diff --git a/releases/weekly/specs/amd64/hardened/admincd-stage1-selinux.spec b/releases/weekly/specs/amd64/hardened/admincd-stage1-selinux.spec new file mode 100644 index 00000000..8130ea8b --- /dev/null +++ b/releases/weekly/specs/amd64/hardened/admincd-stage1-selinux.spec @@ -0,0 +1,197 @@ +subarch: amd64 +version_stamp: 2008.0-selinux +target: livecd-stage1 +rel_type: hardened +profile: hardened/linux/amd64/selinux +snapshot: 2008.0 +source_subpath: hardened/stage3-amd64-hardened-selinux-latest +portage_confdir: /release/releng/releases/weekly/portage/admincd + +livecd/use: + deprecated + fbcon + ipv6 + livecd + loop-aes + lvm1 + modules + ncurses + nls + nptl + nptlonly + pam + readline + socks5 + ssl + static-libs + unicode + xml + +livecd/packages: + app-accessibility/brltty + app-admin/hddtemp + app-admin/passook + app-admin/pwgen + app-admin/syslog-ng + app-admin/sysstat + app-admin/testdisk + app-arch/bzip2 + app-arch/cpio + app-arch/gzip + app-arch/mt-st + app-arch/p7zip + app-arch/pbzip2 + app-arch/rar + app-arch/tar + app-arch/unrar + app-arch/unzip + app-backup/duplicity + app-benchmarks/bonnie + app-benchmarks/bonnie++ + app-benchmarks/dbench + app-benchmarks/iozone + app-benchmarks/piozone + app-benchmarks/stress + app-benchmarks/tiobench + app-crypt/bcwipe + app-crypt/gnupg + app-crypt/pinentry + app-editors/emacs + app-editors/hexcurse + app-editors/hexedit + app-editors/mg + app-editors/vim + app-emacs/gentoo-syntax + app-misc/colordiff + app-misc/mc + app-misc/pax-utils + app-misc/screen + app-misc/tmux + app-misc/vlock + app-portage/eix + app-portage/gentoolkit + app-portage/mirrorselect + app-portage/portage-utils + app-shells/bash-completion + app-shells/gentoo-bashcomp + app-shells/zsh + app-text/tree + app-text/unix2dos + app-text/wgetpaste + app-vim/gentoo-syntax + dev-lang/perl + dev-lang/python + media-gfx/fbgrab + net-analyzer/gnu-netcat + net-analyzer/iptraf-ng + net-analyzer/netcat6 + net-analyzer/tcptraceroute + net-analyzer/traceroute + net-analyzer/traceroute-nanog + net-analyzer/tcpdump + net-analyzer/nmap + net-dialup/mingetty + net-dialup/minicom + net-dialup/pptpclient + net-dialup/rp-pppoe + net-dns/bind-tools + net-fs/cifs-utils + net-fs/nfs-utils + net-ftp/ftp + net-ftp/ncftp + net-irc/irssi + net-misc/curl + net-misc/dhcpcd + net-misc/iputils + net-misc/ndisc6 + net-misc/ntp + net-misc/openssh + net-misc/openvpn + net-misc/rdate + net-misc/rsync + net-misc/telnet-bsd + net-misc/vconfig + net-misc/wget + net-misc/whois + net-proxy/dante + net-proxy/ntlmaps + net-proxy/tsocks + net-wireless/b43-fwcutter +### Masked (~amd64) +# net-wireless/bcm43xx-fwcutter + net-wireless/rfkill + net-wireless/wireless-tools + net-wireless/wpa_supplicant + sys-apps/apmd + sys-apps/arrayprobe + sys-apps/acl + sys-apps/attr + sys-apps/busybox + sys-apps/cciss_vol_status + sys-apps/chname + sys-apps/coreutils + sys-apps/dcfldd + sys-apps/diffutils + sys-apps/dmidecode + sys-apps/dstat + sys-apps/ethtool + sys-apps/file + sys-apps/findutils + sys-apps/flashrom + sys-apps/fxload + sys-apps/gawk + sys-apps/gptfdisk + sys-apps/grep + sys-apps/hdparm + sys-apps/hwsetup + sys-apps/ipmitool + sys-apps/iproute2 + sys-apps/less + sys-apps/man + sys-apps/man-pages + sys-apps/man-pages-posix + sys-apps/memtester + sys-apps/mlocate + sys-apps/netplug + sys-apps/pciutils + sys-apps/sdparm + sys-apps/sed + sys-apps/setserial + sys-apps/sg3_utils + sys-apps/smartmontools + sys-apps/usbutils + sys-apps/which + sys-apps/x86info + sys-block/aoetools + sys-block/fio + sys-block/mtx + sys-block/open-iscsi + sys-block/parted + sys-block/partimage + sys-block/tw_cli + sys-boot/grub + sys-fs/btrfs-progs + sys-fs/cryptsetup + sys-fs/ddrescue + sys-fs/dmraid + sys-fs/dosfstools + sys-fs/e2fsprogs + sys-fs/ext3grep + sys-fs/extundelete + sys-fs/jfsutils + sys-fs/lsscsi + sys-fs/lvm2 + sys-fs/mac-fdisk + sys-fs/mdadm + sys-fs/multipath-tools + sys-fs/ntfs3g + sys-fs/reiserfsprogs + sys-fs/xfsprogs + sys-libs/gpm + sys-power/acpid + sys-process/htop + sys-process/lsof + sys-process/iotop + sys-process/procps + sys-process/psmisc + www-client/links diff --git a/releases/weekly/specs/amd64/hardened/admincd-stage2-selinux.spec b/releases/weekly/specs/amd64/hardened/admincd-stage2-selinux.spec new file mode 100644 index 00000000..9d9ea211 --- /dev/null +++ b/releases/weekly/specs/amd64/hardened/admincd-stage2-selinux.spec @@ -0,0 +1,309 @@ +subarch: amd64 +version_stamp: 2008.0-selinux +target: livecd-stage2 +rel_type: hardened +profile: hardened/linux/amd64/selinux +snapshot: 2008.0 +source_subpath: hardened/livecd-stage1-amd64-2008.0-selinux +portage_confdir: /release/releng/releases/weekly/portage/admincd + +livecd/bootargs: dokeymap +livecd/cdtar: /usr/lib/catalyst/livecd/cdtar/isolinux-elilo-memtest86+-cdtar.tar.bz2 +livecd/fstype: squashfs +livecd/gk_mainargs: --lvm --dmraid --mdadm --makeopts=-j8 +livecd/iso: admincd-amd64-2008.0.iso +livecd/type: gentoo-release-minimal +livecd/volid: Gentoo Linux Admin CD 2008.0 +livecd/rcdel: keymaps|boot + +boot/kernel: gentoo + +boot/kernel/gentoo/sources: hardened-sources +boot/kernel/gentoo/config: /release/releng/releases/weekly/kconfig/amd64/admincd-3.7.4.config +boot/kernel/gentoo/use: + -* + alsa + alsa_pcm_plugins_adpcm + alsa_pcm_plugins_alaw + alsa_pcm_plugins_asym + alsa_pcm_plugins_copy + alsa_pcm_plugins_dmix + alsa_pcm_plugins_dshare + alsa_pcm_plugins_dsnoop + alsa_pcm_plugins_empty + alsa_pcm_plugins_extplug + alsa_pcm_plugins_file + alsa_pcm_plugins_hooks + alsa_pcm_plugins_iec958 + alsa_pcm_plugins_ioplug + alsa_pcm_plugins_ladspa + alsa_pcm_plugins_lfloat + alsa_pcm_plugins_linear + alsa_pcm_plugins_meter + alsa_pcm_plugins_mmap_emul + alsa_pcm_plugins_mulaw + alsa_pcm_plugins_multi + alsa_pcm_plugins_null + alsa_pcm_plugins_plug + alsa_pcm_plugins_rate + alsa_pcm_plugins_route + alsa_pcm_plugins_share + alsa_pcm_plugins_shm + alsa_pcm_plugins_softvol + atm + deprecated + fbcon + fbcondecor + ipv6 + livecd + loop-aes + lvm1 + midi + mng + modules + ncurses + nls + nptl + nptlonly + pam + png + portaudio + readline + socks5 + ssl + truetype + unicode + usb + +boot/kernel/gentoo/packages: +### These need to be added for software speech. + app-accessibility/espeakup + media-libs/alsa-oss + media-sound/alsa-utils + net-dialup/globespan-adsl + + sys-apps/pcmciautils + sys-kernel/linux-firmware + sys-kernel/spl + sys-fs/zfs + sys-fs/zfs-kmod + +livecd/unmerge: + app-admin/eselect + app-admin/eselect-ctags + app-admin/eselect-vi + app-admin/perl-cleaner + app-admin/python-updater + app-arch/cpio + dev-libs/gmp + dev-libs/libxml2 + dev-libs/mpfr + dev-python/pycrypto + dev-util/pkgconfig + perl-core/PodParser + perl-core/Test-Harness + sys-apps/debianutils + sys-apps/diffutils + sys-apps/groff + sys-apps/man + sys-apps/man-pages + sys-apps/miscfiles + sys-apps/texinfo + sys-devel/autoconf + sys-devel/autoconf-wrapper + sys-devel/automake + sys-devel/automake-wrapper + sys-devel/binutils-config + sys-devel/bison + sys-devel/flex + sys-devel/gcc + sys-devel/gcc-config + sys-devel/gettext + sys-devel/gnuconfig + sys-devel/libtool + sys-devel/m4 + sys-devel/make + sys-devel/patch + sys-libs/db + sys-libs/gdbm + sys-libs/libkudzu + sys-kernel/genkernel + sys-kernel/linux-headers + +livecd/empty: + /etc/cron.daily + /etc/cron.hourly + /etc/cron.monthly + /etc/cron.weekly + /etc/logrotate.d + /etc/modules.autoload.d + /etc/runlevels/single + /etc/skel + /lib/dev-state + /lib/udev-state + /lib64/dev-state + /lib64/udev-state + /root/.ccache + /tmp + /usr/diet/include + /usr/diet/man + /usr/i?86-gentoo-linux-uclibc + /usr/i?86-pc-linux-uclibc + /usr/lib/X11/config + /usr/lib/X11/doc + /usr/lib/X11/etc + /usr/lib/awk + /usr/lib/ccache + /usr/lib/gcc-config + /usr/lib/gconv + /usr/lib/nfs + /usr/lib/perl5/site_perl + /usr/lib/portage + /usr/lib64/X11/config + /usr/lib64/X11/doc + /usr/lib64/X11/etc + /usr/lib64/awk + /usr/lib64/ccache + /usr/lib64/gcc-config + /usr/lib64/gconv + /usr/lib64/nfs + /usr/lib64/perl5/site_perl + /usr/lib64/portage + /usr/local + /usr/portage + /usr/share/aclocal + /usr/share/baselayout + /usr/share/binutils-data + /usr/share/consolefonts/partialfonts + /usr/share/consoletrans + /usr/share/dict + /usr/share/et + /usr/share/gcc-data + /usr/share/genkernel + /usr/share/gettext + /usr/share/glib-2.0 + /usr/share/gnuconfig + /usr/share/gtk-doc + /usr/share/i18n + /usr/share/info + /usr/share/lcms + /usr/share/libtool + /usr/share/locale + /usr/share/man + /usr/share/rfc + /usr/share/ss + /usr/share/state + /usr/share/texinfo + /usr/share/unimaps + /usr/share/zoneinfo + /usr/src + /var/cache + /var/empty + /var/lib/portage + /var/log + /var/spool + /var/state + /var/tmp + +livecd/rm: + /boot/System* + /boot/initr* + /boot/kernel* + /etc/*- + /etc/*.old + /etc/default/audioctl + /etc/dispatch-conf.conf + /etc/env.d/05binutils + /etc/env.d/05gcc + /etc/etc-update.conf + /etc/hosts.bck + /etc/issue* + /etc/genkernel.conf + /etc/make.conf* + /etc/make.globals + /etc/make.profile + /etc/man.conf + /etc/resolv.conf + /lib*/*.a + /lib*/*.la + /lib*/cpp + /root/.bash_history + /root/.viminfo + /sbin/*.static + /sbin/fsck.cramfs + /sbin/fsck.minix + /sbin/mkfs.bfs + /sbin/mkfs.cramfs + /sbin/mkfs.minix + /usr/bin/addr2line + /usr/bin/ar + /usr/bin/as + /usr/bin/audioctl + /usr/bin/c++* + /usr/bin/cc + /usr/bin/cjpeg + /usr/bin/cpp + /usr/bin/djpeg + /usr/bin/ebuild + /usr/bin/emerge + /usr/bin/elftoaout + /usr/bin/f77 + /usr/bin/g++* + /usr/bin/g77 + /usr/bin/gcc* + /usr/bin/genkernel + /usr/bin/gprof + /usr/bin/i?86-gentoo-linux-uclibc-* + /usr/bin/i?86-pc-linux-* + /usr/bin/jpegtran + /usr/bin/ld + /usr/bin/libpng* + /usr/bin/nm + /usr/bin/objcopy + /usr/bin/objdump + /usr/bin/piggyback* + /usr/bin/portageq + /usr/bin/ranlib + /usr/bin/readelf + /usr/bin/repoman + /usr/bin/size + /usr/bin/strip + /usr/bin/tbz2tool + /usr/bin/xpak + /usr/bin/yacc + /usr/lib*/*.a + /usr/lib*/*.la + /usr/lib*/perl5/site_perl + /usr/lib*/gcc-lib/*/*/libgcj* + /usr/sbin/archive-conf + /usr/sbin/dispatch-conf + /usr/sbin/emaint + /usr/sbin/emerge-webrsync + /usr/sbin/env-update + /usr/sbin/fb* + /usr/sbin/fixpackages + /usr/sbin/quickpkg + /usr/sbin/regenworld + /usr/share/consolefonts/1* + /usr/share/consolefonts/7* + /usr/share/consolefonts/8* + /usr/share/consolefonts/9* + /usr/share/consolefonts/A* + /usr/share/consolefonts/C* + /usr/share/consolefonts/E* + /usr/share/consolefonts/G* + /usr/share/consolefonts/L* + /usr/share/consolefonts/M* + /usr/share/consolefonts/R* + /usr/share/consolefonts/a* + /usr/share/consolefonts/c* + /usr/share/consolefonts/dr* + /usr/share/consolefonts/g* + /usr/share/consolefonts/i* + /usr/share/consolefonts/k* + /usr/share/consolefonts/l* + /usr/share/consolefonts/r* + /usr/share/consolefonts/s* + /usr/share/consolefonts/t* + /usr/share/consolefonts/v* + /usr/share/misc/*.old diff --git a/releases/weekly/specs/amd64/hardened/stage1-selinux-nomultilib.spec b/releases/weekly/specs/amd64/hardened/stage1-selinux-nomultilib.spec new file mode 100644 index 00000000..c8e280ab --- /dev/null +++ b/releases/weekly/specs/amd64/hardened/stage1-selinux-nomultilib.spec @@ -0,0 +1,8 @@ +subarch: amd64 +target: stage1 +version_stamp: hardened-selinux+nomultilib-2008.0 +rel_type: hardened +profile: hardened/linux/amd64/no-multilib/selinux +snapshot: 2008.0 +source_subpath: hardened/stage3-amd64-hardened-selinux+nomultilib-latest +update_seed: yes diff --git a/releases/weekly/specs/amd64/hardened/stage1-selinux.spec b/releases/weekly/specs/amd64/hardened/stage1-selinux.spec new file mode 100644 index 00000000..01bcd19c --- /dev/null +++ b/releases/weekly/specs/amd64/hardened/stage1-selinux.spec @@ -0,0 +1,8 @@ +subarch: amd64 +target: stage1 +version_stamp: hardened-selinux-2008.0 +rel_type: hardened +profile: hardened/linux/amd64/selinux +snapshot: 2008.0 +source_subpath: hardened/stage3-amd64-hardened-selinux-latest +update_seed: yes diff --git a/releases/weekly/specs/amd64/hardened/stage2-selinux-nomultilib.spec b/releases/weekly/specs/amd64/hardened/stage2-selinux-nomultilib.spec new file mode 100644 index 00000000..0bfa5e98 --- /dev/null +++ b/releases/weekly/specs/amd64/hardened/stage2-selinux-nomultilib.spec @@ -0,0 +1,7 @@ +subarch: amd64 +target: stage2 +version_stamp: hardened-selinux+nomultilib-2008.0 +rel_type: hardened +profile: hardened/linux/amd64/no-multilib/selinux +snapshot: 2008.0 +source_subpath: hardened/stage1-amd64-hardened-selinux+nomultilib-2008.0 diff --git a/releases/weekly/specs/amd64/hardened/stage2-selinux.spec b/releases/weekly/specs/amd64/hardened/stage2-selinux.spec new file mode 100644 index 00000000..ccd85490 --- /dev/null +++ b/releases/weekly/specs/amd64/hardened/stage2-selinux.spec @@ -0,0 +1,7 @@ +subarch: amd64 +target: stage2 +version_stamp: hardened-selinux-2008.0 +rel_type: hardened +profile: hardened/linux/amd64/selinux +snapshot: 2008.0 +source_subpath: hardened/stage1-amd64-hardened-selinux-2008.0 diff --git a/releases/weekly/specs/amd64/hardened/stage3-selinux-nomultilib.spec b/releases/weekly/specs/amd64/hardened/stage3-selinux-nomultilib.spec new file mode 100644 index 00000000..551b7d6f --- /dev/null +++ b/releases/weekly/specs/amd64/hardened/stage3-selinux-nomultilib.spec @@ -0,0 +1,7 @@ +subarch: amd64 +target: stage3 +version_stamp: hardened-selinux+nomultilib-2008.0 +rel_type: hardened +profile: hardened/linux/amd64/no-multilib/selinux +snapshot: 2008.0 +source_subpath: hardened/stage2-amd64-hardened-selinux+nomultilib-2008.0 diff --git a/releases/weekly/specs/amd64/hardened/stage3-selinux.spec b/releases/weekly/specs/amd64/hardened/stage3-selinux.spec new file mode 100644 index 00000000..39f953f5 --- /dev/null +++ b/releases/weekly/specs/amd64/hardened/stage3-selinux.spec @@ -0,0 +1,7 @@ +subarch: amd64 +target: stage3 +version_stamp: hardened-selinux-2008.0 +rel_type: hardened +profile: hardened/linux/amd64/selinux +snapshot: 2008.0 +source_subpath: hardened/stage2-amd64-hardened-selinux-2008.0