diff options
Diffstat (limited to 'profiles/hardened')
187 files changed, 1359 insertions, 0 deletions
diff --git a/profiles/hardened/README b/profiles/hardened/README new file mode 100644 index 000000000000..202df5eb8f83 --- /dev/null +++ b/profiles/hardened/README @@ -0,0 +1,6 @@ + +Note that the hardened/arches profiles have been deprecated in +favor of the hardened/linux/arches profiles. Please use a supported +profile which you can list using "eselect profile list" and select +with "eselect profile set #". + diff --git a/profiles/hardened/eapi b/profiles/hardened/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/eapi b/profiles/hardened/linux/amd64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/make.defaults b/profiles/hardened/linux/amd64/make.defaults new file mode 100644 index 000000000000..acb6734fd7e6 --- /dev/null +++ b/profiles/hardened/linux/amd64/make.defaults @@ -0,0 +1,9 @@ +# Copyright 1999-2012 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +USE="justify -pic" + +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" diff --git a/profiles/hardened/linux/amd64/no-multilib/eapi b/profiles/hardened/linux/amd64/no-multilib/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/no-multilib/make.defaults b/profiles/hardened/linux/amd64/no-multilib/make.defaults new file mode 100644 index 000000000000..58039871f368 --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/make.defaults @@ -0,0 +1,14 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# We don't need to have pic on +USE="-pic" + +ARCH="amd64" +ACCEPT_KEYWORDS="${ARCH}" + +MULTILIB_ABIS="amd64" + +# Mirror profile/amd64/no-multilib/make.defaults +USE_EXPAND_HIDDEN="ABI_X86" + diff --git a/profiles/hardened/linux/amd64/no-multilib/package.mask b/profiles/hardened/linux/amd64/no-multilib/package.mask new file mode 100644 index 000000000000..342edcab5438 --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/package.mask @@ -0,0 +1,161 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# These are broken as reported by Halcy0n, Aug, 23, 2011 +net-misc/teamviewer +dev-lang/rebol-bin + +games-action/brutal-legend +games-action/hotline-miami +games-action/trine2 +games-action/swordandsworcery +games-action/beathazardultra +games-action/solar2 +games-arcade/dynamitejack +games-kids/crayon-physics +games-misc/katawa-shoujo +games-misc/papers-please +games-rpg/dungeon-defenders +games-rpg/bastion +games-rpg/wasteland2 + +# Mirror profile/amd64/no-multilib/package.mask +app-accessibility/mbrola +app-accessibility/perlbox-voice +app-arch/stuffit +app-benchmarks/cpuburn +=app-editors/emacs-18* +app-emulation/crossover-bin +app-emulation/genymotion-bin +app-emulation/playonlinux +app-emulation/q4wine +>=app-i18n/atokx3-3.0.0 +app-office/ooextras +app-emulation/winetricks +app-text/acroread +dev-embedded/libftd2xx +dev-embedded/openocd +dev-lang/icc +dev-lang/idb +dev-lang/ifc +dev-perl/Archive-Rar +dev-python/skype4py +dev-util/android-sdk-update-manager +dev-util/android-studio +dev-util/biew +games-action/cs2d +games-action/descent3 +games-action/descent3-demo +games-action/heretic2 +games-action/heretic2-demo +games-action/intrusion2 +games-action/lugaru +games-action/mutantstorm-demo +games-action/phobiaii +games-action/rune +games-action/shadowgrounds-bin +games-action/shadowgrounds-survivor-bin +games-action/spacetripper-demo +games-arcade/aquaria +games-arcade/barbarian-bin +games-arcade/jardinains +games-arcade/gish-demo +games-arcade/thinktanks-demo +games-emulation/caps +games-emulation/nestra +games-emulation/pcsx2 +games-emulation/zinc +games-emulation/zsnes +games-fps/avp +games-fps/doom3-cdoom +games-fps/doom3-chextrek +games-fps/doom3-data +games-fps/doom3-demo +games-fps/doom3-ducttape +games-fps/doom3-eventhorizon +games-fps/doom3-hellcampaign +games-fps/doom3-inhell +games-fps/doom3-lms +games-fps/doom3-mitm +games-fps/doom3-roe +games-fps/doom3 +games-fps/enemy-territory-etpro +games-fps/enemy-territory-omnibot +games-fps/enemy-territory-truecombat +games-fps/enemy-territory +games-fps/etqw-bin +games-fps/etqw-data +games-fps/etqw-demo +games-fps/glxquake-bin +games-fps/legends +games-fps/postal2 +games-fps/postal2mp-demo +games-fps/quake3-bin +games-fps/quake3-demo +games-fps/quake3-ra3 +games-fps/quake4-bin +games-fps/quake4-data +games-fps/quake4-demo +games-fps/rtcw +games-fps/rtcwmp-demo +games-fps/rtcwsp-demo +games-fps/sauerbraten +games-fps/serious-sam-tfe +games-fps/serious-sam-tse +games-fps/soldieroffortune +games-fps/soldieroffortune-demo +games-fps/unreal-tournament +games-fps/ut2003 +games-fps/ut2003-demo +games-fps/ut2004-demo +games-misc/little-inferno +games-puzzle/hoh-bin +games-roguelike/adom +<games-roguelike/dwarf-fortress-0.43.0 +games-rpg/baldurs-gate-ee +games-rpg/dear-esther +games-rpg/eschalon-book-1-demo +games-rpg/nwmouse +games-rpg/nwmovies +games-rpg/nwn +games-rpg/nwn-cep +games-rpg/nwn-data +games-rpg/nwn-penultima +games-rpg/nwn-penultimarerolled +games-rpg/nwn-shadowlordsdreamcatcherdemon +games-server/etqw-ded +games-server/nwn-ded +games-server/ut2003-ded +games-simulation/bcs-demo +games-strategy/darwinia +games-strategy/darwinia-demo +games-strategy/defcon-demo +games-strategy/dominions2 +games-strategy/heroes3 +games-strategy/heroes3-demo +games-strategy/majesty-demo +games-strategy/smac +games-strategy/spaz +media-fonts/acroread-asianfonts +media-sound/aucdtect +media-sound/skype-call-recorder +media-sound/ventrilo-server-bin +media-video/binkplayer +media-video/tsmuxer +net-im/skype +net-im/skypetab-ng +net-misc/icaclient +net-misc/ps3mediaserver +net-print/cndrvcups-common-lb +net-print/cndrvcups-lb +sci-biology/foldingathome +sci-electronics/eagle +sci-chemistry/cara-bin +sci-chemistry/cyana +sci-chemistry/mars +sci-chemistry/xdsgui +sci-chemistry/xdsstat-bin +sci-libs/ipp +sys-libs/lib-compat-loki +www-plugins/nspluginwrapper +<sys-boot/grub-1.99 diff --git a/profiles/hardened/linux/amd64/no-multilib/package.use.mask b/profiles/hardened/linux/amd64/no-multilib/package.use.mask new file mode 100644 index 000000000000..16c2f111c7e0 --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/package.use.mask @@ -0,0 +1,19 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Mirror profile/amd64/no-multilib/package.use.mask + +# Yixun Lan <dlan@gentoo.org> (12 Jul 2017) +# GLEP 73 Immutability, USE=ovmf requires hvm +app-emulation/xen-tools ovmf + +# Mike Frysinger <vapier@gentoo.org> (12 Aug 2016) +# Requires sys-boot/grub:0 which is masked here. +sys-apps/memtest86+ floppy + +# Alexandre Rostovtsev <tetromino@gentoo.org> (24 Jun 2012) +# Disable 32-bit parts of wine, bug #351436 +app-emulation/wine mono + +# Intel Integrated Primitive (sci-libs/ipp) support +media-libs/opencv ipp diff --git a/profiles/hardened/linux/amd64/no-multilib/parent b/profiles/hardened/linux/amd64/no-multilib/parent new file mode 100644 index 000000000000..9bf59c55e35a --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/parent @@ -0,0 +1,2 @@ +.. +../../../../arch/amd64/no-multilib diff --git a/profiles/hardened/linux/amd64/no-multilib/selinux/eapi b/profiles/hardened/linux/amd64/no-multilib/selinux/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/selinux/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/no-multilib/selinux/parent b/profiles/hardened/linux/amd64/no-multilib/selinux/parent new file mode 100644 index 000000000000..933e67923d1a --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/selinux/parent @@ -0,0 +1,2 @@ +.. +../../../../../features/selinux diff --git a/profiles/hardened/linux/amd64/no-multilib/use.mask b/profiles/hardened/linux/amd64/no-multilib/use.mask new file mode 100644 index 000000000000..58ee5df13b40 --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/use.mask @@ -0,0 +1,23 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Mask the multilib flags back for non-multilib profile. +abi_x86_32 + +# Mirror profile/amd64/no-multilib/use.mask + +# 2007/08/29 Christoph Mende <angelos@gentoo.org> +# app-accessibility/mbrola is x86 only +mbrola + +# 2007/08/24 Michael Marineau <marineam@gentoo.org> +# Xen HVM support requires building 32-bit binaries. +hvm + +# 2008/02/13 - Chris Gianelloni <wolf31o2@gentoo.org> +# Mask multilib, since we cannot use it. +multilib + +# 2009/05/11 Doug Goldstein <cardoe@gentoo.org> +# Mask 32bit since this will always require emulation packages +32bit diff --git a/profiles/hardened/linux/amd64/package.mask b/profiles/hardened/linux/amd64/package.mask new file mode 100644 index 000000000000..d7b99467153b --- /dev/null +++ b/profiles/hardened/linux/amd64/package.mask @@ -0,0 +1,24 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Magnus Granberg <zorry@gentoo.org> (20 Nov 2012) +# Newer then 300.00 is patched but we still have RWX in the libs. +# We mask X for we still need to make the doc for revdep-pax else +# hell will rule. +# Bug 433121 +<=x11-drivers/nvidia-drivers-300.00 +#dev-util/nvidia-cuda-sdk +# Need X +media-video/nvidia-settings + +# Depends on x11-drivers/nvidia-drivers +#dev-python/pyopencl + +# Cernlib has address space issues on amd64 and package is no +# longer supported by upstream. Thus masking it and its reverse +# dependencies. +# See bug 426764. +sci-physics/cernlib +sci-physics/cernlib-montecarlo +sci-physics/geant:3 +sci-physics/paw diff --git a/profiles/hardened/linux/amd64/package.use b/profiles/hardened/linux/amd64/package.use new file mode 100644 index 000000000000..0cef7f8d1d92 --- /dev/null +++ b/profiles/hardened/linux/amd64/package.use @@ -0,0 +1,12 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015) +# We need to have the pic flag on. +# Bugs 490276, 513464, 523736 and 512208. +media-libs/x264 pic +media-video/ffmpeg pic +media-video/libav pic +>=media-libs/mesa-10.1.6 pic +media-libs/libpostproc pic +>=media-libs/xvid-1.3.3 pic diff --git a/profiles/hardened/linux/amd64/package.use.force b/profiles/hardened/linux/amd64/package.use.force new file mode 100644 index 000000000000..ef833f2d1b51 --- /dev/null +++ b/profiles/hardened/linux/amd64/package.use.force @@ -0,0 +1,7 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015) +# We need to have the pic flag on. +# Bugs 358929 +app-emulation/open-vm-tools pic diff --git a/profiles/hardened/linux/amd64/package.use.mask b/profiles/hardened/linux/amd64/package.use.mask new file mode 100644 index 000000000000..adf1cdc24117 --- /dev/null +++ b/profiles/hardened/linux/amd64/package.use.mask @@ -0,0 +1,29 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# When you add an entry to the top of this file, add your name, the date, and +# an explanation of why something is getting masked. Please be extremely +# careful not to commit atoms that are not valid, as it can cause large-scale +# breakage, especially if it ends up in the daily snapshot. +# +## Example: +## +## # Dev E. Loper <developer@gentoo.org> (28 Jun 2012) +## # Masking foo USE flag until we can get the +## # foo stuff to work properly again (bug 12345) +## =media-video/mplayer-0.90_pre5 foo +## =media-video/mplayer-0.90_pre5-r1 foo + +# Magnus Granberg <zorry@gentoo.org> (30 sep 2016) +# This target support VTV #547040. +>=sys-devel/gcc-4.9 -vtv + +# Magnus Granberg <zorry@gentoo.org> (29 Nov 2012) +# Bug #444786 disable nvidia on app-admin/conky +app-admin/conky nvidia + +# Cernlib has address space issues on amd64 and package is no +# longer supported by upstream. Thus masking it and its reverse +# dependencies. +# See bugs 426764, 556612. +=sci-physics/geant-4.9.4* geant3 diff --git a/profiles/hardened/linux/amd64/parent b/profiles/hardened/linux/amd64/parent new file mode 100644 index 000000000000..f2e50ba2cf4e --- /dev/null +++ b/profiles/hardened/linux/amd64/parent @@ -0,0 +1,4 @@ +../../../base +../../../default/linux +../../../arch/amd64 +.. diff --git a/profiles/hardened/linux/amd64/selinux/eapi b/profiles/hardened/linux/amd64/selinux/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/selinux/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/selinux/parent b/profiles/hardened/linux/amd64/selinux/parent new file mode 100644 index 000000000000..e5c7cefb6826 --- /dev/null +++ b/profiles/hardened/linux/amd64/selinux/parent @@ -0,0 +1,2 @@ +.. +../../../../features/selinux diff --git a/profiles/hardened/linux/amd64/use.mask b/profiles/hardened/linux/amd64/use.mask new file mode 100644 index 000000000000..6e65e1b3a96e --- /dev/null +++ b/profiles/hardened/linux/amd64/use.mask @@ -0,0 +1,10 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Rick Farina <zerochaos@gentoo.org> 26 Nov 2012 +video_cards_nvidia +# removing mask on nvidia use flag as it is used by monitoring tools +# which may be desireable for cuda users +#nvidia +# adjusting use flag mask as nvidia-drivers are usable for cuda at least +#cuda diff --git a/profiles/hardened/linux/amd64/x32/eapi b/profiles/hardened/linux/amd64/x32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/x32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/x32/make.defaults b/profiles/hardened/linux/amd64/x32/make.defaults new file mode 100644 index 000000000000..607b6452b9bf --- /dev/null +++ b/profiles/hardened/linux/amd64/x32/make.defaults @@ -0,0 +1,4 @@ +# Copyright 1999-2012 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +CHOST="x86_64-pc-linux-gnux32" diff --git a/profiles/hardened/linux/amd64/x32/parent b/profiles/hardened/linux/amd64/x32/parent new file mode 100644 index 000000000000..6793db467fe7 --- /dev/null +++ b/profiles/hardened/linux/amd64/x32/parent @@ -0,0 +1,3 @@ +../../../../features/multilib +../../../../arch/amd64/x32 +.. diff --git a/profiles/hardened/linux/arm/armv4/eapi b/profiles/hardened/linux/arm/armv4/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/armv4/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/armv4/parent b/profiles/hardened/linux/arm/armv4/parent new file mode 100644 index 000000000000..4c317660c403 --- /dev/null +++ b/profiles/hardened/linux/arm/armv4/parent @@ -0,0 +1,4 @@ +../../../../base +../../../../default/linux +../../../../arch/arm/armv4 +.. diff --git a/profiles/hardened/linux/arm/armv4t/eapi b/profiles/hardened/linux/arm/armv4t/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/armv4t/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/armv4t/parent b/profiles/hardened/linux/arm/armv4t/parent new file mode 100644 index 000000000000..c970fcdfaf20 --- /dev/null +++ b/profiles/hardened/linux/arm/armv4t/parent @@ -0,0 +1,4 @@ +../../../../base +../../../../default/linux +../../../../arch/arm/armv4t +.. diff --git a/profiles/hardened/linux/arm/armv5te/eapi b/profiles/hardened/linux/arm/armv5te/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/armv5te/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/armv5te/parent b/profiles/hardened/linux/arm/armv5te/parent new file mode 100644 index 000000000000..5f182c779d32 --- /dev/null +++ b/profiles/hardened/linux/arm/armv5te/parent @@ -0,0 +1,4 @@ +../../../../base +../../../../default/linux +../../../../arch/arm/armv5te +.. diff --git a/profiles/hardened/linux/arm/armv6j/eapi b/profiles/hardened/linux/arm/armv6j/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/armv6j/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/armv6j/parent b/profiles/hardened/linux/arm/armv6j/parent new file mode 100644 index 000000000000..3204d16ca17f --- /dev/null +++ b/profiles/hardened/linux/arm/armv6j/parent @@ -0,0 +1,4 @@ +../../../../base +../../../../default/linux +../../../../arch/arm/armv6j +.. diff --git a/profiles/hardened/linux/arm/armv7a/eapi b/profiles/hardened/linux/arm/armv7a/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/armv7a/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/armv7a/parent b/profiles/hardened/linux/arm/armv7a/parent new file mode 100644 index 000000000000..e6df25feb3ee --- /dev/null +++ b/profiles/hardened/linux/arm/armv7a/parent @@ -0,0 +1,4 @@ +../../../../base +../../../../default/linux +../../../../arch/arm/armv7a +.. diff --git a/profiles/hardened/linux/arm/armv7a/selinux/eapi b/profiles/hardened/linux/arm/armv7a/selinux/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/armv7a/selinux/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/armv7a/selinux/parent b/profiles/hardened/linux/arm/armv7a/selinux/parent new file mode 100644 index 000000000000..933e67923d1a --- /dev/null +++ b/profiles/hardened/linux/arm/armv7a/selinux/parent @@ -0,0 +1,2 @@ +.. +../../../../../features/selinux diff --git a/profiles/hardened/linux/arm/eapi b/profiles/hardened/linux/arm/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/package.use.mask b/profiles/hardened/linux/arm/package.use.mask new file mode 100644 index 000000000000..2e55b7f3ccae --- /dev/null +++ b/profiles/hardened/linux/arm/package.use.mask @@ -0,0 +1,6 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Magnus Granberg <zorry@gentoo.org> (30 Sep 2016) +# This target supports VTV #547040. +>=sys-devel/gcc-6 -vtv diff --git a/profiles/hardened/linux/arm/parent b/profiles/hardened/linux/arm/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/arm/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/eapi b/profiles/hardened/linux/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/ia64/eapi b/profiles/hardened/linux/ia64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/ia64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/ia64/make.defaults b/profiles/hardened/linux/ia64/make.defaults new file mode 100644 index 000000000000..70c5284ec7ae --- /dev/null +++ b/profiles/hardened/linux/ia64/make.defaults @@ -0,0 +1,2 @@ +# Copyright 1999-2011 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 diff --git a/profiles/hardened/linux/ia64/parent b/profiles/hardened/linux/ia64/parent new file mode 100644 index 000000000000..8683acb05b19 --- /dev/null +++ b/profiles/hardened/linux/ia64/parent @@ -0,0 +1,4 @@ +../../../base +../../../default/linux +../../../arch/ia64 +.. diff --git a/profiles/hardened/linux/make.defaults b/profiles/hardened/linux/make.defaults new file mode 100644 index 000000000000..f753f571b723 --- /dev/null +++ b/profiles/hardened/linux/make.defaults @@ -0,0 +1,15 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +# Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org> (16 Nov 2011) +# Rename STAGE1_USE to BOOTSTRAP_USE and stack it to the parent value +BOOTSTRAP_USE="${BOOTSTRAP_USE} hardened pax_kernel pic xtpax -jit -orc" + +USE="hardened pax_kernel pic urandom xtpax -fortran -jit -orc" + +# Ian Stakenvicius, 2014-09-03 +# Set a variable just to indicate that the current profile is a hardened one +# This variable can be leveraged in ebuilds for pkg_postinst messages that +# indicate said package is, say, configured in a way that defeats the purpose +# of running hardened. +PROFILE_IS_HARDENED=1 diff --git a/profiles/hardened/linux/mips/eapi b/profiles/hardened/linux/mips/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/eapi b/profiles/hardened/linux/mips/mipsel/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/multilib/eapi b/profiles/hardened/linux/mips/mipsel/multilib/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/multilib/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/multilib/n32/eapi b/profiles/hardened/linux/mips/mipsel/multilib/n32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/multilib/n32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/multilib/n32/parent b/profiles/hardened/linux/mips/mipsel/multilib/n32/parent new file mode 100644 index 000000000000..96eb536b7f68 --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/multilib/n32/parent @@ -0,0 +1,2 @@ +../../../../../../default/linux/mips/13.0/mipsel/multilib/n32 +.. diff --git a/profiles/hardened/linux/mips/mipsel/multilib/n64/eapi b/profiles/hardened/linux/mips/mipsel/multilib/n64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/multilib/n64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/multilib/n64/parent b/profiles/hardened/linux/mips/mipsel/multilib/n64/parent new file mode 100644 index 000000000000..64bafbbc37bf --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/multilib/n64/parent @@ -0,0 +1,2 @@ +../../../../../../default/linux/mips/13.0/mipsel/multilib/n64 +.. diff --git a/profiles/hardened/linux/mips/mipsel/multilib/parent b/profiles/hardened/linux/mips/mipsel/multilib/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/multilib/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/mips/mipsel/n32/eapi b/profiles/hardened/linux/mips/mipsel/n32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/n32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/n32/parent b/profiles/hardened/linux/mips/mipsel/n32/parent new file mode 100644 index 000000000000..3798606e4f94 --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/n32/parent @@ -0,0 +1,2 @@ +../../../../../default/linux/mips/13.0/mipsel/n32 +.. diff --git a/profiles/hardened/linux/mips/mipsel/n64/eapi b/profiles/hardened/linux/mips/mipsel/n64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/n64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/n64/parent b/profiles/hardened/linux/mips/mipsel/n64/parent new file mode 100644 index 000000000000..2a1971504aa1 --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/n64/parent @@ -0,0 +1,2 @@ +../../../../../default/linux/mips/13.0/mipsel/n64 +.. diff --git a/profiles/hardened/linux/mips/mipsel/parent b/profiles/hardened/linux/mips/mipsel/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/mips/multilib/eapi b/profiles/hardened/linux/mips/multilib/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/multilib/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/multilib/n32/eapi b/profiles/hardened/linux/mips/multilib/n32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/multilib/n32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/multilib/n32/parent b/profiles/hardened/linux/mips/multilib/n32/parent new file mode 100644 index 000000000000..1c6cb6de7296 --- /dev/null +++ b/profiles/hardened/linux/mips/multilib/n32/parent @@ -0,0 +1,2 @@ +../../../../../default/linux/mips/13.0/multilib/n32 +.. diff --git a/profiles/hardened/linux/mips/multilib/n64/eapi b/profiles/hardened/linux/mips/multilib/n64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/multilib/n64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/multilib/n64/parent b/profiles/hardened/linux/mips/multilib/n64/parent new file mode 100644 index 000000000000..abca1bea0c38 --- /dev/null +++ b/profiles/hardened/linux/mips/multilib/n64/parent @@ -0,0 +1,2 @@ +../../../../../default/linux/mips/13.0/multilib/n64 +.. diff --git a/profiles/hardened/linux/mips/multilib/parent b/profiles/hardened/linux/mips/multilib/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/mips/multilib/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/mips/n32/eapi b/profiles/hardened/linux/mips/n32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/n32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/n32/parent b/profiles/hardened/linux/mips/n32/parent new file mode 100644 index 000000000000..4503d56fcf5f --- /dev/null +++ b/profiles/hardened/linux/mips/n32/parent @@ -0,0 +1,2 @@ +../../../../default/linux/mips/13.0/n32 +.. diff --git a/profiles/hardened/linux/mips/n64/eapi b/profiles/hardened/linux/mips/n64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/n64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/n64/parent b/profiles/hardened/linux/mips/n64/parent new file mode 100644 index 000000000000..822543c78747 --- /dev/null +++ b/profiles/hardened/linux/mips/n64/parent @@ -0,0 +1,2 @@ +../../../../default/linux/mips/13.0/n64 +.. diff --git a/profiles/hardened/linux/mips/parent b/profiles/hardened/linux/mips/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/mips/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/amd64/eapi b/profiles/hardened/linux/musl/amd64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/amd64/make.defaults b/profiles/hardened/linux/musl/amd64/make.defaults new file mode 100644 index 000000000000..496becbfe820 --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/make.defaults @@ -0,0 +1,28 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +ARCH="amd64" +ACCEPT_KEYWORDS="${ARCH}" + +CHOST="x86_64-gentoo-linux-musl" +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" + +# Anthony G. Basile <blueness@gentoo.org> (01 Jul 2014) +# Multilib-related setup, bug #515130 +ABI="amd64" +DEFAULT_ABI="amd64" +MULTILIB_ABIS="amd64" +CHOST_amd64="${CHOST}" +LIBDIR_amd64="lib" +IUSE_IMPLICIT="abi_x86_64" + +# Anthony G. Basile <blueness@gentoo.org> (31 Aug 2015) +# Relect these flags from arch/amd64 which we don't inherit +CPU_FLAGS_X86="mmx mmxext sse sse2" + +# Anthony G. Basile <blueness@gentoo.org> (26 Jan 2013) +# Unhide the CPU_FLAGS_X86 USE_EXPANDs. +USE_EXPAND_HIDDEN="-CPU_FLAGS_X86" diff --git a/profiles/hardened/linux/musl/amd64/package.mask b/profiles/hardened/linux/musl/amd64/package.mask new file mode 100644 index 000000000000..2d46a562aced --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/package.mask @@ -0,0 +1,7 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +# Ulrich Müller <ulm@gentoo.org> (18 Mar 2013) +# Packages that rely on multilib +=app-editors/emacs-18* +net-misc/icaclient diff --git a/profiles/hardened/linux/musl/amd64/package.use.force b/profiles/hardened/linux/musl/amd64/package.use.force new file mode 100644 index 000000000000..ca264fedc8ce --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/package.use.force @@ -0,0 +1,7 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Michał Górny <mgorny@gentoo.org> (24 Sep 2016) +# Force the host target to avoid dependency hell +sys-devel/clang llvm_targets_X86 +sys-devel/llvm llvm_targets_X86 diff --git a/profiles/hardened/linux/musl/amd64/package.use.mask b/profiles/hardened/linux/musl/amd64/package.use.mask new file mode 100644 index 000000000000..49830f81047d --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/package.use.mask @@ -0,0 +1,2 @@ +# Copyright 1999-2017 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 diff --git a/profiles/hardened/linux/musl/amd64/parent b/profiles/hardened/linux/musl/amd64/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/amd64/use.force b/profiles/hardened/linux/musl/amd64/use.force new file mode 100644 index 000000000000..181cb39654fc --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/use.force @@ -0,0 +1,6 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Force the flag which corresponds to arch/abi, bug #515130 +amd64 +abi_x86_64 diff --git a/profiles/hardened/linux/musl/amd64/use.mask b/profiles/hardened/linux/musl/amd64/use.mask new file mode 100644 index 000000000000..cc3b7ca5f0e3 --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/use.mask @@ -0,0 +1,35 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Force the flag which corresponds to arch/abi, bug #515130 +-amd64 +-abi_x86_64 + +# unmask all SIMD assembler flags +-cpu_flags_x86_3dnow +-cpu_flags_x86_3dnowext +-cpu_flags_x86_aes +-cpu_flags_x86_avx +-cpu_flags_x86_avx2 +-cpu_flags_x86_fma3 +-cpu_flags_x86_fma4 +-cpu_flags_x86_mmx +-cpu_flags_x86_mmxext +-cpu_flags_x86_padlock +-cpu_flags_x86_popcnt +-cpu_flags_x86_sse +-cpu_flags_x86_sse2 +-cpu_flags_x86_sse3 +-cpu_flags_x86_sse4_1 +-cpu_flags_x86_sse4_2 +-cpu_flags_x86_sse4a +-cpu_flags_x86_ssse3 +-cpu_flags_x86_xop + +# Lilo works on amd64 +-lilo + +# These work +-input_devices_synaptics +-input_devices_wacom +-video_cards_qxl diff --git a/profiles/hardened/linux/musl/amd64/x32/eapi b/profiles/hardened/linux/musl/amd64/x32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/x32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/amd64/x32/make.defaults b/profiles/hardened/linux/musl/amd64/x32/make.defaults new file mode 100644 index 000000000000..88509a6717c0 --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/x32/make.defaults @@ -0,0 +1,13 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +CHOST="x86_64-gentoo-linux-muslx32" + +# Anthony G. Basile <blueness@gentoo.org> (31 Aug 2015) +# Multilib-related setup, bug #515130 +ABI="x32" +DEFAULT_ABI="x32" +MULTILIB_ABIS="x32" +CHOST_x32="${CHOST}" +LIBDIR_x32="lib" +IUSE_IMPLICIT="abi_x86_x32" diff --git a/profiles/hardened/linux/musl/amd64/x32/parent b/profiles/hardened/linux/musl/amd64/x32/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/x32/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/amd64/x32/use.force b/profiles/hardened/linux/musl/amd64/x32/use.force new file mode 100644 index 000000000000..a837531f8a4a --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/x32/use.force @@ -0,0 +1,6 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Force the flag which corresponds to arch/abi, bug #515130 +-abi_x86_64 +abi_x86_x32 diff --git a/profiles/hardened/linux/musl/amd64/x32/use.mask b/profiles/hardened/linux/musl/amd64/x32/use.mask new file mode 100644 index 000000000000..fb16cbe71565 --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/x32/use.mask @@ -0,0 +1,6 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Force the flag which corresponds to arch/abi, bug #515130 +-abi_x86_x32 +abi_x86_64 diff --git a/profiles/hardened/linux/musl/arm/armv7a/eapi b/profiles/hardened/linux/musl/arm/armv7a/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/arm/armv7a/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/arm/armv7a/make.defaults b/profiles/hardened/linux/musl/arm/armv7a/make.defaults new file mode 100644 index 000000000000..c680f6aa2e5a --- /dev/null +++ b/profiles/hardened/linux/musl/arm/armv7a/make.defaults @@ -0,0 +1,8 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +CHOST="armv7a-hardfloat-linux-musleabi" +CFLAGS="-O2 -pipe -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" diff --git a/profiles/hardened/linux/musl/arm/armv7a/parent b/profiles/hardened/linux/musl/arm/armv7a/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/arm/armv7a/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/arm/eapi b/profiles/hardened/linux/musl/arm/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/arm/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/arm/make.defaults b/profiles/hardened/linux/musl/arm/make.defaults new file mode 100644 index 000000000000..e0e4051efde6 --- /dev/null +++ b/profiles/hardened/linux/musl/arm/make.defaults @@ -0,0 +1,23 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +ARCH="arm" +ACCEPT_KEYWORDS="${ARCH}" + +CHOST="arm-unknown-linux-musleabi" +CFLAGS="-O2" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" + +# Anthony G. Basile <blueness@gentoo.org> (25 Oct 2015) +# Multilib-related setup, bug #515130 +ABI="arm" +DEFAULT_ABI="arm" +MULTILIB_ABIS="arm" +CHOST_arm="${CHOST}" +LIBDIR_arm="lib" + +# Michał Górny <mgorny@gentoo.org> (14 Mar 2017) +# Unhide the ARM-specific USE_EXPANDs. +USE_EXPAND_HIDDEN="-CPU_FLAGS_ARM" diff --git a/profiles/hardened/linux/musl/arm/package.use.force b/profiles/hardened/linux/musl/arm/package.use.force new file mode 100644 index 000000000000..b92b1029f52a --- /dev/null +++ b/profiles/hardened/linux/musl/arm/package.use.force @@ -0,0 +1,7 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Michał Górny <mgorny@gentoo.org> (24 Sep 2016) +# Force the host target to avoid dependency hell +sys-devel/clang llvm_targets_ARM +sys-devel/llvm llvm_targets_ARM diff --git a/profiles/hardened/linux/musl/arm/parent b/profiles/hardened/linux/musl/arm/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/arm/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/arm/use.force b/profiles/hardened/linux/musl/arm/use.force new file mode 100644 index 000000000000..11e95dae7631 --- /dev/null +++ b/profiles/hardened/linux/musl/arm/use.force @@ -0,0 +1,5 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Force the flag which corresponds to ARCH. +arm diff --git a/profiles/hardened/linux/musl/arm/use.mask b/profiles/hardened/linux/musl/arm/use.mask new file mode 100644 index 000000000000..8dffd62b8e39 --- /dev/null +++ b/profiles/hardened/linux/musl/arm/use.mask @@ -0,0 +1,5 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +# Unmask the flag which corresponds to ARCH. +-arm diff --git a/profiles/hardened/linux/musl/arm64/eapi b/profiles/hardened/linux/musl/arm64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/arm64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/arm64/make.defaults b/profiles/hardened/linux/musl/arm64/make.defaults new file mode 100644 index 000000000000..d9ba618fa184 --- /dev/null +++ b/profiles/hardened/linux/musl/arm64/make.defaults @@ -0,0 +1,23 @@ +# Copyright 1999-2016 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +ARCH="arm64" +ACCEPT_KEYWORDS="${ARCH}" + +CHOST="aarch64-gentoo-linux-musl" +CFLAGS="-O2" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" + +# Anthony G. Basile <blueness@gentoo.org> (25 Oct 2015) +# Multilib-related setup, bug #515130 +ABI="arm64" +DEFAULT_ABI="arm64" +MULTILIB_ABIS="arm64" +CHOST_arm64="${CHOST}" +LIBDIR_arm64="lib" + +# Michał Górny <mgorny@gentoo.org> (14 Mar 2017) +# Unhide the ARM-specific USE_EXPANDs. +USE_EXPAND_HIDDEN="-CPU_FLAGS_ARM" diff --git a/profiles/hardened/linux/musl/arm64/package.use.force b/profiles/hardened/linux/musl/arm64/package.use.force new file mode 100644 index 000000000000..d90dd06eaf22 --- /dev/null +++ b/profiles/hardened/linux/musl/arm64/package.use.force @@ -0,0 +1,7 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Michał Górny <mgorny@gentoo.org> (24 Sep 2016) +# Force the host target to avoid dependency hell +sys-devel/clang llvm_targets_AArch64 +sys-devel/llvm llvm_targets_AArch64 diff --git a/profiles/hardened/linux/musl/arm64/parent b/profiles/hardened/linux/musl/arm64/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/arm64/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/arm64/use.force b/profiles/hardened/linux/musl/arm64/use.force new file mode 100644 index 000000000000..1fa2eca30677 --- /dev/null +++ b/profiles/hardened/linux/musl/arm64/use.force @@ -0,0 +1,5 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Force the flag which corresponds to ARCH. +arm64 diff --git a/profiles/hardened/linux/musl/arm64/use.mask b/profiles/hardened/linux/musl/arm64/use.mask new file mode 100644 index 000000000000..04a2bed3cacf --- /dev/null +++ b/profiles/hardened/linux/musl/arm64/use.mask @@ -0,0 +1,5 @@ +# Copyright 1999-2016 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +# Unmask the flag which corresponds to ARCH. +-arm64 diff --git a/profiles/hardened/linux/musl/eapi b/profiles/hardened/linux/musl/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/make.defaults b/profiles/hardened/linux/musl/make.defaults new file mode 100644 index 000000000000..ec5b4ed52d25 --- /dev/null +++ b/profiles/hardened/linux/musl/make.defaults @@ -0,0 +1,15 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +ELIBC="musl" + +FEATURES="sandbox sfperms strict" + +USE="hardened nptl pax_kernel pic unicode -berkdb -jit -orc" +BOOTSTRAP_USE="${BOOTSTRAP_USE} hardened nptl pax_kernel pic -berkdb -jit -nls -orc" + +SYMLINK_LIB="no" + +# TODO: fix so musl doesn't generate this for all packages +# that use a charset, it causes package collisons. +INSTALL_MASK="charset.alias" diff --git a/profiles/hardened/linux/musl/mips/eapi b/profiles/hardened/linux/musl/mips/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/mips/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/mips/make.defaults b/profiles/hardened/linux/musl/mips/make.defaults new file mode 100644 index 000000000000..06fe764dc9f5 --- /dev/null +++ b/profiles/hardened/linux/musl/mips/make.defaults @@ -0,0 +1,20 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +ARCH="mips" +ACCEPT_KEYWORDS="${ARCH} ~${ARCH}" + +CHOST="mips-gentoo-linux-musl" +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" + +# Anthony G. Basile <blueness@gentoo.org> (01 Jul 2014) +# Multilib-related setup, bug #515130 +ABI="o32" +DEFAULT_ABI="o32" +MULTILIB_ABIS="o32" +CHOST_o32="${CHOST}" +LIBDIR_o32="lib" +IUSE_IMPLICIT="abi_mips_o32" diff --git a/profiles/hardened/linux/musl/mips/mipsel/eapi b/profiles/hardened/linux/musl/mips/mipsel/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/mips/mipsel/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/mips/mipsel/make.defaults b/profiles/hardened/linux/musl/mips/mipsel/make.defaults new file mode 100644 index 000000000000..dce419912712 --- /dev/null +++ b/profiles/hardened/linux/musl/mips/mipsel/make.defaults @@ -0,0 +1,9 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +CHOST="mipsel-gentoo-linux-musl" +CHOST_o32="${CHOST}" + +# Disable sandbox because its currently broken on mipsel-musl +FEATURES="-sandbox" + diff --git a/profiles/hardened/linux/musl/mips/mipsel/parent b/profiles/hardened/linux/musl/mips/mipsel/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/mips/mipsel/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/mips/package.mask b/profiles/hardened/linux/musl/mips/package.mask new file mode 100644 index 000000000000..8b52dc4d8d35 --- /dev/null +++ b/profiles/hardened/linux/musl/mips/package.mask @@ -0,0 +1,5 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +dev-util/pkgconfig +>sys-apps/kbd-1.15.5-r99 diff --git a/profiles/hardened/linux/musl/mips/package.use.force b/profiles/hardened/linux/musl/mips/package.use.force new file mode 100644 index 000000000000..c184bfa93060 --- /dev/null +++ b/profiles/hardened/linux/musl/mips/package.use.force @@ -0,0 +1,7 @@ +# Michał Górny <mgorny@gentoo.org> (24 Sep 2016) +# Force the host target to avoid dependency hell +sys-devel/clang llvm_targets_Mips +sys-devel/llvm llvm_targets_Mips + +# The only working option +dev-util/pkgconf pkg-config diff --git a/profiles/hardened/linux/musl/mips/parent b/profiles/hardened/linux/musl/mips/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/mips/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/mips/use.force b/profiles/hardened/linux/musl/mips/use.force new file mode 100644 index 000000000000..e94d30137368 --- /dev/null +++ b/profiles/hardened/linux/musl/mips/use.force @@ -0,0 +1,6 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Force the flag which corresponds to arch/abi, bug #515130 +mips +abi_mips_o32 diff --git a/profiles/hardened/linux/musl/mips/use.mask b/profiles/hardened/linux/musl/mips/use.mask new file mode 100644 index 000000000000..b285b3b4746e --- /dev/null +++ b/profiles/hardened/linux/musl/mips/use.mask @@ -0,0 +1,6 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +# Unmask the flag which corresponds to arch/abi, bug #515130 +-mips +-abi_mips_o32 diff --git a/profiles/hardened/linux/musl/package.mask b/profiles/hardened/linux/musl/package.mask new file mode 100644 index 000000000000..b636d3295bb6 --- /dev/null +++ b/profiles/hardened/linux/musl/package.mask @@ -0,0 +1,110 @@ +# Copyright 1999-2017 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +sys-libs/uclibc +sys-libs/uclibc-ng +sys-libs/glibc + +# Older versions of net-mail/mailutils fail on musl, bug #604212 +<net-mail/mailutils-3.2 + +# We use eudev which is tested on both uclibc and musl +sys-apps/systemd +sys-fs/udev +# +dev-libs/elfutils + +# packages that need masked packages or multilib +dev-games/gtkradiant +dev-games/ps2-packer +games-action/beathazardultra +games-action/brutal-legend +games-action/descent3 +games-action/descent3-demo +games-action/heretic2-demo +games-action/hotline-miami +games-action/intrusion2 +games-action/rune +games-action/shadowgrounds-bin +games-action/shadowgrounds-survivor-bin +games-action/solar2 +games-action/spacetripper-demo +games-action/swordandsworcery +games-action/trine-bin +games-action/trine2 +games-arcade/aquaria +games-arcade/barbarian-bin +games-arcade/dynamitejack +games-arcade/jardinains +games-arcade/marbleblastgold-demo +games-arcade/thinktanks-demo +games-emulation/nestra +games-emulation/zinc +games-emulation/zsnes +games-fps/enemy-territory +games-fps/enemy-territory-etpro +games-fps/enemy-territory-truecombat +games-fps/etqw-demo +games-fps/glxquake-bin +games-fps/legends +games-fps/postal2mp-demo +games-fps/quake3-bin +games-fps/quake3-demo +games-fps/rtcwmp-demo +games-fps/rtcwsp-demo +games-fps/soldieroffortune +games-fps/soldieroffortune-demo +games-fps/transfusion-bin +games-fps/tribes2 +games-fps/ut2003 +games-fps/ut2003-bonuspack-cm +games-fps/ut2003-bonuspack-de +games-fps/ut2003-bonuspack-epic +games-fps/ut2003-demo +games-fps/ut2004 +games-fps/ut2004-action +games-fps/ut2004-airbuccaneers +games-fps/ut2004-bonuspack-cbp1 +games-fps/ut2004-bonuspack-cbp2 +games-fps/ut2004-bonuspack-ece +games-fps/ut2004-bonuspack-mega +games-fps/ut2004-cor +games-fps/ut2004-crossfire +games-fps/ut2004-data +games-fps/ut2004-deathball +games-fps/ut2004-demo +games-fps/ut2004-fragops +games-fps/ut2004-hamsterbash +games-fps/ut2004-muralis +games-fps/ut2004-strikeforce +games-fps/ut2004-troopers +games-fps/ut2004-unwheel +games-kids/crayon-physics +games-misc/little-inferno +games-misc/papers-please +games-puzzle/hoh-bin +games-puzzle/world-of-goo +games-puzzle/world-of-goo-demo +games-roguelike/adom +games-rpg/dear-esther +games-rpg/dungeon-defenders +games-rpg/eschalon-book-1-demo +games-rpg/nwmouse +games-rpg/penumbra-collection +games-rpg/wasteland2 +games-server/etqw-ded +games-server/ut2004-ded +games-simulation/bcs-demo +games-strategy/darwinia +games-strategy/darwinia-demo +games-strategy/defcon-demo +games-strategy/dominions2 +games-strategy/knights-demo +games-strategy/majesty-demo +media-video/binkplayer + +# Ian Stakenvicius, 2017-06-14 +# on behalf of mozilla@gentoo.org +# Mask firefox-54 and above as it requires rust +# now, and rust reportedly will not build yet. +>=www-client/firefox-54.0 diff --git a/profiles/hardened/linux/musl/package.use b/profiles/hardened/linux/musl/package.use new file mode 100644 index 000000000000..2d99b60f76b4 --- /dev/null +++ b/profiles/hardened/linux/musl/package.use @@ -0,0 +1,7 @@ +# Copyright 1999-2016 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +# Anthony G. Basile <blueness@gentoo.org> (14 Jul 2016) +# We need this to break a circular dependency with +# 'sys-libs/libcap pam' in stage3 catalyst builds +sys-libs/pam -filecaps diff --git a/profiles/hardened/linux/musl/package.use.force b/profiles/hardened/linux/musl/package.use.force new file mode 100644 index 000000000000..8122d90a6c88 --- /dev/null +++ b/profiles/hardened/linux/musl/package.use.force @@ -0,0 +1,9 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +# Force system-libevent use flag on mozilla packages, since the building of +# bundled libevent cannot accomodate a system without sysctl.h +# See bug 574830 for more info. +>=www-client/firefox-45.0 system-libevent +>=www-client/seamonkey-2.40 system-libevent +>=mail-client/thunderbird-45.0 system-libevent diff --git a/profiles/hardened/linux/musl/package.use.mask b/profiles/hardened/linux/musl/package.use.mask new file mode 100644 index 000000000000..d66f247717f5 --- /dev/null +++ b/profiles/hardened/linux/musl/package.use.mask @@ -0,0 +1,24 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +# Matthias Maier <tamiko@genoto.org> (11 May 2017) +# masked in base, unmask for hardened/musl/ +sys-devel/gcc -pie + +# See bug #504200 +sys-devel/gcc sanitize + +# llvm's sanitizers are also incompatible with musl +sys-devel/llvm sanitize + +# These cause collisions with <libintl.h> +# even with --without-included-gettext +sys-devel/gettext nls +sys-fs/e2fsprogs nls + +# Broken +dev-vcs/git gpg + +# See bug #576928 +media-libs/mesa nptl +x11-base/xorg-server nptl diff --git a/profiles/hardened/linux/musl/packages b/profiles/hardened/linux/musl/packages new file mode 100644 index 000000000000..8e9700f13e8f --- /dev/null +++ b/profiles/hardened/linux/musl/packages @@ -0,0 +1,6 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +*app-misc/pax-utils +*sys-apps/sandbox +-*sys-apps/man-pages diff --git a/profiles/hardened/linux/musl/packages.build b/profiles/hardened/linux/musl/packages.build new file mode 100644 index 000000000000..c07961aa76f7 --- /dev/null +++ b/profiles/hardened/linux/musl/packages.build @@ -0,0 +1,10 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +# This file lists extra packages needed to build for +# a stage 1 based on this profile. + +dev-util/pkgconf +sys-apps/attr +sys-apps/sandbox +dev-python/pyxattr diff --git a/profiles/hardened/linux/musl/parent b/profiles/hardened/linux/musl/parent new file mode 100644 index 000000000000..a9dd6fd5cb5b --- /dev/null +++ b/profiles/hardened/linux/musl/parent @@ -0,0 +1,3 @@ +../../../arch/base +../../../base +../../../default/linux diff --git a/profiles/hardened/linux/musl/ppc/eapi b/profiles/hardened/linux/musl/ppc/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/ppc/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/ppc/make.defaults b/profiles/hardened/linux/musl/ppc/make.defaults new file mode 100644 index 000000000000..2022413f04a2 --- /dev/null +++ b/profiles/hardened/linux/musl/ppc/make.defaults @@ -0,0 +1,18 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +ARCH="ppc" +ACCEPT_KEYWORDS="${ARCH}" + +CHOST="powerpc-gentoo-linux-musl" +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" + +ABI="ppc" +DEFAULT_ABI="ppc" +MULTILIB_ABIS="ppc" +CHOST_ppc="${CHOST}" +LIBDIR_ppc="lib" +IUSE_IMPLICIT="abi_ppc_32" diff --git a/profiles/hardened/linux/musl/ppc/package.mask b/profiles/hardened/linux/musl/ppc/package.mask new file mode 100644 index 000000000000..56345622fa74 --- /dev/null +++ b/profiles/hardened/linux/musl/ppc/package.mask @@ -0,0 +1,2 @@ +# gcc-4.8 still doesn't work on ppc musl +>sys-devel/gcc-4.8 diff --git a/profiles/hardened/linux/musl/ppc/package.use.force b/profiles/hardened/linux/musl/ppc/package.use.force new file mode 100644 index 000000000000..e18275fe8cd6 --- /dev/null +++ b/profiles/hardened/linux/musl/ppc/package.use.force @@ -0,0 +1,7 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Michał Górny <mgorny@gentoo.org> (24 Sep 2016) +# Force the host target to avoid dependency hell +sys-devel/clang llvm_targets_PowerPC +sys-devel/llvm llvm_targets_PowerPC diff --git a/profiles/hardened/linux/musl/ppc/parent b/profiles/hardened/linux/musl/ppc/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/ppc/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/ppc/use.force b/profiles/hardened/linux/musl/ppc/use.force new file mode 100644 index 000000000000..f4c29429b272 --- /dev/null +++ b/profiles/hardened/linux/musl/ppc/use.force @@ -0,0 +1,8 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Force the flag which corresponds to ARCH. +ppc + +# Force the flag corresponding to the only ABI. +abi_ppc_32 diff --git a/profiles/hardened/linux/musl/ppc/use.mask b/profiles/hardened/linux/musl/ppc/use.mask new file mode 100644 index 000000000000..e1f5512c8bb0 --- /dev/null +++ b/profiles/hardened/linux/musl/ppc/use.mask @@ -0,0 +1,8 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 + +# Unmask the flag which corresponds to ARCH. +-ppc + +# Unmask the flag corresponding to the only ABI. +-abi_ppc_32 diff --git a/profiles/hardened/linux/musl/use.force b/profiles/hardened/linux/musl/use.force new file mode 100644 index 000000000000..79e5575d13c3 --- /dev/null +++ b/profiles/hardened/linux/musl/use.force @@ -0,0 +1,4 @@ +# Copyright 1999-2013 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +elibc_musl diff --git a/profiles/hardened/linux/musl/use.mask b/profiles/hardened/linux/musl/use.mask new file mode 100644 index 000000000000..190b01bbbe98 --- /dev/null +++ b/profiles/hardened/linux/musl/use.mask @@ -0,0 +1,8 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +-elibc_musl +elibc_uclibc +elibc_glibc + +-hardened diff --git a/profiles/hardened/linux/musl/x86/eapi b/profiles/hardened/linux/musl/x86/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/x86/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/x86/make.defaults b/profiles/hardened/linux/musl/x86/make.defaults new file mode 100644 index 000000000000..73fedb030e1d --- /dev/null +++ b/profiles/hardened/linux/musl/x86/make.defaults @@ -0,0 +1,24 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +ARCH="x86" +ACCEPT_KEYWORDS="${ARCH}" + +CHOST="i686-gentoo-linux-musl" +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" + +# Anthony G. Basile <blueness@gentoo.org> (01 Jul 2014) +# Multilib-related setup, bug #515130 +ABI="x86" +DEFAULT_ABI="x86" +MULTILIB_ABIS="x86" +CHOST_x86="${CHOST}" +LIBDIR_x86="lib" +IUSE_IMPLICIT="abi_x86_32" + +# Anthony G. Basile <blueness@gentoo.org> (26 Jan 2013) +# Unhide the CPU_FLAGS_X86 USE_EXPANDs. +USE_EXPAND_HIDDEN="-CPU_FLAGS_X86" diff --git a/profiles/hardened/linux/musl/x86/package.use.force b/profiles/hardened/linux/musl/x86/package.use.force new file mode 100644 index 000000000000..ca264fedc8ce --- /dev/null +++ b/profiles/hardened/linux/musl/x86/package.use.force @@ -0,0 +1,7 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Michał Górny <mgorny@gentoo.org> (24 Sep 2016) +# Force the host target to avoid dependency hell +sys-devel/clang llvm_targets_X86 +sys-devel/llvm llvm_targets_X86 diff --git a/profiles/hardened/linux/musl/x86/parent b/profiles/hardened/linux/musl/x86/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/x86/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/x86/use.force b/profiles/hardened/linux/musl/x86/use.force new file mode 100644 index 000000000000..eb8c5dfc7f70 --- /dev/null +++ b/profiles/hardened/linux/musl/x86/use.force @@ -0,0 +1,6 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Force the flag which corresponds to arch/abi, bug #515130 +x86 +abi_x86_32 diff --git a/profiles/hardened/linux/musl/x86/use.mask b/profiles/hardened/linux/musl/x86/use.mask new file mode 100644 index 000000000000..a70efb03255b --- /dev/null +++ b/profiles/hardened/linux/musl/x86/use.mask @@ -0,0 +1,30 @@ +# Copyright 1999-2017 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 + +# Force the flag which corresponds to arch/abi, bug #515130 +-x86 +-abi_x86_32 + +# unmask all SIMD assembler flags +-cpu_flags_x86_3dnow +-cpu_flags_x86_3dnowext +-cpu_flags_x86_aes +-cpu_flags_x86_avx +-cpu_flags_x86_avx2 +-cpu_flags_x86_fma3 +-cpu_flags_x86_fma4 +-cpu_flags_x86_mmx +-cpu_flags_x86_mmxext +-cpu_flags_x86_padlock +-cpu_flags_x86_popcnt +-cpu_flags_x86_sse +-cpu_flags_x86_sse2 +-cpu_flags_x86_sse3 +-cpu_flags_x86_sse4_1 +-cpu_flags_x86_sse4_2 +-cpu_flags_x86_sse4a +-cpu_flags_x86_ssse3 +-cpu_flags_x86_xop + +# Masked on all profiles but x86, bug #458354 +-video_cards_geode diff --git a/profiles/hardened/linux/package.mask b/profiles/hardened/linux/package.mask new file mode 100644 index 000000000000..8f3340b37f26 --- /dev/null +++ b/profiles/hardened/linux/package.mask @@ -0,0 +1,28 @@ +# Copyright 1999-2017 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +# Hardened versions of gcc-4.0* through gcc-4.2* are not available. +=sys-devel/gcc-4.0* +=sys-devel/gcc-4.1* +=sys-devel/gcc-4.2* + +# Can't be used on hardened. See upstream, +# http://developer.skype.com/jira/browse/SCL-616 +media-sound/skype-call-recorder +net-im/skype +net-im/skypetab-ng +dev-python/skype4py + +# broken on hardened, use sys-apps/elfix to fix gnustack +sys-devel/prelink +# depends on prelink +app-crypt/hmaccalc + +# OpenAFS kernel module is not compatible with hardened kernels +# due to C99 struct init requirement by hardened kernels, +# see bug 540196 comment 9. +net-fs/openafs-kernel + +# broken on hardened bug #608788 +# localedef segfaults when running locale-gen +=sys-libs/glibc-2.24-r1 diff --git a/profiles/hardened/linux/package.use.force b/profiles/hardened/linux/package.use.force new file mode 100644 index 000000000000..697af381d682 --- /dev/null +++ b/profiles/hardened/linux/package.use.force @@ -0,0 +1,7 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Needed for XATTR_PAX flags +app-arch/tar xattr +sys-apps/coreutils xattr +sys-apps/portage xattr diff --git a/profiles/hardened/linux/package.use.mask b/profiles/hardened/linux/package.use.mask new file mode 100644 index 000000000000..4a8041881f57 --- /dev/null +++ b/profiles/hardened/linux/package.use.mask @@ -0,0 +1,27 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Matthias Maier <tamiko@gentoo.org> (11 May 2017) +# masked in base, unmask for hardened profiles +sys-devel/gcc -pie + +# Ilya Tumaykin <itumaykin+gentoo@gmail.com> (19 Jan 2017) +# Requires x11-drivers/nvidia-drivers. Needs testing first. +media-video/mpv cuda + +# Tim Harder <radhermit@gentoo.org> (11 Oct 2014) +# Skype doesn't work on hardened +net-im/bitlbee skype + +sys-apps/hwloc gl + +sys-devel/gcc -hardened +sys-libs/glibc -hardened + +# Ian Stakenvicius <axs@gentoo.org> (03 Dec 2014) +# Have no way of knowing what Gecko Media Plugins will install in profiles +www-client/firefox gmp-autoupdate + +# net-fs/openafs-kernel module can't be used on hardened, +# see bug 540196. +net-fs/openafs modules diff --git a/profiles/hardened/linux/packages b/profiles/hardened/linux/packages new file mode 100644 index 000000000000..066037a411ee --- /dev/null +++ b/profiles/hardened/linux/packages @@ -0,0 +1,7 @@ +# Copyright 1999-2013 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +# This file extends the base packages file for all hardened profiles + +*sys-apps/paxctl +*sys-apps/elfix diff --git a/profiles/hardened/linux/parent b/profiles/hardened/linux/parent new file mode 100644 index 000000000000..6560aecc119d --- /dev/null +++ b/profiles/hardened/linux/parent @@ -0,0 +1 @@ +../../releases/13.0 diff --git a/profiles/hardened/linux/powerpc/eapi b/profiles/hardened/linux/powerpc/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/powerpc/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/powerpc/make.defaults b/profiles/hardened/linux/powerpc/make.defaults new file mode 100644 index 000000000000..785c3daeb100 --- /dev/null +++ b/profiles/hardened/linux/powerpc/make.defaults @@ -0,0 +1,4 @@ +# Copyright 2005-2008 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +FEATURES="-sandbox" diff --git a/profiles/hardened/linux/powerpc/package.mask b/profiles/hardened/linux/powerpc/package.mask new file mode 100644 index 000000000000..21a5ea1f3d4b --- /dev/null +++ b/profiles/hardened/linux/powerpc/package.mask @@ -0,0 +1,7 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Wulf C. Krueger <philantrop@gentoo.org> (22 Sep 2007) +# Needs OOo. +app-text/bibus + diff --git a/profiles/hardened/linux/powerpc/package.use.mask b/profiles/hardened/linux/powerpc/package.use.mask new file mode 100644 index 000000000000..9b6e65acf510 --- /dev/null +++ b/profiles/hardened/linux/powerpc/package.use.mask @@ -0,0 +1,3 @@ +# Diego Pettenò <flameeyes@gentoo.org> (10 Nov 2007) +# Tests for Linux-PAM 0.99 require >=sys-libs/glibc-2.4 +>=sys-libs/pam-0.99.8 test diff --git a/profiles/hardened/linux/powerpc/parent b/profiles/hardened/linux/powerpc/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/powerpc/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/powerpc/ppc32/eapi b/profiles/hardened/linux/powerpc/ppc32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/powerpc/ppc32/make.defaults b/profiles/hardened/linux/powerpc/ppc32/make.defaults new file mode 100644 index 000000000000..70c5284ec7ae --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc32/make.defaults @@ -0,0 +1,2 @@ +# Copyright 1999-2011 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 diff --git a/profiles/hardened/linux/powerpc/ppc32/parent b/profiles/hardened/linux/powerpc/ppc32/parent new file mode 100644 index 000000000000..227873e978fb --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc32/parent @@ -0,0 +1,2 @@ +../../../../default/linux/powerpc/ppc32 +.. diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/eapi b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/make.defaults b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/make.defaults new file mode 100644 index 000000000000..f01d29ae6a5e --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/make.defaults @@ -0,0 +1,7 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# All extra USE/etc should be specified in sub-profiles. +# DO NOT POLLUTE USE ON THIS PROFILE. + +ACCEPT_KEYWORDS="-* ${ARCH}" diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/package.mask b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/package.mask new file mode 100644 index 000000000000..633c704dafd1 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/package.mask @@ -0,0 +1,2 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/package.use.mask b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/package.use.mask new file mode 100644 index 000000000000..0aa23e5d51f0 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/package.use.mask @@ -0,0 +1,17 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Davide Pesavento <pesa@gentoo.org> (21 Jan 2017) +# Requires unkeyworded dev-python/PyQt5 +dev-python/qscintilla-python qt5 + +# Davide Pesavento <pesa@gentoo.org> (06 Jun 2016) +# Requires unkeyworded dev-qt/qtwebkit:5, which is a PITA to maintain on +# minor arches and has been declared deprecated by upstream. So we'd like +# to avoid keywording it, unless requested by users. +dev-qt/designer webkit +net-irc/kvirc webkit + +# Kacper Kowalik <xarthisius@gentoo.org> (25 Apr 2012) +# Masking due to unsolved dependencies +app-admin/puppet rrdtool diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/packages b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/packages new file mode 100644 index 000000000000..c347bb5cf302 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/packages @@ -0,0 +1,5 @@ +# Copyright 2006-2008 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +# We need kgcc64 to build kernels. +*sys-devel/kgcc64 diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/parent b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/parent new file mode 100644 index 000000000000..97dffb64c4d1 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/parent @@ -0,0 +1,2 @@ +.. +../../../../../features/multilib diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/use.force b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/use.force new file mode 100644 index 000000000000..ebef4d036967 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/use.force @@ -0,0 +1,8 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Force the flag which corresponds to ARCH. +ppc + +# Unforce the flag which corresponds to the 64-bit ARCH. +-ppc64 diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/use.mask b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/use.mask new file mode 100644 index 000000000000..21dbcc98ca3e --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/use.mask @@ -0,0 +1,15 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Thomas Deutschmann <whissi@gentoo.org> (28 Jan 2017) +# No JAVA in 32-bit userland +java + +# We mask this since we're not really a multilib profile +multilib + +# Unmask the flag which corresponds to ARCH. +-ppc + +# Mask the flag which corresponds to the 64-bit ARCH. +ppc64 diff --git a/profiles/hardened/linux/powerpc/ppc64/64bit-userland/eapi b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/powerpc/ppc64/64bit-userland/make.defaults b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/make.defaults new file mode 100644 index 000000000000..20953c7d8159 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/make.defaults @@ -0,0 +1,7 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# moved from features/64bit-native +# TODO: figure out how to inherit this from arch profile +SYMLINK_LIB="yes" +LIBDIR_ppc64="lib64" diff --git a/profiles/hardened/linux/powerpc/ppc64/64bit-userland/package.use.mask b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/package.use.mask new file mode 100644 index 000000000000..16d4efe8361a --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/package.use.mask @@ -0,0 +1,7 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Kacper Kowalik <xarthisius@gentoo.org> (25 Apr 2012) +# Masking wrt bug 274847 and other unsolved +# dependencies +app-admin/conky apcupsd xmms2 hddtemp diff --git a/profiles/hardened/linux/powerpc/ppc64/64bit-userland/parent b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/powerpc/ppc64/64bit-userland/use.mask b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/use.mask new file mode 100644 index 000000000000..26f21e518311 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/use.mask @@ -0,0 +1,10 @@ +# We mask this since we don't have a stable sys-process/audit yet +audit + +# Mirror mask from nonhardened 64ul on app-admin/hddtemp +hddtemp + +# Mirror mask from nonhardened 64ul on media-plugins/frei0r-plugins +# Kacper Kowalik <xarthisius@gentoo.org> (10 Aug 2011) +# Masking frei0r wrt bug #365451 +frei0r diff --git a/profiles/hardened/linux/powerpc/ppc64/eapi b/profiles/hardened/linux/powerpc/ppc64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/powerpc/ppc64/make.defaults b/profiles/hardened/linux/powerpc/ppc64/make.defaults new file mode 100644 index 000000000000..70c5284ec7ae --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/make.defaults @@ -0,0 +1,2 @@ +# Copyright 1999-2011 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 diff --git a/profiles/hardened/linux/powerpc/ppc64/parent b/profiles/hardened/linux/powerpc/ppc64/parent new file mode 100644 index 000000000000..eb7e3e41d880 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/parent @@ -0,0 +1,2 @@ +../../../../default/linux/powerpc/ppc64 +.. diff --git a/profiles/hardened/linux/powerpc/ppc64/use.mask b/profiles/hardened/linux/powerpc/ppc64/use.mask new file mode 100644 index 000000000000..f915d27e907b --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/use.mask @@ -0,0 +1,46 @@ +# this is a list of USE flags +# that should not be used on PPC64 +# Tom Gall <tgall@gentoo.org> manages this list +mplayer +ruby +mono + +guile + +# need to test libaio +aio +# needs some asm written +ocaml + +# until media-libs/portaudio is keyworded for ppc64 +portaudio + +# mask mozilla/firefox (bug #108020) +mozilla +firefox +seamonkey + +# 2006/03/20 - Donnie Berkholz <dberkholz@gentoo.org> +# Modular X: mask for architectures on which they aren't available +video_cards_apm +video_cards_ark +video_cards_i128 +video_cards_i740 +video_cards_intel +video_cards_neomagic +video_cards_nsc +video_cards_rendition +video_cards_siliconmotion +video_cards_sis +video_cards_tga +video_cards_tseng +video_cards_vesa +video_cards_via + +# Masked p2p for bug #155302 <josejx@gentoo.org> +p2p + +# USE=audit masked prior to testing on alpha, arm, hppa, ppc64, s390, sh. +# Bug #184563, 18 Sep 2007 +# Robin H. Johnson <robbat2@gentoo.org> +audit diff --git a/profiles/hardened/linux/uclibc/amd64/eapi b/profiles/hardened/linux/uclibc/amd64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/amd64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/amd64/parent b/profiles/hardened/linux/uclibc/amd64/parent new file mode 100644 index 000000000000..61f6f489dc18 --- /dev/null +++ b/profiles/hardened/linux/uclibc/amd64/parent @@ -0,0 +1,2 @@ +../../../../default/linux/uclibc/amd64 +.. diff --git a/profiles/hardened/linux/uclibc/arm/armv6j/eapi b/profiles/hardened/linux/uclibc/arm/armv6j/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/arm/armv6j/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/arm/armv6j/parent b/profiles/hardened/linux/uclibc/arm/armv6j/parent new file mode 100644 index 000000000000..05328829c80a --- /dev/null +++ b/profiles/hardened/linux/uclibc/arm/armv6j/parent @@ -0,0 +1,3 @@ +../../../../../default/linux/uclibc/arm/armv6j +.. +../.. diff --git a/profiles/hardened/linux/uclibc/arm/armv7a/eapi b/profiles/hardened/linux/uclibc/arm/armv7a/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/arm/armv7a/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/arm/armv7a/parent b/profiles/hardened/linux/uclibc/arm/armv7a/parent new file mode 100644 index 000000000000..7bea4235c084 --- /dev/null +++ b/profiles/hardened/linux/uclibc/arm/armv7a/parent @@ -0,0 +1,3 @@ +../../../../../default/linux/uclibc/arm/armv7a +.. +../.. diff --git a/profiles/hardened/linux/uclibc/arm/eapi b/profiles/hardened/linux/uclibc/arm/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/arm/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/eapi b/profiles/hardened/linux/uclibc/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/make.defaults b/profiles/hardened/linux/uclibc/make.defaults new file mode 100644 index 000000000000..c08f30f5e7f9 --- /dev/null +++ b/profiles/hardened/linux/uclibc/make.defaults @@ -0,0 +1,5 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +USE="${USE} hardened pax_kernel pic -jit -orc" +BOOTSTRAP_USE="${BOOTSTRAP_USE} hardened pax_kernel pic -jit -orc" diff --git a/profiles/hardened/linux/uclibc/mips/eapi b/profiles/hardened/linux/uclibc/mips/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/mips/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/mips/mipsel/eapi b/profiles/hardened/linux/uclibc/mips/mipsel/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/mips/mipsel/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/mips/mipsel/parent b/profiles/hardened/linux/uclibc/mips/mipsel/parent new file mode 100644 index 000000000000..27f3883747a6 --- /dev/null +++ b/profiles/hardened/linux/uclibc/mips/mipsel/parent @@ -0,0 +1,2 @@ +../../../../../default/linux/uclibc/mips/mipsel/ +../.. diff --git a/profiles/hardened/linux/uclibc/mips/parent b/profiles/hardened/linux/uclibc/mips/parent new file mode 100644 index 000000000000..323f100058b2 --- /dev/null +++ b/profiles/hardened/linux/uclibc/mips/parent @@ -0,0 +1,2 @@ +../../../../default/linux/uclibc/mips +.. diff --git a/profiles/hardened/linux/uclibc/ppc/eapi b/profiles/hardened/linux/uclibc/ppc/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/ppc/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/ppc/parent b/profiles/hardened/linux/uclibc/ppc/parent new file mode 100644 index 000000000000..3ad55647a3f7 --- /dev/null +++ b/profiles/hardened/linux/uclibc/ppc/parent @@ -0,0 +1,2 @@ +../../../../default/linux/uclibc/ppc +.. diff --git a/profiles/hardened/linux/uclibc/use.mask b/profiles/hardened/linux/uclibc/use.mask new file mode 100644 index 000000000000..3d0c2a2a416d --- /dev/null +++ b/profiles/hardened/linux/uclibc/use.mask @@ -0,0 +1,4 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +-hardened diff --git a/profiles/hardened/linux/uclibc/x86/eapi b/profiles/hardened/linux/uclibc/x86/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/x86/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/x86/parent b/profiles/hardened/linux/uclibc/x86/parent new file mode 100644 index 000000000000..54abcade7471 --- /dev/null +++ b/profiles/hardened/linux/uclibc/x86/parent @@ -0,0 +1,2 @@ +../../../../default/linux/uclibc/x86 +.. diff --git a/profiles/hardened/linux/use.force b/profiles/hardened/linux/use.force new file mode 100644 index 000000000000..35e56536ec64 --- /dev/null +++ b/profiles/hardened/linux/use.force @@ -0,0 +1,6 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Make sure people don't accidentally turn of ssp/pie in important packages. +pie +ssp diff --git a/profiles/hardened/linux/use.mask b/profiles/hardened/linux/use.mask new file mode 100644 index 000000000000..e3999ad48706 --- /dev/null +++ b/profiles/hardened/linux/use.mask @@ -0,0 +1,13 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +-hardened + +# precompiled headers are not compat with ASLR. +pch + +# prelink is masked for hardened +prelink + +# profile are incompatible when linking with pie +profile diff --git a/profiles/hardened/linux/x86/eapi b/profiles/hardened/linux/x86/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/x86/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/x86/make.defaults b/profiles/hardened/linux/x86/make.defaults new file mode 100644 index 000000000000..98757037073c --- /dev/null +++ b/profiles/hardened/linux/x86/make.defaults @@ -0,0 +1,23 @@ +# Copyright 1999-2012 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +ARCH="x86" +ACCEPT_KEYWORDS="x86" + +CHOST="i686-pc-linux-gnu" +CFLAGS="-march=i686 -O2 -pipe" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" + +USE="nptl" + +# 2006/08/18 - Donnie Berkholz <dberkholz@gentoo.org> +# Defaults for video drivers +VIDEO_CARDS="amdgpu fbdev intel nouveau radeon radeonsi vesa" + +# 2006/12/21 - Andrej Kacian <ticho@gentoo.org> +# Defaults for audio drivers +ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 \ + emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m \ + maestro3 trident usb-audio via82xx via82xx-modem ymfpci" diff --git a/profiles/hardened/linux/x86/package.mask b/profiles/hardened/linux/x86/package.mask new file mode 100644 index 000000000000..a514e8497fe9 --- /dev/null +++ b/profiles/hardened/linux/x86/package.mask @@ -0,0 +1,15 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Rick Farina <zerochaos@gentoo.org> (26 Nov 2012) +# Newer then 300.00 is patched but we still have RWX in the libs. +# We mask X for we still need to make the doc for revdep-pax else +# hell will rule. Propogating change from amd64. +# Bug 433121 +<=x11-drivers/nvidia-drivers-300.00 +#dev-util/nvidia-cuda-sdk +# Need X +media-video/nvidia-settings + +# Depends on x11-drivers/nvidia-drivers +#dev-python/pyopencl diff --git a/profiles/hardened/linux/x86/package.use.mask b/profiles/hardened/linux/x86/package.use.mask new file mode 100644 index 000000000000..c01895ca89e0 --- /dev/null +++ b/profiles/hardened/linux/x86/package.use.mask @@ -0,0 +1,21 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Magnus Granberg <zorry@gentoo.org> (30 sep 2016) +# This target supports VTV #547040. +>=sys-devel/gcc-4.9 -vtv + +# cyrus-sasl doesn't work w/ USE=berkdb (#192753) +dev-libs/cyrus-sasl berkdb + +# Rick Farina <zerochaos@gentoo.org> (26 Nov 2012) +# mask X and tools for we still miss the docs for revdep-pax +# else hell will rule. (RWX in the libs) +# Propogating changes from amd64. +# Bug 433121 +# (static-libs require tools) +x11-drivers/nvidia-drivers X tools static-libs + +# Magnus Granberg <zorry@gentoo.org> (29 Nov 2012) +# Bug #444786 disable nvidia on app-admin/conky +app-admin/conky nvidia diff --git a/profiles/hardened/linux/x86/parent b/profiles/hardened/linux/x86/parent new file mode 100644 index 000000000000..e93ab13e6839 --- /dev/null +++ b/profiles/hardened/linux/x86/parent @@ -0,0 +1,4 @@ +../../../base +../../../default/linux +../../../arch/x86 +.. diff --git a/profiles/hardened/linux/x86/selinux/eapi b/profiles/hardened/linux/x86/selinux/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/x86/selinux/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/x86/selinux/parent b/profiles/hardened/linux/x86/selinux/parent new file mode 100644 index 000000000000..e5c7cefb6826 --- /dev/null +++ b/profiles/hardened/linux/x86/selinux/parent @@ -0,0 +1,2 @@ +.. +../../../../features/selinux diff --git a/profiles/hardened/linux/x86/use.mask b/profiles/hardened/linux/x86/use.mask new file mode 100644 index 000000000000..a9ca50ead416 --- /dev/null +++ b/profiles/hardened/linux/x86/use.mask @@ -0,0 +1,10 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Rick Farina <zerochaos@gentoo.org> 26 Nov 2012 +video_cards_nvidia +# removing mask on nvidia use flag as it is used by monitoring tools +# which may be desireable for cuda users +#nvidia +# adjusting use flag mask as nvidia-drivers are usable for cuda at least +#cuda |