Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Which stage3 should I choose?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
viio
n00b
n00b


Joined: 17 Mar 2020
Posts: 33

PostPosted: Tue Mar 17, 2020 5:41 pm    Post subject: [SOLVED] Which stage3 should I choose? Reply with quote

Hi,

I'm completely new to Gentoo and also relatively new to Linux in general.
Currently I'm digging my way through the documentation to familiarize myself with the installation proccess.

The next step is Downloading the stage tarball.

But I'm not exactly sure which "stage3" to pick.
I know that I want amd64 and multilib.

There is hardened and there is minimal.
However, my personal preference would be hardened+minimal...

There is a hardened+minimal, but only as "stage4".
I've found the following in the docs:
Quote:
they are not intended to replace the usual Handbook-based installation method starting from a minimal installation CD or Gentoo LiveDVD and a stage3 tarball.


So I guess I should stay away from stage4 for now?

My overall goal with Gentoo is, to get a very stable, secure and minimal desktop installation for a laptop.
I don't need a desktop environment but xorg and i3wm. I'll try to stick to terminal applications as much as possible.

Should I go with hardened or minimal stage3?

What would be easier?
- Harden a system with minimal stage3
- Minimalize a system with hardened stage3


Last edited by viio on Sat Mar 21, 2020 12:50 pm; edited 1 time in total
Back to top
View user's profile Send private message
duane
Tux's lil' helper
Tux's lil' helper


Joined: 03 Jun 2002
Posts: 137
Location: Oklahoma City

PostPosted: Tue Mar 17, 2020 7:50 pm    Post subject: Reply with quote

As far as I know, there is no "minimal" stage 3. It's pretty minimal already. So, you should probably use the hardened one. However, it's fairly easy to change to a hardened profile, so you could do that at a later time if you wanted.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 45451
Location: 56N 3W

PostPosted: Tue Mar 17, 2020 8:11 pm    Post subject: Reply with quote

viio,

Welcome to Gentoo.

Are you confusing stage3 and stage4 tarballs, which are not bootable with the minimal ISO, which is just a toolkit to enable you to install Gentoo?
All the stage tarballs are multilib unless the have nomultilib in their names.

-- edit --

The stage3 tarball is those packages that every Gentoo install should have and is a good place to start if you want a minimal install.
There i very little that can be removed.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
viio
n00b
n00b


Joined: 17 Mar 2020
Posts: 33

PostPosted: Tue Mar 17, 2020 8:54 pm    Post subject: Reply with quote

duane wrote:

As far as I know, there is no "minimal" stage 3. It's pretty minimal already. So, you should probably use the hardened one.


Yes you are right.
The minimal one was also a stage4, sorry for the confusing.

NeddySeagoon wrote:

viio,

Welcome to Gentoo.


Thank you! :D

NeddySeagoon wrote:

Are you confusing stage3 and stage4 tarballs, which are not bootable with the minimal ISO, which is just a toolkit to enable you to install Gentoo?


I'm not exactly sure what you mean.
In the installation documentation it is said to use the stage3 tarball.
Then I've seen there is a stage3 tarball and was wondering where's the difference.
So I looked up the wiki and found that page: Stage tarball

If I got this right, I shouldn't use stage4 but stick to stage3.
That's what I did.

NeddySeagoon wrote:

All the stage tarballs are multilib unless the have nomultilib in their names.


Yeah, I assumed that.

NeddySeagoon wrote:

The stage3 tarball is those packages that every Gentoo install should have and is a good place to start if you want a minimal install.
There i very little that can be removed.


Okay that's essentially what I wanted to know.

I went with the hardened one for now.
I'm doing my first steps in a virtual machine anyway... let's see how it works.
Back to top
View user's profile Send private message
RoGeorge
n00b
n00b


Joined: 13 Mar 2020
Posts: 17

PostPosted: Tue Mar 17, 2020 9:02 pm    Post subject: Reply with quote

I was confused by hardened versus non-hardened choice, too, especially after noticing the tar.xz of the hardened stage3 is smaller than the minimal stage3.
229.3MB stage3-amd64-20200304T214503Z.tar.xz
212.7MB stage3-amd64-hardened-20200311T214502Z.tar.xz

So, if it's not about size, then why there needs to be yet another version of a minimal stage3?
What are the drawbacks of using the hardened stage3?
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 7686
Location: Saint Amant, Acadiana

PostPosted: Tue Mar 17, 2020 9:23 pm    Post subject: Reply with quote

After you install the base system, set up your make.conf and run your first emerge -e everything what came with stage tarball will be replaced with locally built binaries. Why worry about something that is not going to last?
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
ff11
Guru
Guru


Joined: 10 Mar 2014
Posts: 499

PostPosted: Tue Mar 17, 2020 9:35 pm    Post subject: Reply with quote

Well, i only use hardened if i really need it (like when installing servers).
My default is always no-multilib.
I keep telling myself that I can change at any time, but I never needed.
And I don't like to compile packages twice unnecessarily.
_________________
| Proverbs 26:12 |
| There is more hope for a fool than for a wise man that are wise in his own eyes. |
* AlphaGo - The Movie - Full Documentary
"I want to apologize for being so powerless" - Lee
Back to top
View user's profile Send private message
ff11
Guru
Guru


Joined: 10 Mar 2014
Posts: 499

PostPosted: Tue Mar 17, 2020 9:50 pm    Post subject: Reply with quote

RoGeorge wrote:
I was confused by hardened versus non-hardened choice, too, especially after noticing the tar.xz of the hardened stage3 is smaller than the minimal stage3.
229.3MB stage3-amd64-20200304T214503Z.tar.xz
212.7MB stage3-amd64-hardened-20200311T214502Z.tar.xz

So, if it's not about size, then why there needs to be yet another version of a minimal stage3?
What are the drawbacks of using the hardened stage3?


"hardened" is like "max security mode", against other, but against you too (or in your favor, if you are looking for more security). For normal users (non-server machines), security should be pursued by making backups first.
Take one look here: https://wiki.gentoo.org/wiki/Hardened/Introduction_to_Hardened_Gentoo
_________________
| Proverbs 26:12 |
| There is more hope for a fool than for a wise man that are wise in his own eyes. |
* AlphaGo - The Movie - Full Documentary
"I want to apologize for being so powerless" - Lee
Back to top
View user's profile Send private message
viio
n00b
n00b


Joined: 17 Mar 2020
Posts: 33

PostPosted: Tue Mar 17, 2020 10:08 pm    Post subject: Reply with quote

Jaglover wrote:
After you install the base system, set up your make.conf and run your first emerge -e everything what came with stage tarball will be replaced with locally built binaries.

I went through the whole installation documentation step by step but I was never told to execute "emerge -e".
And somehow "emerge -ep" does not work for me, altough both parameters are valid according to the manpage.

Jaglover wrote:

Why worry about something that is not going to last?

So you are going to say that it does not matter if I use hardened or normal stage3?
But then why are there different stage3 files in the first place?
I assume I didn't get what you tried to say.
Back to top
View user's profile Send private message
ff11
Guru
Guru


Joined: 10 Mar 2014
Posts: 499

PostPosted: Tue Mar 17, 2020 10:25 pm    Post subject: Reply with quote

viio wrote:
Jaglover wrote:
After you install the base system, set up your make.conf and run your first emerge -e everything what came with stage tarball will be replaced with locally built binaries.

I went through the whole installation documentation step by step but I was never told to execute "emerge -e".
And somehow "emerge -ep" does not work for me, altough both parameters are valid according to the manpage.

Jaglover wrote:

Why worry about something that is not going to last?

So you are going to say that it does not matter if I use hardened or normal stage3?
But then why are there different stage3 files in the first place?
I assume I didn't get what you tried to say.

Don't worry about this now. The full command should be like:
Code:
# emerge -ep @world

The "-e" option will rebuild everything (don't worry, "-p" don't allow that).

About the use of hardened or normal stage3, don't worry too. You can change anytime.

And for these that want to take your stress out , here the adult coloring book about selinux by redhat: https://people.redhat.com/duffy/selinux/selinux-coloring-book_A4-Stapled.pdf
_________________
| Proverbs 26:12 |
| There is more hope for a fool than for a wise man that are wise in his own eyes. |
* AlphaGo - The Movie - Full Documentary
"I want to apologize for being so powerless" - Lee
Back to top
View user's profile Send private message
RoGeorge
n00b
n00b


Joined: 13 Mar 2020
Posts: 17

PostPosted: Tue Mar 17, 2020 10:55 pm    Post subject: Reply with quote

ff11 wrote:
Take one look here: https://wiki.gentoo.org/wiki/Hardened/Introduction_to_Hardened_Gentoo

That answered all my questions about why a non-hardened version still exists, thank you.
To summarize, the hardened features comes at the cost of some execution overhead, especially when the CPU lacks the hardware mechanisms (e.g. x86 does not have the required hardware to implement the pageexec mechanism, so on x86 PaX emulates this behavior at a software level).

Answered this question, too
viio wrote:
why are there different stage3 files in the first place?
Because they are unrelated and independent projects, one for the normal Gentoo, the other one for the hardened Gentoo
https://wiki.gentoo.org/wiki/Hardened/Introduction_to_Hardened_Gentoo wrote:
Hardened Gentoo is not a product or solution in itself, it is merely a project with a group of developers all working toward the same goal of very proactive security. The sub-projects contained in Hardened Gentoo are not related in any more way than they are hosted within the same project. You might think of it as the same way KDE and GNOME are both part of the desktop project, and both have a common goal, but are otherwise unrelated to each other.
Back to top
View user's profile Send private message
ff11
Guru
Guru


Joined: 10 Mar 2014
Posts: 499

PostPosted: Tue Mar 17, 2020 11:03 pm    Post subject: Reply with quote

RoGeorge,

You got the ideia.

There is also the possibility of using one normal profile, and put your services inside containers. Here more two coloring books:
* Container (because "Who's afraid of the big bad wolf?"): https://raw.githubusercontent.com/fedoradesign/coloringbook-containers/master/Print-Ready/Web.pdf
* Container Commandos (the super-heroes that can save you): https://docs.fedoraproject.org/en-US/fedora-silverblue/_attachments/container-commandos.pdf
_________________
| Proverbs 26:12 |
| There is more hope for a fool than for a wise man that are wise in his own eyes. |
* AlphaGo - The Movie - Full Documentary
"I want to apologize for being so powerless" - Lee
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 7686
Location: Saint Amant, Acadiana

PostPosted: Tue Mar 17, 2020 11:23 pm    Post subject: Reply with quote

Quote:
I went through the whole installation documentation step by step but I was never told to execute "emerge -e".

Gentoo is DIY Linux and Handbook is just the reference to get your first steps right. Rest is up to you, most users think it is a good idea to rebuild your new system with your CFLAGS and USE flags ASAP. But you don't have to do it, it is your Linux after all, built with tools provided by Gentoo.
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum