Add hardened/linux/13.0 for amd64 and x86 for testing

28 files changed, 296 insertions, 0 deletions

diff --git a/profiles/hardened/linux/13.0/amd64/make.defaults b/profiles/hardened/linux/13.0/amd64/make.defaults
new file mode 100644
index 000000000000..a48d329327c2
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/make.defaults
@@ -0,0 +1,10 @@
+# Copyright 1999-2013 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/amd64/make.defaults,v 1.1 2013/02/09 18:32:23 blueness Exp $
+
+USE="justify -pic"
+
+CFLAGS="-O2 -pipe"
+CXXFLAGS="${CFLAGS}"
+FFLAGS="${CFLAGS}"
+FCFLAGS="${CFLAGS}"
diff --git a/profiles/hardened/linux/13.0/amd64/no-multilib/make.defaults b/profiles/hardened/linux/13.0/amd64/no-multilib/make.defaults
new file mode 100644
index 000000000000..de590f16fe7a
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/no-multilib/make.defaults
@@ -0,0 +1,8 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/amd64/no-multilib/make.defaults,v 1.1 2013/02/09 18:32:24 blueness Exp $
+
+ARCH="amd64"
+ACCEPT_KEYWORDS="${ARCH}"
+
+MULTILIB_ABIS="amd64"
diff --git a/profiles/hardened/linux/13.0/amd64/no-multilib/package.mask b/profiles/hardened/linux/13.0/amd64/no-multilib/package.mask
new file mode 100644
index 000000000000..5a261937c252
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/no-multilib/package.mask
@@ -0,0 +1,14 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/amd64/no-multilib/package.mask,v 1.1 2013/02/09 18:32:24 blueness Exp $
+
+# These are broken as reported by Halcy0n, Aug, 23, 2011
+games-action/shadowgrounds-bin
+games-action/shadowgrounds-survivor-bin
+
+# needs x86-compat
+media-sound/aucdtect
+
+# 32bit only
+dev-lang/rebol-bin
+dev-lang/rebol
diff --git a/profiles/hardened/linux/13.0/amd64/no-multilib/package.use.mask b/profiles/hardened/linux/13.0/amd64/no-multilib/package.use.mask
new file mode 100644
index 000000000000..67b581d07a8d
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/no-multilib/package.use.mask
@@ -0,0 +1,6 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/amd64/no-multilib/package.use.mask,v 1.1 2013/02/09 18:32:24 blueness Exp $
+
+# Intel Integrated Primitive (sci-libs/ipp) support
+media-libs/opencv ipp
diff --git a/profiles/hardened/linux/13.0/amd64/no-multilib/parent b/profiles/hardened/linux/13.0/amd64/no-multilib/parent
new file mode 100644
index 000000000000..52bcba73e7a5
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/no-multilib/parent
@@ -0,0 +1,2 @@
+..
+../../../../../features/64bit-native
diff --git a/profiles/hardened/linux/13.0/amd64/no-multilib/selinux/parent b/profiles/hardened/linux/13.0/amd64/no-multilib/selinux/parent
new file mode 100644
index 000000000000..2190e9797eaa
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/no-multilib/selinux/parent
@@ -0,0 +1,2 @@
+..
+../../../../../../features/selinux
diff --git a/profiles/hardened/linux/13.0/amd64/no-multilib/use.mask b/profiles/hardened/linux/13.0/amd64/no-multilib/use.mask
new file mode 100644
index 000000000000..3bc9a1fedb92
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/no-multilib/use.mask
@@ -0,0 +1,7 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/amd64/no-multilib/use.mask,v 1.1 2013/02/09 18:32:24 blueness Exp $
+
+# Matt Turner <mattst88@gentoo.org) (10 Feb 2012)
+# mask d3d since wine is 32-bit
+d3d
diff --git a/profiles/hardened/linux/13.0/amd64/package.mask b/profiles/hardened/linux/13.0/amd64/package.mask
new file mode 100644
index 000000000000..6e50ecf2438a
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/package.mask
@@ -0,0 +1,15 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/amd64/package.mask,v 1.1 2013/02/09 18:32:23 blueness Exp $
+
+# Magnus Granberg <zorry@gentoo.org> (20 Nov 2012)
+# Newer then 300.00 is patched but we still have RWX in the libs.
+# We mask X for we still need to make the doc for revdep-pax else
+# hell will rule.
+# Bug 433121
+<=x11-drivers/nvidia-drivers-300.00
+#media-video/nvidia-settings
+#dev-util/nvidia-cuda-sdk
+
+# Depends on x11-drivers/nvidia-drivers
+#dev-python/pyopencl
diff --git a/profiles/hardened/linux/13.0/amd64/package.use b/profiles/hardened/linux/13.0/amd64/package.use
new file mode 100644
index 000000000000..b5a9adf4ce6e
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/package.use
@@ -0,0 +1,19 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/amd64/package.use,v 1.1 2013/02/09 18:32:23 blueness Exp $
+
+# Magnus Granberg <zorry@gentoo.org> (06 Mar 2011)
+# We will have pic enable on older package but not
+# new one. This will be removed when newer get
+# stable and older package is not in portage tree 
+# any longer. Tracker bug #348050
+<media-libs/mesa-7.10.1 pic
+<media-libs/xvid-1.3.0 pic
+<dev-lang/php-5.3.5-r1 pic
+
+# Magnus Grenberg <zorry@gentoo.org> (17 Mar 2011)
+# Bug 358929 the pic flag need to be on don't know way.
+# Anthony Basile <blueness@gentoo.org>
+# Bug 348050 comment 5 - fixed mispelling
+app-emulation/open-vm-tools pic
+
diff --git a/profiles/hardened/linux/13.0/amd64/package.use.mask b/profiles/hardened/linux/13.0/amd64/package.use.mask
new file mode 100644
index 000000000000..cd143588b125
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/package.use.mask
@@ -0,0 +1,31 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/amd64/package.use.mask,v 1.1 2013/02/09 18:32:23 blueness Exp $
+
+# When you add an entry to the top of this file, add your name, the date, and
+# an explanation of why something is getting masked. Please be extremely
+# careful not to commit atoms that are not valid, as it can cause large-scale
+# breakage, especially if it ends up in the daily snapshot.
+#
+## Example:
+##
+## # Dev E. Loper <developer@gentoo.org> (28 Jun 2012)
+## # Masking foo USE flag until we can get the
+## # foo stuff to work properly again (bug 12345)
+## =media-video/mplayer-0.90_pre5 foo
+## =media-video/mplayer-0.90_pre5-r1 foo
+
+# Kacper Kowalik <xarthisius@gentoo.org> (29 Jul 2011)
+# mask assembler as it currently doesn't work
+dev-lang/path64 assembler
+
+# Magnus Granberg <zorry@gentoo.org> (20 Nov 2012)
+# mask X for we still mis the docs for revdep-pax
+# else hell will rule. (RWX in the libs)
+# Bug 433121
+# also mask tools as it requires X -zerochaos
+x11-drivers/nvidia-drivers X tools
+
+# Magnus Granberg <zorry@gentoo.org> (29 Nov 2012)
+# Bug #444786 disable nvidia on app-admin/conky
+app-admin/conky nvidia
diff --git a/profiles/hardened/linux/13.0/amd64/parent b/profiles/hardened/linux/13.0/amd64/parent
new file mode 100644
index 000000000000..33dcf172de43
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/parent
@@ -0,0 +1,4 @@
+../../../../base
+../../../../default/linux
+../../../../arch/amd64
+..
diff --git a/profiles/hardened/linux/13.0/amd64/selinux/parent b/profiles/hardened/linux/13.0/amd64/selinux/parent
new file mode 100644
index 000000000000..933e67923d1a
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/selinux/parent
@@ -0,0 +1,2 @@
+..
+../../../../../features/selinux
diff --git a/profiles/hardened/linux/13.0/amd64/use.mask b/profiles/hardened/linux/13.0/amd64/use.mask
new file mode 100644
index 000000000000..7082e713502b
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/use.mask
@@ -0,0 +1,11 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/amd64/use.mask,v 1.1 2013/02/09 18:32:23 blueness Exp $
+
+# Rick Farina <zerochaos@gentoo.org> 26 Nov 2012
+video_cards_nvidia
+# removing mask on nvidia use flag as it is used by monitoring tools
+# which may be desireable for cuda users
+#nvidia
+# adjusting use flag mask as nvidia-drivers are usable for cuda at least
+#cuda
diff --git a/profiles/hardened/linux/13.0/amd64/x32/make.defaults b/profiles/hardened/linux/13.0/amd64/x32/make.defaults
new file mode 100644
index 000000000000..14bdfb652c9a
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/x32/make.defaults
@@ -0,0 +1,5 @@
+# Copyright 1999-2013 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/amd64/x32/make.defaults,v 1.1 2013/02/09 18:32:24 blueness Exp $
+
+CHOST="x86_64-pc-linux-gnux32"
diff --git a/profiles/hardened/linux/13.0/amd64/x32/parent b/profiles/hardened/linux/13.0/amd64/x32/parent
new file mode 100644
index 000000000000..318c9a0e99ca
--- /dev/null
+++ b/profiles/hardened/linux/13.0/amd64/x32/parent
@@ -0,0 +1,3 @@
+..
+../../../../../features/multilib/
+../../../../../arch/amd64/x32/
diff --git a/profiles/hardened/linux/13.0/make.defaults b/profiles/hardened/linux/13.0/make.defaults
new file mode 100644
index 000000000000..d4b86f593245
--- /dev/null
+++ b/profiles/hardened/linux/13.0/make.defaults
@@ -0,0 +1,9 @@
+# Copyright 1999-2013 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/make.defaults,v 1.1 2013/02/09 18:32:23 blueness Exp $
+
+# Jorge Manuel B. S. Vicetto <jmbsvicetto@gentoo.org> (16 Nov 2011)
+# Rename STAGE1_USE to BOOTSTRAP_USE and stack it to the parent value
+BOOTSTRAP_USE="${BOOTSTRAP_USE} hardened pax_kernel pic -jit -orc"
+
+USE="-fortran hardened -jit pax_kernel pic urandom -orc"
diff --git a/profiles/hardened/linux/13.0/package.mask b/profiles/hardened/linux/13.0/package.mask
new file mode 100644
index 000000000000..b3484086e610
--- /dev/null
+++ b/profiles/hardened/linux/13.0/package.mask
@@ -0,0 +1,29 @@
+# Copyright 1999-2013 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/package.mask,v 1.1 2013/02/09 18:32:23 blueness Exp $
+
+# Hardened versions of gcc-4.0* through gcc-4.2* are not available.
+=sys-devel/gcc-4.0*
+=sys-devel/gcc-4.1*
+=sys-devel/gcc-4.2*
+
+# Hardened >=sys-devel/gcc-4.4.3-r3 >=gcc-4.4.4-r1 available.
+=sys-devel/gcc-4.4.2*
+
+# =sys-devel/gdb-7.0 is not hardened-ready according to xake & Zorry.
+# sys-devel/gdb-7.1 works fine
+# 2010-03-26 zorry
+=sys-devel/gdb-7.0*
+
+# Can't be used on hardened. See upstream,
+# http://developer.skype.com/jira/browse/SCL-616
+media-sound/skype-call-recorder
+net-im/skype
+net-im/skypetab-ng
+dev-python/skype4py
+
+# >=sci-libs/acml-3.6 requires gcc-4.2.
+>=sci-libs/acml-3.6
+
+# broken on hardened, use sys-apps/elfix to fix gnustack
+sys-devel/prelink
diff --git a/profiles/hardened/linux/13.0/package.use.force b/profiles/hardened/linux/13.0/package.use.force
new file mode 100644
index 000000000000..ee89115b828f
--- /dev/null
+++ b/profiles/hardened/linux/13.0/package.use.force
@@ -0,0 +1,7 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/package.use.force,v 1.1 2013/02/09 18:32:23 blueness Exp $
+
+# Kacper Kowalik <xarthisius@gentoo.org> (24 Aug 2011)
+# Force hardened flag to make repoman happy
+app-emulation/wine hardened
diff --git a/profiles/hardened/linux/13.0/package.use.mask b/profiles/hardened/linux/13.0/package.use.mask
new file mode 100644
index 000000000000..95f9a9e84fdf
--- /dev/null
+++ b/profiles/hardened/linux/13.0/package.use.mask
@@ -0,0 +1,12 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/package.use.mask,v 1.1 2013/02/09 18:32:23 blueness Exp $
+
+sys-devel/gcc -hardened
+sys-libs/glibc -hardened
+
+# bug 407689
+media-tv/xbmc profile
+
+# Have no way to disable jit in esr release.
+=www-client/firefox-10* pgo
diff --git a/profiles/hardened/linux/13.0/packages b/profiles/hardened/linux/13.0/packages
new file mode 100644
index 000000000000..6bc96ea9d2b8
--- /dev/null
+++ b/profiles/hardened/linux/13.0/packages
@@ -0,0 +1,7 @@
+# Copyright 1999-2013 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/packages,v 1.1 2013/02/09 18:32:23 blueness Exp $
+
+# This file extends the base packages file for all hardened profiles
+
+*sys-apps/paxctl
diff --git a/profiles/hardened/linux/13.0/parent b/profiles/hardened/linux/13.0/parent
new file mode 100644
index 000000000000..a1a92de4fc97
--- /dev/null
+++ b/profiles/hardened/linux/13.0/parent
@@ -0,0 +1 @@
+../../../releases/13.0
diff --git a/profiles/hardened/linux/13.0/use.mask b/profiles/hardened/linux/13.0/use.mask
new file mode 100644
index 000000000000..b14e7644e0a1
--- /dev/null
+++ b/profiles/hardened/linux/13.0/use.mask
@@ -0,0 +1,16 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/use.mask,v 1.1 2013/02/09 18:32:23 blueness Exp $
+
+-hardened
+
+emul-linux-x86
+
+# tcc is x86-only
+tcc
+
+# precompiled headers are not compat with ASLR.
+pch
+
+# prelink is masked for hardened
+prelink
diff --git a/profiles/hardened/linux/13.0/x86/make.defaults b/profiles/hardened/linux/13.0/x86/make.defaults
new file mode 100644
index 000000000000..520ec05f8977
--- /dev/null
+++ b/profiles/hardened/linux/13.0/x86/make.defaults
@@ -0,0 +1,27 @@
+# Copyright 1999-2013 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/x86/make.defaults,v 1.1 2013/02/09 18:32:24 blueness Exp $
+
+ARCH="x86"
+ACCEPT_KEYWORDS="x86"
+
+CHOST="i686-pc-linux-gnu"
+CFLAGS="-march=i686 -O2 -pipe"
+CXXFLAGS="${CFLAGS}"
+FFLAGS="${CFLAGS}"
+FCFLAGS="${CFLAGS}"
+
+USE="nptl"
+
+# 2006/08/18 - Donnie Berkholz <dberkholz@gentoo.org>
+# Defaults for video drivers
+VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 intel \
+	mach64 mga nsc nv r128 radeon rendition s3 s3virge savage \
+	siliconmotion sis sisusb tdfx tga trident tseng v4l vesa via vmware \
+	voodoo"
+
+# 2006/12/21 - Andrej Kacian <ticho@gentoo.org>
+# Defaults for audio drivers
+ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 \
+	emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m \
+	maestro3 trident usb-audio via82xx via82xx-modem ymfpci"
diff --git a/profiles/hardened/linux/13.0/x86/package.mask b/profiles/hardened/linux/13.0/x86/package.mask
new file mode 100644
index 000000000000..5c368d67d6d4
--- /dev/null
+++ b/profiles/hardened/linux/13.0/x86/package.mask
@@ -0,0 +1,15 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/x86/package.mask,v 1.1 2013/02/09 18:32:24 blueness Exp $
+
+# Rick Farina <zerochaos@gentoo.org> (26 Nov 2012)
+# Newer then 300.00 is patched but we still have RWX in the libs.
+# We mask X for we still need to make the doc for revdep-pax else
+# hell will rule. Propogating change from amd64.
+# Bug 433121
+<=x11-drivers/nvidia-drivers-300.00
+#media-video/nvidia-settings
+#dev-util/nvidia-cuda-sdk
+
+# Depends on x11-drivers/nvidia-drivers
+#dev-python/pyopencl
diff --git a/profiles/hardened/linux/13.0/x86/package.use.mask b/profiles/hardened/linux/13.0/x86/package.use.mask
new file mode 100644
index 000000000000..f1a9ceb0bd52
--- /dev/null
+++ b/profiles/hardened/linux/13.0/x86/package.use.mask
@@ -0,0 +1,17 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/x86/package.use.mask,v 1.1 2013/02/09 18:32:24 blueness Exp $
+
+# cyrus-sasl doesn't work w/ USE=berkdb (#192753)
+dev-libs/cyrus-sasl berkdb
+
+# Rick Farina <zerochaos@gentoo.org> (26 Nov 2012)
+# mask X and tools for we still miss the docs for revdep-pax
+# else hell will rule. (RWX in the libs)
+# Propogating changes from amd64.
+# Bug 433121
+x11-drivers/nvidia-drivers X tools
+
+# Magnus Granberg <zorry@gentoo.org> (29 Nov 2012)
+# Bug #444786 disable nvidia on app-admin/conky 
+app-admin/conky nvidia
diff --git a/profiles/hardened/linux/13.0/x86/parent b/profiles/hardened/linux/13.0/x86/parent
new file mode 100644
index 000000000000..4b1f003bab03
--- /dev/null
+++ b/profiles/hardened/linux/13.0/x86/parent
@@ -0,0 +1,4 @@
+../../../../base
+../../../../default/linux
+../../../../arch/x86
+..
diff --git a/profiles/hardened/linux/13.0/x86/selinux/parent b/profiles/hardened/linux/13.0/x86/selinux/parent
new file mode 100644
index 000000000000..933e67923d1a
--- /dev/null
+++ b/profiles/hardened/linux/13.0/x86/selinux/parent
@@ -0,0 +1,2 @@
+..
+../../../../../features/selinux
diff --git a/profiles/hardened/linux/13.0/x86/use.mask b/profiles/hardened/linux/13.0/x86/use.mask
new file mode 100644
index 000000000000..910158aace3c
--- /dev/null
+++ b/profiles/hardened/linux/13.0/x86/use.mask
@@ -0,0 +1,11 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/13.0/x86/use.mask,v 1.1 2013/02/09 18:32:24 blueness Exp $
+
+# Rick Farina <zerochaos@gentoo.org> 26 Nov 2012          
+video_cards_nvidia
+# removing mask on nvidia use flag as it is used by monitoring tools
+# which may be desireable for cuda users
+#nvidia
+# adjusting use flag mask as nvidia-drivers are usable for cuda at least
+#cuda