diff options
author | Magnus Granberg <zorry@gentoo.org> | 2017-12-01 01:41:50 +0100 |
---|---|---|
committer | Magnus Granberg <zorry@gentoo.org> | 2017-12-01 01:43:07 +0100 |
commit | 3fc26bb5c292f97aa03e9649b785e46d90a3b5a4 (patch) | |
tree | b405a694d74182f24785ee1a6ebae9b65b321c13 /profiles/features/hardened | |
parent | package.use.stable.mask: make sure stable chromium isnt broken in 17.0 (diff) | |
download | gentoo-3fc26bb5c292f97aa03e9649b785e46d90a3b5a4.tar.gz gentoo-3fc26bb5c292f97aa03e9649b785e46d90a3b5a4.tar.bz2 gentoo-3fc26bb5c292f97aa03e9649b785e46d90a3b5a4.zip |
profiles: update hardened on the new 17.0 profile
Diffstat (limited to 'profiles/features/hardened')
-rw-r--r-- | profiles/features/hardened/amd64/package.use | 7 | ||||
-rw-r--r-- | profiles/features/hardened/amd64/package.use.force | 7 | ||||
-rw-r--r-- | profiles/features/hardened/make.defaults | 13 | ||||
-rw-r--r-- | profiles/features/hardened/package.use.mask | 9 | ||||
-rw-r--r-- | profiles/features/hardened/packages | 2 | ||||
-rw-r--r-- | profiles/features/hardened/use.force | 2 |
6 files changed, 26 insertions, 14 deletions
diff --git a/profiles/features/hardened/amd64/package.use b/profiles/features/hardened/amd64/package.use index 0cef7f8d1d92..dff56ad8871d 100644 --- a/profiles/features/hardened/amd64/package.use +++ b/profiles/features/hardened/amd64/package.use @@ -3,10 +3,11 @@ # Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015) # We need to have the pic flag on. -# Bugs 490276, 513464, 523736 and 512208. +# Bugs 358929, 490276, 513464, 523736 and 512208. media-libs/x264 pic media-video/ffmpeg pic media-video/libav pic ->=media-libs/mesa-10.1.6 pic +media-libs/mesa pic media-libs/libpostproc pic ->=media-libs/xvid-1.3.3 pic +media-libs/xvid pic +app-emulation/open-vm-tools pic diff --git a/profiles/features/hardened/amd64/package.use.force b/profiles/features/hardened/amd64/package.use.force deleted file mode 100644 index ef833f2d1b51..000000000000 --- a/profiles/features/hardened/amd64/package.use.force +++ /dev/null @@ -1,7 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -# Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015) -# We need to have the pic flag on. -# Bugs 358929 -app-emulation/open-vm-tools pic diff --git a/profiles/features/hardened/make.defaults b/profiles/features/hardened/make.defaults index d83d7eab8856..1f5030f9a41b 100644 --- a/profiles/features/hardened/make.defaults +++ b/profiles/features/hardened/make.defaults @@ -5,7 +5,7 @@ # Rename STAGE1_USE to BOOTSTRAP_USE and stack it to the parent value BOOTSTRAP_USE="${BOOTSTRAP_USE} hardened pic xtpax -jit -orc" -USE="hardened pic urandom xtpax -fortran -jit -orc" +USE="hardened pic xtpax -jit -orc" # Ian Stakenvicius, 2014-09-03 # Set a variable just to indicate that the current profile is a hardened one @@ -13,3 +13,14 @@ USE="hardened pic urandom xtpax -fortran -jit -orc" # indicate said package is, say, configured in a way that defeats the purpose # of running hardened. PROFILE_IS_HARDENED=1 + +# We set the default markings to XATTR_PAX +PAX_MARKINGS="XT" + +# Default starting set of USE flags for all default/linux profiles. +# We unset them so we get a clean use flag profile. +USE="${USE} -berkdb -gdbm -tcpd" +USE="${USE} -fortran" +USE="${USE} -cli -session" +USE="${USE} -dri" +USE="${USE} -modules" diff --git a/profiles/features/hardened/package.use.mask b/profiles/features/hardened/package.use.mask index e3320e1e4d9d..cdab4d608d05 100644 --- a/profiles/features/hardened/package.use.mask +++ b/profiles/features/hardened/package.use.mask @@ -3,9 +3,16 @@ sys-apps/hwloc gl -sys-devel/gcc -hardened +sys-devel/gcc -hardened sanitize sys-libs/glibc -hardened +# Ian Stakenvicius <axs@gentoo.org> (03 Dec 2014) +# Have no way of knowing what Gecko Media Plugins will install in profiles +www-client/firefox gmp-autoupdate + # net-fs/openafs-kernel module can't be used on hardened, # see bug 540196. net-fs/openafs modules + +# jit don't work on hardened. +dev-vcs/git pcre-jit diff --git a/profiles/features/hardened/packages b/profiles/features/hardened/packages index 2524abdd0c4f..3790c915840d 100644 --- a/profiles/features/hardened/packages +++ b/profiles/features/hardened/packages @@ -1,4 +1,4 @@ -# Copyright 1999-2013 Gentoo Foundation. +# Copyright 1999-2017 Gentoo Foundation. # Distributed under the terms of the GNU General Public License v2 # This file extends the base packages file for all hardened profiles diff --git a/profiles/features/hardened/use.force b/profiles/features/hardened/use.force index 35e56536ec64..2f57880682b1 100644 --- a/profiles/features/hardened/use.force +++ b/profiles/features/hardened/use.force @@ -1,4 +1,4 @@ -# Copyright 1999-2015 Gentoo Foundation +# Copyright 1999-2017 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # Make sure people don't accidentally turn of ssp/pie in important packages. |