From d4999ae374629138e572b4f059fb9e69bb92ca97 Mon Sep 17 00:00:00 2001
From: Kolan Sh <mecareful@gmail.com>
Date: Mon, 21 Jan 2013 20:09:12 +0400
Subject: [PATCH] hardened profile added

---
 profiles/hardened/linux/amd64/backbone/eapi   |  1 +
 .../linux/amd64/backbone/make.defaults        |  1 +
 .../linux/amd64/backbone/no-multilib/eapi     |  1 +
 .../amd64/backbone/no-multilib/make.defaults  | 82 +++++++++++++++++++
 .../no-multilib/package.accept_keywords       | 56 +++++++++++++
 .../backbone/no-multilib/package.keywords     |  0
 .../amd64/backbone/no-multilib/package.mask   |  5 ++
 .../amd64/backbone/no-multilib/package.unmask |  0
 .../amd64/backbone/no-multilib/package.use    | 52 ++++++++++++
 .../backbone/no-multilib/package.use.mask     |  0
 .../linux/amd64/backbone/no-multilib/parent   |  1 +
 11 files changed, 199 insertions(+)
 create mode 100644 profiles/hardened/linux/amd64/backbone/eapi
 create mode 100644 profiles/hardened/linux/amd64/backbone/make.defaults
 create mode 100644 profiles/hardened/linux/amd64/backbone/no-multilib/eapi
 create mode 100644 profiles/hardened/linux/amd64/backbone/no-multilib/make.defaults
 create mode 100644 profiles/hardened/linux/amd64/backbone/no-multilib/package.accept_keywords
 create mode 100644 profiles/hardened/linux/amd64/backbone/no-multilib/package.keywords
 create mode 100644 profiles/hardened/linux/amd64/backbone/no-multilib/package.mask
 create mode 100644 profiles/hardened/linux/amd64/backbone/no-multilib/package.unmask
 create mode 100644 profiles/hardened/linux/amd64/backbone/no-multilib/package.use
 create mode 100644 profiles/hardened/linux/amd64/backbone/no-multilib/package.use.mask
 create mode 100644 profiles/hardened/linux/amd64/backbone/no-multilib/parent

diff --git a/profiles/hardened/linux/amd64/backbone/eapi b/profiles/hardened/linux/amd64/backbone/eapi
new file mode 100644
index 00000000..0cfbf088
--- /dev/null
+++ b/profiles/hardened/linux/amd64/backbone/eapi
@@ -0,0 +1 @@
+2
diff --git a/profiles/hardened/linux/amd64/backbone/make.defaults b/profiles/hardened/linux/amd64/backbone/make.defaults
new file mode 100644
index 00000000..aecf5a11
--- /dev/null
+++ b/profiles/hardened/linux/amd64/backbone/make.defaults
@@ -0,0 +1 @@
+CUSTOM_PROFILE="yes"
diff --git a/profiles/hardened/linux/amd64/backbone/no-multilib/eapi b/profiles/hardened/linux/amd64/backbone/no-multilib/eapi
new file mode 100644
index 00000000..0cfbf088
--- /dev/null
+++ b/profiles/hardened/linux/amd64/backbone/no-multilib/eapi
@@ -0,0 +1 @@
+2
diff --git a/profiles/hardened/linux/amd64/backbone/no-multilib/make.defaults b/profiles/hardened/linux/amd64/backbone/no-multilib/make.defaults
new file mode 100644
index 00000000..8a48fc4e
--- /dev/null
+++ b/profiles/hardened/linux/amd64/backbone/no-multilib/make.defaults
@@ -0,0 +1,82 @@
+CFLAGS="-O2 -pipe -march=native"
+CXXFLAGS="${CFLAGS}"
+LDFLAGS="-Wl,-O1 -Wl,--as-needed"
+
+CHOST="x86_64-pc-linux-gnu"
+CBUILD="x86_64-pc-linux-gnu"
+MAKEOPTS="-j2"
+EMERGE_DEFAULT_OPTS="-j2"
+
+ACCEPT_KEYWORDS="amd64"
+ACCEPT_LICENSE="*"
+
+VIDEO_CARDS=""
+INPUT_DEVICES=""
+
+FEATURES="ccache parallel-fetch collision-protect sandbox candy metadata-transfer preserve-libs"
+
+CCACHE_SIZE="6G"
+CCACHE_DIR="/var/tmp/ccache"
+PORTAGE_NICENESS="19"
+PORTAGE_IONICE_COMMAND="ionice -c 3 -p \${PID}"
+
+PORTAGE_ELOG_CLASSES="warn error log"
+PORTAGE_ELOG_SYSTEM="save"
+
+# cpu
+USE="${USE} custom-cflags"
+
+# gpu
+#USE="${USE} directfb dri dri2 fbcon fbcondecor fbosd opengl opencl vaapi"
+
+# fonts
+USE="${USE} -cairo -cleartype -lcdfilter -truetype unicode"
+
+# audio
+USE="${USE} alsa audio dts -esd -jingle mad mikmod -nas \
+            -osc -oss -pulseaudio"
+
+# multimedia (video+audio)
+USE="${USE} -dvb -dvdr -ffmpeg fftw -ipod -quicktime v4l v4l2 video -xvmc"
+
+# graphics
+USE="${USE} -aalib -gphoto2 imagemagick jpg -X"
+
+# arc
+USE="${USE} bzip2 gzip"
+
+# toolkits
+USE="${USE} -aqua -gtk -gtk2 -gtkhtml ncurses -neXt -qt -qt3 qt3support -qt4 -qt-static"
+
+# desktop
+USE="${USE} -gnome -gnome2 -gnome-keyring -kde -nautilus -semantic-desktop -xscreensaver"
+
+# input
+USE="${USE} -tslib"
+
+# security
+USE="${USE} -acl -kerberos pam"
+
+# power
+USE="${USE} acpi"
+
+# develop
+USE="${USE} bash-completion cscope -debug -fortran -java \
+          -introspection -lua -mono pch \
+          -tcl -tidy -tk"
+
+# daemons
+USE="${USE} -consolekit daemon -dbus -hal logrotate"
+
+# web
+USE="${USE} xmlrpc"
+
+# networking
+USE="${USE} -bluetooth -imap -lirc -networkmanager"
+
+# db
+USE="${USE} -freetds -mssql -sybase-ct"
+
+# other
+USE="${USE} -bindist -examples -freetds -gpm -ipod -multilib -old-linux nptl \
+          -smartcard -static-libs threads xattr"
diff --git a/profiles/hardened/linux/amd64/backbone/no-multilib/package.accept_keywords b/profiles/hardened/linux/amd64/backbone/no-multilib/package.accept_keywords
new file mode 100644
index 00000000..99f17fce
--- /dev/null
+++ b/profiles/hardened/linux/amd64/backbone/no-multilib/package.accept_keywords
@@ -0,0 +1,56 @@
+app-accessibility/festival-ru ~amd64
+=app-admin/gentoo-upgrade-9999 **
+=app-admin/htpasswd-9999 **
+app-admin/paxtest ~amd64
+app-arch/lbzip2 ~amd64
+<app-misc/sphinx-2.1 ~amd64
+app-portage/deltup ~amd64
+app-portage/getdelta ~amd64
+app-portage/smart-live-rebuild ~amd64
+app-text/cuneiform ~amd64
+app-vim/cctree ~amd64
+app-vim/screen ~amd64
+dev-libs/gnulib ~x64-freebsd
+dev-libs/libpipeline ~amd64
+dev-perl/PHP-Serialization ~amd64
+dev-python/python-exec ~amd64
+dev-ruby/IO-Reactor ~amd64
+dev-ruby/Ruby-MemCache ~amd64
+dev-ruby/bundler ~amd64
+dev-ruby/coderay ~amd64
+dev-ruby/daemon_controller ~amd64
+dev-ruby/eventmachine ~amd64
+dev-ruby/json ~amd64
+dev-ruby/mime-types ~amd64
+<dev-ruby/racc-1.5 ~amd64
+dev-ruby/rdiscount ~amd64
+dev-ruby/ruby-hmac ~amd64
+dev-ruby/ruby-net-ldap ~amd64
+dev-ruby/ruby-yadis ~amd64
+dev-ruby/stompserver ~amd64
+dev-util/bdelta ~amd64
+dev-util/colormake ~amd64
+dev-util/valgrind ~amd64
+dev-vcs/gitosis-gentoo ~amd64
+dev-vcs/gitstats ~amd64
+games-action/minetest ~amd64
+games-action/minetest_game ~amd64
+<media-libs/libvpx-1.2.0 ~amd64
+net-libs/libtorrent ~amd64
+<net-misc/curl-7.29.0 ~amd64
+<net-p2p/rtorrent-1.0.0 ~amd64
+perl-core/Module-Load ~amd64
+sys-apps/man-db ~amd64
+sys-apps/microcode-data ~amd64
+<sys-apps/portage-2.3.0 **
+sys-apps/util-linux ~amd64
+<sys-apps/sysvinit-2.89 ~amd64
+>=sys-boot/grub-2 ~amd64
+sys-boot/os-prober ~amd64
+sys-devel/crossdev ~amd64
+sys-firmware/amd-ucode ~amd64
+sys-kernel/dracut ~amd64
+sys-libs/tdb ~amd64
+virtual/perl-Module-Load ~amd64
+www-misc/zoneminder ~amd64
+www-servers/thin ~amd64
diff --git a/profiles/hardened/linux/amd64/backbone/no-multilib/package.keywords b/profiles/hardened/linux/amd64/backbone/no-multilib/package.keywords
new file mode 100644
index 00000000..e69de29b
diff --git a/profiles/hardened/linux/amd64/backbone/no-multilib/package.mask b/profiles/hardened/linux/amd64/backbone/no-multilib/package.mask
new file mode 100644
index 00000000..8e995af0
--- /dev/null
+++ b/profiles/hardened/linux/amd64/backbone/no-multilib/package.mask
@@ -0,0 +1,5 @@
+>=dev-lang/ruby-1.9
+>=dev-ruby/rubygems-1.8.15
+=media-gfx/imagemagick-6.7.6.4
+=sys-kernel/dracut-022
+>=sys-kernel/hardened-sources-3.7.0
diff --git a/profiles/hardened/linux/amd64/backbone/no-multilib/package.unmask b/profiles/hardened/linux/amd64/backbone/no-multilib/package.unmask
new file mode 100644
index 00000000..e69de29b
diff --git a/profiles/hardened/linux/amd64/backbone/no-multilib/package.use b/profiles/hardened/linux/amd64/backbone/no-multilib/package.use
new file mode 100644
index 00000000..fde2165c
--- /dev/null
+++ b/profiles/hardened/linux/amd64/backbone/no-multilib/package.use
@@ -0,0 +1,52 @@
+app-arch/bzip2 static-libs
+app-editors/vim perl python vim-pager cscope
+app-misc/mc samba edit slang -ncurses
+app-misc/sphinx mysql
+app-misc/tmux vim-syntax
+app-portage/eix sqlite zsh-completion
+app-text/wgetpaste zsh-completion
+dev-db/mysql -perl
+dev-lang/php pdo sqlite cgi cli curl gd sqlite3 xml flatfile mysql mysqli mysqlnd inifile sockets sysvipc tokenizer truetype xmlreader xmlwriter xpm zip exif xmlrpc xsl
+dev-lang/python sqlite
+dev-libs/apr-util mysql
+dev-libs/boost python
+dev-libs/glib utils
+dev-libs/libgcrypt static-libs
+dev-libs/libgpg-error static-libs
+dev-libs/libxml2 python icu
+dev-libs/lzo static-libs
+dev-libs/popt static-libs
+dev-libs/xmlrpc-c abyss
+dev-ruby/activerecord mysql
+dev-vcs/git perl -python
+dev-vcs/mercurial zsh-completion
+games-fps/urbanterror dedicated -server
+mail-mta/exim dnsdb domainkeys exiscan-acl gnutls mbx nis spf srs syslog
+media-gfx/imagemagick png
+media-libs/lcms static-libs python
+media-libs/libjpeg-turbo static-libs
+media-libs/libpng static-libs apng
+media-libs/libsdl X opengl
+media-libs/mesa -llvm
+media-sound/mpd flac aac vorbis mikmod inotify lame libsamplerate mpg123 musepack sqlite twolame
+media-sound/ncmpcpp outputs taglib visualizer
+media-sound/sox mad
+media-video/ffmpeg network v4l
+net-fs/samba quota
+net-ftp/pure-ftpd sysquota
+net-im/ejabberd mod_muc mod_proxy65 mod_irc mod_pubsub
+net-libs/xulrunner custom-optimization
+net-misc/rsync xattr
+net-p2p/eiskaltdcpp -cli xmlrpc -emoticons
+net-p2p/rtorrent xmlrpc
+net-wireless/hostapd logwatch
+sys-apps/util-linux static-libs
+sys-auth/consolekit policykit
+sys-block/parted device-mapper
+sys-fs/lvm2 static-libs
+sys-fs/ntfs3g ntfsprogs
+sys-fs/udev extras
+sys-libs/zlib minizip
+virtual/jpeg static-libs
+www-misc/zoneminder ffmpeg
+www-servers/lighttpd php fastcgi mysql -minimal -cgi
diff --git a/profiles/hardened/linux/amd64/backbone/no-multilib/package.use.mask b/profiles/hardened/linux/amd64/backbone/no-multilib/package.use.mask
new file mode 100644
index 00000000..e69de29b
diff --git a/profiles/hardened/linux/amd64/backbone/no-multilib/parent b/profiles/hardened/linux/amd64/backbone/no-multilib/parent
new file mode 100644
index 00000000..f3229c5b
--- /dev/null
+++ b/profiles/hardened/linux/amd64/backbone/no-multilib/parent
@@ -0,0 +1 @@
+..