Installing G e n t o o (x86/x86_64 CPUs + Internet access)
v5.7.21
Document by sLiCeR\ (mail me) (file origin)
<<< Originally I have written this for myself, copy and modify freely! >>>
Precaution:
- I recommend booting from Kanotix (32Bit on x86 or 64Bit on amd64).
- When using an original gentoo-livecd you should pick up the "minimal" (x86 or amd64)
and be familiar with a text-based browser like "links2" or starting "sshd" after boot for
a remote installation, also be shure you are able to setup internet properly.
Section 1: booting, creating partitions and filesystems
1. boot the Kanotix (start a root-shell after boot) or the minimal-livecd
(be shure you have internet available before going further)
(optional) set a root-password and start the ssh-daemon if you wish to install over Network
2. do: cfdisk and make a primary linux partition then write and quit
3. apply filesystem to bootable partition: mkfs.xfs /dev/hda2
(here: first drive, second partition)
4. create mount-point if not existing: mkdir /mnt/gentoo
6. mount installation partition: mount /dev/hda2 /mnt/gentoo
Section 2: installing gentoo files
1. enter mountpoint: cd /mnt/gentoo
2. download latest installation-files using wget link in current directory from:
www.gentoo.org/main/en/mirrors.xml
located inside:
.../pub/gentoo/releases/[x86 or amd64]/2005.0/stages/[x86/] (get the newest stage1-file)
.../pub/gentoo/snapshots/ (get the newest portage-file, watch the time-stamp)
3. decompress the installation files:
a) first the stage1-file with the command: tar -xvjpf stage*
b) then the portage-file with the command: tar -xvjpf portage* -C /mnt/gentoo/usr/
4. copy the DNS info: cp -L /etc/resolv.conf /mnt/gentoo/etc/
5. enter new environment:
a) mount -o bind /proc /mnt/gentoo/proc
b) chroot /mnt/gentoo /bin/bash
c) env-update && source /etc/profile
Section 3: compiler options and bootstrapping/building the system
1. use this template: cp /etc/make.conf.example /etc/make.conf then edit as follows:
a) customize the global USE line: (use option: param or don't use option: -param)
example: USE=”X gtk2 alsa ssl nptl nptlonly -gnome -kde -qt -arts”
for a complete list do: less /usr/portage/profiles/use.desc
b) customize the CHOST line:
i386-pc-linux-gnu Intel 80386DX
i486-pc-linux-gnu Intel 80486DX
i586-pc-linux-gnu Intel PI, AMD K5/K6/K6-II/K6-III, VIA C3 , IDT Winchip
i686-pc-linux-gnu Intel PII/III/IV, AMD Duron/Sempron/Athlon-XP
x86_64-pc-linux-gnu Intel EM64T, AMD Athlon64/Opteron
c) customize the CFLAGS line:
- use the flag -O3 (maximum performance, large binaries) or -Os (nice performance, small binaries)
- add -pipe and -march= matching your architecture:
i386 Intel 80386DX+
i486 Intel 80486DX+
i586, pentium Intel Pentium I (without MMX) and AMD K5
pentium-mmx Intel Pentium I (with MMX)
i686, pentiumpro Intel Pentium Pro and all equal
pentium2 Intel Pentium II and Celeron 'Mendocino'
pentium3, pentium3m Intel Pentium III and Mobile and Celeron 'Coppermine'
pentium-m Intel Centrino
pentium4, pentium4m Intel Pentium IV and Celeron 'Willamette'
prescott Intel Pentium IV and Celeron 'Prescott'
nocona Intel Xeon 'Nocona' and Pentium4 with EM64T
k6 AMD K6
k6-2, k6-3 AMD K6-II and K6-III
athlon, athlon-tbird AMD Athlon and Athlon 'Thunderbird'
athlon-4, athlon-xp, athlon-mp AMD Athlon4 and Sempron/AthlonXP and Athlon MP
athlon64, athlon-fx, opteron AMD Athlon64 and AthlonFX and Opteron
winchip-c6 IDT Winchip 'C6'
winchip2 IDT Winchip II
c3 VIA C3
c3-2 VIA C3 II
d) uncomment the CXXFLAGS
e) set MAKEOPTS to -j2 (read comments above)
f) set PORTAGE_NICENESS to 19 (so it does not slowdown other processes)
g) set AUTOCLEAN to yes (remove old versions)
(optional) edit the FEATURES line so ccache is enabled and adjust CCACHE_SIZE to 1G or so
2. do portage tree update: emerge --sync (do not update portage yet, even if asked to do so!)
(optional) install ccache: emerge ccache && env-update (speeds up compilation a lot)
3. start bootstrapping (only when doing stage1-install):
- do: /usr/portage/scripts/bootstrap.sh
(optional) making specific package USE flags:
- you have to edit a special file and maintain it:
echo "category/package flag1 [flag2 flag3]" >> /etc/portage/package.use
or for a specific version only:
echo "=category/package-version flag1 [flag2 flag3]" >> /etc/portage/package.use
(optional) create a swap-file:
a) create a binary file: dd if=/dev/zero of=/swap bs=1M count=512 (in MB)
b) initialize swap: mkswap /swap && sync
c) edit the file systems table: /etc/fstab and edit it this way:
# <fs> <mountpoint> <type> <opts> <dump/pass>
...
/swap none swap sw 0 0
...
4. now do: source /etc/profile
(optional) unmask soft-masked packages globaly (testing packages)
- edit the /etc/make.conf and then set ACCEPT_KEYWORDS to ~x86
- another way is just to use a prefix like ACCEPT_KEYWORDS=~x86 emerge package
(optional) unmask hard-masked packages (can break something)
a) you have to edit a special file and maintain it:
echo category/package >> /etc/portage/package.unmask
or for a specific version only:
echo =category/package-version >> /etc/portage/package.unmask
5. finally do: emerge -e system && etc-update && source /etc/profile
Section 4: building the kernel
1. get the kernel sources: emerge gentoo-sources (currenty a gentoo-patched 2.6.x kernel)
2. compile the kernel:
a) go to /usr/src/linux and do: make menuconfig for kernel-setup
- enable at least:
Code maturity level options --->
[*] Prompt for development and/or incomplete code/drivers
File systems --->
<*> XFS support
Pseudo Filesystems --->
<*> /proc file system support
<*> Virtual memory file system support (former shm fs)
(optional) using a framebuffer console:
Device Drivers --->
Graphics Support --->
[*] Support for frame buffer devices
[*] VESA VGA graphics support # works with nearly all VGA-cards
Console display driver support --->
--- VGA text console
[*] Video mode selection support
<*> Framebuffer Console support
b) compile the kernel: make && make modules_install
c) copy the new kernel files into the boot directory:
- move the kernel: mv arch/[i386|x86_64]/boot/bzImage /boot/kernel
- backup the configuration file: cp .config /boot/config
Section 5: configuring the system
1. setting the timezone, clock and console-keymap :
- do: ls /usr/share/zoneinfo/ and look after your timezone (like CET for "central europe")
- do: ln -sf /usr/share/zoneinfo/myzone /etc/localtime
a) now edit the file: /etc/conf.d/clock
- set CLOCK to local
- set CLOCK_SYSTOHC to yes
b) edit the file: /etc/conf.d/keymaps
- set KEYMAP to your country-code (e.g. de for german)
- set EXTENDED_KEYMAP if you want use some special keys (e.g. euro for €)
2. setting filesystem information:
- edit the /etc/fstab as in this xample:
#<fs> <mountpoint> <type> <opts> <d/p>
/dev/hda2 / xfs noatime,notail 0 1
/dev/hda1 /mnt/windows ntfs noatime,ro 0 0
/dev/cdroms/cdrom0 /mnt/cdrom auto noauto,user,ro 0 0
/dev/cdroms/cdrom1 /mnt/cdrw auto noauto,user,ro 0 0
3. set hostname of your machine, edit: /etc/conf.d/hostname
4. configuring network:
a) edit to your needs: cp /etc/conf.d/net.example /etc/conf.d/net
(i recommend using the ifconfig-style)
b) start first interface at boottime: rc-update add net.eth0 default
c) do: emerge dhcpcd
Section 6: installing the bootloader
1. do: emerge grub then then: grub
a) when the GRUB command line starts up type in:
grub> root (hd0,1) #Use information from the boot partition on hda2
grub> setup (hd0) #Install GRUB in the MBR of hda
(optional) or grub> setup (hd0,1) #Install GRUB on the boot-block of the partition hda2
grub> quit #Exit the GRUB shell
b) go to the GRUB directory: cd /boot/grub/ and use template:
cp grub.conf.sample grub.conf then edit menu.lst so it looks like this:
# Boot automatically after 30 secs.
timeout 10
# By default, boot the first entry.
default 0
# Booting GNU/Linux, here from hda2
title Gentoo Linux
root (hd0,1)
kernel /boot/kernel root=/dev/hda2
# The next lines are only needed if you do dualboot with Windows, here hda1
title MS Windows
rootnoverify (hd0,0) #here hda1
makeactive
chainloader +1
(optional) if using framebuffer-console you can set further:
kernel /boot/kernel root=/dev/hda2 video=vesa vga=0x318
==> the vga option can be chosen out of these values:
| 640x480 800x600 1024x768 1280x1024
----+--------------------------------------
8 | 0x301 0x303 0x305 0x307
16 | 0x310 0x313 0x316 0x319
24 | 0x311 0x314 0x317 0x31A
32 | 0x312 0x315 0x318 0x31B
(optional) if you want be able to make screenshots from framebuffer-console
- do emerge fbgrab then you can use it like: fbgrab screenshot1.png
Section 7: finishing configuration
1. install filesystem tools: emerge xfsprogs
2. managing users:
a) set a root password: passwd
b) add a normal user, here an example:
useradd myuser -m -G users,wheel,audio,video,games -s /bin/bash
Group | Ability Description
-------+--------------------------------------
audio | access the audio devices
cdrom | directly access cdrom devices
floppy | directly access floppy devices
games | play games
usb | access USB devices
video | access video capturing hardware and doing hardware acceleration
wheel | use su
c) set password for the new user: passwd myuser
3. make a nice bash: emerge bash-completion
a) edit /home/myuser/.bashrc uncomment last line
b) activate it for root too: cp /home/myuser/.bash* ~/
(optional) synchronization with time-servers:
- do: emerge rdate then you can set time using: rdate -s mytimeserver
4. install a logging service: emerge syslog-ng (needed by some important components)
Section 8: managing portage
(optional) update system: emerge --sync && emerge -Dutv world
(remove t to make it real, it is useful to check which USE-flags are supported
using v, D checks for deep dependancies, t shows a dependancy-tree and pretends)
You can apply USE-flags which are not in the make.conf or packages-use with
the prefix USE='flag1 [flag2 flag3]' before the emerge command
(optional) do: emerge gentoolkit then you can:
a) purge not needed packages: emerge -D depclean
b) after that you should check reverse dependencies: revdep-rebuild
(optional) perform updates for all profiles: fixpackages
Section 9: installing X-Windows for a Desktop
1. build X11: emerge xorg-x11 && etc-update
a) configure X11, run: xorgconfig
b) edit the created /etc/X11/xorg.conf
- uncomment the following lines:
Load “glx”
Load “dri”
- inside the section ServerFlags you can set the screensaver:
Option ”Blank Time” “3” # set screensaver to 3 minutes
- inside the section InputDevice set the line if you have got a wheel-mouse:
Option “ZAxisMapping” “4 5” # use mouse wheel
Option "Buttons" "5" # number of buttons
- using accelerated graphics drivers go to section Device (here: nvidia)
Driver “nvidia”
Option “NvAGP” “1”
Option “RenderAccel” “1”
(optional) usage of TV-Out:
- to not use TV-out just do:
Option “IgnoreDisplayDevices” “TV” # fixes reported problems
- activate TV-Out:
Option “TwinView” “true”
Option “TwinViewOrientation” “clone”
Option “SecondMonitorHorizSync” “30-50”
Option “SecondMonitorVertRefresh” “60”
Option “TVStandard” “PAL-G” # you may need other format here
Option “MetaModes” “1024x768, 1024x768;” # use fullscreen
Option “TVOutFormat” “COMPOSITE” # only if you get BW picture
(optional) enable support for shadows and transparency effects:
- add these lines:
Section “Extensions”
Option “Composite” “Enable”
EndSection
c) now exit the chroot-environment and reboot your box, on startup logon as root
e) start X: startx
- do: xvinfo it should show some overlay information (DRI)
- do: glxgears it should show you a OpenGL demo (GLX)
(optional) accelerated graphics drivers: (here: for nvidia chips)
a) do: emerge nvidia-settings (should build also nvidia-kernel/glx)
- edit /etc/modules.d/nvidia and uncomment the last options line and do: modules-update
b) switch to hardware-accelerated OpenGL: opengl-update nvidia
c) start: nvidia-settings to adjust vsync, FSAA, Aniso-filtering, TVout-overscan and more
2. build a window manager: emerge xfce4 which you can start with: startxfce4
(here: XFCE a modern and lightweight desktop environment)
(optional) set nicer gentoo-cursors for X:
a) edit /usr/share/cursors/xorg-x11/default/index.theme
- replace core with one of the following:
gentoo # default gentoo cursor
gentoo-blue # same as gentoo but blue
gentoo-silver # same as gentoo but silver
whiteglass # bigger then gentoo, transparent white
redglass # like the above but red
handhelds # small cursor for low resolutions
Section 10: setting up sound (ALSA)
1. enable ALSA interface in kernel:
Device Drivers --->
Sound --->
<*> Sound card support
Advanced Linux Sound Architecture --->
<*> Advanced Linux Sound Architecture
<*> Sequencer support
<*> OSS Mixer API
<*> OSS PCM (digital audio) API
[*] OSS Sequencer API
PCI devices ---> #select your chip here as <M>
2. do: emerge alsa-utils alsa-oss
3. use the utility alsaconf to detect settings for you
(optional) if unshure which soundcard you have do: emerge pciutils then: lspci | grep audio
(optional) check /etc/modules.d/alsa if needed, for example:
alias snd-card-0 snd-emu10k1 # SB Live cards
(for a full list of supported interfaces refer to: ALSA Compatibility List)
4. do: modules-update && rc-update add alsasound boot
5. start ALSA now: /etc/init.d/alsasound start
6. start: alsamixer and unmute some channels (by pressing M) and set initial volume
Additional HOWTOs:
HOWTO #1: setting up internet (here: DSL with PPPoE)
Important: do not assign any IP or start up the interface DSL is connected to automatically
1. install PPPoE client first: emerge rp-pppoe
2. do: adsl-setup and answer the questions, then do: adsl-start, to disconnect do: adsl-stop
HOWTO #2: setting up printing with CUPS
1. edit /etc/make.conf and add this USE variable: cups ppds foomaticdb
2. do: emerge cups
3. do: echo "net-print/foomatic-db ppds" >> /etc/portage/package.use
4. do: emerge foomatic
5. be shure to have this compiled into kernel: (here: parallel port)
Device Drivers --->
Parallel port support --->
<*> Parallel port support
<*> PC-style hardware
[*] Use FIFO/DMA if available
[*] IEEE 1284 transfer modes # EPP & ECP support
Character devices --->
<*> Parallel printer support
<*> Support for user-space parallel port device drivers
6. enable the printing daemon: rc-update add cupsd default and start it: /etc/init.d/cupsd start
7. configure CUPS with the user friendly web-frontend (when asked, login with root account)
and then do first Manage Printers then Add Printer
a) first step:
- Name: <set it like> Brother_HL-1030 (here: Brother B/W-Laser, no spaces!)
- Location: <leave empty>
NOTE: if your printer model is not listed later, go back to this point and do:
(optional) Download a PPD-File (PS Priter Description) for your printer at: linuxprinting.org
and place it inside the /usr/share/cups/model/ directory, then enter its location:
/usr/share/cups/model/brother_hl1030.ppd (the .ppd file must not have any spaces)
- Description: <whatever you want>
b) second step:
- Device: <choose interface like> Parallel Port #1
- Make: <choose your Manufacturer>
- Model: <choose your Model>
c) finally you probably want to "print a test-page"
HOWTO #3: setting up a parallel-port scanner with XSANE
1. fist check out (HOWTO #1 point 5) how to activate parallel-port in general
2. there should be a device named /dev/parport0
3. do emerge xsane
4. configure the sane-beckend, edit: /etc/sane.d/dll.conf
- enable plustek_pp and disable all others (here: "Plustek OpticPro P12")
5. configure your printer, edit: /etc/sane.d/plustek_pp.conf and set only these settings:
[direct]
device parport0
6. now the command scanimage -L should give us something like this:
device `plustek_pp:parport0' is a Plustek P12 parallel port flatbed scanner
7. the command xsane will start the scanning-frontend, probably you have to do it as root
HOWTO #4: setting up a SSH server
1. do: emerge openssh
- for custom configurations check out the *.config files stored inside /etc/ssh/
2. finally do: rc-update add sshd default, and /etc/init.d/sshd start to start
(all users should be able to connect with PAM authentication by default)
HOWTO #5: setting up a LAN router
(here: DSL is connected through eth1, the eth0 interface goes to LAN)
1. setting up NAT (iptables must be activated in kernel)
a) install firewall: emerge iptables and then execute this command:
iptables -A POSTROUTING -t nat -o ppp0 –j MASQUERADE
then do: /etc/init.d/iptables save and rc-update add iptables default
b) now enable IP-forwarding but only if cat /proc/sys/net/ipv4/ip_forward says 0
edit /etc/sysctl.conf so its uncommented and set to 1: net.ipv4.ip_forward = 1
3. install your own DNS and DHCP Server emerge dnsmasq
a) edit /etc/dnsmasq.conf so it has this enabled:
except-interface=ppp0
dhcp-range=192.168.0.10,192.168.0.100,255.255.255.0,infinite
expand-hosts
domain=my_domain
dhcp-authoritative
b) do: rc-update add dnsmasq default
c) edit /etc/hosts so one additional line reads:
192.168.0.1 hostname
(optional) when you are a member on DynDNS you can update your current ip:
a) do: emerge ddclient
b) edit /etc/ddclient/ddclient.conf so it look like this:
## general
daemon=60 # check interval in secods
pid=/var/run/ddclient/ddclient.pid # record PID in file
use=if, if=ppp0 # via interfaces
protocol=dyndns2 # default protocol
server=members.dyndns.org # default server
login=my_login # default login
password=my_pw # default password
## acount
server=members.dyndns.org, \
protocol=dyndns2 \
my_account.homeip.net # your dynamic address
HOWTO #6: setting up remote-desktop via VNC
1. do: emerge tightvnc and close all X-sessions
2. do: vncpasswd and set the access password
3. select the default Window Manager so edit ~/.vnc/xstartup like this:
startxfce4 &
3. you can start the vnc-server by typing:
vncserver –geometry 1024x768 –depth 24 :0
4. you can start the vnc-viewer by typing:
vncviewer –fullscreen –x11cursor 192.168.0.1:0
HOWTO #7: setting up PCMCIA WLAN-interface
(here: Prism 2 Chipset as eth1)
1. compile kernel with these options:
Bus options (PCI, PCMCIA, EISA, MCA, ISA) --->
[*] ISA support
PPCCARD (PCMCIA/CardBus) support --->
<*> PCCard (PCMCIA/CardBus) support
<*> 16-bit PCMCIA support
[*] 32-bit CardBus support
<*> CardBus yenta-compatible bridge support
Device Drivers --->
Networking support --->
Wireless LAN (non-hamradio) --->
[*] Wireless LAN drivers (non-hamradio) & Wireless Extensions
<M> Hermes chipset 802.11b support (Orinoco/Prism2/Symbol)
<M> Hermes PCMCIA card supporth
2. do: emerge pcmcia-cs and emerge wireless-tools
a) edit /etc/conf.d/net and setup the new interface
b) edit /etc/conf.d/wireless and setup wireless options
c) do: ln -s /etc/init.d/net.eth0 /etc/init.d/net.eth1
d) do: rc-update add pcmcia boot
==> check out the command iwconfig eth1
HOWTO #8: setting up a caching HTTP/FTP-proxy
1. do: emerge squid and edit the /etc/squid/squid.conf
a) make parts of your config file look like this:
http_port 192.168.0.1:8080 # this is the proxy's address & port
...
icp_port 0 # disable use of neighbor caches
...
cache_mem 32 MB # cache in memory
cache_dir ufs /var/cache/squid 512 16 256 # 512MB cache on HDD
...
#http_access deny CONNECT !SSL_ports # also allow non-SSL connections
...
acl our_networks src 192.168.0.0/24 # allow this IP range
http_access allow our_networks
b) let Squid create its directories: squid -z
2. finally do: rc-update add squid default
HOWTO #9: setting up a SOCKS-proxy
1. do: emerge nylon and edit the /etc/nylon.conf so it looks like this:
[General]
No-Simultaneous-Conn=16 # allow 16 connections at one time
Log=0 # do not log to file
Verbose=0 # if logging then just essentials
[Server]
Port=1080 # use this port for clients
Allow-IP=192.168.0.0/24 127.0.0.1/32 # allow this IP ranges
Deny-IP=10.0.0.0/24 # disallow this IP range
2. finally do: rc-update add nylond default
HOWTO #10: setting up a local RSYNC-server
1. edit this file /etc/rsyncd.conf and add this lines:
# Limit access
hosts allow = 192.168.0.0/255.255.255.0 # your LAN goes here
hosts deny = *
max connections = 3
timeout = 60
# the lines below stay default, just uncomment them
[gentoo-portage]
path = /usr/portage
comment = Gentoo Linux Portage Tree
exclude = /distfiles /packages
2. now edit /etc/conf.d/rsyncd and add to the RSYNC_OPTS this option: "--safe-links"
3. finally do: rc-update add rsyncd default
4. set up all clients to use your RSync, edit their /etc/make.conf so the SYNC line says:
rsync://myadress/gentoo-portage
HOWTO #11: setting up a Samba-server for file sharing
1. do: emerge samba then edit /etc/samba/smb.conf this way:
[global]
workgroup = WORKGROUP
netbios name = mymachine
server string = Samba %v # shows version
hosts allow = 192.168.0. # only local access
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # buffers
preserve case = yes # case sensitive filenames
[homes]
comment = Home Directories
writable = yes
# optional
[tmp]
comment = Temporary Space
path = /tmp
read only = no
public = yes
# optional (here: non-redundant distfiles-directory on server for our LAN)
[distfiles]
comment = Portage Distfiles
path = /usr/portage/distfiles
valid users = root
public = no
writable = yes
printable = no
force group = portage
2. do: rc-update add samba default to enable samba on the server
3. add users to the samba user-list: smbpasswd -a myuser
(optional) if you want to share your distfiles directory do this also for root
4. to mount samba share of distfiles on clients you can make an smbmnt script:
mount //192.168.0.1/distfiles -t smbfs -o username=root,gid=portage,passwd=mysmbpw /usr/portage/distfiles/
- do: chmod +x smbmnt and purge all files inside /usr/portage/distfiles/
- to mount distfiles just execute: ./smbmnt
alternatively use the /etc/fstab like follows:
#<fs> <mountpoint> <type> <opts> <dump/pass>
//192.168.0.1/distfiles /usr/portage/distfiles/ smbfs noauto,username=root,gid=portage,passwd=mysmbpw 0 0
- now to mount distfiles just do: mount /usr/portage/distfiles
HOWTO #12: setting up a webserver with SSL/PHP support
1. install the needed packages:
- edit /etc/portage/package.use so it has these USE-flags:
dev-php/mod_php apache2 gd -derkdb -gdbm
- edit /etc/portage/package.unmask so PHP5 can be used:
dev-php/mod_php
- then do: emerge apache mod_php
2. edit /etc/conf.d/apache2
- add -D PHP5 to APACHE2_OPTS (-D SSL should be already there)
3. go to /etc/apache2/
- edit the httpd.conf and adjust server configuration here
4. fine tune your modules go to: /etc/apache2/conf/modules.d/
- edit the 40_mod_ssl.conf (standard SSL settings)
and 41_mod_ssl.default-vhost.conf (set SSL doc-root and .crt/.key locations)
and 70_mod_php5.conf (set PHP settings)
5. generate your SSL certificate (look inside HOWTO #14)
- place your server.crt and server.key inside /etc/apache2/ssl/
6. start your server with /etc/init.d/apache2 start you may enable it at boot: rc-update add apache2 default
HOWTO #13: setting up a (secure) FTP(S) server
(here: using PAM authentication for existing system users)
1. do: emerge vsftpd
2. copy the /etc/vsftpd/vsftpd.conf.sample or to a file without .sample
and check or add the following:
# add
pasv_promiscuous=YES
port_promiscuous=YES
listen_port=666
max_clients=8
max_per_ip=2
# edit
anonymous_enable=NO
local_enable=YES
write_enable=YES
connect_from_port_20=NO
chroot_local_user=YES
xferlog_enable=NO
ftpd_banner="Welcome to yournick's FTP server!"
- use man vsftpd to find out other usefull settings
(optional) enable SSL/TLS-support for secure control-communication:
- generate your SSL certificate like inside HOWTO #14, but instead of
seperate files for mysite.crt certificate and mysite.key private-key
just use vsftpd.pem for both. (crt & key together inside one file)
- place your vsftpd.pem inside /etc/vsftpd/
- edit your vsftpd.conf and add:
ssl_enable=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
force_local_logins_ssl=YES
force_local_data_ssl=NO
3. making the FTP server to startup on boot: rc-updte add vsftpd default
HOWTO #14: generating (self signed) SSL certificates
(OpenSSL should be already installed, else do: emerge openssl)
- Create a self signed certificate & private-key:
(note: some clients discard self-signed certificates by default)
openssl req -new -x509 -nodes -days 365 -out mysite.crt -keyout mysite.key
(optional) Create an own CA for signing keys:
a) generate a server certificate and signing request:
openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr
b) generate your own certificate authority
openssl genrsa -out ca.key 4096
openssl req -new -x509 -key ca.key -out ca.crt
c) sign the server request with the self-created certificate authority:
openssl x509 -req -in server.csr -signkey server.key -out server.crt
HOWTO #15: setting up a SVN-server
1. do emerge subversion first
2. now a repository needs to be created: svnadmin create /var/svn
3. configure the svnserve daemon, edit: /etc/conf.d/svnserve
4. start the daemon: /etc/init.d/svnserve start
(optional) make it persistent: rc-update add svnserve default
Appendix: useful (unbloated) apps
APP EBUILD HINTS
Terminal Emulator x11-terms/xterm (xterm -fn 9x15 -bg black -fg grey -bc)
Virtual Terminal app-misc/screen
Text Editor app-editors/leafpad
Diagram Editorq app-office/dia
Desktop Publishing app-office/scribus
Office Suite app-office/openoffice
CD Mastering app-cdr/k3b
PDF Reader app-text/acroread
Image Editor media-gfx/gimp
Image Viewer media-gfx/imagemagick
Vector Editor media-gfx/inkscape
Movie Player media-video/mplayer
Audio Player media-sound/xmms
Mail Client mail-client/mozilla-thunderbird
Programming IDE dev-util/eclipse-sdk
Web Browser net-www/mozilla-firefox
Visual HTML Editor net-www/nvu
IRC Client net-irc/xchat
Instant Messangers net-im/[sim|gnugadu]
FTP Client net-ftp/gftp
P2P Client net-p2p/amule
SCP Client net-misc/secpanel