diff options
Diffstat (limited to 'profiles/hardened/linux/amd64')
21 files changed, 330 insertions, 0 deletions
diff --git a/profiles/hardened/linux/amd64/eapi b/profiles/hardened/linux/amd64/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/make.defaults b/profiles/hardened/linux/amd64/make.defaults new file mode 100644 index 000000000000..acb6734fd7e6 --- /dev/null +++ b/profiles/hardened/linux/amd64/make.defaults @@ -0,0 +1,9 @@ +# Copyright 1999-2012 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +USE="justify -pic" + +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" +FFLAGS="${CFLAGS}" +FCFLAGS="${CFLAGS}" diff --git a/profiles/hardened/linux/amd64/no-multilib/eapi b/profiles/hardened/linux/amd64/no-multilib/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/no-multilib/make.defaults b/profiles/hardened/linux/amd64/no-multilib/make.defaults new file mode 100644 index 000000000000..58039871f368 --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/make.defaults @@ -0,0 +1,14 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# We don't need to have pic on +USE="-pic" + +ARCH="amd64" +ACCEPT_KEYWORDS="${ARCH}" + +MULTILIB_ABIS="amd64" + +# Mirror profile/amd64/no-multilib/make.defaults +USE_EXPAND_HIDDEN="ABI_X86" + diff --git a/profiles/hardened/linux/amd64/no-multilib/package.mask b/profiles/hardened/linux/amd64/no-multilib/package.mask new file mode 100644 index 000000000000..342edcab5438 --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/package.mask @@ -0,0 +1,161 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# These are broken as reported by Halcy0n, Aug, 23, 2011 +net-misc/teamviewer +dev-lang/rebol-bin + +games-action/brutal-legend +games-action/hotline-miami +games-action/trine2 +games-action/swordandsworcery +games-action/beathazardultra +games-action/solar2 +games-arcade/dynamitejack +games-kids/crayon-physics +games-misc/katawa-shoujo +games-misc/papers-please +games-rpg/dungeon-defenders +games-rpg/bastion +games-rpg/wasteland2 + +# Mirror profile/amd64/no-multilib/package.mask +app-accessibility/mbrola +app-accessibility/perlbox-voice +app-arch/stuffit +app-benchmarks/cpuburn +=app-editors/emacs-18* +app-emulation/crossover-bin +app-emulation/genymotion-bin +app-emulation/playonlinux +app-emulation/q4wine +>=app-i18n/atokx3-3.0.0 +app-office/ooextras +app-emulation/winetricks +app-text/acroread +dev-embedded/libftd2xx +dev-embedded/openocd +dev-lang/icc +dev-lang/idb +dev-lang/ifc +dev-perl/Archive-Rar +dev-python/skype4py +dev-util/android-sdk-update-manager +dev-util/android-studio +dev-util/biew +games-action/cs2d +games-action/descent3 +games-action/descent3-demo +games-action/heretic2 +games-action/heretic2-demo +games-action/intrusion2 +games-action/lugaru +games-action/mutantstorm-demo +games-action/phobiaii +games-action/rune +games-action/shadowgrounds-bin +games-action/shadowgrounds-survivor-bin +games-action/spacetripper-demo +games-arcade/aquaria +games-arcade/barbarian-bin +games-arcade/jardinains +games-arcade/gish-demo +games-arcade/thinktanks-demo +games-emulation/caps +games-emulation/nestra +games-emulation/pcsx2 +games-emulation/zinc +games-emulation/zsnes +games-fps/avp +games-fps/doom3-cdoom +games-fps/doom3-chextrek +games-fps/doom3-data +games-fps/doom3-demo +games-fps/doom3-ducttape +games-fps/doom3-eventhorizon +games-fps/doom3-hellcampaign +games-fps/doom3-inhell +games-fps/doom3-lms +games-fps/doom3-mitm +games-fps/doom3-roe +games-fps/doom3 +games-fps/enemy-territory-etpro +games-fps/enemy-territory-omnibot +games-fps/enemy-territory-truecombat +games-fps/enemy-territory +games-fps/etqw-bin +games-fps/etqw-data +games-fps/etqw-demo +games-fps/glxquake-bin +games-fps/legends +games-fps/postal2 +games-fps/postal2mp-demo +games-fps/quake3-bin +games-fps/quake3-demo +games-fps/quake3-ra3 +games-fps/quake4-bin +games-fps/quake4-data +games-fps/quake4-demo +games-fps/rtcw +games-fps/rtcwmp-demo +games-fps/rtcwsp-demo +games-fps/sauerbraten +games-fps/serious-sam-tfe +games-fps/serious-sam-tse +games-fps/soldieroffortune +games-fps/soldieroffortune-demo +games-fps/unreal-tournament +games-fps/ut2003 +games-fps/ut2003-demo +games-fps/ut2004-demo +games-misc/little-inferno +games-puzzle/hoh-bin +games-roguelike/adom +<games-roguelike/dwarf-fortress-0.43.0 +games-rpg/baldurs-gate-ee +games-rpg/dear-esther +games-rpg/eschalon-book-1-demo +games-rpg/nwmouse +games-rpg/nwmovies +games-rpg/nwn +games-rpg/nwn-cep +games-rpg/nwn-data +games-rpg/nwn-penultima +games-rpg/nwn-penultimarerolled +games-rpg/nwn-shadowlordsdreamcatcherdemon +games-server/etqw-ded +games-server/nwn-ded +games-server/ut2003-ded +games-simulation/bcs-demo +games-strategy/darwinia +games-strategy/darwinia-demo +games-strategy/defcon-demo +games-strategy/dominions2 +games-strategy/heroes3 +games-strategy/heroes3-demo +games-strategy/majesty-demo +games-strategy/smac +games-strategy/spaz +media-fonts/acroread-asianfonts +media-sound/aucdtect +media-sound/skype-call-recorder +media-sound/ventrilo-server-bin +media-video/binkplayer +media-video/tsmuxer +net-im/skype +net-im/skypetab-ng +net-misc/icaclient +net-misc/ps3mediaserver +net-print/cndrvcups-common-lb +net-print/cndrvcups-lb +sci-biology/foldingathome +sci-electronics/eagle +sci-chemistry/cara-bin +sci-chemistry/cyana +sci-chemistry/mars +sci-chemistry/xdsgui +sci-chemistry/xdsstat-bin +sci-libs/ipp +sys-libs/lib-compat-loki +www-plugins/nspluginwrapper +<sys-boot/grub-1.99 diff --git a/profiles/hardened/linux/amd64/no-multilib/package.use.mask b/profiles/hardened/linux/amd64/no-multilib/package.use.mask new file mode 100644 index 000000000000..16c2f111c7e0 --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/package.use.mask @@ -0,0 +1,19 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Mirror profile/amd64/no-multilib/package.use.mask + +# Yixun Lan <dlan@gentoo.org> (12 Jul 2017) +# GLEP 73 Immutability, USE=ovmf requires hvm +app-emulation/xen-tools ovmf + +# Mike Frysinger <vapier@gentoo.org> (12 Aug 2016) +# Requires sys-boot/grub:0 which is masked here. +sys-apps/memtest86+ floppy + +# Alexandre Rostovtsev <tetromino@gentoo.org> (24 Jun 2012) +# Disable 32-bit parts of wine, bug #351436 +app-emulation/wine mono + +# Intel Integrated Primitive (sci-libs/ipp) support +media-libs/opencv ipp diff --git a/profiles/hardened/linux/amd64/no-multilib/parent b/profiles/hardened/linux/amd64/no-multilib/parent new file mode 100644 index 000000000000..9bf59c55e35a --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/parent @@ -0,0 +1,2 @@ +.. +../../../../arch/amd64/no-multilib diff --git a/profiles/hardened/linux/amd64/no-multilib/selinux/eapi b/profiles/hardened/linux/amd64/no-multilib/selinux/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/selinux/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/no-multilib/selinux/parent b/profiles/hardened/linux/amd64/no-multilib/selinux/parent new file mode 100644 index 000000000000..933e67923d1a --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/selinux/parent @@ -0,0 +1,2 @@ +.. +../../../../../features/selinux diff --git a/profiles/hardened/linux/amd64/no-multilib/use.mask b/profiles/hardened/linux/amd64/no-multilib/use.mask new file mode 100644 index 000000000000..58ee5df13b40 --- /dev/null +++ b/profiles/hardened/linux/amd64/no-multilib/use.mask @@ -0,0 +1,23 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Mask the multilib flags back for non-multilib profile. +abi_x86_32 + +# Mirror profile/amd64/no-multilib/use.mask + +# 2007/08/29 Christoph Mende <angelos@gentoo.org> +# app-accessibility/mbrola is x86 only +mbrola + +# 2007/08/24 Michael Marineau <marineam@gentoo.org> +# Xen HVM support requires building 32-bit binaries. +hvm + +# 2008/02/13 - Chris Gianelloni <wolf31o2@gentoo.org> +# Mask multilib, since we cannot use it. +multilib + +# 2009/05/11 Doug Goldstein <cardoe@gentoo.org> +# Mask 32bit since this will always require emulation packages +32bit diff --git a/profiles/hardened/linux/amd64/package.mask b/profiles/hardened/linux/amd64/package.mask new file mode 100644 index 000000000000..d7b99467153b --- /dev/null +++ b/profiles/hardened/linux/amd64/package.mask @@ -0,0 +1,24 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Magnus Granberg <zorry@gentoo.org> (20 Nov 2012) +# Newer then 300.00 is patched but we still have RWX in the libs. +# We mask X for we still need to make the doc for revdep-pax else +# hell will rule. +# Bug 433121 +<=x11-drivers/nvidia-drivers-300.00 +#dev-util/nvidia-cuda-sdk +# Need X +media-video/nvidia-settings + +# Depends on x11-drivers/nvidia-drivers +#dev-python/pyopencl + +# Cernlib has address space issues on amd64 and package is no +# longer supported by upstream. Thus masking it and its reverse +# dependencies. +# See bug 426764. +sci-physics/cernlib +sci-physics/cernlib-montecarlo +sci-physics/geant:3 +sci-physics/paw diff --git a/profiles/hardened/linux/amd64/package.use b/profiles/hardened/linux/amd64/package.use new file mode 100644 index 000000000000..0cef7f8d1d92 --- /dev/null +++ b/profiles/hardened/linux/amd64/package.use @@ -0,0 +1,12 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015) +# We need to have the pic flag on. +# Bugs 490276, 513464, 523736 and 512208. +media-libs/x264 pic +media-video/ffmpeg pic +media-video/libav pic +>=media-libs/mesa-10.1.6 pic +media-libs/libpostproc pic +>=media-libs/xvid-1.3.3 pic diff --git a/profiles/hardened/linux/amd64/package.use.force b/profiles/hardened/linux/amd64/package.use.force new file mode 100644 index 000000000000..ef833f2d1b51 --- /dev/null +++ b/profiles/hardened/linux/amd64/package.use.force @@ -0,0 +1,7 @@ +# Copyright 1999-2015 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015) +# We need to have the pic flag on. +# Bugs 358929 +app-emulation/open-vm-tools pic diff --git a/profiles/hardened/linux/amd64/package.use.mask b/profiles/hardened/linux/amd64/package.use.mask new file mode 100644 index 000000000000..adf1cdc24117 --- /dev/null +++ b/profiles/hardened/linux/amd64/package.use.mask @@ -0,0 +1,29 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# When you add an entry to the top of this file, add your name, the date, and +# an explanation of why something is getting masked. Please be extremely +# careful not to commit atoms that are not valid, as it can cause large-scale +# breakage, especially if it ends up in the daily snapshot. +# +## Example: +## +## # Dev E. Loper <developer@gentoo.org> (28 Jun 2012) +## # Masking foo USE flag until we can get the +## # foo stuff to work properly again (bug 12345) +## =media-video/mplayer-0.90_pre5 foo +## =media-video/mplayer-0.90_pre5-r1 foo + +# Magnus Granberg <zorry@gentoo.org> (30 sep 2016) +# This target support VTV #547040. +>=sys-devel/gcc-4.9 -vtv + +# Magnus Granberg <zorry@gentoo.org> (29 Nov 2012) +# Bug #444786 disable nvidia on app-admin/conky +app-admin/conky nvidia + +# Cernlib has address space issues on amd64 and package is no +# longer supported by upstream. Thus masking it and its reverse +# dependencies. +# See bugs 426764, 556612. +=sci-physics/geant-4.9.4* geant3 diff --git a/profiles/hardened/linux/amd64/parent b/profiles/hardened/linux/amd64/parent new file mode 100644 index 000000000000..f2e50ba2cf4e --- /dev/null +++ b/profiles/hardened/linux/amd64/parent @@ -0,0 +1,4 @@ +../../../base +../../../default/linux +../../../arch/amd64 +.. diff --git a/profiles/hardened/linux/amd64/selinux/eapi b/profiles/hardened/linux/amd64/selinux/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/selinux/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/selinux/parent b/profiles/hardened/linux/amd64/selinux/parent new file mode 100644 index 000000000000..e5c7cefb6826 --- /dev/null +++ b/profiles/hardened/linux/amd64/selinux/parent @@ -0,0 +1,2 @@ +.. +../../../../features/selinux diff --git a/profiles/hardened/linux/amd64/use.mask b/profiles/hardened/linux/amd64/use.mask new file mode 100644 index 000000000000..6e65e1b3a96e --- /dev/null +++ b/profiles/hardened/linux/amd64/use.mask @@ -0,0 +1,10 @@ +# Copyright 1999-2012 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# Rick Farina <zerochaos@gentoo.org> 26 Nov 2012 +video_cards_nvidia +# removing mask on nvidia use flag as it is used by monitoring tools +# which may be desireable for cuda users +#nvidia +# adjusting use flag mask as nvidia-drivers are usable for cuda at least +#cuda diff --git a/profiles/hardened/linux/amd64/x32/eapi b/profiles/hardened/linux/amd64/x32/eapi new file mode 100644 index 000000000000..7ed6ff82de6b --- /dev/null +++ b/profiles/hardened/linux/amd64/x32/eapi @@ -0,0 +1 @@ +5 diff --git a/profiles/hardened/linux/amd64/x32/make.defaults b/profiles/hardened/linux/amd64/x32/make.defaults new file mode 100644 index 000000000000..607b6452b9bf --- /dev/null +++ b/profiles/hardened/linux/amd64/x32/make.defaults @@ -0,0 +1,4 @@ +# Copyright 1999-2012 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 + +CHOST="x86_64-pc-linux-gnux32" diff --git a/profiles/hardened/linux/amd64/x32/parent b/profiles/hardened/linux/amd64/x32/parent new file mode 100644 index 000000000000..6793db467fe7 --- /dev/null +++ b/profiles/hardened/linux/amd64/x32/parent @@ -0,0 +1,3 @@ +../../../../features/multilib +../../../../arch/amd64/x32 +.. |