summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn P. Davis <zhen@gentoo.org>2004-02-01 20:33:55 +0000
committerJohn P. Davis <zhen@gentoo.org>2004-02-01 20:33:55 +0000
commitd9c58e9940ded5034ed20f7dc943e8cc9a4c7266 (patch)
tree22df94610bbe2bbdcf1897215fbcbe8d7198048d /profiles/hardened-x86-2004.0
parentfix alsa segfaults #36417 (diff)
downloadhistorical-d9c58e9940ded5034ed20f7dc943e8cc9a4c7266.tar.gz
historical-d9c58e9940ded5034ed20f7dc943e8cc9a4c7266.tar.bz2
historical-d9c58e9940ded5034ed20f7dc943e8cc9a4c7266.zip
adding new 2004.0 profile
Diffstat (limited to 'profiles/hardened-x86-2004.0')
-rw-r--r--profiles/hardened-x86-2004.0/make.defaults36
-rw-r--r--profiles/hardened-x86-2004.0/packages87
-rw-r--r--profiles/hardened-x86-2004.0/packages.build32
-rw-r--r--profiles/hardened-x86-2004.0/use.defaults60
-rw-r--r--profiles/hardened-x86-2004.0/use.mask3
-rw-r--r--profiles/hardened-x86-2004.0/virtuals53
6 files changed, 271 insertions, 0 deletions
diff --git a/profiles/hardened-x86-2004.0/make.defaults b/profiles/hardened-x86-2004.0/make.defaults
new file mode 100644
index 000000000000..9955ae758086
--- /dev/null
+++ b/profiles/hardened-x86-2004.0/make.defaults
@@ -0,0 +1,36 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened-x86-2004.0/make.defaults,v 1.1 2004/02/01 20:33:55 zhen Exp $
+
+GRP_STAGE23_USE="x86 berkdb crypt readline nls ssl tcpd zlib pam pic"
+
+# <zhen@gentoo.org> defaults for a hardened system
+# <zhen@gentoo.org> pam added until bug 10135 is fixed
+USE="x86 berkdb crypt readline nls ssl tcpd zlib pam pic"
+
+ARCH="x86"
+COMPILER="gcc3"
+ACCEPT_KEYWORDS="x86"
+
+#
+# FEATURES are settings that affect the functionality of portage. Most of
+# these settings are for developer use, but some are available to non-
+# developers as well.
+#
+# 'sandbox' enable sandbox-ing when running emerge and ebuild
+# 'sfperms' feature for security minded people that causes portage to
+# remove group+other readable bits on setuid files and
+# remove the other readable bits on setgid files.
+# 'strict' causes portage to react strongly to conditions that
+# have the potential to be dangerous -- like missing or
+# incorrect Manifest files.
+# 'userpriv' allows portage to drop root privleges while it is compiling
+# as a security measure, and as a side effect this can remove
+# sandbox access violations for users.
+# 'usersandbox' enables sandboxing while portage is running under userpriv.
+# unpack -- for debugging purposes only.
+#
+
+FEATURES="sandbox sfperms strict"
+#FEATURES="sandbox sfperms strict userpriv usersandbox"
+
diff --git a/profiles/hardened-x86-2004.0/packages b/profiles/hardened-x86-2004.0/packages
new file mode 100644
index 000000000000..4db05f445828
--- /dev/null
+++ b/profiles/hardened-x86-2004.0/packages
@@ -0,0 +1,87 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened-x86-2004.0/packages,v 1.1 2004/02/01 20:33:55 zhen Exp $
+
+# base system stuff
+>dev-lang/gpc-2.1
+*>=sys-apps/baselayout-1.8.6.10-r1
+*>=sys-apps/portage-2.0.49-r3
+
+# toolchain stuff
+*>=sys-devel/binutils-2.13.90.0.6-r2
+*>=sys-devel/gcc-3.2.3-r2
+*>=sys-devel/hardened-gcc-2.4.5
+*>=sys-libs/glibc-2.3.2-r1
+*virtual/modutils
+virtual/os-headers
+
+# regular package defs
+>=app-admin/sysklogd-1.4.1
+*dev-lang/python
+>=x11-base/xfree-4.1.0-r12
+# <zhen@gentoo.org> waiting for solar ...
+#*app-misc/pax-utils
+*app-shells/sash
+*sys-apps/chpax
+*dev-lang/perl
+*virtual/editor
+*net-misc/dhcpcd
+*net-misc/iputils
+*net-misc/rsync
+*net-misc/wget
+*app-shells/bash
+*app-arch/bzip2
+*sys-apps/kbd
+*app-arch/cpio
+*sys-apps/coreutils
+*sys-apps/debianutils
+*sys-apps/diffutils
+*sys-fs/e2fsprogs
+*sys-apps/ed
+*sys-apps/fbset
+*sys-apps/file
+*sys-apps/findutils
+*sys-apps/slocate
+*sys-apps/gawk
+*sys-apps/grep
+*sys-apps/groff
+*app-arch/gzip
+*sys-apps/hdparm
+*sys-apps/less
+*sys-apps/man
+*sys-apps/man-pages
+*sys-apps/net-tools
+*sys-apps/procps
+*sys-apps/psmisc
+*sys-apps/sed
+*sys-apps/setserial
+*<sys-apps/shadow-5
+
+# <zhen@gentoo.org> Again, added until bug 10135 is addressed
+*sys-apps/pam-login
+>=sys-libs/pam-0.75-r9
+*sys-libs/pwdb
+
+*app-arch/sharutils
+*app-arch/tar
+*>=sys-apps/texinfo-4.2-r1
+*sys-apps/util-linux
+*sys-apps/which
+*sys-devel/autoconf
+*>=sys-devel/automake-1.6.1-r5
+*sys-devel/bc
+*sys-devel/bin86
+*sys-devel/bison
+*sys-devel/flex
+*>=sys-devel/libtool-1.4.1-r4
+*sys-devel/m4
+*sys-devel/make
+*sys-devel/patch
+*sys-libs/cracklib
+*sys-libs/db
+*>=sys-libs/ncurses-5.2.20020112a
+*sys-libs/readline
+*sys-libs/zlib
+*virtual/ssh
+*sys-fs/devfsd
+
diff --git a/profiles/hardened-x86-2004.0/packages.build b/profiles/hardened-x86-2004.0/packages.build
new file mode 100644
index 000000000000..04fc04dda7da
--- /dev/null
+++ b/profiles/hardened-x86-2004.0/packages.build
@@ -0,0 +1,32 @@
+sys-devel/hardened-gcc
+sys-apps/baselayout
+sys-libs/glibc
+sys-apps/texinfo
+app-shells/bash
+app-arch/bzip2
+sys-apps/debianutils
+sys-apps/diffutils
+sys-apps/file
+sys-apps/fileutils
+sys-apps/findutils
+sys-apps/gawk
+sys-apps/grep
+app-arch/gzip
+sys-apps/portage
+sys-apps/sed
+sys-apps/sh-utils
+app-arch/tar
+sys-apps/textutils
+sys-devel/binutils
+sys-devel/bison
+sys-devel/flex
+sys-devel/gcc
+sys-devel/make
+sys-devel/patch
+sys-devel/gettext
+dev-lang/python
+net-misc/wget
+net-misc/rsync
+app-editors/nano
+sys-apps/net-tools
+sys-apps/less
diff --git a/profiles/hardened-x86-2004.0/use.defaults b/profiles/hardened-x86-2004.0/use.defaults
new file mode 100644
index 000000000000..6fb32c8065d7
--- /dev/null
+++ b/profiles/hardened-x86-2004.0/use.defaults
@@ -0,0 +1,60 @@
+#gif
+#mmx
+#3dnow
+#odbc
+#fbcon
+#oss
+#libg++
+#objprelink
+#nls
+#mitshm
+#sse
+xinerama
+directfb dev-libs/DirectFB
+ungif media-libs/ungif
+gtkhtml gnome-extra/gtkhtml
+alsa media-libs/alsa-lib
+gdbm sys-libs/gdbm
+berkdb sys-libs/db
+slang sys-libs/slang
+readline sys-libs/readline
+arts kde-base/arts
+tetex app-text/tetex
+aalib media-libs/aalib
+nas media-libs/nas
+bonobo gnome-base/bonobo
+svga media-libs/svgalib
+ggi media-libs/libggi
+tcltk dev-lang/tcl dev-lang/tk
+java virtual/jre
+guile dev-util/guile
+ruby dev-lang/ruby
+mysql dev-db/mysql
+postgres dev-db/postgresql
+X x11-base/xfree
+sdl media-libs/libsdl
+gpm sys-libs/gpm
+tcpd sys-apps/tcp-wrappers
+
+# <zhen@gentoo.org> unmasked until bug 10135 gets addressed
+pam sys-libs/pam
+
+libwww net-libs/libwww
+ssl dev-libs/openssl
+perl dev-lang/perl
+python dev-lang/python
+esd media-sound/esound
+imlib media-libs/imlib
+oggvorbis media-libs/libvorbis
+gnome gnome-base/gnome
+gtk x11-libs/gtk+
+qt x11-libs/qt
+kde kde-base/kdebase
+motif x11-libs/openmotif
+opengl virtual/opengl
+mozilla net-www/mozilla
+gphoto2 media-gfx/gphoto2
+ldap net-nds/openldap
+snmp net-analyzer/ucd-snmp
+cdr app-cdr/cdrtools
+scanner media-gfx/sane-backends
diff --git a/profiles/hardened-x86-2004.0/use.mask b/profiles/hardened-x86-2004.0/use.mask
new file mode 100644
index 000000000000..e16f97e89fcb
--- /dev/null
+++ b/profiles/hardened-x86-2004.0/use.mask
@@ -0,0 +1,3 @@
+# Chris PeBenito <pebenito@gentoo.org>
+# must use a SELinux profile
+selinux
diff --git a/profiles/hardened-x86-2004.0/virtuals b/profiles/hardened-x86-2004.0/virtuals
new file mode 100644
index 000000000000..4e00f88468a7
--- /dev/null
+++ b/profiles/hardened-x86-2004.0/virtuals
@@ -0,0 +1,53 @@
+virtual/lpr net-print/cups
+virtual/python dev-lang/python
+virtual/mta net-mail/ssmtp
+virtual/alsa media-sound/alsa-driver
+virtual/kernel sys-kernel/linux-headers
+virtual/linux-sources sys-kernel/gentoo-sources
+virtual/glibc sys-libs/glibc
+virtual/x11 x11-base/xfree
+virtual/opengl x11-base/xfree
+virtual/glu x11-base/xfree
+virtual/glut media-libs/glut
+virtual/imapUW net-mail/uw-imap
+virtual/jdk dev-java/blackdown-jdk
+virtual/jre dev-java/blackdown-jre
+virtual/imapd net-mail/courier-imap
+sys-apps/console-tools sys-apps/kbd
+virtual/blackbox x11-wm/blackbox
+virtual/emacs app-editors/emacs
+virtual/cron sys-apps/dcron
+virtual/xemacs app-editors/xemacs
+virtual/sylpheed net-mail/sylpheed
+virtual/php dev-php/mod_php
+virtual/textbrowser net-www/links
+virtual/mda net-mail/procmail
+virtual/xft x11-base/xfree
+virtual/krb5 app-crypt/heimdal
+virtual/bootloader sys-boot/grub
+virtual/editor app-editors/nano
+virtual/jack media-sound/jack-audio-connection-kit
+virtual/quicktime media-libs/libquicktime
+virtual/os-headers sys-kernel/linux-headers
+virtual/ghc dev-lang/ghc-bin
+virtual/modutils sys-apps/modutils
+virtual/inetd sys-apps/xinetd
+virtual/antivirus net-mail/clamav
+virtual/aspell-dict app-dicts/aspell-en
+virtual/skkserv app-i18n/skkserv
+virtual/snmp net-analyzer/net-snmp
+virtual/winkernel sys-kernel/win4lin-sources
+virtual/imap-c-client net-libs/c-client
+virtual/wine app-emulation/wine app-emulation/winex app-emulation/winex-cvs
+virtual/flim app-emacs/flim
+virtual/semi app-emacs/semi
+virtual/tetex app-text/tetex
+virtual/bittorrent net-p2p/bittorrent
+virtual/logger app-admin/sysklogd
+virtual/ssh net-misc/openssh
+virtual/commonlisp dev-lisp/cmucl dev-lisp/sbcl dev-lisp/cmucl
+virtual/tftp net-misc/tftp-hpa
+virtual/gzip app-arch/gzip
+virtual/ghostscript app-text/ghostscript
+virtual/w3m net-www/w3m
+virtual/cdrtools app-cdr/cdrtools