make.conf

Below, I set up my make.conf. Lots of stuff going on in there.

compiler flags: native CPU compilation, link-time optimization, mold linker
global USE flags: copying desktop flags
nicer compiles: setting up niceness and MAKEOPTS
secure boot: this section needs updating...
other
auto-generated: machine-built part of make.conf, such as mirrors or cpuid2cpuflags

1. compiler flags

I use resolve-march-native, LTO, and the mold linker.

My machine has an 13th Gen Intel(R) Core(TM) i9-13900H (12+8). Sometimes when updating sys-devel/gcc I get a

 * Different values of l1-cache-size detected!
 * GCC will fail to bootstrap when comparing files with these flags.

due to my mix of power and efficiency cores. (Bug 915389 ⇗)

So as Gentoo recommends, I use the output of app-misc/resolve-march-native for CPU_FLAGS

/etc/portage/make.conf

# CPU_FLAGS has no special meaning;
# I merely include it in COMMON_FLAGS later
CPU_FLAGS=" -march=alderlake -mabm -mno-cldemote \
-mno-kl -mno-sgx -mno-widekl -mshstk \
--param=l1-cache-line-size=64 --param=l1-cache-size=48 \
--param=l2-cache-size=24576 "

Aside. Supposedly app-misc/resolve-march-native is meant to specify architecture-specific transformations in place of -march=native.

But why does its output differ so wildly from

gcc -march=native -E -v - < /dev/null 2>&1 \
    | grep cc1 \
    | grep -o -- '- .*' \
    | cut -d\  -f2-

which should probably be the same?

Next, add LTO (Gentoo Wiki ⇗) to save runtime RAM. Mix it with the mold linker, a drop-in replacement for ld. (Supposedly. Now and then causes compile bugs on btrfs-progs: Mold issue 1509 ⇗)

/etc/portage/make.conf

# c compiler flags
WARNING_FLAGS="-Werror=odr -Werror=lto-type-mismatch -Werror=strict-aliasing"
COMMON_FLAGS="-O2 -pipe -flto ${CPU_FLAGS} ${WARNING_FLAGS}"
CFLAGS="${COMMON_FLAGS}"
CXXFLAGS="${COMMON_FLAGS}"
FCFLAGS="${COMMON_FLAGS}"
FFLAGS="${COMMON_FLAGS}"

LDFLAGS="${LDFLAGS} -fuse-ld=mold"

# lang-specific flags
RUSTFLAGS="-C target-cpu=native" # rust is O3 by default
CGO_CFLAGS="${COMMON_FLAGS}"
CGO_CXXFLAGS="${COMMON_FLAGS}"
CGO_FFLAGS="${COMMON_FLAGS}"
CGO_LDFLAGS="${LDFLAGS}"

# USE FLAGS
USE="lto"

/etc/portage/env/sys-fs/btrfs-progs

# chop off -fuse-ld=mold
# see https://github.com/rui314/mold/issues/1509
LDFLAGS="${LDFLAGS//-fuse-ld=mold/}"

I also recommend, when a package breaks with LTO (last time for me it was GIMP), to use a package.env to temporarily disable it for a specific package.

/etc/portage/env/no-lto

# These warnings were promoted to errors as they indicate likely runtime
# problems with LTO. Additively disable them since LTO is being removed.
WARNING_FLAGS="-Wno-error=odr -Wno-error=lto-type-mismatch -Wno-error=strict-aliasing"

CFLAGS="${CFLAGS} -fno-lto"
CXXFLAGS="${CXXFLAGS} -fno-lto"
FCFLAGS="${FCFLAGS} -fno-lto"
FFLAGS="${FFLAGS} -fno-lto"

USE="${USE} -lto"

2. global use flags

Most of my USE flags are automatically inherited from my profile (amd 23.0 hardened, which is not a desktop profile).

Due to that, I need to add typical desktop stuff to global USE:

dbus. Desktops use inter-process communication all the time.
X and wayland to add gui support to many apps.
elogind and -systemd. I use an OpenRC system, so this is recommended ⇗.
pulseaudio and pipewire. See sound ⟹ to understand these.
modules-sign. It's somewhat helpful in secure boot probably.
introspection. Lots of apps depend on other apps to have GTK introspection as a USE flag, so it's too much effort NOT to make it global.

/etc/portage/make.conf

USE="${USE} dbus X wayland elogind -systemd pulseaudio pipewire modules-sign introspection"

3. nicer compiles

Often when I compile, I keep working. Then I don't want the CPU to give Portage all of its priority —— especially if I have other apps running.

/etc/portage/make.conf

# Extremely low priority
PORTAGE_SCHEDULING_POLICY="idle"
# Lowest priority
PORTAGE_NICENESS="19"
PORTAGE_IONICE_COMMAND="ionice -c 3 -p \${PID}"

# For parallelism, typically
#   min(half of ram in GB, half of cores)
# is recommended.
MAKEOPTS="-j8"

Of course, if I WANT my CPU to work harder, I might run something like this:

MAKEOPTS=-j12 sudo -E emerge -uDNav @world --keep-going

4. secure boot

TODO: I'm not even sure I need this for manual kernel installs.

TODO: I'm not sure this calls to the sbctl keys correctly anyway.

/etc/portage/make.conf

USE="${USE} secureboot"
MODULES_SIGN_KEY=/var/lib/sbctl/keys/db/db.key
MODULES_SIGN_CERT=/var/lib/sbctl/keys/db/db.pem
SECUREBOOT_SIGN_KEY=/var/lib/sbctl/keys/db/db.key
SECUREBOOT_SIGN_CERT=/var/lib/sbctl/keys/db/db.pem

5. other

/etc/portage/make.conf

# VIDEO_CARDS="intel nvidia" # "deprecated" or whatever.
ACCEPT_LICENSE="*" # I'm not trying to run Trisquel lol

# for use with app-portage/elogv
PORTAGE_ELOG_SYSTEM="save"
PORTAGE_ELOG_CLASSES="warn error info log qa"


# binpkg stuff
FEATURES="${FEATURES} binpkg-request-signature"

6. auto-generated

/etc/portage/make.conf

# NOTE: This stage was built with the bindist USE flag enabled

# This sets the language of build output to English.
# Please keep this setting intact when reporting bugs.
LC_MESSAGES=C.utf8

# auto-generated by mirrorselect
GENTOO_MIRRORS="https://mirror.clarkson.edu/gentoo/ \
    https://mirrors.mit.edu/gentoo-distfiles/ \
    https://gentoo.osuosl.org/ \
    https://mirrors.rit.edu/gentoo/ \
    rsync://mirrors.rit.edu/gentoo/ \
    https://mirror.servaxnet.com/gentoo/"

From cpuid2cpuflags:

/etc/portage/package.use/00cpu-flags

*/* CPU_FLAGS_X86: aes avx avx2 f16c fma3 mmx mmxext pclmul popcnt rdrand sha sse sse2 sse3 sse4_1 sse4_2 ssse3 vpclmulqdq