[SOLVED] net.wlp2s0 has started, but is inactive

Message

Torpus · Post by **Torpus** » Tue Sep 05, 2023 2:30 pm

@NeddySeagoon

Yep, wireless-tools does, and it gives the exact same output as yours.

@pietinger

I followed what you asked and I started seeing some progress

, but it's still not working.

net.wlan0 daemon started at boot and did reveal a list of nearby WiFi networks (which obviously all of them had passwords). It still tried to connect to each of them one by one without letting me giving it a password or even stop it with Ctrl+C. I had to wait for like 2 extra minutes until it says that net.wlan0 failed to start and get into login. When I

Code: Select all

iwctl station list

It said:

Code: Select all

Launch helper exited with unknown return code 1
Failed to retrieve IWD dbus objects, quitting...

And when I

Code: Select all

iwctl

It said:

Code: Select all

Waiting for IWD to start...

and it just stuck on it.

Obviously I can't connect to my WiFi manually since iwctl didn't start.

here's the dmesg of it.

The second experiment was when I make my SSID password-free.

It did connect to it pretty quickly and my phone told me it's connected.

But:

Code: Select all

~ # ping gnu.org
ping: gnu.org: Temporary failure in name resolution
~ # ping 8.8.8.8
ping: connect: Network is unreachable

It said both of these instantly without having to wait in a couple seconds of a blank line.

Here's the dmesg of this also.

We're getting too much closer to solve this. I only shouldn't do anything by myself even by following the wiki or I'd mess it up again!

Post by **NeddySeagoon** » Tue Sep 05, 2023 2:40 pm

Torpus,

From your second dmesg

Code: Select all

[   11.140130] wlan0: authenticate with 14:a3:64:d5:5d:7d
[   11.140154] wlan0: 80 MHz not supported, disabling VHT
[   11.148677] wlan0: send auth to 14:a3:64:d5:5d:7d (try 1/3)
[   11.154942] wlan0: authenticated
[   11.157474] wlan0: associate with 14:a3:64:d5:5d:7d (try 1/3)
[   11.161238] wlan0: RX AssocResp from 14:a3:64:d5:5d:7d (capab=0x401 status=0 aid=1)
[   11.175385] wlan0: associated

That's the radio link up.

Note the authenticated and associated.

Code: Select all

~ # ping gnu.org
ping: gnu.org: Temporary failure in name resolution
~ # ping 8.8.8.8
ping: connect: Network is unreachable

Suggests that the final step

Code: Select all

dhcpcd wlan0

didn't happen.
I suspect that

Code: Select all

ifconfig -a

lists wlan0 with no IP address.

I like all my tools in pieces, so that they do one thing and do it well. That makes it easy to look at the joins and do one thing at a time to see where it breaks.

As I'm not a iwd user, I'll leave the diagnostics to others.

-- edit --

Code: Select all

net-wireless/iwd-2.8::gentoo  USE="client monitor -crda -ofono -standalone (-systemd) -wired" CPU_FLAGS_X86="aes ssse3" 0 Ki

USE=standalone is off by default but that adds dhcp support.
That's required somehow to do the last step

Post by **pietinger** » Tue Sep 05, 2023 4:51 pm

Neddy, Torpus told me in this thread he had emerged "iwd" WITH use-flag "standalone" ...

@Torpus,

please give us the output of "emerge -pvD iwd"

Maybe you alread know it, but if not ...

You can change the use-flags of a package "on the fly" by setting it into your command line ... EXAMPLE:

Code: Select all

# USE="standalone" emerge -vD iwd

... BUT !!! ... this will not be stored ... If you do an update (or re-emerge) of this package it will NOT have this use-flag AGAIN.!

To have it active ALL THE TIME = ALSO in the future, you must set it into:
https://wiki.gentoo.org/wiki//etc/portage/package.use
Another OPTION is to set it GLOBALLY into your /etc/portage/make.conf ... EXAMPLE:

Code: Select all

USE="standalone -bluetooth .... "

This has ONE DISADVANTAGE: IF ... only IF a use-flag is used from many packages, THEN you have activated this use-flag for EVERY package, INSTEAD only for one package you have defined in /etc/portage/package.use =>

Best is to set in make.conf only use-flags you want to have globally enabled, and for specific packages use /etc/portage/package.use

Post by **pietinger** » Tue Sep 05, 2023 5:15 pm

P.S.: Please give us also the output of "emerge --info" (so we can see some of your configurations; maybe you miss DBUS ?!)

Torpus · Post by **Torpus** » Tue Sep 05, 2023 6:17 pm

Almost done!!!

(I did this before you replied @pietinger)

@NeddySeagoon

That's because iwd wasn't on rc-update so netifrc chosed the default dhcpcd which is not configured well.

I added iwd to both default and sysinit as I did with net.wlan0

and added a couple lines on ect/conf.d/net to make iwd start working:

Code: Select all

config_wlan0="iwd"
adhoc_ssid_wlan0="WLAN"

but:

Code: Select all

 *   Connecting to "SSID_Name" in managed mode (WEP Disabled) ...
 *        wlan0 connected to SSID "SSID_Name" at (some mac address)
 *        in managed mode on channel 6 (2437 mhz) (WEP DISABLED)
 *   iwd ...
 *        nothing provides `iwd'
 * ERROR: net.wlan0 failed to start
 * ERROR: cannot start dnsmasq as net.wlan0 would not start
 * Starting gpm ...
 * ERROR: cannot start gpm as net.wlan0 would not start
 * Starting local ...

iwctl command started working now; it tells that wlan0 is disconnected.

dmesg of this one

@pietinger

Code: Select all

/ # emerge -pvD iwd

These are the packages that would be merged, in order:

Calculating dependencies... done!
Dependency resolution took 7.75 s.

[ebuild   R    ] net-wireless/iwd-2.8::gentoo  USE="client crda monitor standalone -ofono -systemd -wired" CPU_FLAGS_X86="-aes -ssse3" 0 KiB

Total: 1 package (1 reinstall), Size of downloads: 0 KiB

 * IMPORTANT: 17 news items need reading for repository 'gentoo'.
 * Use eselect news read to view new items.

Yep, it was installed with standalone.

emerge --info:

Code: Select all

Portage 3.0.51 (python 3.11.5-final-0, default/linux/amd64/17.1/hardened, gcc-12, glibc-2.38-r1, 5.15.0-76-generic x86_64)
=================================================================
System uname: Linux-5.15.0-76-generic-x86_64-AMD_A10-9620P_RADEON_R5,_10_COMPUTE_CORES_4C+6G-with-glibc2.38
KiB Mem:     7558464 total,   4856832 free
KiB Swap:    9081852 total,   9081852 free
Timestamp of repository gentoo: Sun, 27 Aug 2023 20:00:01 +0000
Head commit of repository gentoo: cf97de63824198e340d2d462dd81839d11a600c4
sh bash 5.2_p15-r6
ld GNU ld (Gentoo 2.40 p5) 2.40.0
app-misc/pax-utils:        1.3.7::gentoo
app-shells/bash:           5.2_p15-r6::gentoo
dev-lang/perl:             5.38.0-r1::gentoo
dev-lang/python:           3.11.5::gentoo, 3.12.0_rc1_p6::gentoo
dev-lang/rust:             1.71.1::gentoo
dev-util/cmake:            3.27.4::gentoo
dev-util/meson:            1.2.1-r1::gentoo
sys-apps/baselayout:       2.14::gentoo
sys-apps/openrc:           0.48::gentoo
sys-apps/sandbox:          2.38::gentoo
sys-devel/autoconf:        2.71-r7::gentoo
sys-devel/automake:        1.16.5-r1::gentoo
sys-devel/binutils:        2.40-r5::gentoo, 2.41-r1::gentoo
sys-devel/binutils-config: 5.5::gentoo
sys-devel/gcc:             12.3.1_p20230526::gentoo, 13.2.1_p20230826::gentoo
sys-devel/gcc-config:      2.11::gentoo
sys-devel/libtool:         2.4.7-r1::gentoo
sys-devel/llvm:            16.0.6::gentoo
sys-devel/make:            4.4.1-r1::gentoo
sys-kernel/linux-headers:  6.4::gentoo (virtual/os-headers)
sys-libs/glibc:            2.38-r1::gentoo
Repositories:

gentoo
    location: /var/db/repos/gentoo
    sync-type: rsync
    sync-uri: rsync://rsync.gentoo.org/gentoo-portage
    priority: -1000
    volatile: False
    sync-rsync-verify-metamanifest: yes
    sync-rsync-verify-max-age: 24
    sync-rsync-extra-opts: 
    sync-rsync-verify-jobs: 1

ACCEPT_KEYWORDS="amd64 ~amd64"
ACCEPT_LICENSE="*"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=native -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=native -O2 -pipe"
DISTDIR="/var/cache/distfiles"
EMERGE_DEFAULT_OPTS="--ask-enter-invalid --jobs=3  --load-average=3"
ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME"
FCFLAGS="-march=native -O2 -pipe"
FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg buildpkg-live collision-protect config-protect-if-modified distlocks downgrade-backup ebuild-locks fixlafiles ipc-sandbox merge-sync multilib-strict network-sandbox news parallel-fetch parallel-install pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms sign strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr"
FFLAGS="-march=native -O2 -pipe"
GENTOO_MIRRORS="http://www.gtlib.gatech.edu/pub/gentoo https://gentoo.ussg.indiana.edu/ https://gentoo.osuosl.org/ https://mirrors.rit.edu/gentoo/ https://mirror.sjc02.svwh.net/gentoo/ http://mirror.lug.udel.edu/pub/gentoo/"
LANG="en_US.utf8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LEX="flex"
MAKEOPTS="-j4 -l4"
PKGDIR="/var/cache/binpkgs"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git"
PORTAGE_TMPDIR="/var/tmp"
SHELL="/bin/bash"
USE="Xaw3d acl amd64 ap auth-dns bzip2 cet cli client conntrack crda crypt dbus dhcp dhcp-tools dnssec dri dumpfile eap-sim eapol-test elogind embedded fasteap fils fortran gdbm gtk3 hardened hs2-0 iconv id initramfs ipv6 libtirpc monitor multilib ncurses netifrc networkmanager nl80211 nptl openmp openpty pam pcre pie policykit privsep radeon readline redistributable resolvconf savedconfig seccomp sixel split-usr ssl ssp standalone test-rust tkip toolbar udev unicode unknown-license verify-sig x xattr xinerama xtpax zlib" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="synaptics libinput" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php8-1" POSTGRES_TARGETS="postgres15" PYTHON_SINGLE_TARGET="python3_11" PYTHON_TARGETS="python3_11" RUBY_TARGETS="ruby31" VIDEO_CARDS="amdgpu radeonsi" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account"
Unset:  ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, LINGUAS, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS

dbus seems to be there, but there's no iwd USE flag!

P.S.:My SSID has no password to make netifrc connect to it. If it did have one, I might have to insert that password with iwctl. But this iwctl said that wlan0 is disconnected.

Post by **NeddySeagoon** » Tue Sep 05, 2023 6:22 pm

Torpus,

Code: Select all

[   26.964349] wlan0: authenticate with 14:a3:64:d5:5d:7d
[   26.964386] wlan0: 80 MHz not supported, disabling VHT
[   26.974430] wlan0: send auth to 14:a3:64:d5:5d:7d (try 1/3)
[   26.982019] wlan0: authenticated
[   26.984261] wlan0: associate with 14:a3:64:d5:5d:7d (try 1/3)
[   26.987930] wlan0: RX AssocResp from 14:a3:64:d5:5d:7d (capab=0x401 status=0 aid=1)
[   26.996680] wlan0: associated

is good.

What does

Code: Select all

ifconfig -a

show once that appears in dmesg?

The 4 way handshake for WPA2 happens before wlan0 can connect. Yes, you would need to enter your pass phrase, if one is required.
That only makes the radio link work, the dmesg snip above.

Connection means that normal network traffic works. That requires both the radio link and the rest of the network set up.

Post by **pietinger** » Tue Sep 05, 2023 7:09 pm

Torpus,

I have the feeling that you are trying to do too many things at once. My recommendation is to first set up a slim AND stable Gentoo system and then - step by step - expand it. You should really start with a stable Gentoo and not use unstable right away:

Code: Select all

ACCEPT_KEYWORDS="amd64 ~amd64"

(because you can easily switch form stable to unstable; the way back is hard ... sometimes impossible)

What I don't understand is the version of your kernel:

Code: Select all

System uname: Linux-5.15.0-76-generic-x86_64-AMD_A10-9620P_RADEON_R5,

...

It is NOT the same as in your dmesg ... another machine - or have you booted with a LiveCD ? WHY ?

...

Also, you have chosen "hardened", which is not exactly suitable for a desktop (but rather for servers):

Code: Select all

default/linux/amd64/17.1/hardened

The profile you select ensures that some important use-flags are already set correctly; for a desktop, of course, a desktop profile is advantageous. Yes, there is the possibility to link profiles (hardened+desktop) ... But I'll hold back for now ...

.... (*)

If you want to know what a use-flag is for, you can query it with "euse -i crda" ... and you will find out that this one is not good at all (I have not recommend it).

You have activated as well many other use-flags which I can't overlook anymore - as well you tried again to activate DNSMASQ ... (sidenote: I recommend - and use it self - "unbound")

If you start the iwd via netifrc (yes), then you must not start it additionally in default runlevel. If you put "iwd" into default runlevel, then you must delete net.wlan0 - I dont recommend because you have then no networkmanager (for e.g. wired ethernet). Putting the same script in two runlevels is as wrong as it can be !

Normally I don't recommend reinstalling to fix small bugs (even Neddy doesn't recommend it), but it might be useful here. Just follow our AMD64 handbook and read - thorough - also some Wiki articles:
https://wiki.gentoo.org/wiki/Handbook:AMD64

*) viewtopic-p-8694188.html#8694188

Torpus · Post by **Torpus** » Tue Sep 05, 2023 8:02 pm

@pietinger

Oops, I did this command on the Live USB... I can't really do it on hardware (well, because I had no terminal graphical app to copy-paste it (I had to have XFCE or something)

I'm not trying to do many things at once, I just "don't know what I'm doing maaaan" (I'm a 6-month Mint & Manjaro user remember)

I did install the "hardened" one since the point of installing Gentoo was "extreme minimalism, zero bloat and privacy paranoia" as Gentoo can be the MOST secure OS if well-configured.

I had no idea what're "stable & unstable", again that was part of when I blindly followed a YouTube tutorial and """copied""" a make.conf sample (pretty pathetic I know)

You're right. My system is indeed somehow corrupted. I'm sorry for messing with you guys.

Even when I removed iwd from default and then sysinit, it gave me the exact same error. (a /etc/conf.d/net thing maybe)

And netifrc starts twice, sometimes says net.wlan0 does not support scanning and sometimes not...

Yep, I have to start all over again and follow ONLY the wiki (and maybe review my old threads)

I've a couple little questions though: Should I just make my Gentoo too normal (GRUB instead of LILO, GTK3 instead of GTK2, not encrypted with LUKS and pretty vulnerable, use genkernel instead of making my own (cheating) and XFCE instead of dwm) and THEN proceed to harden it and make it more minimal once everyhing works fine? Should I also just install an easier distro on my laptop and play around Gentoo on a VM until I can be "good-enough"? (or maybe dual-boot)

I'll be clear with you guys: I won't be satisfied until I have the "purrfect" Gentoo!

Because if I didn't I'll be stuck on the bottom all the time (and the learning experience is quite fun!)

P.S: Please don't delete this thread temporarily because I might re-read it carefully when I reconfigure WiFi, thanks!

Torpus · Post by **Torpus** » Tue Sep 05, 2023 9:45 pm

Never mind. I'll fight it all myself.

Post by **pietinger** » Tue Sep 05, 2023 10:29 pm

Torpus,

I like your goal to have a secure as possible Linux ... you can do it ... with Gentoo

I am paranoid for security ... and privacy ! Therefore I wrote an "Installation guide for paranoid dummies" ... it is in german language (because my english is poor). Yes, one piece of it is a hardened kernel (you dont have in hardened-sources; you have to do it by yourself). But this alone is not sufficient. You will need also a firewall, maybe encryption of your home partition (or your entire disk), maybe SecureBoot ... SELinux or AppArmor (I recommend SELinux for a server and AA for a desktop) ... maybe IMA ! ... I also recommend to use DoT (DNS over TLS) ... to a trustworthy service ...

But what security you will need depends on your threat scenario ... so, these are only pieces you can use.

Believe me: Even if you are an experienced Linux - and - Gentoo user, you will need many days to install all what you want/need. Maybe take a look into my (last) installation-log:
https://wiki.gentoo.org/wiki/User:Pieti ... /delete_me
(I have posted it for user @4761)
(Please dont use it; I have no WLAN; because ... too insecure for me; I like cables)

Please dont ask me, how many YEARS it took me to learn a little bit about the kernel ... and ... it is still not over ... and will never be ... because you will learn ALWAYS something new.

Now to your questions:

Torpus wrote:Should I just make my Gentoo too normal (GRUB instead of LILO, GTK3 instead of GTK2,

LILO is outdated. "Normal" is grub. Use it for the beginning. Later you can make a stub kernel (your UEFI BIOS can start/boot also a stub kernel directly without using a bootmanager like grub) if you want.

Torpus wrote:not encrypted with LUKS and pretty vulnerable,

Do you know where encryption helps ... and where it is useless ? If you download a bad mkv-video-file and watch it, then it could be your system gets immediately infected ... EVEN if you have FDE (full disk encryption) ... because after every system start all of your partitions (and files) are readable (must be) ... encryption of your disk helps against OFFLINE TAMPERING (or loosing the notebook), but not against ONLINE ATTACKS ... (If you want we can do this in more detail in an other thread)

Torpus wrote:use genkernel instead of making my own (cheating)

Use our binary dist-kernel (= no gentoo-sources) for the first time (option 1 in AMD64 handbook) and NOT genkernel. TBH I have never used genkernel ... this is more complicated for me than a manual configuration. Later you can start with (option 3):
https://wiki.gentoo.org/wiki/User:Pieti ... figuration
READ ALSO all LINKS I have in ... it is a lot; I know ... you will learn the difference between -*- and [*] ... and believe me - trust me - what I am saying ... e.g.:

: Look into every <Help> of an option you want to enable or disable and read not only the help text ... moreover read also all information in the last section, where you can find something like "Selects:" and/or "Selected by:" and/or "Depends on:". These will show you the dependencies to (or from) other modules.

Dont worry you can have as many kernels as you want (and have space on disk); grub will see them all; and you can select in grub which kernel you want to boot (later you can delete some). I have three different kernels acitve; my working one is a

HARDENED (with KSPP and own changes), SIGNED (for secureboot), MONOLITHIC (=no module support=all modules are built-in my kernel), STUB (needs no grub) Kernel with IMA (Integrity Measurement Architecture) and AppArmor enabled. My /home partition is encrypted with "fscrypt" (I dont care much about offline tampering; but I am afraid of online attacks) ... and yes, it is a STABLE system.

Torpus wrote:and XFCE instead of dwm)

Sorry, I cannot help here because I am using KDE since 20 years.

Torpus wrote:and THEN proceed to harden it and make it more minimal once everyhing works fine?

Gentoo is minimal from the beginning because you will install only what you need. (Okay, not quite true; to be user-friendly some packages are installed not everybody needs; but these are not security relevant)

Torpus wrote:Should I also just install an easier distro on my laptop and play around Gentoo on a VM until I can be "good-enough"? (or maybe dual-boot)

Hard to say ... yes, you will need "some" Linux knowledge ... e.g. a blinking file is a link to a non-existant file (= a dead link) ... but you can learn also with Gentoo.

Torpus wrote:(and the learning experience is quite fun!)

YESSS !! If you want really go deep with Linux, then Gentoo is the best (Meta-) distribution.

Torpus wrote:P.S: Please don't delete this thread temporarily because I might re-read it carefully when I reconfigure WiFi, thanks!

Dont worry - no serious thread is deleted in our forum.

Torpus · Post by **Torpus** » Wed Sep 06, 2023 9:56 am

pietinger,

Thanks! I just saw your German guide and there were LOTS of links that gave me information overload o_O. I'll just start with the basic install and copy paste the kernel config not to waste my time and finally start hardening it with SELinux, LUKS etc just like I did with Mint.

One other little question: If I want to use musl and busybox instead of glibc and coreutils, can I do it before OR after everything basic is set up and well configured? I want my Gentoo to be also lightweight and not just secure btw,

Post by **pietinger** » Wed Sep 06, 2023 12:06 pm

Torpus wrote:Thanks!

You are very Welcome !

Torpus wrote:LOTS of links that gave me information overload o_O.

Torpus wrote:If I want to use musl and busybox instead of glibc and coreutils, can I do it before OR after everything basic is set up and well configured?

AFAIK before ... IIRC there is a special stage3 for musl (just look into our download page: https://www.gentoo.org/downloads/ ) ... please keep in mind: the more exotic your Gentoo is, the harder it will be to find experts for it (I can't help with musl) ... (maybe you dont know: all people we have here in our forum dont earn money for helping; it is voluntary; the only reward we get is a thank you.)

Have fun with Gentoo !

mrbassie · Post by **mrbassie** » Wed Sep 06, 2023 2:39 pm

Torpus wrote:@pietinger

I'm not trying to do many things at once, I just "don't know what I'm doing maaaan" (I'm a 6-month Mint & Manjaro user remember)

You've got lot going on in /etc/conf.d/net. I would rename the file and write a more basic one to begin with, get it working and add whatever other pieces you need 1 at a time.

Code: Select all

config_eth0="dhcp"
routes_eth0="default gw 192.168.0.1"
dns_servers_eth0="192.168.0.2"
config_wlan0="dhcp"
routes_wlan0="default gw 192.168.0.1"
dns_servers_wlan0="192.168.0.2"
#wpa_supplicant
modules_wlan0="wpa_supplicant"
wpa_supplicant_wlan0="-iwlwifi"

That's all that's in mine.

Post by **NeddySeagoon** » Wed Sep 06, 2023 3:47 pm

Torpus,

There have never been any failed Gentoo installs. Only varying degrees of success.
Everyone that tries, learns something so that a measure of success.

Take a day out to design your install on paper, or in a post or two.

Gentoo requires that you design your install, then use portage and the ::gentoo repo to implement it.

There are a few things that have to be right from the outset, as they cannot be changed later without a reinstall.
e.g. /no-multilib/ cannot be converted to multilib.
LUKS cannot be added in place. At best, its backup, reformat and restore.
SELINUX cannot be added later.

Before you go overboard with hardennig, consider your threats.
Once you know the threats you need to defend against, deploy suitable defences.

Binary distros do the system design for you. You don't even see the controls.
You are using the Gentoo toolkit to design and install Torpus Linux.
All our Gentoo installs are different but we all use the same toolkit to get what we want.

Its never perfect. I've been trying for over 20 years. Just when you get the hang of something, it changes under you. :)

Anyway, stage one is the design. Do that and share it in a new topic.

Post by **pietinger** » Wed Sep 06, 2023 4:18 pm

NeddySeagoon wrote:SELINUX cannot be added later.

Hmm ... I believe it is possible (but much harder as starting with the selinux-stage3) because our wiki says:

This document assumes the reader starts with an existing Gentoo Linux system which needs to be converted to Gentoo with SELinux

https://wiki.gentoo.org/wiki/SELinux/Installation

Torpus · Post by **Torpus** » Wed Sep 06, 2023 6:22 pm

Enough chit-chat. I gotta speedrun this installation rn

@pietinger

there is a special stage3 for musl

OMG I literally didn't know this exists.

Getting the musl one with llvm and I'll think about hardening both Gentoo and its kernel later.

Alright. Now I'll take another week reinstalling Gentoo.

Post by **NeddySeagoon** » Wed Sep 06, 2023 6:39 pm

Torpus,

Get a nice run of the mill Gentoo install under your belt before you do much else.

musl was intended for embedded systems, not desktop use.
Its getting there but compared to a glibc, musl is still frayed round the edges.

Hardening is one of the things that can be added later without to much pain.

musl+llvm .... I can feel the pain already.

stefan11111 · Post by **stefan11111** » Wed Sep 06, 2023 7:00 pm

NeddySeagoon wrote: musl+llvm .... I can feel the pain already.

The appeal of musl is the minimalism afaik. But why use llvm?
If you're going to trade off compile time for run time, you might as well use a binary distro.

Post by **pietinger** » Wed Sep 06, 2023 7:02 pm

NeddySeagoon wrote:musl+llvm .... I can feel the pain already.

It's just a question of perseverance, stamina, ambition, willingness to learn and time ... I have the feeling he will manage everything ... maybe he will become the best friend of stefan11111

P.S.: @stefan11111 : I wrote above at the same time of your post = not seeing it

stefan11111 · Post by **stefan11111** » Wed Sep 06, 2023 7:20 pm

Torpus wrote: One other little question: If I want to use musl and busybox instead of glibc and coreutils, can I do it before OR after everything basic is set up and well configured?

I don't think it's possible without making use of /etc/portage/profile/packages and /etc/portage/profile/package.provided.

Code: Select all

$ doas emerge -cav coreutils

Calculating dependencies... done!
  sys-apps/coreutils-9.4 pulled in by:
    @system requires sys-apps/coreutils
    app-admin/eselect-1.4.26 requires sys-apps/coreutils
    sys-apps/portage-3.0.51 requires >=sys-apps/coreutils-6.4

Maybe open a thread in portage & programming. I suggest you do that after you fix everything else though.

Torpus wrote: I want my Gentoo to be also lightweight and not just secure btw,

Post:

Code: Select all

$ grep -i mitigations /usr/src/linux/.config
# CONFIG_SPECULATION_MITIGATIONS is not set

to determine how much speed you want to sacrifice for security.
Not that I recommend doing it like I do. I may change it when I start my drug empire.

Post by **NeddySeagoon** » Thu Sep 07, 2023 3:40 pm

Torpus,

Gentoo works best when your build on what you know works.
Install things, test, ... rinse and repeat.

Now when it breaks, you know where to look. Keep the problem space small.

Its also summarised as if you are going to eat an elephant, do it one plateful at a time.

Start out by thinking about what you want and why you want it.
Only when that is clear, can you think about how to implement that.

Torpus · Post by **Torpus** » Sat Sep 23, 2023 8:41 am

NeddySeagoon,

After reinstalling from scratch Wi-Fi works fine, I finally get ping replies and the DNS works as well. I think this should be marked as SOLVED as the issue really was that the whole setup was messed up.

But for some reason now when I turn on Gentoo it still gives the warning net.wlp2s0 has started but is inactive. Which I suppose is completely harmless.

Regards!