initial commit for an amd64 hardened profile. weee :)

6 files changed, 260 insertions, 0 deletions

diff --git a/profiles/hardened-amd64-2004.0/make.defaults b/profiles/hardened-amd64-2004.0/make.defaults
new file mode 100644
index 000000000000..c03f267cc10c
--- /dev/null
+++ b/profiles/hardened-amd64-2004.0/make.defaults
@@ -0,0 +1,15 @@
+# Copyright 2002 Gentoo Technologies, Inc.
+
+GRP_STAGE23_USE="amd64 berkdb crypt readline nls ssl tcpd zlib pam pic python acl ncurses -java -gcj f77 objc -X -multilib hardened"
+USE="amd64 berkdb crypt readline nls ssl tcpd zlib pam pic python acl ncurses -java -gcj f77 objc -multilib hardened -cups gdbm zlib"
+
+FEATURES="sandbox sfperms strict"
+ACCEPT_KEYWORDS="amd64"
+
+ARCH="amd64"
+CHOST="x86_64-pc-linux-gnu"
+
+COMPILER="gcc3"
+CFLAGS="-O2 -ftracer"
+CXXFLAGS="${CFLAGS}"
+
diff --git a/profiles/hardened-amd64-2004.0/packages b/profiles/hardened-amd64-2004.0/packages
new file mode 100644
index 000000000000..9b8c88aa4654
--- /dev/null
+++ b/profiles/hardened-amd64-2004.0/packages
@@ -0,0 +1,71 @@
+>dev-lang/gpc-2.1
+*>=sys-apps/baselayout-1.8.6.13
+*>=sys-apps/portage-2.0.50
+*>=sys-devel/binutils-2.14.90.0.8-r1
+*>=sys-devel/gcc-3.3.3
+*>=sys-libs/glibc-2.3.2
+*virtual/modutils
+>=sys-apps/sysklogd-1.4.1
+*dev-lang/python
+
+>=x11-base/xfree-4.1.0-r12
+# sash - static shell for system recovery
+*app-shells/sash
+*sys-apps/paxctl
+*dev-lang/perl
+*virtual/editor
+*net-misc/dhcpcd
+*net-misc/iputils
+*net-misc/rsync
+*net-misc/wget
+*app-shells/bash
+*app-arch/bzip2
+*sys-apps/kbd
+*app-arch/cpio
+*sys-apps/debianutils
+*sys-apps/diffutils
+*sys-fs/e2fsprogs
+*sys-apps/ed
+*sys-apps/file
+*sys-apps/findutils
+*sys-apps/slocate
+*sys-apps/gawk
+*sys-apps/grep
+*sys-apps/groff
+*app-arch/gzip
+*sys-apps/hdparm
+*sys-apps/less
+*sys-apps/man
+*sys-apps/man-pages
+*sys-apps/net-tools
+*sys-apps/procps
+*sys-apps/psmisc
+*sys-apps/sed
+*sys-apps/setserial
+*<sys-apps/shadow-5
+*sys-apps/pam-login
+*app-arch/tar
+*>=sys-apps/texinfo-4.2-r1
+*sys-apps/coreutils
+*sys-apps/util-linux
+*sys-apps/which
+*sys-devel/autoconf
+*>=sys-devel/automake-1.6.1-r5
+*sys-devel/bc
+*sys-devel/bin86
+*sys-devel/bison
+*sys-devel/flex
+*>=sys-devel/libtool-1.4.1-r4
+*sys-devel/m4
+*sys-devel/make
+*sys-devel/patch
+*sys-libs/cracklib  
+*sys-libs/db
+*>=sys-libs/ncurses-5.2.20020112a
+*>=sys-libs/pam-0.75-r9
+*sys-libs/pwdb      
+*sys-libs/readline  
+*sys-libs/zlib
+*net-misc/openssh
+*sys-fs/devfsd
+*sys-apps/linux32
diff --git a/profiles/hardened-amd64-2004.0/packages.build b/profiles/hardened-amd64-2004.0/packages.build
new file mode 100644
index 000000000000..76f3abc1223d
--- /dev/null
+++ b/profiles/hardened-amd64-2004.0/packages.build
@@ -0,0 +1,31 @@
+app-arch/bzip2
+app-arch/gzip
+app-arch/tar
+app-editors/nano
+app-shells/bash
+dev-lang/python
+net-misc/rsync
+net-misc/wget
+sys-apps/baselayout
+sys-apps/coreutils
+sys-apps/debianutils
+sys-apps/diffutils
+sys-apps/file
+sys-apps/fileutils
+sys-apps/findutils
+sys-apps/gawk
+sys-apps/grep
+sys-apps/less
+sys-apps/net-tools
+sys-apps/portage
+sys-apps/sed
+sys-apps/texinfo
+sys-apps/textutils
+sys-devel/binutils
+sys-devel/bison
+sys-devel/flex
+sys-devel/gcc
+sys-devel/gettext
+sys-devel/make
+sys-devel/patch
+sys-libs/glibc
diff --git a/profiles/hardened-amd64-2004.0/use.defaults b/profiles/hardened-amd64-2004.0/use.defaults
new file mode 100644
index 000000000000..6e18ef0832e6
--- /dev/null
+++ b/profiles/hardened-amd64-2004.0/use.defaults
@@ -0,0 +1,56 @@
+#gif
+#mmx
+#3dnow
+#odbc
+#fbcon		
+#oss
+#libg++
+#objprelink
+#nls
+#mitshm
+#sse
+xinerama
+directfb	dev-libs/DirectFB
+ungif		media-libs/ungif
+gtkhtml		gnome-extra/gtkhtml
+alsa		media-libs/alsa-lib
+gdbm		sys-libs/gdbm
+berkdb		sys-libs/db
+slang		sys-libs/slang
+readline	sys-libs/readline
+arts		kde-base/arts
+tetex		app-text/tetex
+aalib		media-libs/aalib	
+nas		media-libs/nas
+bonobo		gnome-base/bonobo
+ggi		media-libs/libggi
+tcltk		dev-lang/tcl dev-lang/tk
+# java		virtual/jre
+guile		dev-util/guile
+ruby		dev-lang/ruby
+mysql		dev-db/mysql
+postgres	dev-db/postgresql
+X		x11-base/xfree
+sdl		media-libs/libsdl
+gpm		sys-libs/gpm
+tcpd		sys-apps/tcp-wrappers
+pam		sys-libs/pam
+libwww		net-libs/libwww
+ssl		dev-libs/openssl
+perl		dev-lang/perl
+python		dev-lang/python
+esd		media-sound/esound
+imlib		media-libs/imlib
+oggvorbis	media-libs/libvorbis
+gnome		gnome-base/gnome
+gtk		x11-libs/gtk+
+qt		x11-libs/qt
+kde		kde-base/kdebase
+motif		x11-libs/openmotif
+opengl		virtual/opengl
+mozilla		net-www/mozilla
+gphoto2		media-gfx/gphoto2
+ldap		net-nds/openldap
+snmp		net-analyzer/ucd-snmp
+cdr		app-cdr/cdrtools
+scanner		media-gfx/sane-backends
diff --git a/profiles/hardened-amd64-2004.0/use.mask b/profiles/hardened-amd64-2004.0/use.mask
new file mode 100644
index 000000000000..8e78da6d9b45
--- /dev/null
+++ b/profiles/hardened-amd64-2004.0/use.mask
@@ -0,0 +1,26 @@
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened-amd64-2004.0/use.mask,v 1.1 2004/05/05 01:20:59 lv Exp $
+
+# Anything that relies on vm86.h will not built on amd64
+# SVGAlib doesnt build
+svga
+
+# Too many packages assume that mmx/sse/sse2/3dnow are 86-32 only things to
+# make them useful on amd64. Anyway, all amd64 cpus have them, so they should
+# not be many flag dependant in this case
+mmx
+#sse
+#sse2
+3dnow
+
+# x86 binary only for now
+icc
+
+# Firebird doesnt build on amd64
+firebird
+
+# Chris PeBenito <pebenito@gentoo.org>
+# must use a SELinux profile
+selinux
+
+# x86 binary only, used by php
+fdftk
diff --git a/profiles/hardened-amd64-2004.0/virtuals b/profiles/hardened-amd64-2004.0/virtuals
new file mode 100644
index 000000000000..d5d770203c1f
--- /dev/null
+++ b/profiles/hardened-amd64-2004.0/virtuals
@@ -0,0 +1,61 @@
+sys-apps/sh-utils	sys-apps/coreutils
+sys-apps/textutils	sys-apps/coreutils
+sys-apps/fileutils	sys-apps/coreutils
+virtual/os-headers	sys-kernel/linux-headers
+virtual/lpr             net-print/cups
+virtual/python          dev-lang/python
+virtual/mta             net-mail/ssmtp
+virtual/alsa            sys-kernel/hardened-dev-sources
+virtual/kernel          sys-kernel/linux-headers
+virtual/linux-sources   sys-kernel/hardened-dev-sources
+virtual/glibc           sys-libs/glibc
+virtual/x11             x11-base/xorg-x11
+virtual/opengl          x11-base/xorg-x11
+virtual/glu             x11-base/xorg-x11
+virtual/glut            media-libs/glut
+virtual/imapUW          net-mail/uw-imap
+x11-libs/xaw            x11-libs/Xaw3d
+virtual/jdk             dev-java/blackdown-jdk
+virtual/jre             dev-java/blackdown-jre
+virtual/imapd           net-mail/courier-imap
+sys-apps/console-tools  sys-apps/kbd
+virtual/blackbox        x11-wm/blackbox
+virtual/emacs           app-editors/emacs
+virtual/cron            sys-apps/dcron
+sys-apps/reiserfs-utils sys-fs/reiserfsprogs
+virtual/xemacs          app-editors/xemacs
+virtual/sylpheed        net-mail/sylpheed
+virtual/php             dev-php/mod_php
+virtual/textbrowser	net-www/links
+virtual/mda		net-mail/procmail
+virtual/xft		x11-base/xorg-x11
+virtual/krb5		app-crypt/heimdal
+virtual/bootloader	sys-boot/grub-static
+virtual/editor		app-editors/nano
+virtual/jack		media-sound/jack-audio-connection-kit
+virtual/quicktime	media-libs/libquicktime
+virtual/os-headers	sys-kernel/linux-headers
+virtual/ghc             dev-lang/ghc-bin
+#sys-apps/modutils	sys-apps/module-init-tools
+virtual/modutils	sys-apps/module-init-tools
+virtual/inetd		sys-apps/xinetd
+virtual/antivirus	net-mail/clamav
+virtual/aspell-dict	app-dicts/aspell-en
+virtual/skkserv		app-i18n/skkserv
+virtual/snmp		net-analyzer/net-snmp
+virtual/winkernel	sys-kernel/win4lin-sources
+virtual/flim		app-emacs/flim
+virtual/semi		app-emacs/semi
+virtual/tetex		app-text/tetex
+virtual/bittorrent	net-p2p/bittorrent
+virtual/logger		app-admin/sysklogd
+virtual/tftp		net-misc/tftp-hpa
+virtual/gzip		app-arch/gzip
+virtual/ghostscript	app-text/ghostscript
+virtual/w3m		net-www/w3m
+virtual/imap-c-client	net-libs/c-client
+virtual/mpg123		media-sound/mpg123
+virtual/cdrtools        app-cdr/cdrtools
+virtual/dhcpc		net-misc/dhcpcd
+virtual/ssh		net-misc/openssh
+virtual/ruby		dev-lang/ruby