This is done in a chroot, from a 10.0 chapter 7 system. To do this on a live system, you'll need a kernel, initscripts, and some way to connect to the internet, such as iproute+dhcpcd. Make sure you bind-mount your host's /etc/resolv.conf to the chroot, such as: touch $LFS/etc/resolv.conf mount -v --bind /etc/resolv.conf $LFS/etc/resolv.conf This will allow programs to resolve DNS names, which is necessary to download things. Also mount /dev/shm, in addition to the mounts in chapter 7.3: mount -t tmpfs tmpfs $LFS/dev/shm Run the following chapters (avoid tests and docs): - 8.9. Zlib-1.2.11 - 8.10. Bzip2-1.0.8 - 8.34. Bash-5.0 - 8.47. Libffi-3.3 - 8.48. OpenSSL-1.1.1g - 8.49. Python-3.8.5 (!--with-system-expat --without-ensurepip) Symlink python3: ln -sf python3 /usr/bin/python Install ca-certificates: make mkdir -p /usr/share/ca-certificates make install ( cd /usr/share/ca-certificates find . -name '*.crt' | LC_ALL=C sort | cut -b3- ) > /etc/ca-certificates.conf mkdir -p /etc/ssl/certs update-ca-certificates Install wget: ./configure --prefix=/usr --sysconfdir=/etc --with-ssl=openssl --with-libssl-prefix=/usr make make install Install portage (https://wiki.gentoo.org/wiki/Portage#Tarball): python setup.py install echo "portage:x:250:250:portage:/var/tmp/portage:/bin/false" >> /etc/passwd echo "portage::250:portage" >> /etc/group Install repository (https://bouncer.gentoo.org/fetch/root/all/snapshots/, grab gentoo-*.tar.xz): rm -rf /var/db/repos mkdir -p /var/db/repos mv gentoo-*/ /var/db/repos/gentoo Configure portage: mkdir -p /etc/portage ln -sf ../../var/db/repos/gentoo/profiles/default/linux/amd64/17.1/ /etc/portage/make.profile emerge -O1 sys-apps/baselayout . /etc/profile cat /var/lib/gentoo/news/news-gentoo.unread >> /var/lib/gentoo/news/news-gentoo.read rm /var/lib/gentoo/news/news-gentoo.unread touch /var/lib/gentoo/news/news-gentoo.unread dispatch-conf Bootstrap multilib compiler: emerge -O1 sys-apps/gentoo-functions sys-devel/binutils-config sys-devel/gcc-config app-portage/elt-patches sys-devel/binutils dev-libs/gmp dev-libs/mpfr dev-libs/mpc emerge -Of sys-devel/gcc tar xf /var/cache/distfiles/gcc-*.tar.* && cd gcc-*/ && mkdir build && cd build mkdir -p /tmp/gcc/include touch /tmp/gcc/include/limits.h ../configure --prefix=/usr --with-local-prefix=/tmp/gcc --with-newlib --without-headers --disable-shared --disable-threads --disable-bootstrap --enable-multilib --enable-languages=c,c++ make all-gcc all-target-libgcc make install-gcc install-target-libgcc rm -rf /tmp/gcc cd ../.. && rm -rf gcc-*/ Remove use of gcc-multilib-bootstrap, since that defeats the point of building everything from source, and we don't need it with this hack: cd /var/db/repos/gentoo/sys-libs/glibc cp -u glibc-2.31-r6.ebuild{,.orig} sed -e '/gcc-multilib-bootstrap/d' glibc-2.31-r6.ebuild.orig > glibc-2.31-r6.ebuild ebuild glibc-2.31-r6.ebuild manifest PYTHON_COMPAT_OVERRIDE=python3 emerge -O1 sys-libs/glibc ...in case of downgrade, reinstall any LFS programs that broke (using the /tools toolchain?) until portage works again, and reinstall glibc, run ldconfig and fix all warnings. Alternatively, build LFS with an older glibc or unmask the same glibc version that LFS has... Clean up glibc modifications: cd /var/db/repos/gentoo/sys-libs/glibc mv glibc-2.31-r6.ebuild.orig glibc-2.31-r6.ebuild ebuild glibc-2.31-r6.ebuild manifest Not sure if this is necessary if not downgrading, but for good measure: tar xf /var/cache/distfiles/gcc-*.tar.* && cd gcc-*/ && mkdir build && cd build ../libstdc++-v3/configure --prefix=/usr --enable-multilib make make install cd ../.. && rm -rf gcc-*/ emerge -O1 sys-devel/gcc PYTHON_COMPAT_OVERRIDE=python3 emerge -O1 sys-libs/glibc # might be necessary to merge _after_ pax-utils? Bootstrap rest of system: emerge -O1 sys-libs/libseccomp app-misc/pax-utils # required by at least ncurses and sandbox emerge -O1 sys-apps/sandbox USE=-acl emerge -O1 sys-devel/gettext # circular dep, bundles libxml2, abusing this fact... USE=-acl emerge -O1 net-misc/rsync # required by linux-headers emerge -O1 dev-util/pkgconf # required by pax-utils cd /var/db/repos/gentoo/scripts ./bootstrap.sh USE=-pam emerge -O1 sys-libs/libcap # circular dep USE='-acl -xattr -pam' emerge -O1 sys-apps/shadow # required by acct-group emerge -abe @system Unpollute the system by installing it somewhere else: ROOT=/final emerge -K @system