Jun 26, 2024
Technologysteps
Enable sshd:
$ passwd
Change the password
$ ssh nixos@xxx.xxx.xx.xx
......
Change channel:
$ sudo -i
nix-channel --add https://mirrors.ustc.edu.cn/nix-channels/nixpkgs-unstable nixpkgs
nix-channel --add https://mirrors.ustc.edu.cn/nix-channels/nixos-24.05 nixos
nix-channel --list
nix-channel --update
nixos-rebuild --option substituters https://mirrors.ustc.edu.cn/nix-channels/store switch --upgrade
parted:
parted /dev/sda # 分区该设备
mklabel gpt # 创建 GPT 表
mkpart ESP fat32 1MiB 256MiB # 在 1 MiB - 256 MiB 的位置创建引导分区
p # 打印当前分区表
set 1 esp on # 将序号为 1 的分区标识为可启动
mkpart primary 256MiB -2GiB
unit s
mkpart primary linux-swap 996022272 100%
p
lsblk:
nvme0n1 259:0 0 476.9G 0 disk
├─nvme0n1p1 259:4 0 255M 0 part
├─nvme0n1p2 259:5 0 474.7G 0 part
└─nvme0n1p3 259:6 0 2G 0 part
make filesystem:
mkfs.fat -F32 /dev/nvme0n1p1
mkfs.btrfs -L nixos /dev/nvme0n1p2
mkswap -L swap /dev/nvme0n1p3
mount sub volumes:
mount /dev/nvme0n1p2 /mnt
btrfs subvolume create /mnt/root
btrfs subvolume create /mnt/home
btrfs subvolume create /mnt/nix
umount /mnt
mount -o compress=zstd,subvol=root /dev/nvme0n1p2 /mnt
mkdir /mnt/{home,nix,boot}
mount -o compress=zstd,subvol=home /dev/nvme0n1p2 /mnt/home/
mount -o compress=zstd,noatime,subvol=nix /dev/nvme0n1p2 /mnt/nix
mount /dev/nvme0n1p1 /mnt/boot
swapon /dev/nvme0n1p3
# nixos-generate-config --root /mnt
# cat /mnt/etc/nixos/hardware-configuration.nix
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/aeb74833-b6fc-444f-bdc0-3ab931e7356a";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/aeb74833-b6fc-444f-bdc0-3ab931e7356a";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd"];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/aeb74833-b6fc-444f-bdc0-3ab931e7356a";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime"];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2D3A-7086";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/745d2fd3-c12b-4d15-a242-9283cac98c5d"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
[root@nixos:~]# cat /mnt/etc/nixos/configuration.nix
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
time.timeZone = "Asia/Shanghai";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
hardware.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with ‘passwd’.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
alacritty
];
sound.enable = true;
#hardware.pulseaudio.enable = true;
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
nix.settings.substituters = [
"https://mirrors.cernet.edu.cn/nix-channels/store"
];
system.stateVersion = "24.11"; # Did you read the comment?
}
# nixos-install --option substituters https://mirrors.ustc.edu.cn/nix-channels/store
Re-Create the password:
nixos-enter # 进入部署好的系统,类似 arch 的 chroot
passwd root # 重置 root 密码
useradd -m -G wheel dash # 添加普通用户,并加入 wheel 组
passwd dash # 设置普通账户密码
Install awesome:
nix-env -qaP awesome
sudo nix-env -iA nixpkgs.awesome
Not the right way, the right way should be:
$ sudo vim /etc/nixos/configuration.nix
services.xserver = {
enable = true;
displayManager = {
sddm.enable = true;
defaultSession = "none+awesome";
};
windowManager.awesome = {
enable = true;
luaModules = with pkgs.luaPackages; [
luarocks # is the package manager for Lua modules
luadbi-mysql # Database abstraction layer
];
};
};
sudo nixos-rebuild switch --option substituters https://mirrors.ustc.edu.cn/nix-channels/store
Jun 5, 2024
TechnologyPartition:
livecd ~ # lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 479.7M 1 loop /mnt/livecd
sr0 11:0 1 527.4M 0 rom /mnt/cdrom
vda 252:0 0 80G 0 disk
zram0 253:0 0 0B 0 disk
livecd ~ # parted /dev/vda
GNU Parted 3.6
Using /dev/vda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) mklabel gpt
(parted) unit MiB
(parted) mkpart primary 2 514
(parted) mkpart primary 515 -1
(parted) name 1 boot
(parted) name 2 luks
(parted) set 1 boot on
(parted) q
Information: You may need to update /etc/fstab.
Setup crypts:
livecd ~ # cryptsetup luksFormat /dev/vda2
WARNING!
========
This will overwrite data on /dev/vda2 irrevocably.
Are you sure? (Type 'yes' in capital letters): YES
Enter passphrase for /dev/vda2:
Verify passphrase:
livecd ~ # cryptsetup open /dev/vda2 ct0
Enter passphrase for /dev/vda2:
Mount to specified position:
mkfs.btrfs /dev/mapper/ct0
mkfs.vfat -F32 /dev/vda1
mount /dev/mapper/ct0 /mnt/gentoo
Using btrfs’s subvolume function:
btrfs subvolume create /mnt/gentoo/subvol-root
btrfs subvolume create /mnt/gentoo/subvol-home
btrfs subvolume create /mnt/gentoo/subvol-snapshots
btrfs subvolume set-default /mnt/gentoo/subvol-root
umount /mnt/gentoo
mount /dev/mapper/ct0 /mnt/gentoo
prepare chroot:
cd /mnt/gentoo
wget ......stage3
tar xpvf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner
specify jobs for building:
# nano /etc/portage/make.conf
MAKEOPTS="-j17"
select mirror:
mirrorselect -i -o >>/mnt/gentoo/etc/portage/make.conf
Setup ebuild repository sync address:
# mkdir etc/portage/repos.conf
# cp usr/share/portage/config/repos.conf etc/portage/repos.conf/gentoo.conf
# cat etc/portage/repos.conf/gentoo.conf | grep uri
sync-uri = rsync://rsync.mirrors.ustc.edu.cn/gentoo-portage
cp -L /etc/resolv.conf etc/
chroot-in:
livecd /mnt/gentoo # mount --types proc /proc /mnt/gentoo/proc
livecd /mnt/gentoo # mount --rbind /sys /mnt/gentoo/sys
livecd /mnt/gentoo # mount --rbind /dev /mnt/gentoo/dev
#### then
chroot /mnt/gentoo
. /etc/profile
PS1=(chroot)$PS1
Mount vda1 for kernel/bootloader installation:
mount /dev/vda1 /boot
Install gentoo ebuild repository:
emerge-webrsync
emerge --sync
Install and set editor:
emerge -vj app-editors/vim
eselect editor set 2
. /etc/profile
PS1=(chroot)$PS1
update @world:
eselect profile set 21
USE="X initramfs cjk cups crypt udev alsa elogind zsh-completion bash-completion -consolekit"
emerge --ask --verbose --update --deep --changed-use @world
Select the locale and timezone:
echo "Asia/Shanghai" > /etc/timezone
emerge --config sys-libs/timezone-data
vim /etc/locale.gen
locale-gen
eselect locale set 6
env-update && source /etc/profile && export PS1="(chroot) $PS1"
Install firmware:
mkdir -p /etc/portage/package.license
echo 'sys-kernel/linux-firmware linux-fw-redistributable no-source-code' >/etc/portage/package.license/linux-firmware
echo 'sys-kernel/installkernel dracut' >/etc/portage/package.use/installkernel
emerge --ask sys-kernel/gentoo-sources
emerge --ask sys-kernel/linux-firmware
emerge --ask sys-apps/pciutils
emerge --ask sys-kernel/genkernel
Set kernel:
(chroot) livecd / # readlink -v /usr/src/linux
readlink: /usr/src/linux: No such file or directory
(chroot) livecd / # eselect kernel list
Available kernel symlink targets:
[1] linux-6.6.30-gentoo
(chroot) livecd / # eselect kernel set 1
(chroot) livecd / # readlink -v /usr/src/linux
linux-6.6.30-gentoo
Build kernel:
cd /usr/src/linux
make menuconfig
make -j17
make modules_install && make install
genkernel --kernel-config=/usr/src/linux/.config initramfs
blkid /dev/vda1>>/etc/fstab
blkid /dev/mapper/ct0>>/etc/fstab
vim /etc/fstab
#/dev/vda1: UUID="3D3E-221D" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="boot" PARTUUID="e0e7d44b-d78f-4c27-808a-c859ce8ead64"
UUID="3D3E-221D" /boot vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro 0 2
#/dev/mapper/ct0: UUID="5f574106-322e-4f9f-8efd-c3615fcb237a" UUID_SUB="0e96210f-49ac-4355-9237-dab1fb6eae93" BLOCK_SIZE="4096" TYPE="btrfs"
# rw,relatime,space_cache=v2,subvolid=256,subvol=/subvol-root
UUID="5f574106-322e-4f9f-8efd-c3615fcb237a" / btrfs defaults,noatime,ssd,discard,subvolid=256,subvol=/subvol_root 0 1
Install system packages:
66 emerge --ask sys-fs/cryptsetup
67 emerge --ask sys-process/cronie
68 emerge --ask app-admin/sysklogd
69 emerge --ask sysfs/btrfs-progs
70 emerge --ask sys-fs/btrfs-progs
71 emerge --ask net-misc/dhcpcd
72 emerge -av app-admin/sysklogd sys-fs/cryptsetup
73 rc-update add sysklogd default
74 rc-update add dhcpcd default
76 echo GRUB_PLATFORMS="efi-64" >> /etc/portage/make.conf
77 emerge -av sys-boot/grub:2
79 mkdir /boot/efi/
80 ls /dev/disk/by-uuid/
81 ls /dev/disk/by-uuid/ -l -h
82 cat /etc/fstab
83 vim /etc/default/grub
84 vim /etc/default/grub
85 mount -a
86 grub-install --target=x86_64-efi --boot-directory=/boot --efi-directory=/boot/efi/ --bootloader-id=Gentoo --debug
87 grub-mkconfig -o /boot/grub/grub.cfg
89 ls /boot/grub/
90 ls /boot/grub/grub.cfg
Jun 4, 2024
TechnologyUsing repo:
[root@localhost yum.repos.d]# cat openEuler_x86_64.repo
#Copyright (c) [2019] Huawei Technologies Co., Ltd.
#generic-repos is licensed under the Mulan PSL v1.
#You can use this software according to the terms and conditions of the Mulan PSL v1.
#You may obtain a copy of Mulan PSL v1 at:
# http://license.coscl.org.cn/MulanPSL
#THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
#IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
#PURPOSE.
#See the Mulan PSL v1 for more details.
[openEuler-everything]
name=openEuler-everything
baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/everything/x86_64/
enabled=1
gpgcheck=0
gpgkey=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/everything/x86_64/RPM-GPG-KEY-openEuler
[openEuler-EPOL]
name=openEuler-epol
baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/EPOL/x86_64/
enabled=1
gpgcheck=0
[openEuler-update]
name=openEuler-update
baseurl=http://repo.huaweicloud.com/openeuler/openEuler-20.03-LTS/update/x86_64/
enabled=1
gpgcheck=0
[root@localhost yum.repos.d]# pwd
/etc/yum.repos.d
# yum makecache
Install package:
yum install -y elfutils-libelf-devel gcc gnu-efi gnu-efi-devel openssl-devel make git rpm-build
yum install -y rpmdevtools* tree
rpmdev-setuptree
[root@localhost ~]# ls
anaconda-ks.cfg rpmbuild
cd ~/rpmbuild/SOURCES
wget http://ftp.gnu.org/gnu/hello/hello-2.10.tar.gz
cd ~/rpmbuild/SPECS
vim hello.spec
content is:
Name: hello
Version: 2.10
Release: 1%{?dist}
Summary: The "Hello World" program from GNU
Summary(zh_CN): GNU Hello World program
License: GPLv3+
URL: http://ftp.gnu.org/gnu/hello
Source0: http://ftp.gnu.org/gnu/hello/%{name}-%{version}.tar.gz
BuildRequires: gettext
Requires(post): info
Requires(preun): info
%description
The "Hello World" program, done with all bells and whistles of a proper FOSS
project, including configuration, build, internationalization, help files, etc.
%description -l zh_CN
The Hello World program contains all parts required by the FOSS project, including configuration, build, i18n, and help files.
%prep
%setup -q
%build
%configure
make %{?_smp_mflags}
%install
make install DESTDIR=%{buildroot}
%find_lang %{name}
rm -f %{buildroot}/%{_infodir}/dir
%post
/sbin/install-info %{_infodir}/%{name}.info %{_infodir}/dir || :
%preun
if [ $1 = 0 ] ; then
/sbin/install-info --delete %{_infodir}/%{name}.info %{_infodir}/dir || :
fi
%files -f %{name}.lang
%doc AUTHORS ChangeLog NEWS README THANKS TODO
%license COPYING
%{_mandir}/man1/hello.1.*
%{_infodir}/hello.info.*
%{_bindir}/hello
%changelog
* Thu Dec 26 2019 Your Name <youremail@xxx.xxx> - 2.10-1
- Update to 2.10
* Sat Dec 3 2016 Your Name <youremail@xxx.xxx> - 2.9-1
- Update to 2.9
Building:
rpmbuild -ba hello.spec
# tree ~/rpmbuild/*RPMS
/root/rpmbuild/RPMS
└── x86_64
├── hello-2.10-1.x86_64.rpm
├── hello-debuginfo-2.10-1.x86_64.rpm
└── hello-debugsource-2.10-1.x86_64.rpm
/root/rpmbuild/SRPMS
└── hello-2.10-1.src.rpm
Download the source code and install:
rpm -ivh grub2-2.02-73.oe1.src.rpm
cd rpmbuild/SPECS/
yum install -y bison bzip2-devel dejavu-sans-fonts device-mapper-devel flex freetype-devel gettext-devel help2man libusb-devel ncurses-devel pesign rpm-devel texinfo xz-devel
$ vim /xxx/xx/grub.macros
%{4}./grub-mkimage -O %{1} -o %{2}.orig \\\
-p /EFI/%{efi_vendor} -d grub-core ${GRUB_MODULES} \
%{4}./grub-mkimage -O %{1} -o %{3}.orig \\\
-p /EFI/BOOT -d grub-core ${GRUB_MODULES}
Change .orig
to ``, so you could mkimage, and also remove the latter lines which use pesign
Jun 3, 2024
Technology1. Preparation
Start sshd:
/etc/init.d/sshd start
passwd root
Remove the lvm via:
# dmsetup ls
# dmsetup remove xxxxxx
lsblk:
# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 479.7M 1 loop /mnt/livecd
sda 8:0 0 1.8T 0 disk
sr0 11:0 1 1024M 0 rom
sr1 11:1 1 527.4M 0 rom /mnt/cdrom
zram0 253:0 0 0B 0 disk
nvme0n1 259:0 0 476.9G 0 disk
├─nvme0n1p1 259:1 0 512M 0 part
├─nvme0n1p2 259:2 0 1G 0 part
└─nvme0n1p3 259:3 0 475.4G 0 part
Partition:
livecd ~ # mkfs.vfat -F32 /dev/nvme0n1p1
mkfs.fat 4.2 (2021-01-31)
livecd ~ # mkswap /dev/nvme0n1p2
Setting up swapspace version 1, size = 1024 MiB (1073737728 bytes)
no label, UUID=5d36c31a-6fbf-4d04-84ac-9ee1efaf5712
livecd ~ # mkfs.ext4 /dev/nvme0n1p3
livecd ~ # swapon /dev/nvme0n1p2
livecd ~ # mount /dev/nvme0n1p3 /mnt/gentoo
Get the stage3 file and untar it:
wget https://mirrors.ustc.edu.cn/gentoo/releases/amd64/autobuilds/20240602T164858Z/stage3-amd64-desktop-openrc-20240602T164858Z.tar.xz
tar xpvf stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner
enable makeopts:
# nano /etc/portage/make.conf
......
MAKEOPTS="-j20"
......
Select mirror:
mirrorselect -i -o >> /mnt/gentoo/etc/portage/make.conf
... select ustc.edu.cn
Copy the Portage repository settings:
livecd /mnt/gentoo # mkdir -p /mnt/gentoo/etc/portage/repos.conf
livecd /mnt/gentoo # cp /mnt/gentoo/usr/share/portage/config/repos.conf /mnt/gentoo/etc/portage/repos.conf/gentoo.conf
Copy the dns:
cp --dereference /etc/resolv.conf /mnt/gentoo/etc/
Chroot to system:
mount --types proc /proc /mnt/gentoo/proc
mount --rbind /sys /mnt/gentoo/sys
mount --make-rslave /mnt/gentoo/sys
mount --rbind /dev /mnt/gentoo/dev
mount --make-rslave /mnt/gentoo/dev
mount --bind /run /mnt/gentoo/run
mount --make-slave /mnt/gentoo/run
chroot /mnt/gentoo /bin/bash
source /etc/profile
export PS1="(chroot) ${PS1}"
Mount EFI partition:
livecd / # mount /dev/nvme0n1p1 /boot
Update Gentoo’s ebuild :
emerge-webrsync
Update using portage:
emerge --ask --verbose --update --deep --newuse @world
Update to Asia/Shanghai
:
livecd / # echo "Asia/Shanghai">/etc/timezone
livecd / # emerge --config sys-libs/timezone-data
Edit the locale.gen:
# nano /etc/locale.gen
en_US.UTF-8 UTF-8
# locale-gen
Reload the setting:
env-update
source /etc/profile
export PS1="(chroot) ${PS1}"
2. Kernel
Edit cpu flags:
# emerge --ask app-portage/cpuid2cpuflags
# cpuid2cpuflags
CPU_FLAGS_X86: aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sse sse2 sse3 sse4_1 sse4_2 ssse3
# nano /etc/portage/make.conf
CPU_FLAGS_X86="aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sse sse2 sse3 sse4_1 sse4_2 ssse3"
Edit /etc/portage/make.conf
, accept all of the license tips:
ACCEPT_LICENSE="*"
Install firmware and intel microcode:
emerge --ask sys-kernel/linux-firmware sys-firmware/intel-microcode
Change default editor from nano to vim:
emerge -vj app-editors/vim
eselect editor list
eselect editor set 2
. /etc/profile
PS1=(chroot)$PS1
Install firmware/kernel/bootloader:
mkdir -p /etc/portage/package.license
echo 'sys-kernel/linux-firmware linux-fw-redistributable no-source-code' >/etc/portage/package.license/linux-firmware
# also install initramfs
echo 'sys-kernel/installkernel dracut' >/etc/portage/package.use/installkernel
emerge -vj linux-firmware gentoo-kernel-bin grub
Edit /etc/fstab
:
# efi partition
#/dev/nvme0n1p1: UUID="846A-BE3E" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="2e1058ce-0964-4624-be29-1ae87beae5fc"
UUID="846A-BE3E" /boot/efi vfat rw,noatime,errors=remount-ro 0 2
# swap partition
#/dev/nvme0n1p2: UUID="5d36c31a-6fbf-4d04-84ac-9ee1efaf5712" TYPE="swap" PARTUUID="a35a309d-e60d-4b4e-8ef4-296962fda56b"
UUID="5d36c31a-6fbf-4d04-84ac-9ee1efaf5712" none swap sw 0 0
# root partition
#/dev/nvme0n1p3: UUID="2c24a130-dc28-40fd-ad92-2fd68c75229e" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="43320d2d-f849-4b45-a14c-7ac254b330df"
UUID="2c24a130-dc28-40fd-ad92-2fd68c75229e" / ext4 defaults,noatime 0 1
Install UEFI:
grub-install --target=x86_64-efi --efi-directory=/boot/efi/ --bootloader-id=Gentoo
# notice swap file
sed -Ei "/GRUB_CMDLINE_LINUX_DEFAULT/s/^#*(GRUB.*DEFAULT=).*$/\1\"resume=UUID=$(blkid -o value /dev/nvme0n1p2 | head -1)\"/" /etc/default/grub
grub-mkconfig -o /boot/grub/grub.cfg
os-probe related:
echo 'sys-boot/grub mount' >/etc/portage/package.use/grub
emerge -vj os-prober
echo 'GRUB_DISABLE_OS_PROBER=false' >>/etc/default/grub
Configuration
Create user:
passwd root
useradd -m -G usb,wheel kkk
passwd kkk
emerge -vj app-admin/sudo
visudo # uncomment #%wheel
Install NetworkManager:
echo "net-wireless/wpa_supplicant dbus" >>/etc/portage/package.use/nm
echo "net-misc/openssh -bindist" >>/etc/portage/package.use/nm
emerge -vj1 net-misc/openssh net-misc/networkmanager
emerge -On net-misc/networkmanager
rc-update add NetworkManager default
rc-update add sshd default
Install log service:
emerge -vj app-admin/syslog-ng
rc-update add syslog-ng default
Reboot:
sync
exit
umount -Rl /mnt/gentoo/{dev,proc,sys,}
reboot
repository
via:
emerge --ask app-eselect/eselect-repository
eselect repository list
eselect repository enable zugaina
emaint sync -r zugaina
Format via:
livecd ~ # lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
loop0 7:0 0 479.7M 1 loop /mnt/livecd
sda 8:0 1 57.3G 0 disk
├─sda1 8:1 1 1.3G 0 part
├─sda2 8:2 1 512K 0 part
└─sda3 8:3 1 56G 0 part
sr0 11:0 1 527.4M 0 rom /mnt/cdrom
zram0 253:0 0 0B 0 disk
nvme0n1 259:0 0 953.9G 0 disk
├─nvme0n1p1 259:1 0 480M 0 part
└─nvme0n1p2 259:2 0 953.4G 0 part
livecd ~ # parted -a optimal /dev/sda
GNU Parted 3.6
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) mklabel gpt
Warning: The existing disk label on /dev/sda will be destroyed and all data on this disk will be lost. Do you want to continue?
Yes/No? yes
(parted) mkpart primary fat32 0% 100%
(parted) set 1 BOOT on
(parted) quit
Information: You may need to update /etc/fstab.
Create the gpg:
livecd ~ # export GPG_TTY=$(tty)
livecd ~ # echo $(tty)
/dev/pts/0
livecd ~ # dd if=/dev/urandom bs=8388607 count=1 | gpg --symmetric --cipher-algo AES256 --output /tmp/efiboot/luks-key.gpg
gpg: directory '/root/.gnupg' created
1+0 records in
1+0 records out
8388607 bytes (8.4 MB, 8.0 MiB) copied, 6.76511 s, 1.2 MB/s
nvme ssd:
# parted -a optimal /dev/nvme0n1
GNU Parted 3.6
Using /dev/nvme0n1
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) unit s
(parted) print free
(parted) mkpart primary 2048s 2000409230s
(parted) quit
Information: You may need to update /etc/fstab.
Create encrypted disk:
# gpg --decrypt /tmp/efiboot/luks-key.gpg | cryptsetup --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --key-file - luksFormat /dev/nvme0n1p1
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
livecd ~ # cryptsetup luksDump /dev/nvme0n1p1
disk layout:
livecd ~ # gpg --decrypt /tmp/efiboot/luks-key.gpg | cryptsetup --key-file - luksOpen /dev/nvme0n1p1 gentoo
gpg: AES256.CFB encrypted data
gpg: encrypted with 1 passphrase
livecd ~ # ls /dev/mapper/
control gentoo
livecd ~ # pvcreate /dev/mapper/gentoo
Physical volume "/dev/mapper/gentoo" successfully created.
livecd ~ # vgcreate vg1 /dev/mapper/gentoo
Volume group "vg1" successfully created
livecd ~ # grep MemTotal /proc/meminfo
MemTotal: 15954144 kB
livecd ~ # lvcreate --size 8G --name swap vg1
Logical volume "swap" created.
livecd ~ # lvcreate --size 80G --name root vg1
Logical volume "root" created.
livecd ~ # lvcreate --extents 95%FREE --name home vg1
Logical volume "home" created.
livecd ~ # pvdisplay
--- Physical volume ---
PV Name /dev/mapper/gentoo
VG Name vg1
PV Size 953.85 GiB / not usable <1.32 MiB
Allocatable yes
PE Size 4.00 MiB
Total PE 244186
Free PE 11083
Allocated PE 233103
PV UUID xBgj1j-1e3g-iaT0-esba-jJ3f-EO3m-Ty6wgY
livecd ~ # vgdisplay
--- Volume group ---
VG Name vg1
System ID
Format lvm2
Metadata Areas 1
Metadata Sequence No 4
VG Access read/write
VG Status resizable
MAX LV 0
Cur LV 3
Open LV 0
Max PV 0
Cur PV 1
Act PV 1
VG Size 953.85 GiB
PE Size 4.00 MiB
Total PE 244186
Alloc PE / Size 233103 / <910.56 GiB
Free PE / Size 11083 / 43.29 GiB
VG UUID YUdAbE-MnJA-54GY-aQkb-Kp9G-P52q-Wl3Uey
livecd ~ # lvdisplay
--- Logical volume ---
LV Path /dev/vg1/swap
LV Name swap
VG Name vg1
LV UUID OKxWa1-NBN2-F6zx-E1qQ-wPQJ-2lmP-7abjG1
LV Write Access read/write
LV Creation host, time livecd, 2024-06-03 12:41:29 +0000
LV Status available
# open 0
LV Size 8.00 GiB
Current LE 2048
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 252:1
--- Logical volume ---
LV Path /dev/vg1/root
LV Name root
VG Name vg1
LV UUID yAMQV4-sNI7-zuY8-ZkDX-k53i-dxoF-PsvE4O
LV Write Access read/write
LV Creation host, time livecd, 2024-06-03 12:41:43 +0000
LV Status available
# open 0
LV Size 80.00 GiB
Current LE 20480
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 252:2
--- Logical volume ---
LV Path /dev/vg1/home
LV Name home
VG Name vg1
LV UUID APZd1G-qGe1-9t5c-AhBh-pUKt-Dit8-D2WTHd
LV Write Access read/write
LV Creation host, time livecd, 2024-06-03 12:41:48 +0000
LV Status available
# open 0
LV Size <822.56 GiB
Current LE 210575
Segments 1
Allocation inherit
Read ahead sectors auto
- currently set to 256
Block device 252:3
livecd ~ # vgchange --available y
3 logical volume(s) in volume group "vg1" now active
livecd ~ # ls /dev/mapper
control gentoo vg1-home vg1-root vg1-swap
livecd ~ # vgchange --available y
3 logical volume(s) in volume group "vg1" now active
livecd ~ # ls /dev/mapper
control gentoo vg1-home vg1-root vg1-swap
livecd ~ # mkswap -L "swap" /dev/mapper/vg1-swap
Setting up swapspace version 1, size = 8 GiB (8589930496 bytes)
LABEL=swap, UUID=b8653482-926c-4e26-89fb-55f52f3fca9f
livecd ~ # mkfs.ext4 -L "root" /dev/mapper/vg1-root
mke2fs 1.47.0 (5-Feb-2023)
Creating filesystem with 20971520 4k blocks and 5242880 inodes
Filesystem UUID: 030ae853-ad94-4fe5-a5a8-340aaeb54a6c
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000
Allocating group tables: done
Writing inode tables: done
Creating journal (131072 blocks): done
Writing superblocks and filesystem accounting information: done
livecd ~ # mkfs.ext4 -m 0 -L "home" /dev/mapper/vg1-home
mke2fs 1.47.0 (5-Feb-2023)
Creating filesystem with 215628800 4k blocks and 53911552 inodes
Filesystem UUID: f8534406-cdcb-4538-8397-2480d96a306b
Superblock backups stored on blocks:
32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968,
102400000, 214990848
Allocating group tables: done
Writing inode tables: done
Creating journal (262144 blocks): done
Writing superblocks and filesystem accounting information: done
livecd ~ # swapon -v /dev/mapper/vg1-swap
swapon: /dev/mapper/vg1-swap: found signature [pagesize=4096, signature=swap]
swapon: /dev/mapper/vg1-swap: pagesize=4096, swapsize=8589934592, devsize=8589934592
swapon /dev/mapper/vg1-swap
livecd ~ # mount -v -t ext4 /dev/mapper/vg1-root /mnt/gentoo
mount: /dev/mapper/vg1-root mounted on /mnt/gentoo.
livecd ~ # blkid /dev/sda1 /dev/nvme0n1p1
/dev/sda1: UUID="81A6-BFB2" BLOCK_SIZE="512" TYPE="vfat" PARTLABEL="primary" PARTUUID="be83585f-0239-4b8a-8931-674aaaadb69d"
/dev/nvme0n1p1: UUID="ddc06372-5d72-49a0-b617-b97128f8e3e6" TYPE="crypto_LUKS" PARTLABEL="primary" PARTUUID="3635503c-78f0-44ce-8982-633ca20723ff"
Receive the gpg key:
gpg --keyserver pgp.mit.edu --recv-key 2D182910
fetch the stage 3 file:
# cd /mnt/gentoo
# wget https://mirrors.ustc.edu.cn/gentoo/releases/amd64/autobuilds/20240602T164858Z/stage3-amd64-desktop-openrc-20240602T164858Z.tar.xz
untar the stage3 file:
tar xvJpf stage3-amd64-*.tar.xz --xattrs-include='*.*' --numeric-owner
rm -f stage3-amd64-desktop-openrc-20240602T164858Z.tar.xz
Edit the bashrc:
livecd /mnt/gentoo # cat /mnt/gentoo/root/.bashrc
export NUMCPUS=$(nproc)
export NUMCPUSPLUSONE=$(( NUMCPUS + 1 ))
export MAKEOPTS="-j${NUMCPUSPLUSONE} -l${NUMCPUS}"
export EMERGE_DEFAULT_OPTS="--jobs=${NUMCPUSPLUSONE} --load-average=${NUMCPUS}"
copy the bashrc_profile
:
cp -v /mnt/gentoo/etc/skel/.bash_profile /mnt/gentoo/root/
edit the make.conf:
livecd /mnt/gentoo # cat /mnt/gentoo/etc/portage/make.conf
# These settings were set by the catalyst build script that automatically
# built this stage.
# Please consult /usr/share/portage/config/make.conf.example for a more
# detailed example.
COMMON_FLAGS="-march=native -O2 -pipe"
CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
FCFLAGS="${COMMON_FLAGS}"
FFLAGS="${COMMON_FLAGS}"
# NOTE: This stage was built with the bindist Use flag enabled
# This sets the language of build output to English.
# Please keep this setting intact when reporting bugs.
#LC_MESSAGES=C.utf8
# Note: MAKEOPTS and EMERGE_DEFAULT_OPTS are set in .bashrc
# The following licence is required, in addition to @FREE, for GNOME.
ACCEPT_LICENSE="CC-Sampling-Plus-1.0"
# WARNING: Changing your CHOST is not something that should be done lightly.
# Please consult http://www.gentoo.org/doc/en/change-chost.xml before changing.
CHOST="x86_64-pc-linux-gnu"
# Use the 'stable' branch - 'testing' no longer required for Gnome 3.
# NB, amd64 is correct for both Intel and AMD 64-bit CPUs
ACCEPT_KEYWORDS="amd64"
# Additional USE flags supplementary to those specified by the current profile.
USE=""
CPU_FLAGS_X86="mmx mmxext sse sse2"
# Important Portage directories.
PORTDIR="/var/db/repos/gentoo"
DISTDIR="/var/cache/distfiles"
PKGDIR="/var/cache/binpkgs"
# This sets the language of build output to English.
# Please keep this setting intact when reporting bugs.
LC_MESSAGES=C
# Turn on logging - see http://gentoo-en.vfose.ru/wiki/Gentoo_maintenance.
PORTAGE_ELOG_CLASSES="info warn error log qa"
# Echo messages after emerge, also save to /var/log/portage/elog
PORTAGE_ELOG_SYSTEM="echo save"
# Ensure elogs saved in category subdirectories.
# Build binary packages as a byproduct of each emerge, a useful backup.
FEATURES="split-elog buildpkg"
# Settings for X11
VIDEO_CARDS="intel i965"
INPUT_DEVICES="libinput"
Select ustc for the mirror, thus make.conf should be like following:
livecd /mnt/gentoo # tail /mnt/gentoo/etc/portage/make.conf
# Ensure elogs saved in category subdirectories.
# Build binary packages as a byproduct of each emerge, a useful backup.
FEATURES="split-elog buildpkg"
# Settings for X11
VIDEO_CARDS="intel i965"
INPUT_DEVICES="libinput"
GENTOO_MIRRORS="https://mirrors.ustc.edu.cn/gentoo/ \
rsync://rsync.mirrors.ustc.edu.cn/gentoo/"
Edit the repos.conf/gentoo.conf
:
livecd /mnt/gentoo # cp -v /mnt/gentoo/usr/share/portage/config/repos.conf /mnt/gentoo/etc/portage/repos.conf/gentoo.conf
livecd /mnt/gentoo # cat /mnt/gentoo/etc/portage/repos.conf/gentoo.conf
[DEFAULT]
main-repo = gentoo
[gentoo]
location = /var/db/repos/gentoo
sync-type = webrsync
sync-uri = rsync://rsync.mirrors.ustc.edu.cn/gentoo-portage
auto-sync = yes
sync-rsync-verify-jobs = 1
sync-rsync-verify-metamanifest = yes
sync-rsync-verify-max-age = 3
sync-openpgp-key-path = /usr/share/openpgp-keys/gentoo-release.asc
sync-openpgp-keyserver = hkps://keys.gentoo.org
sync-openpgp-key-refresh-retry-count = 40
sync-openpgp-key-refresh-retry-overall-timeout = 1200
sync-openpgp-key-refresh-retry-delay-exp-base = 2
sync-openpgp-key-refresh-retry-delay-max = 60
sync-openpgp-key-refresh-retry-delay-mult = 4
sync-webrsync-verify-signature = yes
Edit the dns file:
# cat /mnt/gentoo/etc/resolv.conf
nameserver 223.5.5.5
Prepare for chroot:
livecd /mnt/gentoo # mount -v -t proc none /mnt/gentoo/proc
mount: none mounted on /mnt/gentoo/proc.
livecd /mnt/gentoo # mount -v --rbind /sys /mnt/gentoo/sys
mount: /sys bound on /mnt/gentoo/sys.
livecd /mnt/gentoo # mount -v --rbind /dev /mnt/gentoo/dev
mount: /dev bound on /mnt/gentoo/dev.
livecd /mnt/gentoo # mount -v --make-rslave /mnt/gentoo/sys
livecd /mnt/gentoo # mount -v --make-rslave /mnt/gentoo/dev
chroot in:
livecd /mnt/gentoo # chroot /mnt/gentoo /bin/bash
livecd / # source /etc/profile
livecd / # export PS1="(chroot) $PS1
Sync and select profile:
emaint sync --auto
eselect profile list
eselect profile set "default/linux/amd64/17.1"
emerge --info
grep -i useflag /var/db/repos/gentoo/profiles/use.desc
emerge --ask --verbose --oneshot portage
set timezone and locale:
echo "Asia/Shanghai">/etc/timezone
emerge -v --config sys-libs/timezone-data
nano -w /etc/locale.gen
locale-gen
eselect locale list
eselect locale set "C"
env-update && source /etc/profile && export PS1="(chroot) $PS1"
set cpu flags in make.conf:
emerge --verbose --oneshot app-portage/cpuid2cpuflags
cpuid2cpuflags
nano -w /etc/portage/make.conf
Update using portage:
emerge --ask --verbose --update --deep --newuse @world
build kernel:
(chroot) livecd / # mkdir -p -v /etc/portage/package.license
mkdir: created directory '/etc/portage/package.license'
(chroot) livecd / # touch /etc/portage/package.license/zzz_via_autounmas
echo "sys-kernel/linux-firmware linux-fw-redistributable no-source-code" >> /etc/portage/package.license/linux-firmware
emerge --ask --verbose sys-kernel/gentoo-sources
emerge --ask --verbose sys-kernel/linux-firmware
(chroot) livecd / # readlink -v /usr/src/linux
readlink: /usr/src/linux: No such file or directory
(chroot) livecd / # eselect kernel list
Available kernel symlink targets:
[1] linux-6.6.30-gentoo
(chroot) livecd / # eselect kernel set 1
(chroot) livecd / # readlink -v /usr/src/linux
linux-6.6.30-gentoo
emerge --ask --verbose dev-vcs/git
# cat /etc/portage/repos.conf/waffle-builds.conf
[waffle-builds]
# Various utility ebuilds for Gentoo on EFI
# Maintainer: sakaki (sakaki@deciban.com)
location = /usr/local/portage/waffle-builds
sync-type = git
sync-uri = https://github.com/FlyingWaffleDev/waffle-builds.git
priority = 50
auto-sync = yes
(chroot) livecd / # emaint sync --repo waffle-builds
(chroot) livecd / # echo "*/*::waffle-builds ~amd64">> /etc/portage/package.accept_keywords/waffle-builds-repo