2. Live-CD Environment

In the following, I am using SystemRescue, not the official Gentoo Linux installation media, in order to make use of its capability to create custom installation media and setup the "rescue" partition with it's chroot.sh script. If not otherwise stated, commands are executed as "root" on the remote machine where Gentoo Linux needs to be installed, in the beginning via TTY, later on over SSH. Most of the time, you can copy&paste the whole codeblock, but understand the commands first and make adjustments (e.g. IP address, disk names) if required.

2.1. (Optional) Virtual (Testing) Environment¶

If you want to use a virtual machine for the upcoming setup either to test things out or just to be a bit more secure, you have to take some preliminary measures. The easiest way to get started is the use of the Virtual Machine Manager with QEMU:

2.2. Live-CD Setup¶

Boot into SystemRescue and set the correct keyboard layout:

loadkeys de-latin1-nodeadkeys

(Optional) Start Xfce (copy&paste one command after the other):

startx

# Open up a terminal in Xfce and set the keyboard layout:
setxkbmap de

Make sure you booted with UEFI:

[ -d /sys/firmware/efi ] && echo UEFI || echo BIOS

Disable "magic SysRq" for security sake:

sysctl -w kernel.sysrq=0

Using screen

You can detach from screen's session with Ctrl+A+D and reattach with screen -d -r install. Scrolling works with Ctrl+A+Esc followed by Up / Down / Page Up / Page Down . You can exit "scroll mode" with Esc .

Start a screen session to better cope with networks disconnects. Alternatively, you can use tmux.

screen -S install

If no automatic network setup has been done via DHCP, you have to use nmtui (recommended over nmcli). On Xfce, you have the option to use nm-applet in addition.

nmtui

Insert an iptables rule at the correct place for SystemRescue to accept SSH connection requests:

iptables -I INPUT 4 -p tcp --dport 22 -j ACCEPT -m conntrack --ctstate NEW

Set a root password:

passwd root

Print out fingerprints to be able to double check later on upon initial SSH connection to the SystemRescue system:

find /etc/ssh/ -type f -name "ssh_host*\.pub" -exec ssh-keygen -vlf {} \;

Execute following "rsync" and "ssh" commands on your local machine from within the checked out "gentoo-installation" repo (copy&paste one command after the other):

# Copy installation files to remote machine. Don't forget to set the correct IP.
rsync -e "ssh -o VisualHostKey=yes" -av --numeric-ids --chown=0:0 {bin/{portage_hook_kernel,disk.sh,fetch_files.sh,firewall.nft,firewall.sh},overlay} root@XXX:/tmp/

# From local machine, login into the remote machine
ssh root@...

# Resume "screen":
screen -d -r install

(Optional) Lock the screen on the remote machine by typing the following command on its keyboard (not over SSH) (copy&paste one command after the other):

# Execute "vlock" without any flags first.
vlock

# Try to relogin.

# If relogin doesn't work:
# 1. Switch TTY: <ctrl>+<alt>+<F2>
# 2. Set a correct password: passwd root
# 3. Switch to previous TTY: <ctrl>+<alt>+<F1>
# 4. Try to relogin again.

# If relogin succeeds execute vlock with flag "-a" to lock all TTY.
vlock -a

Check whether the system is in setup mode (copy&paste one command after the other):

❯ pacman -Sy sbctl
❯ sbctl status
Installed:      ✗ sbctl is not installed
Setup Mode:     ✗ Enabled <=============== This must state that it's enabled.
Secure Boot:    ✗ Disabled
Vendor Keys:    none

On bare-metal, set the date and time if the current system time is not correct:

! grep -q -w "hypervisor" <(grep "^flags[[:space:]]*:[[:space:]]*" /proc/cpuinfo) && \
# replace "MMDDhhmmYYYY" with UTC time
date --utc MMDDhhmmYYYY

On bare-metal, update the hardware clock:

! grep -q -w "hypervisor" <(grep "^flags[[:space:]]*:[[:space:]]*" /proc/cpuinfo) && \
hwclock --systohc --utc