From 2771f79232c273bc2a57d23bf335dd81ccf6af28 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Sun, 5 Dec 2021 02:47:11 +0000
Subject: gentoo resync : 05.12.2021

---
 profiles/features/hardened/amd64/package.use.mask | 11 ++++++
 profiles/features/hardened/arm/eapi               |  1 +
 profiles/features/hardened/arm/make.defaults      |  4 +++
 profiles/features/hardened/arm/parent             |  1 +
 profiles/features/musl/package.mask               | 14 ++++++++
 profiles/features/musl/package.use.mask           |  8 +++++
 profiles/features/selinux/package.mask            | 42 -----------------------
 profiles/features/selinux/package.unmask          |  5 ---
 profiles/features/selinux/package.use.mask        |  3 +-
 profiles/features/selinux/use.mask                |  1 -
 profiles/features/uclibc/deprecated               | 17 +++++++++
 profiles/features/uclibc/package.mask             |  1 +
 12 files changed, 58 insertions(+), 50 deletions(-)
 create mode 100644 profiles/features/hardened/amd64/package.use.mask
 create mode 100644 profiles/features/hardened/arm/eapi
 create mode 100644 profiles/features/hardened/arm/make.defaults
 create mode 100644 profiles/features/hardened/arm/parent
 create mode 100644 profiles/features/uclibc/deprecated

(limited to 'profiles/features')

diff --git a/profiles/features/hardened/amd64/package.use.mask b/profiles/features/hardened/amd64/package.use.mask
new file mode 100644
index 000000000000..c1152ea1c608
--- /dev/null
+++ b/profiles/features/hardened/amd64/package.use.mask
@@ -0,0 +1,11 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Sam James <sam@gentoo.org> (2021-11-27)
+# Unmask CET here. It works on amd64 and this is the hardened profile.
+sys-devel/binutils -cet
+sys-devel/binutils-hppa64 -cet
+sys-devel/gdb -cet
+sys-libs/binutils-libs -cet
+sys-libs/glibc -cet
+sys-devel/gcc -cet
diff --git a/profiles/features/hardened/arm/eapi b/profiles/features/hardened/arm/eapi
new file mode 100644
index 000000000000..7ed6ff82de6b
--- /dev/null
+++ b/profiles/features/hardened/arm/eapi
@@ -0,0 +1 @@
+5
diff --git a/profiles/features/hardened/arm/make.defaults b/profiles/features/hardened/arm/make.defaults
new file mode 100644
index 000000000000..b3db3fbb8187
--- /dev/null
+++ b/profiles/features/hardened/arm/make.defaults
@@ -0,0 +1,4 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+USE="pic"
diff --git a/profiles/features/hardened/arm/parent b/profiles/features/hardened/arm/parent
new file mode 100644
index 000000000000..f3229c5b9876
--- /dev/null
+++ b/profiles/features/hardened/arm/parent
@@ -0,0 +1 @@
+..
diff --git a/profiles/features/musl/package.mask b/profiles/features/musl/package.mask
index bc9ffc405fad..8bf8e5b3342e 100644
--- a/profiles/features/musl/package.mask
+++ b/profiles/features/musl/package.mask
@@ -1,6 +1,19 @@
 # Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
+# Andreas K. Hüttel <dilfridge@gentoo.org> (2021-11-21)
+# No musl patches in ebuild
+<sys-devel/gcc-9
+
+# Sam James <sam@gentoo.org> (2021-11-20)
+# Wants /usr/bin/locale
+# Fails to build with errors like:
+# ```
+# Use of uninitialized value $Text::WrapI18N::charmap in pattern match (m//) at /usr/lib/perl5/vendor_perl/5.34/Text/WrapI18N.pm line 155.
+# Can't exec "/usr/bin/locale": No such file or directory at /usr/lib/perl5/vendor_perl/5.34/Text/WrapI18N.pm line 134.
+# ```
+app-text/po4a
+
 # Hank Leininger <hlein@korelogic.com> (2021-07-14)
 # Uses glibc-specific rexec(3) function, bug #715898
 net-misc/netkit-rsh
@@ -8,6 +21,7 @@ net-misc/netkit-rsh
 # Andreas K. Hüttel <dilfridge@gentoo.org> (2021-07-14)
 # Mask the libxcrypt-based virtual
 ~virtual/libcrypt-2
+-virtual/libcrypt:0/1
 
 # David Seifert <soap@gentoo.org> (2021-02-08)
 # nvidia-drivers only works against glibc.
diff --git a/profiles/features/musl/package.use.mask b/profiles/features/musl/package.use.mask
index f58de338da4a..72bf15947617 100644
--- a/profiles/features/musl/package.use.mask
+++ b/profiles/features/musl/package.use.mask
@@ -1,6 +1,14 @@
 # Copyright 1999-2021 Gentoo Authors.
 # Distributed under the terms of the GNU General Public License v2
 
+# Stijn Tintel <stijn@linux-ipv6.be> (2021-12-02)
+# rarpd relies on ether_ntohost which is a stub in musl
+net-misc/iputils rarpd
+
+# Sam James <sam@gentoo.org> (2021-11-20)
+# Pulls in po4a which doesn't seem to work on musl (wants /usr/bin/locale)
+sys-apps/man-db nls
+
 # Sam James <sam@gentoo.org> (2021-11-07)
 # gdb-10[nls] doesn't build on musl
 # "ax.cc:(.text+0x2e0): undefined reference to `libintl_gettext'"
diff --git a/profiles/features/selinux/package.mask b/profiles/features/selinux/package.mask
index 0171a016d3c9..fe7d393b915e 100644
--- a/profiles/features/selinux/package.mask
+++ b/profiles/features/selinux/package.mask
@@ -1,45 +1,3 @@
 # Copyright 2011-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-# Ionen Wolkens <ionen@gentoo.org> (2021-07-09)
-# Mask in favor of opentmpfiles until usable on selinux profiles (bug #801217)
-sys-apps/systemd-tmpfiles
-
-# Andreas Sturmlechner <asturm@gentoo.org> (2021-04-06)
-# depends on sys-apps/systemd
-kde-plasma/plasma-firewall
-
-# Gilles Dartiguelongue <eva@gentoo.org> (2018-05-24)
-# Packages use systemd unconditionally for now
->=app-admin/abrt-2.10
-app-admin/gnome-abrt
->=dev-libs/libreport-2.9
-games-util/gamemode
-gnome-extra/gnome-logs
-gnome-extra/gnome-user-share
-
-# Göktürk Yüksek <gokturk@gentoo.org> (2016-11-09)
-# On behalf of proxy-maint
-# Mask due to the package requiring systemd
-# and causing unresolvable dep issues
-# See: https://github.com/gentoo/gentoo/pull/2262
-www-misc/profile-sync-daemon
-
-# Jason Zaman <perfinion@gentoo.org> (2015-06-27)
-# systemd has no support in the SELinux policy at the moment.
-# Please see: https://wiki.gentoo.org/wiki/SELinux/FAQ#Can_I_use_SELinux_with_systemd.3F
-app-admin/systemdgenie
-app-office/wps-office
-sys-apps/systemd
-app-admin/calamares
-dev-python/python-systemd
-x11-themes/zukitwo-shell
-gnome-extra/office-runner
-gnome-extra/pch-session
-net-firewall/firewalld
-sys-apps/gentoo-systemd-integration
-sys-apps/systemd-readahead
-sys-process/systemd-cron
-sys-apps/dbus-broker
-sys-kernel/installkernel-systemd-boot
-sys-power/switcheroo-control
diff --git a/profiles/features/selinux/package.unmask b/profiles/features/selinux/package.unmask
index e3b106221de5..2de0cf7d6590 100644
--- a/profiles/features/selinux/package.unmask
+++ b/profiles/features/selinux/package.unmask
@@ -1,7 +1,2 @@
 # Copyright 2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
-
-# Ionen Wolkens <ionen@gentoo.org> (2021-07-09)
-# Unmask opentmpfiles on selinux profiles until systemd-tmpfiles is
-# usable (bug #801217).
-sys-apps/opentmpfiles
diff --git a/profiles/features/selinux/package.use.mask b/profiles/features/selinux/package.use.mask
index 40676d30d5c5..4d0a1aab402d 100644
--- a/profiles/features/selinux/package.use.mask
+++ b/profiles/features/selinux/package.use.mask
@@ -1,4 +1,4 @@
-# Copyright 1999-2020 Gentoo Authors
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 # Georgy Yakovlev <gyakovlev@gentoo.org> (2020-10-21)
@@ -18,7 +18,6 @@ gnome-base/gnome-extra-apps share
 net-firewall/fwknop firewalld
 www-servers/uwsgi uwsgi_plugins_systemd_logger
 >=x11-wm/mutter-3.22 wayland
-net-wireless/bluez user-session
 
 # Brian Dolbec <dolsen@gentoo.org> (2014-09-17)
 # mask pypy for several utilities due to incompatibility with libselinux
diff --git a/profiles/features/selinux/use.mask b/profiles/features/selinux/use.mask
index 7ec45f5f3a3e..5c4a7be6e3f1 100644
--- a/profiles/features/selinux/use.mask
+++ b/profiles/features/selinux/use.mask
@@ -10,5 +10,4 @@
 -selinux
 
 # no policy yet
-systemd
 homed
diff --git a/profiles/features/uclibc/deprecated b/profiles/features/uclibc/deprecated
new file mode 100644
index 000000000000..a03e880d5f33
--- /dev/null
+++ b/profiles/features/uclibc/deprecated
@@ -0,0 +1,17 @@
+
+uClibc-ng is mostly abandoned upstream, and since an RFC by its maintainer in Gentoo
+in Jan 2021, no one has volunteered to step up maintenance or expressed interest in
+the uClibc-ng profiles. With this announcement we last-rite the "uclibc"
+profiles, which will be removed on 2022-01-01. For parties interested in
+an alternative libc, consider moving to musl, which is supported.
+
+Gentoo continues to wholeheartedly support musl and is focusing its
+efforts in that area.
+
+Resources:
+- https://wiki.gentoo.org/wiki/Project:Hardened_musl
+- https://gitweb.gentoo.org/proj/musl.git/ (overlay for patches)
+- #gentoo-hardened (IRC channel on irc.libera.chat) for support and discussion
+
+Please see the news item for more information:
+https://www.gentoo.org/support/news-items/2021-08-18-uclibc-ng-retirement.html
diff --git a/profiles/features/uclibc/package.mask b/profiles/features/uclibc/package.mask
index 8aa72890043e..39a81a82d33a 100644
--- a/profiles/features/uclibc/package.mask
+++ b/profiles/features/uclibc/package.mask
@@ -8,6 +8,7 @@ sys-libs/pam
 # Andreas K. Hüttel <dilfridge@gentoo.org> (2021-07-14)
 # Mask the libxcrypt-based virtual
 ~virtual/libcrypt-2
+-virtual/libcrypt:0/1
 
 # Ionen Wolkens <ionen@gentoo.org> (2021-07-09)
 # Mask in favor of opentmpfiles until usable with uclibc-ng (bug #801106)
-- 
cgit v1.2.3