[ << ] [ < ] [ Home ] [ > ] [ >> ]

3. Portage Features

Content:

DistCC
ccache
Binary Packages
Security Related Features
Other Features

3.a. DistCC

What is DistCC?

distcc is a program to distribute compilations across several, not necessarily identical, machines on a network. The distcc client sends all necessary information to the available DistCC servers (running distccd) so they can compile pieces of source code for the client. The net result is a faster compilation time.

You can find more elaborate information about distcc (and information on how to have it work with Gentoo) in our Gentoo Distcc Documentation.

Installing DistCC

Distcc ships with a graphical monitor to monitor tasks that your computer is sending away for compilation. If you use Gnome then put 'gnome' in your USE setting. However, if you don't use Gnome and would still like to have the monitor then you should put 'gtk' in your USE setting.

Installing distcc is, as is with all software available through Gentoo's Portage, extremely easy:

Note: From now on, as you now know how to install binary packages if you want, we will omit the --usepkg option throughout the rest of the Gentoo Handbook.

Code listing 1: Installing Distcc

# emerge distcc

Activating Portage Support

Well, if installation is easy, the rest should be easy too :) So let us quickly activate the Portage support for distcc.

First, open /etc/make.conf and edit the FEATURES variable so it contains the distcc keyword. Next, edit the MAKEOPTS variable so it reads -jX with X the number of CPUs that run distccd (including the current host) plus one:

Code listing 2: Possible MAKEOPTS setting in /etc/make.conf

# Suppose you have 2 single-CPU distccd hosts excluding this host:
MAKEOPTS="-j4"

Now, still inside /etc/make.conf, uncomment the PORTAGE_TMPDIR line and add the following line at the end of the file:

Code listing 3: Add an extra, distcc-specific variable to /etc/make.conf

# Don't forget to uncomment the PORTAGE_TMPDIR variable
DISTCC_DIR=${PORTAGE_TMPDIR}/portage/.distcc

Now run distcc-config and enter the list of available DistCC servers. For a simple example we assume that the available DistCC servers are 192.168.1.102 (the current host), 192.168.1.103 and 192.168.1.104 (two "remote" hosts):

Code listing 4: Configuring distcc to use three available DistCC servers

# distcc-config --set-hosts "192.168.1.102 192.168.1.103 192.168.1.104"

Of course, don't forget to run the distccd daemon too:

Code listing 5: Starting the distcc daemon

# /etc/init.d/distccd start

Congratulations, your system will now use distributed compiling! For more in-depth information about DistCC and Gentoo, please read our Gentoo DistCC Documentation.

3.b. ccache

What is ccache?

ccache is a fast compiler cache. When you compile a program, it will cache intermediate results so that, when you ever recompile the same program, the compilation time is greatly reduced. In common compilations this can result in 5 to 10 times faster compilation times.

If you are interested in the ins and outs of ccache, please visit the ccache homepage.

Installing ccache

Installing ccache with Gentoo is a breeze. Just emerge it and you're done :)

Code listing 6: Installing ccache

# emerge ccache

Activating Portage Support

First, edit /etc/make.conf and alter the FEATURES variable so that it contains the ccache keyword:

Code listing 7: Editing FEATURES in /etc/make.conf

FEATURES="ccache"

Next, edit (or create) the CCACHE_SIZE variable (also in /etc/make.conf) so it contains the amount of diskspace you want to sacrifice for ccache:

Code listing 8: Editing CCACHE_SIZE in /etc/make.conf

CCACHE_SIZE="2G"

As of now, Portage will use ccache to speed up compilations where possible. If you are uncertain that ccache works, you can run ccache -s to view the ccache statistics:

Code listing 9: Viewing ccache statistics

# ccache -s

3.c. Binary Packages

Creating binary packages

We have already discussed how to work with prebuilt packages, but how do you create your own prebuilt packages?

If the package is already installed, you can use the quickpkg command which will make a tarball of the installed files. This is very interesting for backup purposes!

Code listing 10: Using quickpkg

# quickpkg gnumeric

If the package isn't installed yet, you can install it using emerge and ask to build a binary package too. emerge uses the --buildpkg option (-b in short) for this:

Code listing 11: Installing gnumeric and building binary packages too

# emerge --buildpkg gnumeric

If you want Portage to do this by default, you should set the buildpkg keyword in the FEATURES variable declared in /etc/make.conf.

Code listing 12: Automatically creating binary packages

FEATURES="buildpkg"

If you don't want to install the software, but only build the package, you can use the --buildpkgonly option (-B in short):

Code listing 13: Building a binary package for gnumeric

# emerge --buildpkgonly gnumeric

3.d. Security Related Features

Sandbox

While building and installing packages, Portage uses a sandbox to protect your live system. This means that, as long as the package isn't installed on your system, the package cannot touch any file outside the sandbox. This ensures that Portage knows what files are created and modified by a package.

When the package compilation is finished, Portage will "preinstall" the package in the sandbox, registering what files are placed and where. It will then move those files from the sandbox on your live system.

User Privileges

Portage also supports building packages as non-root user (more precisely, as user "portage", group "portage"). This improves the security during the build process. You can opt to use user privileges with or without sandboxing. Of course, it goes without saying that user privileges and sandboxing is the most preferred method :)

Activating sandbox and/or userpriv

Portage will use sandbox per default. If you want userpriv, you should add it to the FEATURES variable. Note that activating userpriv will drop sandbox support, unless you also activate usersandbox:

Code listing 14: Activating userpriv and usersandbox

FEATURES="userpriv usersandbox"

Warning: Do not remove sandbox from the FEATURES variable!

Strict Checking

Portage can be asked to react strongly to possibly dangerous conditions (such as missing or incorrect Manifest files). To activate this strict checking, add the strict keyword to the FEATURES variable:

Code listing 15: Activating strict checking

FEATURES="strict"

Smart File System Permissions

Portage can be told to automatically deal with potentially dangerous file permissions that could pose a security risk. It does this by removing the "group" and "other" readable bits on setuid files and removing the "other" readable bit on setgid files in the pre install phase. To activate the smart file permissions, add the sfperms keyword to the FEATURES variable:

Code listing 16: Activating smart file system permissions

FEATURES="sfperms"

3.e. Other Features

Portage Help

There are several other keywords you can place in the FEATURES variable. Most of them are targeted towards developers and less interesting for the casual user. If you are interested in learning more about these features (or Portage generally), don't forget to read the make.conf manpage we provide.

Code listing 17: More Portage-related information

# man make.conf

[ << ] [ < ] [ Home ] [ > ] [ >> ]