From 856079bdfee8ba0a7e00540523cb9ce6be6c372b Mon Sep 17 00:00:00 2001 From: Bertrand Jacquin Date: Tue, 24 Sep 2019 20:24:21 +0100 Subject: profile: add bootstrap --- profiles/bootstrap/amd64/eapi | 1 + profiles/bootstrap/amd64/parent | 2 ++ profiles/bootstrap/eapi | 1 + profiles/bootstrap/make.defaults | 17 ++++++++++++ profiles/bootstrap/package.use | 55 +++++++++++++++++++++++++++++++++++++++ profiles/bootstrap/packages | 54 ++++++++++++++++++++++++++++++++++++++ profiles/bootstrap/parent | 1 + profiles/bootstrap/profile.bashrc | 1 + 8 files changed, 132 insertions(+) create mode 100644 profiles/bootstrap/amd64/eapi create mode 100644 profiles/bootstrap/amd64/parent create mode 100644 profiles/bootstrap/eapi create mode 100644 profiles/bootstrap/make.defaults create mode 100644 profiles/bootstrap/package.use create mode 100644 profiles/bootstrap/packages create mode 100644 profiles/bootstrap/parent create mode 120000 profiles/bootstrap/profile.bashrc (limited to 'profiles/bootstrap') diff --git a/profiles/bootstrap/amd64/eapi b/profiles/bootstrap/amd64/eapi new file mode 100644 index 00000000..7f8f011e --- /dev/null +++ b/profiles/bootstrap/amd64/eapi @@ -0,0 +1 @@ +7 diff --git a/profiles/bootstrap/amd64/parent b/profiles/bootstrap/amd64/parent new file mode 100644 index 00000000..e3fd977e --- /dev/null +++ b/profiles/bootstrap/amd64/parent @@ -0,0 +1,2 @@ +gentoo:default/linux/amd64/17.1/no-multilib/hardened +.. diff --git a/profiles/bootstrap/eapi b/profiles/bootstrap/eapi new file mode 100644 index 00000000..7f8f011e --- /dev/null +++ b/profiles/bootstrap/eapi @@ -0,0 +1 @@ +7 diff --git a/profiles/bootstrap/make.defaults b/profiles/bootstrap/make.defaults new file mode 100644 index 00000000..bfe4c043 --- /dev/null +++ b/profiles/bootstrap/make.defaults @@ -0,0 +1,17 @@ +CFLAGS="-march=native -O2 -pipe -fomit-frame-pointer" +CXXFLAGS="${CFLAGS}" + +FEATURES="cgroup" +FEATURES="${FEATURES} collision-protect config-protect-if-modified protect-owned" +FEATURES="${FEATURES} -news" +FEATURES="${FEATURES} nodoc noinfo noman" +FEATURES="${FEATURES} preserve-libs" +FEATURES="${FEATURES} sandbox ipc-sandbox mount-sandbox network-sandbox pid-sandbox" +FEATURES="${FEATURES} sfperms suidctl" +FEATURES="${FEATURES} strict multilib-strict strict-keepdir" +FEATURES="${FEATURES} unknown-features-warn" +FEATURES="${FEATURES} userpriv userfetch usersandbox" +FEATURES="${FEATURES} distlocks ebuild-locks" +FEATURES="${FEATURES} parallel-fetch" +FEATURES="${FEATURES} fixlafiles" +FEATURES="${FEATURES} xattr" diff --git a/profiles/bootstrap/package.use b/profiles/bootstrap/package.use new file mode 100644 index 00000000..535e7b92 --- /dev/null +++ b/profiles/bootstrap/package.use @@ -0,0 +1,55 @@ +*/* -* +*/* PYTHON_SINGLE_TARGET: python3_6 +*/* PYTHON_TARGETS: python3_6 + +app-admin/sudo offensive pam +app-arch/tar acl +app-crypt/gnupg readline ssl +app-crypt/pinentry caps ncurses +app-editors/vim acl +app-editors/vim-core acl +app-misc/ca-certificates cacert +app-misc/pax-utils caps seccomp +app-shells/bash bashlogger net +dev-lang/python hardened ipv6 ncurses readline ssl xml +dev-libs/gmp asm +dev-libs/libpcre cxx readline +dev-libs/libpcre2 readline +dev-libs/openssl asm gmp rfc3779 +dev-python/pypax xtpax +dev-vcs/git curl gpg iconv pcre threads +net-libs/gnutls seccomp +net-libs/ldns ecdsa +net-libs/nghttp2 threads +net-misc/curl curl_ssl_openssl http2 ipv6 ssl threads +net-misc/iputils caps filecaps ipv6 ssl +net-misc/openssh ecdsa hpn ldns pam ssl +net-misc/rsync acl iconv ipv6 xattr +sys-apps/coreutils acl caps gmp +sys-apps/dbus systemd +sys-apps/elfix xtpax +dev-libs/nettle gmp +sys-apps/gawk readline +sys-apps/hwids net pci udev +sys-apps/iproute2 caps -iptables ipv6 +sys-apps/kmod tools +sys-apps/less pcre +sys-apps/net-tools ipv6 +sys-apps/portage native-extensions -rsync-verify +sys-apps/sed acl +sys-apps/shadow acl cracklib pam xattr +sys-apps/systemd acl dns-over-tls kmod libidn2 lz4 pam pcre resolvconf seccomp sysv-utils +sys-apps/util-linux caps ncurses pam readline suid udev kill +sys-auth/pambase cracklib sha512 +sys-devel/binutils cxx gold plugins +sys-devel/gcc hardened nptl sanitize vtv +sys-devel/patch xattr +sys-fs/squashfs-tools xattr +sys-kernel/longterm-sources build +sys-libs/glibc caps +sys-libs/libcap pam +sys-libs/libcap-ng +sys-libs/ncurses cxx threads +sys-libs/pam cracklib filecaps +sys-process/procps ncurses +sys-process/psmisc ipv6 diff --git a/profiles/bootstrap/packages b/profiles/bootstrap/packages new file mode 100644 index 00000000..5adc7002 --- /dev/null +++ b/profiles/bootstrap/packages @@ -0,0 +1,54 @@ +-* + +# From gentoo:base/packages +*>=sys-apps/baselayout-2 +*app-arch/gzip +*app-arch/tar +*app-shells/bash:0 +*net-misc/iputils +*net-misc/rsync +*sys-apps/coreutils +*sys-apps/diffutils +*sys-apps/file +*>=sys-apps/findutils-4.4 +*sys-apps/gawk +*sys-apps/grep +*sys-apps/less +*sys-process/procps +*sys-process/psmisc +*sys-apps/sed +*sys-apps/which +*sys-devel/binutils +*sys-devel/gcc +*sys-devel/gnuconfig +*sys-devel/make +*>=sys-devel/patch-2.7 +*sys-fs/e2fsprogs +*virtual/dev-manager +*virtual/editor +*virtual/libc +*virtual/modutils +*virtual/os-headers +*virtual/package-manager +*virtual/pager +*virtual/service-manager +*virtual/shadow +*virtual/ssh + +# From gentoo:default/linux/packages +*sys-apps/iproute2 +*sys-apps/net-tools +*sys-apps/util-linux + +# From gentoo:features/hardened/packages +*sys-apps/elfix + +# Force virtual choice +*sys-apps/portage # virtual/package-manager +*net-misc/openssh # virtual/ssh +*sys-apps/systemd # virtual/service-manager +*app-editors/vim # virtual/editor + +*net-misc/curl +*sys-apps/ethtool +*sys-kernel/longterm-sources diff --git a/profiles/bootstrap/parent b/profiles/bootstrap/parent new file mode 100644 index 00000000..a32f8bc5 --- /dev/null +++ b/profiles/bootstrap/parent @@ -0,0 +1 @@ +gentoo:targets/systemd diff --git a/profiles/bootstrap/profile.bashrc b/profiles/bootstrap/profile.bashrc new file mode 120000 index 00000000..5a7ba31c --- /dev/null +++ b/profiles/bootstrap/profile.bashrc @@ -0,0 +1 @@ +../common/profile.bashrc \ No newline at end of file -- cgit v1.2.3