x86 hardened/x86 stable
x86 hardened/x86/2.6 stable
+# selinux profiles
+alpha selinux/2005.1/alpha stable
+amd64 selinux/2005.1/amd64 stable
+mips selinux/2005.1/mips stable
+ppc selinux/2005.1/ppc stable
+sparc selinux/2005.1/sparc64 stable
+x86 selinux/2005.1/x86 stable
+x86 selinux/2005.1/x86/hardened stable
+alpha selinux/alpha/2006.1 dev
+amd64 selinux/amd64/2006.1 dev
+mips selinux/mips/mips64/2006.1 dev
+ppc selinux/ppc/ppc32/2006.1/G3 dev
+ppc selinux/ppc/ppc32/2006.1/G4 dev
+sparc selinux/sparc/sparc64/2006.1 dev
+x86 selinux/x86/2006.1 dev
+
# uclibc/embedded multiarch profiles
#amd64 uclibc/amd64 dev
#arm uclibc/arm dev
--- /dev/null
+# Copyright 2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2005.1/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+USE="berkdb crypt ncurses pam python readline selinux ssl zlib"
+STAGE1_USE="selinux"
+GRP_STAGE23_USE="berkdb crypt ncurses pam python readline selinux ssl zlib"
+
+FEATURES="autoconfig strict sfperms"
+
+PORTAGE_T="portage_t"
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2005.1/package.mask,v 1.2 2006/10/05 06:16:34 pebenito Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2005.1/package.mask,v 1.3 2006/10/08 18:37:25 pebenito Exp $
# Chris PeBenito <pebenito@gentoo.org> (19 Mar 2006)
# Requires a new profile
->=sec-policy/selinux-base-policy-20060101
>=sys-libs/libsepol-1.12.28
>=sys-libs/libselinux-1.30.29
>=sys-libs/libsemanage-1.6.17
>=sys-apps/policycoreutils-1.30.30
>=sys-apps/checkpolicy-1.30.12
+>=sec-policy/selinux-apache-20060101
+>=sec-policy/selinux-arpwatch-20060101
+>=sec-policy/selinux-asterisk-20060101
+>=sec-policy/selinux-audio-entropyd-20060101
+>=sec-policy/selinux-base-policy-20060101
+>=sec-policy/selinux-bind-20060101
+>=sec-policy/selinux-clamav-20060101
+>=sec-policy/selinux-clockspeed-20060101
+>=sec-policy/selinux-courier-imap-20060101
+>=sec-policy/selinux-cyrus-sasl-20060101
+>=sec-policy/selinux-daemontools-20060101
+>=sec-policy/selinux-dante-20060101
+>=sec-policy/selinux-dhcp-20060101
+>=sec-policy/selinux-distcc-20060101
+>=sec-policy/selinux-djbdns-20060101
+>=sec-policy/selinux-ftpd-20060101
+>=sec-policy/selinux-gnupg-20060101
+>=sec-policy/selinux-gpm-20060101
+>=sec-policy/selinux-ipsec-tools-20060101
+>=sec-policy/selinux-jabber-server-20060101
+>=sec-policy/selinux-kerberos-20060101
+>=sec-policy/selinux-logrotate-20060101
+>=sec-policy/selinux-lvm-20060101
+>=sec-policy/selinux-mdadm-20060101
+>=sec-policy/selinux-mysql-20060101
+>=sec-policy/selinux-nfs-20060101
+>=sec-policy/selinux-ntop-20060101
+>=sec-policy/selinux-ntp-20060101
+>=sec-policy/selinux-openldap-20060101
+>=sec-policy/selinux-openvpn-20060101
+>=sec-policy/selinux-portmap-20060101
+>=sec-policy/selinux-postfix-20060101
+>=sec-policy/selinux-postgresql-20060101
+>=sec-policy/selinux-privoxy-20060101
+>=sec-policy/selinux-procmail-20060101
+>=sec-policy/selinux-publicfile-20060101
+>=sec-policy/selinux-qmail-20060101
+>=sec-policy/selinux-samba-20060101
+>=sec-policy/selinux-screen-20060101
+>=sec-policy/selinux-snmpd-20060101
+>=sec-policy/selinux-snort-20060101
+>=sec-policy/selinux-spamassassin-20060101
+>=sec-policy/selinux-squid-20060101
+>=sec-policy/selinux-stunnel-20060101
+>=sec-policy/selinux-sudo-20060101
+>=sec-policy/selinux-tftpd-20060101
+>=sec-policy/selinux-ucspi-tcp-20060101
+>=sec-policy/selinux-wireshark-20060101
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/alpha/2006.1/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# This is currently commented so that the stage1 tarball can also be used to
+# build no-nptl systems.
+#STAGE1_USE="nptl"
+
+USE="alsa apache2 arts avi bitmap-fonts cups eds encode esd fortran foomaticdb gdbm gif gnome gpm gstreamer gtk gtk2 imlib jpeg kde libg++ libwww mad mikmod motif mp3 mpeg nptl nptlonly ogg opengl oss pdflib png qt qt3 qt4 quicktime sdl spell truetype truetype-fonts type1-fonts udev vorbis X xml xmms xv"
--- /dev/null
+# Copyright 2001-2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/alpha/2006.1/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# For instructions on how this file works (as an inclusion mask, primarily),
+# please refer to ${PORTDIR}/profiles/base/packages
+
+# Use this file to lock down specific versions of packages ONLY TO THIS
+# SPECIFIC PROFILE!
+
+# You can also add files to the base system itself if you prefix them with a
+# *
+
+>=sys-apps/baselayout-1.11.12-r4
+>=sys-devel/binutils-2.15.90.0.3-r4
+>=sys-devel/gcc-3.3.4-r1
+>=sys-libs/glibc-2.3.3.20040420-r1
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/alpha/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+ARCH="alpha"
+ACCEPT_KEYWORDS="alpha"
+
+CHOST="alpha-unknown-linux-gnu"
+CFLAGS="-O2 -pipe"
+CXXFLAGS="${CFLAGS}"
+
+FEATURES="sandbox sfperms"
+
+USE="berkdb crypt ipv6 ncurses nls pam python readline ssl tcpd zlib"
--- /dev/null
+# Jose Luis Rivero <yoswink@gentoo.org> (7 Jul 2006)
+# Masked by lost of virtual java/{jdk,jre} providers see Bug #138747
+# also compaq java is dead upstream and buggy: Bug #84306, and others.
+dev-java/compaq-jdk
+dev-java/compaq-jre
+app-arch/dczip
+app-misc/jitac
+app-misc/openjnlp
+dev-tex/ppower4
+net-p2p/xnap
+dev-util/jarwizard
+
+# Thomas Cort <tcort@gentoo.org> (10 Jun 2006)
+# Masked for security Bug #134792 ; latest version broken
+net-p2p/amule
+
+# Thomas Cort <tcort@gentoo.org> (02 Jun 2006)
+# Masked for security Bug #130888 ; all other versions are broken, Bug #131359.
+mail-client/mozilla-thunderbird
--- /dev/null
+# Copyright 2001-2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/alpha/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# For instructions on how this file works (as an inclusion mask, primarily),
+# please refer to ${PORTDIR}/profiles/base/packages
+
+# Use this file to lock down specific versions of packages ONLY TO THIS
+# SPECIFIC ARCHITECTURE!!
+
+# You can also add files to the base system itself if you prefix them with a
+# *
+
+>=sys-devel/binutils-2.13.90.0.4
+>=sys-devel/gcc-3.2
+>=sys-libs/glibc-2.2.5-r7
+
+##############################################################################
+# SELinux required versionings
+
+>=sys-libs/libsepol-1.12.28
+>=sys-libs/libselinux-1.30.29
+>=sys-libs/libsemanage-1.6.17
+>=sys-apps/policycoreutils-1.30.30
+>=sys-apps/checkpolicy-1.30.12
+
+>=sec-policy/selinux-base-policy-20060101
+
+##############################################################################
--- /dev/null
+# Copyright 2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/alpha/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# This file masks out USE flags that are simply NOT allowed in the default
+# profile for any architecture. This works, for example, if a non-default
+# profile (such as the selinux profiles) have a USE flag associated with
+# them.
+
+# These are debatable, since technically an alpha could support this hardware
+pcmcia
+3dfx
+
+# avifile is broken atm
+avi
+
+# No hardware to test (unmask when tested)
+pda
+upnp
+
+# No apm support on alpha
+apm
+
+# alpha doesn't have java support other than compaq-j*, which isn't a
+# current version. must mask this to keep things sane
+java
+java-internal
+java-external
+
+# firebird appears to be x86-only (the db, not the browser)
+firebird
+
+# tcc is x86-only
+tcc
+
+# I don't think that openafs really works on other architectures,
+# despite some internal Gentoo efforts (mine) to port it
+afs
+
+# see email to gentoo-dev with subject "use.mask and PHP5's crazy IUSE"
+# Dated Sat, 31 Jul 2004 14:49:28 -0700, from robbat2@gentoo.org
+# all of these are binary-only, and not presently available on this
+# architecture.
+adabas
+birdstep
+cpdflib
+db2
+dbmaker
+empress
+empress-bcs
+esoob
+filepro
+frontbase
+hyperwave
+informix
+ingres
+oracle7
+oci8
+pfpro
+solid
+sybase
+sybase-ct
+
+hardened
+hal
+howl
+jack
+freetts
+djbfft
+lm_sensors
+
+gnustep
+
+emboss
+
+# Mask vpopmail until net-mail/vpopmail goes out of package.mask
+vpopmail
+
+# Mask pyste until gccxml / elementtree work on alpha
+pyste
+
+# Mask mono until ported to alpha
+mono
+
+# RDEPEND on mono
+beagle
+
+# can't test wireless currently
+wifi
+
+# dbus is not currently supported by alpha
+dbus
+dmi
+
+# apache segfaults when using mpm-peruser (bug 105778)
+mpm-peruser
+
+pike
+
+fdftk
+
+timidity
+
+# We don't have any virtual/mpi (bug 111807)
+mpi
+
+# masks required for asterisk
+bri
+pri
+zaptel
+
+# Modular X: mask non-alpha cards
+video_cards_apm
+video_cards_ark
+video_cards_chips
+video_cards_cyrix
+video_cards_i128
+video_cards_i740
+video_cards_i810
+video_cards_imstt
+video_cards_neomagic
+video_cards_newport
+video_cards_nsc
+video_cards_sis
+video_cards_trident
+video_cards_tseng
+video_cards_vesa
+video_cards_via
+
+# Needed for vim-7
+mzscheme
+netbeans
+
+# No go in Alpha
+nvtv
+
+# dspam and dspam-web use this one
+# We've never supported cyrus-imapd because nobody asked for
+cyrus
+
+# Masked until firefox is removed from package.mask
+# See security Bug #135254 ; all other versions are broken, Bug #128777.
+firefox
+
+# Masked until qt4 is keyworded, see Bug #128411 (re-keyword poppler-bindings)
+# Remove once Bug #112811 (keyword qt4) is resolved
+qt4
+
+# Masked until bmpx works and is re-keyworded, see Bug #111975
+bmpx
+
+# Paludis-0.6's QA tools need pcre++ which doesn't yet work
+qa
+
+# disable until tested
+# # bug 148402
+pcsc-lite
--- /dev/null
+# Copyright 2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/alpha/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+virtual/alsa sys-kernel/vanilla-sources
+virtual/bootloader sys-boot/aboot
+virtual/linux-sources sys-kernel/vanilla-sources
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/amd64/2006.1/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+ABI=amd64
+
+# Catalyst specific settings:
+# This will be commented and replaced with just STAGE1_USE="unicode" if we do
+# not end up with a stable glibc 2.4 by 2006.1's release.
+STAGE1_USE="nptl nptlonly unicode"
+
+# General 2006.1 profile settings
+USE="berkdb crypt ipv6 ncurses nls nptl nptlonly pam python readline ssl tcpd udev zlib"
--- /dev/null
+# Copyright 2001-2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/amd64/2006.1/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# For instructions on how this file works (as an inclusion mask, primarily),
+# please refer to ${PORTDIR}/profiles/base/packages
+
+# Use this file to lock down specific versions of packages ONLY TO THIS
+# SPECIFIC PROFILE!
+
+# You can also add files to the base system itself if you prefix them with a
+# *
+
+>=sys-apps/baselayout-1.11.12-r4
+>=sys-devel/binutils-2.15.90.0.3-r4
+>=sys-devel/gcc-3.3.4-r1
+>=sys-libs/glibc-2.3.3.20040420-r1
--- /dev/null
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/amd64/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+ARCH="amd64"
+ACCEPT_KEYWORDS="${ARCH}"
+
+CHOST="x86_64-pc-linux-gnu"
+CFLAGS="-O2 -pipe"
+CXXFLAGS="${CFLAGS}"
+
+FEATURES="sandbox sfperms"
+
+USE="berkdb crypt ipv6 ncurses nls pam python readline ssl tcpd zlib"
+
+# 2006/06/07 - Danny van Dyk <kugelfang@gentoo.org>
+# Multilib settings for all amd64 subprofiles.
+MULTILIB_ABIS="amd64 x86"
+DEFAULT_ABI="amd64"
+
+# 64bit specific settings.
+CHOST_amd64="x86_64-pc-linux-gnu"
+CDEFINE_amd64="__x86_64__"
+LIBDIR_amd64="lib64"
+
+# 32bit specific settings.
+CFLAGS_x86="-m32 -L/emul/linux/x86/lib -L/emul/linux/x86/usr/lib"
+LDFLAGS_x86="-m elf_i386 -L/emul/linux/x86/lib -L/emul/linux/x86/usr/lib"
+ASFLAGS_x86="--32"
+CHOST_x86="i686-pc-linux-gnu"
+CDEFINE_x86="__i386__"
+LIBDIR_x86="lib32"
+
+# FEATURES="multilib-strict" specific settings.
+MULTILIB_STRICT_DIRS="/lib /usr/lib /usr/kde/*/lib /usr/qt/*/lib /usr/X11R6/lib"
+MULTILIB_STRICT_DENY="64-bit.*shared object"
+MULTILIB_STRICT_EXEMPT="(perl5|gcc|gcc-lib|binutils|eclipse-3|debug|portage)"
+
+# Let sys-apps/baselayout create the lib symlink.
+SYMLINK_LIB="yes"
--- /dev/null
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/amd64/package.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# 2005.0 Jeremy Huddleston <eradicator@gentoo.org>
+# This is a stub file 'cause glibc provides 32bit libs on newer profiles
+=app-emulation/emul-linux-x86-glibc-1000
+
+# 2005/10/24 Simon Stelling <blubb@gentoo.org>
+# Don't even try to compile openoffice-2.x, it won't work.
+>=app-office/openoffice-2.0.0
+
--- /dev/null
+*sys-apps/setarch
+
+##############################################################################
+# SELinux required versionings
+
+>=sys-libs/libsepol-1.12.28
+>=sys-libs/libselinux-1.30.29
+>=sys-libs/libsemanage-1.6.17
+>=sys-apps/policycoreutils-1.30.30
+>=sys-apps/checkpolicy-1.30.12
+
+>=sec-policy/selinux-base-policy-20060101
+
+# Critical xattr fixes:
+>=sys-boot/grub-0.94
+>=sys-boot/grub-static-0.94
+
+##############################################################################
--- /dev/null
+BAD_FLAGS=( "-fvisibility=hidden" "-fvisibility-hidden" "-fvisibility-inlines-hidden" "-fPIC" "-fpic" "-m32" "-m64" "-g3" "-ggdb3" "-ffast-math" )
+
+getPROG() {
+ local var=$1 prog=$2
+
+ if [[ -n ${!var} ]] ; then
+ echo "${!var}"
+ return 0
+ fi
+
+ local search=
+ [[ -n $3 ]] && search=$(type -p "$3-${prog}")
+ [[ -z ${search} && -n ${CHOST} ]] && search=$(type -p "${CHOST}-${prog}")
+ [[ -n ${search} ]] && prog=${search##*/}
+
+ export ${var}=${prog}
+ echo "${!var}"
+}
+
+get_broken_flags() {
+ local myprog="${1}" lang="${2}"
+ shift 2
+
+ # this finds general broken flags, such as -02 or bogus -f flags
+ echo 'main(){}' | LC_ALL=C ${myprog} ${@} -x ${lang} -o /dev/null - 2>&1 | \
+ egrep "unrecognized .*option" | \
+ egrep -o -- '('\''|\"|`)-.*' | \
+ sed -r 's/('\''|`|")//g; s/^/"/; s/$/"/'
+
+ # this will find bogus debug output types, such as -gfoobar
+ echo 'main(){}' | LC_ALL=C ${myprog} ${@} -x ${lang} -o /dev/null - 2>&1 | \
+ egrep "unrecognised debug output" | \
+ egrep -o -- '('\''|\"|`).*' | \
+ sed -r 's/('\''|`|")//g; s/^/"-g/; s/$/"/'
+}
+
+remove_flag() {
+ local remove="${1}"
+ shift
+
+ while [[ "${1}" ]]; do
+ [[ "${1}" != "${remove}" ]] && echo -n "${1} "
+ shift
+ done
+}
+
+filter_invalid_flags() {
+ local flag broken_flags
+
+ eval broken_flags=( $(get_broken_flags $(getPROG CC gcc) c ${CFLAGS}) )
+ for flag in "${broken_flags[@]}"; do
+ ewarn "Filtering out invalid CFLAG \"${flag}\""
+ CFLAGS="$(remove_flag "${flag}" ${CFLAGS})"
+ done
+
+ eval broken_flags=( $(get_broken_flags $(getPROG CXX g++) c++ ${CXXFLAGS}) )
+ for flag in "${broken_flags[@]}"; do
+ ewarn "Filtering out invalid CXXFLAG \"${flag}\""
+ CXXFLAGS="$(remove_flag "${flag}" ${CXXFLAGS})"
+ done
+}
+
+bashrc_has() {
+ [[ " ${*:2} " == *" $1 "* ]]
+}
+
+if [[ ${EBUILD_PHASE} == "setup" ]]; then
+
+ filter_invalid_flags
+
+ unset trigger
+
+ for flag in "${BAD_FLAGS[@]}"; do
+ if bashrc_has ${flag} ${CFLAGS}; then
+ trigger=1
+ eerror "Your CFLAGS contains \"${flag}\" which can break packages."
+ fi
+ if bashrc_has ${flag} ${CXXFLAGS}; then
+ trigger=1
+ eerror "Your CXXFLAGS contains \"${flag}\" which can break packages."
+ fi
+ done
+ if [[ ${trigger} ]]; then
+ eerror ""
+ eerror "Before you file a bug, please remove these flags and "
+ eerror "re-compile the package in question as well as all its dependencies"
+ sleep 5
+ fi
+
+ unset flag trigger
+fi
+
+unset BAD_FLAGS
--- /dev/null
+# Copyright 2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/amd64/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# SECTION: Unmask
+
+# 2006/06/07 - Danny van Dyk <kugelfang@gentoo.org>
+# Profile cleanup: Unmask emul-linux-x86
+-emul-linux-x86
+
+# 2005/09/14 - Diego Pettenò <flameeyes@gentoo.org>
+# nVidia XvMC support works on amd64
+-nvidia
+
+# 2005/12/01 - Daniel Gryniewicz <dang@gentoo.org>
+# There is now a kqemu that works and is stable on amd64
+-kqemu
+
+# 2006/03/03 - Luca Barbato <lu_zero@gentoo.org>
+# codec support x264
+-x264
+
+# 2006/01/28 - Donnie Berkholz <dberkholz@gentoo.org>
+# Modular X: unmask for architectures on which they are available
+-input_devices_synaptics
+-input_devices_vmmouse
+-input_devices_wacom
+-video_cards_nvidia
+-video_cards_fglrx
+-video_cards_vmware
+
+# SECTION: Unavailable/Broken
+
+# 2006/09/05 - Tupone Alfredo <tupone@gentoo.org>
+# doomsday ebuild is not available on this architecture
+doomsday
+
+# 2006/06/07 - Danny van Dyk <kugelfang@gentoo.org>
+# Profile cleanup: No info about these
+afs
+asm
+drac
+multitarget
+tcc
+vidix
+
+# 2006/06/07 - Danny van Dyk <kugelfang@gentoo.org>
+# Masked due to bug #127328; prohibits DEPENDs on
+# this flag makes media-gfx/inkscape dep on media-gfx/pstoedit
+# which deps on libemf
+plugin
+
+# 2006/02/05 - Donnie Berkholz <dberkholz@gentoo.org>
+# Modular X: mask for architectures on which they aren't available
+video_cards_i740
+video_cards_imstt
+video_cards_newport
+video_cards_nsc
+
+# 2005/09/19 - Olivier Fisette <ribosome@gentoo.org>
+# cmucl is not available on amd64. Masking to keep "sci-mathematics/maxima"
+# happy.
+cmucl
+
+# 2005/08/28 - Simon Stelling <blubb@gentoo.org>
+# sci-libs/cdf doesn't build
+cdf
+
+# 2005/06/04 - Simon Stelling <blubb@gentoo.org>
+# dev-util/xdelta doesn't work as expected by this use flag, it can only use
+# xdelta-files made on a 64bit system
+kdexdeltas
+
+# 2004/11/13 - Tom Martin <slarti@gentoo.org>
+# dev-libs/mzscheme won't build, #65216
+mzscheme
+
+# 2004/10/06 - Jeremy Huddleston <eradicator@gentoo.org>
+# sys-cluster/pvm won't build
+pvm
+
+# 2004/06/22 - Taken from 2004.0 profile
+# Firebird doesnt build on amd64
+firebird
+
+# 2004/06/22 - Taken from 2004.0 profile
+# x86 binary only, used by php
+fdftk
+
+# 2004/06/22 - Taken from 2004.0 profile
+# masked
+3dfx
+
+# NOT NECESSARY - SECTION
+
+# see email to gentoo-dev with subject "use.mask and PHP5's crazy IUSE"
+# Dated Sat, 31 Jul 2004 14:49:28 -0700, from robbat2@gentoo.org
+# all of these are binary-only, and not presently available on this
+# architecture.
+adabas
+birdstep
+cpdflib
+dbmaker
+empress
+empress-bcs
+esoob
+filepro
+frontbase
+hyperwave
+informix
+ingres
+pfpro
+solid
+sybase
+sybase-ct
+
+
+# new keyword zrtp related to
+# net-libs/libzrtpcpp package
+# masked pending testing - bug #149793
+zrtp
--- /dev/null
+# Copyright 2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/amd64/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+virtual/bootloader sys-boot/grub
# Copyright 1999-2004 Gentoo Foundation.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/make.defaults,v 1.2 2005/04/01 02:43:50 pebenito Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/make.defaults,v 1.3 2006/10/08 18:37:25 pebenito Exp $
+#
+# System-wide defaults for the Portage system
+# See portage(5) manpage
+#
+# Please avoid enabling things by default in here if possible. Understand any
+# implications with core packages. For example, if "java" is in USE and db
+# has a conditional dependency on java (which it does,) then a JDK will be
+# pulled in during *emerge system*!
-USE="berkdb crypt ncurses pam python readline selinux ssl zlib"
-STAGE1_USE="selinux"
-GRP_STAGE23_USE="berkdb crypt ncurses pam python readline selinux ssl zlib"
+USE="selinux"
-FEATURES="autoconfig selinux strict sfperms"
+FEATURES="selinux sesandbox"
POLICYDIR="/etc/security/selinux/src/policy"
-PORTAGE_T="portage_t"
+POLICY_TYPES="strict targeted"
PORTAGE_FETCH_T="portage_fetch_t"
PORTAGE_SANDBOX_T="portage_sandbox_t"
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/mips/mips64/2006.1/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+ARCH="mips"
+
+# Even though this is a 64bit kernel, we use a 32-bit userland (o32)
+CHOST="mips-unknown-linux-gnu"
+
+# Used in ebuilds for verifying mips64 profile
+PROFILE_ARCH="mips64"
+
+# Sandbox is broken on mips (Bug #45814)
+FEATURES="-sandbox ccache autoconfig"
+
+# Compiler flags
+# We build a *minimum* of mips3, because just about any mips64 box we theoretically
+# support should meet the mips3 standard. This is also the mips64 o32 profile,
+# so make that the default ABI
+CFLAGS="-O2 -pipe -march=mips3 -mabi=32"
+CXXFLAGS=${CFLAGS}
+
+ACCEPT_KEYWORDS="mips"
+
+USE="berkdb crypt ipv6 ncurses nls pam python readline ssl tcpd zlib"
--- /dev/null
+# Copyright 2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/mips/mips64/2006.1/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# mips64 o32 packages
+
+# Since we're running a mips64 kernel w/ 32bit (o32) userland,
+# we need gcc-mips64 for kernels
+*sys-devel/gcc-mips64
+
+# Sometimes necessary to trick programs into thinking we're really
+# a mips32 system.
+*sys-apps/setarch
--- /dev/null
+# Copyright 2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/mips/package.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+###################################################################
+# Mask gcc-mips64 #
+# Use sys-devel/kgcc64 from now on -- it replaces gcc-mips64 #
+###################################################################
+sys-devel/gcc-mips64
--- /dev/null
+# Copyright 2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/mips/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# Top-level mips profile
+
+##############################################################################
+# SELinux required versionings
+
+>=sys-libs/libsepol-1.12.28
+>=sys-libs/libselinux-1.30.29
+>=sys-libs/libsemanage-1.6.17
+>=sys-apps/policycoreutils-1.30.30
+>=sys-apps/checkpolicy-1.30.12
+
+>=sec-policy/selinux-base-policy-20060101
+
+##############################################################################
--- /dev/null
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/mips/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# Untested on mips, masking for now.
+cdb
+nextaw
+
+# Don't need these either
+gstreamer
+gtkhtml
+gnome
+
+# We don't use this (yet). It's a dep for gnome-vfs with four of its own.
+# Excluding it on mips until someone reports a need for it.
+avahi
+
+# Until someone actually needs fuse, we'll mask it as
+# it holds up stablizing ntfsprogs
+fuse
+
+# 2006/03/07 - Donnie Berkholz <dberkholz@gentoo.org>
+# Modular X: mask for architectures lacking direct rendering
+dri
+
+# Stephen P. Becker <geoman@gentoo.org>
+-video_cards_newport
+-video_cards_impact
+
+# Stephen P. Becker <geoman@gentoo.org>
+# more modular X stuff
+video_cards_epson
+video_cards_tdfx
+video_cards_sunffb
+video_cards_mach64
+video_cards_mga
+video_cards_nv
+video_cards_r128
+video_cards_radeon
+video_cards_savage
+video_cards_sis
+input_devices_acecad
+input_devices_aiptek
+input_devices_calcomp
+input_devices_citron
+input_devices_digitaledge
+input_devices_dmc
+input_devices_dynapro
+input_devices_elo2300
+input_devices_elographics
+input_devices_fpit
+input_devices_hyperpen
+input_devices_jamstudio
+input_devices_magellan
+input_devices_magictouch
+input_devices_microtouch
+input_devices_mutouch
+input_devices_palmax
+input_devices_penmount
+input_devices_spaceorb
+input_devices_summa
+input_devices_synaptics
+input_devices_tek4957
+input_devices_ur98
+input_devices_vmmouse
+input_devices_void
+input_devices_wacom
+input_devices_joystick
+video_cards_chips
+video_cards_cirrus
+video_cards_fglrx
+video_cards_glint
+video_cards_nvidia
+video_cards_s3
+video_cards_s3virge
+video_cards_savage
+video_cards_sisusb
+video_cards_sunbw2
+video_cards_suncg14
+video_cards_suncg3
+video_cards_suncg6
+video_cards_sunleo
+video_cards_suntcx
+video_cards_trident
+video_cards_vmware
+video_cards_voodoo
+
+# 2006/02/05 - Donnie Berkholz <dberkholz@gentoo.org>
+# Modular X: mask for architectures on which they aren't available
+video_cards_apm
+video_cards_ark
+video_cards_cyrix
+video_cards_i128
+video_cards_i740
+video_cards_i810
+video_cards_imstt
+video_cards_neomagic
+video_cards_nsc
+video_cards_rendition
+video_cards_siliconmotion
+video_cards_tga
+video_cards_tseng
+video_cards_vesa
+video_cards_vga
+video_cards_via
+
+# Diego Pettenò <flameeyes@gentoo.org>
+# Until xine-lib's keywording cannot be maintained, please leave it masked.
+xine
+
+# Stephen P. Becker <geoman@gentoo.org>
+# remasking hal because of numerous dependency issues
+hal
+
+# Aaron Walker <ka0ttic@gentoo.org>
+# Temporarily masking until net-nds/c-ares can be tested properly
+ares
+
+# Stephen P. Becker <geoman@gentoo.org>
+# masking mono because it doesn't work on mips
+mono
+
+# Hardave Riar <hardave@gentoo.org>
+# Temporarily masking ieee1394 until it can be tested
+# Quick fix to my tree b0rkage
+ieee1394
+
+# Hardave Riar <hardave@gentoo.org>
+# No hardware support
+lm_sensors
+
+# Hardave Riar <hardave@gentoo.org>
+# Temporarily masking wifi until I can test it
+# Preventing kde from going stable
+wifi
+
+# Henrik Brix Andersen <brix@gentoo.org>
+# According to the mips herd, we currently have no way of testing
+# pcmcia on mips, bug #90359
+pcmcia
+
+# John N. Laliberte <allanonjl@gentoo.org>
+# mask scanner support
+scanner
+
+# Stephen P. Becker <geoman@gentoo.org>
+# mad just spits out static on mips (ip22)
+mad
+
+# Armando Di Cianno <fafhrd@gentoo.org>
+# gnustep is currently unbuildable on mips - masking this to repair windowmaker
+# broken mips keywording becuase of 'gnustep' USE flag
+gnustep
+
+# Hardave Riar <hardave@gentoo.org>
+# This should work, someone with a usb card and digital camera should test it
+gphoto2
+
+# Hardave Riar <hardave@gentoo.org>
+# This will probablly work, but no hardware to test with
+gnokii
+
+# Hardave Riar <hardave@gentoo.org>
+# x86 binary only package
+fdftk
+
+# Ciaran McCreesh <ciaranm@gentoo.org>
+# unresolved dep, bug #82428
+emboss
+
+# Joshua Kinard <kumba@gentoo.org>
+# dietlibc isn't known to work on mips
+diet
+
+# Stephen P. Becker <geoman@gentoo.org>
+# masked because it hoses xchat on 64-bit machines
+xosd
+
+# Stephen P. Becker <geoman@gentoo.org>
+# masked for now until this can be properly tested with alsa
+jack
+
+# Stephen P. Becker <geoman@gentoo.org>
+# masked because of silly java deps with gnome (we have no jre on mips)
+accessibility
+
+# Stephen P. Becker <geoman@gentoo.org>
+# masked because mozilla doesn't work on mips
+mozilla
+
+# Stephen P. Becker <geoman@gentoo.org>
+# masked because I say so, gnome--
+pda
+
+# Ciaran McCreesh <ciaranm@gentoo.org>
+# not even slightly reliable, bug #65216
+mzscheme
+
+# Stephen P. Becker <geoman@gentoo.org>
+# masked because gaim sucks
+evo
+
+# Ilya A. Volynets-Evenbach
+# no nptl on mips yet
+nptl
+nptlonly
+
+# Paul de Vrieze <pauldv@gentoo.org>
+# There is no java in this profile (if there is it must be available). Without
+# this repoman will fail on apps like sys-libs/db
+java
+
+# Ciaran McCreesh <ciaranm@gentoo.org>
+# No java, no netbeans
+netbeans
+
+# Aron Griffis <agriffis@gentoo.org>
+# acl doesn't build on mips atm. Mask it so that vim quits
+# complaining
+acl
+
+# masked until gnome-extra/evolution-data-server is keyworded for mips
+eds
+
+# Flags which aren't applicable to mips (Mostly copied from sparc)
+3dfx
+acpi
+afs
+apm
+arts
+directfb
+dvdr
+ibm
+informix
+firebird
+ggi
+lirc
+oci8
+tcc
+trusted
+voodoo3
+smartcard
+emacs
+
+# should work but jasper not tested yet
+jpeg2k
+
+# see email to gentoo-dev with subject "use.mask and PHP5's crazy IUSE"
+# Dated Sat, 31 Jul 2004 14:49:28 -0700, from robbat2@gentoo.org
+# all of these are binary-only, and not presently available on this
+# architecture.
+php
+adabas
+birdstep
+cpdflib
+db2
+dbmaker
+empress
+empress-bcs
+esoob
+filepro
+frontbase
+hyperwave
+informix
+ingres
+oracle7
+oci8
+pfpro
+solid
+sybase
+sybase-ct
+djbfft
+glitz
+pike
+ocaml
+timidity
+
+# Mask all non-mips arch keywords
+alpha
+amd64
+arm
+hppa
+ia64
+m68k
+ppc
+ppc64
+ppc-macos
+s390
+sh
+sparc
+x86
+x86-fbsd
+
+# Paludis-0.6.0's QA tools need libpcre++, which hasn't been shown to work yet
+qa
+
+# disable until tested
+# bug 148402
+pcsc-lite
--- /dev/null
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/mips/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+virtual/alsa sys-kernel/mips-sources
+virtual/linux-sources sys-kernel/mips-sources
+virtual/os-headers sys-kernel/mips-headers
+virtual/dev-manager sys-fs/udev
+virtual/modutils sys-apps/module-init-tools
+virtual/logger app-admin/syslog-ng
+virtual/glu media-libs/mesa
+virtual/opengl x11-base/xorg-x11
+virtual/x11 x11-base/xorg-x11
+virtual/xft x11-base/xorg-x11
+virtual/glut media-libs/freeglut
+
-# Copyright 1999-2004 Gentoo Foundation.
+# Copyright 2002-2006 Gentoo Foundation.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/packages,v 1.20 2006/03/14 14:48:16 pebenito Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/packages,v 1.21 2006/10/08 18:37:25 pebenito Exp $
+
+# This file extends the base packages file for the default profile that all
+# architectures will enjoy. Please note that default is what most architectures
+# will have. Some will have an selinux profile (see ${PORTDIR}/profiles/selinux).
+# The idea is to only create a new family of profiles when absolutely necessary.
+
+*sys-apps/busybox
+*sys-apps/hdparm
+*sys-apps/man-pages
##############################################################################
-# SELinux required versionings
+# Basic SELinux required versionings
# Core Packages
-*>=sys-apps/portage-2.0.49-r15
-*>=sys-apps/baselayout-1.8.6.12-r2
+>=sys-apps/portage-2.0.49-r15
+>=sys-apps/baselayout-1.8.6.12-r2
>=sys-libs/glibc-2.3
>=sys-libs/uclibc-0.9.26-r8
>=sys-kernel/linux-headers-2.4.20
# Base SELinux packages
+*sys-libs/libsepol
*sys-libs/libselinux
+*sys-libs/libsemanage
*sys-apps/checkpolicy
*sys-apps/policycoreutils
-*>=sec-policy/selinux-base-policy-20030817
-*>=dev-python/python-selinux-2.0
-
-# SELinux-patched packages
-*app-arch/tar
-*>=net-misc/openssh-3.7.1_p2
-*>=sys-apps/coreutils-5.0.91
-*>=sys-apps/findutils-4.1.20-r1
-*>=sys-apps/shadow-4.0.3-r7
+*sec-policy/selinux-base-policy
+
+# SELinux-aware packages
+>=net-misc/openssh-3.7.1_p2
+>=sys-apps/coreutils-5.0.91
+>=sys-apps/findutils-4.1.20-r1
+>=sys-apps/shadow-4.0.3-r7
*>=sys-apps/util-linux-2.12
*>=sys-libs/pam-0.77
-*>=sys-process/procps-3.1.15
-*>=sys-process/psmisc-21.2-r4
+>=sys-process/procps-3.1.15
+>=sys-process/psmisc-21.2-r4
-# optional SELinux-patched programs:
+# optional SELinux-aware programs:
>=app-admin/logrotate-3.6.5-r1
>=gnome-base/gdm-2.4.4.7
->=sys-apps/pam-login-3.14
>=sys-apps/fcron-2.9.4
>=sys-fs/udev-055
>=sys-libs/pwdb-0.61-r4
>=sys-process/vixie-cron-3.0.1-r2
-# New API SELinux kernels
+# SELinux is integrated in 2.6
>=sys-kernel/gentoo-sources-2.6.0
>=sys-kernel/hardened-sources-2.6.0
+>=sys-kernel/mips-sources-2.6.0
+>=sys-kernel/sparc-sources-2.6.0
>=sys-kernel/vanilla-sources-2.6.0
-##############################################################################
-
-*virtual/bootloader
+++ /dev/null
-app-arch/bzip2
-app-arch/tar
-app-shells/bash
-dev-lang/perl
-dev-lang/python
-dev-python/python-selinux
-net-misc/rsync
-net-misc/wget
-sec-policy/selinux-base-policy
-sys-apps/baselayout
-sys-apps/coreutils
-sys-apps/debianutils
-sys-apps/diffutils
-sys-apps/file
-sys-apps/findutils
-sys-apps/gawk
-sys-apps/grep
-sys-apps/less
-sys-apps/net-tools
-sys-apps/policycoreutils
-sys-apps/portage
-sys-apps/sed
-sys-apps/texinfo
-sys-devel/binutils
-sys-devel/bison
-sys-devel/flex
-sys-devel/gcc
-sys-devel/gettext
-sys-devel/gnuconfig
-sys-devel/make
-sys-devel/patch
-sys-libs/glibc
-sys-libs/libselinux
-virtual/editor
-virtual/gzip
-virtual/os-headers
--- /dev/null
+##############################################################################
+# SELinux required versionings
+
+>=sys-libs/libsepol-1.12.28
+>=sys-libs/libselinux-1.30.29
+>=sys-libs/libsemanage-1.6.17
+>=sys-apps/policycoreutils-1.30.30
+>=sys-apps/checkpolicy-1.30.12
+
+>=sec-policy/selinux-base-policy-20060101
+
+##############################################################################
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/ppc/ppc32/2006.1/G3/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+CFLAGS="-O2 -mtune=G3 -mcpu=G3 -pipe"
+CXXFLAGS="${CFLAGS}"
+
+STAGE1_USE="unicode"
+USE="${STAGE1_USE} ${USE}"
--- /dev/null
+# Mask altivec on G3
+altivec
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/ppc/ppc32/2006.1/G4/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+CFLAGS="-O2 -mtune=G4 -mcpu=G4 -maltivec -mabi=altivec -pipe"
+CXXFLAGS="${CFLAGS}"
+
+STAGE1_USE="altivec unicode"
+USE="${STAGE1_USE} ${USE}"
--- /dev/null
+# Copyright 2001-2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/ppc/ppc32/2006.1/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# For instructions on how this file works (as an inclusion mask, primarily),
+# please refer to ${PORTDIR}/profiles/base/packages
+
+# Use this file to lock down specific versions of packages ONLY TO THIS
+# SPECIFIC PROFILE!
+
+# You can also add files to the base system itself if you prefix them with a
+# *
+
+>=sys-apps/baselayout-1.11.13-r1
+>=sys-devel/binutils-2.16.1
+>=sys-devel/gcc-4.1.1
+>=sys-libs/glibc-2.4
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/ppc/ppc32/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# All extra USE/etc should be specified in sub-profiles.
+# DO NOT POLLUTE USE ON THIS PROFILE.
+
+ARCH="ppc"
+ACCEPT_KEYWORDS="ppc"
+
+CHOST="powerpc-unknown-linux-gnu"
+CFLAGS="-O2 -pipe"
+CXXFLAGS="${CFLAGS}"
+
+FEATURES="sandbox sfperms"
+
+STAGE1_USE="unicode"
+USE="${STAGE1_USE} berkdb crypt ipv6 ncurses nls nptl pam python readline ssl tcpd zlib"
--- /dev/null
+# This is a list of USE flags that should not be used on PPC
+
+cmucl
+hdf
+ip28
+real
+tcc
+fmod
+i8x0
+xvmc
+
+# Fixes bug #86787
+fusion
+
+# User Mode Linux isn't supported on ppc yet
+uml
+
+# 2006/08/18 - Donnie Berkholz <dberkholz@gentoo.org>
+# Modular X: mask for architectures on which they aren't available
+video_cards_apm
+video_cards_ark
+video_cards_cyrix
+video_cards_i128
+video_cards_i740
+video_cards_i810
+video_cards_neomagic
+video_cards_nsc
+video_cards_rendition
+video_cards_siliconmotion
+video_cards_sis
+video_cards_tga
+video_cards_tseng
+video_cards_vesa
+video_cards_vga
+video_cards_via
--- /dev/null
+# Copyright 2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/ppc/ppc32/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+virtual/bootloader sys-boot/yaboot
+virtual/ooo app-office/openoffice
--- /dev/null
+# These use-flags won't work neither on ppc32 nor on ppc64
+
+3dfx
+acpi
+afs
+avi
+fdftk
+lm_sensors
+rar
+
+#keep and eye on firebird and interbase as pair
+firebird
+interbase
+
+# Unmask our instruction sets
+-altivec
+-pbbuttonsd
+-ppcsha1
+
+# codec support
+-x264
+
+# see email to gentoo-dev with subject "use.mask and PHP5's crazy IUSE"
+# Dated Sat, 31 Jul 2004 14:49:28 -0700, from robbat2@gentoo.org
+# all of these are binary-only, and not presently available on this
+# architecture.
+adabas
+birdstep
+cpdflib
+db2
+dbmaker
+empress
+empress-bcs
+esoob
+filepro
+frontbase
+hyperwave
+informix
+ingres
+oracle7
+pfpro
+solid
+sybase
+sybase-ct
+
+# Luca Longinotti <chtekk@gentoo.org>
+# mask Oracle
+oci8
+
+# cg is only provided by nvidia's binary only cg toolkit
+cg
+
+# dmi depends on PC BIOSes, we don't have those
+dmi
+
+# Masking mbrola for bug #84322, if a new version is released, remove this
+mbrola
+
+# Appears to be x86 only, feel free to remove if you disagree
+nvtv
+
+# new keyword zrtp related to
+# net-libs/libzrtpcpp package
+# masked pending testing - bug #149793
+zrtp
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+ARCH="sparc"
+ACCEPT_KEYWORDS="${ARCH}"
+FEATURES="sandbox sfperms"
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# Top-level sparc profile
+
+# SPARC specific stuff (32 and 64 bit)
+*sys-apps/sparc-utils
+
+##############################################################################
+# SELinux required versionings
+
+>=sys-libs/libsepol-1.12.28
+>=sys-libs/libselinux-1.30.29
+>=sys-libs/libsemanage-1.6.17
+>=sys-apps/policycoreutils-1.30.30
+>=sys-apps/checkpolicy-1.30.12
+
+>=sec-policy/selinux-base-policy-20060101
+
+##############################################################################
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/2006.1/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# USE settings
+USE="berkdb crypt gcc64 ipv6 ncurses nls pam python readline ssl tcpd zlib"
+STAGE1_USE="gcc64 nptl nptlonly"
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/2006.1/package.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# Jason Wever <weeve@gentoo.org>
+# gradm requires 64 bit support, which doesn't exist in this profile
+>sys-apps/gradm-2.0.1-r1
+
+# Gustavo Zacarias <gustavoz@gentoo.org>
+# To avoid odd toolchain mixups
+<dev-libs/libffi-3.4.3
+
+# Mask gcc-4.x and glibc-2.4 until they are ready
+>=sys-devel/gcc-4.0.0
+>=sys-libs/glibc-2.4
+>=sys-kernel/linux-headers-2.6.17
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/2006.1/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# We really want 3.4.x for this profile
+*>=sys-devel/gcc-3.4.5
+*>=sys-devel/binutils-2.16.1-r2
+
+# Need newer ones to build with gcc 3.4.x
+*>=sys-libs/glibc-2.3.6-r3
+
+# Since we're running a sparc64 kernel w/ 32bit (v9) userland,
+# we need gcc-sparc64 for kernels.
+*>=sys-devel/gcc-sparc64-3.4.6
+
+# Jeremy Huddleston <eradicator@gentoo.org>
+# Earlier versions aren't patched to work with 2.6 headers
+*>=sys-boot/silo-1.4.10
+
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/2006.1/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# Java and java-related stuffs
+freetts
+java
+java-internal
+java-external
+netbeans
+
+# New stuff enabled
+-hal
+-ipod
+-alsa
+-ladcca
+-udev
+-pmount
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/2006.1/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+virtual/dev-manager sys-fs/udev
+virtual/linux-sources sys-kernel/gentoo-sources
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# 64bit kernel, 32bit userland
+CHOST="sparc-unknown-linux-gnu"
+PROFILE_ARCH="sparc64"
+
+# We need sparc64 binutils for linux-headers
+CTARGETS_BINUTILS="sparc-unknown-linux-gnu sparc64-unknown-linux-gnu"
+STAGE1_USE="gcc64"
+
+# Multilib stuff
+MULTILIB_ABIS="sparc32"
+DEFAULT_ABI="sparc32"
+ABI=${DEFAULT_ABI}
+CFLAGS_sparc32="-m32"
+LDFLAGS_sparc32="-m elf32_sparc"
+CHOST_sparc32="sparc-unknown-linux-gnu"
+CTARGET_sparc32="sparc-unknown-linux-gnu"
+CDEFINE_sparc32="!__arch64__"
+LIBDIR_sparc32="lib"
+
+# Compiler flags
+CFLAGS="-O2 -mcpu=ultrasparc -pipe"
+CXXFLAGS=${CFLAGS}
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# Sometimes necessary to trick programs into thinking we're really
+# a sparc32 system.
+*sys-apps/setarch
+
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/sparc64/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+-vis
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# This file contains a list of useflags that cannot be used on sparc.
+
+3dfx
+acpi
+afs
+amd
+apm
+cle266
+cmucl
+commercial
+directfb
+djbfft
+dvb
+dmi
+emboss
+fdftk
+glitz
+hal
+i8x0
+ibm
+informix
+lirc
+lm_sensors
+mod
+modplug
+mpm-peruser
+nvtv
+oci8
+pbs
+pcmcia
+pmount
+rar
+real
+tcc
+trusted
+udev
+uml
+voodoo3
+wavelan
+wifi
+xvmc
+
+# Asterisk use flag masking
+bri
+florz
+resperl
+zaptel
+ukcid
+
+# Mono doesn't work on sparc
+# eradicator@gentoo.org
+mono
+
+# And since there's no mono yet... <gustavoz>
+beagle
+
+# pyste has untested/unkeyworded deps on sparc
+pyste
+
+# They're borked <gustavoz>
+dar32
+dar64
+
+# Seti@home is gone <gustavoz>
+seti
+
+# 2006/09/05 - Tupone Alfredo <tupone@gentoo.org>
+# doomsday ebuild is not available on this architecture
+doomsday
+
+# see email to gentoo-dev with subject "use.mask and PHP5's crazy IUSE"
+# Dated Sat, 31 Jul 2004 14:49:28 -0700, from robbat2@gentoo.org
+# all of these are binary-only, and not presently available on this
+# architecture.
+adabas
+birdstep
+cpdflib
+db2
+dbmaker
+empress
+empress-bcs
+esoob
+filepro
+frontbase
+hyperwave-api
+ingres
+libedit
+oracle7
+pfpro
+solid
+sybase
+sybase-ct
+
+# Unmask ultra1
+-ultra1
+
+# Other masks
+clisp
+hdf5
+ipod
+pike
+
+# Alsa is b0rked for now
+alsa
+ladcca
+
+# Mask v4l2 as it depends on 2.6 headers and hasn't been confirmed to work yet
+v4l2
+
+# Unmask sparc-only video cards
+-video_cards_sunbw2
+-video_cards_suncg14
+-video_cards_suncg3
+-video_cards_suncg6
+-video_cards_sunffb
+-video_cards_sunleo
+-video_cards_suntcx
+
+# 2006/02/05 - Donnie Berkholz <dberkholz@gentoo.org>
+# Modular X: mask for architectures on which they aren't available
+video_cards_cyrix
+video_cards_nsc
+video_cards_s3
+video_cards_sis
+video_cards_tseng
+video_cards_via
+video_cards_imstt
+video_cards_s3virge
+video_cards_i128
+video_cards_trident
+video_cards_neomagic
+video_cards_cirrus
+video_cards_tga
+video_cards_i740
+video_cards_siliconmotion
+video_cards_ark
+video_cards_rendition
+video_cards_newport
+video_cards_chips
+video_cards_apm
+video_cards_i810
+video_cards_nv
+video_cards_vesa
+video_cards_vga
+
+# Jason Wever <weeve@gentoo.org> - 10 April 2006
+# Mask ifp use flag for amarok until someone can confirm it works
+ifp
+
+# Jason Wever <weeve@gentoo.org> - 01 May 2006
+# Mask nforce2 use flag as NVIDIA doesn't make mobos for SPARC CPUs (yet :-P)
+nforce2
+
+# Gustavo Zacarias <gustavoz@gentoo.org> - 02 May 2006
+# AIO is b0rked for now....
+aio
+
+# Jason Wever <weeve@gentoo.org> - 29 May 2006
+# Mask qt4 use flag in relation to KDE 3.5 stablization until QT 4 works better
+qt4
+
+# Patrick McLean <chutzpah@gentoo.org> - 02 Jun 2006
+# Mask bmpx USE flag since new versions don't work on sparc (comment #11
+# on bug #111975)
+bmpx
+
+# Jason Wever <weeve@gentoo.org> - 10 Jun 2006
+# Mask kdehiddenvisibility as we don't have gcc-4.1.x unmasked in any profiles
+kdehiddenvisibility
+
+# Gustavo Zacarias <gustavoz@gentoo.org> - 1 July 2006
+# seamonkey doesn't work yet, see bug #137198
+seamonkey
+
+# Jason Wever <weeve@gentoo.org> - 5 Aug 2006
+# Mask njb use flag until someone has a Nomad Jukebox to test with.
+njb
+
+# Jason Wever <weeve@gentoo.org> - 5 Aug 2006
+# Mask mp4 use flag as media-video/gpac fails to build currently
+mp4
+
+# Gustavo Zacarias <gustavoz@gentoo.org> - 17 Aug 2006
+# Masking hardened, it isn't really supported, see bugs #144126 #78951
+hardened
+
+# Gustavo Zacarias <gustavoz@gentoo.org> - 04 Sep 2006
+# mzscheme seems somewhat b0rked and we want vim7
+mzscheme
+
+# requires a JDK
+mpe-sdk
+
+# uses libaio
+romio
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/sparc/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+virtual/linux-sources sys-kernel/sparc-sources
+virtual/bootloader sys-boot/silo
+virtual/mpi sys-cluster/lam-mpi
+virtual/modutils sys-apps/module-init-tools
+virtual/dev-manager sys-fs/devfsd
+virtual/ooo app-office/openoffice
+virtual/logger app-admin/syslog-ng
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 2004-2006 Gentoo Foundation.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/use.mask,v 1.2 2006/07/19 18:21:49 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/use.mask,v 1.3 2006/10/08 18:37:25 pebenito Exp $
+
+# This file masks out USE flags that are simply NOT allowed in the default
+# profile for any architecture. This works, for example, if a non-default
+# profile (such as the selinux profiles) have a USE flag associated with
+# them.
-selinux
# disallow posix acl since this is SELinux
acl
-# aqua USE flag is only valid on Mac OS X
+# USE flags only valid on Mac OS X
aqua
+coreaudio
+
+# amd64 only:
+emul-linux-x86
+
+# sparc only:
+ultra1
+
+# x86 only
+win32codecs
+kqemu
+
+# Only used by mips and old amd64 profiles
+multilib
+
+# ppc and x86/amd64
+x264
+
+# lvm2 clustered use flags
+clvm
+gulm
+cman
# Copyright 1999-2004 Gentoo Foundation.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/virtuals,v 1.8 2005/05/16 19:55:27 seemant Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/virtuals,v 1.9 2006/10/08 18:37:25 pebenito Exp $
-virtual/modutils sys-apps/module-init-tools
-virtual/os-headers sys-kernel/linux-headers
-virtual/utempter sys-apps/utempter
+# Use this virtuals file to either overload the base profile's defined
+# virtuals, or add virtuals that are specific to this family of profiles
+
+virtual/alsa sys-kernel/gentoo-sources
+virtual/linux-sources sys-kernel/gentoo-sources
+virtual/os-headers sys-kernel/linux-headers
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/x86/2006.1/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# This will be commented and replaced with just STAGE1_USE="unicode" if we do
+# not end up with a stable glibc 2.4 by 2006.1's release.
+STAGE1_USE="nptl nptlonly unicode"
+
+# These USE flags are what is common between the various sub-profiles.
+USE="nptl nptlonly udev unicode"
--- /dev/null
+# Copyright 2001-2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/x86/2006.1/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# For instructions on how this file works (as an inclusion mask, primarily),
+# please refer to ${PORTDIR}/profiles/base/packages
+
+# Use this file to lock down specific versions of packages ONLY TO THIS
+# SPECIFIC PROFILE!
+
+# You can also add files to the base system itself if you prefix them with a
+# *
+
+>=sys-apps/baselayout-1.11.12-r4
+>=sys-devel/binutils-2.15.90.0.3-r4
+>=sys-devel/gcc-3.3.4-r1
+>=sys-libs/glibc-2.3.3.20040420-r1
--- /dev/null
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/x86/make.defaults,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# All extra USE/etc should be specified in sub-profiles.
+# DO NOT POLLUTE USE ON THIS PROFILE.
+
+ARCH="x86"
+ACCEPT_KEYWORDS="x86"
+
+CHOST="i686-pc-linux-gnu"
+CFLAGS="-O2 -mcpu=i686 -pipe"
+CXXFLAGS="${CFLAGS}"
+
+FEATURES="sandbox sfperms"
+
+USE="berkdb crypt ipv6 ncurses nls pam python readline ssl tcpd zlib"
--- /dev/null
+# Copyright 2001-2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/x86/packages,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# For instructions on how this file works (as an inclusion mask, primarily),
+# please refer to ${PORTDIR}/profiles/base/packages
+
+# Use this file to lock down specific versions of packages ONLY TO THIS
+# SPECIFIC ARCHITECTURE!!
+
+# You can also add files to the base system itself if you prefix them with a
+# *
+
+>=sys-devel/binutils-2.13.90.0.4
+
+##############################################################################
+# SELinux required versionings
+
+>=sys-libs/libsepol-1.12.28
+>=sys-libs/libselinux-1.30.29
+>=sys-libs/libsemanage-1.6.17
+>=sys-apps/policycoreutils-1.30.30
+>=sys-apps/checkpolicy-1.30.12
+
+>=sec-policy/selinux-base-policy-20060101
+
+# Critical xattr fixes:
+>=sys-boot/grub-0.94
+
+##############################################################################
--- /dev/null
+# Copyright 2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License, v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/x86/use.mask,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# This file masks out USE flags that are simply NOT allowed in the default
+# x86 profile. This works, for example, if another architecture's
+# profile have a USE flag associated with (such as altivec, mmx, etc).
+
+# Unmask x86 instruction sets
+-3dnow
+-3dnowext
+-icc
+-icc-pgo
+-ifc
+-mmx
+-mmxext
+-sse
+-sse2
+-svga
+-kqemu
+
+# Unmask nvidia XvMC support
+-nvidia
+
+# Unmask dev-db/oracle-instantclient-basic support
+-oci8-instant-client
+
+# Unmask osp, used by asterisk; bug 115798
+-osp
+
+# Modular X: unmask for architectures on which they are available
+-input_devices_synaptics
+-input_devices_vmmouse
+-input_devices_wacom
+-video_cards_nvidia
+-video_cards_fglrx
+-video_cards_vmware
+
+# Modular X: mask for architectures on which they aren't available
+video_cards_newport
+
+#codec support
+-win32codecs
+-real
+-x264
+
+# lvm2 cluster
+-clvm
+-gulm
+-cman
+
+# ibm is only used for ppc64 stuff
+ibm
+
+# psyco works on x86
+-psyco
--- /dev/null
+# Copyright 2004 Gentoo Foundation.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/x86/virtuals,v 1.1 2006/10/08 18:37:25 pebenito Exp $
+
+# This file is used to either override or extend the parent profile's
+# virtuals mappings. In this case, this is for ARCHITECTURE SPECIFIC
+# mappings
+
+virtual/bootloader sys-boot/grub
projects / gentoo.git / commitdiff