Archives
Archives
| From: | "Chris Gianelloni (wolf31o2)" <wolf31o2@g.o> |
|---|---|
| To: | gentoo-commits@l.g.o |
| Subject: | [gentoo-commits] gentoo-x86 commit in profiles/hardened/linux: make.defaults package.mask package.use.mask parent use.mask virtuals |
| Date: | Tue, 01 Apr 2008 17:47:34 |
| Message-Id: | E1JgkTu-0004Iw-Va@stork.gentoo.org |
| 1 | wolf31o2 08/04/01 17:41:10 |
| 2 | |
| 3 | Added: make.defaults package.mask package.use.mask parent |
| 4 | use.mask virtuals |
| 5 | Log: |
| 6 | Huge initial 2008.0 profile commit. This will need to be adjusted synced with the current masks and such in the tree, but this will work for people doing beta installs. Enjoy. |
| 7 | |
| 8 | Revision Changes Path |
| 9 | 1.1 profiles/hardened/linux/make.defaults |
| 10 | |
| 11 | file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/hardened/linux/make.defaults?rev=1.1&view=markup |
| 12 | plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/hardened/linux/make.defaults?rev=1.1&content-type=text/plain |
| 13 | |
| 14 | Index: make.defaults |
| 15 | =================================================================== |
| 16 | # Copyright 1999-2008 Gentoo Foundation |
| 17 | # Distributed under the terms of the GNU General Public License v2 |
| 18 | # $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/make.defaults,v 1.1 2008/04/01 17:41:10 wolf31o2 Exp $ |
| 19 | |
| 20 | STAGE1_USE="hardened nptl nptlonly pic" |
| 21 | |
| 22 | USE="hardened pic urandom -fortran -iconv" |
| 23 | |
| 24 | |
| 25 | |
| 26 | 1.1 profiles/hardened/linux/package.mask |
| 27 | |
| 28 | file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/hardened/linux/package.mask?rev=1.1&view=markup |
| 29 | plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/hardened/linux/package.mask?rev=1.1&content-type=text/plain |
| 30 | |
| 31 | Index: package.mask |
| 32 | =================================================================== |
| 33 | # Copyright 2007 Gentoo Foundation. |
| 34 | # Distributed under the terms of the GNU General Public License v2 |
| 35 | # $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/package.mask,v 1.1 2008/04/01 17:41:10 wolf31o2 Exp $ |
| 36 | |
| 37 | # >=acml-3.6 depends on gcc-4* |
| 38 | >=sci-libs/acml-3.6 |
| 39 | |
| 40 | # Fails on hardened, bug 187120 |
| 41 | =dev-lang/php-5.2.3-r3 |
| 42 | |
| 43 | # The following packages need =gcc-4* |
| 44 | =net-im/skype-1.4.0* |
| 45 | |
| 46 | # gcc-4* still isn't ready. |
| 47 | =sys-devel/gcc-4* |
| 48 | |
| 49 | # Mask off glibc-2.4 until the approach for SSP compatibilty is |
| 50 | # resolved in a way that doesn't break running systems, and we |
| 51 | # have a sensible upgrade path. Advise having a static busybox |
| 52 | # around if you try it in a live system. |
| 53 | # 2006-03-13 kevquinn |
| 54 | =sys-libs/glibc-2.4* |
| 55 | |
| 56 | # These packages do more harm than good w/ hardened. |
| 57 | # users must now the opensource xorg nv driver with nvidia cards. |
| 58 | # By placing Driver "nv" in xorg.conf |
| 59 | # 2006-06-29 solar |
| 60 | x11-drivers/nvidia-drivers |
| 61 | media-video/nvidia-settings |
| 62 | |
| 63 | # Shouldn't be merging these SELinux packages on this profile |
| 64 | # but this keeps repoman happy since they require >=glibc-2.4 |
| 65 | # 20061009 pebenito |
| 66 | >=sys-libs/libselinux-1.30.29 |
| 67 | >=sys-libs/libsemanage-1.6.17 |
| 68 | >=sys-apps/policycoreutils-1.30.30 |
| 69 | >=sys-apps/checkpolicy-1.30.12 |
| 70 | sec-policy/selinux-acpi |
| 71 | >=sec-policy/selinux-apache-20060101 |
| 72 | >=sec-policy/selinux-arpwatch-20060101 |
| 73 | >=sec-policy/selinux-asterisk-20060101 |
| 74 | >=sec-policy/selinux-audio-entropyd-20060101 |
| 75 | sec-policy/selinux-avahi |
| 76 | >=sec-policy/selinux-base-policy-20060101 |
| 77 | >=sec-policy/selinux-bind-20060101 |
| 78 | sec-policy/selinux-bluez |
| 79 | >=sec-policy/selinux-clamav-20060101 |
| 80 | >=sec-policy/selinux-clockspeed-20060101 |
| 81 | >=sec-policy/selinux-courier-imap-20060101 |
| 82 | sec-policy/selinux-cups |
| 83 | >=sec-policy/selinux-cyrus-sasl-20060101 |
| 84 | >=sec-policy/selinux-daemontools-20060101 |
| 85 | >=sec-policy/selinux-dante-20060101 |
| 86 | sec-policy/selinux-dbus |
| 87 | sec-policy/selinux-desktop |
| 88 | >=sec-policy/selinux-dhcp-20060101 |
| 89 | >=sec-policy/selinux-distcc-20060101 |
| 90 | >=sec-policy/selinux-djbdns-20060101 |
| 91 | sec-policy/selinux-dnsmasq |
| 92 | >=sec-policy/selinux-ftpd-20060101 |
| 93 | sec-policy/selinux-games |
| 94 | >=sec-policy/selinux-gnupg-20060101 |
| 95 | >=sec-policy/selinux-gpm-20060101 |
| 96 | sec-policy/selinux-hal |
| 97 | sec-policy/selinux-inetd |
| 98 | >=sec-policy/selinux-ipsec-tools-20060101 |
| 99 | >=sec-policy/selinux-jabber-server-20060101 |
| 100 | >=sec-policy/selinux-kerberos-20060101 |
| 101 | >=sec-policy/selinux-logrotate-20060101 |
| 102 | sec-policy/selinux-lpd |
| 103 | >=sec-policy/selinux-lvm-20060101 |
| 104 | >=sec-policy/selinux-mdadm-20060101 |
| 105 | sec-policy/selinux-munin |
| 106 | >=sec-policy/selinux-mysql-20060101 |
| 107 | >=sec-policy/selinux-nfs-20060101 |
| 108 | >=sec-policy/selinux-ntop-20060101 |
| 109 | >=sec-policy/selinux-ntp-20060101 |
| 110 | >=sec-policy/selinux-openldap-20060101 |
| 111 | >=sec-policy/selinux-openvpn-20060101 |
| 112 | sec-policy/selinux-pcmcia |
| 113 | >=sec-policy/selinux-portmap-20060101 |
| 114 | >=sec-policy/selinux-postfix-20060101 |
| 115 | >=sec-policy/selinux-postgresql-20060101 |
| 116 | sec-policy/selinux-ppp |
| 117 | >=sec-policy/selinux-privoxy-20060101 |
| 118 | >=sec-policy/selinux-procmail-20060101 |
| 119 | >=sec-policy/selinux-publicfile-20060101 |
| 120 | sec-policy/selinux-pyzor |
| 121 | >=sec-policy/selinux-qmail-20060101 |
| 122 | sec-policy/selinux-razor |
| 123 | >=sec-policy/selinux-samba-20060101 |
| 124 | >=sec-policy/selinux-screen-20060101 |
| 125 | >=sec-policy/selinux-snmpd-20060101 |
| 126 | >=sec-policy/selinux-snort-20060101 |
| 127 | >=sec-policy/selinux-spamassassin-20060101 |
| 128 | >=sec-policy/selinux-squid-20060101 |
| 129 | >=sec-policy/selinux-stunnel-20060101 |
| 130 | >=sec-policy/selinux-sudo-20060101 |
| 131 | sec-policy/selinux-tcpd |
| 132 | >=sec-policy/selinux-tftpd-20060101 |
| 133 | >=sec-policy/selinux-ucspi-tcp-20060101 |
| 134 | >=sec-policy/selinux-wireshark-20060101 |
| 135 | |
| 136 | |
| 137 | |
| 138 | 1.1 profiles/hardened/linux/package.use.mask |
| 139 | |
| 140 | file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/hardened/linux/package.use.mask?rev=1.1&view=markup |
| 141 | plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/hardened/linux/package.use.mask?rev=1.1&content-type=text/plain |
| 142 | |
| 143 | Index: package.use.mask |
| 144 | =================================================================== |
| 145 | # Note that this requires portage-2.1.1+ so if you need this functionality, |
| 146 | # make sure your package forces a new-enough portage. |
| 147 | |
| 148 | sys-devel/gcc -hardened |
| 149 | www-apps/mediawiki math |
| 150 | |
| 151 | # Michael Sterrett <mr_bones_@g.o> (30 Aug 2007) |
| 152 | # Security bug #190835 |
| 153 | games-fps/doom-data doomsday |
| 154 | games-fps/freedoom doomsday |
| 155 | |
| 156 | |
| 157 | |
| 158 | 1.1 profiles/hardened/linux/parent |
| 159 | |
| 160 | file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/hardened/linux/parent?rev=1.1&view=markup |
| 161 | plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/hardened/linux/parent?rev=1.1&content-type=text/plain |
| 162 | |
| 163 | Index: parent |
| 164 | =================================================================== |
| 165 | ../../default/linux |
| 166 | |
| 167 | |
| 168 | |
| 169 | 1.1 profiles/hardened/linux/use.mask |
| 170 | |
| 171 | file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/hardened/linux/use.mask?rev=1.1&view=markup |
| 172 | plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/hardened/linux/use.mask?rev=1.1&content-type=text/plain |
| 173 | |
| 174 | Index: use.mask |
| 175 | =================================================================== |
| 176 | # Copyright 1999-2004 Gentoo Foundation. |
| 177 | # Distributed under the terms of the GNU General Public License v2 |
| 178 | # $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/use.mask,v 1.1 2008/04/01 17:41:10 wolf31o2 Exp $ |
| 179 | |
| 180 | emul-linux-x86 |
| 181 | |
| 182 | x264 |
| 183 | |
| 184 | # lvm2 clustered use flags (moved from default-linux) |
| 185 | clvm |
| 186 | gulm |
| 187 | cman |
| 188 | |
| 189 | # tcc is x86-only |
| 190 | tcc |
| 191 | |
| 192 | # precompiled headers are not compat with ASLR. |
| 193 | pch |
| 194 | |
| 195 | # we love this stuff |
| 196 | -hardened |
| 197 | |
| 198 | |
| 199 | |
| 200 | 1.1 profiles/hardened/linux/virtuals |
| 201 | |
| 202 | file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/hardened/linux/virtuals?rev=1.1&view=markup |
| 203 | plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/profiles/hardened/linux/virtuals?rev=1.1&content-type=text/plain |
| 204 | |
| 205 | Index: virtuals |
| 206 | =================================================================== |
| 207 | # Copyright 1999-2005 Gentoo Foundation. |
| 208 | # Distributed under the terms of the GNU General Public License v2 |
| 209 | # $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/virtuals,v 1.1 2008/04/01 17:41:10 wolf31o2 Exp $ |
| 210 | |
| 211 | virtual/alsa sys-kernel/hardened-sources |
| 212 | virtual/linux-sources sys-kernel/hardened-sources |
| 213 | |
| 214 | |
| 215 | |
| 216 | -- |
| 217 | gentoo-commits@l.g.o mailing list |