'THESE NOTES ARE DEAD', after using Gentoo for a short while I decided that source-based distributions are not for me.

=Installing Gentoo= https://wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation

[01:55] <+iamben> C0rn3j: there is no hardened+systemd profile, is that the issue you're facing?

[01:56] <+iamben> C0rn3j: we don't really have profiles for every possible combination of setups. but you can just use the hardened profile of your choice and add USE=“systemd -consolekit” and it'll be pretty close. you can see the rest of the systemd profile components in /usr/portage/profiles/targets/systemd/

[02:09] <+iamben> C0rn3j: im not sure if all the selinux policies are in place for systemd, you might want to ask in #gentoo-systemd or #gentoo-hardened if no one chimes in here


Dependencies: syslinux

Since the minimal Gentoo iso doesn't support UEFI, I'm using SysRescueCD instead.

http://www.system-rescue-cd.org/Download - download the iso

'isohybrid –uefi Downloads/systemrescuecd-x86-4.7.2.iso' - prep the iso so it's UEFI bootable.

https://wiki.c0rn3j.com/index.php?title=System_administration#Creating_bootable_flashdrive - use dd to write the iso on a flashdrive


boot from it in UEFI mode.


Use gparted to create the partitions - create a 512MiB fat32 one for boot and an ext4 one for everything else.

lsblk - get partitions

mkdir /mnt/boot

mount /dev/sda1 /mnt/boot

mount /dev/sda2 /mnt/gentoo

Go to https://www.gentoo.org/downloads/ and download Hardened Stage 3.

tar xvjpf stage3…. –xattrs -C /mnt/gentoo - extract the tarball

nano /mnt/gentoo/etc/portage/make.conf - edit as following



to the CFLAGS line along with the other options. add a new line containing


where the number is the number of your processor threads

cp /etc/resolv.conf /mnt/gentoo/etc - copy DNS information to the gentoo installation

mount -t proc proc /mnt/gentoo/proc

mount –rbind /sys /mnt/gentoo/sys

mount –make-rslave /mnt/gentoo/sys

mount –rbind /dev /mnt/gentoo/dev

mount –make-rslave /mnt/gentoo/dev

chroot /mnt/gentoo /bin/bash

source /etc/profile


emerge –sync

eselect news read - read news for updated packages

eselect profile list - this will list predefined profiles that contain specific configs. Read their names to understand what they contain.
##I want to run hardened gentoo that's multilib using systemd and SELinux, since the profiles don't contain every possible config I'll just pick the one closest to what I want##

[15]  hardened/linux/amd64/selinux

##I want to run hardened gentoo without systemd or SELinux###
[14] hardened/linux/amd64 *

eselect profile set 14

emerge –ask –update –deep –newuse @world - optional if you don't use systemd

emerge –info - lists various info - including USE flags which are used to specifiy compile options. /usr/portage/profiles/use.desc - file with description of all use flags

tzselect - find out what your timezone string is

echo “Europe/Prague”

> /etc/timezone - save the string

emerge –config sys-libs/timezone-data - reconfigure the sys-libs/timezone-data package, which will update the /etc/localtime file for you, based on the /etc/timezone entry. The /etc/localtime file is used by the system C library to know the timezone the system is in.

nano /etc/locale.gen - uncomment/add languages you want to use - en_US.UTF-8 UTF-8 in my case

locale-gen - generate the locales

eselect locale list - list possible locale settings

eselect locale set 2 - set the system-wide locale settings

env-update && source /etc/profile - reload the enviroment

emerge –ask sys-kernel/hardened-sources - Pick a kernel image to install https://wiki.gentoo.org/wiki/Kernel/Overview

cd /usr/src/linux

make menuconfig - Configure the kernel. https://wiki.gentoo.org/wiki/Kernel/Gentoo_Kernel_Configuration_Guide

make -j8 && make -j8 modules_install