Adding missing files.

svn path=/; revision=170

8 files changed, 181 insertions, 0 deletions

diff --git a/hardened/profiles/hardened/make.defaults b/hardened/profiles/hardened/make.defaults
new file mode 100644
index 0000000..0430262
--- /dev/null
+++ b/hardened/profiles/hardened/make.defaults
@@ -0,0 +1,7 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/make.defaults,v 1.11 2006/06/25 19:11:43 solar Exp $
+
+STAGE1_USE="hardened pic userlocales"
+USE="xorg"
+INPUT_DEVICES="mouse keyboard"
diff --git a/hardened/profiles/hardened/package.mask b/hardened/profiles/hardened/package.mask
new file mode 100644
index 0000000..e3367d1
--- /dev/null
+++ b/hardened/profiles/hardened/package.mask
@@ -0,0 +1,95 @@
+# Copyright 2006 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/package.mask,v 1.15 2006/11/29 21:47:49 pebenito Exp $
+
+# This file is additional masking for the hardened profile
+
+# Mask off gcc-4 for all hardened arches until SSP is sorted out (i.e.
+# backport for gcc-4.0 and 4.0/4.1 rigged for SSP support in the C
+# library).  After that, may still need to be masked on x86 as some
+# PIC assembler that worked pre-4 fails post-4, e.g. bug #104966).
+# If you want to play with it, unmask in /etc/portage/package.unmask
+# but be prepared to rebuild anything you build with gcc-4, later.
+# 2006-01-11 kevquinn
+=sys-devel/gcc-4*
+
+# Mask off glibc-2.4 until the approach for SSP compatibilty is
+# resolved in a way that doesn't break running systems, and we
+# have a sensible upgrade path.  Advise having a static busybox
+# around if you try it in a live system.
+# 2006-03-13 kevquinn
+=sys-libs/glibc-2.4*
+# And 2.5...
+# 2006-10-09 kevquinn
+=sys-libs/glibc-2.5*
+
+# These packages do more harm than good w/ hardened.
+# users must now the opensource xorg nv driver with nvidia cards.
+# By placing Driver "nv" in xorg.conf
+# 2006-06-29 solar
+x11-drivers/nvidia-drivers
+x11-drivers/nvidia-legacy-drivers
+media-video/nvidia-settings
+
+# Shouldn't be merging these SELinux packages on this profile
+# but this keeps repoman happy since they require >=glibc-2.4
+# 20061009 pebenito
+>=sys-libs/libselinux-1.30.29
+>=sys-libs/libsemanage-1.6.17
+>=sys-apps/policycoreutils-1.30.30
+>=sys-apps/checkpolicy-1.30.12
+sec-policy/selinux-acpi
+>=sec-policy/selinux-apache-20060101
+>=sec-policy/selinux-arpwatch-20060101
+>=sec-policy/selinux-asterisk-20060101
+>=sec-policy/selinux-audio-entropyd-20060101
+sec-policy/selinux-avahi
+>=sec-policy/selinux-base-policy-20060101
+>=sec-policy/selinux-bind-20060101
+sec-policy/selinux-bluez
+>=sec-policy/selinux-clamav-20060101
+>=sec-policy/selinux-clockspeed-20060101
+>=sec-policy/selinux-courier-imap-20060101
+>=sec-policy/selinux-cyrus-sasl-20060101
+>=sec-policy/selinux-daemontools-20060101
+>=sec-policy/selinux-dante-20060101
+sec-policy/selinux-dbus
+sec-policy/selinux-desktop
+>=sec-policy/selinux-dhcp-20060101
+>=sec-policy/selinux-distcc-20060101
+>=sec-policy/selinux-djbdns-20060101
+>=sec-policy/selinux-ftpd-20060101
+>=sec-policy/selinux-gnupg-20060101
+>=sec-policy/selinux-gpm-20060101
+sec-policy/selinux-hal
+>=sec-policy/selinux-ipsec-tools-20060101
+>=sec-policy/selinux-jabber-server-20060101
+>=sec-policy/selinux-kerberos-20060101
+>=sec-policy/selinux-logrotate-20060101
+>=sec-policy/selinux-lvm-20060101
+>=sec-policy/selinux-mdadm-20060101
+>=sec-policy/selinux-mysql-20060101
+>=sec-policy/selinux-nfs-20060101
+>=sec-policy/selinux-ntop-20060101
+>=sec-policy/selinux-ntp-20060101
+>=sec-policy/selinux-openldap-20060101
+>=sec-policy/selinux-openvpn-20060101
+sec-policy/selinux-pcmcia
+>=sec-policy/selinux-portmap-20060101
+>=sec-policy/selinux-postfix-20060101
+>=sec-policy/selinux-postgresql-20060101
+>=sec-policy/selinux-privoxy-20060101
+>=sec-policy/selinux-procmail-20060101
+>=sec-policy/selinux-publicfile-20060101
+>=sec-policy/selinux-qmail-20060101
+>=sec-policy/selinux-samba-20060101
+>=sec-policy/selinux-screen-20060101
+>=sec-policy/selinux-snmpd-20060101
+>=sec-policy/selinux-snort-20060101
+>=sec-policy/selinux-spamassassin-20060101
+>=sec-policy/selinux-squid-20060101
+>=sec-policy/selinux-stunnel-20060101
+>=sec-policy/selinux-sudo-20060101
+>=sec-policy/selinux-tftpd-20060101
+>=sec-policy/selinux-ucspi-tcp-20060101
+>=sec-policy/selinux-wireshark-20060101
diff --git a/hardened/profiles/hardened/package.use.mask b/hardened/profiles/hardened/package.use.mask
new file mode 100644
index 0000000..b821fef
--- /dev/null
+++ b/hardened/profiles/hardened/package.use.mask
@@ -0,0 +1,5 @@
+# Note that this requires portage-2.1.1+ so if you need this functionality,
+# make sure your package forces a new-enough portage.
+
+sys-devel/gcc -hardened
+
diff --git a/hardened/profiles/hardened/packages b/hardened/profiles/hardened/packages
new file mode 100644
index 0000000..869738c
--- /dev/null
+++ b/hardened/profiles/hardened/packages
@@ -0,0 +1,14 @@
+# Copyright 1999-2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/packages,v 1.7 2005/02/09 17:12:53 solar Exp $
+
+# This file extends the base packages file for the hardened profile.
+
+# Unmasked this for the next release cycle. -solar (Oct 02 2004)
+#<sys-libs/glibc-2.3.4
+
+*sys-apps/util-linux
+
+# gcc-3.4.3 seems to be unable to rebuild itself. (Jan 25 2005)
+# spb has confirmed that 3.4.3 is now able to bootstrap itself.
+#<sys-devel/gcc-3.4.3
diff --git a/hardened/profiles/hardened/packages.build b/hardened/profiles/hardened/packages.build
new file mode 100644
index 0000000..a5ab648
--- /dev/null
+++ b/hardened/profiles/hardened/packages.build
@@ -0,0 +1,37 @@
+# Copyright 1999-2005 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/packages.build,v 1.3 2006/01/04 21:23:18 solar Exp $
+
+app-arch/bzip2
+app-arch/tar
+app-shells/bash
+dev-lang/perl
+dev-lang/python
+net-misc/rsync
+net-misc/wget
+sys-apps/baselayout
+sys-apps/coreutils
+sys-apps/debianutils
+sys-apps/diffutils
+sys-apps/file
+sys-apps/findutils
+sys-apps/gawk
+sys-apps/grep
+sys-apps/less
+sys-apps/net-tools
+sys-apps/portage
+sys-apps/sed
+sys-apps/texinfo
+sys-apps/busybox
+sys-devel/binutils
+sys-devel/bison
+sys-devel/flex
+sys-devel/gcc
+sys-devel/gettext
+sys-devel/gnuconfig
+sys-devel/make
+sys-devel/patch
+sys-libs/glibc
+virtual/editor
+virtual/gzip
+virtual/os-headers
diff --git a/hardened/profiles/hardened/parent b/hardened/profiles/hardened/parent
new file mode 100644
index 0000000..eb001c6
--- /dev/null
+++ b/hardened/profiles/hardened/parent
@@ -0,0 +1 @@
+../base
diff --git a/hardened/profiles/hardened/use.mask b/hardened/profiles/hardened/use.mask
new file mode 100644
index 0000000..e8d5126
--- /dev/null
+++ b/hardened/profiles/hardened/use.mask
@@ -0,0 +1,15 @@
+# Copyright 1999-2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/use.mask,v 1.15 2006/10/06 21:50:05 wolf31o2 Exp $
+
+# USE flags only valid on Mac OS X
+aqua
+coreaudio
+
+emul-linux-x86
+
+# nvidia-drivers/nvidia-legacy-drivers are masked, this has to be too
+video_cards_nvidia
+
+kqemu
+x264
diff --git a/hardened/profiles/hardened/virtuals b/hardened/profiles/hardened/virtuals
new file mode 100644
index 0000000..9efa866
--- /dev/null
+++ b/hardened/profiles/hardened/virtuals
@@ -0,0 +1,7 @@
+# Copyright 1999-2005 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/virtuals,v 1.12 2005/10/06 03:25:58 vapier Exp $
+
+virtual/os-headers	sys-kernel/linux-headers
+virtual/modutils	sys-apps/module-init-tools
+virtual/linux-sources	sys-kernel/hardened-sources