diff options
Diffstat (limited to 'profiles/hardened/linux')
68 files changed, 485 insertions, 0 deletions
diff --git a/profiles/hardened/linux/amd64/2008.0/desktop/parent b/profiles/hardened/linux/amd64/2008.0/desktop/parent new file mode 100644 index 000000000000..ad6c5e126fbb --- /dev/null +++ b/profiles/hardened/linux/amd64/2008.0/desktop/parent @@ -0,0 +1,2 @@ +.. +../../../../../targets/desktop diff --git a/profiles/hardened/linux/amd64/2008.0/developer/parent b/profiles/hardened/linux/amd64/2008.0/developer/parent new file mode 100644 index 000000000000..4c893748ce71 --- /dev/null +++ b/profiles/hardened/linux/amd64/2008.0/developer/parent @@ -0,0 +1,2 @@ +.. +../../../../../targets/developer diff --git a/profiles/hardened/linux/amd64/2008.0/make.defaults b/profiles/hardened/linux/amd64/2008.0/make.defaults new file mode 100644 index 000000000000..faed7bb73f6f --- /dev/null +++ b/profiles/hardened/linux/amd64/2008.0/make.defaults @@ -0,0 +1,9 @@ +# Copyright 1999-2008 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/amd64/2008.0/make.defaults,v 1.1 2008/04/01 17:41:11 wolf31o2 Exp $ + +# STAGE1_USE does not stack +STAGE1_USE="hardened multilib nptl nptlonly pic" + +USE="-nls -unicode" + diff --git a/profiles/hardened/linux/amd64/2008.0/no-multilib/make.defaults b/profiles/hardened/linux/amd64/2008.0/no-multilib/make.defaults new file mode 100644 index 000000000000..b4d6e38047f7 --- /dev/null +++ b/profiles/hardened/linux/amd64/2008.0/no-multilib/make.defaults @@ -0,0 +1,10 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/amd64/2008.0/no-multilib/make.defaults,v 1.1 2008/04/01 17:41:13 wolf31o2 Exp $ + +ARCH="amd64" +ACCEPT_KEYWORDS="${ARCH}" + +MULTILIB_ABIS="amd64" + +STAGE1_USE="hardened nptl nptlonly pic" diff --git a/profiles/hardened/linux/amd64/2008.0/no-multilib/parent b/profiles/hardened/linux/amd64/2008.0/no-multilib/parent new file mode 100644 index 000000000000..52bcba73e7a5 --- /dev/null +++ b/profiles/hardened/linux/amd64/2008.0/no-multilib/parent @@ -0,0 +1,2 @@ +.. +../../../../../features/64bit-native diff --git a/profiles/hardened/linux/amd64/2008.0/parent b/profiles/hardened/linux/amd64/2008.0/parent new file mode 100644 index 000000000000..3c71bf2b8ea0 --- /dev/null +++ b/profiles/hardened/linux/amd64/2008.0/parent @@ -0,0 +1,2 @@ +.. +../../../../releases/2008.0 diff --git a/profiles/hardened/linux/amd64/2008.0/server/parent b/profiles/hardened/linux/amd64/2008.0/server/parent new file mode 100644 index 000000000000..c39901657c87 --- /dev/null +++ b/profiles/hardened/linux/amd64/2008.0/server/parent @@ -0,0 +1,2 @@ +.. +../../../../../targets/server diff --git a/profiles/hardened/linux/amd64/make.defaults b/profiles/hardened/linux/amd64/make.defaults new file mode 100644 index 000000000000..7ca23249aacf --- /dev/null +++ b/profiles/hardened/linux/amd64/make.defaults @@ -0,0 +1,8 @@ +# Copyright 1999-2008 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/amd64/make.defaults,v 1.1 2008/04/01 17:41:11 wolf31o2 Exp $ + +USE="justify" + +CFLAGS="-mtune=k8 -O2 -pipe -fforce-addr" +CXXFLAGS="${CFLAGS}" diff --git a/profiles/hardened/linux/amd64/package.use.mask b/profiles/hardened/linux/amd64/package.use.mask new file mode 100644 index 000000000000..3fcf67462c38 --- /dev/null +++ b/profiles/hardened/linux/amd64/package.use.mask @@ -0,0 +1,10 @@ +# 2007/03/17 - Petteri Räty <betelgeuse@gentoo.org> +# (Proxying for Diego Pettenò <flameeyes@gmail.com>) +# ASIHPI driver is supported on 64-bit systems for newer versions +<media-sound/alsa-driver-1.0.14_rc3 alsa_cards_asihpi + +# missing the necessary linux-headers dep +>=net-fs/netatalk-2.0.3-r3 xfs + +# Mask X USE flag on app-editors/jove; bug 202690 +app-editors/jove X diff --git a/profiles/hardened/linux/amd64/parent b/profiles/hardened/linux/amd64/parent new file mode 100644 index 000000000000..158dd88c5c69 --- /dev/null +++ b/profiles/hardened/linux/amd64/parent @@ -0,0 +1,3 @@ +../../../base +.. +../../../arch/amd64 diff --git a/profiles/hardened/linux/amd64/use.mask b/profiles/hardened/linux/amd64/use.mask new file mode 100644 index 000000000000..a243d27fa129 --- /dev/null +++ b/profiles/hardened/linux/amd64/use.mask @@ -0,0 +1,8 @@ +# Copyright 1999-2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/amd64/use.mask,v 1.1 2008/04/01 17:41:11 wolf31o2 Exp $ + +# nvidia-drivers are masked, this has to be too +video_cards_nvidia +nvidia + diff --git a/profiles/hardened/linux/ia64/2008.0/desktop/parent b/profiles/hardened/linux/ia64/2008.0/desktop/parent new file mode 100644 index 000000000000..ad6c5e126fbb --- /dev/null +++ b/profiles/hardened/linux/ia64/2008.0/desktop/parent @@ -0,0 +1,2 @@ +.. +../../../../../targets/desktop diff --git a/profiles/hardened/linux/ia64/2008.0/developer/parent b/profiles/hardened/linux/ia64/2008.0/developer/parent new file mode 100644 index 000000000000..4c893748ce71 --- /dev/null +++ b/profiles/hardened/linux/ia64/2008.0/developer/parent @@ -0,0 +1,2 @@ +.. +../../../../../targets/developer diff --git a/profiles/hardened/linux/ia64/2008.0/make.defaults b/profiles/hardened/linux/ia64/2008.0/make.defaults new file mode 100644 index 000000000000..80e92282d0f1 --- /dev/null +++ b/profiles/hardened/linux/ia64/2008.0/make.defaults @@ -0,0 +1,9 @@ +# Copyright 1999-2008 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/ia64/2008.0/make.defaults,v 1.1 2008/04/01 17:41:15 wolf31o2 Exp $ + +# STAGE1_USE does not stack +STAGE1_USE="hardened nptl nptlonly pic" + +USE="-nls -unicode" + diff --git a/profiles/hardened/linux/ia64/2008.0/parent b/profiles/hardened/linux/ia64/2008.0/parent new file mode 100644 index 000000000000..3c71bf2b8ea0 --- /dev/null +++ b/profiles/hardened/linux/ia64/2008.0/parent @@ -0,0 +1,2 @@ +.. +../../../../releases/2008.0 diff --git a/profiles/hardened/linux/ia64/2008.0/server/parent b/profiles/hardened/linux/ia64/2008.0/server/parent new file mode 100644 index 000000000000..c39901657c87 --- /dev/null +++ b/profiles/hardened/linux/ia64/2008.0/server/parent @@ -0,0 +1,2 @@ +.. +../../../../../targets/server diff --git a/profiles/hardened/linux/ia64/parent b/profiles/hardened/linux/ia64/parent new file mode 100644 index 000000000000..10d6c4b38690 --- /dev/null +++ b/profiles/hardened/linux/ia64/parent @@ -0,0 +1,3 @@ +../../../base +.. +../../../arch/ia64 diff --git a/profiles/hardened/linux/make.defaults b/profiles/hardened/linux/make.defaults new file mode 100644 index 000000000000..1b1ce2ef68ce --- /dev/null +++ b/profiles/hardened/linux/make.defaults @@ -0,0 +1,7 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/make.defaults,v 1.1 2008/04/01 17:41:10 wolf31o2 Exp $ + +STAGE1_USE="hardened nptl nptlonly pic" + +USE="hardened pic urandom -fortran -iconv" diff --git a/profiles/hardened/linux/package.mask b/profiles/hardened/linux/package.mask new file mode 100644 index 000000000000..eccc86d59983 --- /dev/null +++ b/profiles/hardened/linux/package.mask @@ -0,0 +1,102 @@ +# Copyright 2007 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/package.mask,v 1.1 2008/04/01 17:41:10 wolf31o2 Exp $ + +# >=acml-3.6 depends on gcc-4* +>=sci-libs/acml-3.6 + +# Fails on hardened, bug 187120 +=dev-lang/php-5.2.3-r3 + +# The following packages need =gcc-4* +=net-im/skype-1.4.0* + +# gcc-4* still isn't ready. +=sys-devel/gcc-4* + +# Mask off glibc-2.4 until the approach for SSP compatibilty is +# resolved in a way that doesn't break running systems, and we +# have a sensible upgrade path. Advise having a static busybox +# around if you try it in a live system. +# 2006-03-13 kevquinn +=sys-libs/glibc-2.4* + +# These packages do more harm than good w/ hardened. +# users must now the opensource xorg nv driver with nvidia cards. +# By placing Driver "nv" in xorg.conf +# 2006-06-29 solar +x11-drivers/nvidia-drivers +media-video/nvidia-settings + +# Shouldn't be merging these SELinux packages on this profile +# but this keeps repoman happy since they require >=glibc-2.4 +# 20061009 pebenito +>=sys-libs/libselinux-1.30.29 +>=sys-libs/libsemanage-1.6.17 +>=sys-apps/policycoreutils-1.30.30 +>=sys-apps/checkpolicy-1.30.12 +sec-policy/selinux-acpi +>=sec-policy/selinux-apache-20060101 +>=sec-policy/selinux-arpwatch-20060101 +>=sec-policy/selinux-asterisk-20060101 +>=sec-policy/selinux-audio-entropyd-20060101 +sec-policy/selinux-avahi +>=sec-policy/selinux-base-policy-20060101 +>=sec-policy/selinux-bind-20060101 +sec-policy/selinux-bluez +>=sec-policy/selinux-clamav-20060101 +>=sec-policy/selinux-clockspeed-20060101 +>=sec-policy/selinux-courier-imap-20060101 +sec-policy/selinux-cups +>=sec-policy/selinux-cyrus-sasl-20060101 +>=sec-policy/selinux-daemontools-20060101 +>=sec-policy/selinux-dante-20060101 +sec-policy/selinux-dbus +sec-policy/selinux-desktop +>=sec-policy/selinux-dhcp-20060101 +>=sec-policy/selinux-distcc-20060101 +>=sec-policy/selinux-djbdns-20060101 +sec-policy/selinux-dnsmasq +>=sec-policy/selinux-ftpd-20060101 +sec-policy/selinux-games +>=sec-policy/selinux-gnupg-20060101 +>=sec-policy/selinux-gpm-20060101 +sec-policy/selinux-hal +sec-policy/selinux-inetd +>=sec-policy/selinux-ipsec-tools-20060101 +>=sec-policy/selinux-jabber-server-20060101 +>=sec-policy/selinux-kerberos-20060101 +>=sec-policy/selinux-logrotate-20060101 +sec-policy/selinux-lpd +>=sec-policy/selinux-lvm-20060101 +>=sec-policy/selinux-mdadm-20060101 +sec-policy/selinux-munin +>=sec-policy/selinux-mysql-20060101 +>=sec-policy/selinux-nfs-20060101 +>=sec-policy/selinux-ntop-20060101 +>=sec-policy/selinux-ntp-20060101 +>=sec-policy/selinux-openldap-20060101 +>=sec-policy/selinux-openvpn-20060101 +sec-policy/selinux-pcmcia +>=sec-policy/selinux-portmap-20060101 +>=sec-policy/selinux-postfix-20060101 +>=sec-policy/selinux-postgresql-20060101 +sec-policy/selinux-ppp +>=sec-policy/selinux-privoxy-20060101 +>=sec-policy/selinux-procmail-20060101 +>=sec-policy/selinux-publicfile-20060101 +sec-policy/selinux-pyzor +>=sec-policy/selinux-qmail-20060101 +sec-policy/selinux-razor +>=sec-policy/selinux-samba-20060101 +>=sec-policy/selinux-screen-20060101 +>=sec-policy/selinux-snmpd-20060101 +>=sec-policy/selinux-snort-20060101 +>=sec-policy/selinux-spamassassin-20060101 +>=sec-policy/selinux-squid-20060101 +>=sec-policy/selinux-stunnel-20060101 +>=sec-policy/selinux-sudo-20060101 +sec-policy/selinux-tcpd +>=sec-policy/selinux-tftpd-20060101 +>=sec-policy/selinux-ucspi-tcp-20060101 +>=sec-policy/selinux-wireshark-20060101 diff --git a/profiles/hardened/linux/package.use.mask b/profiles/hardened/linux/package.use.mask new file mode 100644 index 000000000000..8ebcb71dca75 --- /dev/null +++ b/profiles/hardened/linux/package.use.mask @@ -0,0 +1,10 @@ +# Note that this requires portage-2.1.1+ so if you need this functionality, +# make sure your package forces a new-enough portage. + +sys-devel/gcc -hardened +www-apps/mediawiki math + +# Michael Sterrett <mr_bones_@gentoo.org> (30 Aug 2007) +# Security bug #190835 +games-fps/doom-data doomsday +games-fps/freedoom doomsday diff --git a/profiles/hardened/linux/parent b/profiles/hardened/linux/parent new file mode 100644 index 000000000000..77ede2836f49 --- /dev/null +++ b/profiles/hardened/linux/parent @@ -0,0 +1 @@ +../../default/linux diff --git a/profiles/hardened/linux/powerpc/make.defaults b/profiles/hardened/linux/powerpc/make.defaults new file mode 100644 index 000000000000..96cbb6a24aee --- /dev/null +++ b/profiles/hardened/linux/powerpc/make.defaults @@ -0,0 +1,5 @@ +# Copyright 2005-2008 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/powerpc/make.defaults,v 1.1 2008/04/01 17:41:18 wolf31o2 Exp $ + +FEATURES="-sandbox" diff --git a/profiles/hardened/linux/powerpc/package.mask b/profiles/hardened/linux/powerpc/package.mask new file mode 100644 index 000000000000..8817fc5a0d72 --- /dev/null +++ b/profiles/hardened/linux/powerpc/package.mask @@ -0,0 +1,15 @@ +# Copyright 2007 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/powerpc/package.mask,v 1.1 2008/04/01 17:41:18 wolf31o2 Exp $ + +# Wulf C. Krueger <philantrop@gentoo.org> (22 Sep 2007) +# Needs OOo. +app-text/bibus + +# needs masked gcc +=sys-libs/glibc-2.5* +=sys-libs/glibc-2.6* +=sys-libs/glibc-2.7* + +# Requires glibc 2.4 or better +games-strategy/ufo-ai diff --git a/profiles/hardened/linux/powerpc/parent b/profiles/hardened/linux/powerpc/parent new file mode 100644 index 000000000000..728caca769b3 --- /dev/null +++ b/profiles/hardened/linux/powerpc/parent @@ -0,0 +1,3 @@ +../../../base +.. +../../../arch/powerpc diff --git a/profiles/hardened/linux/powerpc/ppc32/2008.0/desktop/parent b/profiles/hardened/linux/powerpc/ppc32/2008.0/desktop/parent new file mode 100644 index 000000000000..db8ce088c69a --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc32/2008.0/desktop/parent @@ -0,0 +1,2 @@ +.. +../../../../../../targets/desktop diff --git a/profiles/hardened/linux/powerpc/ppc32/2008.0/developer/parent b/profiles/hardened/linux/powerpc/ppc32/2008.0/developer/parent new file mode 100644 index 000000000000..5c8258a71e32 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc32/2008.0/developer/parent @@ -0,0 +1,2 @@ +.. +../../../../../../targets/developer diff --git a/profiles/hardened/linux/powerpc/ppc32/2008.0/make.defaults b/profiles/hardened/linux/powerpc/ppc32/2008.0/make.defaults new file mode 100644 index 000000000000..144c58ca4ef2 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc32/2008.0/make.defaults @@ -0,0 +1,9 @@ +# Copyright 1999-2008 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/powerpc/ppc32/2008.0/make.defaults,v 1.1 2008/04/01 17:41:19 wolf31o2 Exp $ + +# STAGE1_USE does not stack +STAGE1_USE="hardened nptl nptlonly pic" + +USE="-nls -unicode" + diff --git a/profiles/hardened/linux/powerpc/ppc32/2008.0/parent b/profiles/hardened/linux/powerpc/ppc32/2008.0/parent new file mode 100644 index 000000000000..cfe87f7ad5be --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc32/2008.0/parent @@ -0,0 +1,2 @@ +.. +../../../../../releases/2008.0 diff --git a/profiles/hardened/linux/powerpc/ppc32/2008.0/server/parent b/profiles/hardened/linux/powerpc/ppc32/2008.0/server/parent new file mode 100644 index 000000000000..2e085a6e45cc --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc32/2008.0/server/parent @@ -0,0 +1,2 @@ +.. +../../../../../../targets/server diff --git a/profiles/hardened/linux/powerpc/ppc32/parent b/profiles/hardened/linux/powerpc/ppc32/parent new file mode 100644 index 000000000000..2c428f5da065 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc32/parent @@ -0,0 +1,2 @@ +.. +../../../../arch/powerpc diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/desktop/parent b/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/desktop/parent new file mode 100644 index 000000000000..fae96e8d36b2 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/desktop/parent @@ -0,0 +1,2 @@ +.. +../../../../../../../targets/desktop diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/developer/parent b/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/developer/parent new file mode 100644 index 000000000000..4bb06e409236 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/developer/parent @@ -0,0 +1,2 @@ +.. +../../../../../../../targets/developer diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/make.defaults b/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/make.defaults new file mode 100644 index 000000000000..c6fedb2a2c50 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/make.defaults @@ -0,0 +1,8 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/make.defaults,v 1.1 2008/04/01 17:41:23 wolf31o2 Exp $ + +# All extra USE/etc should be specified in sub-profiles. +# DO NOT POLLUTE USE ON THIS PROFILE. + +ACCEPT_KEYWORDS="-* ${ARCH}" diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/parent b/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/parent new file mode 100644 index 000000000000..7947ae88c017 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/parent @@ -0,0 +1,2 @@ +.. +../../../../../../features/32bit-userland diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/server/parent b/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/server/parent new file mode 100644 index 000000000000..8c11cb52782f --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/server/parent @@ -0,0 +1,2 @@ +.. +../../../../../../../targets/server diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/use.mask b/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/use.mask new file mode 100644 index 000000000000..9b09de2deaf0 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/32bit-userland/use.mask @@ -0,0 +1,2 @@ +# We mask this since we're not really a multilib profile +multilib diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/desktop/parent b/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/desktop/parent new file mode 100644 index 000000000000..fae96e8d36b2 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/desktop/parent @@ -0,0 +1,2 @@ +.. +../../../../../../../targets/desktop diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/developer/parent b/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/developer/parent new file mode 100644 index 000000000000..4bb06e409236 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/developer/parent @@ -0,0 +1,2 @@ +.. +../../../../../../../targets/developer diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/parent b/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/parent new file mode 100644 index 000000000000..2479a24f890a --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/parent @@ -0,0 +1,2 @@ +.. +../../../../../../features/64bit-native diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/server/parent b/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/server/parent new file mode 100644 index 000000000000..8c11cb52782f --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/server/parent @@ -0,0 +1,2 @@ +.. +../../../../../../../targets/server diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/use.mask b/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/use.mask new file mode 100644 index 000000000000..6c918ff219d7 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/use.mask @@ -0,0 +1,2 @@ +# We mask this since we don't have a stable sys-process/audit yet +audit diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/virtuals b/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/virtuals new file mode 100644 index 000000000000..39ec233b50ff --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/virtuals @@ -0,0 +1,5 @@ +# Copyright 2004-2008 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/powerpc/ppc64/2008.0/64bit-userland/virtuals,v 1.1 2008/04/01 17:41:26 wolf31o2 Exp $ + +virtual/bootloader sys-boot/yaboot-static diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/desktop/parent b/profiles/hardened/linux/powerpc/ppc64/2008.0/desktop/parent new file mode 100644 index 000000000000..db8ce088c69a --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/desktop/parent @@ -0,0 +1,2 @@ +.. +../../../../../../targets/desktop diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/developer/parent b/profiles/hardened/linux/powerpc/ppc64/2008.0/developer/parent new file mode 100644 index 000000000000..5c8258a71e32 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/developer/parent @@ -0,0 +1,2 @@ +.. +../../../../../../targets/developer diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/make.defaults b/profiles/hardened/linux/powerpc/ppc64/2008.0/make.defaults new file mode 100644 index 000000000000..cf0f6ce1543d --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/make.defaults @@ -0,0 +1,9 @@ +# Copyright 1999-2008 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/powerpc/ppc64/2008.0/make.defaults,v 1.1 2008/04/01 17:41:22 wolf31o2 Exp $ + +# STAGE1_USE does not stack +STAGE1_USE="hardened nptl nptlonly pic" + +USE="-nls -unicode" + diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/parent b/profiles/hardened/linux/powerpc/ppc64/2008.0/parent new file mode 100644 index 000000000000..cfe87f7ad5be --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/parent @@ -0,0 +1,2 @@ +.. +../../../../../releases/2008.0 diff --git a/profiles/hardened/linux/powerpc/ppc64/2008.0/server/parent b/profiles/hardened/linux/powerpc/ppc64/2008.0/server/parent new file mode 100644 index 000000000000..2e085a6e45cc --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/2008.0/server/parent @@ -0,0 +1,2 @@ +.. +../../../../../../targets/server diff --git a/profiles/hardened/linux/powerpc/ppc64/package.use.mask b/profiles/hardened/linux/powerpc/ppc64/package.use.mask new file mode 100644 index 000000000000..ded15bcafd5e --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/package.use.mask @@ -0,0 +1,6 @@ +# Diego Pettenò <flameeyes@gentoo.org> (10 Nov 2007) +# Tests for Linux-PAM 0.99 require >=sys-libs/glibc-2.4 +=sys-libs/pam-0.99* test +#Brent Baude <ranger@gentoo.org> (1 Feb 2008) +# Masking hb and hb2 USE flags as no suitable solution for evms exists +sys-fs/evms hb hb2 diff --git a/profiles/hardened/linux/powerpc/ppc64/parent b/profiles/hardened/linux/powerpc/ppc64/parent new file mode 100644 index 000000000000..cc638282d9d2 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/parent @@ -0,0 +1,3 @@ +.. +../../../../arch/powerpc/ppc64 +../../../../features/64bit-native diff --git a/profiles/hardened/linux/powerpc/ppc64/use.mask b/profiles/hardened/linux/powerpc/ppc64/use.mask new file mode 100644 index 000000000000..da7f5c1759b4 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/use.mask @@ -0,0 +1,58 @@ +# this is a list of USE flags +# that should not be used on PPC64 +# Tom Gall <tgall@gentoo.org> manages this list +mplayer +ruby + +# should be ok +jikes +junit + +guile + +# need to test libaio +aio +# needs some asm written +ocaml + +# until media-libs/portaudio is keyworded for ppc64 +portaudio + +# mask mozilla/firefox (bug #108020) +mozilla +firefox +seamonkey + +# 2006/03/20 - Donnie Berkholz <dberkholz@gentoo.org> +# Modular X: mask for architectures on which they aren't available +video_cards_apm +video_cards_ark +video_cards_cyrix +video_cards_i128 +video_cards_i740 +video_cards_i810 +video_cards_neomagic +video_cards_nsc +video_cards_rendition +video_cards_siliconmotion +video_cards_sis +video_cards_tga +video_cards_tseng +video_cards_vesa +video_cards_vga +video_cards_via + +# Masked p2p for bug #155302 <josejx@gentoo.org> +p2p + +# 02 Dec 2006; Tony Vroon <chainsaw@gentoo.org> +# Keywording wpa_supplicant, but I don't have madwifi(-ng) hardware to test with, only BCM4306. +madwifi + +# mask qt4 (does not work) - bug #178779 +qt4 + +# USE=audit masked prior to testing on alpha, arm, hppa, ppc64, s390, sh. +# Bug #184563, 18 Sep 2007 +# Robin H. Johnson <robbat2@gentoo.org> +audit diff --git a/profiles/hardened/linux/powerpc/ppc64/virtuals b/profiles/hardened/linux/powerpc/ppc64/virtuals new file mode 100644 index 000000000000..0bd052c5a3dd --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/virtuals @@ -0,0 +1,5 @@ +# Copyright 2005 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/powerpc/ppc64/virtuals,v 1.1 2008/04/01 17:41:22 wolf31o2 Exp $ + +virtual/bootloader sys-boot/yaboot-static diff --git a/profiles/hardened/linux/use.mask b/profiles/hardened/linux/use.mask new file mode 100644 index 000000000000..8d68abcd9a9d --- /dev/null +++ b/profiles/hardened/linux/use.mask @@ -0,0 +1,21 @@ +# Copyright 1999-2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/use.mask,v 1.1 2008/04/01 17:41:10 wolf31o2 Exp $ + +emul-linux-x86 + +x264 + +# lvm2 clustered use flags (moved from default-linux) +clvm +gulm +cman + +# tcc is x86-only +tcc + +# precompiled headers are not compat with ASLR. +pch + +# we love this stuff +-hardened diff --git a/profiles/hardened/linux/virtuals b/profiles/hardened/linux/virtuals new file mode 100644 index 000000000000..3bf8dc109dc5 --- /dev/null +++ b/profiles/hardened/linux/virtuals @@ -0,0 +1,6 @@ +# Copyright 1999-2005 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/virtuals,v 1.1 2008/04/01 17:41:10 wolf31o2 Exp $ + +virtual/alsa sys-kernel/hardened-sources +virtual/linux-sources sys-kernel/hardened-sources diff --git a/profiles/hardened/linux/x86/2008.0/desktop/parent b/profiles/hardened/linux/x86/2008.0/desktop/parent new file mode 100644 index 000000000000..ad6c5e126fbb --- /dev/null +++ b/profiles/hardened/linux/x86/2008.0/desktop/parent @@ -0,0 +1,2 @@ +.. +../../../../../targets/desktop diff --git a/profiles/hardened/linux/x86/2008.0/developer/parent b/profiles/hardened/linux/x86/2008.0/developer/parent new file mode 100644 index 000000000000..4c893748ce71 --- /dev/null +++ b/profiles/hardened/linux/x86/2008.0/developer/parent @@ -0,0 +1,2 @@ +.. +../../../../../targets/developer diff --git a/profiles/hardened/linux/x86/2008.0/make.defaults b/profiles/hardened/linux/x86/2008.0/make.defaults new file mode 100644 index 000000000000..3675827476af --- /dev/null +++ b/profiles/hardened/linux/x86/2008.0/make.defaults @@ -0,0 +1,9 @@ +# Copyright 1999-2008 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/x86/2008.0/make.defaults,v 1.1 2008/04/01 17:41:31 wolf31o2 Exp $ + +# STAGE1_USE does not stack +STAGE1_USE="hardened nptl nptlonly pic" + +USE="-nls -unicode" + diff --git a/profiles/hardened/linux/x86/2008.0/no-nptl/parent b/profiles/hardened/linux/x86/2008.0/no-nptl/parent new file mode 100644 index 000000000000..0627a62b5353 --- /dev/null +++ b/profiles/hardened/linux/x86/2008.0/no-nptl/parent @@ -0,0 +1,2 @@ +.. +../../../../../features/no-nptl diff --git a/profiles/hardened/linux/x86/2008.0/parent b/profiles/hardened/linux/x86/2008.0/parent new file mode 100644 index 000000000000..3c71bf2b8ea0 --- /dev/null +++ b/profiles/hardened/linux/x86/2008.0/parent @@ -0,0 +1,2 @@ +.. +../../../../releases/2008.0 diff --git a/profiles/hardened/linux/x86/2008.0/server/parent b/profiles/hardened/linux/x86/2008.0/server/parent new file mode 100644 index 000000000000..c39901657c87 --- /dev/null +++ b/profiles/hardened/linux/x86/2008.0/server/parent @@ -0,0 +1,2 @@ +.. +../../../../../targets/server diff --git a/profiles/hardened/linux/x86/make.defaults b/profiles/hardened/linux/x86/make.defaults new file mode 100644 index 000000000000..3e5381b68285 --- /dev/null +++ b/profiles/hardened/linux/x86/make.defaults @@ -0,0 +1,25 @@ +# Copyright 1999-2006 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/x86/make.defaults,v 1.1 2008/04/01 17:41:30 wolf31o2 Exp $ + +ARCH="x86" +ACCEPT_KEYWORDS="x86" + +CHOST="i486-pc-linux-gnu" +CFLAGS="-O2 -mcpu=i486 -pipe -fforce-addr" +CXXFLAGS="${CFLAGS}" + +USE="berkdb crypt hardened nls nptl nptlonly pam pic readline ssl tcpd zlib" + +# 2006/08/18 - Donnie Berkholz <dberkholz@gentoo.org> +# Defaults for video drivers +VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt \ + mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage \ + siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware \ + voodoo" + +# 2006/12/21 - Andrej Kacian <ticho@gentoo.org> +# Defaults for audio drivers +ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 \ + emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m \ + maestro3 trident usb-audio via82xx via82xx-modem ymfpci" diff --git a/profiles/hardened/linux/x86/minimal/make.defaults b/profiles/hardened/linux/x86/minimal/make.defaults new file mode 100644 index 000000000000..7231ba0b372c --- /dev/null +++ b/profiles/hardened/linux/x86/minimal/make.defaults @@ -0,0 +1,15 @@ +# Copyright 2007 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/x86/minimal/make.defaults,v 1.1 2008/04/01 17:41:34 wolf31o2 Exp $ + +# - TESTING PROFILE - TESTING PROFILE - +# ------ USE AT YOUR OWN RISK ------ + +USE="-* crypt hardened minimal multicall ncurses pic readline zlib" +PORTDIR=/usr/portage +PKGDIR=${PORTDIR}/packages/${ARCH}/ + +CFLAGS="-Os -pipe" +CXXFLAGS="${CFLAGS}" +FEATURES="nodoc noinfo noman" + diff --git a/profiles/hardened/linux/x86/minimal/parent b/profiles/hardened/linux/x86/minimal/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/x86/minimal/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/x86/minimal/use.mask b/profiles/hardened/linux/x86/minimal/use.mask new file mode 100644 index 000000000000..6645969ef058 --- /dev/null +++ b/profiles/hardened/linux/x86/minimal/use.mask @@ -0,0 +1,2 @@ +pam +nls diff --git a/profiles/hardened/linux/x86/minimal/virtuals b/profiles/hardened/linux/x86/minimal/virtuals new file mode 100644 index 000000000000..590fb8492d5a --- /dev/null +++ b/profiles/hardened/linux/x86/minimal/virtuals @@ -0,0 +1 @@ +virtual/ssh net-misc/dropbear diff --git a/profiles/hardened/linux/x86/package.mask b/profiles/hardened/linux/x86/package.mask new file mode 100644 index 000000000000..b5f9676cde7c --- /dev/null +++ b/profiles/hardened/linux/x86/package.mask @@ -0,0 +1,12 @@ +# Copyright 2006-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/x86/package.mask,v 1.1 2008/04/01 17:41:30 wolf31o2 Exp $ + +# Markus Ullmann <jokey@gentoo.org> (18 Apr 2007) +# mask because of b0rkage with hardened compiler, works with vanilla compiler +# see bug #174813 +app-emulation/virtualbox + +# Christian Faulhammer <opfer@gentoo.org> (05 Dec 2006) +# this version is badly broken on x86, see bug #153280 +~app-arch/rpm-4.4.7 diff --git a/profiles/hardened/linux/x86/package.use.mask b/profiles/hardened/linux/x86/package.use.mask new file mode 100644 index 000000000000..88395cf62321 --- /dev/null +++ b/profiles/hardened/linux/x86/package.use.mask @@ -0,0 +1,10 @@ +# This file requires >=portage-2.1.1 + +# cyrus-sasl doesn't work w/ USE=berkdb (#192753) +dev-libs/cyrus-sasl berkdb + +# missing the necessary linux-headers dep +>=net-fs/netatalk-2.0.3-r3 xfs + +# needs sys-process/audit which is masked by this profile +sys-libs/pam audit diff --git a/profiles/hardened/linux/x86/parent b/profiles/hardened/linux/x86/parent new file mode 100644 index 000000000000..03cb31cedb03 --- /dev/null +++ b/profiles/hardened/linux/x86/parent @@ -0,0 +1,3 @@ +../../../base +.. +../../../arch/x86 diff --git a/profiles/hardened/linux/x86/use.mask b/profiles/hardened/linux/x86/use.mask new file mode 100644 index 000000000000..f4df12c2e405 --- /dev/null +++ b/profiles/hardened/linux/x86/use.mask @@ -0,0 +1,8 @@ +# Copyright 1999-2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/x86/use.mask,v 1.1 2008/04/01 17:41:30 wolf31o2 Exp $ + +# nvidia-drivers are masked, this has to be too +video_cards_nvidia +nvidia + |