diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
| commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
| tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /profiles/hardened | |
| download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip | |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'profiles/hardened')
172 files changed, 1291 insertions, 0 deletions
diff --git a/profiles/hardened/README b/profiles/hardened/README new file mode 100644 index 000000000000..202df5eb8f83 --- /dev/null +++ b/profiles/hardened/README @@ -0,0 +1,6 @@ + +Note that the hardened/arches profiles have been deprecated in +favor of the hardened/linux/arches profiles. Please use a supported +profile which you can list using "eselect profile list" and select +with "eselect profile set #". + diff --git a/profiles/hardened/eapi b/profiles/hardened/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/eapi b/profiles/hardened/linux/amd64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/make.defaults b/profiles/hardened/linux/amd64/make.defaults new file mode 100644 index 000000000000..714a1892d3f2 --- /dev/null +++ b/profiles/hardened/linux/amd64/make.defaults @@ -0,0 +1,10 @@ +# Copyright 1999-2012 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +USE="justify -pic" + +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" diff --git a/profiles/hardened/linux/amd64/no-multilib/eapi b/profiles/hardened/linux/amd64/no-multilib/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/no-multilib/make.defaults b/profiles/hardened/linux/amd64/no-multilib/make.defaults new file mode 100644 index 000000000000..7eee20a40b2e --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/make.defaults @@ -0,0 +1,15 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# We don't need to have pic on +USE="-pic" + +ARCH="amd64" +ACCEPT_KEYWORDS="${ARCH}" + +MULTILIB_ABIS="amd64" + +# Mirror profile/amd64/no-multilib/make.defaults +USE_EXPAND_HIDDEN="ABI_X86" + diff --git a/profiles/hardened/linux/amd64/no-multilib/package.mask b/profiles/hardened/linux/amd64/no-multilib/package.mask new file mode 100644 index 000000000000..b5d07af5dc5d --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/package.mask @@ -0,0 +1,186 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# These are broken as reported by Halcy0n, Aug, 23, 2011 +net-misc/teamviewer +dev-lang/rebol-bin + +games-action/brutal-legend +games-action/hotline-miami +games-action/trine2 +games-action/swordandsworcery +games-action/beathazardultra +games-action/solar2 +games-arcade/dynamitejack +games-kids/crayon-physics +games-misc/katawa-shoujo +games-misc/papers-please +games-rpg/dungeon-defenders +games-rpg/bastion +games-rpg/wasteland2 + +# Mirror profile/amd64/no-multilib/package.mask +app-accessibility/mbrola +app-accessibility/perlbox-voice +app-arch/stuffit +app-benchmarks/cpuburn +=app-editors/emacs-18* +app-emulation/crossover-bin +app-emulation/crossover-office-bin +app-emulation/crossover-office-pro-bin +app-emulation/playonlinux +app-emulation/q4wine +app-emulation/virtualbox +app-emulation/virtualbox-extpack-oracle +app-emulation/virtualbox-guest-additions +app-emulation/vmware-player +>=app-i18n/atokx3-3.0.0 +app-office/ooextras +app-emulation/winetricks +app-emulation/wine-doors +app-text/acroread +dev-embedded/libftd2xx +dev-embedded/openocd +>=dev-java/sun-j2me-bin-2.5.2.01 +dev-lang/dmd-bin +dev-lang/icc +dev-lang/idb +dev-lang/ifc +dev-perl/Archive-Rar +dev-python/skype4py +dev-util/android-sdk-update-manager +dev-util/android-studio +dev-util/biew +games-action/awesomenauts +games-action/cs2d +games-action/descent3 +games-action/descent3-demo +games-action/heretic2 +games-action/heretic2-demo +games-action/intrusion2 +games-action/lugaru +games-action/lugaru-demo +games-action/mutantstorm-demo +games-action/phobiaii +games-action/rune +games-action/shadowgrounds-bin +games-action/shadowgrounds-survivor-bin +games-action/spacetripper-demo +games-arcade/aquaria +games-arcade/barbarian-bin +games-arcade/jardinains +games-arcade/gish-demo +games-arcade/thinktanks-demo +games-emulation/caps +games-emulation/nestra +games-emulation/zinc +games-emulation/zsnes +games-fps/avp +games-fps/doom3-cdoom +games-fps/doom3-chextrek +games-fps/doom3-data +games-fps/doom3-demo +games-fps/doom3-ducttape +games-fps/doom3-eventhorizon +games-fps/doom3-hellcampaign +games-fps/doom3-inhell +games-fps/doom3-lms +games-fps/doom3-mitm +games-fps/doom3-phantasm +games-fps/doom3-roe +games-fps/doom3 +games-fps/enemy-territory-etpro +games-fps/enemy-territory-fortress +games-fps/enemy-territory-omnibot +games-fps/enemy-territory-truecombat +games-fps/enemy-territory +games-fps/etqw-bin +games-fps/etqw-data +games-fps/etqw-demo +games-fps/glxquake-bin +games-fps/legends +games-fps/postal2 +games-fps/postal2mp-demo +games-fps/quake3-bin +games-fps/quake3-demo +games-fps/quake3-ra3 +games-fps/quake4-bin +games-fps/quake4-data +games-fps/quake4-demo +games-fps/rtcw +games-fps/rtcwmp-demo +games-fps/rtcwsp-demo +games-fps/sauerbraten +games-fps/serious-sam-tfe +games-fps/serious-sam-tse +games-fps/soldieroffortune +games-fps/soldieroffortune-demo +games-fps/unreal-tournament +games-fps/ut2003 +games-fps/ut2003-demo +games-fps/ut2004-demo +games-misc/little-inferno +games-puzzle/drod-bin +games-puzzle/hoh-bin +games-roguelike/adom +games-roguelike/dwarf-fortress +games-rpg/dear-esther +games-rpg/eschalon-book-1-demo +games-rpg/nwmouse +games-rpg/nwmovies +games-rpg/nwn +games-rpg/nwn-cep +games-rpg/nwn-data +games-rpg/nwn-penultima +games-rpg/nwn-penultimarerolled +games-rpg/nwn-shadowlordsdreamcatcherdemon +games-rpg/rain-slick +games-rpg/sacred-gold +games-server/etqw-ded +games-server/nwn-ded +games-server/ut2003-ded +games-simulation/bcs-demo +games-strategy/coldwar +games-strategy/coldwar-demo +games-strategy/darwinia +games-strategy/darwinia-demo +games-strategy/defcon-demo +games-strategy/dominions2 +games-strategy/dominions2-demo +games-strategy/heroes3 +games-strategy/heroes3-demo +games-strategy/majesty-demo +games-strategy/savage-bin +games-strategy/smac +games-strategy/spaz +media-fonts/acroread-asianfonts +media-sound/aucdtect +media-sound/shoutcast-server-bin +media-sound/shoutcast-trans-bin +media-sound/skype-call-recorder +media-sound/ventrilo-server-bin +media-video/binkplayer +media-video/tsmuxer +net-im/skype +net-im/skypetab-ng +net-misc/icaclient +net-misc/ps3mediaserver +net-print/cndrvcups-common-lb +net-print/cndrvcups-lb +sci-biology/foldingathome +sci-electronics/eagle +sci-chemistry/cara-bin +sci-chemistry/cyana +sci-chemistry/icm +sci-chemistry/icm-browser +sci-chemistry/mars +sci-chemistry/xdsgui +sci-chemistry/xdsstat-bin +sci-libs/ipp +sys-apps/memtest86 +sys-apps/memtest86+ +sys-libs/lib-compat-loki +www-plugins/nspluginwrapper +www-plugins/pipelight +<sys-boot/grub-1.99 diff --git a/profiles/hardened/linux/amd64/no-multilib/package.use.force b/profiles/hardened/linux/amd64/no-multilib/package.use.force new file mode 100644 index 000000000000..8be8c78d337a --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/package.use.force @@ -0,0 +1,7 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Alexandre Rostovtsev <tetromino@gentoo.org> (24 Jun 2012) +# Force 64-bit parts of wine, bug #351436 +app-emulation/wine win64 diff --git a/profiles/hardened/linux/amd64/no-multilib/package.use.mask b/profiles/hardened/linux/amd64/no-multilib/package.use.mask new file mode 100644 index 000000000000..140a2982bee0 --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/package.use.mask @@ -0,0 +1,15 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Mirror profile/amd64/no-multilib/package.use.mask +# Alexandre Rostovtsev <tetromino@gentoo.org> (24 Jun 2012) +# Disable 32-bit parts of wine, bug #351436 +app-emulation/wine mono win32 + +# Apr 28, 2008 Sébastien Fabbro <bicatali@gentoo.org> +# ifc masked +sci-libs/acml ifc + +# Intel Integrated Primitive (sci-libs/ipp) support +media-libs/opencv ipp diff --git a/profiles/hardened/linux/amd64/no-multilib/parent b/profiles/hardened/linux/amd64/no-multilib/parent new file mode 100644 index 000000000000..8305c3556463 --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/parent @@ -0,0 +1,2 @@ +.. +../../../../features/64bit-native diff --git a/profiles/hardened/linux/amd64/no-multilib/selinux/eapi b/profiles/hardened/linux/amd64/no-multilib/selinux/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/selinux/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/no-multilib/selinux/parent b/profiles/hardened/linux/amd64/no-multilib/selinux/parent new file mode 100644 index 000000000000..933e67923d1a --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/selinux/parent @@ -0,0 +1,2 @@ +.. +../../../../../features/selinux diff --git a/profiles/hardened/linux/amd64/no-multilib/use.mask b/profiles/hardened/linux/amd64/no-multilib/use.mask new file mode 100644 index 000000000000..1bf536f714e0 --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/use.mask @@ -0,0 +1,24 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Mask the multilib flags back for non-multilib profile. +abi_x86_32 + +# Mirror profile/amd64/no-multilib/use.mask + +# 2007/08/29 Christoph Mende <angelos@gentoo.org> +# app-accessibility/mbrola is x86 only +mbrola + +# 2007/08/24 Michael Marineau <marineam@gentoo.org> +# Xen HVM support requires building 32-bit binaries. +hvm + +# 2009/05/11 Doug Goldstein <cardoe@gentoo.org> +# Mask 32bit since this will always require emulation packages +32bit + +# Matt Turner <mattst88@gentoo.org) (10 Feb 2012) +# mask d3d since wine is 32-bit +d3d diff --git a/profiles/hardened/linux/amd64/package.mask b/profiles/hardened/linux/amd64/package.mask new file mode 100644 index 000000000000..e6af48aa3029 --- /dev/null +++ b/profiles/hardened/linux/amd64/package.mask @@ -0,0 +1,25 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Magnus Granberg <zorry@gentoo.org> (20 Nov 2012) +# Newer then 300.00 is patched but we still have RWX in the libs. +# We mask X for we still need to make the doc for revdep-pax else +# hell will rule. +# Bug 433121 +<=x11-drivers/nvidia-drivers-300.00 +#dev-util/nvidia-cuda-sdk +# Need X +media-video/nvidia-settings + +# Depends on x11-drivers/nvidia-drivers +#dev-python/pyopencl + +# Cernlib has address space issues on amd64 and package is no +# longer supported by upstream. Thus masking it and its reverse +# dependencies. +# See bug 426764. +sci-physics/cernlib +sci-physics/cernlib-montecarlo +sci-physics/geant:3 +sci-physics/paw diff --git a/profiles/hardened/linux/amd64/package.use b/profiles/hardened/linux/amd64/package.use new file mode 100644 index 000000000000..513bf365794b --- /dev/null +++ b/profiles/hardened/linux/amd64/package.use @@ -0,0 +1,14 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015) +# We need to have the pic flag on. +# Bugs 490276, 513464, 523736 and 512208. +media-libs/x264 pic +media-video/ffmpeg pic +media-video/libav pic +=media-libs/mesa-9.2.5-r1 pic +>=media-libs/mesa-10.1.6 pic +media-libs/libpostproc pic +>=media-libs/xvid-1.3.3 pic diff --git a/profiles/hardened/linux/amd64/package.use.force b/profiles/hardened/linux/amd64/package.use.force new file mode 100644 index 000000000000..6f2a93a406e8 --- /dev/null +++ b/profiles/hardened/linux/amd64/package.use.force @@ -0,0 +1,8 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015) +# We need to have the pic flag on. +# Bugs 358929 +app-emulation/open-vm-tools pic diff --git a/profiles/hardened/linux/amd64/package.use.mask b/profiles/hardened/linux/amd64/package.use.mask new file mode 100644 index 000000000000..077c82c5067b --- /dev/null +++ b/profiles/hardened/linux/amd64/package.use.mask @@ -0,0 +1,37 @@ +# Copyright 1999-2013 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# When you add an entry to the top of this file, add your name, the date, and +# an explanation of why something is getting masked. Please be extremely +# careful not to commit atoms that are not valid, as it can cause large-scale +# breakage, especially if it ends up in the daily snapshot. +# +## Example: +## +## # Dev E. Loper <developer@gentoo.org> (28 Jun 2012) +## # Masking foo USE flag until we can get the +## # foo stuff to work properly again (bug 12345) +## =media-video/mplayer-0.90_pre5 foo +## =media-video/mplayer-0.90_pre5-r1 foo + +# Kacper Kowalik <xarthisius@gentoo.org> (29 Jul 2011) +# mask assembler as it currently doesn't work +dev-lang/path64 assembler + +# Magnus Granberg <zorry@gentoo.org> (20 Nov 2012) +# mask X for we still mis the docs for revdep-pax +# else hell will rule. (RWX in the libs) +# Bug 433121 +# also mask tools as it requires X -zerochaos +x11-drivers/nvidia-drivers X tools + +# Magnus Granberg <zorry@gentoo.org> (29 Nov 2012) +# Bug #444786 disable nvidia on app-admin/conky +app-admin/conky nvidia + +# Cernlib has address space issues on amd64 and package is no +# longer supported by upstream. Thus masking it and its reverse +# dependencies. +# See bugs 426764, 556612. +=sci-physics/geant-4.9.4* geant3 diff --git a/profiles/hardened/linux/amd64/package.use.stable.mask b/profiles/hardened/linux/amd64/package.use.stable.mask new file mode 100644 index 000000000000..8d03e5c72d9f --- /dev/null +++ b/profiles/hardened/linux/amd64/package.use.stable.mask @@ -0,0 +1,11 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Ben de Groot <yngwin@gentoo.org (19 Apr 2015) +# >=opus-1.0.3 is still not stable (bug 500868) +media-video/vlc opus + +# Tom Wijsman <TomWij@gentoo.org> (06 Feb 2014) +# [QA] Masked jit USE flag on www-apps/cgit as dev-lang/luajit is not stable. +www-apps/cgit jit diff --git a/profiles/hardened/linux/amd64/parent b/profiles/hardened/linux/amd64/parent new file mode 100644 index 000000000000..f2e50ba2cf4e --- /dev/null +++ b/profiles/hardened/linux/amd64/parent @@ -0,0 +1,4 @@ +../../../base +../../../default/linux +../../../arch/amd64 +.. diff --git a/profiles/hardened/linux/amd64/selinux/eapi b/profiles/hardened/linux/amd64/selinux/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/selinux/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/selinux/parent b/profiles/hardened/linux/amd64/selinux/parent new file mode 100644 index 000000000000..e5c7cefb6826 --- /dev/null +++ b/profiles/hardened/linux/amd64/selinux/parent @@ -0,0 +1,2 @@ +.. +../../../../features/selinux diff --git a/profiles/hardened/linux/amd64/use.mask b/profiles/hardened/linux/amd64/use.mask new file mode 100644 index 000000000000..1746d4f90aa4 --- /dev/null +++ b/profiles/hardened/linux/amd64/use.mask @@ -0,0 +1,11 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Rick Farina <zerochaos@gentoo.org> 26 Nov 2012 +video_cards_nvidia +# removing mask on nvidia use flag as it is used by monitoring tools +# which may be desireable for cuda users +#nvidia +# adjusting use flag mask as nvidia-drivers are usable for cuda at least +#cuda diff --git a/profiles/hardened/linux/amd64/x32/eapi b/profiles/hardened/linux/amd64/x32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/x32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/x32/make.defaults b/profiles/hardened/linux/amd64/x32/make.defaults new file mode 100644 index 000000000000..b8afc24ba6da --- /dev/null +++ b/profiles/hardened/linux/amd64/x32/make.defaults @@ -0,0 +1,5 @@ +# Copyright 1999-2012 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +CHOST="x86_64-pc-linux-gnux32" diff --git a/profiles/hardened/linux/amd64/x32/parent b/profiles/hardened/linux/amd64/x32/parent new file mode 100644 index 000000000000..f49ba262d9e9 --- /dev/null +++ b/profiles/hardened/linux/amd64/x32/parent @@ -0,0 +1,3 @@ +.. +../../../../features/multilib +../../../../arch/amd64/x32 diff --git a/profiles/hardened/linux/arm/armv4/eapi b/profiles/hardened/linux/arm/armv4/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/armv4/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/armv4/parent b/profiles/hardened/linux/arm/armv4/parent new file mode 100644 index 000000000000..4c317660c403 --- /dev/null +++ b/profiles/hardened/linux/arm/armv4/parent @@ -0,0 +1,4 @@ +../../../../base +../../../../default/linux +../../../../arch/arm/armv4 +.. diff --git a/profiles/hardened/linux/arm/armv4t/eapi b/profiles/hardened/linux/arm/armv4t/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/armv4t/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/armv4t/parent b/profiles/hardened/linux/arm/armv4t/parent new file mode 100644 index 000000000000..c970fcdfaf20 --- /dev/null +++ b/profiles/hardened/linux/arm/armv4t/parent @@ -0,0 +1,4 @@ +../../../../base +../../../../default/linux +../../../../arch/arm/armv4t +.. diff --git a/profiles/hardened/linux/arm/armv5te/eapi b/profiles/hardened/linux/arm/armv5te/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/armv5te/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/armv5te/parent b/profiles/hardened/linux/arm/armv5te/parent new file mode 100644 index 000000000000..5f182c779d32 --- /dev/null +++ b/profiles/hardened/linux/arm/armv5te/parent @@ -0,0 +1,4 @@ +../../../../base +../../../../default/linux +../../../../arch/arm/armv5te +.. diff --git a/profiles/hardened/linux/arm/armv6j/eapi b/profiles/hardened/linux/arm/armv6j/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/armv6j/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/armv6j/parent b/profiles/hardened/linux/arm/armv6j/parent new file mode 100644 index 000000000000..3204d16ca17f --- /dev/null +++ b/profiles/hardened/linux/arm/armv6j/parent @@ -0,0 +1,4 @@ +../../../../base +../../../../default/linux +../../../../arch/arm/armv6j +.. diff --git a/profiles/hardened/linux/arm/armv7a/eapi b/profiles/hardened/linux/arm/armv7a/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/armv7a/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/armv7a/parent b/profiles/hardened/linux/arm/armv7a/parent new file mode 100644 index 000000000000..e6df25feb3ee --- /dev/null +++ b/profiles/hardened/linux/arm/armv7a/parent @@ -0,0 +1,4 @@ +../../../../base +../../../../default/linux +../../../../arch/arm/armv7a +.. diff --git a/profiles/hardened/linux/arm/armv7a/selinux/eapi b/profiles/hardened/linux/arm/armv7a/selinux/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/armv7a/selinux/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/armv7a/selinux/parent b/profiles/hardened/linux/arm/armv7a/selinux/parent new file mode 100644 index 000000000000..933e67923d1a --- /dev/null +++ b/profiles/hardened/linux/arm/armv7a/selinux/parent @@ -0,0 +1,2 @@ +.. +../../../../../features/selinux diff --git a/profiles/hardened/linux/arm/eapi b/profiles/hardened/linux/arm/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/arm/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/arm/package.mask b/profiles/hardened/linux/arm/package.mask new file mode 100644 index 000000000000..c97146ed3396 --- /dev/null +++ b/profiles/hardened/linux/arm/package.mask @@ -0,0 +1,13 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Anthony G. Basile <blueness@gentoo.org> (08 May 2015) +# Mask gcc 4.8 and above pending the fix of bug #518598 +=sys-devel/gcc-4.8* +=sys-devel/gcc-4.9* +=sys-devel/gcc-5.1* + +# >=sys-libs/glibc-2.20 requires >=sys-devel/gcc-4.8, +# so we mask it as well pending the fix of bug #518598 +>=sys-libs/glibc-2.20 diff --git a/profiles/hardened/linux/arm/parent b/profiles/hardened/linux/arm/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/arm/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/eapi b/profiles/hardened/linux/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/ia64/eapi b/profiles/hardened/linux/ia64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/ia64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/ia64/make.defaults b/profiles/hardened/linux/ia64/make.defaults new file mode 100644 index 000000000000..85d06747a1b2 --- /dev/null +++ b/profiles/hardened/linux/ia64/make.defaults @@ -0,0 +1,3 @@ +# Copyright 1999-2011 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ diff --git a/profiles/hardened/linux/ia64/parent b/profiles/hardened/linux/ia64/parent new file mode 100644 index 000000000000..8683acb05b19 --- /dev/null +++ b/profiles/hardened/linux/ia64/parent @@ -0,0 +1,4 @@ +../../../base +../../../default/linux +../../../arch/ia64 +.. diff --git a/profiles/hardened/linux/make.defaults b/profiles/hardened/linux/make.defaults new file mode 100644 index 000000000000..0b68105a9df8 --- /dev/null +++ b/profiles/hardened/linux/make.defaults @@ -0,0 +1,16 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org> (16 Nov 2011) +# Rename STAGE1_USE to BOOTSTRAP_USE and stack it to the parent value +BOOTSTRAP_USE="${BOOTSTRAP_USE} hardened pax_kernel pic xtpax -jit -orc" + +USE="hardened pax_kernel pic urandom xattr xtpax -fortran -jit -orc" + +# Ian Stakenvicius, 2014-09-03 +# Set a variable just to indicate that the current profile is a hardened one +# This variable can be leveraged in ebuilds for pkg_postinst messages that +# indicate said package is, say, configured in a way that defeats the purpose +# of running hardened. +PROFILE_IS_HARDENED=1 diff --git a/profiles/hardened/linux/mips/eapi b/profiles/hardened/linux/mips/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/eapi b/profiles/hardened/linux/mips/mipsel/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/multilib/eapi b/profiles/hardened/linux/mips/mipsel/multilib/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/multilib/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/multilib/n32/eapi b/profiles/hardened/linux/mips/mipsel/multilib/n32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/multilib/n32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/multilib/n32/parent b/profiles/hardened/linux/mips/mipsel/multilib/n32/parent new file mode 100644 index 000000000000..96eb536b7f68 --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/multilib/n32/parent @@ -0,0 +1,2 @@ +../../../../../../default/linux/mips/13.0/mipsel/multilib/n32 +.. diff --git a/profiles/hardened/linux/mips/mipsel/multilib/n64/eapi b/profiles/hardened/linux/mips/mipsel/multilib/n64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/multilib/n64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/multilib/n64/parent b/profiles/hardened/linux/mips/mipsel/multilib/n64/parent new file mode 100644 index 000000000000..64bafbbc37bf --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/multilib/n64/parent @@ -0,0 +1,2 @@ +../../../../../../default/linux/mips/13.0/mipsel/multilib/n64 +.. diff --git a/profiles/hardened/linux/mips/mipsel/multilib/parent b/profiles/hardened/linux/mips/mipsel/multilib/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/multilib/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/mips/mipsel/n32/eapi b/profiles/hardened/linux/mips/mipsel/n32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/n32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/n32/parent b/profiles/hardened/linux/mips/mipsel/n32/parent new file mode 100644 index 000000000000..3798606e4f94 --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/n32/parent @@ -0,0 +1,2 @@ +../../../../../default/linux/mips/13.0/mipsel/n32 +.. diff --git a/profiles/hardened/linux/mips/mipsel/n64/eapi b/profiles/hardened/linux/mips/mipsel/n64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/n64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/mipsel/n64/parent b/profiles/hardened/linux/mips/mipsel/n64/parent new file mode 100644 index 000000000000..2a1971504aa1 --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/n64/parent @@ -0,0 +1,2 @@ +../../../../../default/linux/mips/13.0/mipsel/n64 +.. diff --git a/profiles/hardened/linux/mips/mipsel/parent b/profiles/hardened/linux/mips/mipsel/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/mips/mipsel/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/mips/multilib/eapi b/profiles/hardened/linux/mips/multilib/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/multilib/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/multilib/n32/eapi b/profiles/hardened/linux/mips/multilib/n32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/multilib/n32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/multilib/n32/parent b/profiles/hardened/linux/mips/multilib/n32/parent new file mode 100644 index 000000000000..1c6cb6de7296 --- /dev/null +++ b/profiles/hardened/linux/mips/multilib/n32/parent @@ -0,0 +1,2 @@ +../../../../../default/linux/mips/13.0/multilib/n32 +.. diff --git a/profiles/hardened/linux/mips/multilib/n64/eapi b/profiles/hardened/linux/mips/multilib/n64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/multilib/n64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/multilib/n64/parent b/profiles/hardened/linux/mips/multilib/n64/parent new file mode 100644 index 000000000000..abca1bea0c38 --- /dev/null +++ b/profiles/hardened/linux/mips/multilib/n64/parent @@ -0,0 +1,2 @@ +../../../../../default/linux/mips/13.0/multilib/n64 +.. diff --git a/profiles/hardened/linux/mips/multilib/parent b/profiles/hardened/linux/mips/multilib/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/mips/multilib/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/mips/n32/eapi b/profiles/hardened/linux/mips/n32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/n32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/n32/parent b/profiles/hardened/linux/mips/n32/parent new file mode 100644 index 000000000000..4503d56fcf5f --- /dev/null +++ b/profiles/hardened/linux/mips/n32/parent @@ -0,0 +1,2 @@ +../../../../default/linux/mips/13.0/n32 +.. diff --git a/profiles/hardened/linux/mips/n64/eapi b/profiles/hardened/linux/mips/n64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/mips/n64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/mips/n64/parent b/profiles/hardened/linux/mips/n64/parent new file mode 100644 index 000000000000..822543c78747 --- /dev/null +++ b/profiles/hardened/linux/mips/n64/parent @@ -0,0 +1,2 @@ +../../../../default/linux/mips/13.0/n64 +.. diff --git a/profiles/hardened/linux/mips/parent b/profiles/hardened/linux/mips/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/mips/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/amd64/eapi b/profiles/hardened/linux/musl/amd64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/amd64/make.defaults b/profiles/hardened/linux/musl/amd64/make.defaults new file mode 100644 index 000000000000..29634fdb7bfe --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/make.defaults @@ -0,0 +1,25 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +ARCH="amd64" +ACCEPT_KEYWORDS="${ARCH}" + +CHOST="x86_64-gentoo-linux-musl" +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" + +# Anthony G. Basile <blueness@gentoo.org> (01 Jul 2014) +# Multilib-related setup, bug #515130 +ABI="amd64" +DEFAULT_ABI="amd64" +MULTILIB_ABIS="amd64" +CHOST_amd64=${CHOST} +LIBDIR_amd64="lib" +IUSE_IMPLICIT="abi_x86_64" + +# Anthony G. Basile <blueness@gentoo.org> (26 Jan 2013) +# Unhide the CPU_FLAGS_X86 USE_EXPANDs. +USE_EXPAND_HIDDEN="-CPU_FLAGS_X86" diff --git a/profiles/hardened/linux/musl/amd64/package.mask b/profiles/hardened/linux/musl/amd64/package.mask new file mode 100644 index 000000000000..c466e72b3283 --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/package.mask @@ -0,0 +1,14 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# +# Alfredo Tupone <tupone@gentoo.org> (02 Feb 2013) +# Depending on masked packages +# +games-strategy/dominions2-demo + +# Ulrich Müller <ulm@gentoo.org> (18 Mar 2013) +# Packages that rely on multilib +=app-editors/emacs-18* +net-misc/icaclient diff --git a/profiles/hardened/linux/musl/amd64/parent b/profiles/hardened/linux/musl/amd64/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/amd64/use.force b/profiles/hardened/linux/musl/amd64/use.force new file mode 100644 index 000000000000..8797d43832d2 --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/use.force @@ -0,0 +1,7 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Force the flag which corresponds to arch/abi, bug #515130 +amd64 +abi_x86_64 diff --git a/profiles/hardened/linux/musl/amd64/use.mask b/profiles/hardened/linux/musl/amd64/use.mask new file mode 100644 index 000000000000..69af217624cb --- /dev/null +++ b/profiles/hardened/linux/musl/amd64/use.mask @@ -0,0 +1,46 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Force the flag which corresponds to arch/abi, bug #515130 +-amd64 +-abi_x86_64 + +# unmask all SIMD assembler flags +-mmx +-mmxext +-sse +-sse2 +-sse3 +-sse4 +-sse4a +-ssse3 +-3dnow +-3dnowext +-cpu_flags_x86_3dnow +-cpu_flags_x86_3dnowext +-cpu_flags_x86_aes +-cpu_flags_x86_avx +-cpu_flags_x86_avx2 +-cpu_flags_x86_fma3 +-cpu_flags_x86_fma4 +-cpu_flags_x86_mmx +-cpu_flags_x86_mmxext +-cpu_flags_x86_padlock +-cpu_flags_x86_popcnt +-cpu_flags_x86_sse +-cpu_flags_x86_sse2 +-cpu_flags_x86_sse3 +-cpu_flags_x86_sse4_1 +-cpu_flags_x86_sse4_2 +-cpu_flags_x86_sse4a +-cpu_flags_x86_ssse3 +-cpu_flags_x86_xop + +# Lilo works on amd64 +-lilo + +# These work +-input_devices_synaptics +-input_devices_wacom +-video_cards_qxl diff --git a/profiles/hardened/linux/musl/arm/armv7a/eapi b/profiles/hardened/linux/musl/arm/armv7a/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/arm/armv7a/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/arm/armv7a/make.defaults b/profiles/hardened/linux/musl/arm/armv7a/make.defaults new file mode 100644 index 000000000000..2110554c576b --- /dev/null +++ b/profiles/hardened/linux/musl/arm/armv7a/make.defaults @@ -0,0 +1,9 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +CHOST="armv7a-hardfloat-linux-musleabi" +CFLAGS="-O2 -pipe -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" diff --git a/profiles/hardened/linux/musl/arm/armv7a/parent b/profiles/hardened/linux/musl/arm/armv7a/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/arm/armv7a/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/arm/eapi b/profiles/hardened/linux/musl/arm/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/arm/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/arm/make.defaults b/profiles/hardened/linux/musl/arm/make.defaults new file mode 100644 index 000000000000..b747d8716372 --- /dev/null +++ b/profiles/hardened/linux/musl/arm/make.defaults @@ -0,0 +1,12 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +ARCH="arm" +ACCEPT_KEYWORDS="${ARCH}" + +CHOST="arm-unknown-linux-musleabi" +CFLAGS="-O2" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" diff --git a/profiles/hardened/linux/musl/arm/package.mask b/profiles/hardened/linux/musl/arm/package.mask new file mode 100644 index 000000000000..56c5f228bf93 --- /dev/null +++ b/profiles/hardened/linux/musl/arm/package.mask @@ -0,0 +1,9 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Anthony G. Basile <blueness@gentoo.org> (08 May 2015) +# Mask gcc 4.8 and above pending the fix of bug #518598 +=sys-devel/gcc-4.8* +=sys-devel/gcc-4.9* +=sys-devel/gcc-5.1* diff --git a/profiles/hardened/linux/musl/arm/parent b/profiles/hardened/linux/musl/arm/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/arm/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/arm/use.force b/profiles/hardened/linux/musl/arm/use.force new file mode 100644 index 000000000000..fe0460b9e5cf --- /dev/null +++ b/profiles/hardened/linux/musl/arm/use.force @@ -0,0 +1,6 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Force the flag which corresponds to ARCH. +arm diff --git a/profiles/hardened/linux/musl/arm/use.mask b/profiles/hardened/linux/musl/arm/use.mask new file mode 100644 index 000000000000..aa8fa3bd2e0f --- /dev/null +++ b/profiles/hardened/linux/musl/arm/use.mask @@ -0,0 +1,6 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Unmask the flag which corresponds to ARCH. +-arm diff --git a/profiles/hardened/linux/musl/eapi b/profiles/hardened/linux/musl/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/make.defaults b/profiles/hardened/linux/musl/make.defaults new file mode 100644 index 000000000000..4c6b3d5ce197 --- /dev/null +++ b/profiles/hardened/linux/musl/make.defaults @@ -0,0 +1,16 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +ELIBC="musl" + +FEATURES="sandbox sfperms strict" + +USE="hardened nptl pax_kernel pic unicode xattr -berkdb -jit -orc" +BOOTSTRAP_USE="${BOOTSTRAP_USE} hardened nptl pax_kernel pic -berkdb -jit -nls -orc" + +SYMLINK_LIB="no" + +# TODO: fix so musl doesn't generate this for all packages +# that use a charset, it causes package collisons. +INSTALL_MASK="charset.alias" diff --git a/profiles/hardened/linux/musl/mips/eapi b/profiles/hardened/linux/musl/mips/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/mips/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/mips/make.defaults b/profiles/hardened/linux/musl/mips/make.defaults new file mode 100644 index 000000000000..04c30a65e93d --- /dev/null +++ b/profiles/hardened/linux/musl/mips/make.defaults @@ -0,0 +1,21 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +ARCH="mips" +ACCEPT_KEYWORDS="${ARCH} ~${ARCH}" + +CHOST="mips-gentoo-linux-musl" +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" + +# Anthony G. Basile <blueness@gentoo.org> (01 Jul 2014) +# Multilib-related setup, bug #515130 +ABI="o32" +DEFAULT_ABI="o32" +MULTILIB_ABIS="o32" +CHOST_o32=${CHOST} +LIBDIR_o32="lib" +IUSE_IMPLICIT="abi_mips_o32" diff --git a/profiles/hardened/linux/musl/mips/mipsel/eapi b/profiles/hardened/linux/musl/mips/mipsel/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/mips/mipsel/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/mips/mipsel/make.defaults b/profiles/hardened/linux/musl/mips/mipsel/make.defaults new file mode 100644 index 000000000000..f24306b9244a --- /dev/null +++ b/profiles/hardened/linux/musl/mips/mipsel/make.defaults @@ -0,0 +1,10 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +CHOST="mipsel-gentoo-linux-musl" +CHOST_o32=${CHOST} + +# Disable sandbox because its currently broken on mipsel-musl +FEATURES="-sandbox" + diff --git a/profiles/hardened/linux/musl/mips/mipsel/parent b/profiles/hardened/linux/musl/mips/mipsel/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/mips/mipsel/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/mips/package.mask b/profiles/hardened/linux/musl/mips/package.mask new file mode 100644 index 000000000000..625d50f9f213 --- /dev/null +++ b/profiles/hardened/linux/musl/mips/package.mask @@ -0,0 +1,6 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +dev-util/pkgconfig +>sys-apps/kbd-1.15.5-r99 diff --git a/profiles/hardened/linux/musl/mips/package.use.force b/profiles/hardened/linux/musl/mips/package.use.force new file mode 100644 index 000000000000..972c4bff1640 --- /dev/null +++ b/profiles/hardened/linux/musl/mips/package.use.force @@ -0,0 +1,2 @@ +# The only working option +dev-util/pkgconf pkg-config diff --git a/profiles/hardened/linux/musl/mips/parent b/profiles/hardened/linux/musl/mips/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/mips/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/mips/use.force b/profiles/hardened/linux/musl/mips/use.force new file mode 100644 index 000000000000..ea76c4b361d4 --- /dev/null +++ b/profiles/hardened/linux/musl/mips/use.force @@ -0,0 +1,7 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Force the flag which corresponds to arch/abi, bug #515130 +mips +abi_mips_o32 diff --git a/profiles/hardened/linux/musl/mips/use.mask b/profiles/hardened/linux/musl/mips/use.mask new file mode 100644 index 000000000000..6d2acc5ac2cb --- /dev/null +++ b/profiles/hardened/linux/musl/mips/use.mask @@ -0,0 +1,7 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Unmask the flag which corresponds to arch/abi, bug #515130 +-mips +-abi_mips_o32 diff --git a/profiles/hardened/linux/musl/package.mask b/profiles/hardened/linux/musl/package.mask new file mode 100644 index 000000000000..94b1dcb7c386 --- /dev/null +++ b/profiles/hardened/linux/musl/package.mask @@ -0,0 +1,31 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +sys-libs/uclibc +sys-libs/glibc + +# We mask these until we sort out bug #544476. +>sys-kernel/linux-headers-3.16 + +# We use eudev which is tested on both uclibc and musl +sys-apps/systemd +sys-fs/udev +# +dev-libs/elfutils +sys-libs/pam + +# packages with a hard dep on sys-libs/glibc +games-action/descent3 +games-action/descent3-demo +games-action/lugaru +games-action/lugaru-demo +games-action/shadowgrounds-bin +games-action/shadowgrounds-survivor-bin +games-action/trine-bin +games-arcade/marbleblastgold-demo +games-puzzle/world-of-goo +games-puzzle/world-of-goo-demo +games-strategy/defcon-demo +games-strategy/knights-demo +games-strategy/majesty-demo diff --git a/profiles/hardened/linux/musl/package.use.mask b/profiles/hardened/linux/musl/package.use.mask new file mode 100644 index 000000000000..6c3b2441ac17 --- /dev/null +++ b/profiles/hardened/linux/musl/package.use.mask @@ -0,0 +1,14 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# See bug #504200 +sys-devel/gcc sanitize + +# These cause collisions with <libintl.h> +# even with --without-included-gettext +sys-devel/gettext nls +sys-fs/e2fsprogs nls + +# Broken +dev-vcs/git gpg diff --git a/profiles/hardened/linux/musl/packages b/profiles/hardened/linux/musl/packages new file mode 100644 index 000000000000..cfe33a1c9b3e --- /dev/null +++ b/profiles/hardened/linux/musl/packages @@ -0,0 +1,7 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +*app-misc/pax-utils +*sys-apps/sandbox +-*sys-apps/man-pages diff --git a/profiles/hardened/linux/musl/packages.build b/profiles/hardened/linux/musl/packages.build new file mode 100644 index 000000000000..d62198d24693 --- /dev/null +++ b/profiles/hardened/linux/musl/packages.build @@ -0,0 +1,11 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# This file lists extra packages needed to build for +# a stage 1 based on this profile. + +dev-util/pkgconf +sys-apps/attr +sys-apps/sandbox +dev-python/pyxattr diff --git a/profiles/hardened/linux/musl/parent b/profiles/hardened/linux/musl/parent new file mode 100644 index 000000000000..be0b656ea9a8 --- /dev/null +++ b/profiles/hardened/linux/musl/parent @@ -0,0 +1,2 @@ +../../../base +../../../default/linux diff --git a/profiles/hardened/linux/musl/ppc/eapi b/profiles/hardened/linux/musl/ppc/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/ppc/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/ppc/make.defaults b/profiles/hardened/linux/musl/ppc/make.defaults new file mode 100644 index 000000000000..fb93eadb01b7 --- /dev/null +++ b/profiles/hardened/linux/musl/ppc/make.defaults @@ -0,0 +1,19 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +ARCH="ppc" +ACCEPT_KEYWORDS="${ARCH}" + +CHOST="powerpc-gentoo-linux-musl" +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" + +ABI="ppc" +DEFAULT_ABI="ppc" +MULTILIB_ABIS="ppc" +CHOST_ppc=${CHOST} +LIBDIR_ppc="lib" +IUSE_IMPLICIT="abi_ppc_32" diff --git a/profiles/hardened/linux/musl/ppc/package.mask b/profiles/hardened/linux/musl/ppc/package.mask new file mode 100644 index 000000000000..56345622fa74 --- /dev/null +++ b/profiles/hardened/linux/musl/ppc/package.mask @@ -0,0 +1,2 @@ +# gcc-4.8 still doesn't work on ppc musl +>sys-devel/gcc-4.8 diff --git a/profiles/hardened/linux/musl/ppc/parent b/profiles/hardened/linux/musl/ppc/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/ppc/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/ppc/use.force b/profiles/hardened/linux/musl/ppc/use.force new file mode 100644 index 000000000000..f2f4a2520f12 --- /dev/null +++ b/profiles/hardened/linux/musl/ppc/use.force @@ -0,0 +1,9 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Force the flag which corresponds to ARCH. +ppc + +# Force the flag corresponding to the only ABI. +abi_ppc_32 diff --git a/profiles/hardened/linux/musl/ppc/use.mask b/profiles/hardened/linux/musl/ppc/use.mask new file mode 100644 index 000000000000..a12f97358bc9 --- /dev/null +++ b/profiles/hardened/linux/musl/ppc/use.mask @@ -0,0 +1,9 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 +# $Id$ + +# Unmask the flag which corresponds to ARCH. +-ppc + +# Unmask the flag corresponding to the only ABI. +-abi_ppc_32 diff --git a/profiles/hardened/linux/musl/use.force b/profiles/hardened/linux/musl/use.force new file mode 100644 index 000000000000..a17916dbf71b --- /dev/null +++ b/profiles/hardened/linux/musl/use.force @@ -0,0 +1,5 @@ +# Copyright 1999-2013 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +elibc_musl diff --git a/profiles/hardened/linux/musl/use.mask b/profiles/hardened/linux/musl/use.mask new file mode 100644 index 000000000000..c5a6463c4f2b --- /dev/null +++ b/profiles/hardened/linux/musl/use.mask @@ -0,0 +1,11 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +pam + +-elibc_musl +elibc_uclibc +elibc_glibc + +-hardened diff --git a/profiles/hardened/linux/musl/x86/eapi b/profiles/hardened/linux/musl/x86/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/musl/x86/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/musl/x86/make.defaults b/profiles/hardened/linux/musl/x86/make.defaults new file mode 100644 index 000000000000..9007af355c6d --- /dev/null +++ b/profiles/hardened/linux/musl/x86/make.defaults @@ -0,0 +1,25 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +ARCH="x86" +ACCEPT_KEYWORDS="${ARCH}" + +CHOST="i686-gentoo-linux-musl" +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" + +# Anthony G. Basile <blueness@gentoo.org> (01 Jul 2014) +# Multilib-related setup, bug #515130 +ABI="x86" +DEFAULT_ABI="x86" +MULTILIB_ABIS="x86" +CHOST_x86=${CHOST} +LIBDIR_x86="lib" +IUSE_IMPLICIT="abi_x86_32" + +# Anthony G. Basile <blueness@gentoo.org> (26 Jan 2013) +# Unhide the CPU_FLAGS_X86 USE_EXPANDs. +USE_EXPAND_HIDDEN="-CPU_FLAGS_X86" diff --git a/profiles/hardened/linux/musl/x86/parent b/profiles/hardened/linux/musl/x86/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/musl/x86/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/musl/x86/use.force b/profiles/hardened/linux/musl/x86/use.force new file mode 100644 index 000000000000..b3521bb84a00 --- /dev/null +++ b/profiles/hardened/linux/musl/x86/use.force @@ -0,0 +1,7 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Force the flag which corresponds to arch/abi, bug #515130 +x86 +abi_x86_32 diff --git a/profiles/hardened/linux/musl/x86/use.mask b/profiles/hardened/linux/musl/x86/use.mask new file mode 100644 index 000000000000..91cbef719eb8 --- /dev/null +++ b/profiles/hardened/linux/musl/x86/use.mask @@ -0,0 +1,41 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 +# $Id$ + +# Force the flag which corresponds to arch/abi, bug #515130 +-x86 +-abi_x86_32 + +# unmask all SIMD assembler flags +-mmx +-mmxext +-sse +-sse2 +-sse3 +-sse4 +-sse4a +-ssse3 +-3dnow +-3dnowext +-cpu_flags_x86_3dnow +-cpu_flags_x86_3dnowext +-cpu_flags_x86_aes +-cpu_flags_x86_avx +-cpu_flags_x86_avx2 +-cpu_flags_x86_fma3 +-cpu_flags_x86_fma4 +-cpu_flags_x86_mmx +-cpu_flags_x86_mmxext +-cpu_flags_x86_padlock +-cpu_flags_x86_popcnt +-cpu_flags_x86_sse +-cpu_flags_x86_sse2 +-cpu_flags_x86_sse3 +-cpu_flags_x86_sse4_1 +-cpu_flags_x86_sse4_2 +-cpu_flags_x86_sse4a +-cpu_flags_x86_ssse3 +-cpu_flags_x86_xop + +# Masked on all profiles but x86, bug #458354 +-video_cards_geode diff --git a/profiles/hardened/linux/package.mask b/profiles/hardened/linux/package.mask new file mode 100644 index 000000000000..ba917fdb9eff --- /dev/null +++ b/profiles/hardened/linux/package.mask @@ -0,0 +1,33 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Hardened versions of gcc-4.0* through gcc-4.2* are not available. +=sys-devel/gcc-4.0* +=sys-devel/gcc-4.1* +=sys-devel/gcc-4.2* + +# =sys-devel/gdb-7.0 is not hardened-ready according to xake & Zorry. +# sys-devel/gdb-7.1 works fine +# 2010-03-26 zorry +=sys-devel/gdb-7.0* + +# Can't be used on hardened. See upstream, +# http://developer.skype.com/jira/browse/SCL-616 +media-sound/skype-call-recorder +net-im/skype +net-im/skypetab-ng +dev-python/skype4py + +# >=sci-libs/acml-3.6 requires gcc-4.2. +>=sci-libs/acml-3.6 + +# broken on hardened, use sys-apps/elfix to fix gnustack +sys-devel/prelink +# depends on prelink +app-crypt/hmaccalc + +# OpenAFS kernel module is not compatible with hardened kernels +# due to C99 struct init requirement by hardened kernels, +# see bug 540196 comment 9. +net-fs/openafs-kernel diff --git a/profiles/hardened/linux/package.use.force b/profiles/hardened/linux/package.use.force new file mode 100644 index 000000000000..9d29b58c0d4e --- /dev/null +++ b/profiles/hardened/linux/package.use.force @@ -0,0 +1,12 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Kacper Kowalik <xarthisius@gentoo.org> (24 Aug 2011) +# Force hardened flag to make repoman happy +app-emulation/wine hardened + +# Needed for XATTR_PAX flags +app-arch/tar xattr +sys-apps/coreutils xattr +sys-apps/portage xattr diff --git a/profiles/hardened/linux/package.use.mask b/profiles/hardened/linux/package.use.mask new file mode 100644 index 000000000000..151c3cc81b8c --- /dev/null +++ b/profiles/hardened/linux/package.use.mask @@ -0,0 +1,29 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Tim Harder <radhermit@gentoo.org> (11 Oct 2014) +# Skype doesn't work on hardened +net-im/bitlbee skype + +sys-apps/hwloc gl + +sys-devel/gcc -hardened +sys-libs/glibc -hardened + +# bug 407689 +media-tv/xbmc profile + +# Have no way to disable jit in esr release. +=www-client/firefox-10* pgo + +# bug #468404 +net-analyzer/wireshark profile + +# Ian Stakenvicius <axs@gentoo.org> (03 Dec 2014) +# Have no way of knowing what Gecko Media Plugins will install in profiles +www-client/firefox gmp-autoupdate + +# net-fs/openafs-kernel module can't be used on hardened, +# see bug 540196. +net-fs/openafs modules diff --git a/profiles/hardened/linux/packages b/profiles/hardened/linux/packages new file mode 100644 index 000000000000..65000b7fbfb8 --- /dev/null +++ b/profiles/hardened/linux/packages @@ -0,0 +1,8 @@ +# Copyright 1999-2013 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# This file extends the base packages file for all hardened profiles + +*sys-apps/paxctl +*sys-apps/elfix diff --git a/profiles/hardened/linux/parent b/profiles/hardened/linux/parent new file mode 100644 index 000000000000..6560aecc119d --- /dev/null +++ b/profiles/hardened/linux/parent @@ -0,0 +1 @@ +../../releases/13.0 diff --git a/profiles/hardened/linux/powerpc/eapi b/profiles/hardened/linux/powerpc/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/powerpc/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/powerpc/make.defaults b/profiles/hardened/linux/powerpc/make.defaults new file mode 100644 index 000000000000..71839e40ad9a --- /dev/null +++ b/profiles/hardened/linux/powerpc/make.defaults @@ -0,0 +1,5 @@ +# Copyright 2005-2008 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +FEATURES="-sandbox" diff --git a/profiles/hardened/linux/powerpc/package.mask b/profiles/hardened/linux/powerpc/package.mask new file mode 100644 index 000000000000..8771f1dff681 --- /dev/null +++ b/profiles/hardened/linux/powerpc/package.mask @@ -0,0 +1,8 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Wulf C. Krueger <philantrop@gentoo.org> (22 Sep 2007) +# Needs OOo. +app-text/bibus + diff --git a/profiles/hardened/linux/powerpc/package.use.mask b/profiles/hardened/linux/powerpc/package.use.mask new file mode 100644 index 000000000000..9b6e65acf510 --- /dev/null +++ b/profiles/hardened/linux/powerpc/package.use.mask @@ -0,0 +1,3 @@ +# Diego Pettenò <flameeyes@gentoo.org> (10 Nov 2007) +# Tests for Linux-PAM 0.99 require >=sys-libs/glibc-2.4 +>=sys-libs/pam-0.99.8 test diff --git a/profiles/hardened/linux/powerpc/parent b/profiles/hardened/linux/powerpc/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/hardened/linux/powerpc/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/hardened/linux/powerpc/ppc32/eapi b/profiles/hardened/linux/powerpc/ppc32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/powerpc/ppc32/make.defaults b/profiles/hardened/linux/powerpc/ppc32/make.defaults new file mode 100644 index 000000000000..85d06747a1b2 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc32/make.defaults @@ -0,0 +1,3 @@ +# Copyright 1999-2011 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ diff --git a/profiles/hardened/linux/powerpc/ppc32/parent b/profiles/hardened/linux/powerpc/ppc32/parent new file mode 100644 index 000000000000..227873e978fb --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc32/parent @@ -0,0 +1,2 @@ +../../../../default/linux/powerpc/ppc32 +.. diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/eapi b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/make.defaults b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/make.defaults new file mode 100644 index 000000000000..6a6ffbfa9394 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/make.defaults @@ -0,0 +1,8 @@ +# Copyright 1999-2010 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# All extra USE/etc should be specified in sub-profiles. +# DO NOT POLLUTE USE ON THIS PROFILE. + +ACCEPT_KEYWORDS="-* ${ARCH}" diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/package.mask b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/package.mask new file mode 100644 index 000000000000..fb619961e6db --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/package.mask @@ -0,0 +1,3 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/package.use.mask b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/package.use.mask new file mode 100644 index 000000000000..bf28f291960a --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/package.use.mask @@ -0,0 +1,7 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Kacper Kowalik <xarthisius@gentoo.org> (25 Apr 2012) +# Masking due to unsolved dependencies +app-admin/puppet rrdtool diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/parent b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/parent new file mode 100644 index 000000000000..926c3281b862 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/parent @@ -0,0 +1,2 @@ +.. +../../../../../features/32bit-userland diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/use.force b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/use.force new file mode 100644 index 000000000000..142b1d66e519 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/use.force @@ -0,0 +1,9 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Force the flag which corresponds to ARCH. +ppc + +# Unforce the flag which corresponds to the 64-bit ARCH. +-ppc64 diff --git a/profiles/hardened/linux/powerpc/ppc64/32bit-userland/use.mask b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/use.mask new file mode 100644 index 000000000000..ddde044c3eb2 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/32bit-userland/use.mask @@ -0,0 +1,12 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# We mask this since we're not really a multilib profile +multilib + +# Unmask the flag which corresponds to ARCH. +-ppc + +# Mask the flag which corresponds to the 64-bit ARCH. +ppc64 diff --git a/profiles/hardened/linux/powerpc/ppc64/64bit-userland/eapi b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/powerpc/ppc64/64bit-userland/package.use.mask b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/package.use.mask new file mode 100644 index 000000000000..e4b81ff562ac --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/package.use.mask @@ -0,0 +1,8 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Kacper Kowalik <xarthisius@gentoo.org> (25 Apr 2012) +# Masking wrt bug 274847 and other unsolved +# dependencies +app-admin/conky apcupsd xmms2 hddtemp diff --git a/profiles/hardened/linux/powerpc/ppc64/64bit-userland/parent b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/parent new file mode 100644 index 000000000000..52bcba73e7a5 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/parent @@ -0,0 +1,2 @@ +.. +../../../../../features/64bit-native diff --git a/profiles/hardened/linux/powerpc/ppc64/64bit-userland/use.mask b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/use.mask new file mode 100644 index 000000000000..26f21e518311 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/64bit-userland/use.mask @@ -0,0 +1,10 @@ +# We mask this since we don't have a stable sys-process/audit yet +audit + +# Mirror mask from nonhardened 64ul on app-admin/hddtemp +hddtemp + +# Mirror mask from nonhardened 64ul on media-plugins/frei0r-plugins +# Kacper Kowalik <xarthisius@gentoo.org> (10 Aug 2011) +# Masking frei0r wrt bug #365451 +frei0r diff --git a/profiles/hardened/linux/powerpc/ppc64/eapi b/profiles/hardened/linux/powerpc/ppc64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/powerpc/ppc64/make.defaults b/profiles/hardened/linux/powerpc/ppc64/make.defaults new file mode 100644 index 000000000000..85d06747a1b2 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/make.defaults @@ -0,0 +1,3 @@ +# Copyright 1999-2011 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ diff --git a/profiles/hardened/linux/powerpc/ppc64/parent b/profiles/hardened/linux/powerpc/ppc64/parent new file mode 100644 index 000000000000..eb7e3e41d880 --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/parent @@ -0,0 +1,2 @@ +../../../../default/linux/powerpc/ppc64 +.. diff --git a/profiles/hardened/linux/powerpc/ppc64/use.mask b/profiles/hardened/linux/powerpc/ppc64/use.mask new file mode 100644 index 000000000000..281b8b1d0fea --- /dev/null +++ b/profiles/hardened/linux/powerpc/ppc64/use.mask @@ -0,0 +1,55 @@ +# this is a list of USE flags +# that should not be used on PPC64 +# Tom Gall <tgall@gentoo.org> manages this list +mplayer +ruby +mono + +# should be ok +jikes +junit + +guile + +# need to test libaio +aio +# needs some asm written +ocaml + +# until media-libs/portaudio is keyworded for ppc64 +portaudio + +# mask mozilla/firefox (bug #108020) +mozilla +firefox +seamonkey + +# 2006/03/20 - Donnie Berkholz <dberkholz@gentoo.org> +# Modular X: mask for architectures on which they aren't available +video_cards_apm +video_cards_ark +video_cards_cyrix +video_cards_i128 +video_cards_i740 +video_cards_intel +video_cards_neomagic +video_cards_nsc +video_cards_rendition +video_cards_siliconmotion +video_cards_sis +video_cards_tga +video_cards_tseng +video_cards_vesa +video_cards_via + +# Masked p2p for bug #155302 <josejx@gentoo.org> +p2p + +# 02 Dec 2006; Tony Vroon <chainsaw@gentoo.org> +# Keywording wpa_supplicant, but I don't have madwifi(-ng) hardware to test with, only BCM4306. +madwifi + +# USE=audit masked prior to testing on alpha, arm, hppa, ppc64, s390, sh. +# Bug #184563, 18 Sep 2007 +# Robin H. Johnson <robbat2@gentoo.org> +audit diff --git a/profiles/hardened/linux/uclibc/amd64/eapi b/profiles/hardened/linux/uclibc/amd64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/amd64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/amd64/parent b/profiles/hardened/linux/uclibc/amd64/parent new file mode 100644 index 000000000000..61f6f489dc18 --- /dev/null +++ b/profiles/hardened/linux/uclibc/amd64/parent @@ -0,0 +1,2 @@ +../../../../default/linux/uclibc/amd64 +.. diff --git a/profiles/hardened/linux/uclibc/arm/armv6j/eapi b/profiles/hardened/linux/uclibc/arm/armv6j/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/arm/armv6j/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/arm/armv6j/parent b/profiles/hardened/linux/uclibc/arm/armv6j/parent new file mode 100644 index 000000000000..05328829c80a --- /dev/null +++ b/profiles/hardened/linux/uclibc/arm/armv6j/parent @@ -0,0 +1,3 @@ +../../../../../default/linux/uclibc/arm/armv6j +.. +../.. diff --git a/profiles/hardened/linux/uclibc/arm/armv7a/eapi b/profiles/hardened/linux/uclibc/arm/armv7a/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/arm/armv7a/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/arm/armv7a/parent b/profiles/hardened/linux/uclibc/arm/armv7a/parent new file mode 100644 index 000000000000..7bea4235c084 --- /dev/null +++ b/profiles/hardened/linux/uclibc/arm/armv7a/parent @@ -0,0 +1,3 @@ +../../../../../default/linux/uclibc/arm/armv7a +.. +../.. diff --git a/profiles/hardened/linux/uclibc/arm/eapi b/profiles/hardened/linux/uclibc/arm/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/arm/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/arm/package.mask b/profiles/hardened/linux/uclibc/arm/package.mask new file mode 100644 index 000000000000..56c5f228bf93 --- /dev/null +++ b/profiles/hardened/linux/uclibc/arm/package.mask @@ -0,0 +1,9 @@ +# Copyright 1999-2015 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Anthony G. Basile <blueness@gentoo.org> (08 May 2015) +# Mask gcc 4.8 and above pending the fix of bug #518598 +=sys-devel/gcc-4.8* +=sys-devel/gcc-4.9* +=sys-devel/gcc-5.1* diff --git a/profiles/hardened/linux/uclibc/eapi b/profiles/hardened/linux/uclibc/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/make.defaults b/profiles/hardened/linux/uclibc/make.defaults new file mode 100644 index 000000000000..cb93695faa71 --- /dev/null +++ b/profiles/hardened/linux/uclibc/make.defaults @@ -0,0 +1,6 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +USE="${USE} hardened pax_kernel pic -jit -orc" +BOOTSTRAP_USE="${BOOTSTRAP_USE} hardened pax_kernel pic -jit -orc" diff --git a/profiles/hardened/linux/uclibc/mips/eapi b/profiles/hardened/linux/uclibc/mips/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/mips/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/mips/mipsel/eapi b/profiles/hardened/linux/uclibc/mips/mipsel/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/mips/mipsel/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/mips/mipsel/parent b/profiles/hardened/linux/uclibc/mips/mipsel/parent new file mode 100644 index 000000000000..27f3883747a6 --- /dev/null +++ b/profiles/hardened/linux/uclibc/mips/mipsel/parent @@ -0,0 +1,2 @@ +../../../../../default/linux/uclibc/mips/mipsel/ +../.. diff --git a/profiles/hardened/linux/uclibc/mips/parent b/profiles/hardened/linux/uclibc/mips/parent new file mode 100644 index 000000000000..323f100058b2 --- /dev/null +++ b/profiles/hardened/linux/uclibc/mips/parent @@ -0,0 +1,2 @@ +../../../../default/linux/uclibc/mips +.. diff --git a/profiles/hardened/linux/uclibc/ppc/eapi b/profiles/hardened/linux/uclibc/ppc/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/ppc/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/ppc/parent b/profiles/hardened/linux/uclibc/ppc/parent new file mode 100644 index 000000000000..3ad55647a3f7 --- /dev/null +++ b/profiles/hardened/linux/uclibc/ppc/parent @@ -0,0 +1,2 @@ +../../../../default/linux/uclibc/ppc +.. diff --git a/profiles/hardened/linux/uclibc/use.mask b/profiles/hardened/linux/uclibc/use.mask new file mode 100644 index 000000000000..ae5fc357ac88 --- /dev/null +++ b/profiles/hardened/linux/uclibc/use.mask @@ -0,0 +1,5 @@ +# Copyright 1999-2014 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +-hardened diff --git a/profiles/hardened/linux/uclibc/x86/eapi b/profiles/hardened/linux/uclibc/x86/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/uclibc/x86/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/uclibc/x86/parent b/profiles/hardened/linux/uclibc/x86/parent new file mode 100644 index 000000000000..54abcade7471 --- /dev/null +++ b/profiles/hardened/linux/uclibc/x86/parent @@ -0,0 +1,2 @@ +../../../../default/linux/uclibc/x86 +.. diff --git a/profiles/hardened/linux/use.force b/profiles/hardened/linux/use.force new file mode 100644 index 000000000000..4c9e36ad90c4 --- /dev/null +++ b/profiles/hardened/linux/use.force @@ -0,0 +1,7 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Make sure people don't accidentally turn of ssp/pie in important packages. +pie +ssp diff --git a/profiles/hardened/linux/use.mask b/profiles/hardened/linux/use.mask new file mode 100644 index 000000000000..e54f87d4b1a6 --- /dev/null +++ b/profiles/hardened/linux/use.mask @@ -0,0 +1,14 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +-hardened + +# tcc is x86-only +tcc + +# precompiled headers are not compat with ASLR. +pch + +# prelink is masked for hardened +prelink diff --git a/profiles/hardened/linux/x86/eapi b/profiles/hardened/linux/x86/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/x86/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/x86/make.defaults b/profiles/hardened/linux/x86/make.defaults new file mode 100644 index 000000000000..65bc7aab0941 --- /dev/null +++ b/profiles/hardened/linux/x86/make.defaults @@ -0,0 +1,27 @@ +# Copyright 1999-2012 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +ARCH="x86" +ACCEPT_KEYWORDS="x86" + +CHOST="i686-pc-linux-gnu" +CFLAGS="-march=i686 -O2 -pipe" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" + +USE="nptl" + +# 2006/08/18 - Donnie Berkholz <dberkholz@gentoo.org> +# Defaults for video drivers +VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 intel \ + mach64 mga nsc nv r128 radeon rendition s3 s3virge savage \ + siliconmotion sis sisusb tdfx tga trident tseng v4l vesa via vmware \ + voodoo" + +# 2006/12/21 - Andrej Kacian <ticho@gentoo.org> +# Defaults for audio drivers +ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 \ + emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m \ + maestro3 trident usb-audio via82xx via82xx-modem ymfpci" diff --git a/profiles/hardened/linux/x86/package.mask b/profiles/hardened/linux/x86/package.mask new file mode 100644 index 000000000000..a30d7fde3f41 --- /dev/null +++ b/profiles/hardened/linux/x86/package.mask @@ -0,0 +1,16 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Rick Farina <zerochaos@gentoo.org> (26 Nov 2012) +# Newer then 300.00 is patched but we still have RWX in the libs. +# We mask X for we still need to make the doc for revdep-pax else +# hell will rule. Propogating change from amd64. +# Bug 433121 +<=x11-drivers/nvidia-drivers-300.00 +#dev-util/nvidia-cuda-sdk +# Need X +media-video/nvidia-settings + +# Depends on x11-drivers/nvidia-drivers +#dev-python/pyopencl diff --git a/profiles/hardened/linux/x86/package.use.mask b/profiles/hardened/linux/x86/package.use.mask new file mode 100644 index 000000000000..a79d0885b98d --- /dev/null +++ b/profiles/hardened/linux/x86/package.use.mask @@ -0,0 +1,17 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# cyrus-sasl doesn't work w/ USE=berkdb (#192753) +dev-libs/cyrus-sasl berkdb + +# Rick Farina <zerochaos@gentoo.org> (26 Nov 2012) +# mask X and tools for we still miss the docs for revdep-pax +# else hell will rule. (RWX in the libs) +# Propogating changes from amd64. +# Bug 433121 +x11-drivers/nvidia-drivers X tools + +# Magnus Granberg <zorry@gentoo.org> (29 Nov 2012) +# Bug #444786 disable nvidia on app-admin/conky +app-admin/conky nvidia diff --git a/profiles/hardened/linux/x86/package.use.stable.mask b/profiles/hardened/linux/x86/package.use.stable.mask new file mode 100644 index 000000000000..838fddbaee70 --- /dev/null +++ b/profiles/hardened/linux/x86/package.use.stable.mask @@ -0,0 +1,11 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Tom Wijsman <TomWij@gentoo.org (16 Mar 2014) +# Mask unstable USE flags on media-video/vlc, see security bug #499806. +media-video/vlc gnutls opus vdpau + +# Tom Wijsman <TomWij@gentoo.org> (06 Feb 2014) +# [QA] Masked jit USE flag on www-apps/cgit as dev-lang/luajit is not stable. +www-apps/cgit jit
\ No newline at end of file diff --git a/profiles/hardened/linux/x86/parent b/profiles/hardened/linux/x86/parent new file mode 100644 index 000000000000..e93ab13e6839 --- /dev/null +++ b/profiles/hardened/linux/x86/parent @@ -0,0 +1,4 @@ +../../../base +../../../default/linux +../../../arch/x86 +.. diff --git a/profiles/hardened/linux/x86/selinux/eapi b/profiles/hardened/linux/x86/selinux/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/x86/selinux/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/x86/selinux/parent b/profiles/hardened/linux/x86/selinux/parent new file mode 100644 index 000000000000..e5c7cefb6826 --- /dev/null +++ b/profiles/hardened/linux/x86/selinux/parent @@ -0,0 +1,2 @@ +.. +../../../../features/selinux diff --git a/profiles/hardened/linux/x86/use.mask b/profiles/hardened/linux/x86/use.mask new file mode 100644 index 000000000000..575dcb064716 --- /dev/null +++ b/profiles/hardened/linux/x86/use.mask @@ -0,0 +1,11 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +# Rick Farina <zerochaos@gentoo.org> 26 Nov 2012 +video_cards_nvidia +# removing mask on nvidia use flag as it is used by monitoring tools +# which may be desireable for cuda users +#nvidia +# adjusting use flag mask as nvidia-drivers are usable for cuda at least +#cuda |