6. Portage Setup

Application of configuration changes

Starting with this chapter, execute dispatch-conf after every codeblock where a "._cfg0000_" prefixed file has been created. The creation of "._cfg0000_" prefixed files will be highlighted in blue (see first line in the next codeblock below). Alternatively, etc-update or cfg-update might be s.th. to consider, but I haven't tested those.

Make "dispatch-conf" show diffs in color and use vimdiff for merging:

rsync -a /etc/dispatch-conf.conf /etc/._cfg0000_dispatch-conf.conf && \
sed -i \
-e "s/diff=\"diff -Nu '%s' '%s'\"/diff=\"diff --color=always -Nu '%s' '%s'\"/" \
-e "s/merge=\"sdiff --suppress-common-lines --output='%s' '%s' '%s'\"/merge=\"vimdiff -c'saveas %s' -c next -c'setlocal noma readonly' -c prev %s %s\"/" \
/etc/._cfg0000_dispatch-conf.conf && \
echo -e "\e[1;32mSUCCESS\e[0m"

6.1. Portage Configuration¶

Configure make.conf (copy&paste one command after the other):

rsync -av /etc/portage/make.conf /etc/portage/._cfg0000_make.conf

# If you use distcc, beware of:
# https://wiki.gentoo.org/wiki/Distcc#-march.3Dnative
#
# You could resolve "-march=native" with app-misc/resolve-march-native
sed -i 's/COMMON_FLAGS="-O2 -pipe"/COMMON_FLAGS="-march=native -O2 -pipe"/' /etc/portage/._cfg0000_make.conf

# https://wiki.gentoo.org/wiki/EMERGE_DEFAULT_OPTS
# https://wiki.gentoo.org/wiki/Binary_package_guide#Excluding_creation_of_some_packages
#
# For all other flags, take a look at "man emerge" or
# https://gitweb.gentoo.org/proj/portage.git/tree/man/emerge.1
echo 'EMERGE_DEFAULT_OPTS="--buildpkg --buildpkg-exclude '\''*/*-bin sys-kernel/* virtual/*'\'' --noconfmem --with-bdeps=y --complete-graph=y"' >> /etc/portage/._cfg0000_make.conf

# https://wiki.gentoo.org/wiki/Localization/Guide#L10N
# https://wiki.gentoo.org/wiki/Localization/Guide#LINGUAS
echo '
L10N="de"
LINGUAS="${L10N}"' >> /etc/portage/._cfg0000_make.conf

# https://wiki.gentoo.org/wiki/GENTOO_MIRRORS
# https://www.gentoo.org/downloads/mirrors/
echo '
GENTOO_MIRRORS="https://mirror.leaseweb.com/gentoo/ https://ftp.uni-stuttgart.de/gentoo-distfiles/ https://ftp-stud.hs-esslingen.de/pub/Mirrors/gentoo/ https://ftp.fau.de/gentoo/ https://ftp.tu-ilmenau.de/mirror/gentoo/"' >> /etc/portage/._cfg0000_make.conf

# https://wiki.gentoo.org/wiki/Handbook:AMD64/Full/Portage#Fetch_commands
#
# Default values from /usr/share/portage/config/make.globals are:
# FETCHCOMMAND="wget -t 3 -T 60 --passive-ftp -O \"\${DISTDIR}/\${FILE}\" \"\${URI}\""
# RESUMECOMMAND="wget -c -t 3 -T 60 --passive-ftp -O \"\${DISTDIR}/\${FILE}\" \"\${URI}\""
#
# File in git: https://gitweb.gentoo.org/proj/portage.git/tree/cnf/make.globals
#
# They are insufficient in my opinion.
# Thus, I am enforcing TLSv1.2 or greater, secure TLSv1.2 cipher suites and https-only.
# TLSv1.3 cipher suites are secure. Thus, I don't set "--tls13-ciphers".
echo 'FETCHCOMMAND="curl --fail --silent --show-error --location --proto '\''=https'\'' --tlsv1.2 --ciphers '\''ECDHE+AESGCM:ECDHE+CHACHA20'\'' --retry 2 --connect-timeout 60 -o \"\${DISTDIR}/\${FILE}\" \"\${URI}\""
RESUMECOMMAND="${FETCHCOMMAND} --continue-at -"' >> /etc/portage/._cfg0000_make.conf

# Some useflags I set for personal use.
# Feel free to adjust as with any other codeblock. 😄
echo '
USE_HARDENED="caps pie -sslv3 -suid"
USE="${USE_HARDENED}"' >> /etc/portage/._cfg0000_make.conf

I prefer English manpages and ignore above L10N setting for "sys-apps/man-pages". Makes using Stackoverflow easier .

echo "sys-apps/man-pages -l10n_de" >> /etc/portage/package.use/main && \
echo -e "\e[1;32mSUCCESS\e[0m"

6.2. Repo Syncing¶

Do an initial sync:

emerge-webrsync

(Optional) I personally prefer syncing the repo via "eix-sync" which is provided by app-portage/eix. But, there are some of other options:

eix-syncemaint (replaced "emerge --sync")

emerge app-portage/eix && \
eix-sync

emaint --auto sync

Read Gentoo news items:

eselect news list
# eselect news read 1
# eselect news read 2
# etc.

6.3. CPU flags¶

Set CPU flags:

emerge --oneshot app-portage/cpuid2cpuflags && \
echo "*/* $(cpuid2cpuflags)" > /etc/portage/package.use/00cpu-flags && \
echo -e "\e[1;32mSUCCESS\e[0m"

6.4. (Optional) Custom Mirrors¶

If you don't live in Germany, you probably should change GENTOO_MIRRORS previously set in 6.1. Portage Configuration. You can pick the mirrors from the mirror list, use mirrorselect or do as I do and select local/regional, IPv4/IPv6 dual-stack and TLSv1.3 supporting mirrors (copy&paste one command after the other):

# Install app-misc/yq
ACCEPT_KEYWORDS="~amd64" emerge --oneshot app-misc/yq

# Get a list of country codes and names:
curl -fsSL --proto '=https' --tlsv1.3 https://api.gentoo.org/mirrors/distfiles.xml | xq -r '.mirrors.mirrorgroup[] | "\(.["@country"]) \(.["@countryname"])"' | sort -k2.2

# Choose your countries the mirrors should be located in:
country='"AU","BE","BR","CA","CH","CL","CN","CZ","DE","DK","ES","FR","GR","HK","IL","IT","JP","KR","KZ","LU","NA","NC","NL","PH","PL","PT","RO","RU","SG","SK","TR","TW","UK","US","ZA"'

# Get a list of mirrors available over IPv4/IPv6 dual-stack in the countries of your choice with TLSv1.3 support
while read -r i; do
  if curl -fsL --proto '=https' --tlsv1.3 -I "${i}" >/dev/null; then
    echo "${i}"
  fi
done < <(
  curl -fsSL --proto '=https' --tlsv1.3 https://api.gentoo.org/mirrors/distfiles.xml | \
  xq -r ".mirrors.mirrorgroup[] | select([.\"@country\"] | inside([${country}])) | .mirror | if type==\"array\" then .[] else . end | .uri | if type==\"array\" then .[] else . end | select(.\"@protocol\" == \"http\" and .\"@ipv4\" == \"y\" and .\"@ipv6\" == \"y\") | .\"#text\"" | \
  sed 's/http:/https:/'
)