diff options
author | John P. Davis <zhen@gentoo.org> | 2004-02-01 20:33:55 +0000 |
---|---|---|
committer | John P. Davis <zhen@gentoo.org> | 2004-02-01 20:33:55 +0000 |
commit | d9c58e9940ded5034ed20f7dc943e8cc9a4c7266 (patch) | |
tree | 22df94610bbe2bbdcf1897215fbcbe8d7198048d /profiles/hardened-x86-2004.0 | |
parent | fix alsa segfaults #36417 (diff) | |
download | historical-d9c58e9940ded5034ed20f7dc943e8cc9a4c7266.tar.gz historical-d9c58e9940ded5034ed20f7dc943e8cc9a4c7266.tar.bz2 historical-d9c58e9940ded5034ed20f7dc943e8cc9a4c7266.zip |
adding new 2004.0 profile
Diffstat (limited to 'profiles/hardened-x86-2004.0')
-rw-r--r-- | profiles/hardened-x86-2004.0/make.defaults | 36 | ||||
-rw-r--r-- | profiles/hardened-x86-2004.0/packages | 87 | ||||
-rw-r--r-- | profiles/hardened-x86-2004.0/packages.build | 32 | ||||
-rw-r--r-- | profiles/hardened-x86-2004.0/use.defaults | 60 | ||||
-rw-r--r-- | profiles/hardened-x86-2004.0/use.mask | 3 | ||||
-rw-r--r-- | profiles/hardened-x86-2004.0/virtuals | 53 |
6 files changed, 271 insertions, 0 deletions
diff --git a/profiles/hardened-x86-2004.0/make.defaults b/profiles/hardened-x86-2004.0/make.defaults new file mode 100644 index 000000000000..9955ae758086 --- /dev/null +++ b/profiles/hardened-x86-2004.0/make.defaults @@ -0,0 +1,36 @@ +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened-x86-2004.0/make.defaults,v 1.1 2004/02/01 20:33:55 zhen Exp $ + +GRP_STAGE23_USE="x86 berkdb crypt readline nls ssl tcpd zlib pam pic" + +# <zhen@gentoo.org> defaults for a hardened system +# <zhen@gentoo.org> pam added until bug 10135 is fixed +USE="x86 berkdb crypt readline nls ssl tcpd zlib pam pic" + +ARCH="x86" +COMPILER="gcc3" +ACCEPT_KEYWORDS="x86" + +# +# FEATURES are settings that affect the functionality of portage. Most of +# these settings are for developer use, but some are available to non- +# developers as well. +# +# 'sandbox' enable sandbox-ing when running emerge and ebuild +# 'sfperms' feature for security minded people that causes portage to +# remove group+other readable bits on setuid files and +# remove the other readable bits on setgid files. +# 'strict' causes portage to react strongly to conditions that +# have the potential to be dangerous -- like missing or +# incorrect Manifest files. +# 'userpriv' allows portage to drop root privleges while it is compiling +# as a security measure, and as a side effect this can remove +# sandbox access violations for users. +# 'usersandbox' enables sandboxing while portage is running under userpriv. +# unpack -- for debugging purposes only. +# + +FEATURES="sandbox sfperms strict" +#FEATURES="sandbox sfperms strict userpriv usersandbox" + diff --git a/profiles/hardened-x86-2004.0/packages b/profiles/hardened-x86-2004.0/packages new file mode 100644 index 000000000000..4db05f445828 --- /dev/null +++ b/profiles/hardened-x86-2004.0/packages @@ -0,0 +1,87 @@ +# Copyright 1999-2003 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/hardened-x86-2004.0/packages,v 1.1 2004/02/01 20:33:55 zhen Exp $ + +# base system stuff +>dev-lang/gpc-2.1 +*>=sys-apps/baselayout-1.8.6.10-r1 +*>=sys-apps/portage-2.0.49-r3 + +# toolchain stuff +*>=sys-devel/binutils-2.13.90.0.6-r2 +*>=sys-devel/gcc-3.2.3-r2 +*>=sys-devel/hardened-gcc-2.4.5 +*>=sys-libs/glibc-2.3.2-r1 +*virtual/modutils +virtual/os-headers + +# regular package defs +>=app-admin/sysklogd-1.4.1 +*dev-lang/python +>=x11-base/xfree-4.1.0-r12 +# <zhen@gentoo.org> waiting for solar ... +#*app-misc/pax-utils +*app-shells/sash +*sys-apps/chpax +*dev-lang/perl +*virtual/editor +*net-misc/dhcpcd +*net-misc/iputils +*net-misc/rsync +*net-misc/wget +*app-shells/bash +*app-arch/bzip2 +*sys-apps/kbd +*app-arch/cpio +*sys-apps/coreutils +*sys-apps/debianutils +*sys-apps/diffutils +*sys-fs/e2fsprogs +*sys-apps/ed +*sys-apps/fbset +*sys-apps/file +*sys-apps/findutils +*sys-apps/slocate +*sys-apps/gawk +*sys-apps/grep +*sys-apps/groff +*app-arch/gzip +*sys-apps/hdparm +*sys-apps/less +*sys-apps/man +*sys-apps/man-pages +*sys-apps/net-tools +*sys-apps/procps +*sys-apps/psmisc +*sys-apps/sed +*sys-apps/setserial +*<sys-apps/shadow-5 + +# <zhen@gentoo.org> Again, added until bug 10135 is addressed +*sys-apps/pam-login +>=sys-libs/pam-0.75-r9 +*sys-libs/pwdb + +*app-arch/sharutils +*app-arch/tar +*>=sys-apps/texinfo-4.2-r1 +*sys-apps/util-linux +*sys-apps/which +*sys-devel/autoconf +*>=sys-devel/automake-1.6.1-r5 +*sys-devel/bc +*sys-devel/bin86 +*sys-devel/bison +*sys-devel/flex +*>=sys-devel/libtool-1.4.1-r4 +*sys-devel/m4 +*sys-devel/make +*sys-devel/patch +*sys-libs/cracklib +*sys-libs/db +*>=sys-libs/ncurses-5.2.20020112a +*sys-libs/readline +*sys-libs/zlib +*virtual/ssh +*sys-fs/devfsd + diff --git a/profiles/hardened-x86-2004.0/packages.build b/profiles/hardened-x86-2004.0/packages.build new file mode 100644 index 000000000000..04fc04dda7da --- /dev/null +++ b/profiles/hardened-x86-2004.0/packages.build @@ -0,0 +1,32 @@ +sys-devel/hardened-gcc +sys-apps/baselayout +sys-libs/glibc +sys-apps/texinfo +app-shells/bash +app-arch/bzip2 +sys-apps/debianutils +sys-apps/diffutils +sys-apps/file +sys-apps/fileutils +sys-apps/findutils +sys-apps/gawk +sys-apps/grep +app-arch/gzip +sys-apps/portage +sys-apps/sed +sys-apps/sh-utils +app-arch/tar +sys-apps/textutils +sys-devel/binutils +sys-devel/bison +sys-devel/flex +sys-devel/gcc +sys-devel/make +sys-devel/patch +sys-devel/gettext +dev-lang/python +net-misc/wget +net-misc/rsync +app-editors/nano +sys-apps/net-tools +sys-apps/less diff --git a/profiles/hardened-x86-2004.0/use.defaults b/profiles/hardened-x86-2004.0/use.defaults new file mode 100644 index 000000000000..6fb32c8065d7 --- /dev/null +++ b/profiles/hardened-x86-2004.0/use.defaults @@ -0,0 +1,60 @@ +#gif +#mmx +#3dnow +#odbc +#fbcon +#oss +#libg++ +#objprelink +#nls +#mitshm +#sse +xinerama +directfb dev-libs/DirectFB +ungif media-libs/ungif +gtkhtml gnome-extra/gtkhtml +alsa media-libs/alsa-lib +gdbm sys-libs/gdbm +berkdb sys-libs/db +slang sys-libs/slang +readline sys-libs/readline +arts kde-base/arts +tetex app-text/tetex +aalib media-libs/aalib +nas media-libs/nas +bonobo gnome-base/bonobo +svga media-libs/svgalib +ggi media-libs/libggi +tcltk dev-lang/tcl dev-lang/tk +java virtual/jre +guile dev-util/guile +ruby dev-lang/ruby +mysql dev-db/mysql +postgres dev-db/postgresql +X x11-base/xfree +sdl media-libs/libsdl +gpm sys-libs/gpm +tcpd sys-apps/tcp-wrappers + +# <zhen@gentoo.org> unmasked until bug 10135 gets addressed +pam sys-libs/pam + +libwww net-libs/libwww +ssl dev-libs/openssl +perl dev-lang/perl +python dev-lang/python +esd media-sound/esound +imlib media-libs/imlib +oggvorbis media-libs/libvorbis +gnome gnome-base/gnome +gtk x11-libs/gtk+ +qt x11-libs/qt +kde kde-base/kdebase +motif x11-libs/openmotif +opengl virtual/opengl +mozilla net-www/mozilla +gphoto2 media-gfx/gphoto2 +ldap net-nds/openldap +snmp net-analyzer/ucd-snmp +cdr app-cdr/cdrtools +scanner media-gfx/sane-backends diff --git a/profiles/hardened-x86-2004.0/use.mask b/profiles/hardened-x86-2004.0/use.mask new file mode 100644 index 000000000000..e16f97e89fcb --- /dev/null +++ b/profiles/hardened-x86-2004.0/use.mask @@ -0,0 +1,3 @@ +# Chris PeBenito <pebenito@gentoo.org> +# must use a SELinux profile +selinux diff --git a/profiles/hardened-x86-2004.0/virtuals b/profiles/hardened-x86-2004.0/virtuals new file mode 100644 index 000000000000..4e00f88468a7 --- /dev/null +++ b/profiles/hardened-x86-2004.0/virtuals @@ -0,0 +1,53 @@ +virtual/lpr net-print/cups +virtual/python dev-lang/python +virtual/mta net-mail/ssmtp +virtual/alsa media-sound/alsa-driver +virtual/kernel sys-kernel/linux-headers +virtual/linux-sources sys-kernel/gentoo-sources +virtual/glibc sys-libs/glibc +virtual/x11 x11-base/xfree +virtual/opengl x11-base/xfree +virtual/glu x11-base/xfree +virtual/glut media-libs/glut +virtual/imapUW net-mail/uw-imap +virtual/jdk dev-java/blackdown-jdk +virtual/jre dev-java/blackdown-jre +virtual/imapd net-mail/courier-imap +sys-apps/console-tools sys-apps/kbd +virtual/blackbox x11-wm/blackbox +virtual/emacs app-editors/emacs +virtual/cron sys-apps/dcron +virtual/xemacs app-editors/xemacs +virtual/sylpheed net-mail/sylpheed +virtual/php dev-php/mod_php +virtual/textbrowser net-www/links +virtual/mda net-mail/procmail +virtual/xft x11-base/xfree +virtual/krb5 app-crypt/heimdal +virtual/bootloader sys-boot/grub +virtual/editor app-editors/nano +virtual/jack media-sound/jack-audio-connection-kit +virtual/quicktime media-libs/libquicktime +virtual/os-headers sys-kernel/linux-headers +virtual/ghc dev-lang/ghc-bin +virtual/modutils sys-apps/modutils +virtual/inetd sys-apps/xinetd +virtual/antivirus net-mail/clamav +virtual/aspell-dict app-dicts/aspell-en +virtual/skkserv app-i18n/skkserv +virtual/snmp net-analyzer/net-snmp +virtual/winkernel sys-kernel/win4lin-sources +virtual/imap-c-client net-libs/c-client +virtual/wine app-emulation/wine app-emulation/winex app-emulation/winex-cvs +virtual/flim app-emacs/flim +virtual/semi app-emacs/semi +virtual/tetex app-text/tetex +virtual/bittorrent net-p2p/bittorrent +virtual/logger app-admin/sysklogd +virtual/ssh net-misc/openssh +virtual/commonlisp dev-lisp/cmucl dev-lisp/sbcl dev-lisp/cmucl +virtual/tftp net-misc/tftp-hpa +virtual/gzip app-arch/gzip +virtual/ghostscript app-text/ghostscript +virtual/w3m net-www/w3m +virtual/cdrtools app-cdr/cdrtools |