# Gentoo Production Buildhoster - Sample Tutorial Instructions
# Copyright (c) 2005 Mike Green <mikey at badpenguins dot com>
# Released under the GNU GPLv2

These instructions cover building an x86 host with the sample
hardened-router spec.  This spec creates a hardened buildhost from
stage1 that is suitable for use as a dmz router.

1)  Install gentoo buildhoster, which is documented in sample-tutorial.txt.

2)  Copy over the sample spec overlay.

    # cp -r sample-overlay /var/buildhoster/overlays
    # cp hardened-router.spec /var/buildhoster/specs

3)  Download the portage snapshot, this documentation was created on
    2007-04-11 so the previous days snapshot is used.  Replace 20070410
    with the correct date.

    # cd /var/buildhoster/snapshots
    # wget http://distfiles.gentoo.org/snapshots/portage-20070410.tar.bz2

4)  Download the hardened stage1 tarball.

    # cd /var/buildhoster/stages
    # wget http://distfiles.gentoo.org/releases/x86/2006.0/stages/hardened/stage1-x86-hardened-2.6-2006.0.tar.bz2

5)  Edit hardened-router.spec.  Change the snapshot date to the date of the
    portage snapshot downloaded in step 3 above.  Change the cflags: and
    cxxflags: tags to the correct target processor.

6)  Create the buildhost.

    # buildhost --create hardened-router

5)  Create a stage3 snapshot out of the buildhost.  This will take a while.

    # buildhost --stage3 hardened-router.

6)  The resulting stage3 snapshot will be created in /var/buildhoster/stages.
    This snapshot is suitable for installation on the real target host.
    Binary packages will be created in the directory:
    /var/buildhoster/packages/hardened-router/20070410.

7)  Customize the hardened-router meta package for your own needs.

    # buildhost hardened-router
    # cd /usr/local/sample-overlay/virtual/hardened-router
    # nano hardened-router-20070410.ebuild
    # ebuild hardened-router-20070410.ebuild digest
    # exit

8)  Customize the kernel package to your own needs.

    # buildhost hardened-router
    # emerge -1 =hardened-sources-2.6.18-r6
    # cd /usr/src/linux
    # cp /usr/local/sample-overlay/sys-kernel/kernel-hardened/files/config-2.6.18-r6 .config
    # make oldconfig
    # make menuconfig
    # cp .config /usr/local/sample-overlay/sys-kernel/kernel-hardened/files/config-2.6.18-r6
    # cd /usr/local/sample-overlay/sys-kernel/kernel-hardened
    # ebuild kernel-hardened-2.6.18-r6.ebuild digest
    # exit

9)  Refresh the buildhost, which will create the kernel package and the
    packages in the virtual/hardend-router meta package.

    # buildhost hardened-router
    # refresh-buildhost
or
    # buildhost --refresh hardened-router

To install the target (real) host follow these steps:

On the buildhost server:

1) Set up the following rsync modules:
   [snapshots]
   path = /var/buildhoster/snapshot_cache
   read only = yes
   exclude = distfiles/ packages/

   [overlays]
   path = /var/buildhoster/overlays
   read only = yes

2) (Re)start rsyncd
   # /etc/init.d/rsyncd stop
   # /etc/init.d/rsyncd start

3) Set up the following apache aliases:
   Alias /distfiles/ /var/buildhoster/distfiles/
   <Directory "/var/buildhoster/distfiles">
      Order allow,deny
      Allow from all
   </Directory>

   Alias /packages/ /var/buildhoster/packages/
   <Directory "/var/buildhoster/packages">
      Order allow,deny
      Allow from all
   </Directory>

   Alias /stages/ /var/buildhoster/stages/
   <Directory "/var/buildhoster/stages">
      Order allow,deny
      Allow from all
   </Directory>


4) (Re)start apache
   # /etc/init.d/apache2 stop
   # /etc/init.d/apache2 start

On the target (real) host that is actually being installed follow
these steps:

1)  Use a bootable installation cd, the gentoo installation cd is
    recommended.

2)  Prepare the hard drives, get them mounted, and get networking up as documented
    in the gentoo installation handbook.

3)  Obtain and extract the stage 3.  Substitute your correct snapshot date.
    # cd /mnt/gentoo
    # wget http://yourbuildhostserver.tld/stages/hardened-router-stage3-20070410.tar.bz2
    # tar xvpjf hardened-router-stage3-20070410.tar.bz2

4)  Edit /mnt/gentoo/etc/make.conf with <your favorite editor>.  Remove
    buildpkg from FEATURES.  Add the following:

    PORTDIR_OVERLAY="/usr/local/sample-overlay"
    SYNC="rsync://yourbuildhostserver.tld/snapshots/portage-20070410/portage"
    PORTAGE_BINHOST="http://yourbuildhostserver.tld/packages/hardened-router/20070410/x86/All"

5)  Copy over the sample-overlay:

    # cd /mnt/gentoo/usr/local
    # rsync -avz yourbuildhostserver.tld::overlays/sample-overlay .

6)  Refer to the gentoo installation handbook to prepare the chroot environment,
    After chroot'ing do the sync and install the binary packages:
    # emerge --sync
    # emerge -G hardened-router

7)  Refer to the installation handbook for the rest...