diff options
| -rw-r--r-- | profiles/uclibc/README | 13 | ||||
| -rw-r--r-- | profiles/uclibc/hardened/parent | 1 | ||||
| -rw-r--r-- | profiles/uclibc/hardened/x86/make.defaults | 29 | ||||
| -rw-r--r-- | profiles/uclibc/hardened/x86/parent | 1 | ||||
| -rw-r--r-- | profiles/uclibc/packages | 39 | ||||
| -rw-r--r-- | profiles/uclibc/packages.build | 29 | ||||
| -rw-r--r-- | profiles/uclibc/use.mask | 5 | ||||
| -rw-r--r-- | profiles/uclibc/virtuals | 2 | ||||
| -rw-r--r-- | profiles/uclibc/x86/make.defaults | 29 | ||||
| -rw-r--r-- | profiles/uclibc/x86/parent | 1 |
10 files changed, 149 insertions, 0 deletions
diff --git a/profiles/uclibc/README b/profiles/uclibc/README new file mode 100644 index 000000000000..050dee53fa2b --- /dev/null +++ b/profiles/uclibc/README @@ -0,0 +1,13 @@ +# This subdir contains the cascading profiles for native uclibc environments + +############################################################################### +# This profile is *not* production ready and may damage your systems +# integrity if used. It is therefore recomened to wait before trying to +# use this. +# +# In case you want try anyway.. +# ACCEPT_KEYWORDS="~x86" emerge -pve system +# unmask anything portage is yelling at you about +# You will need to unmask binutils as well. Bug #54059 +# echo '=sys-devel/binutils-2.15.91.0.1-r2 -* x86 ~x86' >> /etc/portage/packge.unmask +############################################################################### diff --git a/profiles/uclibc/hardened/parent b/profiles/uclibc/hardened/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/uclibc/hardened/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/uclibc/hardened/x86/make.defaults b/profiles/uclibc/hardened/x86/make.defaults new file mode 100644 index 000000000000..4ce44c830e94 --- /dev/null +++ b/profiles/uclibc/hardened/x86/make.defaults @@ -0,0 +1,29 @@ +USE="x86 berkdb crypt ncurses python readline ssl tcpd zlib pic pie hardened uclibc" +GRP_STAGE23_USE="x86 berkdb crypt ncurses python readline ssl tcpd zlib pic pie hardened uclibc" + +ARCH="x86" +COMPILER="gcc3" +ACCEPT_KEYWORDS="x86" + +# +# FEATURES are settings that affect the functionality of portage. Most of +# these settings are for developer use, but some are available to non- +# developers as well. +# +# 'sandbox' enable sandbox-ing when running emerge and ebuild +# 'sfperms' feature for security minded people that causes portage to +# remove group+other readable bits on setuid files and +# remove the other readable bits on setgid files. +# 'strict' causes portage to react strongly to conditions that +# have the potential to be dangerous -- like missing or +# incorrect Manifest files. +# 'userpriv' allows portage to drop root privleges while it is compiling +# as a security measure, and as a side effect this can remove +# sandbox access violations for users. +# 'usersandbox' enables sandboxing while portage is running under userpriv. +# unpack -- for debugging purposes only. +# + +FEATURES="sandbox sfperms strict" +#FEATURES="sandbox sfperms strict userpriv usersandbox" + diff --git a/profiles/uclibc/hardened/x86/parent b/profiles/uclibc/hardened/x86/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/uclibc/hardened/x86/parent @@ -0,0 +1 @@ +.. diff --git a/profiles/uclibc/packages b/profiles/uclibc/packages new file mode 100644 index 000000000000..e3a6f3774341 --- /dev/null +++ b/profiles/uclibc/packages @@ -0,0 +1,39 @@ +# core +*>=sys-apps/portage-2.0.50-r8 +*>=sys-apps/baselayout-1.9.4-r2 + +# toolchain +*>=sys-devel/binutils-2.15.91.0.1-r2 +*>=sys-devel/gcc-3.3.3-r6 + +# minimal versions +*>=net-misc/iputils-021109-r3 +*>=sys-devel/automake-1.8.5-r1 +*>=sys-devel/bison-1.875 +*>=sys-devel/libtool-1.5.2 +>=sys-libs/db-4.1.25_p1-r4 + +# remove stuff not needed on uclibc +# c++ stuff disabled +-*sys-apps/groff +# man pages disabled (noman) +-*sys-apps/man +-*sys-apps/man-pages +# no support for pam +-*sys-apps/pam-login +# why is this in? +-*sys-devel/bc +# this will be added by nls +-*sys-devel/gettext +# this will be added by berkdb +-*sys-libs/db +# no support for pam +-*sys-libs/pam +# added by readline +-*sys-libs/readline +# added by zlib +-*sys-libs/zlib +# +# busybox/uclibc w/o shadow support +#-*sys-apps/shadow +#-*sys-libs/cracklib diff --git a/profiles/uclibc/packages.build b/profiles/uclibc/packages.build new file mode 100644 index 000000000000..52ccd43bd892 --- /dev/null +++ b/profiles/uclibc/packages.build @@ -0,0 +1,29 @@ +sys-apps/baselayout +virtual/libc +app-arch/bzip2 +app-arch/tar +app-shells/bash +sys-apps/debianutils +sys-apps/coreutils +sys-apps/diffutils +sys-apps/file +sys-apps/gawk +sys-apps/grep +virtual/gzip +sys-apps/portage +sys-apps/sed +sys-apps/texinfo +sys-devel/binutils +sys-devel/bison +sys-devel/flex +sys-devel/gcc +sys-devel/make +sys-devel/patch +# this should be added by nls +#sys-devel/gettext +dev-lang/python +net-misc/wget +net-misc/rsync +virtual/editor +sys-apps/net-tools +sys-apps/less diff --git a/profiles/uclibc/use.mask b/profiles/uclibc/use.mask new file mode 100644 index 000000000000..fb1bf28e3867 --- /dev/null +++ b/profiles/uclibc/use.mask @@ -0,0 +1,5 @@ +selinux +pam +nls +nptl +objc diff --git a/profiles/uclibc/virtuals b/profiles/uclibc/virtuals new file mode 100644 index 000000000000..18f2c71bd14f --- /dev/null +++ b/profiles/uclibc/virtuals @@ -0,0 +1,2 @@ +virtual/libc dev-libs/uclibc +virtual/logger app-admin/sysklogd diff --git a/profiles/uclibc/x86/make.defaults b/profiles/uclibc/x86/make.defaults new file mode 100644 index 000000000000..399b2b61da46 --- /dev/null +++ b/profiles/uclibc/x86/make.defaults @@ -0,0 +1,29 @@ +USE="x86 berkdb ncurses python readline zlib uclibc" +GRP_STAGE23_USE="x86 berkdb ncurses python readline zlib uclibc" + +ARCH="x86" +COMPILER="gcc3" +ACCEPT_KEYWORDS="x86" + +# +# FEATURES are settings that affect the functionality of portage. Most of +# these settings are for developer use, but some are available to non- +# developers as well. +# +# 'sandbox' enable sandbox-ing when running emerge and ebuild +# 'sfperms' feature for security minded people that causes portage to +# remove group+other readable bits on setuid files and +# remove the other readable bits on setgid files. +# 'strict' causes portage to react strongly to conditions that +# have the potential to be dangerous -- like missing or +# incorrect Manifest files. +# 'userpriv' allows portage to drop root privleges while it is compiling +# as a security measure, and as a side effect this can remove +# sandbox access violations for users. +# 'usersandbox' enables sandboxing while portage is running under userpriv. +# unpack -- for debugging purposes only. +# + +FEATURES="sandbox sfperms strict" +#FEATURES="sandbox sfperms strict userpriv usersandbox" + diff --git a/profiles/uclibc/x86/parent b/profiles/uclibc/x86/parent new file mode 100644 index 000000000000..f3229c5b9876 --- /dev/null +++ b/profiles/uclibc/x86/parent @@ -0,0 +1 @@ +.. |