Installing G e n t o o (x86/x86_64 CPUs + Internet access)

v5.7.21


Document by sLiCeR\ (mail me) (file origin)

<<< Originally I have written this for myself, copy and modify freely! >>>



Precaution:

- I recommend booting from Kanotix (32Bit on x86 or 64Bit on amd64).

- When using an original gentoo-livecd you should pick up the "minimal" (x86 or amd64)
and be familiar with a text-based browser like "links2" or starting "sshd" after boot for
a remote installation, also be shure you are able to setup internet properly.



Section 1: booting, creating partitions and filesystems

1. boot the Kanotix (start a root-shell after boot) or the minimal-livecd
(be shure you have internet available before going further)

(optional) set a root-password and start the ssh-daemon if you wish to install over Network

2.
do: cfdisk and make a primary linux partition then write and quit

3.
apply filesystem to bootable partition: mkfs.xfs /dev/hda2
(here: first drive, second partition)

4.
crea
te mount-point if not existing: mkdir /mnt/gentoo

6.
mount
installation partition: mount /dev/hda2 /mnt/gentoo



Section 2: installing gentoo files

1.
enter mountpoint: cd /mnt/gentoo

2.
download latest installation-files
using wget link in current directory from:
www.gentoo.org/main/en/mirrors.xml

located inside:
  .../pub/gentoo/releases/[x86 or amd64]/2005.0/stages/[x86/] (get the newest stage1-file)
  .../pub/gentoo/snapshots/ (get the newest portage-file, watch the time-stamp)

3.
decompress the installation files:

a) first the stage1-file with the command: tar -xvjpf stage*

b)
then the portage-file with the command: tar -xvjpf portage* -C /mnt/gentoo/usr/

4.
copy the DNS info: cp -L /etc/resolv.conf /mnt/gentoo/etc/

5.
enter new environment:

a) mount -o bind /proc /mnt/gentoo/proc

b) chroot /mnt/gentoo /bin/bash

c) env-update && source /etc/profile



Section 3:
compiler options and bootstrapping/building the system


1.
use this template: cp /etc/make.conf.example /etc/make.conf then edit as follows:

a) customize the global USE line: (use option: param or don't use option: -param)

example: USE=”X gtk2 alsa ssl nptl nptlonly -gnome -kde -qt -arts”

for a complete list do:
less /usr/portage/profiles/use.desc

b) customize the CHOST line:

i386-pc-linux-gnu Intel 80386DX
i486-pc-linux-gnu Intel 80486DX
i586-pc-linux-gnu Intel PI, AMD K5/K6/K6-II/K6-III, VIA C3 , IDT Winchip
i686-pc-linux-gnu Intel PII/III/IV, AMD Duron/Sempron/Athlon-XP
x86_64-pc-linux-gnu Intel EM64T, AMD Athlon64/Opteron

c) customize the CFLAGS line:

- use the flag -O3 (maximum performance, large binaries) or -Os (nice performance, small binaries)

- add -pipe and -march= matching your architecture:

i386 Intel 80386DX+
i486 Intel 80486DX+
i586, pentium Intel Pentium I (without MMX) and AMD K5
pentium-mmx Intel Pentium I (with MMX)
i686,
pentiumpro Intel Pentium Pro and all equal
pentium2 Intel Pentium II and Celeron 'Mendocino'
pentium3, pentium3m Intel Pentium III and Mobile and Celeron 'Coppermine'
pentium-m Intel Centrino
pentium4, pentium4m Intel Pentium IV and Celeron 'Willamette'
prescott Intel Pentium IV and Celeron 'Prescott'
nocona Intel Xeon 'Nocona' and Pentium4 with EM64T
k6 AMD K6
k6-2, k6-3 AMD K6-II and K6-III
athlon, athlon-tbird AMD Athlon and Athlon 'Thunderbird'
athlon-4, athlon-xp, athlon-mp AMD Athlon4 and Sempron/AthlonXP and Athlon MP
athlon64, athlon-fx, opteron AMD Athlon64 and AthlonFX and Opteron
winchip-c6 IDT Winchip 'C6'
winchip2 IDT Winchip II
c3 VIA C3
c3-2 VIA C3 II

d) uncomment the CXXFLAGS

e)
set MAKEOPTS to -j2 (read comments above)

f) set PORTAGE_NICENESS to 19 (so it does not slowdown other processes)

g) set AUTOCLEAN to yes (remove old versions)

(optional) edit the FEATURES line so ccache is enabled and adjust CCACHE_SIZE to 1G or so

2.
do portage tree update: emerge --sync (do not update portage yet, even if asked to do so!)

(optional) install ccache: emerge ccache && env-update (speeds up compilation a lot)

3. start bootstrapping (only when doing stage1-install):

- do: /usr/portage/scripts/bootstrap.sh

(optional) making specific package USE flags:

- you have to edit a special file and maintain it:

echo "category/package flag1 [flag2 flag3]" >> /etc/portage/package.use

or for a specific version only:

echo "=category/package-version flag1 [flag2 flag3]" >> /etc/portage/package.use

(optional)
create a swap-file:

a) create a binary file: dd if=/dev/zero of=/swap bs=1M count=512 (in MB)

b) initialize swap: mkswap /swap && sync

c) edit the file systems table: /etc/fstab and edit it this way:

# <fs> <mountpoint> <type> <opts> <dump/pass>
...
/swap none swap sw 0 0
...

4.
now do: source /etc/profile

(optional) unmask soft-masked packages globaly (testing packages)

- edit the /etc/make.conf and then set ACCEPT_KEYWORDS to ~x86

- another way is just to use a prefix like ACCEPT_KEYWORDS=~x86 emerge package

(optional)
unmask hard-masked packages (can break something)

a) you have to edit a special file and maintain it:

echo category/package >> /etc/portage/package.unmask

or for a specific version only:

echo =category/package-version >> /etc/portage/package.unmask


5.
finally do: emerge -e system && etc-update && source /etc/profile



Section 4: building the kernel

1.
get the kernel sources: emerge gentoo-sources (currenty a gentoo-patched 2.6.x kernel)

2.
compile the kernel:

a) go to /usr/src/linux and do: make menuconfig for kernel-setup

- enable at least:

Code maturity level options --->
[*] Prompt for development and/or incomplete code/drivers

File systems --->
  <*> XFS support
Pseudo Filesystems --->
<*> /proc file system support
<*> Virtual memory file system support (former shm fs)

(optional)
using a framebuffer console:

Device Drivers --->
Graphics Support --->
[*] Support for frame buffer devices
[*] VESA VGA graphics support # works with nearly all VGA-cards
Console display driver support --->
--- VGA text console
[*] Video mode selection support
<*> Framebuffer Console support

b) compile the kernel: make && make modules_install

c)
copy the new kernel files into the boot directory:

- move the kernel: mv arch/[i386|x86_64]/boot/bzImage /boot/kernel

-
backup the configuration file: cp .config /boot/config



Section 5:
configuring the system


1.
setting the timezone, clock and console-keymap :

- do: ls /usr/share/zoneinfo/ and look after your timezone (like CET for "central europe")

- do: ln -sf /usr/share/zoneinfo/myzone /etc/localtime

a)
now edit the file: /etc/conf.d/clock

- set CLOCK to local

- set CLOCK_SYSTOHC to yes

b)
edit the file: /etc/conf.d/keymaps

-
set KEYMAP to your country-code (e.g. de for german)

-
set EXTENDED_KEYMAP if you want use some special keys (e.g. euro for €)

2. setting filesystem information:

- edit the /etc/fstab as in this xample:

#<fs> <mountpoint> <type> <opts> <d/p>

/dev/hda2 / xfs noatime,notail 0 1
/dev/hda1 /mnt/windows ntfs noatime,ro 0 0
/dev/cdroms/cdrom0 /mnt/cdrom auto noauto,user,ro 0 0
/dev/cdroms/cdrom1 /mnt/cdrw auto noauto,user,ro 0 0

3.
set hostname of your machine, edit: /etc/conf.d/hostname

4. configuring network:

a) edit to your needs: cp /etc/conf.d/net.example /etc/conf.d/net

(i recommend using the ifconfig-style)

b) start first interface at boottime: rc-update add net.eth0 default

c) do: emerge dhcpcd



Section 6:
installing the bootloader

1.
do: emerge grub then then: grub

a)
when the GRUB command line starts up type in:

grub> root (hd0,1) #Use information from the boot partition on hda2
grub> setup (hd0) #Install GRUB in the MBR of hda

(optional) or grub> setup (hd0,1) #Install GRUB on the boot-block of the partition hda2

grub> quit #Exit the GRUB shell

b) go to the GRUB directory: cd /boot/grub/ and use template:

cp grub.conf.sample grub.conf then edit menu.lst so it looks like this:

# Boot automatically after 30 secs.
timeout 10

# By default, boot the first entry.
default 0

# Booting GNU/Linux, here from hda2
title Gentoo Linux
root (hd0,1)
kernel /boot/kernel root=/dev/hda2

# The next lines are only needed if you do dualboot with Windows, here hda1
title MS Windows
rootnoverify (hd0,0) #here hda1
makeactive
chainloader +1

(optional)
if using framebuffer-console you can set further:

kernel /boot/kernel root=/dev/hda2 video=vesa vga=0x318

==>
the vga option can be chosen out of these values:

| 640x480 800x600 1024x768 1280x1024
----+--------------------------------------
8 | 0x301 0x303 0x305 0x307
16 | 0x310 0x313 0x316 0x319
24 | 0x311 0x314 0x317 0x31A
32 | 0x312 0x315 0x318 0x31B

(optional) if you want be able to make screenshots from framebuffer-console

- do emerge fbgrab then you can use it like: fbgrab screenshot1.png



Section 7: finishing configuration

1.
install filesystem tools: emerge xfsprogs

2.
managing users:

a) set a root password: passwd

b)
add a normal user, here an example:

useradd myuser -m -G users,wheel,audio,video,games -s /bin/bash

Group | Ability Description
-------+--------------------------------------
audio
| access the audio devices
cdrom
| directly access cdrom devices
floppy
| directly access floppy devices
games
| play games
usb
| access USB devices
video
| access video capturing hardware and doing hardware acceleration
wheel
| use su

c)
set password for the new user: passwd myuser

3.
make a nice bash: emerge bash-completion

a) edit /home/myuser/.bashrc uncomment last line

b) activate it for root too: cp /home/myuser/.bash* ~/

(optional) synchronization with time-servers:

- do: emerge rdate then you can set time using: rdate -s mytimeserver

4. install a logging service: emerge syslog-ng (needed by some important components)


Section 8:
managing portage


(optional)
update system: emerge --sync && emerge -Dutv world

(remove t to make it real, it is useful to check which USE-flags are supported
 using v, D checks for deep dependancies, t shows a dependancy-tree and pretends)

You can apply USE-flags which are not in the make.conf or packages-use with
the prefix USE='flag1 [flag2 flag3]' before the emerge command

(optional) do: emerge gentoolkit then you can:

a) purge not needed packages: emerge -D depclean

b) after that you should check reverse dependencies: revdep-rebuild

(optional) perform updates for all profiles: fixpackages



Section 9: installing X-Windows for a Desktop

1.
build X11: emerge xorg-x11 && etc-update

a) configure X11, run: xorgconfig

b)
edit the created /etc/X11/xorg.conf

-
uncomment the following lines:

Load “glx”
Load “dri”

- inside the section ServerFlags you can set the screensaver:

Option ”Blank Time” “3 # set screensaver to 3 minutes

- inside the section InputDevice set the line if you have got a wheel-mouse:

Option “ZAxisMapping” “4 5” # use mouse wheel
Option "Buttons" "5" # number of buttons

- using accelerated graphics drivers go to section Device (here: nvidia)

Driver “nvidia”

Option “NvAGP” “1”
Option “RenderAccel” “1”

(optional)
usage of TV-Out:

- to not use TV-out just do:

Option “IgnoreDisplayDevices” “TV” # fixes reported problems

- activate TV-Out:

Option “TwinView” “true”
Option “TwinViewOrientation” “clone”
Option “SecondMonitorHorizSync” “30-50
Option “SecondMonitorVertRefresh” “60
Option “TVStandard” “PAL-G # you may need other format here
Option “MetaModes” “1024x768, 1024x768;” # use fullscreen
Option “TVOutFormat” “COMPOSITE” # only if you get BW picture

(optional) enable support for shadows and transparency effects:

-
add these lines:

Section “Extensions”
Option “Composite” “Enable”
EndSection

c) now exit the chroot-environment and reboot your box, on startup logon as root

e) start X: startx

-
do: xvinfo it should show some overlay information (DRI)

- do: glxgears it should show you a OpenGL demo (GLX)

(optional) accelerated graphics drivers: (here: for nvidia chips)

a) do: emerge nvidia-settings (should build also nvidia-kernel/glx)

- edit /etc/modules.d/nvidia and uncomment the last options line and do: modules-update

b) switch to hardware-accelerated OpenGL: opengl-update nvidia

c) start: nvidia-settings to adjust vsync, FSAA, Aniso-filtering, TVout-overscan and more

2.
build a window manager:
emerge xfce4 which you can start with: startxfce4
(here: XFCE a modern and lightweight desktop environment)

(optional)
set nicer gentoo-cursors for X:

a) edit /usr/share/cursors/xorg-x11/default/index.theme

-
replace core with one of the following:

gentoo # default gentoo cursor
gentoo-blue # same as gentoo but blue
gentoo-silver # same as gentoo but silver
whiteglass # bigger then gentoo, transparent white
redglass # like the above but red
handhelds # small cursor for low resolutions



Section 10: setting up sound (ALSA)

1.
enable ALSA interface in kernel:

Device Drivers --->
Sound --->
<*> Sound card support
Advanced Linux Sound Architecture --->
<*> Advanced Linux Sound Architecture
<*> Sequencer support
<*> OSS Mixer API
<*> OSS PCM (digital audio) API
[*] OSS Sequencer API

PCI devices ---> #select your chip here as <M>

2. do:
emerge alsa-utils alsa-oss

3. use the utility alsaconf to detect settings for you

(optional) if unshure which soundcard you have do: emerge pciutils then: lspci | grep audio

(optional) check /etc/modules.d/alsa if needed, for example:

alias snd-card-0 snd-emu10k1 # SB Live cards
(for a full list of supported interfaces refer to: ALSA Compatibility List)

4. do: modules-update && rc-update add alsasound boot

5.
start ALSA now: /etc/init.d/alsasound start

6.
start: alsamixer and unmute some channels (by pressing M) and set initial volume





Additional HOWTOs:


HOWTO #1: setting up internet (here: DSL with PPPoE)

Important: do not assign any IP or start up the interface DSL is connected to automatically

1.
install PPPoE client first: emerge rp-pppoe

2. do: adsl-setup and answer the questions, then do: adsl-start, to disconnect do: adsl-stop



HOWTO #2: setting up printing with CUPS

1. edit /etc/make.conf and add this USE variable: cups ppds foomaticdb

2. do: emerge cups

3. do: echo "net-print/foomatic-db ppds" >> /etc/portage/package.use

4. do: emerge foomatic

5. be shure to have this compiled into kernel: (here: parallel port)

Device Drivers --->
Parallel port support --->
<*> Parallel port support
<*> PC-style hardware
[*] Use FIFO/DMA if available
[*] IEEE 1284 transfer modes # EPP & ECP support

Character devices --->

<*> Parallel printer support
<*> Support for user-space parallel port device drivers

6. enable the printing daemon: rc-update add cupsd default and start it: /etc/init.d/cupsd start

7.
configure CUPS with the user friendly web-frontend (when asked, login with root account)
and then do first Manage Printers then Add Printer

a)
first step:

- Name: <set it like> Brother_HL-1030 (here: Brother B/W-Laser, no spaces!)

- Location: <leave empty>

NOTE: if your printer model is not listed later, go back to this point and do:

(optional) Download a PPD-File (PS Priter Description) for your printer at: linuxprinting.org
and place it inside the /usr/share/cups/model/ directory, then enter its location:
/usr/share/cups/model/brother_hl1030.ppd (the .ppd file must not have any spaces)

- Description: <whatever you want>

b)
second step:

- Device: <choose interface like> Parallel Port #1

- Make: <choose your Manufacturer>

- Model: <choose your Model>

c) finally you probably want to "print a test-page"



HOWTO #3: setting up a parallel-port scanner with XSANE

1.
fist check out (HOWTO #1 point 5) how to activate parallel-port in general

2. there should be a device named /dev/parport0

3. do emerge xsane

4. configure the sane-beckend, edit: /etc/sane.d/dll.conf

- enable plustek_pp and disable all others (here: "Plustek OpticPro P12")

5. configure your printer, edit: /etc/sane.d/plustek_pp.conf and set only these settings:

[direct]
device parport0

6.
now the command scanimage -L should give us something like this:

device `plustek_pp:parport0' is a Plustek P12 parallel port flatbed scanner

7.
the command xsane will start the scanning-frontend, probably you have to do it as root



HOWTO #4: setting up a SSH server

1. do: emerge openssh

- for custom configurations check out the *.config files stored inside /etc/ssh/

2.
finally do: rc-update add sshd default, and /etc/init.d/sshd start to start

(all users should be able to connect with PAM authentication by default)



HOWTO #5: setting up a LAN router

(here: DSL is connected through eth1, the eth0 interface goes to LAN)

1.
setting up NAT (iptables must be activated in kernel)

a) install firewall: emerge iptables and then execute this command:

iptables -A POSTROUTING -t nat -o ppp0 –j MASQUERADE

then do: /etc/init.d/iptables save and rc-update add iptables default

b)
now enable IP-forwarding but only if cat /proc/sys/net/ipv4/ip_forward says 0
edit /etc/sysctl.conf so its uncommented and set to 1: net.ipv4.ip_forward = 1

3.
install your own DNS and DHCP Server emerge dnsmasq

a)
edit /etc/dnsmasq.conf so it has this enabled:

except-interface=ppp0
dhcp-range=192.168.0.10,192.168.0.100,255.255.255.0,infinite
expand-hosts
domain=my_domain
dhcp-authoritative

b)
do: rc-update add dnsmasq default

c) edit /etc/hosts so one additional line reads:

192.168.0.1 hostname

(optional)
when you are a member on DynDNS you can update your current ip:

a) do: emerge ddclient

b)
edit /etc/ddclient/ddclient.conf so it look like this:

## general
daemon=60
# check interval in secods
pid=/var/run/ddclient/ddclient.pid
# record PID in file
use=if, if=ppp0
# via interfaces
protocol=dyndns2
# default protocol
server=members.dyndns.org
# default server

login=my_login
# default login
password=my_pw
# default password

## acount
server=members.dyndns.org, \
protocol=dyndns2 \
my_account.homeip.net
# your dynamic address



HOWTO #6: setting up remote-desktop via VNC

1.
do:
emerge tightvnc and close all X-sessions

2. do: vncpasswd and set the access password
 
3.
select the default Window Manager so edit ~/.vnc/xstartup like this:

startxfce4 &

3.
you can start the vnc-server by typing:

vncserver –geometry 1024x768 –depth 24 :0

4.
you can start the vnc-viewer by typing:

vncviewer –fullscreen –x11cursor 192.168.0.1:0




HOWTO #7: setting up PCMCIA WLAN-interface

(here: Prism 2 Chipset as eth1)

1.
compile kernel with these options:

Bus options (PCI, PCMCIA, EISA, MCA, ISA) --->
[*] ISA support
PPCCARD (PCMCIA/CardBus) support --->
<*> PCCard (PCMCIA/CardBus) support
<*> 16-bit PCMCIA support
[*] 32-bit CardBus support
<*> CardBus yenta-compatible bridge support

Device Drivers --->

Networking support --->
Wireless LAN (non-hamradio) --->
[*] Wireless LAN drivers (non-hamradio) & Wireless Extensions
<M> Hermes chipset 802.11b support (Orinoco/Prism2/Symbol)
<M> Hermes PCMCIA card supporth

2.
do: emerge pcmcia-cs and emerge wireless-tools

a)
edit /etc/conf.d/net and setup the new interface

b) edit /etc/conf.d/wireless and setup wireless options

c) do: ln -s /etc/init.d/net.eth0 /etc/init.d/net.eth1

d)
do: rc-update add pcmcia boot

==>
check out the command iwconfig eth1



HOWTO #8: setting up a caching HTTP/FTP-proxy

1.
do: emerge squid and edit the
/etc/squid/squid.conf

a)
make parts of your config file look like this:

http_port 192.168.0.1:8080 # this is the proxy's address & port
...
icp_port 0 # disable use of neighbor caches
...
cache_mem 32 MB # cache in memory
cache_dir ufs /var/cache/squid 512 16 256 # 512MB cache on HDD
...
#http_access deny CONNECT !SSL_ports # also allow non-SSL connections
...
acl our_networks src 192.168.0.0/24 # allow this IP range
http_access allow our_networks

b)
let Squid create its directories: squid -z

2.
finally do: rc-update add squid default



HOWTO #9
: setting up a SOCKS-proxy

1. do: emerge nylon and edit the /etc/nylon.conf so it looks like this:

[General]
No-Simultaneous-Conn=16 # allow 16 connections at one time
Log=0 # do not log to file
Verbose=0 # if logging then just essentials

[Server]
Port=1080 # use this port for clients
Allow-IP=192.168.0.0/24 127.0.0.1/32
# allow this IP ranges
Deny-IP=10.0.0.0/24 # disallow this IP range

2. finally do: rc-update add nylond default




HOWTO #10: setting up a local RSYNC-server

1.
edit this file /etc/rsyncd.conf and add this lines:

# Limit access
hosts allow = 192.168.0.0/255.255.255.0 # your LAN goes here
hosts deny = *
max connections = 3
timeout = 60

# the lines below stay default, just uncomment them
[gentoo-portage]

path = /usr/portage
comment = Gentoo Linux Portage Tree
exclude = /distfiles /packages

2. now edit /etc/conf.d/rsyncd and add to the RSYNC_OPTS this option: "--safe-links"

3. finally do: rc-update add rsyncd default

4. set up all clients to use your RSync, edit their /etc/make.conf so the SYNC line says:

  rsync://myadress/gentoo-portage



HOWTO #11: setting up a Samba-server for file sharing

1.
do: emerge samba then edit /etc/samba/smb.conf this way:

[global]
workgroup = WORKGROUP
netbios name = mymachine
server string = Samba %v # shows version
hosts allow = 192.168.0. # only local access
security = user
encrypt passwords = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 # buffers
preserve case = yes # case sensitive filenames

[homes]
comment = Home Directories
writable = yes

# optional
[tmp]
comment = Temporary Space
path = /tmp
read only = no
public = yes

# optional (here: non-redundant distfiles-directory on server for our LAN)
[distfiles]
comment = Portage Distfiles
path = /usr/portage/distfiles
valid users = root
public = no
writable = yes
printable = no
force group = portage

2.
do: rc-update add samba default to enable samba on the server

3. add users to the samba user-list: smbpasswd -a myuser

(optional)
if you want to share your distfiles directory do this also for root

4. to mount samba share of distfiles on clients you can make an smbmnt script:

mount //192.168.0.1/distfiles -t smbfs -o username=root,gid=portage,passwd=mysmbpw /usr/portage/distfiles/

- do: chmod +x smbmnt and purge all files inside /usr/portage/distfiles/

- to mount distfiles just execute: ./smbmnt


alternatively use the /etc/fstab like follows:

#<fs> <mountpoint> <type> <opts> <dump/pass>
//192.168.0.1/distfiles /usr/portage/distfiles/ smbfs noauto,username=root,gid=portage,passwd=mysmbpw 0 0

- now to mount distfiles just do: mount /usr/portage/distfiles



HOWTO #12: setting up a webserver with SSL/PHP support

1. install the needed packages:

- edit /etc/portage/package.use so it has these USE-flags:

dev-php/mod_php apache2 gd -derkdb -gdbm

-
edit /etc/portage/package.unmask so PHP5 can be used:

dev-php/mod_php

- then do: emerge apache mod_php

2.
edit /etc/conf.d/apache2

- add -D PHP5 to APACHE2_OPTS (-D SSL should be already there)

3.
go to /etc/apache2/

- edit the httpd.conf and adjust server configuration here

4. fine tune your modules go to: /etc/apache2/conf/modules.d/

- edit the 40_mod_ssl.conf (standard SSL settings)
and 41_mod_ssl.default-vhost.conf (set SSL doc-root and .crt/.key locations)
and 70_mod_php5.conf (set PHP settings)

5. generate your SSL certificate (look inside HOWTO #14)

- place your server.crt and server.key inside /etc/apache2/ssl/

6.
start your server with /etc/init.d/apache2 start you may enable it at boot: rc-update add apache2 default



HOWTO #13: setting up a (secure) FTP(S) server

(here: using PAM authentication for existing system users)

1. do: emerge vsftpd

2. copy the /etc/vsftpd/vsftpd.conf.sample or to a file without .sample
and check or add the following:

# add
pasv_promiscuous=YES
port_promiscuous=YES
listen_port=666
max_clients=8
max_per_ip=2

# edit
anonymous_enable=NO

local_enable=YES
write_enable=YES
connect_from_port_20=NO
chroot_local_user=YES
xferlog_enable=NO
ftpd_banner="Welcome to yournick's FTP server!"

-
use man vsftpd to find out other usefull settings

(optional) enable SSL/TLS-support for secure control-communication:

- generate your SSL certificate like inside HOWTO #14, but instead of
seperate files for mysite.crt certificate and mysite.key private-key
just use vsftpd.pem for both. (crt & key together inside one file)

- place your vsftpd.pem inside /etc/vsftpd/

-
edit your vsftpd.conf and add:

ssl_enable=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
force_local_logins_ssl=YES
force_local_data_ssl=NO

3.
making the FTP server to startup on boot: rc-updte add vsftpd default



HOWTO #14: generating (self signed) SSL certificates

(OpenSSL should be already installed, else do: emerge openssl)

- Create a self signed certificate & private-key:

(note: some clients discard self-signed certificates by default)

openssl req -new -x509 -nodes -days 365 -out mysite.crt -keyout mysite.key

(optional)
Create an own CA for signing keys:

a) generate a server certificate and signing request:

openssl genrsa -out server.key 4096
openssl req -new -key server.key -out server.csr

b) generate your own certificate authority

openssl genrsa -out ca.key 4096
openssl req -new -x509 -key ca.key -out ca.crt

c) sign the server request with the self-created certificate authority:

openssl x509 -req -in server.csr -signkey server.key -out server.crt



HOWTO #15: setting up a SVN-server

1.
do emerge subversion first

2. now a repository needs to be created: svnadmin create /var/svn

3. configure the svnserve daemon, edit: /etc/conf.d/svnserve

4. start the daemon: /etc/init.d/svnserve start

(optional) make it persistent: rc-update add svnserve default





Appendix:
useful (unbloated) apps


APP EBUILD HINTS

Terminal Emulator x11-terms/xterm (xterm -fn 9x15 -bg black -fg grey -bc)
Virtual Terminal app-misc/screen
Text Editor app-editors/leafpad
Diagram Editorq app-office/dia
Desktop Publishing app-office/scribus
Office Suite app-office/openoffice
CD Mastering app-cdr/k3b
PDF Reader app-text/acroread
Image Editor media-gfx/gimp
Image Viewer media-gfx/imagemagick
Vector Editor media-gfx/inkscape
Movie Player media-video/mplayer
Audio Player media-sound/xmms
Mail Client mail-client/mozilla-thunderbird
Programming IDE dev-util/eclipse-sdk
Web Browser net-www/mozilla-firefox
Visual HTML Editor net-www/nvu
IRC Client net-irc/xchat
Instant Messangers net-im/[sim|gnugadu]
FTP Client net-ftp/gftp
P2P Client net-p2p/amule
SCP Client net-misc/secpanel