reinit the tree, so we can have metadata

author: V3n3RiX <venerix@redcorelinux.org> 2017-10-09 18:53:29 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2017-10-09 18:53:29 +0100
commit: 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch)
tree: ba5f07bf3f9d22d82e54a462313f5d244036c768 /profiles/features
53 files changed, 553 insertions, 0 deletions
diff --git a/profiles/features/eapi b/profiles/features/eapi
new file mode 100644
index 000000000000..7ed6ff82de6b
--- /dev/null
+++ b/profiles/features/eapi
@@ -0,0 +1 @@
+5
diff --git a/profiles/features/hardened/amd64/eapi b/profiles/features/hardened/amd64/eapi
new file mode 100644
index 000000000000..7ed6ff82de6b
--- /dev/null
+++ b/profiles/features/hardened/amd64/eapi
@@ -0,0 +1 @@
+5
diff --git a/profiles/features/hardened/amd64/make.defaults b/profiles/features/hardened/amd64/make.defaults
new file mode 100644
index 000000000000..10d89c63ebf8
--- /dev/null
+++ b/profiles/features/hardened/amd64/make.defaults
@@ -0,0 +1,5 @@
+# Copyright 1999-2012 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+
+USE="justify -pic"
+
diff --git a/profiles/features/hardened/amd64/no-multilib/eapi b/profiles/features/hardened/amd64/no-multilib/eapi
new file mode 100644
index 000000000000..7ed6ff82de6b
--- /dev/null
+++ b/profiles/features/hardened/amd64/no-multilib/eapi
@@ -0,0 +1 @@
+5
diff --git a/profiles/features/hardened/amd64/no-multilib/make.defaults b/profiles/features/hardened/amd64/no-multilib/make.defaults
new file mode 100644
index 000000000000..1dd0a2a0f7e0
--- /dev/null
+++ b/profiles/features/hardened/amd64/no-multilib/make.defaults
@@ -0,0 +1,6 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# We don't need to have pic on
+USE="-pic"
+
diff --git a/profiles/features/hardened/amd64/no-multilib/parent b/profiles/features/hardened/amd64/no-multilib/parent
new file mode 100644
index 000000000000..f3229c5b9876
--- /dev/null
+++ b/profiles/features/hardened/amd64/no-multilib/parent
@@ -0,0 +1 @@
+..
diff --git a/profiles/features/hardened/amd64/package.mask b/profiles/features/hardened/amd64/package.mask
new file mode 100644
index 000000000000..76612099e7c4
--- /dev/null
+++ b/profiles/features/hardened/amd64/package.mask
@@ -0,0 +1,11 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Cernlib has address space issues on amd64 and package is no
+# longer supported by upstream. Thus masking it and its reverse
+# dependencies.
+# See bug 426764.
+sci-physics/cernlib
+sci-physics/cernlib-montecarlo
+sci-physics/geant:3
+sci-physics/paw
diff --git a/profiles/features/hardened/amd64/package.use b/profiles/features/hardened/amd64/package.use
new file mode 100644
index 000000000000..0cef7f8d1d92
--- /dev/null
+++ b/profiles/features/hardened/amd64/package.use
@@ -0,0 +1,12 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015)
+# We need to have the pic flag on.
+# Bugs 490276, 513464, 523736 and 512208.
+media-libs/x264 pic
+media-video/ffmpeg pic
+media-video/libav pic
+>=media-libs/mesa-10.1.6 pic
+media-libs/libpostproc pic
+>=media-libs/xvid-1.3.3 pic
diff --git a/profiles/features/hardened/amd64/package.use.force b/profiles/features/hardened/amd64/package.use.force
new file mode 100644
index 000000000000..ef833f2d1b51
--- /dev/null
+++ b/profiles/features/hardened/amd64/package.use.force
@@ -0,0 +1,7 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015)
+# We need to have the pic flag on.
+# Bugs 358929
+app-emulation/open-vm-tools pic
diff --git a/profiles/features/hardened/amd64/package.use.mask b/profiles/features/hardened/amd64/package.use.mask
new file mode 100644
index 000000000000..50e34f0e46d0
--- /dev/null
+++ b/profiles/features/hardened/amd64/package.use.mask
@@ -0,0 +1,8 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Cernlib has address space issues on amd64 and package is no
+# longer supported by upstream. Thus masking it and its reverse
+# dependencies.
+# See bugs 426764, 556612.
+=sci-physics/geant-4.9.4* geant3
diff --git a/profiles/features/hardened/amd64/parent b/profiles/features/hardened/amd64/parent
new file mode 100644
index 000000000000..f3229c5b9876
--- /dev/null
+++ b/profiles/features/hardened/amd64/parent
@@ -0,0 +1 @@
+..
diff --git a/profiles/features/hardened/eapi b/profiles/features/hardened/eapi
new file mode 100644
index 000000000000..7ed6ff82de6b
--- /dev/null
+++ b/profiles/features/hardened/eapi
@@ -0,0 +1 @@
+5
diff --git a/profiles/features/hardened/make.defaults b/profiles/features/hardened/make.defaults
new file mode 100644
index 000000000000..f753f571b723
--- /dev/null
+++ b/profiles/features/hardened/make.defaults
@@ -0,0 +1,15 @@
+# Copyright 1999-2014 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+
+# Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org> (16 Nov 2011)
+# Rename STAGE1_USE to BOOTSTRAP_USE and stack it to the parent value
+BOOTSTRAP_USE="${BOOTSTRAP_USE} hardened pax_kernel pic xtpax -jit -orc"
+
+USE="hardened pax_kernel pic urandom xtpax -fortran -jit -orc"
+
+# Ian Stakenvicius, 2014-09-03
+# Set a variable just to indicate that the current profile is a hardened one
+# This variable can be leveraged in ebuilds for pkg_postinst messages that
+# indicate said package is, say, configured in a way that defeats the purpose
+# of running hardened.
+PROFILE_IS_HARDENED=1
diff --git a/profiles/features/hardened/package.mask b/profiles/features/hardened/package.mask
new file mode 100644
index 000000000000..af6a869977fc
--- /dev/null
+++ b/profiles/features/hardened/package.mask
@@ -0,0 +1,15 @@
+# Copyright 1999-2017 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+
+# We need newer then glibc 2.24
+<sys-libs/glibc-2.25
+
+# broken on hardened, use sys-apps/elfix to fix gnustack
+sys-devel/prelink
+# depends on prelink
+app-crypt/hmaccalc
+
+# OpenAFS kernel module is not compatible with hardened kernels
+# due to C99 struct init requirement by hardened kernels,
+# see bug 540196 comment 9.
+net-fs/openafs-kernel
diff --git a/profiles/features/hardened/package.use.force b/profiles/features/hardened/package.use.force
new file mode 100644
index 000000000000..697af381d682
--- /dev/null
+++ b/profiles/features/hardened/package.use.force
@@ -0,0 +1,7 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Needed for XATTR_PAX flags
+app-arch/tar xattr
+sys-apps/coreutils xattr
+sys-apps/portage xattr
diff --git a/profiles/features/hardened/package.use.mask b/profiles/features/hardened/package.use.mask
new file mode 100644
index 000000000000..e3320e1e4d9d
--- /dev/null
+++ b/profiles/features/hardened/package.use.mask
@@ -0,0 +1,11 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+sys-apps/hwloc gl
+
+sys-devel/gcc -hardened
+sys-libs/glibc -hardened
+
+# net-fs/openafs-kernel module can't be used on hardened,
+# see bug 540196.
+net-fs/openafs modules
diff --git a/profiles/features/hardened/packages b/profiles/features/hardened/packages
new file mode 100644
index 000000000000..2524abdd0c4f
--- /dev/null
+++ b/profiles/features/hardened/packages
@@ -0,0 +1,6 @@
+# Copyright 1999-2013 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+
+# This file extends the base packages file for all hardened profiles
+
+*sys-apps/elfix
diff --git a/profiles/features/hardened/use.force b/profiles/features/hardened/use.force
new file mode 100644
index 000000000000..35e56536ec64
--- /dev/null
+++ b/profiles/features/hardened/use.force
@@ -0,0 +1,6 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Make sure people don't accidentally turn of ssp/pie in important packages.
+pie
+ssp
diff --git a/profiles/features/hardened/use.mask b/profiles/features/hardened/use.mask
new file mode 100644
index 000000000000..e3999ad48706
--- /dev/null
+++ b/profiles/features/hardened/use.mask
@@ -0,0 +1,13 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+-hardened
+
+# precompiled headers are not compat with ASLR.
+pch
+
+# prelink is masked for hardened
+prelink
+
+# profile are incompatible when linking with pie
+profile
diff --git a/profiles/features/multilib/eapi b/profiles/features/multilib/eapi
new file mode 100644
index 000000000000..7ed6ff82de6b
--- /dev/null
+++ b/profiles/features/multilib/eapi
@@ -0,0 +1 @@
+5
diff --git a/profiles/features/multilib/make.defaults b/profiles/features/multilib/make.defaults
new file mode 100644
index 000000000000..a844d754369e
--- /dev/null
+++ b/profiles/features/multilib/make.defaults
@@ -0,0 +1,16 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org> (16 Nov 2011)
+# Rename STAGE1_USE to BOOTSTRAP_USE and stack it to the parent value
+# This is so we build with multilib from the start
+BOOTSTRAP_USE="${BOOTSTRAP_USE} multilib"
+
+# Default USE=multilib to on.  This rarely impact packages as they should be
+# using the multilib eclass anyways.  #435094
+USE="multilib"
+
+# FEATURES="multilib-strict" specific settings.
+MULTILIB_STRICT_DIRS="/lib32 /lib /usr/lib32 /usr/lib /usr/kde/*/lib32 /usr/kde/*/lib /usr/qt/*/lib32 /usr/qt/*/lib /usr/X11R6/lib32 /usr/X11R6/lib"
+MULTILIB_STRICT_DENY="64-bit.*shared object"
+MULTILIB_STRICT_EXEMPT="(perl5|gcc|gcc-lib|binutils|eclipse-3|debug|portage|udev|systemd|clang|python-exec|llvm)"
diff --git a/profiles/features/multilib/package.use b/profiles/features/multilib/package.use
new file mode 100644
index 000000000000..b171f871ab08
--- /dev/null
+++ b/profiles/features/multilib/package.use
@@ -0,0 +1,6 @@
+# Copyright 1999-2016 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License, v2
+
+# Enable all ABIs by default so we can protect any non-native binaries that
+# might be executed.
+sys-apps/sandbox abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_o32 abi_mips_n32 abi_mips_n64 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
diff --git a/profiles/features/multilib/package.use.force b/profiles/features/multilib/package.use.force
new file mode 100644
index 000000000000..90f2389e51bd
--- /dev/null
+++ b/profiles/features/multilib/package.use.force
@@ -0,0 +1,7 @@
+# Copyright 2004-2014 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License, v2
+
+# These packages must have multilib turned on in order to work sanely.
+sys-apps/sandbox multilib
+sys-devel/gcc multilib
+sys-libs/glibc multilib
diff --git a/profiles/features/multilib/use.mask b/profiles/features/multilib/use.mask
new file mode 100644
index 000000000000..7471c9f05442
--- /dev/null
+++ b/profiles/features/multilib/use.mask
@@ -0,0 +1,8 @@
+# Copyright 2004-2008 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License, v2
+
+# SECTION: Unmask
+
+# 2008/02/13 - Chris Gianelloni <wolf31o2@gentoo.org>
+# Unmask multilib, since we need to use it.
+-multilib
diff --git a/profiles/features/prefix/eapi b/profiles/features/prefix/eapi
new file mode 100644
index 000000000000..7ed6ff82de6b
--- /dev/null
+++ b/profiles/features/prefix/eapi
@@ -0,0 +1 @@
+5
diff --git a/profiles/features/prefix/make.defaults b/profiles/features/prefix/make.defaults
new file mode 100644
index 000000000000..28ddc1270c94
--- /dev/null
+++ b/profiles/features/prefix/make.defaults
@@ -0,0 +1,27 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Michael Haubenwallner <haubi@gentoo.org> (19 Apr 2016)
+# We can not use xattrs by default in Prefix.
+USE="-xattr"
+
+# Jeremy Olexa <darkside@gentoo.org> (30 Jun 2009)
+# As of now, there does not exist a reliable working sandbox implementation on
+# any Gentoo Prefix platform. Lately, sandbox has caused *many* issues that
+# the Gentoo Prefix team has no time to fix and/or troubleshoot. see: bug 271424
+# see:
+# https://archives.gentoo.org/gentoo-alt/msg_3c355ca5e70e7975eae293823f1751f2.xml
+# see: bug 274239
+# and other issues, etc etc.
+#
+# If in the future, there does exist a working sandbox implementation then it
+# should be enabled on a per-profile basis only.
+FEATURES="${FEATURES} -sandbox -usersandbox"
+
+# Prefix does not have user management and the security model does not apply.
+# Disable user* features by default.
+FEATURES="${FEATURES} -userpriv -userfetch -usersync"
+
+# this probably already is like this, but we assure that in prefix we
+# have a GNU userland
+USERLAND="GNU"
diff --git a/profiles/features/prefix/package.mask b/profiles/features/prefix/package.mask
new file mode 100644
index 000000000000..dfa6e719cf82
--- /dev/null
+++ b/profiles/features/prefix/package.mask
@@ -0,0 +1,22 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Jeremy Olexa <darkside@gentoo.org> (30 Jun 2009)
+# The PAM auth system just will not work in Gentoo Prefix, instead the host auth
+# system should be used.
+sys-libs/pam
+sys-auth/pambase
+
+# Jeremy Olexa <darkside@gentoo.org> (02 Jun 2009)
+# If you have MacFuse or some other implementation of fuse installed, you can
+# probably use this by placing sys-fs/fuse in package.provided, bug 272210
+net-fs/curlftpfs
+
+# Jeremy Olexa <darkside@gentoo.org> (02 Dec 2008)
+# Reported to work. However, you will need to package.provide some deps. 
+# See bug 248809 for more details.
+net-fs/openafs
+
+# Fabian Groffen <grobian@gentoo.org> (11 Jan 2008)
+# Screws up things, see bug #204998
+<sys-devel/gcc-3.4.0
diff --git a/profiles/features/prefix/package.use.mask b/profiles/features/prefix/package.use.mask
new file mode 100644
index 000000000000..f02bc5775fe9
--- /dev/null
+++ b/profiles/features/prefix/package.use.mask
@@ -0,0 +1,46 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Benda Xu <heroxbd@gentoo.org> (28 Jul 2016)
+# Needs root privilege.
+sys-fs/eudev hwdb kmod
+
+# Kacper Kowalik <xarthisius@gentoo.org> (14 Jan 2012)
+# sci-libs/mkl don't have prefix keywords
+dev-python/numexpr mkl
+
+# Fabian Groffen <grobian@gentoo.org> (08 Dec 2011)
+# USE=vanilla produces a broken compiler for Prefix.  Only use this flag
+# when you're absolutely sure what you're doing.  Do NOT report bugs
+# about failing packages when using a vanilla compiler!
+sys-devel/gcc vanilla
+
+# Rafael Goncalves Martins <rafaelmartins@gentoo.org> (29 Sep 2010)
+# dev-libs/judy without prefix keywords
+# (amd64-linux and x86-linux)
+sci-electronics/gtkwave judy
+
+# Jonathan Callen <abcd@gentoo.org> (22 Feb 2010)
+# ppp is not available in Prefix
+kde-apps/kdenetwork-meta ppp
+
+# Christian Faulhammer <fauli@gentoo.org> (09 Jan 2010)
+# hesiod and m17n-lib are not available in Prefix
+app-editors/emacs-vcs hesiod m17n-lib
+app-editors/emacs hesiod m17n-lib
+
+# Jeremy Olexa <darkside@gentoo.org> (30 Sep 2009)
+# berkdb has hardcoded paths all over, breaks on linux at least. Use flag
+# disappearing in next bump: prefix can be early and force it to be not used to
+# save headaches.
+# NOTE to prefix devs: if it needs to not be a global mask, talk to me because
+# it currently causes failures on linux. It can be made a "less global" mask.
+dev-lang/python berkdb
+
+# Elias Pipping <pipping@gentoo.org> (18 Nov 2007)
+# feynmf fails to build documentation
+dev-tex/feynmf doc
+
+# Elias Pipping <pipping@gentoo.org> (15 Nov 2007)
+# pkg_postinst tries to create/delete a user, fails
+dev-libs/cyrus-sasl berkdb gdbm
diff --git a/profiles/features/prefix/packages b/profiles/features/prefix/packages
new file mode 100644
index 000000000000..a4d727977333
--- /dev/null
+++ b/profiles/features/prefix/packages
@@ -0,0 +1,26 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Gentoo Base Prefix Profile
+
+# NOTE: THIS MODIFIES THE BASE PROFILE FOR *ANY* PREFIX BASED OPERATING SYSTEM.
+# NO MODIFICATIONS MAY BE MADE TO THIS FILE WITHOUT PRIOR DISCUSSION.  IF
+# YOU ARE CREATING A NEW PROFILE, YOU SIMPLY NEED TO INHERIT THIS BASE
+# PROFILE IN YOUR PROFILE DIRECTORY'S "parent" FILE.
+
+# Read the descriptions of ../../base/packages for some explanation
+
+# This file removes everything from the base profile which is not
+# necessary/desired in a prefix environment.
+
+-*net-misc/iputils
+-*sys-apps/iproute2
+-*sys-apps/kbd
+-*sys-fs/e2fsprogs
+-*virtual/dev-manager
+-*virtual/modutils
+-*virtual/shadow
+
+# we don't want this either (as baselayout-prefix provides the functions.sh
+# file that this was added to ../base/packages for)
+-*sys-apps/openrc
diff --git a/profiles/features/prefix/rpath/eapi b/profiles/features/prefix/rpath/eapi
new file mode 100644
index 000000000000..7ed6ff82de6b
--- /dev/null
+++ b/profiles/features/prefix/rpath/eapi
@@ -0,0 +1 @@
+5
diff --git a/profiles/features/prefix/rpath/packages b/profiles/features/prefix/rpath/packages
new file mode 100644
index 000000000000..ca559fb1847a
--- /dev/null
+++ b/profiles/features/prefix/rpath/packages
@@ -0,0 +1,11 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# we don't ever will install these, so no need to depend on them
+-*virtual/libc
+-*virtual/os-headers
+
+-*>=sys-apps/baselayout-2
+# add back prefix baselayout
+*sys-apps/baselayout-prefix
+
diff --git a/profiles/features/prefix/rpath/parent b/profiles/features/prefix/rpath/parent
new file mode 100644
index 000000000000..f3229c5b9876
--- /dev/null
+++ b/profiles/features/prefix/rpath/parent
@@ -0,0 +1 @@
+..
diff --git a/profiles/features/prefix/rpath/profile.bashrc b/profiles/features/prefix/rpath/profile.bashrc
new file mode 100644
index 000000000000..1964faf33266
--- /dev/null
+++ b/profiles/features/prefix/rpath/profile.bashrc
@@ -0,0 +1,22 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Hack to avoid every package that uses libiconv/gettext
+# install a charset.alias that will collide with libiconv's one
+# See bugs 169678, 195148 and 256129.
+# Also the discussion on
+# https://archives.gentoo.org/gentoo-dev/msg_8cb1805411f37b4eb168a3e680e531f3.xml
+prefix-post_src_install() {
+	local f
+	if [[ ${PN} != "libiconv" && -n $(ls "${ED}"/usr/lib*/charset.alias 2>/dev/null) ]]; then
+		einfo "automatically removing charset.alias"
+		rm -f "${ED}"/usr/lib*/charset.alias
+	fi
+}
+
+# These are because of
+# https://archives.gentoo.org/gentoo-dev/msg_529a0806ed2cf841a467940a57e2d588.xml
+# The profile-* ones are meant to be used in etc/portage/profile.bashrc by user
+# until there is the registration mechanism.
+profile-post_src_install() { prefix-post_src_install ; }
+        post_src_install() { prefix-post_src_install ; }
diff --git a/profiles/features/prefix/rpath/use.force b/profiles/features/prefix/rpath/use.force
new file mode 100644
index 000000000000..ee3ee2379455
--- /dev/null
+++ b/profiles/features/prefix/rpath/use.force
@@ -0,0 +1,6 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# prefix-guest USE flag should be set in prefix rpath profiles
+prefix-guest
+
diff --git a/profiles/features/prefix/rpath/use.mask b/profiles/features/prefix/rpath/use.mask
new file mode 100644
index 000000000000..294cb12c1d19
--- /dev/null
+++ b/profiles/features/prefix/rpath/use.mask
@@ -0,0 +1,9 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# prefix-guest USE flag should be set in prefix rpath profiles
+-prefix-guest
+
+# multilib is never going to work as expected in Prefix rpath
+multilib
+
diff --git a/profiles/features/prefix/standalone/eapi b/profiles/features/prefix/standalone/eapi
new file mode 100644
index 000000000000..7ed6ff82de6b
--- /dev/null
+++ b/profiles/features/prefix/standalone/eapi
@@ -0,0 +1 @@
+5
diff --git a/profiles/features/prefix/standalone/legacy/make.defaults b/profiles/features/prefix/standalone/legacy/make.defaults
new file mode 100644
index 000000000000..254b730a79c4
--- /dev/null
+++ b/profiles/features/prefix/standalone/legacy/make.defaults
@@ -0,0 +1,17 @@
+# This profile is supporting >=linux-2.6.16[a] and <linux-2.6.32[b].
+
+# a. https://sourceware.org/ml/libc-announce/2012/msg00001.html
+# lowest version supported by glibc-2.17 to glibc-2.19.
+
+# b. https://sourceware.org/ml/libc-alpha/2014-09/msg00088.html
+# lowest version supported by glibc-2.20 onwards.
+
+
+# utimensat is missing or not reliable until linux-2.6.32.
+# needed by python-3.
+ac_cv_func_utimensat=no
+# pipe2 requires >=linux-2.6.27.  Needed by python-3.
+ac_cv_func_pipe2=no
+
+# >=python-3 is masked.
+PYTHON_TARGETS="-python3_4"
diff --git a/profiles/features/prefix/standalone/legacy/package.mask b/profiles/features/prefix/standalone/legacy/package.mask
new file mode 100644
index 000000000000..5125269d289d
--- /dev/null
+++ b/profiles/features/prefix/standalone/legacy/package.mask
@@ -0,0 +1,7 @@
+# >=glibc-2.20 requires >=linux-2.6.32.
+>=sys-libs/glibc-2.20
+
+# >=python-3.4 assumes F_DUPFD_CLOEXEC of fcntl,
+# which requires >=linux-2.6.24.
+# python-3.3 seems to be unconditionally using utimensat.
+>=dev-lang/python-3
+\ No newline at end of file
diff --git a/profiles/features/prefix/standalone/legacy/package.unmask b/profiles/features/prefix/standalone/legacy/package.unmask
new file mode 100644
index 000000000000..0d7380b42738
--- /dev/null
+++ b/profiles/features/prefix/standalone/legacy/package.unmask
@@ -0,0 +1,2 @@
+# >=glibc-2.20 requires >=linux-2.6.32.
+<sys-libs/glibc-2.20
diff --git a/profiles/features/prefix/standalone/legacy/profile.bashrc b/profiles/features/prefix/standalone/legacy/profile.bashrc
new file mode 100644
index 000000000000..e537cc0fa319
--- /dev/null
+++ b/profiles/features/prefix/standalone/legacy/profile.bashrc
@@ -0,0 +1,6 @@
+# tricks to circumvent false positive checks of old kernel
+
+if [[ ${CATEGORY}/${PN} == dev-util/cmake && ${EBUILD_PHASE} == configure ]]; then
+    einfo "Removing utimensat outputs..."
+    sed -i '/UTIMENSAT=/d' ${S}/Source/kwsys/CMakeLists.txt
+fi
diff --git a/profiles/features/prefix/standalone/make.defaults b/profiles/features/prefix/standalone/make.defaults
new file mode 100644
index 000000000000..0e1661e1014d
--- /dev/null
+++ b/profiles/features/prefix/standalone/make.defaults
@@ -0,0 +1,7 @@
+# getentropy is available from linux-3.17 and glibc-2.25
+# disable it unconditionally for Python-3.4 and 2.7.
+# http://bugs.python.org/issue31255
+# remove when python-3.4 goes end-of-life on 2019-03-16,
+# and when python-2.7 goes end-of-life on 2020-01-01.
+# https://docs.python.org/devguide/#status-of-python-branches
+ac_cv_func_getentropy=no
diff --git a/profiles/features/prefix/standalone/parent b/profiles/features/prefix/standalone/parent
new file mode 100644
index 000000000000..f3229c5b9876
--- /dev/null
+++ b/profiles/features/prefix/standalone/parent
@@ -0,0 +1 @@
+..
diff --git a/profiles/features/prefix/use.force b/profiles/features/prefix/use.force
new file mode 100644
index 000000000000..843b1c7ed890
--- /dev/null
+++ b/profiles/features/prefix/use.force
@@ -0,0 +1,8 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# force prefix flag to be set
+prefix
+
+# force GNU userland (even though base profile sets this too)
+userland_GNU
diff --git a/profiles/features/prefix/use.mask b/profiles/features/prefix/use.mask
new file mode 100644
index 000000000000..61f29a075894
--- /dev/null
+++ b/profiles/features/prefix/use.mask
@@ -0,0 +1,23 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# prefix USE flag should always be unmasked in prefix profiles
+-prefix
+
+# re-add userland GNU
+-userland_GNU
+
+# USE flags inherited by the base/use.defaults file that shouldn't be in Prefix
+cups
+gpm
+
+# USE=pam just does not make sense in Gentoo Prefix. Should be using the host
+# auth system.
+pam
+
+# USE=udev just does not make sense in Gentoo Prefix. bug 293480
+udev
+
+# suid requires root privilege, which is not support by prefix in general
+# one example: bug 447340.
+suid
diff --git a/profiles/features/selinux/eapi b/profiles/features/selinux/eapi
new file mode 100644
index 000000000000..7ed6ff82de6b
--- /dev/null
+++ b/profiles/features/selinux/eapi
@@ -0,0 +1 @@
+5
diff --git a/profiles/features/selinux/make.defaults b/profiles/features/selinux/make.defaults
new file mode 100644
index 000000000000..963412a92e4c
--- /dev/null
+++ b/profiles/features/selinux/make.defaults
@@ -0,0 +1,15 @@
+# Copyright 1999-2014 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+#
+
+# selinux - Enable SELinux support
+# unconfined - Enable unconfined domains, needed due to 'targeted' policy type
+# open_perms - Enable open permission in SELinux subsystem
+USE="selinux unconfined open_perms"
+
+FEATURES="selinux sesandbox sfperms"
+
+POLICY_TYPES="strict targeted"
+PORTAGE_T="portage_t"
+PORTAGE_FETCH_T="portage_fetch_t"
+PORTAGE_SANDBOX_T="portage_sandbox_t"
diff --git a/profiles/features/selinux/package.mask b/profiles/features/selinux/package.mask
new file mode 100644
index 000000000000..fdbb561d5371
--- /dev/null
+++ b/profiles/features/selinux/package.mask
@@ -0,0 +1,37 @@
+
+# Göktürk Yüksek <gokturk@gentoo.org> (09 Nov 2016)
+# On behalf of proxy-maint
+# Mask due to the package requiring systemd
+# and causing unresolvable dep issues
+# See: https://github.com/gentoo/gentoo/pull/2262
+www-misc/profile-sync-daemon
+
+# Jason Zaman <perfinion@gentoo.org> (27 Jun 2015)
+# SystemD has no support in the SELinux policy at the moment.
+# Please see: https://wiki.gentoo.org/wiki/SELinux/FAQ#Can_I_use_SELinux_with_SystemD.3F
+app-admin/systemdgenie
+app-eselect/eselect-gnome-shell-extensions
+sys-apps/systemd
+app-admin/calamares
+dev-python/python-systemd
+gnome-base/gdm
+gnome-base/gnome
+gnome-base/gnome-extra-apps
+gnome-base/gnome-light
+gnome-base/gnome-shell
+gnome-extra/chrome-gnome-shell
+gnome-extra/gnome-logs
+gnome-extra/gnome-shell-extensions
+gnome-extra/gnome-shell-frippery
+gnome-extra/gnome-shell-extensions-topicons
+gnome-extra/gnome-shell-extensions-topicons-plus
+gnome-extra/gnome-tweak-tool
+x11-themes/zukitwo-shell
+gnome-extra/office-runner
+kde-misc/systemd-kcm
+net-firewall/firewalld
+net-misc/netctl
+sys-apps/gentoo-systemd-integration
+sys-apps/systemd-readahead
+sys-process/systemd-cron
+sys-apps/dbus-broker
diff --git a/profiles/features/selinux/package.use.force b/profiles/features/selinux/package.use.force
new file mode 100644
index 000000000000..c7e70425d6bb
--- /dev/null
+++ b/profiles/features/selinux/package.use.force
@@ -0,0 +1,27 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Sven Vermeulen <swift@gentoo.org> (19 Apr 2013)
+# sys-apps/policycoreutils (semanage command) uses sepolgen, which requires libselinux with USE="python". 
+# sys-apps/policycoreutils also requires libsemanage with USE="python" and
+# setools with USE="python"
+sys-libs/libselinux python
+sys-libs/libsemanage python
+app-admin/setools python
+
+# Sven Vermeulen <swift@gentoo.org> (21 May 2013)
+# sys-apps/policycoreutils has PYTHON_USE_WITH="xml" set, so we force it
+# here to allow stages to build with USE=xml on python
+dev-lang/python xml
+
+# Jason Zaman <perfinion@gentoo.org> (03 Dec 2014)
+# sys-apps/busybox has IUSE="+static", so force static-libs on its deps
+# so stages can build with no interacton. Bug #527938
+sys-libs/libselinux static-libs
+dev-libs/libpcre static-libs
+
+# Jason Zaman <perfinion@gentoo.org> (27 Jun 2015)
+# SystemD has no support in the SELinux policy at the moment.
+# Please see: https://wiki.gentoo.org/wiki/SELinux/FAQ#Can_I_use_SELinux_with_SystemD.3F
+gnome-base/gnome-settings-daemon openrc-force
+gnome-base/gnome-shell openrc-force
diff --git a/profiles/features/selinux/package.use.mask b/profiles/features/selinux/package.use.mask
new file mode 100644
index 000000000000..9af31771b185
--- /dev/null
+++ b/profiles/features/selinux/package.use.mask
@@ -0,0 +1,33 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Brian Dolbec <dolsen@gentoo.org> (17 Sep 2014)
+# mask pypy for several utilities due to incompatibility with libselinux
+sys-apps/portage python_targets_pypy python_targets_pypy3
+app-portage/gentoolkit python_targets_pypy python_targets_pypy3
+app-portage/layman python_targets_pypy python_targets_pypy3
+app-admin/webapp-config python_targets_pypy python_targets_pypy3
+app-portage/diffmask python_targets_pypy python_targets_pypy3
+app-portage/flaggie python_targets_pypy python_targets_pypy3
+
+# Jason Zaman <perfinion@gentoo.org> (27 Jun 2015)
+# SystemD has no support in the SELinux policy at the moment.
+# Please see: https://wiki.gentoo.org/wiki/SELinux/FAQ#Can_I_use_SELinux_with_SystemD.3F
+app-emulation/libvirt firewalld
+gnome-base/gdm wayland
+net-firewall/fwknop firewalld
+www-servers/uwsgi uwsgi_plugins_systemd_logger
+x11-wm/mutter kms
+>=x11-wm/mutter-3.22 wayland
+x11-misc/xscreensaver gdm
+xfce-extra/xfswitch-plugin gdm
+app-misc/workrave gnome
+net-misc/wicd gnome-shell
+x11-misc/gpaste gnome
+x11-terms/gnome-terminal gnome-shell
+x11-themes/zukitwo gnome-shell
+net-wireless/bluez user-session
+
+# Alex Brandt <alunduil@gentoo.org> (6 Sep 2015)
+# app-emulation/rkt[rkt_stage1_src] requires systemd which isn't available with selinux.
+app-emulation/rkt rkt_stage1_src
diff --git a/profiles/features/selinux/packages b/profiles/features/selinux/packages
new file mode 100644
index 000000000000..038ef191f71f
--- /dev/null
+++ b/profiles/features/selinux/packages
@@ -0,0 +1,10 @@
+# Copyright 1999-2012 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+
+# Base SELinux packages
+*sys-libs/libsepol
+*sys-libs/libselinux
+*sys-libs/libsemanage
+*sys-apps/checkpolicy
+*sys-apps/policycoreutils
+*sec-policy/selinux-base-policy
diff --git a/profiles/features/selinux/profile.bashrc b/profiles/features/selinux/profile.bashrc
new file mode 100644
index 000000000000..d28d6c3dfae3
--- /dev/null
+++ b/profiles/features/selinux/profile.bashrc
@@ -0,0 +1,5 @@
+# SELinux-aware progams write to entries here
+SANDBOX_WRITE="${SANDBOX_WRITE}:/selinux/:/sys/fs/selinux/"
+
+# for setfscreatecon
+SANDBOX_WRITE="${SANDBOX_WRITE}:/proc/self/"
diff --git a/profiles/features/selinux/use.force b/profiles/features/selinux/use.force
new file mode 100644
index 000000000000..a651b206dcf2
--- /dev/null
+++ b/profiles/features/selinux/use.force
@@ -0,0 +1 @@
+selinux
diff --git a/profiles/features/selinux/use.mask b/profiles/features/selinux/use.mask
new file mode 100644
index 000000000000..5d0b3bf1e557
--- /dev/null
+++ b/profiles/features/selinux/use.mask
@@ -0,0 +1,14 @@
+# Copyright 1999-2017 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+
+# This file masks out USE flags that are simply NOT allowed in the default
+# profile for any architecture.  This works, for example, if a non-default
+# profile (such as the selinux profiles) have a USE flag associated with
+# them.
+
+-hardened
+-selinux
+
+# no policy yet
+systemd
+-openrc-force
author	V3n3RiX <venerix@redcorelinux.org>	2017-10-09 18:53:29 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2017-10-09 18:53:29 +0100
commit	4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch)
tree	ba5f07bf3f9d22d82e54a462313f5d244036c768 /profiles/features