Civilizational Immunity to Globalism

October 12th, 2023

Due to an embarrassing deficit in knowledge of history, and a geopolitical climate that makes remedying this shortcoming all the more urgent, I've started reading A History of the Modern World (8th Edition - Palmer, Colton - 1995). I'm only 80 pages into the 1000 page book but already there are quite a few gems. One that struck me as being particularly relevant to today's situation is the story of The Protestant Reformation:

Charles V of the Empire (he was known as Charles I in Spain) was thus beyond all comparison the most powerful ruler of his day. But still other fortunes awaited the house of Habsburg. The Turks, who had occupied Constantinople in 1453, were at this time pushing through Hungary and menacing central Europe. In 1526 they defeated the Hungarians at the battle of Mohacs. The parliaments of Hungary, and of the adjoining kingdom of Bohemia, hoping to gain allies in the face of the Turkish peril, thereupon elected Charles V’s brother Ferdinand as their king. The Habsburg family was now entrenched in central Europe, in the Netherlands, in Spain, in the Mediterranean, in south Italy, in America. No one since Charlemagne had stood so far above all rivals. Contemporaries cried that Europe was threatened with "universal monarchy," with a kind of world-state in which no people could preserve its independence.

Sound familiar? It's a relief that the world did not turn into a "world-state" where "no people could preserve its independence" and also reassuring that humans seem to contain within themselves a visceral aversion to global rule by a single monolithic entity.

Against the emperor, a group of Lutheran princes and free cities formed the League of Schmalkald. The king of France, Francis I, though a Catholic in good standing, allied with and supported the League. Political interests overrode religious ones. Against the "universal monarchy" of the swollen Habsburgs the French found alliances where they could, allying with the Turks as with the Lutherans, building up a balance of power against their mighty foe.

Spurred to action by this civilizational immune response, leaders of lesser powers allied with each other to decentralize power away from the Habsburgs and Roman Catholic Church. This period of strife ended with The Peace of Augsburg:

The terms set at Augsburg signified a complete victory for the cause of Lutheranism and states’ rights. Each state of the Empire received the liberty to be either Lutheran or Catholic as it chose—cuius regio eius religio, "whose the region, his the religion." No individual freedom of religion was permitted; if a ruler or a free city decided for Lutheranism, then all persons had to be Lutheran. Similarly in Catholic states all had to be Catholic.
...
The Peace of Augsburg was thus, in religion, a great victory for Protestantism, and at the same time, in German politics and constitutional matters, a step in the disintegration of Germany into a mosaic of increasingly separate states.

It's too early to say if this is what we're seeing now with the alliance of BRICS nations against the US and the rest of NATO, but it's at least interesting to see that man has been faced with the threat of "globalism" before, and successfully avoided it.

A Beginner's Guide to Using PGP

March 6th, 2023

PGP is the only known communication method capable of creating messages that cannot be read by anyone other than the intended recipient. Any other so-called "encrypted" messaging "app" can and should be assumed compromised, otherwise it wouldn't be allowed on your botnet phone in the first place, let alone constantly promoted by celebrity "dissidents" and other social media influencers.

Luckily PGP is still around, still works, and is fairly easy to use.

1. Installation

To install GnuPG (GPG), the most widely used implementation of PGP, follow these instructions depending on your operating system1. Before proceeding, first check to see if you already have a working copy of GPG on your machine. Open your terminal and execute:


gpg --version

If the output describes your installation of GPG then you're good to go and you can skip to the next section. If it says "command not found" you'll need to first install GPG.

macOS

First install Homebrew, then use it to install GPG.


brew install gnupg

Linux - Ubuntu

apt-get install gnupg

If you're using any version of Linux other than Oogabuntu it's assumed you already know how to install packages and have likely skipped this section anyway. After you've installed GPG, run the version check command again to verify that it's in your PATH and working properly. The output should look something like this:


gpg (GnuPG) 2.2.40
libgcrypt 1.10.1-unknown
Copyright (C) 2022 g10 Code GmbH
License GNU GPL-3.0-or-later <https://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

2. Key Creation

If you're already familiar with Bitcoin private keys then just know that you can think of PGP keys in the same way. Private keys are meant to be kept private. Depending on your level of risk and/or paranoia you may want to keep your private key(s) offline, or you may be fine with storing it on your everyday machine—that part is up to you. Unlike Bitcoin keys, you likely won't be generating hundreds, or even dozens. One or two should be all you need. Maybe down the road you'll generate a couple more for different use cases, but it doesn't share the same disposable model that most people are used to with Bitcoin.

To generate your keypair run the following command and follow the prompts to set a passphrase and whatever else it asks for. Other than the passphrase, the information collected is strictly for labeling and organizational purposes, so don't feel obligated to enter your IRL name or email, for example.


gpg --default-new-key-algo rsa4096 --gen-key

3. Key Importing

In order to create encrypted messages for one of your contacts you will first need their PGP public key. If they've sent your their key in an email or other communication channel simply save the entire block to a file and import with:


gpg --import /path/to/example.asc

If you're importing a key that is shared online, you can skip the step of saving to a file and simply fetch/import it with one line. For example, to import my public key, which is available at http://wot.deedbot.org/F5E9580D424CB952E67CBF6F2BBEFC527DC1FE40.asc, you would use:


curl -s "http://wot.deedbot.org/F5E9580D424CB952E67CBF6F2BBEFC527DC1FE40.asc" | gpg --import

Which uses the curl command to fetch the data and then pipes it into the gpg command.

4. Signing Messages and Other Data

If you want someone else to be able to verify that a message (or program, or any other piece of data) was authored by you and has not in the interim been tampered with by anyone else you can use GPG to "sign" the data. Anyone who has your public key, and the signed piece of data, will be able to verify that it is indeed from you and is in its original condition. To sign a piece of data use:


gpg -ab data-to-be-signed

As a real-world example, let's say I want to be sure that anyone following this guide can know that they're reading my original instructions, and that no bad actor has somewhere modified what they're reading and inserted malicious commands, such as bitcoin-cli sendallmycoinstoh4x0r1. If I wanted to provide that level of assurance I might offer a signed copy of the body html of this article, using:


gpg -ab pgp-for-beginners.html

This will produce a file called pgp-for-beginners.html.asc, which, if shared along with the original pgp-for-beginners.html, can be used to verify the authenticity and integrity of the data contained therein.

5. Verifying Signatures

Verifying the signature of a piece of data is equally straightforward, simply use:


gpg --verify signature.asc signed-data

To try this out for yourself, you can use the files I generated for the previous step. Right-click > save the following two files:

pgp-for-beginners.html
pgp-for-beginners.html.asc

And now run this command from the directory where the files are located:


gpg --verify pgp-for-beginners.html.asc pgp-for-beginners.html

Assuming you have my key imported the output should look like this:


gpg: Signature made Sun Mar  5 09:58:14 2023 CST
gpg:                using RSA key F5E9580D424CB952E67CBF6F2BBEFC527DC1FE40
gpg: Good signature from "billymg <billymg47@gmail.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: F5E9 580D 424C B952 E67C  BF6F 2BBE FC52 7DC1 FE40

You can ignore the WARNING. It's just saying that you don't know for sure that my key really belongs to me. So the signature may be valid, but the signing key may not actually be mine. Which is, in fact, true. The only way to know for sure is to meet me in person, in the real world, and confirm that my key's fingerprint matches what you have for my alleged key.

Since in many cases this is unrealistic, the usage of a WoT2 gets rid of most of the doubt. So even though you've never met the person, and don't really know if the person signing a given message is who they say they are, you can at least look at their history and see that they3 have been in good standing for a fair amount of time.

6. Encrypting Messages

In order to send someone an encrypted message that they—and only they—will be able to read, you will need their public key. Import their key into your GPG keychain by following Section 3, draft your message4, then run the following command:


gpg -ear recipient-key message-to-encrypt.txt

The recipient-key can be the name, email, or ID/fingerprint of the key. To check how the key is labeled in your keychain, simply use:


gpg -k

This will print a list of the public keys in your keychain5. Let's say you have my public key and you want to send me a message that you've saved as msg-to-billymg.txt6. Assuming you're in the same directory as the file, you can run the following command to encrypt the message to my key:


gpg -ear billymg msg-to-billymg.txt

This will encrypt the message and save it to a new file called msg-to-billymg.txt.asc. YOU WILL NOT BE ABLE TO READ THIS MESSAGE, and neither will anyone else. It seems weird at first—"I encrypted it, shouldn't I be able to decrypt it??"—but it illustrates how asymmetric encryption works, and why it's so powerful. You can now safely paste the contents of msg-to-billymg.txt.asc in an email, a WhatsApp message, or even out in the open on the public internet, and be assured that only I will be able to read it7. I personally like to use paste.deedbot.org because it's fast, simple, and it justwerks. The result is a short URL you can easily share with the intended recipient over whatever communication channel you normally use.

7. Decrypting Messages

When you're in possession of a message8 encrypted to a public key for which you have the corresponding private key, you will be able to decrypt the data with the following command:


gpg -d msg-to-decrypt.txt.gpg

This will output the decrypted contents directly to the console. If the content is binary data you won't want to do this, instead you'll want to specify an output file with -o, like so:


gpg -d -o decrypted.tgz file-to-decrypt.tgz.gpg

A shorter version of this would be to run gpg without any options, like so:


gpg file-to-decrypt.tgz.gpg

GPG will guess what you're trying to do, automatically decrypt the file, and write it to file-to-decrypt.tgz.

If the sender pasted the message for you on paste.deedbot.org, you can fetch and decrypt the message in a single line with curl and gpg:


curl -s "http://paste.deedbot.org/p4573iD" | gpg -d

8. Drafting Messages with 'Pass'

As mentioned in Section 6, drafting your private communications and saving the cleartext version to disk is not ideal9. Thankfully, there's an easy way to get around this with a program called Pass. Pass is a password manager, and a very good one, but it's also useful for drafting private documents in order to avoid ever having the cleartext version touch your disk.

8.1. Install Pass

Follow the instructions on the Pass website for your operating system.

8.2. Initialize the Password Store

pass init my-gpg-id

Replace my-gpg-id with the ID of one of your private keys. Don't use the same one you also use for signing and private communication. If you need to create a new one follow step 2 again.

8.3. Create a Blank Message

pass insert pgpgrams/my-message-draft

Press 'enter' twice when prompted for a password to create a blank encrypted document stored at ~/.password-store/pgpgrams/my-message-draft.gpg.

8.4. Draft Your Message

pass edit pgpgrams/my-message-draft

After drafting your message, save normally. You can edit again at anytime with the same command. You now have a saved draft that ONLY YOU can read, avoiding the non-ideal scenario of letting a cleartext copy touch your disk.

8.5. Encrypt the Message for the Recipient

pass show pgpgrams/my-message-draft | gpg -ear recipient

You now have a new encrypted version of the message, this time that only the intended recipient can read. Share with the recipient however you like.

That's it, pretty simple.

  1. If you're using Windows, first uninstall Windows, then install Gentoo, then run emerge -av app-crypt/gnupg to install GPG. []
  2. Web of Trust []
  3. Or rather, their key []
  4. For now this just means saving a plaintext file to your disk somewhere. []
  5. You can use gpg -K (with a capital 'K') to get a list of private keys. []
  6. This if fine for now, while you're learning, but requires saving an unencrypted version of the message to disk, which is not ideal for highly sensitive communications. []
  7. Or anyone with my private key, which afaik is only me. []
  8. Or any kind of data []
  9. Yes, even if you immediately delete them after you're finished. Who knows how long bits can stick around on your HDD or SSD once written. []

A Beginner's Guide to Installing Gentoo: Part One

March 12th, 2022

This guide will walk you through setting up a base Gentoo system. It is intended for beginners who want to move to an operating system that gives them more control over what is installed. It will produce a reasonably sane Gentoo "daily driver" that will allow you to run TRB and other republican goodies. It will allow you to install xorg and a tiling manager without too much trouble. It will NOT be as strict as a Dulap when it comes to banning all systemdisms and other malware, so use accordingly.1

First of all, a huge thank you to asciilifeform for producing an ultra-hygienic Gentoo and making it available to the world. Dulap remains my go-to for server applications and any box where the need for security is greater than the desire for comfort. The first part of this guide, up to the chroot, is more or less lifted directly from the Dulap construction kit.

Prerequisites

Gather these items before beginning with the guide.

  • Any random laptop or assembled assortment of PC parts2
  • 2 USB thumb drives, at least 2GB
  • A Gentoo Stage 3 tarball: obtained here
  • A Gentoo Minimal Installation CD image: obtained here
Create the Bootable USB Drive

Note the path to your copy of the Gentoo Minimal Installation CD ISO file and check the drive device that corresponds to your USB drive with fdisk -l on Linux or diskutil list on macOS. Create the bootable USB with the following command, adjusted to your ISO file and USB drive:


dd if=install-amd64-minimal-20220308T160629Z.iso of=/dev/sdb bs=4096

Obtain a Stage 3 Tarball

Select a Stage 3 tarball from the Gentoo Downloads page.3 Download it and verify the checksum. Copy it to your other USB drive. If you're working on macOS or Window you'll need to format the drive as FAT so that your Linux build can access it.

Booting From the USB Drive and Formatting the Target Drive

Boot from the bootable install disk you created in the previous step. You'll likely need to enter your BIOS and rearrange the boot order so that USB is tried first before any internal drives.4 Once this option is set, exit the BIOS saving your changes, the machine should boot from the USB drive.

You are now in a mini Gentoo prepared specially for installing Gentoo. You'll first need to format your target drive so that you can proceed with the install. Run fdisk -l to view your drives and verify that your main drive (where you intend to install Gentoo) is in the first position. This will be /dev/sda if it's a SATA drive and /dev/nvme0n1 if it's an NVMe drive. If it is not one of these, reboot and adjust your BIOS boot order again until it is.

Using the correct device, run the following commands:


# Set the partition scheme
parted -s /dev/sda mklabel gpt

# Create the partitions
parted -s -a optimal /dev/sda unit s mkpart boot ext3 64 262143
parted -s -a optimal /dev/sda unit s mkpart primary ext4 262144 100%

# Enable the boot flag on the first partition
parted -s -a optimal /dev/sda set 1 boot on

sync

# Format the partitions
mkfs.ext3 /dev/sda1
mkfs.ext4 /dev/sda2

sync

# First create the mount point if it does not exist
mkdir /mnt/gentoo

# Mount the main partition to a mount point of your choice, here it's '/mnt/gentoo'
mount /dev/sda2 /mnt/gentoo

Now your target drive should be ready. Try running fdisk -l to see a summary of the new partitions.

Next, connect and mount your other USB drive, the one containing the Stage 3 tarball. You can mount this one to /mnt/usb or anywhere else you choose. If you're not sure which device is the USB drive you just plugged in run fdisk -l again and find it among the list.


# Mount the USB drive at /dev/sdb2 to /mnt/usb. Change to your own values if necessary.
mount /dev/sdb2 /mnt/usb

Now run lsmod and dmesg and save the output to your USB drive with the Stage 3 tarball. You will need this information later when configuring the kernel.


lsmod > /mnt/usb/lsmodout.txt
dmesg > /mnt/usb/dmesgout.txt

Extracting the Tarball and Chroot'ing Into the New System

Navigate to the root of your new drive and extract the Stage 3 tarball.


cd /mnt/gentoo
tar xpvf /mnt/usb/stage3-*.tar.xz --xattrs-include='*.*' --numeric-owner

After this completes you can run ls -l and you'll see your new system at home on its new drive.

Use the included net-setup tool to get network access. Then after you have a connection, copy the DNS info to the new environment.


# Run 'net-setup'
net-setup

# Verify that you have a connection
ping thebitcoin.foundation

# Copy the DNS info to the new environment
cp --dereference /etc/resolv.conf /mnt/gentoo/etc/

You are now ready to chroot into the new system.


# Mount the boot partition
mount /dev/sda1 /mnt/gentoo/boot

mount -o bind /dev /mnt/gentoo/dev
mount -o bind /proc /mnt/gentoo/proc
mount -o bind /sys /mnt/gentoo/sys
chroot /mnt/gentoo /bin/bash

You are now "inside" the new system, meaning what was previously /mnt/gentoo is now simply /. For example, ls / will display the contents of the partition at /dev/sda2 that you created earlier, not the contents of the bootable USB drive. Everything you do from here on out will affect the new system.5

Configuring Portage and Obtaining the Kernel Source

After chrooting, run emerge-webrsync to get a snapshot of the latest upstream repo. If you downloaded a Musl Stage 3 tarball then you will want to add the Musl overlay at this point. If not, then skip this step.

Add the Musl Overlay (skip if building a glibc-based system)

Overlays6 are a feature of Portage, Gentoo's package management system, that allow you to add additional packages not tracked in the main upstream repository. They can be thought of as sheets of vellum paper overlaying the default repository. They leave the original package list intact while adding one or more new packages (or versions of packages). This will be covered more in Part Two but for now—if you opted for a musl-based system—you will need to enable at least one overlay. If you opted for a glibc-based system, proceed to the next step.


# Emerge 'eselect-repository' and 'git'
emerge -av app-eselect/eselect-repository
emerge -av dev-vcs/git

# Create the config directory
mkdir -p /etc/portage/repos.conf 

# Enable and sync the 'musl' overlay
eselect repository enable musl
emaint sync -r musl

This will give you an up-to-date musl overlay, which is necessary for emerging7 the correct musl versions of packages for your musl-based build.

Apply the Ban List

Create a file called 'crapolade'8 /etc/portage/package.mask/crapolade and include in it asciilifeform's ban list:


# Create this file at /etc/portage/package.mask/crapolade

# systemdisms
sys-apps/systemd
sys-apps/systemd-tmpfiles
sys-fs/udev
virtual/tmpfiles
sys-auth/consolekit
sys-auth/polkit
sys-apps/dbus

media-video/libav
gnome-base/gconf
>=app-crypt/gnupg-2.0.22
app-accessibility/at-spi2-atk
app-accessibility/at-spi2-core
gnome-extra/polkit-gnome
dev-util/gdbus-codegen
gnome-base/dconf
>=x11-libs/gtk+-3.0.0
#>=sys-devel/gcc-5.0

The way this works is that Portage will check all entries in /etc/portage/package.mask when emerging packages and refuse to install packages that you have "masked". This also applies to packages brought in as dependencies by other packages, so it's a pretty effective way of keeping unwanted cruft out of your machine. You may have noticed that one item, >=sys-devel/gcc-5.0, is commented out. This is because any Stage 3 tarball that you download today will already include a GCC newer than 5.0, so the only result of leaving that line in would be some error spew about "Masked package already installed" every time emerge is run.

Later in this guide you will have to comment out other lines. As I mentioned in the beginning, this guide is not designed to produce a military grade Gentoo, but rather a comfortable daily driver that will run TRB and other republican software.9

In addition to the output of lsmod and dmesg that we saved earlier, there's another utility, lspci, available that I find useful for identifying hardware components. Emerge with:


emerge --ask --verbose sys-apps/pciutils

You will later use the output of lspci and the saved output from lsmod and dmesg to get an idea of what you'll need to enable in the kernel.

If you're on a more recent model laptop you may also need to install the Linux firmware package to enable graphics cards or wifi chips. If your laptop has Intel wifi, for example, you'll probably need this.


emerge -av sys-kernel/linux-firmware

Finally, emerge the Linux kernel source.


emerge -av sys-kernel/gentoo-sources

# Create a symlink to simplify things, change the version/filename to match what you have in /usr/src
ln -s /usr/src/linux-5.15.11-gentoo /usr/src/linux

Configuring and Building the Kernel

If this is your first time configuring a Linux kernel, which would not be unreasonable considering you're reading "A Beginner's Guide to Installing Gentoo", then it may feel a little daunting. Given the nearly endless combinations of possible hardware configurations there's also no way to create a step-by-step guide—you're on your own for this.

The strategy I would recommend going into this for the first time would be: don't overthink it and don't overdo it. There's a non-zero chance that you won't need to make any modifications at all and your kernel will boot with the defaults. Other knobs will be obvious. If you have an NVMe drive, be sure to enable support for NVMe drives. If you have an Nvidia graphics card it's probably ok to disable graphics support for other vendors, etc.10


cd /usr/src/linux

# Launch the config UI, you will make all your changes here
make menuconfig

#Compile the kernel
make && make modules_install

# Copies the kernel and config to /boot
make install

Building the Initramfs

Get genkernel to build the initramfs.


emerge --ask sys-kernel/genkernel

Build the initramfs. Be absolutely sure that the path you pass to --kernel-config points to the same config used to compile the kernel. This config should be present at /boot/config-5.15.11-gentoo (or whatever version kernel you used). If not, adjust accordingly.


genkernel --install --kernel-config=/boot/config-5.15.11-gentoo initramfs

Configure the File Systems Tab (fstab)

Edit /etc/fstab to set boot and primary disks.


# SAMPLE fstab
/dev/sda1       /boot       ext3        defaults        0 2
/dev/sda2       /           ext4        noatime,discard 0 1

Configure the Bootloader

You will have to choose a bootloader. The two main options are LILO and GRUB.11 You should try to get LILO to work first, it's got a much smaller footprint than GRUB and less moving parts means less that can potentially go wrong. If you can't get LILO to work12 or your just don't like LILO for some reason then you can use GRUB.

Option One: LILO

Emerge LILO.


emerge -av sys-boot/lilo

Edit /etc/lilo.conf and adjust the values to match your system. Then run lilo to install the bootloader.


lilo

That should be it.

Option Two: GRUB

Emerge GRUB 2.


emerge -av sys-boot/grub

Exit the chroot and enable EFI if you’re using that. If not, skip to installing GRUB.


# Exit the chroot
exit

# Enable EFI
modprobe efivars
modprobe efivarfs

# Re-enter the chroot
chroot /mnt/gentoo

Install grub.


# For EFI
grub-install --target=x86_64-efi --efi-directory=/boot --debug

# For Non-EFI (adjust device to match your system)
grub-install --target=i386-pc /dev/sda --debug

Generate the GRUB config.


grub-mkconfig -o /boot/grub/grub.cfg

Booting Your New OS

Before rebooting set a root user password. If you do not set this you will be locked out and will have to boot from your USB drive and chroot in all over again.


passwd

If you’re on a machine that only has a wireless connection you’ll also need to grab the wpa_supplicant and a DHCP client before you boot into your new system otherwise you will not have internet connectivity.


emerge -av net-wireless/wpa_supplicant
emerge -av net-misc/dhcpcd

Attempt to reboot to your newly installed Gentoo.


#Exit chroot and reboot
exit
reboot

If everything works you can log in as root with the password you set.

A Few Remaining Basics

Your system now works but before you can start having fun with it there are a few small things to take care of.

Make Your HiDPI Display Usable

If you are on a HiDPI display your console font is likely really tiny, to the point where it is practically illegible. Increase it by choosing a different font.


setfont latarcyrheb-sun32

Make this permanent by editing /etc/conf.d/consolefont and adding to boot services.


rc-update -v show | grep consolefont
rc-update add consolefont boot

See list of available fonts in /usr/share/consolefonts if you want to experiment with different options.

Enable Wireless and Connect to a WiFi Network

The wpa_supplicant replaces that little WiFi icon in the top-right corner of your old OS as the primary means of finding, selecting, and connecting to WiFi networks.


# Add 'wpa_supplicant' to the default and boot runlevels
rc-update add wpa_supplicant default
rc-update add wpa_supplicant boot

# Start the service
rc-service wpa_supplicant start

If this doesn’t work it’s likely because your kernel driver isn’t loaded.


# Load the kernel module
modprobe iwlwifi

# Try starting the service again
rc-service wpa_supplicant start

To make the kernel module load at boot, create the following file:


# /etc/modules-load.d/networking.conf
iwlwifi

You can now use wpa_cli to control your wireless interface. First try scanning for available networks.


# Scan for networks
wpa_cli scan

# Wait a few seconds then view results
wpa_cli scan_results

Note the SSID of the network you would like to connect to. To generate the WPA PSK for the network run the following command with the SSID and password of the network:


wpa_passphrase my-network-5g mynetworkpass

The output will look something like this:


network={
        ssid="my-network-5g"
        #psk="mynetworkpass"
        psk=9f1315f6253481f27965068df528064ae85e6cbb06540090c79e3817cb8f12a7
}

Copy the entire block and add it to the config at /etc/wpa_supplicant/wpa_supplicant.conf. Also add ctrl_interface and update_config knobs to the top of the file. Your file should look something like this:


# WPA Supplicant config at '/etc/wpa_supplicant/wpa_supplicant.conf'

ctrl_interface=DIR=/run/wpa_supplicant GROUP=wheel
update_config=1

network={
        ssid="my-network-5g"
        #psk="mynetworkpass"
        psk=9f1315f6253481f27965068df528064ae85e6cbb06540090c79e3817cb8f12a7
}

Save the config, then use wpa_cli again to load the config and list saved networks.


# Reload the config
wpa_cli reconfigure

# List saved networks
wpa_cli list_networks

# Select the network, where the number is the ID of the network returned by the previous command
wpa_cli select_network 0

You should now have internet access again.

Create a Non-Root User and Install 'sudo'

Now that you have an internet connection you should create a user account and install/configure sudo so that you’re not doing everything as root. First create your new user.


# Create a new user, '-m' creates a home folder for this user
useradd -m mynewuser

# Set the password for this user
passwd mynewuser


emerge -av app-admin/sudo

Configure with visudo


visudo

You can read more elsewhere about this file but an easy way to control who has sudo access is with the "sudo" group. Uncomment the line for this configuration so that it looks like:


%sudo ALL=(ALL) ALL

You can also set a longer timeout if you like (the default is only 5 minutes).


# Include this line to set the default sudo timeout to 30 minutes
Defaults env_reset, timestamp_timeout=30

Create the sudo group and add your user to the group


groupadd sudo
sudo usermod -a -G sudo mynewuser

Now you can log out of the root account with exit and log back in to your new user. Congratulations, you now have a basic working Gentoo linux machine with wireless internet access. You can now sudo emerge any package you like. In part two we’ll set up a minimal graphical environment plus some command line niceties. If you tried using this guide and noticed errors or parts that were unclear please leave feedback so that I can make improvements.

  1. If you intend to build a web server or have no need for a browser or any graphical environment then I suggest following this guide to build a Dulap instead. []
  2. I won't bother with listing "minimum specs" because they aren't high enough to be worth mentioning and because it mostly depends on what you want to run. Gentoo isn't macOS or Windows, you don't need 4GB of RAM just for the OS. Any cheapo laptop from the last 15 years should do. If your goal is to run TRB then you need at least a 1TB SSD. []
  3. At this point in time, if you use a current glibc-based system you will need to create a separate chroot environment later on in order to build TRB with the rotor due to a version incompatibility. If you select a musl-based system then you will be able to build TRB just fine, with a few tweaks, but you may have a harder time running other popular programs that don't yet play nice with musl. []
  4. This varies by machine, depending on your motherboard. Typically F1, F11, or DEL gets you into the BIOS— the post splash screen should say which key, something like "Press F1 to enter setup". From there just keyboard navigate until you find what you're looking for. []
  5. Unless you exit the chroot. []
  6. Now called "ebuild repositories". []
  7. Installing []
  8. You can call it whatever you want but this name fits. []
  9. So why include the ban list in the first place? The idea is to make you think twice about what you're installing, and only unmask the bare minimum that you absolutely need. Often if you are blocked because of a masked package you can get around it by installing an older version the package you want, or manually installing an older version of the specific dependency that's asking to bring in the masked package. Or you can find another program that has similar functionality to what you want but that doesn't depend on a masked package. If you conclude that you really must have a package that is blocked on a certain masked dependency, then you can unmask only that dependency. []
  10. Although don't worry too much about optimization at this point, you can always slim the kernel later on. []
  11. There may be others, I don't know. []
  12. I was unable to get LILO to successfully install the bootloader on my ThinkPad but it's what I use on my FX-8350 desktop. YMMV. []