blob: 1f58be63d816a231a5ecef8747dac32f854581bf [file] [log] [blame]
# Install minimal AppArmor profiles.
sec-policy/apparmor-profiles minimal
# Docker uses libapparmor, so this should have static libs included.
sys-libs/libapparmor static-libs
# Lakitu uses overlayfs graph driver in docker.
app-containers/docker -device-mapper overlay
# Pigz is for faster docker image downloads:
# https://github.com/moby/moby/pull/35697.
app-containers/docker pigz
# Btrfs is not supported on lakitu.
app-containers/containerd -btrfs
# Remove unnecessary dependencies
app-emulation/open-vm-tools -deploypkg -dnet -fuse -icu -pam -resolutionkms -ssl -vgauth
# Docker uses tini, so this should be static
sys-process/tini static
# Use generated test key.
chromeos-base/chromeos-ssh-testkeys generated_ssh_key
# We don't use the few features this adds, and it avoids a circ dep.
# https://crbug.com/599986
sys-apps/util-linux -systemd
# procps' "systemd" support is nothing but the "ps" tool printing systemd units,
# which "systemd-cgls" can do. Disabling it avoids a circ dep.
sys-process/procps -systemd
# Enable full-featured vim.
# Do not enable additional functionality which depends on a
# package not available in source i.e. dev-libs/libsodium.
app-editors/vim -minimal -crypt
# Docker uses libseccomp, so this should have static libs included.
sys-libs/libseccomp static-libs
# This removed dependency on libmix which is depricated and unsupported.
net-analyzer/netcat -crypt
# Enable 'poweroff', 'reboot' and other similar commands that control init.
# Disable split-usr to install units at /usr/lib
# Enable vanilla to have code aligned with gentoo, though it is not used
sys-apps/systemd sysv-utils -split-usr vanilla
# Disable systemd-logind session tracker
sys-auth/pambase -systemd
# Disable PAM for busybox, because it conflicts with 'static' use flag.
sys-apps/busybox -pam static
# The JavaScript SSH client implementation on GCE developer console
# ('ssh-in-browser') does not handle HPN-capable server very well, so disable
# HPN support in OpenSSH (b/64450408).
net-misc/openssh -hpn
# Enable warmstarts for rpcbind because if systemd is enabled it
# requires warmstarts flag to be enabled
net-nds/rpcbind warmstarts
# Disable oobe_config to avoid surprising users (b/112722312).
chromeos-base/chromeos-installer -oobe_config
# Disable metrics daemon.
chromeos-base/metrics -passive_metrics
# Disable kernel module signing and lockdown for dump capture kernel.
sys-kernel/dump-capture-kernel -module_sign -lockdown
# Enable full lvm2 install.
sys-fs/lvm2 -device-mapper-only
# Out-of-tree kernel module should use the same compiler as kernel.
sys-apps/loadpin-trigger clang
# Enable libyaml for the pyyaml
# netplan requires pyyaml to be enabled with libyaml.
dev-python/pyyaml libyaml
# chrony needs libcap to drop root privilages and switch to chrony user.
#
# Disable Network Time Security (NTS) support, because NTP servers on cloud
# platforms don't support it, and it pulls in a few dependencies.
net-misc/chrony caps -nts
# ChromeOS uses hostname from coreutils instead of hostname from net-tools.
# Since the coreutils version has strictly fewer features, and we may have
# customers that depend on net-tools hostname, let's keep the net-tools hostname.
sys-apps/coreutils -hostname
sys-apps/net-tools hostname
# Remove building of xfstests since we run these tests outside of autotest-tests
chromeos-base/autotest-tests -tests_xfsFilesystemTestSuite
# Disable compilation of autotest tests that we don't care about. These pull
# lots of unnecessary dependencies into our build (e.g. graphics libraries).
chromeos-base/autotest-tests -tests_camera_HAL3 -tests_camera_HAL3Perf
chromeos-base/autotest-tests -tests_camera_V4L2
# Disable crash_sender test because it failed all the boards.
chromeos-base/autotest-tests -tests_logging_UserCrash
# The version currently in portage only supports the neon flag,
# which will fail because it only detects neon on arm32.
dev-libs/libgcrypt -cpu_flags_arm_neon
dev-libs/nettle -cpu_flags_arm_neon
# Disable support for parsing rust symbols. We don't collect crash dumps from
# rust programs at the moment, and this adds a few unnecessary dependencies.
chromeos-base/google-breakpad -rustc-demangle
# Disable oniguruma from jq since its not needed.
app-misc/jq -oniguruma
# Enable rpc for lsof to support portmapper registration reporting.
sys-process/lsof rpc
net-firewall/iptables nftables