mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-20 05:51:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

profiles: rebase onto Gentoo's hardened profile

Browse Source 
The default 10.0 is deprecated and removed upstream. Also, instead of
twiddling the hardened flag we should just use the hardened profile.

As part of this the host SDK no longer has multilib enabled, it isn't
actually needed for anything anyway.
This commit is contained in:
Michael Marineau 2014-08-01 16:51:14 -07:00
parent 76abc5ad49
commit 335dbe26f2
9 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/parent vendored
View File

@ -1,4 +1,2 @@
.. ..
portage-stable:arch/amd64/no-multilib
portage-stable:features/64bit-native
:coreos/targets/generic :coreos/targets/generic

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/generic/use.force vendored
View File

@ -1,2 +0,0 @@
# We don't do multilib.
-multilib

5
sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/make.defaults vendored Normal file
View File

@ -0,0 +1,5 @@
# Disable PAX use flags, we don't use grsec kernels
# Don't favor /dev/urandom over /dev/random, not sure why this flag
# is enabled in hardened, the default profiles do not enable it.
BOOTSTRAP_USE="${BOOTSTRAP_USE} -pax_kernel -xtpax"
USE="-pax_kernel -urandom -xtpax"

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/package.use.force vendored Normal file
View File

@ -0,0 +1,2 @@
# Do not force this flag, we don't need XATTR_PAX
sys-apps/portage -xattr

3
sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/packages vendored Normal file
View File

@ -0,0 +1,3 @@
# Disable PAX utilities, we don't use grsec kernels
-*sys-apps/paxctl
-*sys-apps/elfix

5
sdk_container/src/third_party/coreos-overlay/profiles/coreos/amd64/parent vendored
View File

@ -1,5 +1,2 @@
portage-stable:base portage-stable:hardened/linux/amd64/no-multilib
portage-stable:default/linux
portage-stable:arch/amd64
portage-stable:releases/10.0
:coreos/base :coreos/base

2
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/make.defaults vendored
View File

@ -10,7 +10,7 @@ USE_EXPAND="${USE_EXPAND} BOARD_USE CROS_WORKON_TREE TESTS U_BOOT_CONFIG_USE U_B
USE_EXPAND_HIDDEN="${USE_EXPAND_HIDDEN} CROS_WORKON_TREE" USE_EXPAND_HIDDEN="${USE_EXPAND_HIDDEN} CROS_WORKON_TREE"
# Extra use flags for CoreOS SDK # Extra use flags for CoreOS SDK
USE="${USE} hardened cros_host pic pie expat -introspection -cups -tcpd -pcre -berkdb" USE="${USE} cros_host pic pie expat -introspection -cups -tcpd -pcre -berkdb"
# Enable bindist for both SDK and targets # Enable bindist for both SDK and targets
USE="${USE} bindist" USE="${USE} bindist"

1
sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/parent vendored
View File

@ -1 +1,2 @@
portage-stable:targets/systemd
:features/systemd :features/systemd

5
sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use.mask vendored
View File

@ -1,5 +0,0 @@
# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Distributed under the terms of the GNU General Public License v2
# Allow hardened glibc on the target.
sys-libs/glibc -hardened