Skip to content

6. Portage Setup

Application of configuration changes

Starting with this chapter, execute dispatch-conf after every codeblock where a "._cfg0000_" prefixed file has been created. The creation of "._cfg0000_" prefixed files will be highlighted in blue (see first line in the next codeblock below). Alternatively, etc-update or cfg-update might be to consider, but I haven't tested those.

Make "dispatch-conf" show diffs in color and use vimdiff for merging:

rsync -a /etc/dispatch-conf.conf /etc/._cfg0000_dispatch-conf.conf && \
sed -i \
-e "s/diff=\"diff -Nu '%s' '%s'\"/diff=\"diff --color=always -Nu '%s' '%s'\"/" \
-e "s/merge=\"sdiff --suppress-common-lines --output='%s' '%s' '%s'\"/merge=\"vimdiff -c'saveas %s' -c next -c'setlocal noma readonly' -c prev %s %s\"/" \
/etc/._cfg0000_dispatch-conf.conf && \
echo -e "\e[1;32mSUCCESS\e[0m"

6.1. Portage Configuration

Configure make.conf (copy&paste one command after the other):

rsync -av /etc/portage/make.conf /etc/portage/._cfg0000_make.conf

# If you use distcc, beware of:
# You could resolve "-march=native" with app-misc/resolve-march-native
sed -i 's/COMMON_FLAGS="-O2 -pipe"/COMMON_FLAGS="-march=native -O2 -pipe"/' /etc/portage/._cfg0000_make.conf

# For all other flags, take a look at "man emerge" or
echo 'EMERGE_DEFAULT_OPTS="--buildpkg --buildpkg-exclude '\''*/*-bin sys-kernel/* virtual/*'\'' --noconfmem --with-bdeps=y --complete-graph=y"' >> /etc/portage/._cfg0000_make.conf

echo '
LINGUAS="${L10N}"' >> /etc/portage/._cfg0000_make.conf

echo '
GENTOO_MIRRORS=""' >> /etc/portage/._cfg0000_make.conf

# Default values from /usr/share/portage/config/make.globals are:
# FETCHCOMMAND="wget -t 3 -T 60 --passive-ftp -O \"\${DISTDIR}/\${FILE}\" \"\${URI}\""
# RESUMECOMMAND="wget -c -t 3 -T 60 --passive-ftp -O \"\${DISTDIR}/\${FILE}\" \"\${URI}\""
# File in git:
# They are insufficient in my opinion.
# Thus, I am enforcing TLSv1.2 or greater, secure TLSv1.2 cipher suites and https-only.
# TLSv1.3 cipher suites are secure. Thus, I don't set "--tls13-ciphers".
echo 'FETCHCOMMAND="curl --fail --silent --show-error --location --proto '\''=https'\'' --tlsv1.2 --ciphers '\''ECDHE+AESGCM:ECDHE+CHACHA20'\'' --retry 2 --connect-timeout 60 -o \"\${DISTDIR}/\${FILE}\" \"\${URI}\""
RESUMECOMMAND="${FETCHCOMMAND} --continue-at -"' >> /etc/portage/._cfg0000_make.conf

# Some useflags I set for personal use.
# Feel free to adjust as with any other codeblock. 😄
echo '
USE_HARDENED="caps pie -sslv3 -suid"
USE="${USE_HARDENED}"' >> /etc/portage/._cfg0000_make.conf

I prefer English manpages and ignore above L10N setting for "sys-apps/man-pages". Makes using Stackoverflow easier 😉.

echo "sys-apps/man-pages -l10n_de" >> /etc/portage/package.use/main && \
echo -e "\e[1;32mSUCCESS\e[0m"

6.2. Repo Syncing

Do an initial sync:


(Optional) I personally prefer syncing the repo via "eix-sync" which is provided by app-portage/eix. But, there are some of other options:

emerge app-portage/eix && \
emaint --auto sync

Read Gentoo news items:

eselect news list
# eselect news read 1
# eselect news read 2
# etc.

6.3. CPU flags

Set CPU flags:

emerge --oneshot app-portage/cpuid2cpuflags && \
echo "*/* $(cpuid2cpuflags)" > /etc/portage/package.use/00cpu-flags && \
echo -e "\e[1;32mSUCCESS\e[0m"

6.4. (Optional) Custom Mirrors

If you don't live in Germany, you probably should change GENTOO_MIRRORS previously set in 6.1. Portage Configuration. You can pick the mirrors from the mirror list, use mirrorselect or do as I do and select local/regional, IPv4/IPv6 dual-stack and TLSv1.3 supporting mirrors (copy&paste one command after the other):

# Install app-misc/yq
ACCEPT_KEYWORDS="~amd64" emerge --oneshot app-misc/yq

# Get a list of country codes and names:
curl -fsSL --proto '=https' --tlsv1.3 | xq -r '.mirrors.mirrorgroup[] | "\(.["@country"]) \(.["@countryname"])"' | sort -k2.2

# Choose your countries the mirrors should be located in:

# Get a list of mirrors available over IPv4/IPv6 dual-stack in the countries of your choice with TLSv1.3 support
while read -r i; do
  if curl -fsL --proto '=https' --tlsv1.3 -I "${i}" >/dev/null; then
    echo "${i}"
done < <(
  curl -fsSL --proto '=https' --tlsv1.3 | \
  xq -r ".mirrors.mirrorgroup[] | select([.\"@country\"] | inside([${country}])) | .mirror | if type==\"array\" then .[] else . end | .uri | if type==\"array\" then .[] else . end | select(.\"@protocol\" == \"http\" and .\"@ipv4\" == \"y\" and .\"@ipv6\" == \"y\") | .\"#text\"" | \
  sed 's/http:/https:/'