diff --git a/distro/Dockerfile b/distro/Dockerfile new file mode 100644 index 0000000..750012b --- /dev/null +++ b/distro/Dockerfile @@ -0,0 +1,98 @@ +# Get the portage image as a build step +FROM gentoo/portage:latest as portage + +FROM gentoo/stage3-amd64:latest + +# Copy the portage volume in +COPY --from=portage /usr/portage /usr/portage + +COPY etc/portage /etc/portage +# Update the world +RUN emerge --update --newuse --deep @world + +# Install base packages +RUN emerge -qv \ + app-admin/sudo \ + app-arch/gzip \ + app-arch/tar \ + app-arch/unzip \ + app-arch/xz-utils \ + app-arch/zip \ + app-crypt/gnupg \ + app-crypt/pinentry \ + app-editors/neovim \ + app-misc/ca-certificates \ + app-misc/jq \ + app-pda/libimobiledevice \ + app-shells/bash \ + app-shells/bash-completion \ + app-text/tree \ + dev-util/indent \ + dev-util/strace \ + dev-vcs/git \ + net-dns/bind-tools \ + net-firewall/ebtables \ + net-firewall/ipset \ + net-firewall/iptables \ + net-firewall/nftables \ + net-misc/bridge-utils \ + net-misc/curl \ + net-misc/dhcpcd \ + net-misc/iputils \ + net-misc/ntp \ + net-misc/openssh \ + net-misc/rsync \ + net-misc/socat \ + net-misc/wget \ + net-misc/whois \ + net-wireless/iwd \ + sys-apps/apparmor \ + sys-apps/apparmor-utils \ + sys-apps/coreutils \ + sys-apps/dbus \ + sys-apps/diffutils \ + sys-apps/ethtool \ + sys-apps/file \ + sys-apps/findutils \ + sys-apps/fwupd \ + sys-apps/fwupdate \ + sys-apps/gawk \ + sys-apps/grep \ + sys-apps/iproute2 \ + sys-apps/kexec-tools \ + sys-apps/less \ + sys-apps/lshw \ + sys-apps/net-tools \ + sys-apps/nvme-cli \ + sys-apps/pciutils \ + sys-apps/rng-tools \ + sys-apps/sed \ + sys-apps/shadow \ + sys-apps/systemd \ + sys-apps/the_silver_searcher \ + sys-apps/usbutils \ + sys-apps/util-linux \ + sys-apps/which \ + sys-block/open-iscsi \ + sys-devel/gcc \ + sys-devel/make \ + sys-fs/btrfs-progs \ + sys-fs/dosfstools \ + sys-fs/e2fsprogs \ + sys-fs/lvm2 \ + sys-fs/mdadm \ + sys-fs/multipath-tools \ + sys-fs/quota \ + sys-fs/xfsprogs \ + sys-libs/glibc \ + sys-libs/nss-usrfiles \ + sys-libs/timezone-data \ + sys-process/lsof \ + sys-process/procps \ + sys-process/psmisc + +# Insatll desktop packages +#RUN emerge -qv \ +# x11-misc/xclip \ +# x11-misc/xcompmgr \ +# x11-terms/rxvt-unicode diff --git a/distro/etc/portage/make.conf b/distro/etc/portage/make.conf new file mode 100644 index 0000000..e2ef7c6 --- /dev/null +++ b/distro/etc/portage/make.conf @@ -0,0 +1,22 @@ +# These settings were set by the catalyst build script that automatically +# built this stage. +# Please consult /usr/share/portage/config/make.conf.example for a more +# detailed example. +CFLAGS="-O2 -pipe" + +LDFLAGS="-Wl,-O1 -Wl,--as-needed" + +# NOTE: This stage was built with the bindist Use flag enabled +PORTDIR="/usr/portage" +DISTDIR="/usr/portage/distfiles" +PKGDIR="/usr/portage/packages" + +# This sets the language of build output to English. +# Please keep this setting intact when reporting bugs. +LC_MESSAGES=C + +INPUT_DEVICES="libinput" +VIDEO_CARDS="intel" + +# libressl static static-libs pam +USE="seccomp bash-completion minimal systemd udev hardened" diff --git a/distro/etc/portage/package.accept_keywords b/distro/etc/portage/package.accept_keywords new file mode 100644 index 0000000..920fabb --- /dev/null +++ b/distro/etc/portage/package.accept_keywords @@ -0,0 +1,29 @@ +# required by sys-apps/apparmor-utils (argument) +=sys-apps/apparmor-utils-2.12.0 ~amd64 +# required by app-editors/neovim-0.3.0::gentoo +# required by app-editors/neovim (argument) +=dev-libs/msgpack-1.1.0 ~amd64 +# required by sys-apps/nvme-cli (argument) +=sys-apps/nvme-cli-1.5 ~amd64 +# required by app-editors/neovim (argument) +=app-editors/neovim-0.3.0 ~amd64 +# required by sys-apps/fwupdate-12::gentoo +# required by sys-apps/fwupdate (argument) +=sys-libs/efivar-35 ~amd64 +# required by sys-apps/fwupdate-12::gentoo +# required by sys-apps/fwupdate (argument) +=sys-libs/libsmbios-2.4.2 ~amd64 +# required by sys-apps/apparmor-utils-2.12.0::gentoo +# required by sys-apps/apparmor-utils (argument) +=sys-apps/apparmor-2.12.0 ~amd64 +# required by sys-libs/nss-usrfiles (argument) +=sys-libs/nss-usrfiles-2.18.1 ** +# required by sys-apps/fwupd-1.1.0-r1::gentoo +# required by sys-apps/fwupd (argument) +=dev-libs/appstream-glib-0.7.9 ~amd64 +# required by net-wireless/iwd (argument) +=net-wireless/iwd-0.3 ~amd64 +# required by sys-apps/fwupd (argument) +=sys-apps/fwupd-1.1.0-r1 ~amd64 +# required by sys-apps/fwupdate (argument) +=sys-apps/fwupdate-12 ~amd64 diff --git a/distro/etc/portage/package.use.force b/distro/etc/portage/package.use.force new file mode 100644 index 0000000..1ed5ff5 --- /dev/null +++ b/distro/etc/portage/package.use.force @@ -0,0 +1,6 @@ +package.use.force +# Mike Gilbert (22 Apr 2015) +# Force systemd to avoid depgraph breakage, bug 547360. +virtual/libgudev systemd +virtual/libudev systemd +virtual/udev systemd diff --git a/distro/etc/portage/package.use/gnupg b/distro/etc/portage/package.use/gnupg new file mode 100644 index 0000000..ea97192 --- /dev/null +++ b/distro/etc/portage/package.use/gnupg @@ -0,0 +1 @@ +app-crypt/gnupg smartcard usb tofu diff --git a/distro/etc/portage/package.use/hardened b/distro/etc/portage/package.use/hardened new file mode 100644 index 0000000..82df322 --- /dev/null +++ b/distro/etc/portage/package.use/hardened @@ -0,0 +1,14 @@ +# Mike Gilbert (12 Mar 2018) +# Satisfy REQUIRED_USE by default, bug 650030. +net-nds/rpcbind warmstarts + +# Magnus Granberg (14 Jan, 2015) +# We need to have the pic flag on. +# Bugs 358929, 490276, 513464, 523736 and 512208. +media-libs/x264 pic +media-video/ffmpeg pic +media-video/libav pic +media-libs/mesa pic +media-libs/libpostproc pic +media-libs/xvid pic +app-emulation/open-vm-tools pic diff --git a/distro/etc/portage/package.use/xxx b/distro/etc/portage/package.use/xxx new file mode 100644 index 0000000..fd45d77 --- /dev/null +++ b/distro/etc/portage/package.use/xxx @@ -0,0 +1,31 @@ +# required by sys-auth/consolekit-1.2.0::gentoo +# required by sys-apps/fwupd-1.1.0-r1::gentoo[-systemd] +# required by sys-apps/fwupd (argument) +>=dev-libs/glib-2.52.3 dbus +# required by x11-libs/gtk+-3.22.30::gentoo +# required by dev-libs/appstream-glib-0.7.9::gentoo +# required by sys-apps/fwupd-1.1.0-r1::gentoo +# required by sys-apps/fwupd (argument) +>=x11-libs/cairo-1.14.12 X +# required by app-editors/neovim-0.3.0::gentoo +# required by app-editors/neovim (argument) +>=dev-lua/mpack-1.0.4 luajit +# required by sys-apps/systemd-238-r7::gentoo +# required by sys-apps/gentoo-systemd-integration-7::gentoo +>=sys-apps/dbus-1.10.24 systemd +# required by virtual/libusb-1-r2::gentoo +# required by dev-libs/libgusb-0.2.11::gentoo +# required by sys-apps/fwupd-1.1.0-r1::gentoo +# required by sys-apps/fwupd (argument) +>=dev-libs/libusb-1.0.21 udev +# required by dev-libs/libgusb-0.2.11::gentoo +# required by sys-apps/fwupd-1.1.0-r1::gentoo +# required by sys-apps/fwupd (argument) +>=virtual/libusb-1-r2 udev +# required by app-editors/neovim-0.3.0::gentoo +# required by app-editors/neovim (argument) +>=dev-lua/lpeg-1.0.1 luajit +# required by sys-auth/polkit-0.113-r4::gentoo[-elogind,-systemd] +# required by sys-apps/fwupd-1.1.0-r1::gentoo +# required by sys-apps/fwupd (argument) +>=sys-auth/consolekit-1.2.0 policykit diff --git a/distro/etc/portage/use.force b/distro/etc/portage/use.force new file mode 100644 index 0000000..1c3bbb4 --- /dev/null +++ b/distro/etc/portage/use.force @@ -0,0 +1,3 @@ +# Make sure people don't accidentally turn of ssp/pie in important packages. +pie +ssp