profile: add bootstrap

8 files changed, 132 insertions, 0 deletions

diff --git a/profiles/bootstrap/amd64/eapi b/profiles/bootstrap/amd64/eapi
new file mode 100644
index 00000000..7f8f011e
--- /dev/null
+++ b/profiles/bootstrap/amd64/eapi
@@ -0,0 +1 @@
+7
diff --git a/profiles/bootstrap/amd64/parent b/profiles/bootstrap/amd64/parent
new file mode 100644
index 00000000..e3fd977e
--- /dev/null
+++ b/profiles/bootstrap/amd64/parent
@@ -0,0 +1,2 @@
+gentoo:default/linux/amd64/17.1/no-multilib/hardened
+..
diff --git a/profiles/bootstrap/eapi b/profiles/bootstrap/eapi
new file mode 100644
index 00000000..7f8f011e
--- /dev/null
+++ b/profiles/bootstrap/eapi
@@ -0,0 +1 @@
+7
diff --git a/profiles/bootstrap/make.defaults b/profiles/bootstrap/make.defaults
new file mode 100644
index 00000000..bfe4c043
--- /dev/null
+++ b/profiles/bootstrap/make.defaults
@@ -0,0 +1,17 @@
+CFLAGS="-march=native -O2 -pipe -fomit-frame-pointer"
+CXXFLAGS="${CFLAGS}"
+
+FEATURES="cgroup"
+FEATURES="${FEATURES} collision-protect config-protect-if-modified protect-owned"
+FEATURES="${FEATURES} -news"
+FEATURES="${FEATURES} nodoc noinfo noman"
+FEATURES="${FEATURES} preserve-libs"
+FEATURES="${FEATURES} sandbox ipc-sandbox mount-sandbox network-sandbox pid-sandbox"
+FEATURES="${FEATURES} sfperms suidctl"
+FEATURES="${FEATURES} strict multilib-strict strict-keepdir"
+FEATURES="${FEATURES} unknown-features-warn"
+FEATURES="${FEATURES} userpriv userfetch usersandbox"
+FEATURES="${FEATURES} distlocks ebuild-locks"
+FEATURES="${FEATURES} parallel-fetch"
+FEATURES="${FEATURES} fixlafiles"
+FEATURES="${FEATURES} xattr"
diff --git a/profiles/bootstrap/package.use b/profiles/bootstrap/package.use
new file mode 100644
index 00000000..535e7b92
--- /dev/null
+++ b/profiles/bootstrap/package.use
@@ -0,0 +1,55 @@
+*/* -*
+*/* PYTHON_SINGLE_TARGET: python3_6
+*/* PYTHON_TARGETS: python3_6
+
+app-admin/sudo offensive pam
+app-arch/tar acl
+app-crypt/gnupg readline ssl
+app-crypt/pinentry caps ncurses
+app-editors/vim acl
+app-editors/vim-core acl
+app-misc/ca-certificates cacert
+app-misc/pax-utils caps seccomp
+app-shells/bash bashlogger net
+dev-lang/python hardened ipv6 ncurses readline ssl xml
+dev-libs/gmp asm
+dev-libs/libpcre cxx readline
+dev-libs/libpcre2 readline
+dev-libs/openssl asm gmp rfc3779
+dev-python/pypax xtpax
+dev-vcs/git curl gpg iconv pcre threads
+net-libs/gnutls seccomp
+net-libs/ldns ecdsa
+net-libs/nghttp2 threads
+net-misc/curl curl_ssl_openssl http2 ipv6 ssl threads
+net-misc/iputils caps filecaps ipv6 ssl
+net-misc/openssh ecdsa hpn ldns pam ssl
+net-misc/rsync acl iconv ipv6 xattr
+sys-apps/coreutils acl caps gmp
+sys-apps/dbus systemd
+sys-apps/elfix xtpax
+dev-libs/nettle gmp
+sys-apps/gawk readline
+sys-apps/hwids net pci udev
+sys-apps/iproute2 caps -iptables ipv6
+sys-apps/kmod tools
+sys-apps/less pcre
+sys-apps/net-tools ipv6
+sys-apps/portage native-extensions -rsync-verify
+sys-apps/sed acl
+sys-apps/shadow acl cracklib pam xattr
+sys-apps/systemd acl dns-over-tls kmod libidn2 lz4 pam pcre resolvconf seccomp sysv-utils
+sys-apps/util-linux caps ncurses pam readline suid udev kill
+sys-auth/pambase cracklib sha512
+sys-devel/binutils cxx gold plugins
+sys-devel/gcc hardened nptl sanitize vtv
+sys-devel/patch xattr
+sys-fs/squashfs-tools xattr
+sys-kernel/longterm-sources build
+sys-libs/glibc caps
+sys-libs/libcap pam
+sys-libs/libcap-ng
+sys-libs/ncurses cxx threads
+sys-libs/pam cracklib filecaps
+sys-process/procps ncurses
+sys-process/psmisc ipv6
diff --git a/profiles/bootstrap/packages b/profiles/bootstrap/packages
new file mode 100644
index 00000000..5adc7002
--- /dev/null
+++ b/profiles/bootstrap/packages
@@ -0,0 +1,54 @@
+-*
+
+# From gentoo:base/packages
+*>=sys-apps/baselayout-2
+*app-arch/gzip
+*app-arch/tar
+*app-shells/bash:0
+*net-misc/iputils
+*net-misc/rsync
+*sys-apps/coreutils
+*sys-apps/diffutils
+*sys-apps/file
+*>=sys-apps/findutils-4.4
+*sys-apps/gawk
+*sys-apps/grep
+*sys-apps/less
+*sys-process/procps
+*sys-process/psmisc
+*sys-apps/sed
+*sys-apps/which
+*sys-devel/binutils
+*sys-devel/gcc
+*sys-devel/gnuconfig
+*sys-devel/make
+*>=sys-devel/patch-2.7
+*sys-fs/e2fsprogs
+*virtual/dev-manager
+*virtual/editor
+*virtual/libc
+*virtual/modutils
+*virtual/os-headers
+*virtual/package-manager
+*virtual/pager
+*virtual/service-manager
+*virtual/shadow
+*virtual/ssh
+
+# From gentoo:default/linux/packages
+*sys-apps/iproute2
+*sys-apps/net-tools
+*sys-apps/util-linux
+
+# From gentoo:features/hardened/packages
+*sys-apps/elfix
+
+# Force virtual choice
+*sys-apps/portage # virtual/package-manager
+*net-misc/openssh # virtual/ssh
+*sys-apps/systemd # virtual/service-manager
+*app-editors/vim  # virtual/editor
+
+*net-misc/curl
+*sys-apps/ethtool
+*sys-kernel/longterm-sources
diff --git a/profiles/bootstrap/parent b/profiles/bootstrap/parent
new file mode 100644
index 00000000..a32f8bc5
--- /dev/null
+++ b/profiles/bootstrap/parent
@@ -0,0 +1 @@
+gentoo:targets/systemd
diff --git a/profiles/bootstrap/profile.bashrc b/profiles/bootstrap/profile.bashrc
new file mode 120000
index 00000000..5a7ba31c
--- /dev/null
+++ b/profiles/bootstrap/profile.bashrc
@@ -0,0 +1 @@
+../common/profile.bashrc
\ No newline at end of file