manuel
/
gentoo-install
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update readme wording

This commit is contained in:
oddlama 2021-04-19 20:33:47 +02:00
parent 25ec26b1b9
commit a7225d68a5
No known key found for this signature in database
GPG Key ID: 14EFE510775FE39A
3 changed files with 20 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
README.md
View File

@ -5,14 +5,14 @@ recommended, but legacy BIOS boot is also supported. The script supports both sy
and OpenRC as the init system. The main performed steps are:
1. Partitioning
1. Download & verify stage3 tarball
1. Download & cryptographically verify stage3 tarball
1. Extract stage3
1. Initialize portage
1. Install kernel
1. Install additional software
The system will use `sys-kernel/gentoo-kernel-bin`, which should be suitable
to boot most systems out of the box. I strongly recommend you to replace this kernel
to boot most systems out of the box. It is strongly recommend to replace this kernel
with a custom built one, when the system is functional. If you are looking for a way
to detect and manage your kernel configuration, have a look at [autokernel](https://github.com/oddlama/autokernel).
@ -21,9 +21,9 @@ to detect and manage your kernel configuration, have a look at [autokernel](http
Edit `scripts/config.sh` and execute `./install` in any live system.
You can review the partitioning that will be applied before anything critical is done.
Afterwards, this will apply the partitioning scheme and properly
install the selected stage3 gentoo system. The new system will by default use
`gentoo-kernel-bin` as the kernel, and an initramfs generated by dracut to provide
a bootable environment. The script can optionally install `sshd` and `ansible` to
install the selected stage3 gentoo system. By default, the new system will use
`sys-kernel/gentoo-kernel-bin` as the kernel, and an initramfs generated by gentoo's genkernel to provide
a bootable environment. The script can optionally install `sshd` to
allow for a convenient setup of the new system afterwards.
## Overview
@ -47,7 +47,6 @@ Also, optionally the following will be done:
* Install sshd with secure config
* Install dhcpcd (only for OpenRC)
* Install ansible, create ansible user and add authorized ssh key
* Install additional packages provided in config
Anything else is probably out of scope for this script,
@ -81,33 +80,28 @@ to install. By default you will get the hardened nomultilib profile without syst
### (Optional) sshd
The script can provide a fully configured ssh daemon with reasonably good security settings.
It will by default only allow ed25519 keys, restrict the key exchange
algorithms, disable any password based authentication, and only allow specifically mentioned
users to use ssh service (none by default).
It will by default only allow ed25519 keys, restrict key exchange
algorithms to a reasonable subset, disable any password based authentication,
and only allow root to login.
The script will create a group named `sshusers`, and only users in that group will be
allowed to log in via ssh. If you have added a user for yourself, you might want
to add the user to that group. Be aware that root login is always denied.
### (Optional) Ansible
This script can install ansible, create a system user for ansible and add an ssh key of
your choice to the `.authorized_keys` file. This allows you to directly use ansible when
the new system is up to configure the rest of the system. The ansible user will be added to
the sshusers group.
You can provide keys that will be written to root's `.ssh/authorized_keys` file. This will allow
you to directly continue your setup with infrastructure management software such as ansible or [simple_automation](https://github.com/oddlama/simple_automation).
### (Optional) Additional packages
You can enter any amount of additional packages to be installed on the target system.
These will simply be passed to a final `emerge` call before the script is done.
Autounmasking will be done automatically.
You can add any amount of additional packages to be installed on the target system.
These will simply be passed to a final `emerge` call before the script is done, and autounmasking will also be done automatically.
It is recommended to keep this to a minimum, because of the heavily "interactive" nature of gentoo package management ;)
### Troubleshooting
In theory, after the initial sanity check, the script should be able to finish unattendedly.
But given the unpredictability of future gentoo versions, you might still run into an issue.
The script checks every command for success, so if anything fails during installation,
you will be given a proper message of what went wrong. Inside the chroot,
most commands will be executed in some kind of try loop, and allow you to
fix problems interactively with a shell, to retry, or to skip the command.
most commands will be executed in a checked loop, and allow you to interactively
fix problems with a shell, to retry, or to skip the command.
## Recommendations

2
scripts/main_chroot.sh → scripts/dispatch_chroot.sh
View File

@ -10,7 +10,7 @@ source /etc/profile
# Set safe umask
umask 0077
# Export nproc variables
# Export variables (used to determine processor count by some applications)
export NPROC="$(nproc || echo 2)"
export NPROC_ONE="$((NPROC + 1))"

2
scripts/functions.sh
View File

@ -749,7 +749,7 @@ gentoo_chroot() {
EXECUTED_IN_CHROOT=true \
TMP_DIR="$TMP_DIR" \
CACHED_LSBLK_OUTPUT="$CACHED_LSBLK_OUTPUT" \
exec chroot -- "$ROOT_MOUNTPOINT" "$GENTOO_INSTALL_REPO_DIR/scripts/main_chroot.sh" "$@" \
exec chroot -- "$ROOT_MOUNTPOINT" "$GENTOO_INSTALL_REPO_DIR/scripts/dispatch_chroot.sh" "$@" \
|| die "Failed to chroot into '$ROOT_MOUNTPOINT'"
}