diff options
author | Chris PeBenito <pebenito@gentoo.org> | 2006-10-08 18:37:25 +0000 |
---|---|---|
committer | Chris PeBenito <pebenito@gentoo.org> | 2006-10-08 18:37:25 +0000 |
commit | c467d80471e6c62e22647391ac78dbb58e38773b (patch) | |
tree | 1a67cacc80caa44c8d8f062d0088a2bdb1aca922 /profiles | |
parent | merge into toolchain (diff) | |
download | gentoo-2-c467d80471e6c62e22647391ac78dbb58e38773b.tar.gz gentoo-2-c467d80471e6c62e22647391ac78dbb58e38773b.tar.bz2 gentoo-2-c467d80471e6c62e22647391ac78dbb58e38773b.zip |
add a pile of new selinux profiles
Diffstat (limited to 'profiles')
73 files changed, 1773 insertions, 73 deletions
diff --git a/profiles/profiles.desc b/profiles/profiles.desc index 82abb368d208..ffe2f3c5027b 100644 --- a/profiles/profiles.desc +++ b/profiles/profiles.desc @@ -116,6 +116,22 @@ ppc64 hardened/ppc64 dev x86 hardened/x86 stable x86 hardened/x86/2.6 stable +# selinux profiles +alpha selinux/2005.1/alpha stable +amd64 selinux/2005.1/amd64 stable +mips selinux/2005.1/mips stable +ppc selinux/2005.1/ppc stable +sparc selinux/2005.1/sparc64 stable +x86 selinux/2005.1/x86 stable +x86 selinux/2005.1/x86/hardened stable +alpha selinux/alpha/2006.1 dev +amd64 selinux/amd64/2006.1 dev +mips selinux/mips/mips64/2006.1 dev +ppc selinux/ppc/ppc32/2006.1/G3 dev +ppc selinux/ppc/ppc32/2006.1/G4 dev +sparc selinux/sparc/sparc64/2006.1 dev +x86 selinux/x86/2006.1 dev + # uclibc/embedded multiarch profiles #amd64 uclibc/amd64 dev #arm uclibc/arm dev diff --git a/profiles/selinux/2005.1/make.defaults b/profiles/selinux/2005.1/make.defaults new file mode 100644 index 000000000000..e6406f345a88 --- /dev/null +++ b/profiles/selinux/2005.1/make.defaults @@ -0,0 +1,11 @@ +# Copyright 2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2005.1/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +USE="berkdb crypt ncurses pam python readline selinux ssl zlib" +STAGE1_USE="selinux" +GRP_STAGE23_USE="berkdb crypt ncurses pam python readline selinux ssl zlib" + +FEATURES="autoconfig strict sfperms" + +PORTAGE_T="portage_t" diff --git a/profiles/selinux/2005.1/package.mask b/profiles/selinux/2005.1/package.mask index 55983eb1697d..51e9353d0a2d 100644 --- a/profiles/selinux/2005.1/package.mask +++ b/profiles/selinux/2005.1/package.mask @@ -1,10 +1,57 @@ -# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2005.1/package.mask,v 1.2 2006/10/05 06:16:34 pebenito Exp $ +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2005.1/package.mask,v 1.3 2006/10/08 18:37:25 pebenito Exp $ # Chris PeBenito <pebenito@gentoo.org> (19 Mar 2006) # Requires a new profile ->=sec-policy/selinux-base-policy-20060101 >=sys-libs/libsepol-1.12.28 >=sys-libs/libselinux-1.30.29 >=sys-libs/libsemanage-1.6.17 >=sys-apps/policycoreutils-1.30.30 >=sys-apps/checkpolicy-1.30.12 +>=sec-policy/selinux-apache-20060101 +>=sec-policy/selinux-arpwatch-20060101 +>=sec-policy/selinux-asterisk-20060101 +>=sec-policy/selinux-audio-entropyd-20060101 +>=sec-policy/selinux-base-policy-20060101 +>=sec-policy/selinux-bind-20060101 +>=sec-policy/selinux-clamav-20060101 +>=sec-policy/selinux-clockspeed-20060101 +>=sec-policy/selinux-courier-imap-20060101 +>=sec-policy/selinux-cyrus-sasl-20060101 +>=sec-policy/selinux-daemontools-20060101 +>=sec-policy/selinux-dante-20060101 +>=sec-policy/selinux-dhcp-20060101 +>=sec-policy/selinux-distcc-20060101 +>=sec-policy/selinux-djbdns-20060101 +>=sec-policy/selinux-ftpd-20060101 +>=sec-policy/selinux-gnupg-20060101 +>=sec-policy/selinux-gpm-20060101 +>=sec-policy/selinux-ipsec-tools-20060101 +>=sec-policy/selinux-jabber-server-20060101 +>=sec-policy/selinux-kerberos-20060101 +>=sec-policy/selinux-logrotate-20060101 +>=sec-policy/selinux-lvm-20060101 +>=sec-policy/selinux-mdadm-20060101 +>=sec-policy/selinux-mysql-20060101 +>=sec-policy/selinux-nfs-20060101 +>=sec-policy/selinux-ntop-20060101 +>=sec-policy/selinux-ntp-20060101 +>=sec-policy/selinux-openldap-20060101 +>=sec-policy/selinux-openvpn-20060101 +>=sec-policy/selinux-portmap-20060101 +>=sec-policy/selinux-postfix-20060101 +>=sec-policy/selinux-postgresql-20060101 +>=sec-policy/selinux-privoxy-20060101 +>=sec-policy/selinux-procmail-20060101 +>=sec-policy/selinux-publicfile-20060101 +>=sec-policy/selinux-qmail-20060101 +>=sec-policy/selinux-samba-20060101 +>=sec-policy/selinux-screen-20060101 +>=sec-policy/selinux-snmpd-20060101 +>=sec-policy/selinux-snort-20060101 +>=sec-policy/selinux-spamassassin-20060101 +>=sec-policy/selinux-squid-20060101 +>=sec-policy/selinux-stunnel-20060101 +>=sec-policy/selinux-sudo-20060101 +>=sec-policy/selinux-tftpd-20060101 +>=sec-policy/selinux-ucspi-tcp-20060101 +>=sec-policy/selinux-wireshark-20060101 diff --git a/profiles/selinux/alpha/2006.1/make.defaults b/profiles/selinux/alpha/2006.1/make.defaults new file mode 100644 index 000000000000..e6bf241473ae --- /dev/null +++ b/profiles/selinux/alpha/2006.1/make.defaults @@ -0,0 +1,9 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/alpha/2006.1/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# This is currently commented so that the stage1 tarball can also be used to +# build no-nptl systems. +#STAGE1_USE="nptl" + +USE="alsa apache2 arts avi bitmap-fonts cups eds encode esd fortran foomaticdb gdbm gif gnome gpm gstreamer gtk gtk2 imlib jpeg kde libg++ libwww mad mikmod motif mp3 mpeg nptl nptlonly ogg opengl oss pdflib png qt qt3 qt4 quicktime sdl spell truetype truetype-fonts type1-fonts udev vorbis X xml xmms xv" diff --git a/profiles/selinux/alpha/2006.1/packages b/profiles/selinux/alpha/2006.1/packages new file mode 100644 index 000000000000..87454ca1d51e --- /dev/null +++ b/profiles/selinux/alpha/2006.1/packages @@ -0,0 +1,17 @@ +# Copyright 2001-2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/alpha/2006.1/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# For instructions on how this file works (as an inclusion mask, primarily), +# please refer to ${PORTDIR}/profiles/base/packages + +# Use this file to lock down specific versions of packages ONLY TO THIS +# SPECIFIC PROFILE! + +# You can also add files to the base system itself if you prefix them with a +# * + +>=sys-apps/baselayout-1.11.12-r4 +>=sys-devel/binutils-2.15.90.0.3-r4 +>=sys-devel/gcc-3.3.4-r1 +>=sys-libs/glibc-2.3.3.20040420-r1 diff --git a/profiles/selinux/alpha/2006.1/parent b/profiles/selinux/alpha/2006.1/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/alpha/2006.1/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/alpha/make.defaults b/profiles/selinux/alpha/make.defaults new file mode 100644 index 000000000000..a3bfb6a4525c --- /dev/null +++ b/profiles/selinux/alpha/make.defaults @@ -0,0 +1,14 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/alpha/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +ARCH="alpha" +ACCEPT_KEYWORDS="alpha" + +CHOST="alpha-unknown-linux-gnu" +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" + +FEATURES="sandbox sfperms" + +USE="berkdb crypt ipv6 ncurses nls pam python readline ssl tcpd zlib" diff --git a/profiles/selinux/alpha/package.mask b/profiles/selinux/alpha/package.mask new file mode 100644 index 000000000000..e4c5c1d003e5 --- /dev/null +++ b/profiles/selinux/alpha/package.mask @@ -0,0 +1,19 @@ +# Jose Luis Rivero <yoswink@gentoo.org> (7 Jul 2006) +# Masked by lost of virtual java/{jdk,jre} providers see Bug #138747 +# also compaq java is dead upstream and buggy: Bug #84306, and others. +dev-java/compaq-jdk +dev-java/compaq-jre +app-arch/dczip +app-misc/jitac +app-misc/openjnlp +dev-tex/ppower4 +net-p2p/xnap +dev-util/jarwizard + +# Thomas Cort <tcort@gentoo.org> (10 Jun 2006) +# Masked for security Bug #134792 ; latest version broken +net-p2p/amule + +# Thomas Cort <tcort@gentoo.org> (02 Jun 2006) +# Masked for security Bug #130888 ; all other versions are broken, Bug #131359. +mail-client/mozilla-thunderbird diff --git a/profiles/selinux/alpha/packages b/profiles/selinux/alpha/packages new file mode 100644 index 000000000000..8072fcb60054 --- /dev/null +++ b/profiles/selinux/alpha/packages @@ -0,0 +1,29 @@ +# Copyright 2001-2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/alpha/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# For instructions on how this file works (as an inclusion mask, primarily), +# please refer to ${PORTDIR}/profiles/base/packages + +# Use this file to lock down specific versions of packages ONLY TO THIS +# SPECIFIC ARCHITECTURE!! + +# You can also add files to the base system itself if you prefix them with a +# * + +>=sys-devel/binutils-2.13.90.0.4 +>=sys-devel/gcc-3.2 +>=sys-libs/glibc-2.2.5-r7 + +############################################################################## +# SELinux required versionings + +>=sys-libs/libsepol-1.12.28 +>=sys-libs/libselinux-1.30.29 +>=sys-libs/libsemanage-1.6.17 +>=sys-apps/policycoreutils-1.30.30 +>=sys-apps/checkpolicy-1.30.12 + +>=sec-policy/selinux-base-policy-20060101 + +############################################################################## diff --git a/profiles/selinux/alpha/parent b/profiles/selinux/alpha/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/alpha/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/alpha/use.mask b/profiles/selinux/alpha/use.mask new file mode 100644 index 000000000000..824a49d458fe --- /dev/null +++ b/profiles/selinux/alpha/use.mask @@ -0,0 +1,157 @@ +# Copyright 2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/alpha/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# This file masks out USE flags that are simply NOT allowed in the default +# profile for any architecture. This works, for example, if a non-default +# profile (such as the selinux profiles) have a USE flag associated with +# them. + +# These are debatable, since technically an alpha could support this hardware +pcmcia +3dfx + +# avifile is broken atm +avi + +# No hardware to test (unmask when tested) +pda +upnp + +# No apm support on alpha +apm + +# alpha doesn't have java support other than compaq-j*, which isn't a +# current version. must mask this to keep things sane +java +java-internal +java-external + +# firebird appears to be x86-only (the db, not the browser) +firebird + +# tcc is x86-only +tcc + +# I don't think that openafs really works on other architectures, +# despite some internal Gentoo efforts (mine) to port it +afs + +# see email to gentoo-dev with subject "use.mask and PHP5's crazy IUSE" +# Dated Sat, 31 Jul 2004 14:49:28 -0700, from robbat2@gentoo.org +# all of these are binary-only, and not presently available on this +# architecture. +adabas +birdstep +cpdflib +db2 +dbmaker +empress +empress-bcs +esoob +filepro +frontbase +hyperwave +informix +ingres +oracle7 +oci8 +pfpro +solid +sybase +sybase-ct + +hardened +hal +howl +jack +freetts +djbfft +lm_sensors + +gnustep + +emboss + +# Mask vpopmail until net-mail/vpopmail goes out of package.mask +vpopmail + +# Mask pyste until gccxml / elementtree work on alpha +pyste + +# Mask mono until ported to alpha +mono + +# RDEPEND on mono +beagle + +# can't test wireless currently +wifi + +# dbus is not currently supported by alpha +dbus +dmi + +# apache segfaults when using mpm-peruser (bug 105778) +mpm-peruser + +pike + +fdftk + +timidity + +# We don't have any virtual/mpi (bug 111807) +mpi + +# masks required for asterisk +bri +pri +zaptel + +# Modular X: mask non-alpha cards +video_cards_apm +video_cards_ark +video_cards_chips +video_cards_cyrix +video_cards_i128 +video_cards_i740 +video_cards_i810 +video_cards_imstt +video_cards_neomagic +video_cards_newport +video_cards_nsc +video_cards_sis +video_cards_trident +video_cards_tseng +video_cards_vesa +video_cards_via + +# Needed for vim-7 +mzscheme +netbeans + +# No go in Alpha +nvtv + +# dspam and dspam-web use this one +# We've never supported cyrus-imapd because nobody asked for +cyrus + +# Masked until firefox is removed from package.mask +# See security Bug #135254 ; all other versions are broken, Bug #128777. +firefox + +# Masked until qt4 is keyworded, see Bug #128411 (re-keyword poppler-bindings) +# Remove once Bug #112811 (keyword qt4) is resolved +qt4 + +# Masked until bmpx works and is re-keyworded, see Bug #111975 +bmpx + +# Paludis-0.6's QA tools need pcre++ which doesn't yet work +qa + +# disable until tested +# # bug 148402 +pcsc-lite diff --git a/profiles/selinux/alpha/virtuals b/profiles/selinux/alpha/virtuals new file mode 100644 index 000000000000..84b7b6246633 --- /dev/null +++ b/profiles/selinux/alpha/virtuals @@ -0,0 +1,7 @@ +# Copyright 2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/alpha/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +virtual/alsa sys-kernel/vanilla-sources +virtual/bootloader sys-boot/aboot +virtual/linux-sources sys-kernel/vanilla-sources diff --git a/profiles/selinux/amd64/2006.1/make.defaults b/profiles/selinux/amd64/2006.1/make.defaults new file mode 100644 index 000000000000..8eeb44b948c8 --- /dev/null +++ b/profiles/selinux/amd64/2006.1/make.defaults @@ -0,0 +1,13 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/amd64/2006.1/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +ABI=amd64 + +# Catalyst specific settings: +# This will be commented and replaced with just STAGE1_USE="unicode" if we do +# not end up with a stable glibc 2.4 by 2006.1's release. +STAGE1_USE="nptl nptlonly unicode" + +# General 2006.1 profile settings +USE="berkdb crypt ipv6 ncurses nls nptl nptlonly pam python readline ssl tcpd udev zlib" diff --git a/profiles/selinux/amd64/2006.1/packages b/profiles/selinux/amd64/2006.1/packages new file mode 100644 index 000000000000..3c96a25e5b59 --- /dev/null +++ b/profiles/selinux/amd64/2006.1/packages @@ -0,0 +1,17 @@ +# Copyright 2001-2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/amd64/2006.1/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# For instructions on how this file works (as an inclusion mask, primarily), +# please refer to ${PORTDIR}/profiles/base/packages + +# Use this file to lock down specific versions of packages ONLY TO THIS +# SPECIFIC PROFILE! + +# You can also add files to the base system itself if you prefix them with a +# * + +>=sys-apps/baselayout-1.11.12-r4 +>=sys-devel/binutils-2.15.90.0.3-r4 +>=sys-devel/gcc-3.3.4-r1 +>=sys-libs/glibc-2.3.3.20040420-r1 diff --git a/profiles/selinux/amd64/2006.1/parent b/profiles/selinux/amd64/2006.1/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/amd64/2006.1/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/amd64/make.defaults b/profiles/selinux/amd64/make.defaults new file mode 100644 index 000000000000..d15e6c4ed71b --- /dev/null +++ b/profiles/selinux/amd64/make.defaults @@ -0,0 +1,40 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/amd64/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +ARCH="amd64" +ACCEPT_KEYWORDS="${ARCH}" + +CHOST="x86_64-pc-linux-gnu" +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" + +FEATURES="sandbox sfperms" + +USE="berkdb crypt ipv6 ncurses nls pam python readline ssl tcpd zlib" + +# 2006/06/07 - Danny van Dyk <kugelfang@gentoo.org> +# Multilib settings for all amd64 subprofiles. +MULTILIB_ABIS="amd64 x86" +DEFAULT_ABI="amd64" + +# 64bit specific settings. +CHOST_amd64="x86_64-pc-linux-gnu" +CDEFINE_amd64="__x86_64__" +LIBDIR_amd64="lib64" + +# 32bit specific settings. +CFLAGS_x86="-m32 -L/emul/linux/x86/lib -L/emul/linux/x86/usr/lib" +LDFLAGS_x86="-m elf_i386 -L/emul/linux/x86/lib -L/emul/linux/x86/usr/lib" +ASFLAGS_x86="--32" +CHOST_x86="i686-pc-linux-gnu" +CDEFINE_x86="__i386__" +LIBDIR_x86="lib32" + +# FEATURES="multilib-strict" specific settings. +MULTILIB_STRICT_DIRS="/lib /usr/lib /usr/kde/*/lib /usr/qt/*/lib /usr/X11R6/lib" +MULTILIB_STRICT_DENY="64-bit.*shared object" +MULTILIB_STRICT_EXEMPT="(perl5|gcc|gcc-lib|binutils|eclipse-3|debug|portage)" + +# Let sys-apps/baselayout create the lib symlink. +SYMLINK_LIB="yes" diff --git a/profiles/selinux/amd64/package.mask b/profiles/selinux/amd64/package.mask new file mode 100644 index 000000000000..b3e9d9c6fff0 --- /dev/null +++ b/profiles/selinux/amd64/package.mask @@ -0,0 +1,10 @@ +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/amd64/package.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# 2005.0 Jeremy Huddleston <eradicator@gentoo.org> +# This is a stub file 'cause glibc provides 32bit libs on newer profiles +=app-emulation/emul-linux-x86-glibc-1000 + +# 2005/10/24 Simon Stelling <blubb@gentoo.org> +# Don't even try to compile openoffice-2.x, it won't work. +>=app-office/openoffice-2.0.0 + diff --git a/profiles/selinux/amd64/packages b/profiles/selinux/amd64/packages new file mode 100644 index 000000000000..ff96019422ae --- /dev/null +++ b/profiles/selinux/amd64/packages @@ -0,0 +1,18 @@ +*sys-apps/setarch + +############################################################################## +# SELinux required versionings + +>=sys-libs/libsepol-1.12.28 +>=sys-libs/libselinux-1.30.29 +>=sys-libs/libsemanage-1.6.17 +>=sys-apps/policycoreutils-1.30.30 +>=sys-apps/checkpolicy-1.30.12 + +>=sec-policy/selinux-base-policy-20060101 + +# Critical xattr fixes: +>=sys-boot/grub-0.94 +>=sys-boot/grub-static-0.94 + +############################################################################## diff --git a/profiles/selinux/amd64/parent b/profiles/selinux/amd64/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/amd64/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/amd64/profile.bashrc b/profiles/selinux/amd64/profile.bashrc new file mode 100644 index 000000000000..e30b428eee1d --- /dev/null +++ b/profiles/selinux/amd64/profile.bashrc @@ -0,0 +1,93 @@ +BAD_FLAGS=( "-fvisibility=hidden" "-fvisibility-hidden" "-fvisibility-inlines-hidden" "-fPIC" "-fpic" "-m32" "-m64" "-g3" "-ggdb3" "-ffast-math" ) + +getPROG() { + local var=$1 prog=$2 + + if [[ -n ${!var} ]] ; then + echo "${!var}" + return 0 + fi + + local search= + [[ -n $3 ]] && search=$(type -p "$3-${prog}") + [[ -z ${search} && -n ${CHOST} ]] && search=$(type -p "${CHOST}-${prog}") + [[ -n ${search} ]] && prog=${search##*/} + + export ${var}=${prog} + echo "${!var}" +} + +get_broken_flags() { + local myprog="${1}" lang="${2}" + shift 2 + + # this finds general broken flags, such as -02 or bogus -f flags + echo 'main(){}' | LC_ALL=C ${myprog} ${@} -x ${lang} -o /dev/null - 2>&1 | \ + egrep "unrecognized .*option" | \ + egrep -o -- '('\''|\"|`)-.*' | \ + sed -r 's/('\''|`|")//g; s/^/"/; s/$/"/' + + # this will find bogus debug output types, such as -gfoobar + echo 'main(){}' | LC_ALL=C ${myprog} ${@} -x ${lang} -o /dev/null - 2>&1 | \ + egrep "unrecognised debug output" | \ + egrep -o -- '('\''|\"|`).*' | \ + sed -r 's/('\''|`|")//g; s/^/"-g/; s/$/"/' +} + +remove_flag() { + local remove="${1}" + shift + + while [[ "${1}" ]]; do + [[ "${1}" != "${remove}" ]] && echo -n "${1} " + shift + done +} + +filter_invalid_flags() { + local flag broken_flags + + eval broken_flags=( $(get_broken_flags $(getPROG CC gcc) c ${CFLAGS}) ) + for flag in "${broken_flags[@]}"; do + ewarn "Filtering out invalid CFLAG \"${flag}\"" + CFLAGS="$(remove_flag "${flag}" ${CFLAGS})" + done + + eval broken_flags=( $(get_broken_flags $(getPROG CXX g++) c++ ${CXXFLAGS}) ) + for flag in "${broken_flags[@]}"; do + ewarn "Filtering out invalid CXXFLAG \"${flag}\"" + CXXFLAGS="$(remove_flag "${flag}" ${CXXFLAGS})" + done +} + +bashrc_has() { + [[ " ${*:2} " == *" $1 "* ]] +} + +if [[ ${EBUILD_PHASE} == "setup" ]]; then + + filter_invalid_flags + + unset trigger + + for flag in "${BAD_FLAGS[@]}"; do + if bashrc_has ${flag} ${CFLAGS}; then + trigger=1 + eerror "Your CFLAGS contains \"${flag}\" which can break packages." + fi + if bashrc_has ${flag} ${CXXFLAGS}; then + trigger=1 + eerror "Your CXXFLAGS contains \"${flag}\" which can break packages." + fi + done + if [[ ${trigger} ]]; then + eerror "" + eerror "Before you file a bug, please remove these flags and " + eerror "re-compile the package in question as well as all its dependencies" + sleep 5 + fi + + unset flag trigger +fi + +unset BAD_FLAGS diff --git a/profiles/selinux/amd64/use.mask b/profiles/selinux/amd64/use.mask new file mode 100644 index 000000000000..de6e8d7d4b14 --- /dev/null +++ b/profiles/selinux/amd64/use.mask @@ -0,0 +1,121 @@ +# Copyright 2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/amd64/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# SECTION: Unmask + +# 2006/06/07 - Danny van Dyk <kugelfang@gentoo.org> +# Profile cleanup: Unmask emul-linux-x86 +-emul-linux-x86 + +# 2005/09/14 - Diego Pettenò <flameeyes@gentoo.org> +# nVidia XvMC support works on amd64 +-nvidia + +# 2005/12/01 - Daniel Gryniewicz <dang@gentoo.org> +# There is now a kqemu that works and is stable on amd64 +-kqemu + +# 2006/03/03 - Luca Barbato <lu_zero@gentoo.org> +# codec support x264 +-x264 + +# 2006/01/28 - Donnie Berkholz <dberkholz@gentoo.org> +# Modular X: unmask for architectures on which they are available +-input_devices_synaptics +-input_devices_vmmouse +-input_devices_wacom +-video_cards_nvidia +-video_cards_fglrx +-video_cards_vmware + +# SECTION: Unavailable/Broken + +# 2006/09/05 - Tupone Alfredo <tupone@gentoo.org> +# doomsday ebuild is not available on this architecture +doomsday + +# 2006/06/07 - Danny van Dyk <kugelfang@gentoo.org> +# Profile cleanup: No info about these +afs +asm +drac +multitarget +tcc +vidix + +# 2006/06/07 - Danny van Dyk <kugelfang@gentoo.org> +# Masked due to bug #127328; prohibits DEPENDs on +# this flag makes media-gfx/inkscape dep on media-gfx/pstoedit +# which deps on libemf +plugin + +# 2006/02/05 - Donnie Berkholz <dberkholz@gentoo.org> +# Modular X: mask for architectures on which they aren't available +video_cards_i740 +video_cards_imstt +video_cards_newport +video_cards_nsc + +# 2005/09/19 - Olivier Fisette <ribosome@gentoo.org> +# cmucl is not available on amd64. Masking to keep "sci-mathematics/maxima" +# happy. +cmucl + +# 2005/08/28 - Simon Stelling <blubb@gentoo.org> +# sci-libs/cdf doesn't build +cdf + +# 2005/06/04 - Simon Stelling <blubb@gentoo.org> +# dev-util/xdelta doesn't work as expected by this use flag, it can only use +# xdelta-files made on a 64bit system +kdexdeltas + +# 2004/11/13 - Tom Martin <slarti@gentoo.org> +# dev-libs/mzscheme won't build, #65216 +mzscheme + +# 2004/10/06 - Jeremy Huddleston <eradicator@gentoo.org> +# sys-cluster/pvm won't build +pvm + +# 2004/06/22 - Taken from 2004.0 profile +# Firebird doesnt build on amd64 +firebird + +# 2004/06/22 - Taken from 2004.0 profile +# x86 binary only, used by php +fdftk + +# 2004/06/22 - Taken from 2004.0 profile +# masked +3dfx + +# NOT NECESSARY - SECTION + +# see email to gentoo-dev with subject "use.mask and PHP5's crazy IUSE" +# Dated Sat, 31 Jul 2004 14:49:28 -0700, from robbat2@gentoo.org +# all of these are binary-only, and not presently available on this +# architecture. +adabas +birdstep +cpdflib +dbmaker +empress +empress-bcs +esoob +filepro +frontbase +hyperwave +informix +ingres +pfpro +solid +sybase +sybase-ct + + +# new keyword zrtp related to +# net-libs/libzrtpcpp package +# masked pending testing - bug #149793 +zrtp diff --git a/profiles/selinux/amd64/virtuals b/profiles/selinux/amd64/virtuals new file mode 100644 index 000000000000..3bd4f2480fee --- /dev/null +++ b/profiles/selinux/amd64/virtuals @@ -0,0 +1,5 @@ +# Copyright 2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/amd64/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +virtual/bootloader sys-boot/grub diff --git a/profiles/selinux/make.defaults b/profiles/selinux/make.defaults index 58a17bf1be23..c200af1a4a39 100644 --- a/profiles/selinux/make.defaults +++ b/profiles/selinux/make.defaults @@ -1,14 +1,20 @@ # Copyright 1999-2004 Gentoo Foundation. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/make.defaults,v 1.2 2005/04/01 02:43:50 pebenito Exp $ +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/make.defaults,v 1.3 2006/10/08 18:37:25 pebenito Exp $ +# +# System-wide defaults for the Portage system +# See portage(5) manpage +# +# Please avoid enabling things by default in here if possible. Understand any +# implications with core packages. For example, if "java" is in USE and db +# has a conditional dependency on java (which it does,) then a JDK will be +# pulled in during *emerge system*! -USE="berkdb crypt ncurses pam python readline selinux ssl zlib" -STAGE1_USE="selinux" -GRP_STAGE23_USE="berkdb crypt ncurses pam python readline selinux ssl zlib" +USE="selinux" -FEATURES="autoconfig selinux strict sfperms" +FEATURES="selinux sesandbox" POLICYDIR="/etc/security/selinux/src/policy" -PORTAGE_T="portage_t" +POLICY_TYPES="strict targeted" PORTAGE_FETCH_T="portage_fetch_t" PORTAGE_SANDBOX_T="portage_sandbox_t" diff --git a/profiles/selinux/mips/mips64/2006.1/make.defaults b/profiles/selinux/mips/mips64/2006.1/make.defaults new file mode 100644 index 000000000000..b5bb9aa37966 --- /dev/null +++ b/profiles/selinux/mips/mips64/2006.1/make.defaults @@ -0,0 +1,25 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/mips/mips64/2006.1/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +ARCH="mips" + +# Even though this is a 64bit kernel, we use a 32-bit userland (o32) +CHOST="mips-unknown-linux-gnu" + +# Used in ebuilds for verifying mips64 profile +PROFILE_ARCH="mips64" + +# Sandbox is broken on mips (Bug #45814) +FEATURES="-sandbox ccache autoconfig" + +# Compiler flags +# We build a *minimum* of mips3, because just about any mips64 box we theoretically +# support should meet the mips3 standard. This is also the mips64 o32 profile, +# so make that the default ABI +CFLAGS="-O2 -pipe -march=mips3 -mabi=32" +CXXFLAGS=${CFLAGS} + +ACCEPT_KEYWORDS="mips" + +USE="berkdb crypt ipv6 ncurses nls pam python readline ssl tcpd zlib" diff --git a/profiles/selinux/mips/mips64/2006.1/packages b/profiles/selinux/mips/mips64/2006.1/packages new file mode 100644 index 000000000000..5b436e3c0dcb --- /dev/null +++ b/profiles/selinux/mips/mips64/2006.1/packages @@ -0,0 +1,13 @@ +# Copyright 2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/mips/mips64/2006.1/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# mips64 o32 packages + +# Since we're running a mips64 kernel w/ 32bit (o32) userland, +# we need gcc-mips64 for kernels +*sys-devel/gcc-mips64 + +# Sometimes necessary to trick programs into thinking we're really +# a mips32 system. +*sys-apps/setarch diff --git a/profiles/selinux/mips/mips64/2006.1/parent b/profiles/selinux/mips/mips64/2006.1/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/mips/mips64/2006.1/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/mips/mips64/parent b/profiles/selinux/mips/mips64/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/mips/mips64/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/mips/package.mask b/profiles/selinux/mips/package.mask new file mode 100644 index 000000000000..08c795937a31 --- /dev/null +++ b/profiles/selinux/mips/package.mask @@ -0,0 +1,9 @@ +# Copyright 2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/mips/package.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +################################################################### +# Mask gcc-mips64 # +# Use sys-devel/kgcc64 from now on -- it replaces gcc-mips64 # +################################################################### +sys-devel/gcc-mips64 diff --git a/profiles/selinux/mips/packages b/profiles/selinux/mips/packages new file mode 100644 index 000000000000..62e18719e316 --- /dev/null +++ b/profiles/selinux/mips/packages @@ -0,0 +1,18 @@ +# Copyright 2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/mips/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# Top-level mips profile + +############################################################################## +# SELinux required versionings + +>=sys-libs/libsepol-1.12.28 +>=sys-libs/libselinux-1.30.29 +>=sys-libs/libsemanage-1.6.17 +>=sys-apps/policycoreutils-1.30.30 +>=sys-apps/checkpolicy-1.30.12 + +>=sec-policy/selinux-base-policy-20060101 + +############################################################################## diff --git a/profiles/selinux/mips/parent b/profiles/selinux/mips/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/mips/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/mips/use.mask b/profiles/selinux/mips/use.mask new file mode 100644 index 000000000000..1557e9fc4ee0 --- /dev/null +++ b/profiles/selinux/mips/use.mask @@ -0,0 +1,297 @@ +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/mips/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# Untested on mips, masking for now. +cdb +nextaw + +# Don't need these either +gstreamer +gtkhtml +gnome + +# We don't use this (yet). It's a dep for gnome-vfs with four of its own. +# Excluding it on mips until someone reports a need for it. +avahi + +# Until someone actually needs fuse, we'll mask it as +# it holds up stablizing ntfsprogs +fuse + +# 2006/03/07 - Donnie Berkholz <dberkholz@gentoo.org> +# Modular X: mask for architectures lacking direct rendering +dri + +# Stephen P. Becker <geoman@gentoo.org> +-video_cards_newport +-video_cards_impact + +# Stephen P. Becker <geoman@gentoo.org> +# more modular X stuff +video_cards_epson +video_cards_tdfx +video_cards_sunffb +video_cards_mach64 +video_cards_mga +video_cards_nv +video_cards_r128 +video_cards_radeon +video_cards_savage +video_cards_sis +input_devices_acecad +input_devices_aiptek +input_devices_calcomp +input_devices_citron +input_devices_digitaledge +input_devices_dmc +input_devices_dynapro +input_devices_elo2300 +input_devices_elographics +input_devices_fpit +input_devices_hyperpen +input_devices_jamstudio +input_devices_magellan +input_devices_magictouch +input_devices_microtouch +input_devices_mutouch +input_devices_palmax +input_devices_penmount +input_devices_spaceorb +input_devices_summa +input_devices_synaptics +input_devices_tek4957 +input_devices_ur98 +input_devices_vmmouse +input_devices_void +input_devices_wacom +input_devices_joystick +video_cards_chips +video_cards_cirrus +video_cards_fglrx +video_cards_glint +video_cards_nvidia +video_cards_s3 +video_cards_s3virge +video_cards_savage +video_cards_sisusb +video_cards_sunbw2 +video_cards_suncg14 +video_cards_suncg3 +video_cards_suncg6 +video_cards_sunleo +video_cards_suntcx +video_cards_trident +video_cards_vmware +video_cards_voodoo + +# 2006/02/05 - Donnie Berkholz <dberkholz@gentoo.org> +# Modular X: mask for architectures on which they aren't available +video_cards_apm +video_cards_ark +video_cards_cyrix +video_cards_i128 +video_cards_i740 +video_cards_i810 +video_cards_imstt +video_cards_neomagic +video_cards_nsc +video_cards_rendition +video_cards_siliconmotion +video_cards_tga +video_cards_tseng +video_cards_vesa +video_cards_vga +video_cards_via + +# Diego Pettenò <flameeyes@gentoo.org> +# Until xine-lib's keywording cannot be maintained, please leave it masked. +xine + +# Stephen P. Becker <geoman@gentoo.org> +# remasking hal because of numerous dependency issues +hal + +# Aaron Walker <ka0ttic@gentoo.org> +# Temporarily masking until net-nds/c-ares can be tested properly +ares + +# Stephen P. Becker <geoman@gentoo.org> +# masking mono because it doesn't work on mips +mono + +# Hardave Riar <hardave@gentoo.org> +# Temporarily masking ieee1394 until it can be tested +# Quick fix to my tree b0rkage +ieee1394 + +# Hardave Riar <hardave@gentoo.org> +# No hardware support +lm_sensors + +# Hardave Riar <hardave@gentoo.org> +# Temporarily masking wifi until I can test it +# Preventing kde from going stable +wifi + +# Henrik Brix Andersen <brix@gentoo.org> +# According to the mips herd, we currently have no way of testing +# pcmcia on mips, bug #90359 +pcmcia + +# John N. Laliberte <allanonjl@gentoo.org> +# mask scanner support +scanner + +# Stephen P. Becker <geoman@gentoo.org> +# mad just spits out static on mips (ip22) +mad + +# Armando Di Cianno <fafhrd@gentoo.org> +# gnustep is currently unbuildable on mips - masking this to repair windowmaker +# broken mips keywording becuase of 'gnustep' USE flag +gnustep + +# Hardave Riar <hardave@gentoo.org> +# This should work, someone with a usb card and digital camera should test it +gphoto2 + +# Hardave Riar <hardave@gentoo.org> +# This will probablly work, but no hardware to test with +gnokii + +# Hardave Riar <hardave@gentoo.org> +# x86 binary only package +fdftk + +# Ciaran McCreesh <ciaranm@gentoo.org> +# unresolved dep, bug #82428 +emboss + +# Joshua Kinard <kumba@gentoo.org> +# dietlibc isn't known to work on mips +diet + +# Stephen P. Becker <geoman@gentoo.org> +# masked because it hoses xchat on 64-bit machines +xosd + +# Stephen P. Becker <geoman@gentoo.org> +# masked for now until this can be properly tested with alsa +jack + +# Stephen P. Becker <geoman@gentoo.org> +# masked because of silly java deps with gnome (we have no jre on mips) +accessibility + +# Stephen P. Becker <geoman@gentoo.org> +# masked because mozilla doesn't work on mips +mozilla + +# Stephen P. Becker <geoman@gentoo.org> +# masked because I say so, gnome-- +pda + +# Ciaran McCreesh <ciaranm@gentoo.org> +# not even slightly reliable, bug #65216 +mzscheme + +# Stephen P. Becker <geoman@gentoo.org> +# masked because gaim sucks +evo + +# Ilya A. Volynets-Evenbach +# no nptl on mips yet +nptl +nptlonly + +# Paul de Vrieze <pauldv@gentoo.org> +# There is no java in this profile (if there is it must be available). Without +# this repoman will fail on apps like sys-libs/db +java + +# Ciaran McCreesh <ciaranm@gentoo.org> +# No java, no netbeans +netbeans + +# Aron Griffis <agriffis@gentoo.org> +# acl doesn't build on mips atm. Mask it so that vim quits +# complaining +acl + +# masked until gnome-extra/evolution-data-server is keyworded for mips +eds + +# Flags which aren't applicable to mips (Mostly copied from sparc) +3dfx +acpi +afs +apm +arts +directfb +dvdr +ibm +informix +firebird +ggi +lirc +oci8 +tcc +trusted +voodoo3 +smartcard +emacs + +# should work but jasper not tested yet +jpeg2k + +# see email to gentoo-dev with subject "use.mask and PHP5's crazy IUSE" +# Dated Sat, 31 Jul 2004 14:49:28 -0700, from robbat2@gentoo.org +# all of these are binary-only, and not presently available on this +# architecture. +php +adabas +birdstep +cpdflib +db2 +dbmaker +empress +empress-bcs +esoob +filepro +frontbase +hyperwave +informix +ingres +oracle7 +oci8 +pfpro +solid +sybase +sybase-ct +djbfft +glitz +pike +ocaml +timidity + +# Mask all non-mips arch keywords +alpha +amd64 +arm +hppa +ia64 +m68k +ppc +ppc64 +ppc-macos +s390 +sh +sparc +x86 +x86-fbsd + +# Paludis-0.6.0's QA tools need libpcre++, which hasn't been shown to work yet +qa + +# disable until tested +# bug 148402 +pcsc-lite diff --git a/profiles/selinux/mips/virtuals b/profiles/selinux/mips/virtuals new file mode 100644 index 000000000000..7bf87398d7a7 --- /dev/null +++ b/profiles/selinux/mips/virtuals @@ -0,0 +1,16 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/mips/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +virtual/alsa sys-kernel/mips-sources +virtual/linux-sources sys-kernel/mips-sources +virtual/os-headers sys-kernel/mips-headers +virtual/dev-manager sys-fs/udev +virtual/modutils sys-apps/module-init-tools +virtual/logger app-admin/syslog-ng +virtual/glu media-libs/mesa +virtual/opengl x11-base/xorg-x11 +virtual/x11 x11-base/xorg-x11 +virtual/xft x11-base/xorg-x11 +virtual/glut media-libs/freeglut + diff --git a/profiles/selinux/packages b/profiles/selinux/packages index 39a2e6017f9e..033a848eb7ab 100644 --- a/profiles/selinux/packages +++ b/profiles/selinux/packages @@ -1,48 +1,55 @@ -# Copyright 1999-2004 Gentoo Foundation. +# Copyright 2002-2006 Gentoo Foundation. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/packages,v 1.20 2006/03/14 14:48:16 pebenito Exp $ +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/packages,v 1.21 2006/10/08 18:37:25 pebenito Exp $ + +# This file extends the base packages file for the default profile that all +# architectures will enjoy. Please note that default is what most architectures +# will have. Some will have an selinux profile (see ${PORTDIR}/profiles/selinux). +# The idea is to only create a new family of profiles when absolutely necessary. + +*sys-apps/busybox +*sys-apps/hdparm +*sys-apps/man-pages ############################################################################## -# SELinux required versionings +# Basic SELinux required versionings # Core Packages -*>=sys-apps/portage-2.0.49-r15 -*>=sys-apps/baselayout-1.8.6.12-r2 +>=sys-apps/portage-2.0.49-r15 +>=sys-apps/baselayout-1.8.6.12-r2 >=sys-libs/glibc-2.3 >=sys-libs/uclibc-0.9.26-r8 >=sys-kernel/linux-headers-2.4.20 # Base SELinux packages +*sys-libs/libsepol *sys-libs/libselinux +*sys-libs/libsemanage *sys-apps/checkpolicy *sys-apps/policycoreutils -*>=sec-policy/selinux-base-policy-20030817 -*>=dev-python/python-selinux-2.0 - -# SELinux-patched packages -*app-arch/tar -*>=net-misc/openssh-3.7.1_p2 -*>=sys-apps/coreutils-5.0.91 -*>=sys-apps/findutils-4.1.20-r1 -*>=sys-apps/shadow-4.0.3-r7 +*sec-policy/selinux-base-policy + +# SELinux-aware packages +>=net-misc/openssh-3.7.1_p2 +>=sys-apps/coreutils-5.0.91 +>=sys-apps/findutils-4.1.20-r1 +>=sys-apps/shadow-4.0.3-r7 *>=sys-apps/util-linux-2.12 *>=sys-libs/pam-0.77 -*>=sys-process/procps-3.1.15 -*>=sys-process/psmisc-21.2-r4 +>=sys-process/procps-3.1.15 +>=sys-process/psmisc-21.2-r4 -# optional SELinux-patched programs: +# optional SELinux-aware programs: >=app-admin/logrotate-3.6.5-r1 >=gnome-base/gdm-2.4.4.7 ->=sys-apps/pam-login-3.14 >=sys-apps/fcron-2.9.4 >=sys-fs/udev-055 >=sys-libs/pwdb-0.61-r4 >=sys-process/vixie-cron-3.0.1-r2 -# New API SELinux kernels +# SELinux is integrated in 2.6 >=sys-kernel/gentoo-sources-2.6.0 >=sys-kernel/hardened-sources-2.6.0 +>=sys-kernel/mips-sources-2.6.0 +>=sys-kernel/sparc-sources-2.6.0 >=sys-kernel/vanilla-sources-2.6.0 -############################################################################## - -*virtual/bootloader diff --git a/profiles/selinux/packages.build b/profiles/selinux/packages.build deleted file mode 100644 index d3895aaa09e0..000000000000 --- a/profiles/selinux/packages.build +++ /dev/null @@ -1,36 +0,0 @@ -app-arch/bzip2 -app-arch/tar -app-shells/bash -dev-lang/perl -dev-lang/python -dev-python/python-selinux -net-misc/rsync -net-misc/wget -sec-policy/selinux-base-policy -sys-apps/baselayout -sys-apps/coreutils -sys-apps/debianutils -sys-apps/diffutils -sys-apps/file -sys-apps/findutils -sys-apps/gawk -sys-apps/grep -sys-apps/less -sys-apps/net-tools -sys-apps/policycoreutils -sys-apps/portage -sys-apps/sed -sys-apps/texinfo -sys-devel/binutils -sys-devel/bison -sys-devel/flex -sys-devel/gcc -sys-devel/gettext -sys-devel/gnuconfig -sys-devel/make -sys-devel/patch -sys-libs/glibc -sys-libs/libselinux -virtual/editor -virtual/gzip -virtual/os-headers diff --git a/profiles/selinux/ppc/packages b/profiles/selinux/ppc/packages new file mode 100644 index 000000000000..2397b5390507 --- /dev/null +++ b/profiles/selinux/ppc/packages @@ -0,0 +1,12 @@ +############################################################################## +# SELinux required versionings + +>=sys-libs/libsepol-1.12.28 +>=sys-libs/libselinux-1.30.29 +>=sys-libs/libsemanage-1.6.17 +>=sys-apps/policycoreutils-1.30.30 +>=sys-apps/checkpolicy-1.30.12 + +>=sec-policy/selinux-base-policy-20060101 + +############################################################################## diff --git a/profiles/selinux/ppc/parent b/profiles/selinux/ppc/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/ppc/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/ppc/ppc32/2006.1/G3/make.defaults b/profiles/selinux/ppc/ppc32/2006.1/G3/make.defaults new file mode 100644 index 000000000000..23fb590acf6d --- /dev/null +++ b/profiles/selinux/ppc/ppc32/2006.1/G3/make.defaults @@ -0,0 +1,9 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/ppc/ppc32/2006.1/G3/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +CFLAGS="-O2 -mtune=G3 -mcpu=G3 -pipe" +CXXFLAGS="${CFLAGS}" + +STAGE1_USE="unicode" +USE="${STAGE1_USE} ${USE}" diff --git a/profiles/selinux/ppc/ppc32/2006.1/G3/parent b/profiles/selinux/ppc/ppc32/2006.1/G3/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/ppc/ppc32/2006.1/G3/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/ppc/ppc32/2006.1/G3/use.mask b/profiles/selinux/ppc/ppc32/2006.1/G3/use.mask new file mode 100644 index 000000000000..c468ae570740 --- /dev/null +++ b/profiles/selinux/ppc/ppc32/2006.1/G3/use.mask @@ -0,0 +1,2 @@ +# Mask altivec on G3 +altivec diff --git a/profiles/selinux/ppc/ppc32/2006.1/G4/make.defaults b/profiles/selinux/ppc/ppc32/2006.1/G4/make.defaults new file mode 100644 index 000000000000..1151d0ca679a --- /dev/null +++ b/profiles/selinux/ppc/ppc32/2006.1/G4/make.defaults @@ -0,0 +1,9 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/ppc/ppc32/2006.1/G4/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +CFLAGS="-O2 -mtune=G4 -mcpu=G4 -maltivec -mabi=altivec -pipe" +CXXFLAGS="${CFLAGS}" + +STAGE1_USE="altivec unicode" +USE="${STAGE1_USE} ${USE}" diff --git a/profiles/selinux/ppc/ppc32/2006.1/G4/parent b/profiles/selinux/ppc/ppc32/2006.1/G4/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/ppc/ppc32/2006.1/G4/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/ppc/ppc32/2006.1/packages b/profiles/selinux/ppc/ppc32/2006.1/packages new file mode 100644 index 000000000000..f1769d3f0016 --- /dev/null +++ b/profiles/selinux/ppc/ppc32/2006.1/packages @@ -0,0 +1,17 @@ +# Copyright 2001-2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/ppc/ppc32/2006.1/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# For instructions on how this file works (as an inclusion mask, primarily), +# please refer to ${PORTDIR}/profiles/base/packages + +# Use this file to lock down specific versions of packages ONLY TO THIS +# SPECIFIC PROFILE! + +# You can also add files to the base system itself if you prefix them with a +# * + +>=sys-apps/baselayout-1.11.13-r1 +>=sys-devel/binutils-2.16.1 +>=sys-devel/gcc-4.1.1 +>=sys-libs/glibc-2.4 diff --git a/profiles/selinux/ppc/ppc32/2006.1/parent b/profiles/selinux/ppc/ppc32/2006.1/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/ppc/ppc32/2006.1/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/ppc/ppc32/make.defaults b/profiles/selinux/ppc/ppc32/make.defaults new file mode 100644 index 000000000000..e01f650923a3 --- /dev/null +++ b/profiles/selinux/ppc/ppc32/make.defaults @@ -0,0 +1,18 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/ppc/ppc32/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# All extra USE/etc should be specified in sub-profiles. +# DO NOT POLLUTE USE ON THIS PROFILE. + +ARCH="ppc" +ACCEPT_KEYWORDS="ppc" + +CHOST="powerpc-unknown-linux-gnu" +CFLAGS="-O2 -pipe" +CXXFLAGS="${CFLAGS}" + +FEATURES="sandbox sfperms" + +STAGE1_USE="unicode" +USE="${STAGE1_USE} berkdb crypt ipv6 ncurses nls nptl pam python readline ssl tcpd zlib" diff --git a/profiles/selinux/ppc/ppc32/parent b/profiles/selinux/ppc/ppc32/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/ppc/ppc32/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/ppc/ppc32/use.mask b/profiles/selinux/ppc/ppc32/use.mask new file mode 100644 index 000000000000..6283667fdf33 --- /dev/null +++ b/profiles/selinux/ppc/ppc32/use.mask @@ -0,0 +1,35 @@ +# This is a list of USE flags that should not be used on PPC + +cmucl +hdf +ip28 +real +tcc +fmod +i8x0 +xvmc + +# Fixes bug #86787 +fusion + +# User Mode Linux isn't supported on ppc yet +uml + +# 2006/08/18 - Donnie Berkholz <dberkholz@gentoo.org> +# Modular X: mask for architectures on which they aren't available +video_cards_apm +video_cards_ark +video_cards_cyrix +video_cards_i128 +video_cards_i740 +video_cards_i810 +video_cards_neomagic +video_cards_nsc +video_cards_rendition +video_cards_siliconmotion +video_cards_sis +video_cards_tga +video_cards_tseng +video_cards_vesa +video_cards_vga +video_cards_via diff --git a/profiles/selinux/ppc/ppc32/virtuals b/profiles/selinux/ppc/ppc32/virtuals new file mode 100644 index 000000000000..97d870f3cd60 --- /dev/null +++ b/profiles/selinux/ppc/ppc32/virtuals @@ -0,0 +1,6 @@ +# Copyright 2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/ppc/ppc32/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +virtual/bootloader sys-boot/yaboot +virtual/ooo app-office/openoffice diff --git a/profiles/selinux/ppc/use.mask b/profiles/selinux/ppc/use.mask new file mode 100644 index 000000000000..e8d8c5c71439 --- /dev/null +++ b/profiles/selinux/ppc/use.mask @@ -0,0 +1,65 @@ +# These use-flags won't work neither on ppc32 nor on ppc64 + +3dfx +acpi +afs +avi +fdftk +lm_sensors +rar + +#keep and eye on firebird and interbase as pair +firebird +interbase + +# Unmask our instruction sets +-altivec +-pbbuttonsd +-ppcsha1 + +# codec support +-x264 + +# see email to gentoo-dev with subject "use.mask and PHP5's crazy IUSE" +# Dated Sat, 31 Jul 2004 14:49:28 -0700, from robbat2@gentoo.org +# all of these are binary-only, and not presently available on this +# architecture. +adabas +birdstep +cpdflib +db2 +dbmaker +empress +empress-bcs +esoob +filepro +frontbase +hyperwave +informix +ingres +oracle7 +pfpro +solid +sybase +sybase-ct + +# Luca Longinotti <chtekk@gentoo.org> +# mask Oracle +oci8 + +# cg is only provided by nvidia's binary only cg toolkit +cg + +# dmi depends on PC BIOSes, we don't have those +dmi + +# Masking mbrola for bug #84322, if a new version is released, remove this +mbrola + +# Appears to be x86 only, feel free to remove if you disagree +nvtv + +# new keyword zrtp related to +# net-libs/libzrtpcpp package +# masked pending testing - bug #149793 +zrtp diff --git a/profiles/selinux/sparc/make.defaults b/profiles/selinux/sparc/make.defaults new file mode 100644 index 000000000000..2a6fb86e9eb2 --- /dev/null +++ b/profiles/selinux/sparc/make.defaults @@ -0,0 +1,7 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +ARCH="sparc" +ACCEPT_KEYWORDS="${ARCH}" +FEATURES="sandbox sfperms" diff --git a/profiles/selinux/sparc/packages b/profiles/selinux/sparc/packages new file mode 100644 index 000000000000..b03310aa75ca --- /dev/null +++ b/profiles/selinux/sparc/packages @@ -0,0 +1,21 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# Top-level sparc profile + +# SPARC specific stuff (32 and 64 bit) +*sys-apps/sparc-utils + +############################################################################## +# SELinux required versionings + +>=sys-libs/libsepol-1.12.28 +>=sys-libs/libselinux-1.30.29 +>=sys-libs/libsemanage-1.6.17 +>=sys-apps/policycoreutils-1.30.30 +>=sys-apps/checkpolicy-1.30.12 + +>=sec-policy/selinux-base-policy-20060101 + +############################################################################## diff --git a/profiles/selinux/sparc/parent b/profiles/selinux/sparc/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/sparc/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/sparc/sparc64/2006.1/make.defaults b/profiles/selinux/sparc/sparc64/2006.1/make.defaults new file mode 100644 index 000000000000..4671dc064fdf --- /dev/null +++ b/profiles/selinux/sparc/sparc64/2006.1/make.defaults @@ -0,0 +1,7 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/2006.1/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# USE settings +USE="berkdb crypt gcc64 ipv6 ncurses nls pam python readline ssl tcpd zlib" +STAGE1_USE="gcc64 nptl nptlonly" diff --git a/profiles/selinux/sparc/sparc64/2006.1/package.mask b/profiles/selinux/sparc/sparc64/2006.1/package.mask new file mode 100644 index 000000000000..b56127ac6bc0 --- /dev/null +++ b/profiles/selinux/sparc/sparc64/2006.1/package.mask @@ -0,0 +1,16 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/2006.1/package.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# Jason Wever <weeve@gentoo.org> +# gradm requires 64 bit support, which doesn't exist in this profile +>sys-apps/gradm-2.0.1-r1 + +# Gustavo Zacarias <gustavoz@gentoo.org> +# To avoid odd toolchain mixups +<dev-libs/libffi-3.4.3 + +# Mask gcc-4.x and glibc-2.4 until they are ready +>=sys-devel/gcc-4.0.0 +>=sys-libs/glibc-2.4 +>=sys-kernel/linux-headers-2.6.17 diff --git a/profiles/selinux/sparc/sparc64/2006.1/packages b/profiles/selinux/sparc/sparc64/2006.1/packages new file mode 100644 index 000000000000..06b0047feb31 --- /dev/null +++ b/profiles/selinux/sparc/sparc64/2006.1/packages @@ -0,0 +1,19 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/2006.1/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# We really want 3.4.x for this profile +*>=sys-devel/gcc-3.4.5 +*>=sys-devel/binutils-2.16.1-r2 + +# Need newer ones to build with gcc 3.4.x +*>=sys-libs/glibc-2.3.6-r3 + +# Since we're running a sparc64 kernel w/ 32bit (v9) userland, +# we need gcc-sparc64 for kernels. +*>=sys-devel/gcc-sparc64-3.4.6 + +# Jeremy Huddleston <eradicator@gentoo.org> +# Earlier versions aren't patched to work with 2.6 headers +*>=sys-boot/silo-1.4.10 + diff --git a/profiles/selinux/sparc/sparc64/2006.1/parent b/profiles/selinux/sparc/sparc64/2006.1/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/sparc/sparc64/2006.1/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/sparc/sparc64/2006.1/use.mask b/profiles/selinux/sparc/sparc64/2006.1/use.mask new file mode 100644 index 000000000000..71465abbfb98 --- /dev/null +++ b/profiles/selinux/sparc/sparc64/2006.1/use.mask @@ -0,0 +1,18 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/2006.1/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# Java and java-related stuffs +freetts +java +java-internal +java-external +netbeans + +# New stuff enabled +-hal +-ipod +-alsa +-ladcca +-udev +-pmount diff --git a/profiles/selinux/sparc/sparc64/2006.1/virtuals b/profiles/selinux/sparc/sparc64/2006.1/virtuals new file mode 100644 index 000000000000..3f17f125c745 --- /dev/null +++ b/profiles/selinux/sparc/sparc64/2006.1/virtuals @@ -0,0 +1,6 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/2006.1/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +virtual/dev-manager sys-fs/udev +virtual/linux-sources sys-kernel/gentoo-sources diff --git a/profiles/selinux/sparc/sparc64/make.defaults b/profiles/selinux/sparc/sparc64/make.defaults new file mode 100644 index 000000000000..9b5746521bb6 --- /dev/null +++ b/profiles/selinux/sparc/sparc64/make.defaults @@ -0,0 +1,26 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# 64bit kernel, 32bit userland +CHOST="sparc-unknown-linux-gnu" +PROFILE_ARCH="sparc64" + +# We need sparc64 binutils for linux-headers +CTARGETS_BINUTILS="sparc-unknown-linux-gnu sparc64-unknown-linux-gnu" +STAGE1_USE="gcc64" + +# Multilib stuff +MULTILIB_ABIS="sparc32" +DEFAULT_ABI="sparc32" +ABI=${DEFAULT_ABI} +CFLAGS_sparc32="-m32" +LDFLAGS_sparc32="-m elf32_sparc" +CHOST_sparc32="sparc-unknown-linux-gnu" +CTARGET_sparc32="sparc-unknown-linux-gnu" +CDEFINE_sparc32="!__arch64__" +LIBDIR_sparc32="lib" + +# Compiler flags +CFLAGS="-O2 -mcpu=ultrasparc -pipe" +CXXFLAGS=${CFLAGS} diff --git a/profiles/selinux/sparc/sparc64/packages b/profiles/selinux/sparc/sparc64/packages new file mode 100644 index 000000000000..08855b289b75 --- /dev/null +++ b/profiles/selinux/sparc/sparc64/packages @@ -0,0 +1,8 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# Sometimes necessary to trick programs into thinking we're really +# a sparc32 system. +*sys-apps/setarch + diff --git a/profiles/selinux/sparc/sparc64/parent b/profiles/selinux/sparc/sparc64/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/sparc/sparc64/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/sparc/sparc64/use.mask b/profiles/selinux/sparc/sparc64/use.mask new file mode 100644 index 000000000000..fdb60fa9691a --- /dev/null +++ b/profiles/selinux/sparc/sparc64/use.mask @@ -0,0 +1,5 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +-vis diff --git a/profiles/selinux/sparc/use.mask b/profiles/selinux/sparc/use.mask new file mode 100644 index 000000000000..ec4e24860914 --- /dev/null +++ b/profiles/selinux/sparc/use.mask @@ -0,0 +1,199 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# This file contains a list of useflags that cannot be used on sparc. + +3dfx +acpi +afs +amd +apm +cle266 +cmucl +commercial +directfb +djbfft +dvb +dmi +emboss +fdftk +glitz +hal +i8x0 +ibm +informix +lirc +lm_sensors +mod +modplug +mpm-peruser +nvtv +oci8 +pbs +pcmcia +pmount +rar +real +tcc +trusted +udev +uml +voodoo3 +wavelan +wifi +xvmc + +# Asterisk use flag masking +bri +florz +resperl +zaptel +ukcid + +# Mono doesn't work on sparc +# eradicator@gentoo.org +mono + +# And since there's no mono yet... <gustavoz> +beagle + +# pyste has untested/unkeyworded deps on sparc +pyste + +# They're borked <gustavoz> +dar32 +dar64 + +# Seti@home is gone <gustavoz> +seti + +# 2006/09/05 - Tupone Alfredo <tupone@gentoo.org> +# doomsday ebuild is not available on this architecture +doomsday + +# see email to gentoo-dev with subject "use.mask and PHP5's crazy IUSE" +# Dated Sat, 31 Jul 2004 14:49:28 -0700, from robbat2@gentoo.org +# all of these are binary-only, and not presently available on this +# architecture. +adabas +birdstep +cpdflib +db2 +dbmaker +empress +empress-bcs +esoob +filepro +frontbase +hyperwave-api +ingres +libedit +oracle7 +pfpro +solid +sybase +sybase-ct + +# Unmask ultra1 +-ultra1 + +# Other masks +clisp +hdf5 +ipod +pike + +# Alsa is b0rked for now +alsa +ladcca + +# Mask v4l2 as it depends on 2.6 headers and hasn't been confirmed to work yet +v4l2 + +# Unmask sparc-only video cards +-video_cards_sunbw2 +-video_cards_suncg14 +-video_cards_suncg3 +-video_cards_suncg6 +-video_cards_sunffb +-video_cards_sunleo +-video_cards_suntcx + +# 2006/02/05 - Donnie Berkholz <dberkholz@gentoo.org> +# Modular X: mask for architectures on which they aren't available +video_cards_cyrix +video_cards_nsc +video_cards_s3 +video_cards_sis +video_cards_tseng +video_cards_via +video_cards_imstt +video_cards_s3virge +video_cards_i128 +video_cards_trident +video_cards_neomagic +video_cards_cirrus +video_cards_tga +video_cards_i740 +video_cards_siliconmotion +video_cards_ark +video_cards_rendition +video_cards_newport +video_cards_chips +video_cards_apm +video_cards_i810 +video_cards_nv +video_cards_vesa +video_cards_vga + +# Jason Wever <weeve@gentoo.org> - 10 April 2006 +# Mask ifp use flag for amarok until someone can confirm it works +ifp + +# Jason Wever <weeve@gentoo.org> - 01 May 2006 +# Mask nforce2 use flag as NVIDIA doesn't make mobos for SPARC CPUs (yet :-P) +nforce2 + +# Gustavo Zacarias <gustavoz@gentoo.org> - 02 May 2006 +# AIO is b0rked for now.... +aio + +# Jason Wever <weeve@gentoo.org> - 29 May 2006 +# Mask qt4 use flag in relation to KDE 3.5 stablization until QT 4 works better +qt4 + +# Patrick McLean <chutzpah@gentoo.org> - 02 Jun 2006 +# Mask bmpx USE flag since new versions don't work on sparc (comment #11 +# on bug #111975) +bmpx + +# Jason Wever <weeve@gentoo.org> - 10 Jun 2006 +# Mask kdehiddenvisibility as we don't have gcc-4.1.x unmasked in any profiles +kdehiddenvisibility + +# Gustavo Zacarias <gustavoz@gentoo.org> - 1 July 2006 +# seamonkey doesn't work yet, see bug #137198 +seamonkey + +# Jason Wever <weeve@gentoo.org> - 5 Aug 2006 +# Mask njb use flag until someone has a Nomad Jukebox to test with. +njb + +# Jason Wever <weeve@gentoo.org> - 5 Aug 2006 +# Mask mp4 use flag as media-video/gpac fails to build currently +mp4 + +# Gustavo Zacarias <gustavoz@gentoo.org> - 17 Aug 2006 +# Masking hardened, it isn't really supported, see bugs #144126 #78951 +hardened + +# Gustavo Zacarias <gustavoz@gentoo.org> - 04 Sep 2006 +# mzscheme seems somewhat b0rked and we want vim7 +mzscheme + +# requires a JDK +mpe-sdk + +# uses libaio +romio diff --git a/profiles/selinux/sparc/virtuals b/profiles/selinux/sparc/virtuals new file mode 100644 index 000000000000..ed85bfc49fcb --- /dev/null +++ b/profiles/selinux/sparc/virtuals @@ -0,0 +1,11 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +virtual/linux-sources sys-kernel/sparc-sources +virtual/bootloader sys-boot/silo +virtual/mpi sys-cluster/lam-mpi +virtual/modutils sys-apps/module-init-tools +virtual/dev-manager sys-fs/devfsd +virtual/ooo app-office/openoffice +virtual/logger app-admin/syslog-ng diff --git a/profiles/selinux/use.mask b/profiles/selinux/use.mask index 440c29497c58..462e56bc4757 100644 --- a/profiles/selinux/use.mask +++ b/profiles/selinux/use.mask @@ -1,11 +1,38 @@ -# Copyright 1999-2004 Gentoo Foundation +# Copyright 2004-2006 Gentoo Foundation. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/use.mask,v 1.2 2006/07/19 18:21:49 vapier Exp $ +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/use.mask,v 1.3 2006/10/08 18:37:25 pebenito Exp $ + +# This file masks out USE flags that are simply NOT allowed in the default +# profile for any architecture. This works, for example, if a non-default +# profile (such as the selinux profiles) have a USE flag associated with +# them. -selinux # disallow posix acl since this is SELinux acl -# aqua USE flag is only valid on Mac OS X +# USE flags only valid on Mac OS X aqua +coreaudio + +# amd64 only: +emul-linux-x86 + +# sparc only: +ultra1 + +# x86 only +win32codecs +kqemu + +# Only used by mips and old amd64 profiles +multilib + +# ppc and x86/amd64 +x264 + +# lvm2 clustered use flags +clvm +gulm +cman diff --git a/profiles/selinux/virtuals b/profiles/selinux/virtuals index f14d972a4359..a5f3a32cc5ad 100644 --- a/profiles/selinux/virtuals +++ b/profiles/selinux/virtuals @@ -1,7 +1,10 @@ # Copyright 1999-2004 Gentoo Foundation. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/virtuals,v 1.8 2005/05/16 19:55:27 seemant Exp $ +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/virtuals,v 1.9 2006/10/08 18:37:25 pebenito Exp $ -virtual/modutils sys-apps/module-init-tools -virtual/os-headers sys-kernel/linux-headers -virtual/utempter sys-apps/utempter +# Use this virtuals file to either overload the base profile's defined +# virtuals, or add virtuals that are specific to this family of profiles + +virtual/alsa sys-kernel/gentoo-sources +virtual/linux-sources sys-kernel/gentoo-sources +virtual/os-headers sys-kernel/linux-headers diff --git a/profiles/selinux/x86/2006.1/make.defaults b/profiles/selinux/x86/2006.1/make.defaults new file mode 100644 index 000000000000..c675b1827d6f --- /dev/null +++ b/profiles/selinux/x86/2006.1/make.defaults @@ -0,0 +1,10 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/x86/2006.1/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# This will be commented and replaced with just STAGE1_USE="unicode" if we do +# not end up with a stable glibc 2.4 by 2006.1's release. +STAGE1_USE="nptl nptlonly unicode" + +# These USE flags are what is common between the various sub-profiles. +USE="nptl nptlonly udev unicode" diff --git a/profiles/selinux/x86/2006.1/packages b/profiles/selinux/x86/2006.1/packages new file mode 100644 index 000000000000..9b1f517c7b0e --- /dev/null +++ b/profiles/selinux/x86/2006.1/packages @@ -0,0 +1,17 @@ +# Copyright 2001-2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/x86/2006.1/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# For instructions on how this file works (as an inclusion mask, primarily), +# please refer to ${PORTDIR}/profiles/base/packages + +# Use this file to lock down specific versions of packages ONLY TO THIS +# SPECIFIC PROFILE! + +# You can also add files to the base system itself if you prefix them with a +# * + +>=sys-apps/baselayout-1.11.12-r4 +>=sys-devel/binutils-2.15.90.0.3-r4 +>=sys-devel/gcc-3.3.4-r1 +>=sys-libs/glibc-2.3.3.20040420-r1 diff --git a/profiles/selinux/x86/2006.1/parent b/profiles/selinux/x86/2006.1/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/x86/2006.1/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/x86/make.defaults b/profiles/selinux/x86/make.defaults new file mode 100644 index 000000000000..8a887678601e --- /dev/null +++ b/profiles/selinux/x86/make.defaults @@ -0,0 +1,17 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/x86/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# All extra USE/etc should be specified in sub-profiles. +# DO NOT POLLUTE USE ON THIS PROFILE. + +ARCH="x86" +ACCEPT_KEYWORDS="x86" + +CHOST="i686-pc-linux-gnu" +CFLAGS="-O2 -mcpu=i686 -pipe" +CXXFLAGS="${CFLAGS}" + +FEATURES="sandbox sfperms" + +USE="berkdb crypt ipv6 ncurses nls pam python readline ssl tcpd zlib" diff --git a/profiles/selinux/x86/packages b/profiles/selinux/x86/packages new file mode 100644 index 000000000000..342a9cfdca48 --- /dev/null +++ b/profiles/selinux/x86/packages @@ -0,0 +1,30 @@ +# Copyright 2001-2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/x86/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# For instructions on how this file works (as an inclusion mask, primarily), +# please refer to ${PORTDIR}/profiles/base/packages + +# Use this file to lock down specific versions of packages ONLY TO THIS +# SPECIFIC ARCHITECTURE!! + +# You can also add files to the base system itself if you prefix them with a +# * + +>=sys-devel/binutils-2.13.90.0.4 + +############################################################################## +# SELinux required versionings + +>=sys-libs/libsepol-1.12.28 +>=sys-libs/libselinux-1.30.29 +>=sys-libs/libsemanage-1.6.17 +>=sys-apps/policycoreutils-1.30.30 +>=sys-apps/checkpolicy-1.30.12 + +>=sec-policy/selinux-base-policy-20060101 + +# Critical xattr fixes: +>=sys-boot/grub-0.94 + +############################################################################## diff --git a/profiles/selinux/x86/parent b/profiles/selinux/x86/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/selinux/x86/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/selinux/x86/use.mask b/profiles/selinux/x86/use.mask new file mode 100644 index 000000000000..1b3d003a89b8 --- /dev/null +++ b/profiles/selinux/x86/use.mask @@ -0,0 +1,56 @@ +# Copyright 2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License, v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/x86/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# This file masks out USE flags that are simply NOT allowed in the default +# x86 profile. This works, for example, if another architecture's +# profile have a USE flag associated with (such as altivec, mmx, etc). + +# Unmask x86 instruction sets +-3dnow +-3dnowext +-icc +-icc-pgo +-ifc +-mmx +-mmxext +-sse +-sse2 +-svga +-kqemu + +# Unmask nvidia XvMC support +-nvidia + +# Unmask dev-db/oracle-instantclient-basic support +-oci8-instant-client + +# Unmask osp, used by asterisk; bug 115798 +-osp + +# Modular X: unmask for architectures on which they are available +-input_devices_synaptics +-input_devices_vmmouse +-input_devices_wacom +-video_cards_nvidia +-video_cards_fglrx +-video_cards_vmware + +# Modular X: mask for architectures on which they aren't available +video_cards_newport + +#codec support +-win32codecs +-real +-x264 + +# lvm2 cluster +-clvm +-gulm +-cman + +# ibm is only used for ppc64 stuff +ibm + +# psyco works on x86 +-psyco diff --git a/profiles/selinux/x86/virtuals b/profiles/selinux/x86/virtuals new file mode 100644 index 000000000000..c90a0e629a70 --- /dev/null +++ b/profiles/selinux/x86/virtuals @@ -0,0 +1,9 @@ +# Copyright 2004 Gentoo Foundation. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/x86/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $ + +# This file is used to either override or extend the parent profile's +# virtuals mappings. In this case, this is for ARCHITECTURE SPECIFIC +# mappings + +virtual/bootloader sys-boot/grub |