initial commit of cascading hardened-x86-64 profile

author: Ned Ludd <solar@gentoo.org> 2004-08-05 18:51:07 +0000
committer: Ned Ludd <solar@gentoo.org> 2004-08-05 18:51:07 +0000
commit: 37082bd89ef9a4af46ec96d10eb0c8efd321fff3 (patch)
tree: 50d1945dc4f43e39ae0581367916cc23e4765ce7 /profiles
parent: Stable on hppa. (Manifest recommit) (diff)
download: gentoo-2-37082bd89ef9a4af46ec96d10eb0c8efd321fff3.tar.gz
gentoo-2-37082bd89ef9a4af46ec96d10eb0c8efd321fff3.tar.bz2
gentoo-2-37082bd89ef9a4af46ec96d10eb0c8efd321fff3.zip
7 files changed, 286 insertions, 0 deletions
diff --git a/profiles/hardened/amd64/make.defaults b/profiles/hardened/amd64/make.defaults
new file mode 100644
index 000000000000..362c619150e9
--- /dev/null
+++ b/profiles/hardened/amd64/make.defaults
@@ -0,0 +1,8 @@
+# Copyright 1999-2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/amd64/make.defaults,v 1.1 2004/08/05 18:51:07 solar Exp $
+
+ARCH="amd64"
+ACCEPT_KEYWORDS="${ARCH}"
+GRP_STAGE23_USE="${ARCH} berkdb crypt readline ssl tcpd zlib pam pic pie hardened nls"
+USE="${ARCH} hardened berkdb crypt readline ssl tcpd zlib pam pic pie hardened nls"
diff --git a/profiles/hardened/amd64/packages b/profiles/hardened/amd64/packages
new file mode 100644
index 000000000000..6f4af8aa8c6c
--- /dev/null
+++ b/profiles/hardened/amd64/packages
@@ -0,0 +1,70 @@
+>dev-lang/gpc-2.1
+*>=sys-apps/baselayout-1.8.6.13
+*>=sys-apps/portage-2.0.50
+*>=sys-devel/binutils-2.14.90.0.8-r1
+*>=sys-devel/gcc-3.3.3
+*>=sys-libs/glibc-2.3.3_pre20040420-r1
+*virtual/modutils
+>=sys-apps/sysklogd-1.4.1
+*dev-lang/python
+
+>=x11-base/xfree-4.1.0-r12
+# sash - static shell for system recovery
+*app-shells/sash
+*sys-apps/paxctl
+*dev-lang/perl
+*virtual/editor
+*net-misc/dhcpcd
+*net-misc/iputils
+*net-misc/rsync
+*net-misc/wget
+*app-shells/bash
+*app-arch/bzip2
+*sys-apps/kbd
+*app-arch/cpio
+*sys-apps/debianutils
+*sys-apps/diffutils
+*sys-fs/e2fsprogs
+*sys-apps/ed
+*sys-apps/file
+*sys-apps/findutils
+*sys-apps/slocate
+*sys-apps/gawk
+*sys-apps/grep
+*sys-apps/groff
+*app-arch/gzip
+*sys-apps/hdparm
+*sys-apps/less
+*sys-apps/man
+*sys-apps/man-pages
+*sys-apps/net-tools
+*sys-apps/procps
+*sys-apps/psmisc
+*sys-apps/sed
+*sys-apps/setserial
+*<sys-apps/shadow-5
+*sys-apps/pam-login
+*app-arch/tar
+*>=sys-apps/texinfo-4.2-r1
+*sys-apps/coreutils
+*sys-apps/util-linux
+*sys-apps/which
+*sys-devel/autoconf
+*>=sys-devel/automake-1.6.1-r5
+*sys-devel/bc
+*sys-devel/bison
+*sys-devel/flex
+*>=sys-devel/libtool-1.4.1-r4
+*sys-devel/m4
+*sys-devel/make
+*sys-devel/patch
+*sys-libs/cracklib  
+*sys-libs/db
+*>=sys-libs/ncurses-5.2.20020112a
+*>=sys-libs/pam-0.75-r9
+*sys-libs/pwdb      
+*sys-libs/readline  
+*sys-libs/zlib
+*net-misc/openssh
+*sys-fs/devfsd
+*sys-apps/linux32
diff --git a/profiles/hardened/amd64/packages.build b/profiles/hardened/amd64/packages.build
new file mode 100644
index 000000000000..76f3abc1223d
--- /dev/null
+++ b/profiles/hardened/amd64/packages.build
@@ -0,0 +1,31 @@
+app-arch/bzip2
+app-arch/gzip
+app-arch/tar
+app-editors/nano
+app-shells/bash
+dev-lang/python
+net-misc/rsync
+net-misc/wget
+sys-apps/baselayout
+sys-apps/coreutils
+sys-apps/debianutils
+sys-apps/diffutils
+sys-apps/file
+sys-apps/fileutils
+sys-apps/findutils
+sys-apps/gawk
+sys-apps/grep
+sys-apps/less
+sys-apps/net-tools
+sys-apps/portage
+sys-apps/sed
+sys-apps/texinfo
+sys-apps/textutils
+sys-devel/binutils
+sys-devel/bison
+sys-devel/flex
+sys-devel/gcc
+sys-devel/gettext
+sys-devel/make
+sys-devel/patch
+sys-libs/glibc
diff --git a/profiles/hardened/amd64/parent b/profiles/hardened/amd64/parent
new file mode 100644
index 000000000000..bc5c280c07cb
--- /dev/null
+++ b/profiles/hardened/amd64/parent
@@ -0,0 +1,5 @@
+# Copyright 1999-2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/amd64/parent,v 1.1 2004/08/05 18:51:07 solar Exp $
+
+..
diff --git a/profiles/hardened/amd64/use.defaults b/profiles/hardened/amd64/use.defaults
new file mode 100644
index 000000000000..6c0db4f92f9f
--- /dev/null
+++ b/profiles/hardened/amd64/use.defaults
@@ -0,0 +1,56 @@
+#gif
+#mmx
+#3dnow
+#odbc
+#fbcon		
+#oss
+#libg++
+#objprelink
+#nls
+#mitshm
+#sse
+#xinerama
+directfb	dev-libs/DirectFB
+ungif		media-libs/ungif
+gtkhtml		gnome-extra/gtkhtml
+alsa		media-libs/alsa-lib
+gdbm		sys-libs/gdbm
+berkdb		sys-libs/db
+slang		sys-libs/slang
+readline	sys-libs/readline
+arts		kde-base/arts
+tetex		app-text/tetex
+aalib		media-libs/aalib	
+nas		media-libs/nas
+bonobo		gnome-base/bonobo
+ggi		media-libs/libggi
+tcltk		dev-lang/tcl dev-lang/tk
+# java		virtual/jre
+guile		dev-util/guile
+ruby		dev-lang/ruby
+mysql		dev-db/mysql
+postgres	dev-db/postgresql
+X		x11-base/xfree
+sdl		media-libs/libsdl
+gpm		sys-libs/gpm
+tcpd		sys-apps/tcp-wrappers
+pam		sys-libs/pam
+libwww		net-libs/libwww
+ssl		dev-libs/openssl
+perl		dev-lang/perl
+python		dev-lang/python
+esd		media-sound/esound
+imlib		media-libs/imlib
+oggvorbis	media-libs/libvorbis
+gnome		gnome-base/gnome
+gtk		x11-libs/gtk+
+qt		x11-libs/qt
+kde		kde-base/kdebase
+motif		x11-libs/openmotif
+opengl		virtual/opengl
+mozilla		net-www/mozilla
+gphoto2		media-gfx/gphoto2
+ldap		net-nds/openldap
+snmp		net-analyzer/ucd-snmp
+cdr		app-cdr/cdrtools
+scanner		media-gfx/sane-backends
diff --git a/profiles/hardened/amd64/use.mask b/profiles/hardened/amd64/use.mask
new file mode 100644
index 000000000000..df86d09ef2fc
--- /dev/null
+++ b/profiles/hardened/amd64/use.mask
@@ -0,0 +1,53 @@
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/amd64/use.mask,v 1.1 2004/08/05 18:51:07 solar Exp $
+
+# Anything that relies on vm86.h will not built on amd64
+# SVGAlib doesnt build
+svga
+
+# Too many packages assume that mmx/sse/sse2/3dnow are 86-32 only things to
+# make them useful on amd64. Anyway, all amd64 cpus have them, so they should
+# not be many flag dependant in this case
+mmx
+#sse
+#sse2
+3dnow
+
+# x86 binary only for now
+icc
+
+# Firebird doesnt build on amd64
+firebird
+
+# Chris PeBenito <pebenito@gentoo.org>
+# must use a SELinux profile
+selinux
+
+# x86 binary only, used by php
+fdftk
+uclibc
+
+# altivec is a ppc instruction set.
+altivec
+
+ifc
+
+# see email to gentoo-dev with subject "use.mask and PHP5's crazy IUSE"
+# Dated Sat, 31 Jul 2004 14:49:28 -0700, from robbat2@gentoo.org
+# all of these are binary-only, and not presently available on this
+# architecture.
+adabas
+birdstep
+cpdflib
+dbmaker
+empress
+empress-bcs
+esoob
+filepro
+frontbase
+hyperwave
+informix
+ingres
+pfpro
+solid
+sybase
+sybase-ct
diff --git a/profiles/hardened/amd64/virtuals b/profiles/hardened/amd64/virtuals
new file mode 100644
index 000000000000..8511e4aa19fa
--- /dev/null
+++ b/profiles/hardened/amd64/virtuals
@@ -0,0 +1,63 @@
+sys-apps/sh-utils	sys-apps/coreutils
+sys-apps/textutils	sys-apps/coreutils
+sys-apps/fileutils	sys-apps/coreutils
+virtual/os-headers	sys-kernel/linux-headers
+virtual/lpr             net-print/cups
+virtual/python          dev-lang/python
+virtual/mta             mail-mta/ssmtp
+virtual/alsa            sys-kernel/hardened-dev-sources
+virtual/kernel          sys-kernel/linux-headers
+virtual/linux-sources   sys-kernel/hardened-dev-sources
+virtual/glibc           sys-libs/glibc
+virtual/libc           sys-libs/glibc
+virtual/x11             x11-base/xorg-x11
+virtual/opengl          x11-base/xorg-x11
+virtual/glu             x11-base/xorg-x11
+virtual/glut            media-libs/glut
+virtual/imapUW          net-mail/uw-imap
+x11-libs/xaw            x11-libs/Xaw3d
+virtual/jdk             dev-java/blackdown-jdk
+virtual/jre             dev-java/blackdown-jre
+virtual/imapd           net-mail/courier-imap
+virtual/blackbox        x11-wm/blackbox
+virtual/emacs           app-editors/emacs
+virtual/cron            sys-apps/dcron
+sys-apps/reiserfs-utils sys-fs/reiserfsprogs
+virtual/xemacs          app-editors/xemacs
+virtual/sylpheed        mail-client/sylpheed
+virtual/php             dev-php/mod_php
+virtual/textbrowser	net-www/links
+virtual/mda		mail-filter/procmail
+virtual/xft		x11-base/xorg-x11
+virtual/krb5		app-crypt/mit-krb5
+virtual/bootloader	sys-boot/grub-static
+virtual/editor		app-editors/nano
+virtual/jack		media-sound/jack-audio-connection-kit
+virtual/quicktime	media-libs/libquicktime
+virtual/os-headers	sys-kernel/linux-headers
+virtual/ghc             dev-lang/ghc-bin
+#sys-apps/modutils	sys-apps/module-init-tools
+virtual/modutils	sys-apps/module-init-tools
+virtual/inetd		sys-apps/xinetd
+virtual/antivirus	app-antivirus/clamav
+virtual/aspell-dict	app-dicts/aspell-en
+virtual/skkserv		app-i18n/skkserv
+virtual/snmp		net-analyzer/net-snmp
+virtual/winkernel	sys-kernel/win4lin-sources
+virtual/flim		app-emacs/flim
+virtual/semi		app-emacs/semi
+virtual/tetex		app-text/tetex
+virtual/bittorrent	net-p2p/bittorrent
+virtual/logger		app-admin/sysklogd
+virtual/tftp		net-misc/tftp-hpa
+virtual/gzip		app-arch/gzip
+virtual/ghostscript	app-text/ghostscript
+virtual/w3m		net-www/w3m
+virtual/imap-c-client	net-libs/c-client
+virtual/mpg123		media-sound/mpg123
+virtual/cdrtools        app-cdr/cdrtools
+virtual/dhcpc		net-misc/dhcpcd
+virtual/ssh		net-misc/openssh
+virtual/ruby		dev-lang/ruby
+virtual/gsasl		net-libs/libgsasl
+virtual/mailx		mail-client/mailx
author	Ned Ludd <solar@gentoo.org>	2004-08-05 18:51:07 +0000
committer	Ned Ludd <solar@gentoo.org>	2004-08-05 18:51:07 +0000
commit	37082bd89ef9a4af46ec96d10eb0c8efd321fff3 (patch)
tree	50d1945dc4f43e39ae0581367916cc23e4765ce7 /profiles
parent	Stable on hppa. (Manifest recommit) (diff)
download	gentoo-2-37082bd89ef9a4af46ec96d10eb0c8efd321fff3.tar.gz gentoo-2-37082bd89ef9a4af46ec96d10eb0c8efd321fff3.tar.bz2 gentoo-2-37082bd89ef9a4af46ec96d10eb0c8efd321fff3.zip