~hellfire103's website!

Blog: I Use Gentoo Now

2026-02-23 03:36 GMT

I’ve finally gone and done it.

After four years of daily-driving Arch (in various forms), I’ve bid farewell to that familiar blue triangle in favour of a purple magatama.

I am, of course, referring to Gentoo Linux.

Why?

Well, it began last week. I had noticed that, on Amethyst-II (my T480s), linux-cachyos-hardened hadn’t been updated in line with the other kernel flavours in a short while. Rather than wait for it to be updated, I switched back over to the regular linux-cachyos kernel. I then began to notice I had trouble accessing my onion services and eepsites, which I immediately decided was a problem with my system.

I had no idea where to begin troubleshooting, as I wasn’t getting any error messages, so I decided to do a clean install rather than take my chances.

Quite rashly, I said to my flatmate "Arch has failed me for the last time. At least, for the next eight months". That timeframe is, of course, arbitrary.

I would later discover that my inability to access the darknet was actually due to an ongoing attack on the networks, and just happened to coincide with my switching of kernels.

And so I distrohopped. Alpine proved to be unusable outside of the system configuration set out by setup-alpine; openSUSE didn’t work quite how I liked; Void’s repos were inadequate for my needs; Slackware fell apart after just a few hours; and I ended up making a Frankendebian in order to have all the software I was after. I even gave OpenBSD and HardenedBSD a try, but the former was missing some crucial software (running this under vmm(8) would have defeated the point of using OpenBSD, I feel); and the latter seemed reluctant to install in the first place. Eventually, I landed on Gentoo.

Now, I am not a stranger to Gentoo. I used to run it on Spinel-II (my Raspberry Pi 5, which I use as a desktop PC). However, I remember very little, and that system was never configured particularly well. There was also an air of instability about that particular installation, as if it would spontaneously start crashing, freezing, or becoming self-aware at any point, so I swapped it for Raspbian at the start of 2025.

On Amethyst-II, though, it was a differe t story. After a few failed installs, a power failure during kernel compilation, and hours upon hours of emerging, I finally had it installed the way I liked it. Then, at around 7AM, I finally went to bed.

Why Not Arch?

I found out that the Tor and I2P errors were nothing to do with me while I was running openSUSE, so why didn’t I go back to CachyOS or vanilla Arch? Well, I mentioned earlier that a spoke rashly.

I love Arch, and I miss a few niceties like the AUR (GURU isn’t the same); but this time I’m sticking to what I said.

My hope is that I’ll come out of this a bit wiser in the ways of Linux, and I’ll think a little harder before I speak next time.

Specifications

I started out with the hardened OpenRC stage 3 archive, which I unpacked onto an encrypted root partition.

I initially tried to build a custom kernel, but the instructions I was following were a touch out-of-date and the kernel didn’t build; so, instead, I installed sys-kernel/gentoo-kernel with the hardened USE flag, and that has been perfect.

For reasons I can’t recall, I decided not to add a swap partition, and to instead use zram.

Sway is, as always, my window manager of choice. I saw no reason to rewrite everything, so I copied my old config files across with a few minor tweaks (e.g. switching systemctl for loginctl in wlogout).

Package-wise, I’m using Portage — with a properly-configured make.conf and the GURU overlay enabled — for almost everything. However, I also have batsignal manually installed from its Git repo, and I’m using Flatpak for Webcord (I hate compiling Electron) and OTPClient (despite having used Slackware, I don’t enjoy drawing out dependency trees).

Secure Boot

Just hours before I began writing this, I also managed to set up secure boot. I had initially tried to do this with sbctl, just as I would have done on Arch or Debian, but for some reason this didn’t work. I was careful to sign both the bootloader and vmlinuz, and I tried to sign the initramfs, GRUB themes, and modules as well, but I kept getting the same error:

prohibited by secure boot policy

So, after a bit of digging, I decided to use shim instead. This is an interesting method, as it doesn’t involve enrolling keys to one’s UEFI, but instead loading a tiny bootloader signed with Microslop’s keys, which then verifies and chainloads GRUB using its own keys.

This also took a few tries to get right, but I eventually cracked it with the help of this guide.

I Love USE Flags

One thing that always annoyed me (just a little) about other operating systems was the difference in features. Some software would be compiled with certain options and libraries installed, which would affect the UX. A prime example would be Links2, which I had to compile myself on a few occasions in order to use custom fonts in XLinks.

Gentoo changes this with something called a USE flag. You see, Portage (the package manager) compiles practically everything from source. By simply modifying your make.conf or package.use, you can enable and disable features and integrations in your software. Want to allow imv to play GIFs? Put gif in your make.conf. Want to use GTK4 instead of GTK3 in LibreOffice? Simply put app-office/libreoffice -gtk3 gtk4 in your package.use. It’s really quite excellent.

A Learning Experience

Installing and using Gentoo requires a fair bit more know-how than Arch or Slackware. For one thing, there is no installer: it’s stage3 or nothing (unless you’re in a VM).

Everything also has to be set up manually, but I have always liked this in an OS. It means that no two Gentoo installations are alike, and I think that’s beautiful.

Since I installed it, I have already learned a great deal more than I knew last week, and I’m sure I’ll be writing my own ebuild scripts and customising my own kernel in no time, so long as I keep at it.

To be fair, it's not like I have much choice. I’ve spent at least ten hours setting everything up: I’m not about to tear that all down for something inferior.

What Next?

Well, I find that large changes like this tend to come in groups. I’m also looking to reinstall my other machines, for various reasons:

• Amethyst (Salix -> 9front) — I have been intrigued by Plan 9 and its forks since I heard about it, and my ThinkPad T400 is a perfect candidate for such an OS. However, since I quite like Salix (and since this machine is currently full of sugar thanks to a soft drink related mishap), I will probably leave this for the time being.
• LapisLazuli (Debian -> antiX) — LapisLazuli is getting on a bit now, and even the likes of LXQt are a bit sluggish at times. However, while Mandrake derivatives (namely Mageia) have always run well on this machine, I would prefer to stay in the Debian ecosystem for stability reasons. antiX seems like my best bet: lightweight, sysvinit-compatible, and "proudly anti-fascist".
• Spinel-II (Raspbian -> OpenBSD) — I have heard good things about OpenBSD’s RPi5 support, and I always like to have a BSD machine somewhere in my fleet. I forget why. Regardless, since the hardware isn’t particularly appropriate for Steam or Minecraft, and since my go-to web browsers don’t support Linux arm64 anyway, daily-driving a BSD on this machine would not be a bad idea.
• Garnet (openSUSE -> Proxmox) — This hunk of junk from 2019 is too big to fit in my bag, outperformed by my T400, physically falling apart due to its thin plastic casing, the battery lasts around 30 seconds (not joking), and I haven’t found anywhere that sells replacements. All in all, its portable days are long gone. However, the CPU isn’t completely terrible, and the RAM and HDD are decent, so I plan to turn it into a server. Of course, I will have to put a lot of thought into the fine details of this project. In order to conceal my location, I’ll have to proxy it. I’ll also need to learn Proxmox and Nginx, and set up a reverse proxy. One way or another, though, I will have it set up at some point in the future.

Conclusion

I’m not sure how to end this, so here’s a song I’ve been listening to:

"Don’t Let Me Go" by Cigarettes After Sex

(I’ve been watching Twin Peaks)