Portage is probably Gentoo's most notable innovation in software management. With its high flexibility and enormous amount of features it is frequently seen as the best software management tool available for Linux.

Portage is completely written in Python and Bash and therefore fully visible to the users as both are scripting languages.

Most users will work with Portage through the emerge tool. This chapter is not meant to duplicate the information available from the emerge man page. For a complete rundown of emerge's options, please consult the man page:

$ man emerge

1.b. The Portage Tree

Ebuilds

When we talk about packages, we often mean software titles that are available to the Gentoo users through the Portage tree. The Portage tree is a collection of ebuilds, files that contain all information Portage needs to maintain software (install, search, query, ...). These ebuilds reside in /usr/portage by default.

Whenever you ask Portage to perform some action regarding software titles, it will use the ebuilds on your system as a base. It is therefore important that you regularly update the ebuilds on your system so Portage knows about new software, security updates, etc.

Updating the Portage Tree

The Portage tree is usually updated with rsync, a fast incremental file transfer utility. Updating is fairly simple as the emerge command provides a front-end for rsync:

# emerge --sync

If you are unable to rsync due to firewall restrictions you can still update your Portage tree by using our daily generated Portage tree snapshots. The emerge-webrsync tool automatically fetches and installs the latest snapshot on your system:

# emerge-webrsync

An additional advantage of using emerge-webrsync is that it allows the administrator to only pull in portage tree snapshots that are signed by the Gentoo release engineering GPG key. More information on this can be found in the Portage Features section on Fetching Validated Portage Tree Snapshots.

1.c. Maintaining Software

Searching for Software

To search through the Portage tree after software titles, you can use emerge built-in search capabilities. By default, emerge --search returns the names of packages whose title matches (either fully or partially) the given search term.

For instance, to search for all packages who have "pdf" in their name:

$ emerge --search pdf

If you want to search through the descriptions as well you can use the --searchdesc (or -S) switch:

$ emerge --searchdesc pdf

When you take a look at the output, you'll notice that it gives you a lot of information. The fields are clearly labelled so we won't go further into their meanings:

*  net-print/cups-pdf
      Latest version available: 1.5.2
      Latest version installed: [ Not Installed ]
      Size of downloaded files: 15 kB
      Homepage:    http://cip.physik.uni-wuerzburg.de/~vrbehr/cups-pdf/
      Description: Provides a virtual printer for CUPS to produce PDF files.
      License:     GPL-2

Installing Software

Once you've found a software title to your liking, you can easily install it with emerge: just add the package name. For instance, to install gnumeric:

# emerge gnumeric

Since many applications depend on each other, any attempt to install a certain software package might result in the installation of several dependencies as well. Don't worry, Portage handles dependencies well. If you want to find out what Portage would install when you ask it to install a certain package, add the --pretend switch. For instance:

# emerge --pretend gnumeric

When you ask Portage to install a package, it will download the necessary source code from the internet (if necessary) and store it by default in /usr/portage/distfiles. After this it will unpack, compile and install the package. If you want Portage to only download the sources without installing them, add the --fetchonly option to the emerge command:

# emerge --fetchonly gnumeric

Finding Installed Package Documentation

Many packages come with their own documentation. Sometimes, the doc USE flag determines whether the package documentation should be installed or not. You can check the existence of a doc USE flag with the emerge -vp <package name> command.

(alsa-lib is just an example, of course.)
# emerge -vp alsa-lib
[ebuild  N    ] media-libs/alsa-lib-1.0.14_rc1  -debug +doc 698 kB

The best way of enabling the doc USE flag is doing it on a per-package basis via /etc/portage/package.use, so that you get documentation only for packages that you are interested in. Enabling this flag globally is known to cause problems with circular dependencies. For more information, please read the USE Flags chapter.

Once the package installed, its documentation is generally found in a subdirectory named after the package under the /usr/share/doc directory. You can also list all installed files with the equery tool which is part of the app-portage/gentoolkit package.

# ls -l /usr/share/doc/alsa-lib-1.0.14_rc1
total 28
-rw-r--r--  1 root root  669 May 17 21:54 ChangeLog.gz
-rw-r--r--  1 root root 9373 May 17 21:54 COPYING.gz
drwxr-xr-x  2 root root 8560 May 17 21:54 html
-rw-r--r--  1 root root  196 May 17 21:54 TODO.gz

(Alternatively, use equery to locate interesting files:)
# equery files alsa-lib | less
media-libs/alsa-lib-1.0.14_rc1
* Contents of media-libs/alsa-lib-1.0.14_rc1:
/usr
/usr/bin
/usr/bin/alsalisp
(Output truncated)

Removing Software

When you want to remove a software package from your system, use emerge --unmerge. This will tell Portage to remove all files installed by that package from your system except the configuration files of that application if you have altered those after the installation. Leaving the configuration files allows you to continue working with the package if you ever decide to install it again.

However, a big warning applies: Portage will not check if the package you want to remove is required by another package. It will however warn you when you want to remove an important package that breaks your system if you unmerge it.

# emerge --unmerge gnumeric

When you remove a package from your system, the dependencies of that package that were installed automatically when you installed the software are left. To have Portage locate all dependencies that can now be removed, use emerge's --depclean functionality. We will talk about this later on.

Updating your System

To keep your system in perfect shape (and not to mention install the latest security updates) you need to update your system regularly. Since Portage only checks the ebuilds in your Portage tree you first have to update your Portage tree. When your Portage tree is updated, you can update your system with emerge --update world. In the next example, we'll also use the --ask switch which will tell Portage to display the list of packages it wants to upgrade and ask you if you want to continue:

# emerge --update --ask world

Portage will then search for newer version of the applications you have installed. However, it will only verify the versions for the applications you have explicitly installed (the applications listed in /var/lib/portage/world) - it does not thoroughly check their dependencies. If you want to update the dependencies of those packages as well, add the --deep argument:

# emerge --update --deep world

Still, this doesn't mean all packages: some packages on your system are needed during the compile and build process of packages, but once that package is installed, these dependencies are no longer required. Portage calls those build dependencies. To include those in an update cycle, add --with-bdeps=y:

# emerge --update --deep --with-bdeps=y world

Since security updates also happen in packages you have not explicitly installed on your system (but that are pulled in as dependencies of other programs), it is recommended to run this command once in a while.

If you have altered any of your USE flags lately you might want to add --newuse as well. Portage will then verify if the change requires the installation of new packages or recompilation of existing ones:

# emerge --update --deep --with-bdeps=y --newuse world

Metapackages

Some packages in the Portage tree don't have any real content but are used to install a collection of packages. For instance, the kde-meta package will install a complete KDE environment on your system by pulling in various KDE-related packages as dependencies.

If you ever want to remove such a package from your system, running emerge --unmerge on the package won't have much effect as the dependencies remain on the system.

Portage has the functionality to remove orphaned dependencies as well, but since the availability of software is dynamically dependent you first need to update your entire system fully, including the new changes you applied when changing USE flags. After this you can run emerge --depclean to remove the orphaned dependencies. When this is done, you need to rebuild the applications that were dynamically linked to the now-removed software titles but don't require them anymore.

All this is handled with the following three commands:

# emerge --update --deep --newuse world
# emerge --depclean
# revdep-rebuild

revdep-rebuild is provided by the gentoolkit package; don't forget to emerge it first:

# emerge gentoolkit

1.d. Licenses

Beginning with Portage version 2.1.7, you can accept or reject software installation based on its license. All packages in the tree contain a LICENSE entry in their ebuilds. Running emerge --search packagename will tell you the package's license.

By default, Portage permits all licenses, except End User License Agreements (EULAs) that require reading and signing an acceptance agreement.

The variable that controls permitted licenses is ACCEPT_LICENSE, which can be set in /etc/portage/make.conf:

ACCEPT_LICENSE="* -@EULA"

With this configuration, packages that require interaction during installation to approve their EULA will not be installed. Packages without an EULA will be installed.

You can set ACCEPT_LICENSE globally in /etc/portage/make.conf , or you can specify it on a per-package basis in /etc/portage/package.license.

For example, if you want to allow the truecrypt-2.7 license for app-crypt/truecrypt, add the following to /etc/portage/package.license:

app-crypt/truecrypt truecrypt-2.7

This permits installation of truecrypt versions that have the truecrypt-2.7 license, but not versions with the truecrypt-2.8 license.

License groups defined in ACCEPT_LICENSE are prefixed with an @ sign. Here's an example of a system that globally permits the GPL-compatible license group, as well as a few other groups and individual licenses:

ACCEPT_LICENSE="@GPL-COMPATIBLE @OSI-APPROVED @EULA atheros-hal BitstreamVera"

If you want only free software and documentation on your system, you might use the following setup:

ACCEPT_LICENSE="-* @FREE"

In this case, "free" is mostly defined by the FSF and OSI. Any package whose license does not meet these requirements will not be installed on your system.

1.e. When Portage is Complaining...

About SLOTs, Virtuals, Branches, Architectures and Profiles

As we stated before, Portage is extremely powerful and supports many features that other software management tools lack. To understand this, we explain a few aspects of Portage without going into too much detail.

With Portage different versions of a single package can coexist on a system. While other distributions tend to name their package to those versions (like freetype and freetype2) Portage uses a technology called SLOTs. An ebuild declares a certain SLOT for its version. Ebuilds with different SLOTs can coexist on the same system. For instance, the freetype package has ebuilds with SLOT="1" and SLOT="2".

There are also packages that provide the same functionality but are implemented differently. For instance, metalogd, sysklogd and syslog-ng are all system loggers. Applications that rely on the availability of "a system logger" cannot depend on, for instance, metalogd, as the other system loggers are as good a choice as any. Portage allows for virtuals: each system logger is listed as an "exclusive" dependency of the logging service in the logger virtual package of the virtual category, so that applications can depend on the virtual/logger package. When installed, the package will pull in the first logging package mentioned in the package, unless a logging package was already installed (in which case the virtual is satisfied).

Software in the Portage tree can reside in different branches. By default your system only accepts packages that Gentoo deems stable. Most new software titles, when committed, are added to the testing branch, meaning more testing needs to be done before it is marked as stable. Although you will see the ebuilds for those software in the Portage tree, Portage will not update them before they are placed in the stable branch.

Some software is only available for a few architectures. Or the software doesn't work on the other architectures, or it needs more testing, or the developer that committed the software to the Portage tree is unable to verify if the package works on different architectures.

Each Gentoo installation adheres to a certain profile which contains, amongst other information, the list of packages that are required for a system to function normally.

Blocked Packages

[blocks B     ] mail-mta/ssmtp (is blocking mail-mta/postfix-2.2.2-r1)

!!! Error: the mail-mta/postfix package conflicts with another package.
!!!        both can't be installed on the same system together.
!!!        Please use 'emerge --pretend' to determine blockers. 

Ebuilds contain specific fields that inform Portage about its dependencies. There are two possible dependencies: build dependencies, declared in DEPEND and run-time dependencies, declared in RDEPEND. When one of these dependencies explicitly marks a package or virtual as being not compatible, it triggers a blockage.

While recent versions of Portage are smart enough to work around minor blockages without user intervention, occasionally you will need to fix it yourself, as explained below.

To fix a blockage, you can choose to not install the package or unmerge the conflicting package first. In the given example, you can opt not to install postfix or to remove ssmtp first.

You may also see blocking packages with specific atoms, such as <media-video/mplayer-1.0_rc1-r2. In this case, updating to a more recent version of the blocking package would remove the block.

It is also possible that two packages that are yet to be installed are blocking each other. In this rare case, you should find out why you need to install both. In most cases you can do with one of the packages alone. If not, please file a bug on Gentoo's bugtracking system.

Masked Packages

!!! all ebuilds that could satisfy "bootsplash" have been masked. 

!!! possible candidates are:

- gnome-base/gnome-2.8.0_pre1 (masked by: ~x86 keyword)
- lm-sensors/lm-sensors-2.8.7 (masked by: -sparc keyword)
- sys-libs/glibc-2.3.4.20040808 (masked by: -* keyword)
- dev-util/cvsd-1.0.2 (masked by: missing keyword)
- games-fps/unreal-tournament-451 (masked by: package.mask)
- sys-libs/glibc-2.3.2-r11 (masked by: profile)
- net-im/skype-2.1.0.81 (masked by: skype-eula license(s))

When you want to install a package that isn't available for your system, you will receive this masking error. You should try installing a different application that is available for your system or wait until the package is put available. There is always a reason why a package is masked:

• ~arch keyword means that the application is not tested sufficiently to be put in the stable branch. Wait a few days or weeks and try again.
• -arch keyword or -* keyword means that the application does not work on your architecture. If you believe the package does work file a bug at our bugzilla website.
• missing keyword means that the application has not been tested on your architecture yet. Ask the architecture porting team to test the package or test it for them and report your findings on our bugzilla website.
• package.mask means that the package has been found corrupt, unstable or worse and has been deliberately marked as do-not-use.
• profile means that the package has been found not suitable for your profile. The application might break your system if you installed it or is just not compatible with the profile you use.
• license means that the package's license is not compatible with your ACCEPT_LICENSE setting. You must explicitly permit its license or license group by setting it in /etc/portage/make.conf or in /etc/portage/package.license. Refer to Licenses to learn how licenses work.

Necessary USE Flag Changes

The following USE changes are necessary to proceed:
#required by app-text/happypackage-2.0, required by happypackage (argument)
>=app-text/feelings-1.0.0 test

The error message might also be displayed as follows, if --autounmask isn't set:

emerge: there are no ebuilds built with USE flags to satisfy "app-text/feelings[test]".
!!! One of the following packages is required to complete your request:
- app-text/feelings-1.0.0 (Change USE: +test)
(dependency required by "app-text/happypackage-2.0" [ebuild])
(dependency required by "happypackage" [argument])

Such warning or error occurs when you want to install a package which not only depends on another package, but also requires that that package is built with a particular USE flag (or set of USE flags). In the given example, the package app-text/feelings needs to be built with USE="test", but this USE flag is not set on the system.

To resolve this, either add the requested USE flag to your global USE flags in /etc/portage/make.conf, or set it for the specific package in /etc/portage/package.use.

Missing Dependencies

emerge: there are no ebuilds to satisfy ">=sys-devel/gcc-3.4.2-r4".

!!! Problem with ebuild sys-devel/gcc-3.4.2-r2
!!! Possibly a DEPEND/*DEPEND problem. 

The application you are trying to install depends on another package that is not available for your system. Please check bugzilla if the issue is known and if not, please report it. Unless you are mixing branches this should not occur and is therefore a bug.

Ambiguous Ebuild Name

[ Results for search key : listen ]
[ Applications found : 2 ]

*  dev-tinyos/listen [ Masked ]
      Latest version available: 1.1.15
      Latest version installed: [ Not Installed ]
      Size of files: 10,032 kB
      Homepage:      http://www.tinyos.net/
      Description:   Raw listen for TinyOS
      License:       BSD

*  media-sound/listen [ Masked ]
      Latest version available: 0.6.3
      Latest version installed: [ Not Installed ]
      Size of files: 859 kB
      Homepage:      http://www.listen-project.org
      Description:   A Music player and management for GNOME
      License:       GPL-2

!!! The short ebuild name "listen" is ambiguous. Please specify
!!! one of the above fully-qualified ebuild names instead.

The application you want to install has a name that corresponds with more than one package. You need to supply the category name as well. Portage will inform you of possible matches to choose from.

Circular Dependencies

!!! Error: circular dependencies: 

ebuild / net-print/cups-1.1.15-r2 depends on ebuild / app-text/ghostscript-7.05.3-r1
ebuild / app-text/ghostscript-7.05.3-r1 depends on ebuild / net-print/cups-1.1.15-r2 

Two (or more) packages you want to install depend on each other and can therefore not be installed. This is most likely a bug in the Portage tree. Please resync after a while and try again. You can also check bugzilla if the issue is known and if not, report it.

Fetch failed

!!! Fetch failed for sys-libs/ncurses-5.4-r5, continuing...
(...)
!!! Some fetch errors were encountered.  Please see above for details.

Portage was unable to download the sources for the given application and will try to continue installing the other applications (if applicable). This failure can be due to a mirror that has not synchronised correctly or because the ebuild points to an incorrect location. The server where the sources reside can also be down for some reason.

Retry after one hour to see if the issue still persists.

System Profile Protection

!!! Trying to unmerge package(s) in system profile. 'sys-apps/portage'
!!! This could be damaging to your system.

You have asked to remove a package that is part of your system's core packages. It is listed in your profile as required and should therefore not be removed from the system.

Digest Verification Failures

Sometimes, when you attempt to emerge a package, it will fail with the message:

>>> checking ebuild checksums
!!! Digest verification failed:

This is a sign that something is wrong with the Portage tree -- often, it is because a developer may have made a mistake when committing a package to the tree.

When the digest verification fails, do not try to re-digest the package yourself. Running ebuild foo manifest will not fix the problem; it will almost certainly make it worse!

Instead, wait an hour or two for the tree to settle down. It's likely that the error was noticed right away, but it can take a little time for the fix to trickle down the Portage tree. While you're waiting, check Bugzilla and see if anyone has reported the problem yet. If not, go ahead and file a bug for the broken package.

Once you see that the bug has been fixed, you may want to re-sync to pick up the fixed digest.

2. USE flags

2.a. What are USE flags?

The ideas behind USE flags

When you are installing Gentoo (or any other distribution, or even operating system for that matter) you make choices depending on the environment you are working with. A setup for a server differs from a setup for a workstation. A gaming workstation differs from a 3D rendering workstation.

This is not only true for choosing what packages you want to install, but also what features a certain package should support. If you don't need OpenGL, why would you bother installing OpenGL and build OpenGL support in most of your packages? If you don't want to use KDE, why would you bother compiling packages with KDE support if those packages work flawlessly without?

To help users in deciding what to install/activate and what not, we wanted the user to specify his/her environment in an easy way. This forces the user into deciding what they really want and eases the process for Portage, our package management system, to make useful decisions.

Definition of a USE flag

Enter the USE flags. Such a flag is a keyword that embodies support and dependency-information for a certain concept. If you define a certain USE flag, Portage will know that you want support for the chosen keyword. Of course this also alters the dependency information for a package.

Let us take a look at a specific example: the kde keyword. If you do not have this keyword in your USE variable, all packages that have optional KDE support will be compiled without KDE support. All packages that have an optional KDE dependency will be installed without installing the KDE libraries (as dependency). If you have defined the kde keyword, then those packages will be compiled with KDE support, and the KDE libraries will be installed as dependency.

By correctly defining the keywords you will receive a system tailored specifically to your needs.

What USE flags exist?

There are two types of USE flags: global and local USE flags.

• A global USE flag is used by several packages, system-wide. This is what most people see as USE flags.
• A local USE flag is used by a single package to make package-specific decisions.

A list of available global USE flags can be found online or locally in /usr/portage/profiles/use.desc.

A list of available local USE flags can be found locally in /usr/portage/profiles/use.local.desc.

2.b. Using USE flags

Declare permanent USE flags

In the hope you are convinced of the importance of USE flags we will now inform you how to declare USE flags.

As previously mentioned, all USE flags are declared inside the USE variable. To make it easy for users to search and pick USE flags, we already provide a default USE setting. This setting is a collection of USE flags we think are commonly used by the Gentoo users. This default setting is declared in the make.defaults files part of your profile.

The profile your system listens to is pointed to by the /etc/portage/make.profile symlink. Each profile works on top of another, larger profile, the end result is therefore the sum of all profiles. The top profile is the base profile (/usr/portage/profiles/base).

Let us take a look at this default setting for the 13.0 profile:

(This example is the sum of the settings in base, default/linux,
 default/linux/x86 and default/linux/x86/13.0/)
USE="a52 aac acpi alsa branding cairo cdr dbus dts dvd dvdr emboss encode exif
fam firefox flac gif gpm gtk hal jpeg lcms ldap libnotify mad mikmod mng mp3
mp4 mpeg ogg opengl pango pdf png ppds qt3support qt4 sdl spell
startup-notification svg tiff truetype vorbis unicode usb X xcb x264 xml xv
xvid"

As you can see, this variable already contains quite a lot of keywords. Do not alter any make.defaults file to tailor the USE variable to your needs: changes in this file will be undone when you update Portage!

To change this default setting, you need to add or remove keywords to the USE variable. This is done globally by defining the USE variable in /etc/portage/make.conf. In this variable you add the extra USE flags you require, or remove the USE flags you don't want. This latter is done by prefixing the keyword with the minus-sign ("-").

For instance, to remove support for KDE and QT but add support for ldap, the following USE can be defined in /etc/portage/make.conf:

USE="-kde -qt4 ldap"

Declaring USE flags for individual packages

Sometimes you want to declare a certain USE flag for one (or a couple) of applications but not system-wide. To accomplish this, you will need to create the /etc/portage directory (if it doesn't exist yet) and edit /etc/portage/package.use. This is usually a single file, but can also be a directory; see man portage for more information. The following examples assume package.use is a single file.

For instance, if you don't want berkdb support globally but you do want it for mysql, you would add:

dev-db/mysql berkdb

You can of course also explicitly disable USE flags for a certain application. For instance, if you don't want java support in PHP:

dev-php/php -java

Declare temporary USE flags

Sometimes you want to set a certain USE setting only once. Instead of editing /etc/portage/make.conf twice (to do and undo the USE changes) you can just declare the USE variable as environment variable. Remember that, when you re-emerge or update this application (either explicitly or as part of a system update) your changes will be lost!

As an example we will temporarily remove java from the USE setting during the installation of seamonkey.

# USE="-java" emerge seamonkey

Precedence

Of course there is a certain precedence on what setting has priority over the USE setting. You don't want to declare USE="-java" only to see that java is still used due to a setting that has a higher priority. The precedence for the USE setting is, ordered by priority (first has lowest priority):

1. Default USE setting declared in the make.defaults files part of your profile
2. User-defined USE setting in /etc/portage/make.conf
3. User-defined USE setting in /etc/portage/package.use
4. User-defined USE setting as environment variable

To view the final USE setting as seen by Portage, run emerge --info. This will list all relevant variables (including the USE variable) with the content used by Portage.

# emerge --info

Adapting your Entire System to New USE Flags

If you have altered your USE flags and you wish to update your entire system to use the new USE flags, use emerge's --newuse option:

# emerge --update --deep --newuse world

Next, run Portage's depclean to remove the conditional dependencies that were emerged on your "old" system but that have been obsoleted by the new USE flags.

# emerge -p --depclean

When depclean has finished, run revdep-rebuild to rebuild the applications that are dynamically linked against shared objects provided by possibly removed packages. revdep-rebuild is part of the gentoolkit package; don't forget to emerge it first.

# revdep-rebuild

When all this is accomplished, your system is using the new USE flag settings.

2.c. Package specific USE flags

Viewing available USE flags

Let us take the example of seamonkey: what USE flags does it listen to? To find out, we use emerge with the --pretend and --verbose options:

# emerge --pretend --verbose seamonkey
These are the packages that I would merge, in order:

Calculating dependencies ...done!
[ebuild   R   ] www-client/seamonkey-1.0.7  USE="crypt gnome java -debug -ipv6
-ldap -mozcalendar -mozdevelop -moznocompose -moznoirc -moznomail -moznopango
-moznoroaming -postgres -xinerama -xprint" 0 kB

emerge isn't the only tool for this job. In fact, we have a tool dedicated to package information called equery which resides in the gentoolkit package. First, install gentoolkit:

# emerge gentoolkit

Now run equery with the uses argument to view the USE flags of a certain package. For instance, for the gnumeric package:

# equery --nocolor uses =gnumeric-1.6.3 -a
[ Searching for packages matching =gnumeric-1.6.3... ]
[ Colour Code : set unset ]
[ Legend : Left column  (U) - USE flags from make.conf              ]
[        : Right column (I) - USE flags packages was installed with ]
[ Found these USE variables for app-office/gnumeric-1.6.3 ]
 U I
 - - debug  : Enable extra debug codepaths, like asserts and extra output.
              If you want to get meaningful backtraces see
              http://www.gentoo.org/proj/en/qa/backtraces.xml .
 + + gnome  : Adds GNOME support
 + + python : Adds support/bindings for the Python language
 - - static : !!do not set this during bootstrap!! Causes binaries to be
              statically linked instead of dynamically

3. Portage Features

3.a. Portage Features

Portage has several additional features that makes your Gentoo experience even better. Many of these features rely on certain software tools that improve performance, reliability, security, ...

To enable or disable certain Portage features you need to edit /etc/portage/make.conf's FEATURES variable which contains the various feature keywords, separated by white space. In several cases you will also need to install the additional tool on which the feature relies.

Not all features that Portage supports are listed here. For a full overview, please consult the make.conf man page:

$ man make.conf

To find out what FEATURES are default set, run emerge --info and search for the FEATURES variable or grep it out:

$ emerge --info | grep FEATURES

3.b. Distributed Compiling

Using distcc

distcc is a program to distribute compilations across several, not necessarily identical, machines on a network. The distcc client sends all necessary information to the available distcc servers (running distccd) so they can compile pieces of source code for the client. The net result is a faster compilation time.

You can find more information about distcc (and how to have it work with Gentoo) in our Gentoo Distcc Documentation.

Installing distcc

Distcc ships with a graphical monitor to monitor tasks that your computer is sending away for compilation. If you use Gnome then put 'gnome' in your USE variable. However, if you don't use Gnome and would still like to have the monitor then you should put 'gtk' in your USE variable.

# emerge distcc

Activating Portage Support

Add distcc to the FEATURES variable inside /etc/portage/make.conf. Next, edit the MAKEOPTS variable to your liking. A known guideline is to fill in "-jX" with X the number of CPUs that run distccd (including the current host) plus one, but you might have better results with other numbers.

Now run distcc-config and enter the list of available distcc servers. For a simple example we assume that the available DistCC servers are 192.168.1.102 (the current host), 192.168.1.103 and 192.168.1.104 (two "remote" hosts):

# distcc-config --set-hosts "192.168.1.102 192.168.1.103 192.168.1.104"

Don't forget to run the distccd daemon as well:

# rc-update add distccd default
# /etc/init.d/distccd start

2.c. Caching Compilation

About ccache

ccache is a fast compiler cache. When you compile a program, it will cache intermediate results so that, whenever you recompile the same program, the compilation time is greatly reduced. The first time you run ccache, it will be much slower than a normal compilation. Subsequent recompiles should be faster. ccache is only helpful if you will be recompiling the same application many times; thus it's mostly only useful for software developers.

If you are interested in the ins and outs of ccache, please visit the ccache homepage.

Installing ccache

To install ccache, run emerge ccache:

# emerge ccache

Activating Portage Support

Open /etc/portage/make.conf and add ccache to the FEATURES variable. Next, add a new variable called CCACHE_SIZE and set it to "2G":

CCACHE_SIZE="2G"

To check if ccache functions, ask ccache to provide you with its statistics. Because Portage uses a different ccache home directory, you need to set the CCACHE_DIR variable as well:

# CCACHE_DIR="/var/tmp/ccache" ccache -s

The /var/tmp/ccache location is Portage' default ccache home directory; if you want to alter this setting you can set the CCACHE_DIR variable in /etc/portage/make.conf.

However, if you would run ccache, it would use the default location of ${HOME}/.ccache, which is why you needed to set the CCACHE_DIR variable when asking for the (Portage) ccache statistics.

Using ccache for non-Portage C Compiling

If you would like to use ccache for non-Portage compilations, add /usr/lib/ccache/bin to the beginning of your PATH variable (before /usr/bin). This can be accomplished by editing .bash_profile in your user's home directory. Using .bash_profile is one way to define PATH variables.

PATH="/usr/lib/ccache/bin:/opt/bin:${PATH}"

3.d. Binary Package Support

Creating Prebuilt Packages

Portage supports the installation of prebuilt packages. Even though Gentoo does not provide prebuilt packages by itself (except for the GRP snapshots) Portage can be made fully aware of prebuilt packages.

To create a prebuilt package you can use quickpkg if the package is already installed on your system, or emerge with the --buildpkg or --buildpkgonly options.

If you want Portage to create prebuilt packages of every single package you install, add buildpkg to the FEATURES variable.

More extended support for creating prebuilt package sets can be obtained with catalyst. For more information on catalyst please read the Catalyst Frequently Asked Questions.

Installing Prebuilt Packages

Although Gentoo doesn't provide one, you can create a central repository where you store prebuilt packages. If you want to use this repository, you need to make Portage aware of it by having the PORTAGE_BINHOST variable point to it. For instance, if the prebuilt packages are on ftp://buildhost/gentoo:

PORTAGE_BINHOST="ftp://buildhost/gentoo"

When you want to install a prebuilt package, add the --getbinpkg option to the emerge command alongside of the --usepkg option. The former tells emerge to download the prebuilt package from the previously defined server while the latter asks emerge to try to install the prebuilt package first before fetching the sources and compiling it.

For instance, to install gnumeric with prebuilt packages:

# emerge --usepkg --getbinpkg gnumeric

More information about emerge's prebuilt package options can be found in the emerge man page:

$ man emerge

3.e. Fetching Files

Parallel fetch

When you are emerging a series of packages, Portage can fetch the source files for the next package in the list even while it is compiling another package, thus shortening compile times. To make use of this capability, add "parallel-fetch" to your FEATURES. Note that this is on by default, so you shouldn't need to specifically enable it.

Userfetch

When Portage is run as root, FEATURES="userfetch" will allow Portage to drop root privileges while fetching package sources. This is a small security improvement.

3.f. Pulling Validated Portage Tree Snapshots

As an administrator, you can opt to only update your local Portage tree with a cryptographically validated Portage tree snapshot as released by the Gentoo infrastructure. This ensures that no rogue rsync mirror is adding unwanted code or packages in the tree you are downloading.

To configure Portage, first create a truststore in which you download and accept the keys of the Gentoo Infrastructure responsible for signing the Portage tree snapshots. Of course, if you want to, you can validate this GPG key as per the proper guidelines (like checking the key fingerprint). You can find the list of GPG keys used by the release engineering team on their project page.

# mkdir -p /etc/portage/gpg
# chmod 0700 /etc/portage/gpg
(... Substitute the keys with those mentioned on the release engineering site ...)
# gpg --homedir /etc/portage/gpg --keyserver subkeys.pgp.net --recv-keys 0x239C75C4 0x96D8BF6D
# gpg --homedir /etc/portage/gpg --edit-key 0x239C75C4 trust
# gpg --homedir /etc/portage/gpg --edit-key 0x96D8BF6D trust

Next, edit /etc/portage/make.conf and enable support for validating the signed Portage tree snapshots (using FEATURES="webrsync-gpg") and disabling updating the Portage tree using the regular emerge --sync method.

FEATURES="webrsync-gpg"
PORTAGE_GPG_DIR="/etc/portage/gpg"
SYNC=""

That's it. Next time you run emerge-webrsync, only the snapshots with a valid signature will be expanded on your file system.

4. Initscripts

4.a. Runlevels

Booting your System

When you boot your system, you will notice lots of text floating by. If you pay close attention, you will notice this text is the same every time you reboot your system. The sequence of all these actions is called the boot sequence and is (more or less) statically defined.

First, your boot loader will load the kernel image you have defined in the boot loader configuration into memory after which it tells the CPU to run the kernel. When the kernel is loaded and run, it initializes all kernel-specific structures and tasks and starts the init process.

This process then makes sure that all filesystems (defined in /etc/fstab) are mounted and ready to be used. Then it executes several scripts located in /etc/init.d, which will start the services you need in order to have a successfully booted system.

Finally, when all scripts are executed, init activates the terminals (in most cases just the virtual consoles which are hidden beneath Alt-F1, Alt-F2, etc.) attaching a special process called agetty to it. This process will then make sure you are able to log on through these terminals by running login.

Init Scripts

Now init doesn't just execute the scripts in /etc/init.d randomly. Even more, it doesn't run all scripts in /etc/init.d, only the scripts it is told to execute. It decides which scripts to execute by looking into /etc/runlevels.

First, init runs all scripts from /etc/init.d that have symbolic links inside /etc/runlevels/boot. Usually, it will start the scripts in alphabetical order, but some scripts have dependency information in them, telling the system that another script must be run before they can be started.

When all /etc/runlevels/boot referenced scripts are executed, init continues with running the scripts that have a symbolic link to them in /etc/runlevels/default. Again, it will use the alphabetical order to decide what script to run first, unless a script has dependency information in it, in which case the order is changed to provide a valid start-up sequence.

How Init Works

Of course init doesn't decide all that by itself. It needs a configuration file that specifies what actions need to be taken. This configuration file is /etc/inittab.

If you remember the boot sequence we have just described, you will remember that init's first action is to mount all filesystems. This is defined in the following line from /etc/inittab:

si::sysinit:/sbin/rc sysinit

This line tells init that it must run /sbin/rc sysinit to initialize the system. The /sbin/rc script takes care of the initialisation, so you might say that init doesn't do much -- it delegates the task of initialising the system to another process.

Second, init executed all scripts that had symbolic links in /etc/runlevels/boot. This is defined in the following line:

rc::bootwait:/sbin/rc boot

Again the rc script performs the necessary tasks. Note that the option given to rc (boot) is the same as the subdirectory of /etc/runlevels that is used.

Now init checks its configuration file to see what runlevel it should run. To decide this, it reads the following line from /etc/inittab:

id:3:initdefault:

In this case (which the majority of Gentoo users will use), the runlevel id is 3. Using this information, init checks what it must run to start runlevel 3:

l0:0:wait:/sbin/rc shutdown
l1:S1:wait:/sbin/rc single
l2:2:wait:/sbin/rc nonetwork
l3:3:wait:/sbin/rc default
l4:4:wait:/sbin/rc default
l5:5:wait:/sbin/rc default
l6:6:wait:/sbin/rc reboot

The line that defines level 3, again, uses the rc script to start the services (now with argument default). Again note that the argument of rc is the same as the subdirectory from /etc/runlevels.

When rc has finished, init decides what virtual consoles it should activate and what commands need to be run at each console:

c1:12345:respawn:/sbin/agetty 38400 tty1 linux
c2:12345:respawn:/sbin/agetty 38400 tty2 linux
c3:12345:respawn:/sbin/agetty 38400 tty3 linux
c4:12345:respawn:/sbin/agetty 38400 tty4 linux
c5:12345:respawn:/sbin/agetty 38400 tty5 linux
c6:12345:respawn:/sbin/agetty 38400 tty6 linux

What is a runlevel?

You have seen that init uses a numbering scheme to decide what runlevel it should activate. A runlevel is a state in which your system is running and contains a collection of scripts (runlevel scripts or initscripts) that must be executed when you enter or leave a runlevel.

In Gentoo, there are seven runlevels defined: three internal runlevels, and four user-defined runlevels. The internal runlevels are called sysinit, shutdown and reboot and do exactly what their names imply: initialize the system, powering off the system and rebooting the system.

The user-defined runlevels are those with an accompanying /etc/runlevels subdirectory: boot, default, nonetwork and single. The boot runlevel starts all system-necessary services which all other runlevels use. The remaining three runlevels differ in what services they start: default is used for day-to-day operations, nonetwork is used in case no network connectivity is required, and single is used when you need to fix the system.

Working with the Init Scripts

The scripts that the rc process starts are called init scripts. Each script in /etc/init.d can be executed with the arguments start, stop, restart, pause, zap, status, ineed, iuse, needsme, usesme or broken.

To start, stop or restart a service (and all depending services), start, stop and restart should be used:

# /etc/init.d/postfix start

If you want to stop a service, but not the services that depend on it, you can use the pause argument:

# /etc/init.d/postfix pause

If you want to see what status a service has (started, stopped, paused, ...) you can use the status argument:

# /etc/init.d/postfix status

If the status information tells you that the service is running, but you know that it is not, then you can reset the status information to "stopped" with the zap argument:

# /etc/init.d/postfix zap

To also ask what dependencies the service has, you can use iuse or ineed. With ineed you can see the services that are really necessary for the correct functioning of the service. iuse on the other hand shows the services that can be used by the service, but are not necessary for the correct functioning.

# /etc/init.d/postfix ineed

Similarly, you can ask what services require the service (needsme) or can use it (usesme):

# /etc/init.d/postfix needsme

Finally, you can ask what dependencies the service requires that are missing:

# /etc/init.d/postfix broken

4.b. Working with rc-update

What is rc-update?

Gentoo's init system uses a dependency-tree to decide what service needs to be started first. As this is a tedious task that we wouldn't want our users to have to do manually, we have created tools that ease the administration of the runlevels and init scripts.

With rc-update you can add and remove init scripts to a runlevel. The rc-update tool will then automatically ask the depscan.sh script to rebuild the dependency tree.

Adding and Removing Services

You have already added init scripts to the "default" runlevel during the installation of Gentoo. At that time you might not have had a clue what the "default" is for, but now you should. The rc-update script requires a second argument that defines the action: add, del or show.

To add or remove an init script, just give rc-update the add or del argument, followed by the init script and the runlevel. For instance:

# rc-update del postfix default

The rc-update -v show command will show all the available init scripts and list at which runlevels they will execute:

# rc-update -v show

You can also run rc-update show (without -v) to just view enabled init scripts and their runlevels.

4.c. Configuring Services

Why the Need for Extra Configuration?

Init scripts can be quite complex. It is therefore not really desirable to have the users edit the init script directly, as it would make it more error-prone. It is however important to be able to configure such a service. For instance, you might want to give more options to the service itself.

A second reason to have this configuration outside the init script is to be able to update the init scripts without the fear that your configuration changes will be undone.

The /etc/conf.d Directory

Gentoo provides an easy way to configure such a service: every init script that can be configured has a file in /etc/conf.d. For instance, the apache2 initscript (called /etc/init.d/apache2) has a configuration file called /etc/conf.d/apache2, which can contain the options you want to give to the Apache 2 server when it is started:

APACHE2_OPTS="-D PHP5"

Such a configuration file contains variables and variables alone (just like /etc/portage/make.conf), making it very easy to configure services. It also allows us to provide more information about the variables (as comments).

4.d. Writing Init Scripts

Do I Have To?

No, writing an init script is usually not necessary as Gentoo provides ready-to-use init scripts for all provided services. However, you might have installed a service without using Portage, in which case you will most likely have to create an init script.

Do not use the init script provided by the service if it isn't explicitly written for Gentoo: Gentoo's init scripts are not compatible with the init scripts used by other distributions!

Layout

The basic layout of an init script is shown below.

#!/sbin/runscript

depend() {
  (Dependency information)
}

start() {
  (Commands necessary to start the service)
}

stop() {
  (Commands necessary to stop the service)
}

Any init script requires the start() function to be defined. All other sections are optional.

Dependencies

There are two dependency-alike settings you can define that influence the start-up or sequencing of init scripts: use and need. Next to these two, there are also two order-influencing methods called before and after. These last two are no dependencies per se - they do not make the original init script fail if the selected one isn't scheduled to start (or fails to start).

• The use settings informs the init system that this script uses functionality offered by the selected script, but does not directly depend on it. A good example would be use logger or use dns. If those services are available, they will be put in good use, but if you do not have a logger or DNS server the services will still work. If the services exist, then they are started before the script that use's them.
• The need setting is a hard dependency. It means that the script that is need'ing another script will not start before the other script is launched successfully. Also, if that other script is restarted, then this one will be restarted as well.
• When using before, then the given script is launched before the selected one if the selected one is part of the init level. So an init script xdm that defines before alsasound will start before the alsasound script, but only if alsasound is scheduled to start as well in the same init level. If alsasound is not scheduled to start too, then this particular setting has no effect and xdm will be started when the init system deems it most appropriate.
• Similarly, after informs the init system that the given script should be launched after the selected one if the selected one is part of the init level. If not, then the setting has no effect and the script will be launched by the init system when it deems it most appropriate.

It should be clear from the above that need is the only "true" dependency setting as it affects if the script will be started or not. All the others are merely pointers towards the init system to clarify in which order scripts can be (or should be) launched.

Now, if you look at many of Gentoo's available init scripts, you will notice that some have dependencies on things that are no init scripts. These "things" we call virtuals.

A virtual dependency is a dependency that a service provides, but that is not provided solely by that service. Your init script can depend on a system logger, but there are many system loggers available (metalogd, syslog-ng, sysklogd, ...). As you cannot need every single one of them (no sensible system has all these system loggers installed and running) we made sure that all these services provide a virtual dependency.

Let us take a look at the dependency information for the postfix service.

depend() {
  need net
  use logger dns
  provide mta
}

As you can see, the postfix service:

• requires the (virtual) net dependency (which is provided by, for instance, /etc/init.d/net.eth0)
• uses the (virtual) logger dependency (which is provided by, for instance, /etc/init.d/syslog-ng)
• uses the (virtual) dns dependency (which is provided by, for instance, /etc/init.d/named)
• provides the (virtual) mta dependency (which is common for all mail servers)

Controlling the Order

As we described in the previous section, you can tell the init system what order it should use for starting (or stopping) scripts. This ordering is handled both through the dependency settings use and need, but also through the order settings before and after. As we have described these earlier already, let's take a look at the Portmap service as an example of such init script.

depend() {
  need net
  before inetd
  before xinetd
}

You can also use the "*" glob to catch all services in the same runlevel, although this isn't advisable.

depend() {
  before *
}

If your service must write to local disks, it should need localmount. If it places anything in /var/run such as a pidfile, then it should start after bootmisc:

depend() {
  need localmount
  after bootmisc
}

Standard Functions

Next to the depend() functionality, you also need to define the start() function. This one contains all the commands necessary to initialize your service. It is advisable to use the ebegin and eend functions to inform the user about what is happening:

start() {
  if [ "${RC_CMD}" = "restart" ];
  then
    # Do something in case a restart requires more than stop, start
  fi

  ebegin "Starting my_service"
  start-stop-daemon --start --exec /path/to/my_service \
    --pidfile /path/to/my_pidfile
  eend $?
}

Both --exec and --pidfile should be used in start and stop functions. If the service does not create a pidfile, then use --make-pidfile if possible, though you should test this to be sure. Otherwise, don't use pidfiles. You can also add --quiet to the start-stop-daemon options, but this is not recommended unless the service is extremely verbose. Using --quiet may hinder debugging if the service fails to start.

Another notable setting used in the above example is to check the contents of the RC_CMD variable. Unlike the previous init script system, the newer openrc system does not support script-specific restart functionality. Instead, the script needs to check the contents of the RC_CMD variable to see if a function (be it start() or stop()) is called as part of a restart or not.

If you need more examples of the start() function, please read the source code of the available init scripts in your /etc/init.d directory.

Another function you can define is stop(). You are not obliged to define this function though! Our init system is intelligent enough to fill in this function by itself if you use start-stop-daemon.

Here is an example of a stop() function:

stop() {
  ebegin "Stopping my_service"
  start-stop-daemon --stop --exec /path/to/my_service \
    --pidfile /path/to/my_pidfile
  eend $?
}

If your service runs some other script (for example, bash, python, or perl), and this script later changes names (for example, foo.py to foo), then you will need to add --name to start-stop-daemon. You must specify the name that your script will be changed to. In this example, a service starts foo.py, which changes names to foo:

start() {
  ebegin "Starting my_script"
  start-stop-daemon --start --exec /path/to/my_script \
    --pidfile /path/to/my_pidfile --name foo
  eend $?
}

start-stop-daemon has an excellent man page available if you need more information:

$ man start-stop-daemon

Gentoo's init script syntax is based on the POSIX Shell so you are free to use sh-compatible constructs inside your init script. Keep other constructs, like bash-specific ones, out of the init scripts to ensure that the scripts remain functional regardless of the change Gentoo might do on its init system.

Adding Custom Options

If you want your init script to support more options than the ones we have already encountered, you should add the option to the extra_commands variable, and create a function with the same name as the option. For instance, to support an option called restartdelay:

extra_commands="restartdelay"

restartdelay() {
  stop
  sleep 3    # Wait 3 seconds before starting again
  start
}

Service Configuration Variables

You don't have to do anything to support a configuration file in /etc/conf.d: if your init script is executed, the following files are automatically sourced (i.e. the variables are available to use):

• /etc/conf.d/<your init script>
• /etc/conf.d/basic
• /etc/rc.conf

Also, if your init script provides a virtual dependency (such as net), the file associated with that dependency (such as /etc/conf.d/net) will be sourced too.

4.e. Changing the Runlevel Behaviour

Who might benefit from this?

Many laptop users know the situation: at home you need to start net.eth0 while you don't want to start net.eth0 while you're on the road (as there is no network available). With Gentoo you can alter the runlevel behaviour to your own will.

For instance you can create a second "default" runlevel which you can boot that has other init scripts assigned to it. You can then select at boottime what default runlevel you want to use.

Using softlevel

First of all, create the runlevel directory for your second "default" runlevel. As an example we create the offline runlevel:

# mkdir /etc/runlevels/offline

Add the necessary init scripts to the newly created runlevels. For instance, if you want to have an exact copy of your current default runlevel but without net.eth0:

(Copy all services from default runlevel to offline runlevel)
# cd /etc/runlevels/default
# for service in *; do rc-update add $service offline; done
(Remove unwanted service from offline runlevel)
# rc-update del net.eth0 offline
(Display active services for offline runlevel)
# rc-update show offline
(Partial sample Output)
               acpid | offline
          domainname | offline
               local | offline
            net.eth0 |

Even though net.eth0 has been removed from the offline runlevel, udev might want to attempt to start any devices it detects and launch the appropriate services, a functionality that is called hotplugging. By default, Gentoo does not enable hotplugging.

If you do want to enable hotplugging, but only for a selected set of scripts, use the rc_hotplug variable in /etc/rc.conf:

# Allow net.wlan as well as any other service, except those matching net.*
# to be hotplugged
rc_hotplug="net.wlan !net.*"

Now edit your bootloader configuration and add a new entry for the offline runlevel. For instance, in /boot/grub/grub.conf:

title Gentoo Linux Offline Usage
  root (hd0,0)
  kernel (hd0,0)/kernel-2.4.25 root=/dev/hda3 softlevel=offline

Voilà, you're all set now. If you boot your system and select the newly added entry at boot, the offline runlevel will be used instead of the default one.

Using bootlevel

Using bootlevel is completely analogous to softlevel. The only difference here is that you define a second "boot" runlevel instead of a second "default" runlevel.

5. Environment Variables

5.a. Environment Variables?

What they are

An environment variable is a named object that contains information used by one or more applications. Many users (and especially those new to Linux) find this a bit weird or unmanageable. However, this is a mistake: by using environment variables one can easily change a configuration setting for one or more applications.

Important Examples

The following table lists a number of variables used by a Linux system and describes their use. Example values are presented after the table.

Below you will find an example definition of all these variables:

PATH="/bin:/usr/bin:/usr/local/bin:/opt/bin:/usr/games/bin"
ROOTPATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin"
LDPATH="/lib:/usr/lib:/usr/local/lib:/usr/lib/gcc-lib/i686-pc-linux-gnu/3.2.3"
MANPATH="/usr/share/man:/usr/local/share/man"
INFODIR="/usr/share/info:/usr/local/share/info"
PAGER="/usr/bin/less"
EDITOR="/usr/bin/vim"
KDEDIRS="/usr"
CONFIG_PROTECT="/usr/X11R6/lib/X11/xkb /opt/tomcat/conf \
                /usr/kde/3.1/share/config /usr/share/texmf/tex/generic/config/ \
                /usr/share/texmf/tex/platex/config/ /usr/share/config"
CONFIG_PROTECT_MASK="/etc/gconf"

5.b. Defining Variables Globally

The /etc/env.d Directory

To centralise the definitions of these variables, Gentoo introduced the /etc/env.d directory. Inside this directory you will find a number of files, such as 00basic, 05gcc, etc. which contain the variables needed by the application mentioned in their name.

For instance, when you installed gcc, a file called 05gcc was created by the ebuild which contains the definitions of the following variables:

PATH="/usr/i686-pc-linux-gnu/gcc-bin/3.2"
ROOTPATH="/usr/i686-pc-linux-gnu/gcc-bin/3.2"
MANPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.2/man"
INFOPATH="/usr/share/gcc-data/i686-pc-linux-gnu/3.2/info"
CC="gcc"
CXX="g++"
LDPATH="/usr/lib/gcc-lib/i686-pc-linux-gnu/3.2.3"

Other distributions tell you to change or add such environment variable definitions in /etc/profile or other locations. Gentoo on the other hand makes it easy for you (and for Portage) to maintain and manage the environment variables without having to pay attention to the numerous files that can contain environment variables.

For instance, when gcc is updated, the /etc/env.d/05gcc file is updated too without requesting any user-interaction.

This not only benefits Portage, but also you, as user. Occasionally you might be asked to set a certain environment variable system-wide. As an example we take the http_proxy variable. Instead of messing about with /etc/profile, you can now just create a file (/etc/env.d/99local) and enter your definition(s) in it:

http_proxy="proxy.server.com:8080"

By using the same file for all your variables, you have a quick overview on the variables you have defined yourself.

The env-update Script

Several files in /etc/env.d define the PATH variable. This is not a mistake: when you run env-update, it will append the several definitions before it updates the environment variables, thereby making it easy for packages (or users) to add their own environment variable settings without interfering with the already existing values.

The env-update script will append the values in the alphabetical order of the /etc/env.d files. The file names must begin with two decimal digits.

         00basic        99kde-env       99local
     +-------------+----------------+-------------+
PATH="/bin:/usr/bin:/usr/kde/3.2/bin:/usr/local/bin"

The concatenation of variables does not always happen, only with the following variables: ADA_INCLUDE_PATH, ADA_OBJECTS_PATH, CLASSPATH, KDEDIRS, PATH, LDPATH, MANPATH, INFODIR, INFOPATH, ROOTPATH, CONFIG_PROTECT, CONFIG_PROTECT_MASK, PRELINK_PATH, PRELINK_PATH_MASK, PKG_CONFIG_PATH and PYTHONPATH. For all other variables the latest defined value (in alphabetical order of the files in /etc/env.d) is used.

You can add more variables into this list of concatenate-variables by adding the variable name to either COLON_SEPARATED or SPACE_SEPARATED variables (also inside an env.d file).

When you run env-update, the script will create all environment variables and place them in /etc/profile.env (which is used by /etc/profile). It will also extract the information from the LDPATH variable and use that to create /etc/ld.so.conf. After this, it will run ldconfig to recreate the /etc/ld.so.cache file used by the dynamical linker.

If you want to notice the effect of env-update immediately after you run it, execute the following command to update your environment. Users who have installed Gentoo themselves will probably remember this from the installation instructions:

# env-update && source /etc/profile

5.c. Defining Variables Locally

User Specific

You do not always want to define an environment variable globally. For instance, you might want to add /home/my_user/bin and the current working directory (the directory you are in) to the PATH variable but don't want all other users on your system to have that in their PATH too. If you want to define an environment variable locally, you should use ~/.bashrc or ~/.bash_profile:

(A colon followed by no directory is treated as the current working directory)
PATH="${PATH}:/home/my_user/bin:"

When you relogin, your PATH variable will be updated.

Session Specific

Sometimes even stricter definitions are requested. You might want to be able to use binaries from a temporary directory you created without using the path to the binaries themselves or editing ~/.bashrc for the short time you need it.

In this case, you can just define the PATH variable in your current session by using the export command. As long as you don't log out, the PATH variable will be using the temporary settings.

# export PATH="${PATH}:/home/my_user/tmp/usr/bin"

C. Working with Portage

1. Files and Directories

11.a. Portage Files

Configuration Directives

Portage comes with a default configuration stored in /etc/make.globals. When you take a look at it, you'll notice that all Portage configuration is handled through variables. What variables Portage listens to and what they mean are described later.

Since many configuration directives differ between architectures, Portage also has default configuration files which are part of your profile. Your profile is pointed to by the /etc/portage/make.profile symlink; Portage' configurations are set in the make.defaults files of your profile and all parent profiles. We'll explain more about profiles and the /etc/portage/make.profile directory later on.

If you're planning on changing a configuration variable, don't alter /etc/make.globals or make.defaults. Instead use /etc/portage/make.conf which has precedence over the previous files. You'll also find a /usr/share/portage/config/make.conf.example. As the name implies, this is merely an example file - Portage does not read in this file.

You can also define a Portage configuration variable as an environment variable, but we don't recommend this.

Profile-Specific Information

We've already encountered the /etc/portage/make.profile directory. Well, this isn't exactly a directory but a symbolic link to a profile, by default one inside /usr/portage/profiles although you can create your own profiles elsewhere and point to them. The profile this symlink points to is the profile to which your system adheres.

A profile contains architecture-specific information for Portage, such as a list of packages that belong to the system corresponding with that profile, a list of packages that don't work (or are masked-out) for that profile, etc.

User-Specific Configuration

When you need to override Portage's behaviour regarding the installation of software, you will end up editing files within /etc/portage. You are highly recommended to use files within /etc/portage and highly discouraged to override the behaviour through environment variables!

Within /etc/portage you can create the following files:

• package.mask which lists the packages you never want Portage to install
• package.unmask which lists the packages you want to be able to install even though the Gentoo developers highly discourage you from emerging them
• package.accept_keywords which lists the packages you want to be able to install even though the package hasn't been found suitable for your system or architecture (yet)
• package.use which lists the USE flags you want to use for certain packages without having the entire system use those USE flags

These don't have to be files; they can also be directories that contain one file per package. More information about the /etc/portage directory and a full list of possible files you can create can be found in the Portage man page:

$ man portage

Changing Portage File & Directory Locations

The previously mentioned configuration files cannot be stored elsewhere - Portage will always look for those configuration files at those exact locations. However, Portage uses many other locations for various purposes: build directory, source code storage, Portage tree location, ...

All these purposes have well-known default locations but can be altered to your own taste through /etc/portage/make.conf. The rest of this chapter explains what special-purpose locations Portage uses and how to alter their placement on your filesystem.

This document isn't meant to be used as a reference though. If you need 100% coverage, please consult the Portage and make.conf man pages:

$ man portage
$ man make.conf

1.b. Storing Files

The Portage Tree

The Portage tree default location is /usr/portage. This is defined by the PORTDIR variable. When you store the Portage tree elsewhere (by altering this variable), don't forget to change the /etc/portage/make.profile symbolic link accordingly.

If you alter the PORTDIR variable, you might want to alter the following variables as well since they will not notice the PORTDIR change. This is due to how Portage handles variables: PKGDIR, DISTDIR, RPMDIR.

Prebuilt Binaries

Even though Portage doesn't use prebuilt binaries by default, it has extensive support for them. When you ask Portage to work with prebuilt packages, it will look for them in /usr/portage/packages. This location is defined by the PKGDIR variable.

Source Code

Application source code is stored in /usr/portage/distfiles by default. This location is defined by the DISTDIR variable.

Portage Database

Portage stores the state of your system (what packages are installed, what files belong to which package, ...) in /var/db/pkg. Do not alter these files manually! It might break Portage's knowledge of your system.

Portage Cache

The Portage cache (with modification times, virtuals, dependency tree information, ...) is stored in /var/cache/edb. This location really is a cache: you can clean it if you are not running any portage-related application at that moment.

1.c. Building Software

Temporary Portage Files

Portage's temporary files are stored in /var/tmp by default. This is defined by the PORTAGE_TMPDIR variable.

If you alter the PORTAGE_TMPDIR variable, you might want to alter the following variables as well since they will not notice the PORTAGE_TMPDIR change. This is due to how Portage handles variables: BUILD_PREFIX.

Building Directory

Portage creates specific build directories for each package it emerges inside /var/tmp/portage. This location is defined by the BUILD_PREFIX variable.

Live Filesystem Location

By default Portage installs all files on the current filesystem (/), but you can change this by setting the ROOT environment variable. This is useful when you want to create new build images.

1.d. Logging Features

Ebuild Logging

Portage can create per-ebuild logfiles, but only when the PORT_LOGDIR variable is set to a location that is writable by Portage (the portage user). By default this variable is unset. If you don't set PORT_LOGDIR, then you won't receive any build logs with the current logging system, though you may receive some logs from the new elog. If you do have PORT_LOGDIR defined and you use elog, you will receive build logs and any logs saved by elog, as explained below.

Portage offers fine-grained control over logging through the use of elog:

• PORTAGE_ELOG_CLASSES: This is where you set what kinds of messages to be logged. You can use any space-separated combination of info, warn, error, log, and qa.
  • info: Logs "einfo" messages printed by an ebuild
  • warn: Logs "ewarn" messages printed by an ebuild
  • error: Logs "eerror" messages printed by an ebuild
  • log: Logs the "elog" messages found in some ebuilds
  • qa: Logs the "QA Notice" messages printed by an ebuild
• PORTAGE_ELOG_SYSTEM: This selects the module(s) to process the log messages. If left empty, logging is disabled. You can use any space-separated combination of save, custom, syslog, mail, save_summary, and mail_summary. You must select at least one module in order to use elog.
  • save: This saves one log per package in $PORT_LOGDIR/elog, or /var/log/portage/elog if $PORT_LOGDIR is not defined.
  • custom: Passes all messages to a user-defined command in $PORTAGE_ELOG_COMMAND; this will be discussed later.
  • syslog: Sends all messages to the installed system logger.
  • mail: Passes all messages to a user-defined mailserver in $PORTAGE_ELOG_MAILURI; this will be discussed later. The mail features of elog require >=portage-2.1.1.
  • save_summary: Similar to save, but it merges all messages in $PORT_LOGDIR/elog/summary.log, or /var/log/portage/elog/summary.log if $PORT_LOGDIR is not defined.
  • mail_summary: Similar to mail, but it sends all messages in a single mail when emerge exits.
• PORTAGE_ELOG_COMMAND: This is only used when the custom module is enabled. Here is where you specify a command to process log messages. Note that you can make use of two variables: ${PACKAGE} is the package name and version, while ${LOGFILE} is the absolute path to the logfile. Here's one possible usage:
  • PORTAGE_ELOG_COMMAND="/path/to/logger -p '\${PACKAGE}' -f '\${LOGFILE}'"
• PORTAGE_ELOG_MAILURI: This contains settings for the mail module such as address, user, password, mailserver, and port number. The default setting is "root@localhost localhost".
• Here's an example for an smtp server that requires username and password-based authentication on a particular port (the default is port 25):
  • PORTAGE_ELOG_MAILURI="user@some.domain username:password@smtp.some.domain:995"
• PORTAGE_ELOG_MAILFROM: Allows you to set the "from" address of log mails; defaults to "portage" if unset.
• PORTAGE_ELOG_MAILSUBJECT: Allows you to create a subject line for log mails. Note that you can make use of two variables: ${PACKAGE} will display the package name and version, while ${HOST} is the fully qualified domain name of the host Portage is running on.
• Here's one possible use:
  • PORTAGE_ELOG_MAILSUBJECT="package \${PACKAGE} was merged on \${HOST} with some messages"

2. Configuring through Variables

2.a. Portage Configuration

As noted previously, Portage is configurable through many variables which you should define in /etc/portage/make.conf. Please refer to the make.conf man page for more and complete information:

$ man make.conf

2.b. Build-specific Options

Configure and Compiler Options

When Portage builds applications, it passes the contents of the following variables to the compiler and configure script:

• CFLAGS & CXXFLAGS define the desired compiler flags for C and C++ compiling.
• CHOST defines the build host information for the application's configure script
• MAKEOPTS is passed to the make command and is usually set to define the amount of parallelism used during the compilation. More information about the make options can be found in the make man page.

The USE variable is also used during configure and compilations but has been explained in great detail in previous chapters.

Merge Options

When Portage has merged a newer version of a certain software title, it will remove the obsoleted files of the older version from your system. Portage gives the user a 5 second delay before unmerging the older version. These 5 seconds are defined by the CLEAN_DELAY variable.

You can tell emerge to use certain options every time it is run by setting EMERGE_DEFAULT_OPTS. Some useful options would be --ask, --verbose, --tree, and so on.

2.c. Configuration File Protection

Portage's Protected Locations

Portage overwrites files provided by newer versions of a software title if the files aren't stored in a protected location. These protected locations are defined by the CONFIG_PROTECT variable and are generally configuration file locations. The directory listing is space-delimited.

A file that would be written in such a protected location is renamed and the user is warned about the presence of a newer version of the (presumable) configuration file.

You can find out about the current CONFIG_PROTECT setting from the emerge --info output:

$ emerge --info | grep 'CONFIG_PROTECT='

More information about Portage's Configuration File Protection is available in the CONFIGURATION FILES section of the emerge manpage:

$ man emerge

Excluding Directories

To 'unprotect' certain subdirectories of protected locations you can use the CONFIG_PROTECT_MASK variable.

2.d. Download Options

Server Locations

When the requested information or data is not available on your system, Portage will retrieve it from the Internet. The server locations for the various information and data channels are defined by the following variables:

• GENTOO_MIRRORS defines a list of server locations which contain source code (distfiles)
• PORTAGE_BINHOST defines a particular server location containing prebuilt packages for your system

A third setting involves the location of the rsync server which you use when you update your Portage tree:

• SYNC defines a particular server which Portage uses to fetch the Portage tree from

The GENTOO_MIRRORS and SYNC variables can be set automatically through the mirrorselect application. You need to emerge mirrorselect first before you can use it. For more information, see mirrorselect's online help:

# mirrorselect --help

If your environment requires you to use a proxy server, you can use the http_proxy, ftp_proxy and RSYNC_PROXY variables to declare a proxy server.

Fetch Commands

When Portage needs to fetch source code, it uses wget by default. You can change this through the FETCHCOMMAND variable.

Portage is able to resume partially downloaded source code. It uses wget by default, but this can be altered through the RESUMECOMMAND variable.

Make sure that your FETCHCOMMAND and RESUMECOMMAND stores the source code in the correct location. Inside the variables you should use \${URI} and \${DISTDIR} to point to the source code location and distfiles location respectively.

You can also define protocol-specific handlers with FETCHCOMMAND_HTTP, FETCHCOMMAND_FTP, RESUMECOMMAND_HTTP, RESUMECOMMAND_FTP, and so on.

Rsync Settings

You cannot alter the rsync command used by Portage to update the Portage tree, but you can set some variables related to the rsync command:

• PORTAGE_RSYNC_OPTS sets a number of default variables used during sync, each space-separated. These shouldn't be changed unless you know exactly what you're doing. Note that certain absolutely required options will always be used even if PORTAGE_RSYNC_OPTS is empty.
• PORTAGE_RSYNC_EXTRA_OPTS can be used to set additional options when syncing. Each option should be space separated.
  • --timeout=<number>: This defines the number of seconds an rsync connection can idle before rsync sees the connection as timed-out. This variable defaults to 180 but dialup users or individuals with slow computers might want to set this to 300 or higher.
  • --exclude-from=/etc/portage/rsync_excludes: This points to a file listing the packages and/or categories rsync should ignore during the update process. In this case, it points to /etc/portage/rsync_excludes. Please read Using a Portage Tree Subset for the syntax of this file.
  • --quiet: Reduces output to the screen
  • --verbose: Prints a complete filelist
  • --progress: Displays a progress meter for each file
• PORTAGE_RSYNC_RETRIES defines how many times rsync should try connecting to the mirror pointed to by the SYNC variable before bailing out. This variable defaults to 3.

For more information on these options and others, please read man rsync.

2.e. Gentoo Configuration

Branch Selection

You can change your default branch with the ACCEPT_KEYWORDS variable. It defaults to your architecture's stable branch. More information on Gentoo's branches can be found in the next chapter.

Portage Features

You can activate certain Portage features through the FEATURES variable. The Portage Features have been discussed in previous chapters, such as Portage Features.

2.f. Portage Behaviour

Resource Management

With the PORTAGE_NICENESS variable you can augment or reduce the nice value Portage runs with. The PORTAGE_NICENESS value is added to the current nice value.

For more information about nice values, see the nice man page:

$ man nice

Output Behaviour

The NOCOLOR, which defaults to "false", defines if Portage should disable the use of coloured output.

3. Mixing Software Branches

3.a. Using One Branch

The Stable Branch

The ACCEPT_KEYWORDS variable defines what software branch you use on your system. It defaults to the stable software branch for your architecture, for instance x86.

We recommend that you only use the stable branch. However, if you don't care about stability this much and you want to help out Gentoo by submitting bugreports to http://bugs.gentoo.org, read on.

The Testing Branch

If you want to use more recent software, you can consider using the testing branch instead. To have Portage use the testing branch, add a ~ in front of your architecture.

The testing branch is exactly what it says - Testing. If a package is in testing, it means that the developers feel that it is functional but has not been thoroughly tested. You could very well be the first to discover a bug in the package in which case you could file a bugreport to let the developers know about it.

Beware though, you might notice stability issues, imperfect package handling (for instance wrong/missing dependencies), too frequent updates (resulting in lots of building) or broken packages. If you do not know how Gentoo works and how to solve problems, we recommend that you stick with the stable and tested branch.

For example, to select the testing branch for the x86 architecture, edit /etc/portage/make.conf and set:

ACCEPT_KEYWORDS="~x86"

If you update your system now, you will find out that lots of packages will be updated. Mind you though: when you have updated your system to use the testing branch there is usually no easy way back to the stable, official branch (except for using backups of course).

3.b. Mixing Stable with Testing

The package.accept_keywords location

You can ask Portage to allow the testing branch for particular packages but use the stable branch for the rest of the system. To achieve this, add the package category and name you want to use the testing branch of in /etc/portage/package.accept_keywords. You can also create a directory (with the same name) and list the package in the files under that directory. For instance, to use the testing branch for gnumeric:

app-office/gnumeric

Test Particular Versions

If you want to use a specific software version from the testing branch but you don't want Portage to use the testing branch for subsequent versions, you can add in the version in the package.accept_keywords location. In this case you must use the = operator. You can also enter a version range using the <=, <, > or >= operators.

In any case, if you add version information, you must use an operator. If you leave out version information, you cannot use an operator.

In the following example we ask Portage to accept gnumeric-1.2.13:

=app-office/gnumeric-1.2.13

3.c. Using Masked Packages

The package.unmask location

When a package has been masked by the Gentoo developers and you still want to use it despite the reason mentioned in the package.mask file (situated in /usr/portage/profiles by default), add the desired version (usually this will be the exact same line from profiles) in the /etc/portage/package.unmask file (or in a file in that directory if it is a directory).

For instance, if =net-mail/hotwayd-0.8 is masked, you can unmask it by adding the exact same line in the package.unmask location:

=net-mail/hotwayd-0.8

The package.mask location

When you don't want Portage to take a certain package or a specific version of a package into account you can mask it yourself by adding an appropriate line to the /etc/portage/package.mask location (either in that file or in a file in this directory).

For instance, if you don't want Portage to install newer kernel sources than gentoo-sources-2.6.8.1, you add the following line at the package.mask location:

>sys-kernel/gentoo-sources-2.6.8.1

4. Additional Portage Tools

4.a. dispatch-conf

dispatch-conf is a tool that aids in merging the ._cfg0000_<name> files. ._cfg0000_<name> files are generated by Portage when it wants to overwrite a file in a directory protected by the CONFIG_PROTECT variable.

With dispatch-conf, you are able to merge updates to your configuration files while keeping track of all changes. dispatch-conf stores the differences between the configuration files as patches or by using the RCS revision system. This means that if you make a mistake when updating a config file, you can revert to the previous version of your config file at any time.

When using dispatch-conf, you can ask to keep the configuration file as-is, use the new configuration file, edit the current one or merge the changes interactively. dispatch-conf also has some nice additional features:

• Automatically merge configuration file updates that only contain updates to comments
• Automatically merge configuration files which only differ in the amount of whitespace

Make certain you edit /etc/dispatch-conf.conf first and create the directory referenced by the archive-dir variable.

# dispatch-conf

When running dispatch-conf, you'll be taken through each changed config file, one at a time. Press u to update (replace) the current config file with the new one and continue to the next file. Press z to zap (delete) the new config file and continue to the next file. Once all config files have been taken care of, dispatch-conf will exit. You can also press q to exit any time.

For more information, check out the dispatch-conf man page. It tells you how to interactively merge current and new config files, edit new config files, examine differences between files, and more.

$ man dispatch-conf

4.b. etc-update

You can also use etc-update to merge config files. It's not as simple to use as dispatch-conf, nor as featureful, but it does provide an interactive merging setup and can also auto-merge trivial changes.

However, unlike dispatch-conf, etc-update does not preserve the old versions of your config files. Once you update the file, the old version is gone forever! So be very careful, as using etc-update is significantly less safe than using dispatch-conf.

# etc-update

After merging the straightforward changes, you will be prompted with a list of protected files that have an update waiting. At the bottom you are greeted by the possible options:

Please select a file to edit by entering the corresponding number.
              (-1 to exit) (-3 to auto merge all remaining files)
                           (-5 to auto-merge AND not use 'mv -i'):

If you enter -1, etc-update will exit and discontinue any further changes. If you enter -3 or -5, all listed configuration files will be overwritten with the newer versions. It is therefore very important to first select the configuration files that should not be automatically updated. This is simply a matter of entering the number listed to the left of that configuration file.

As an example, we select the configuration file /etc/pear.conf:

Beginning of differences between /etc/pear.conf and /etc/._cfg0000_pear.conf
[...]
End of differences between /etc/pear.conf and /etc/._cfg0000_pear.conf
1) Replace original with update
2) Delete update, keeping original as is
3) Interactively merge original with update
4) Show differences again

You can now see the differences between the two files. If you believe that the updated configuration file can be used without problems, enter 1. If you believe that the updated configuration file isn't necessary, or doesn't provide any new or useful information, enter 2. If you want to interactively update your current configuration file, enter 3.

There is no point in further elaborating the interactive merging here. For completeness sake, we will list the possible commands you can use while you are interactively merging the two files. You are greeted with two lines (the original one, and the proposed new one) and a prompt at which you can enter one of the following commands:

ed:     Edit then use both versions, each decorated with a header.
eb:     Edit then use both versions.
el:     Edit then use the left version.
er:     Edit then use the right version.
e:      Edit a new version.
l:      Use the left version.
r:      Use the right version.
s:      Silently include common lines.
v:      Verbosely include common lines.
q:      Quit.

When you have finished updating the important configuration files, you can now automatically update all the other configuration files. etc-update will exit if it doesn't find any more updateable configuration files.

4.c. quickpkg

With quickpkg you can create archives of the packages that are already merged on your system. These archives can be used as prebuilt packages. Running quickpkg is straightforward: just add the names of the packages you want to archive.

For instance, to archive curl, orage, and procps:

# quickpkg curl orage procps

The prebuilt packages will be stored in $PKGDIR (/usr/portage/packages/ by default). These packages are placed in $PKGDIR/<category>.

5. Diverting from the Official Tree

5.a. Using a Portage Tree Subset

Excluding Packages/Categories

You can selectively update certain categories/packages and ignore the other categories/packages. We achieve this by having rsync exclude categories/packages during the emerge --sync step.

You need to define the name of the file that contains the exclude patterns in the PORTAGE_RSYNC_EXTRA_OPTS variable in your /etc/portage/make.conf.

PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes"

games-*/*

Note however that this may lead to dependency issues since new, allowed packages might depend on new but excluded packages.

5.b. Adding Unofficial Ebuilds

Defining a Portage Overlay Directory

You can ask Portage to use ebuilds that are not officially available through the Portage tree. Create a new directory (for instance /usr/local/portage) in which you store the 3rd-party ebuilds. Use the same directory structure as the official Portage tree!

Then define PORTDIR_OVERLAY in /etc/portage/make.conf and have it point to the previously defined directory. When you use Portage now, it will take those ebuilds into account as well without removing/overwriting those ebuilds the next time you run emerge --sync.

Working with Several Overlays

For the powerusers who develop on several overlays, test packages before they hit the Portage tree or just want to use unofficial ebuilds from various sources, the app-portage/layman package brings you layman, a tool to help you keep the overlay repositories up to date.

First install and configure layman as shown in the Overlays Users' Guide, and add your desired repositories with layman -a <overlay-name>.

Suppose you have two repositories called java (for the in-development java ebuilds) and entapps (for the applications developed in-house for your enterprise). You can update those repositories with the following command:

# layman -S

For more information on working with overlays, please read man layman and the layman/overlay users' guide.

5.c. Non-Portage Maintained Software

Using Portage with Self-Maintained Software

In some cases you want to configure, install and maintain software yourself without having Portage automate the process for you, even though Portage can provide the software titles. Known cases are kernel sources and nvidia drivers. You can configure Portage so it knows that a certain package is manually installed on your system. This process is called injecting and supported by Portage through the /etc/portage/profile/package.provided file.

For instance, if you want to inform Portage about gentoo-sources-2.6.11.6 which you've installed manually, add the following line to /etc/portage/profile/package.provided:

sys-kernel/gentoo-sources-2.6.11.6

D. Gentoo Network Configuration

1. Getting Started

1.a. Getting started

To get started configuring your network card, you need to tell the Gentoo RC system about it. This is done by creating a symbolic link from net.lo to net.eth0 (or whatever the network interface name is on your system) in /etc/init.d.

# cd /etc/init.d
# ln -s net.lo net.eth0

Gentoo's RC system now knows about that interface. It also needs to know how to configure the new interface. All the network interfaces are configured in /etc/conf.d/net. Below is a sample configuration for DHCP and static addresses.

# For DHCP
config_eth0="dhcp"

# For static IP using CIDR notation
config_eth0="192.168.0.7/24"
routes_eth0="default via 192.168.0.1"
dns_servers_eth0="192.168.0.1 8.8.8.8"

# For static IP using netmask notation
config_eth0="192.168.0.7 netmask 255.255.255.0"
routes_eth0="default via 192.168.0.1"
dns_servers_eth0="192.168.0.1 8.8.8.8"

Now that we have configured our interface, we can start and stop it using the following commands:

# /etc/init.d/net.eth0 start
# /etc/init.d/net.eth0 stop

Now that you have successfully started and stopped your network interface, you may wish to get it to start when Gentoo boots. Here's how to do this. The last "rc" command instructs Gentoo to start any scripts in the current runlevel that have not yet been started.

# rc-update add net.eth0 default
# rc

2. Advanced Configuration

2.a. Advanced Configuration

The config_eth0 variable is the heart of an interface configuration. It's a high level instruction list for configuring the interface (eth0 in this case). Each command in the instruction list is performed sequentially. The interface is deemed OK if at least one command works.

Here's a list of built-in instructions.

If a command fails, you can specify a fallback command. The fallback has to match the config structure exactly.

You can chain these commands together. Here are some real world examples.

# Adding three IPv4 addresses
config_eth0="192.168.0.2/24
192.168.0.3/24
192.168.0.4/24"

# Adding an IPv4 address and two IPv6 addresses
config_eth0="192.168.0.2/24
4321:0:1:2:3:4:567:89ab
4321:0:1:2:3:4:567:89ac"

# Keep our kernel assigned address, unless the interface goes
# down so assign another via DHCP. If DHCP fails then add a
# static address determined by APIPA
config_eth0="noop
dhcp"
fallback_eth0="null
apipa"

2.b. Network Dependencies

Init scripts in /etc/init.d can depend on a specific network interface or just net. All network interfaces in Gentoo's init system provide what is called net.

If, in /etc/rc.conf, rc_depend_strict="YES" is set, then all network interfaces that provide net must be active before a dependency on "net" is assumed to be met. In other words, if you have a net.eth0 and net.eth1 and an init script depends on "net", then both must be enabled.

On the other hand, if rc_depend_strict="NO" is set, then the "net" dependency is marked as resolved the moment at least one network interface is brought up.

But what about net.br0 depending on net.eth0 and net.eth1? net.eth1 may be a wireless or PPP device that needs configuration before it can be added to the bridge. This cannot be done in /etc/init.d/net.br0 as that's a symbolic link to net.lo.

The answer is defining an rc_need_ setting in /etc/conf.d/net.

rc_need_br0="net.eth0 net.eth1"

That alone, however, is not sufficient. Gentoo's networking init scripts use a virtual dependency called net to inform the system when networking is available. Clearly, in the above case, networking should only be marked as available when net.br0 is up, not when the others are. So we need to tell that in /etc/conf.d/net as well:

rc_net_lo_provide="!net"
rc_net_eth0_provide="!net"
rc_net_eth1_provide="!net"

For a more detailed discussion about dependency, consult the section Writing Init Scripts in the Gentoo Handbook. More information about /etc/rc.conf is available as comments within that file.

2.c. Variable names and values

Variable names are dynamic. They normally follow the structure of variable_${interface|mac|essid|apmac}. For example, the variable dhcpcd_eth0 holds the value for dhcpcd options for eth0 and dhcpcd_essid holds the value for dhcpcd options when any interface connects to the ESSID "essid".

However, there is no hard and fast rule that states interface names must be ethx. In fact, many wireless interfaces have names like wlanx, rax as well as ethx. Also, some user defined interfaces such as bridges can be given any name, such as foo. To make life more interesting, wireless Access Points can have names with non alpha-numeric characters in them - this is important because you can configure networking parameters per ESSID.

The downside of all this is that Gentoo uses bash variables for networking - and bash cannot use anything outside of English alpha-numerics. To get around this limitation we change every character that is not an English alpha-numeric into a _ character.

Another downside of bash is the content of variables - some characters need to be escaped. This can be achived by placing the \ character in front of the character that needs to be escaped. The following list of characters needs to be escaped in this way: ", ' and \.

In this example we use wireless ESSID as they can contain the widest scope of characters. We shall use the ESSID My "\ NET:

(This does work, but the domain is invalid)
dns_domain_My____NET="My \"\\ NET"

(The above sets the dns domain to My "\ NET when a wireless card
connects to an AP whose ESSID is My "\ NET)

2.d. Network Interface Naming

How It Works

Network interface names are not chosen arbitrarily: the Linux kernel and the device manager (most sytems have udev as their device manager although others are available as well) choose the interface name through a fixed set of rules.

When an interface card is detected on a system, the Linux kernel gathers the necessary data about this card. This includes:

1. the onboard (on the interface itself) registered name of the network card, which is later seen through the ID_NET_NAME_ONBOARD parameter;
2. the slot in which the network card is plugged in, which is later seen through the ID_NET_NAME_SLOT parameter;
3. the path through which the network card device can be accessed, which is later seen through the ID_NET_NAME_PATH parameter;
4. the (vendor-provided) MAC address of the card, which is later seen through the ID_NET_NAME_MAC parameter;

Based on this information, the device manager decides how to name the interface on the system. By default, it uses the first hit of the above three parameters. For instance, if ID_NET_NAME_ONBOARD is found and set to eno1, then the interface will be called eno1.

If you know your interface name, you can see the values of the provided parameters using udevadm:

# udevadm test-builtin net_id /sys/class/net/enp3s0 2>/dev/null
ID_NET_NAME_MAC=enxc80aa9429d76
ID_OUI_FROM_DATABASE=Quanta Computer Inc.
ID_NET_NAME_PATH=enp3s0

As the first (and actually only) hit of the top three parameters is the ID_NET_NAME_PATH one, its value is used as the interface name. If none of the parameters is found, then the system reverts back to the kernel-provided naming (eth0, eth1, etc.)

Using the Old-style Kernel Naming

Before this change, network interface cards were named by the Linux kernel itself, depending on the order that drivers are loaded (amongst other, possibly more obscure reasons). This behavior can still be enabled by setting the net.ifnames=0 boot option in the boot loader.

Another way of disabling this behavior (and thus reverting back to the kernel-provided naming) is to create an empty udev rule named 80-net-name-slot.rules which will then override the default provided one (with the same name) that is responsible for taking care of network interface naming.

# ln -s /dev/null /etc/udev/rules.d/80-net-name-slot.rules

Using your Own Names

The entire idea behind the change in naming is not to confuse people, but to make changing the names easier. Suppose you have two interfaces that are otherwise called eth0 and eth1. One is meant to access the network through a wire, the other one is for wireless access. With the support for interface naming, you can have these called lan0 (wired) and wifi0 (wireless - it is best to avoid using the previously well-known names like eth* and wlan* as those can still collide with your suggested names).

All you need to do is to find out what the parameters are for the cards and then use this information to set up your own naming rule:

# udevadm test-builtin net_id /sys/class/net/eth0 2>/dev/null
ID_NET_NAME_MAC=enxc80aa9429d76
ID_OUI_FROM_DATABASE=Quanta Computer Inc.

# vim /etc/udev/rules.d/76-net-name-use-custom.rules
# First one uses MAC information
SUBSYSTEM=="net", ACTION=="add", ENV{ID_NET_NAME_MAC}=="enxc80aa9429d76", NAME="lan0"
# Second one uses ID_NET_NAME_PATH information
SUBSYSTEM=="net", ACTION=="add", ENV{ID_NET_NAME_PATH}=="enp3s0", NAME="wifi0"

Because the rules are triggered before the default one (rules are triggered in alphanumerical order, so 70 comes before 80) the names provided in the rule file will be used instead of the default ones. The number granted to the file should be between 76 and 79 (the environment variables are defined by a rule start starts with 75 and the fallback naming is done in a rule numbered 80).

3. Modular Networking

3.a. Network Modules

We now support modular networking scripts, which means we can easily add support for new interface types and configuration modules while keeping compatibility with existing ones.

Modules load by default if the package they need is installed. If you specify a module here that doesn't have its package installed then you get an error stating which package you need to install. Ideally, you only use the modules setting when you have two or more packages installed that supply the same service and you need to prefer one over the other.

# Prefer ifconfig over iproute2
modules="ifconfig"

# You can also specify other modules for an interface
# In this case we prefer pump over dhcpcd
modules_eth0="pump"

# You can also specify which modules not to use - for example you may be
# using a supplicant or linux-wlan-ng to control wireless configuration but
# you still want to configure network settings per ESSID associated with.
modules="!iwconfig"

3.b. Interface Handlers

We provide two interface handlers presently: ifconfig and iproute2. You need one of these to do any kind of network configuration.

ifconfig is installed by default (the net-tools package is part of the system profile). iproute2 is a more powerful and flexible package, but it's not included by default.

# emerge sys-apps/iproute2

# To prefer ifconfig over iproute2 if both are installed as openrc prefers
# to use iproute2 then
modules="ifconfig"

As both ifconfig and iproute2 do very similar things we allow their basic configuration to work with each other. For example both the below code snippet work regardless of which module you are using.

config_eth0="192.168.0.2/24"
config_eth0="192.168.0.2 netmask 255.255.255.0"

# We can also specify broadcast
config_eth0="192.168.0.2/24 brd 192.168.0.255"
config_eth0="192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"

3.c. DHCP

DHCP is a means of obtaining network information (IP address, DNS servers, Gateway, etc) from a DHCP server. This means that if there is a DHCP server running on the network, you just have to tell each client to use DHCP and it sets up the network all by itself. Of course, you will have to configure for other things like wireless, PPP or other things if required before you can use DHCP.

DHCP can be provided by dhclient, dhcpcd, or pump. Each DHCP module has its pros and cons - here's a quick run down.

If you have more than one DHCP client installed, you need to specify which one to use - otherwise we default to dhcpcd if available.

To send specific options to the DHCP module, use module_eth0="..." (change module to the DHCP module you're using - i.e. dhcpcd_eth0).

We try and make DHCP relatively agnostic - as such we support the following commands using the dhcp_eth0 variable. The default is not to set any of them:

• release - releases the IP address for re-use
• nodns - don't overwrite /etc/resolv.conf
• nontp - don't overwrite /etc/ntp.conf
• nonis - don't overwrite /etc/yp.conf

# Only needed if you have more than one DHCP module installed
modules="dhcpcd"

config_eth0="dhcp"
dhcpcd_eth0="-t 10" # Timeout after 10 seconds
dhcp_eth0="release nodns nontp nonis" # Only get an address

3.d. ADSL with PPPoE/PPPoA

First we need to install the ADSL software.

# emerge net-dialup/ppp

Second, create the PPP net script and the net script for the ethernet interface to be used by PPP:

# ln -s /etc/init.d/net.lo /etc/init.d/net.ppp0
# ln -s /etc/init.d/net.lo /etc/init.d/net.eth0

Be sure to set rc_depend_strict to "YES" in /etc/rc.conf.

Now we need to configure /etc/conf.d/net.

config_eth0=null (Specify your ethernet interface)
config_ppp0="ppp"
link_ppp0="eth0" (Specify your ethernet interface)
plugins_ppp0="pppoe"
username_ppp0='user'
password_ppp0='password'
pppd_ppp0="
noauth
defaultroute
usepeerdns
holdoff 3
child-timeout 60
lcp-echo-interval 15
lcp-echo-failure 3
noaccomp noccp nobsdcomp nodeflate nopcomp novj novjccomp"

rc_need_ppp0="net.eth0"

You can also set your password in /etc/ppp/pap-secrets.

# The * is important
"username"  *  "password"

If you use PPPoE with a USB modem you'll need to emerge br2684ctl. Please read /usr/portage/net-dialup/speedtouch-usb/files/README for information on how to properly configure it.

8.e. APIPA (Automatic Private IP Addressing)

APIPA tries to find a free address in the range 169.254.0.0-169.254.255.255 by arping a random address in that range on the interface. If no reply is found then we assign that address to the interface.

This is only useful for LANs where there is no DHCP server and you don't connect directly to the internet and all other computers use APIPA.

For APIPA support, emerge net-misc/iputils or net-analyzer/arping.

# Try DHCP first - if that fails then fallback to APIPA
config_eth0="dhcp"
fallback_eth0="apipa"

# Just use APIPA
config_eth0="apipa"

3.f. Bonding

For link bonding/trunking emerge net-misc/ifenslave.

Bonding is used to increase network bandwidth. If you have two network cards going to the same network, you can bond them together so your applications see just one interface but they really use both network cards.

# To bond interfaces together
slaves_bond0="eth0 eth1 eth2"

# You may not want to assign an IP to the bonded interface
config_bond0="null"

# Depend on eth0, eth1 and eth2 as they may require extra configuration
rc_need_bond0="net.eth0 net.eth1 net.eth2"

3.g. Bridging (802.1d support)

For bridging support emerge net-misc/bridge-utils.

Bridging is used to join networks together. For example, you may have a server that connects to the internet via an ADSL modem and a wireless access card to enable other computers to connect to the internet via the ADSL modem. You could create a bridge to join the two interfaces together.

# Configure the bridge - "man brctl" for more details
brctl_br0="setfd 0" "sethello 0" "stp off"

# To add ports to bridge br0
bridge_br0="eth0 eth1"

# You need to configure the ports to null values so dhcp does not get started
config_eth0="null"
config_eth1="null"

# Finally give the bridge an address - you could use DHCP as well
config_br0="192.168.0.1/24"

# Depend on eth0 and eth1 as they may require extra configuration
rc_need_br0="net.eth0 net.eth1"

3.h. MAC Address

If you need to, you can change the MAC address of your interfaces through the network configuration file too.

# To set the MAC address of the interface
mac_eth0="00:11:22:33:44:55"

# To randomize the last 3 bytes only
mac_eth0="random-ending"

# To randomize between the same physical type of connection (e.g. fibre,
# copper, wireless) , all vendors
mac_eth0="random-samekind"

# To randomize between any physical type of connection (e.g. fibre, copper,
# wireless) , all vendors
mac_eth0="random-anykind"

# Full randomization - WARNING: some MAC addresses generated by this may
# NOT act as expected
mac_eth0="random-full"

3.i. Tunnelling

You don't need to emerge anything for tunnelling as the interface handler can do it for you.

# For GRE tunnels
iptunnel_vpn0="mode gre remote 207.170.82.1 key 0xffffffff ttl 255"

# For IPIP tunnels
iptunnel_vpn0="mode ipip remote 207.170.82.2 ttl 255"

# To configure the interface
config_vpn0="192.168.0.2 peer 192.168.1.1"

3.j. VLAN (802.1q support)

For VLAN support, emerge net-misc/vconfig.

Virtual LAN is a group of network devices that behave as if they were connected to a single network segment - even though they may not be. VLAN members can only see members of the same VLAN even though they may share the same physical network.

# Specify the VLAN numbers for the interface like so
# Please ensure your VLAN IDs are NOT zero-padded
vlans_eth0="1 2"

# You can also configure the VLAN
# see for vconfig man page for more details
vconfig_eth0="set_name_type VLAN_PLUS_VID_NO_PAD"
vconfig_vlan1="set_flag 1" "set_egress_map 2 6"

# Configure the interface as usual
config_vlan1="172.16.3.1 netmask 255.255.254.0"
config_vlan2="172.16.2.1 netmask 255.255.254.0"

4. Wireless Networking

4.a. Introduction

Wireless networking on Linux is usually pretty straightforward. There are two ways of configuring wifi: graphical clients, or the command line.

The easiest way is to use a graphical client once you've installed a desktop environment. Most graphical clients, such as wicd and NetworkManager, are pretty self-explanatory. They offer a handy point-and-click interface that gets you on a network in just a few seconds.

However, if you don't want to use a graphical client, then you can configure wifi on the command line by editing a few configuration files. This takes a bit more time to setup, but it also requires the fewest packages to download and install. Since the graphical clients are mostly self-explanatory (with helpful screenshots at their homepages), we'll focus on the command line alternatives.

You can setup wireless networking on the command line by installing wireless-tools or wpa_supplicant. The important thing to remember is that you configure wireless networks on a global basis and not an interface basis.

wpa_supplicant is the best choice. For a list of supported drivers, read the wpa_supplicant site.

wireless-tools supports nearly all cards and drivers, but it cannot connect to WPA-only Access Points. If your networks only offer WEP encryption or are completely open, you may prefer the simplicity of wireless-tools.

4.b. WPA Supplicant

WPA Supplicant is a package that allows you to connect to WPA enabled access points.

# emerge net-wireless/wpa_supplicant

Now we have to configure /etc/conf.d/net to so that we prefer wpa_supplicant over wireless-tools (if both are installed, wireless-tools is the default).

# Prefer wpa_supplicant over wireless-tools
modules="wpa_supplicant"

# It's important that we tell wpa_supplicant which driver we should
# be using as it's not very good at guessing yet
wpa_supplicant_eth0="-Dmadwifi"

That was simple, wasn't it? However, we still have to configure wpa_supplicant itself which is a bit more tricky depending on how secure the Access Points are that you are trying to connect to. The below example is taken and simplified from /usr/share/doc/wpa_supplicant-<version>/wpa_supplicant.conf.gz which ships with wpa_supplicant.

# The below line not be changed otherwise we refuse to work
ctrl_interface=/var/run/wpa_supplicant

# Ensure that only root can read the WPA configuration
ctrl_interface_group=0

# Let wpa_supplicant take care of scanning and AP selection
ap_scan=1

# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid ciphers
network={
  ssid="simple"
  psk="very secret passphrase"
  # The higher the priority the sooner we are matched
  priority=5
}

# Same as previous, but request SSID-specific scanning (for APs that reject
# broadcast SSID)
network={
  ssid="second ssid"
  scan_ssid=1
  psk="very secret passphrase"
  priority=2
}

# Only WPA-PSK is used. Any valid cipher combination is accepted
network={
  ssid="example"
  proto=WPA
  key_mgmt=WPA-PSK
  pairwise=CCMP TKIP
  group=CCMP TKIP WEP104 WEP40
  psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
  priority=2
}

# Plaintext connection (no WPA, no IEEE 802.1X)
network={
  ssid="plaintext-test"
  key_mgmt=NONE
}

# Shared WEP key connection (no WPA, no IEEE 802.1X)
network={
  ssid="static-wep-test"
  key_mgmt=NONE
  # Keys in quotes are ASCII keys
  wep_key0="abcde"
  # Keys specified without quotes are hex keys
  wep_key1=0102030405
  wep_key2="1234567890123"
  wep_tx_keyidx=0
  priority=5
}

# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
# IEEE 802.11 authentication
network={
  ssid="static-wep-test2"
  key_mgmt=NONE
  wep_key0="abcde"
  wep_key1=0102030405
  wep_key2="1234567890123"
  wep_tx_keyidx=0
  priority=5
  auth_alg=SHARED
}

# IBSS/ad-hoc network with WPA-None/TKIP
network={
  ssid="test adhoc"
  mode=1
  proto=WPA
  key_mgmt=WPA-NONE
  pairwise=NONE
  group=TKIP
  psk="secret passphrase"
}

4.c. Wireless Tools

Initial setup and Managed Mode

Wireless Tools provide a generic way to configure basic wireless interfaces up to the WEP security level. While WEP is a weak security method it's also the most prevalent.

Wireless Tools configuration is controlled by a few main variables. The sample configuration file below should describe all you need. One thing to bear in mind is that no configuration means "connect to the strongest unencrypted Access Point" - we will always try and connect you to something.

# emerge net-wireless/wireless-tools

# Prefer iwconfig over wpa_supplicant
modules="iwconfig"

# Configure WEP keys for Access Points called ESSID1 and ESSID2
# You may configure up to 4 WEP keys, but only 1 can be active at
# any time so we supply a default index of [1] to set key [1] and then
# again afterwards to change the active key to [1]
# We do this incase you define other ESSID's to use WEP keys other than 1
#
# Prefixing the key with s: means it's an ASCII key, otherwise a HEX key
#
# enc open specified open security (most secure)
# enc restricted specified restricted security (least secure)
key_ESSID1="[1] s:yourkeyhere key [1] enc open"
key_ESSID2="[1] aaaa-bbbb-cccc-dd key [1] enc restricted"

# The below only work when we scan for available Access Points

# Sometimes more than one Access Point is visible so we need to
# define a preferred order to connect in
preferred_aps="'ESSID1' 'ESSID2'"

Fine tune Access Point Selection

You can add some extra options to fine-tune your Access Point selection, but these are not normally required.

You can decide whether we only connect to preferred Access Points or not. By default if everything configured has failed and we can connect to an unencrypted Access Point then we will. This can be controlled by the associate_order variable. Here's a table of values and how they control this.

Finally we have some blacklist_aps and unique_ap selection. blacklist_aps works in a similar way to preferred_aps. unique_ap is a yes or no value that says if a second wireless interface can connect to the same Access Point as the first interface.

# Sometimes you never want to connect to certain access points
blacklist_aps="'ESSID3' 'ESSID4'"

# If you have more than one wireless card, you can say if you want
# to allow each card to associate with the same Access Point or not
# Values are "yes" and "no"
# Default is "yes"
unique_ap="yes"

Ad-Hoc and Master Modes

If you want to set yourself up as an Ad-Hoc node if you fail to connect to any Access Point in managed mode, you can do that too.

adhoc_essid_eth0="This Adhoc Node"

What about connecting to Ad-Hoc networks or running in Master mode to become an Access Point? Here's a configuration just for that! You may need to specify WEP keys as shown above.

# Set the mode - can be managed (default), ad-hoc or master
# Not all drivers support all modes
mode_eth0="ad-hoc"

# Set the ESSID of the interface
# In managed mode, this forces the interface to try and connect to the
# specified ESSID and nothing else
essid_eth0="This Adhoc Node"

# We use channel 3 if you don't specify one
channel_eth0="9"

Troubleshooting Wireless Tools

There are some more variables you can use to help get your wireless up and running due to driver or environment problems. Here's a table of other things you can try.

4.d. Defining network configuration per ESSID

Sometimes, you need a static IP when you connect to ESSID1 and you need DHCP when you connect to ESSID2. In fact, most module variables can be defined per ESSID. Here's how we do this.

config_ESSID1="192.168.0.3/24 brd 192.168.0.255"
routes_ESSID1="default via 192.168.0.1"

config_ESSID2="dhcp"
fallback_ESSID2="192.168.3.4/24"
fallback_route_ESSID2="default via 192.168.3.1"

# We can define nameservers and other things too
# NOTE: DHCP will override these unless it's told not to
dns_servers_ESSID1="192.168.0.1 192.168.0.2"
dns_domain_ESSID1="some.domain"
dns_search_domains_ESSID1="search.this.domain search.that.domain"

# You override by the MAC address of the Access Point
# This handy if you goto different locations that have the same ESSID
config_001122334455="dhcp"
dhcpcd_001122334455="-t 10"
dns_servers_001122334455="192.168.0.1 192.168.0.2"

5. Adding Functionality

4.a. Standard function hooks

Four functions can be defined in /etc/conf.d/net which will be called surrounding the start/stop operations. The functions are called with the interface name first so that one function can control multiple adapters.

The return values for the preup() and predown() functions should be 0 (success) to indicate that configuration or deconfiguration of the interface can continue. If preup() returns a non-zero value, then interface configuration will be aborted. If predown() returns a non-zero value, then the interface will not be allowed to continue deconfiguration.

The return values for the postup() and postdown() functions are ignored since there's nothing to do if they indicate failure.

${IFACE} is set to the interface being brought up/down. ${IFVAR} is ${IFACE} converted to variable name bash allows.

preup() {
  # Test for link on the interface prior to bringing it up.  This
  # only works on some network adapters and requires the ethtool
  # package to be installed.
  if ethtool ${IFACE} | grep -q 'Link detected: no'; then
    ewarn "No link on ${IFACE}, aborting configuration"
    return 1
  fi

  # Remember to return 0 on success
  return 0
}

predown() {
  # The default in the script is to test for NFS root and disallow
  # downing interfaces in that case.  Note that if you specify a
  # predown() function you will override that logic.  Here it is, in
  # case you still want it...
  if is_net_fs /; then
    eerror "root filesystem is network mounted -- can't stop ${IFACE}"
    return 1
  fi

  # Remember to return 0 on success
  return 0
}

postup() {
  # This function could be used, for example, to register with a
  # dynamic DNS service.  Another possibility would be to
  # send/receive mail once the interface is brought up.
       return 0
}

postdown() {
  # This function is mostly here for completeness... I haven't
  # thought of anything nifty to do with it yet ;-)
  return 0
}

5.b. Wireless Tools function hooks

Two functions can be defined in /etc/conf.d/net which will be called surrounding the associate function. The functions are called with the interface name first so that one function can control multiple adapters.

The return values for the preassociate() function should be 0 (success) to indicate that configuration or deconfiguration of the interface can continue. If preassociate() returns a non-zero value, then interface configuration will be aborted.

The return value for the postassociate() function is ignored since there's nothing to do if it indicates failure.

${ESSID} is set to the exact ESSID of the AP you're connecting to. ${ESSIDVAR} is ${ESSID} converted to a variable name bash allows.

preassociate() {
  # The below adds two configuration variables leap_user_ESSID
  # and leap_pass_ESSID. When they are both configured for the ESSID
  # being connected to then we run the CISCO LEAP script

  local user pass
  eval user=\"\$\{leap_user_${ESSIDVAR}\}\"
  eval pass=\"\$\{leap_pass_${ESSIDVAR}\}\"

  if [[ -n ${user} && -n ${pass} ]]; then
    if [[ ! -x /opt/cisco/bin/leapscript ]]; then
      eend "For LEAP support, please emerge net-misc/cisco-aironet-client-utils"
      return 1
    fi
    einfo "Waiting for LEAP Authentication on \"${ESSID//\\\\//}\""
    if /opt/cisco/bin/leapscript ${user} ${pass} | grep -q 'Login incorrect'; then
      ewarn "Login Failed for ${user}"
      return 1
    fi
  fi

  return 0
}

postassociate() {
  # This function is mostly here for completeness... I haven't
  # thought of anything nifty to do with it yet ;-)

  return 0
}

6. Network Management

6.a. Network Management

If you and your computer are always on the move, you may not always have an ethernet cable or plugged in or an access point available. Also, you may want networking to automatically work when an ethernet cable is plugged in or an access point is found.

Here you can find some tools that help you manage this.

6.b. ifplugd

ifplugd is a daemon that starts and stops interfaces when an ethernet cable is inserted or removed. It can also manage detecting association to Access Points or when new ones come in range.

# emerge sys-apps/ifplugd

Configuration for ifplugd is fairly straightforward too. The configuration file is held in /etc/conf.d/net. Run man ifplugd for details on the available variables. Also, see /usr/share/doc/openrc-*/net.example.bz2 for more examples.

(Replace eth0 with the interface to be monitored)
ifplugd_eth0="..."

(To monitor a wireless interface)
ifplugd_eth0="--api-mode=wlan"

In addition to managing multiple network connections, you may want to add a tool that makes it easy to work with multiple DNS servers and configurations. This is very handy when you receive your IP address via DHCP. Simply emerge openresolv.

# emerge openresolv

See man resolvconf to learn more about its features.

The contents of this document, unless otherwise expressly stated, are licensed under the CC-BY-SA-2.5 license. The Gentoo Name and Logo Usage Guidelines apply.