Title: Gentoo cheatsheet | |
Author: Solène | |
Date: 05 July 2021 | |
Tags: linux gentoo cheatsheet | |
Description: | |
# Introduction | |
This is a simple cheatsheet to manage my Gentoo systems, a linux | |
distribution source based, meaning everything installed on the computer | |
must be compiled locally. | |
Gentoo project website | |
# Upgrade system | |
I use the following command to update my system, it will downloaded | |
latest portage version and then rebuild @world (the whole set of | |
packages manually installed). | |
``` | |
#!/bin/sh | |
emerge-webrsync 2>&1 | grep "The current local" | |
if [ $? -eq 0 ] | |
then | |
exit | |
fi | |
emerge -auDv --with-bdeps=y --changed-use --newuse @world | |
``` | |
# Use ccache | |
As you may rebuild the same program many times (especially on a new | |
install), I highly recommend using ccache to reuse previous builded | |
objects and will reduce build duration by 80% when you change an USE. | |
It's quite easy, install ccache package, add 'FEATURES="ccache"' in | |
your make.conf and do "install -d -o root -g portage -p 775" | |
/var/cache/ccache and it should be working (you should see files in the | |
ccache directory). | |
Gentoo wiki about ccache | |
# Use emlop to view / calculate build time from past builds | |
Emlop can tell you how much time will be needed or remains on a build | |
based on previous builds information. I find it quite fun to see how | |
long an upgrade will take. | |
There is another tool named "genlop" that is older, but emlop feels | |
better. | |
## View compilation time | |
From the package emlop | |
```shell command | |
# emlop predict | |
Pid 353165: ...-newuse --backtrack=150 @world 1:07:15 | |
sys-devel/gcc-12.2.1_p20230121-r1 1:34:41 - 1:06:21 | |
``` | |
# Using gentoolkit | |
The gentoolkit package provides a few commands to find informations | |
about packages. | |
Gentoo wiki page about Gentoolkit | |
## Find a package | |
You can use "equery" from the package gentoolkit like this "equery l -p | |
'*package name*" globbing with * is mandatory if you are not looking | |
for a perfect match. | |
Example of usage: | |
```shell command | |
# equery l -p '*firefox*' | |
* Searching for *firefox* ... | |
[-P-] [ ] www-client/firefox-78.11.0:0/esr78 | |
[-P-] [ ~] www-client/firefox-89.0:0/89 | |
[-P-] [ ~] www-client/firefox-89.0.1:0/89 | |
[-P-] [ ~] www-client/firefox-89.0.2:0/89 | |
[-P-] [ ] www-client/firefox-bin-78.11.0:0/esr78 | |
[-P-] [ ] www-client/firefox-bin-89.0:0/89 | |
[-P-] [ ] www-client/firefox-bin-89.0.1:0/89 | |
[IP-] [ ] www-client/firefox-bin-89.0.2:0/89 | |
``` | |
## Get the package name providing a file | |
Use "equery b /path/to/file" like this | |
```shell command | |
# equery b /usr/bin/2to3 | |
* Searching for /usr/bin/2to3 ... | |
dev-lang/python-exec-2.4.6-r4 (/usr/lib/python-exec/python-exec2) | |
dev-lang/python-exec-2.4.6-r4 (/usr/bin/2to3 -> ../lib/python-exec/python-exec2) | |
``` | |
## Show installed packages | |
```shell command | |
qlist -I | |
``` | |
# Upgrade parts of the system using packages sets | |
There are special packages sets like @security or @profile that can be | |
used instead of @world that will restrict the packages to only a group, | |
on a server you may only want to update @security for... security but | |
not for newer versions. | |
Gentoo wiki about Packages sets | |
# Disable network when emerging for extra security | |
When building programs using emerge, you can disable the network access | |
for the building process, this is considered a good thing because if | |
the building process requires extra files downloaded or a git | |
repository cloned during building phase, this mean your build is not | |
reliable over time. This is also important for security because a | |
rogue build script could upload data. This behavior is default on | |
OpenBSD system. | |
To enable this, just add "network-sandbox" in the FEATURE variable in | |
your make.conf file. | |
Gentoo documentation about make.conf variables | |
# Easy trimming kernel process | |
I had a bulky kernel at first but I decided to trim it down to reduce | |
build time, it took me a long fail and retry process in order to have | |
everything right that still work, here is a short explanation about my | |
process. | |
* keep an old kernel that work | |
* install and configure genkernel with MRPROPER=no and CLEAN=no in | |
/etc/genkernel.conf because we don't want to rebuild everything when we | |
make changes | |
* lspci -k will tell you which hardware requires which kernel module | |
* visit /usr/src/linux and run make menuconfig, basically, you can | |
remove a lot of things in "Device drivers" category that doesn't look | |
like standard hardware on personal computers | |
* in Ethernet, Wireless LAN, Graphical drivers, you can trim everything | |
that doesn't look like your hardware | |
* run genkernel all and then grub-mkconfig -o /boot/grub/grub.cfg if | |
not done by genkernel and reboot, if something is missed, try enabling | |
drivers you removed previously | |
* do it slowly, not much drivers at a time, it's easier to recover an | |
issue when you don't remove many modules from many categories | |
* using genkernel all without cleaning, a new kernel can be out in a | |
minute which make the process a lot faster | |
You can do this without genkernel but if you are like me, using LVM | |
over LUKS and that you need an initrd file, genkernel will just ease | |
the process and generate the initird that you need. | |
# Use binary packages | |
If you use Gentoo you may want to have control over most of your | |
packages, but some packages can be really long to compile without much | |
benefit, or you may simply be fine using a binary package. Some | |
packages have the suffix -bin to their name, meaning they won't require | |
compilation. | |
There are a few well known packages such as firefox-bin, | |
libreoffice-bin, rust-bin and even gentoo-kernel-bin! You can get a | |
generic kernel pre-compiled :) | |
Gentoo wiki: Using distribution kernel | |
# Create binary packages | |
It is possible to create a binary package of every program you compile | |
on Gentoo, this can be used for distributing packages on similar | |
systems or simply make a backup of your packages. In some cases, the | |
redistribution may not work if you are on a system with a different CPU | |
generation or different hardware, this is pretty normal because you | |
often define the variables to optimize as much as possible the code for | |
your CPU and the binaries produced won't work on another CPU. | |
The guide from Gentoo will explain all you need to know about the | |
binary packages and how to redistribute them, but the simplest config | |
you need to start generating packages from emerge compilation is | |
setting FEATURES="buildpkg" in your make.conf | |
Gentoo wiki: Binary package guide | |
# Good make.conf defaults | |
This is a chunk of my `make.conf` file that I find really useful. It | |
accepts all licenses, make portage run with nice 15 to not disturb much | |
a running system, make it compile with 12 threads, run up to 8 parallel | |
package creation except if the load reach 10. | |
And it always create binary packages, so if you play with USE flags and | |
revert, you will already have a binary package and this will avoid | |
recompiling. | |
```text | |
ACCEPT_LICENSE="-* @EULA @BINARY-REDISTRIBUTABLE" | |
PORTAGE_NICENESS=15 | |
EMERGE_DEFAULT_OPTS="${EMERGE_DEFAULT_OPTS} --getbinpkg -j 8 -l 10 --keep-going… | |
FEATURES="ccache buildpkg network-sandbox" | |
MAKEOPTS="-j12" | |
VIDEO_CARDS=yourcard | |
L10N=yourlang | |
``` |