overlay-lakitu/profiles/base/package.use - cos/overlays/board-overlays - Git at Google

 # Install minimal AppArmor profiles.
 sec-policy/apparmor-profiles minimal

 # Docker uses libapparmor, so this should have static libs included.
 sys-libs/libapparmor static-libs

 # Lakitu uses overlayfs graph driver in docker.
 app-emulation/docker -device-mapper overlay

 # Pigz is for faster docker image downloads:
 # https://github.com/moby/moby/pull/35697.
 app-emulation/docker pigz

 # Btrfs is not supported on lakitu.
 app-emulation/containerd -btrfs

 # Docker uses tini, so this should be static
 sys-process/tini static

 # Use generated test key.
 chromeos-base/chromeos-ssh-testkeys generated_ssh_key

 # We don't use the few features this adds, and it avoids a circ dep.
 # https://crbug.com/599986
 sys-apps/util-linux -systemd

 # procps' "systemd" support is nothing but the "ps" tool printing systemd units,
 # which "systemd-cgls" can do. Disabling it avoids a circ dep.
 sys-process/procps -systemd

 # Enable full-featured vim.
 app-editors/vim -minimal

 # Docker uses libseccomp, so this should have static libs included.
 sys-libs/libseccomp static-libs

 # Build ebtables statically to prevent deps on its libraries.
 net-firewall/ebtables static

 # This removed dependency on libmix which is depricated and unsupported.
 net-analyzer/netcat -crypt

 # Enable 'poweroff', 'reboot' and other similar commands that control init.
 # Disable split-usr to install units at /usr/lib
 # Enable vanilla to have code aligned with gentoo, though it is not used
 sys-apps/systemd sysv-utils -split-usr vanilla

 # Disable systemd-logind session tracker
 sys-auth/pambase -systemd

 # Disable PAM for busybox, because it conflicts with 'static' use flag.
 sys-apps/busybox -pam static

 # The JavaScript SSH client implementation on GCE developer console
 # ('ssh-in-browser') does not handle HPN-capable server very well, so disable
 # HPN support in OpenSSH (b/64450408).
 net-misc/openssh -hpn

 # Disable oobe_config to avoid surprising users (b/112722312).
 chromeos-base/chromeos-installer -oobe_config

 # Disable kernel module signing and lockdown for dump capture kernel.
 sys-kernel/dump-capture-kernel -module_sign -lockdown

 # Enable full lvm2 install.
 sys-fs/lvm2 -device-mapper-only

 # Enable virtio balloon driver.
 sys-kernel/lakitu-kernel-5_4 virtio_balloon

 # Out-of-tree kernel module should use the same compiler as kernel.
 sys-apps/loadpin-trigger clang

 # TODO(b/117936434): Drop these once packages have migrated to Python 3.
 app-admin/compute-image-packages python_targets_python2_7
 app-admin/sosreport python_targets_python2_7
 sys-process/audit python_targets_python2_7
	# Install minimal AppArmor profiles.
	sec-policy/apparmor-profiles minimal

	# Docker uses libapparmor, so this should have static libs included.
	sys-libs/libapparmor static-libs

	# Lakitu uses overlayfs graph driver in docker.
	app-emulation/docker -device-mapper overlay

	# Pigz is for faster docker image downloads:
	# https://github.com/moby/moby/pull/35697.
	app-emulation/docker pigz

	# Btrfs is not supported on lakitu.
	app-emulation/containerd -btrfs

	# Docker uses tini, so this should be static
	sys-process/tini static

	# Use generated test key.
	chromeos-base/chromeos-ssh-testkeys generated_ssh_key

	# We don't use the few features this adds, and it avoids a circ dep.
	# https://crbug.com/599986
	sys-apps/util-linux -systemd

	# procps' "systemd" support is nothing but the "ps" tool printing systemd units,
	# which "systemd-cgls" can do. Disabling it avoids a circ dep.
	sys-process/procps -systemd

	# Enable full-featured vim.
	app-editors/vim -minimal

	# Docker uses libseccomp, so this should have static libs included.
	sys-libs/libseccomp static-libs

	# Build ebtables statically to prevent deps on its libraries.
	net-firewall/ebtables static

	# This removed dependency on libmix which is depricated and unsupported.
	net-analyzer/netcat -crypt

	# Enable 'poweroff', 'reboot' and other similar commands that control init.
	# Disable split-usr to install units at /usr/lib
	# Enable vanilla to have code aligned with gentoo, though it is not used
	sys-apps/systemd sysv-utils -split-usr vanilla

	# Disable systemd-logind session tracker
	sys-auth/pambase -systemd

	# Disable PAM for busybox, because it conflicts with 'static' use flag.
	sys-apps/busybox -pam static

	# The JavaScript SSH client implementation on GCE developer console
	# ('ssh-in-browser') does not handle HPN-capable server very well, so disable
	# HPN support in OpenSSH (b/64450408).
	net-misc/openssh -hpn

	# Disable oobe_config to avoid surprising users (b/112722312).
	chromeos-base/chromeos-installer -oobe_config

	# Disable kernel module signing and lockdown for dump capture kernel.
	sys-kernel/dump-capture-kernel -module_sign -lockdown

	# Enable full lvm2 install.
	sys-fs/lvm2 -device-mapper-only

	# Enable virtio balloon driver.
	sys-kernel/lakitu-kernel-5_4 virtio_balloon

	# Out-of-tree kernel module should use the same compiler as kernel.
	sys-apps/loadpin-trigger clang

	# TODO(b/117936434): Drop these once packages have migrated to Python 3.
	app-admin/compute-image-packages python_targets_python2_7
	app-admin/sosreport python_targets_python2_7
	sys-process/audit python_targets_python2_7