| # Install minimal AppArmor profiles. |
| sec-policy/apparmor-profiles minimal |
| |
| # Docker uses libapparmor, so this should have static libs included. |
| sys-libs/libapparmor static-libs |
| |
| # Lakitu uses overlayfs graph driver in docker. |
| app-containers/docker -device-mapper overlay |
| |
| # Pigz is for faster docker image downloads: |
| # https://github.com/moby/moby/pull/35697. |
| app-containers/docker pigz |
| |
| # Btrfs is not supported on lakitu. |
| app-containers/containerd -btrfs |
| |
| # Remove unnecessary dependencies |
| app-emulation/open-vm-tools -deploypkg -dnet -fuse -icu -pam -resolutionkms -ssl -vgauth |
| |
| # Docker uses tini, so this should be static |
| sys-process/tini static |
| |
| # Use generated test key. |
| chromeos-base/chromeos-ssh-testkeys generated_ssh_key |
| |
| # We don't use the few features this adds, and it avoids a circ dep. |
| # https://crbug.com/599986 |
| sys-apps/util-linux -systemd |
| |
| # procps' "systemd" support is nothing but the "ps" tool printing systemd units, |
| # which "systemd-cgls" can do. Disabling it avoids a circ dep. |
| sys-process/procps -systemd |
| |
| # Enable full-featured vim. |
| # Do not enable additional functionality which depends on a |
| # package not available in source i.e. dev-libs/libsodium. |
| app-editors/vim -minimal -crypt |
| |
| # Docker uses libseccomp, so this should have static libs included. |
| sys-libs/libseccomp static-libs |
| |
| # This removed dependency on libmix which is depricated and unsupported. |
| net-analyzer/netcat -crypt |
| |
| # Enable 'poweroff', 'reboot' and other similar commands that control init. |
| # Disable split-usr to install units at /usr/lib |
| # Enable vanilla to have code aligned with gentoo, though it is not used |
| sys-apps/systemd sysv-utils -split-usr vanilla |
| |
| # Disable systemd-logind session tracker |
| sys-auth/pambase -systemd |
| |
| # Disable PAM for busybox, because it conflicts with 'static' use flag. |
| sys-apps/busybox -pam static |
| |
| # The JavaScript SSH client implementation on GCE developer console |
| # ('ssh-in-browser') does not handle HPN-capable server very well, so disable |
| # HPN support in OpenSSH (b/64450408). |
| net-misc/openssh -hpn |
| |
| # Enable warmstarts for rpcbind because if systemd is enabled it |
| # requires warmstarts flag to be enabled |
| net-nds/rpcbind warmstarts |
| |
| # Disable oobe_config to avoid surprising users (b/112722312). |
| chromeos-base/chromeos-installer -oobe_config |
| |
| # Disable metrics daemon. |
| chromeos-base/metrics -passive_metrics |
| |
| # Disable kernel module signing and lockdown for dump capture kernel. |
| sys-kernel/dump-capture-kernel -module_sign -lockdown |
| |
| # Enable full lvm2 install. |
| sys-fs/lvm2 -device-mapper-only |
| |
| # Out-of-tree kernel module should use the same compiler as kernel. |
| sys-apps/loadpin-trigger clang |
| |
| # Enable libyaml for the pyyaml |
| # netplan requires pyyaml to be enabled with libyaml. |
| dev-python/pyyaml libyaml |
| |
| # chrony needs libcap to drop root privilages and switch to chrony user. |
| # |
| # Disable Network Time Security (NTS) support, because NTP servers on cloud |
| # platforms don't support it, and it pulls in a few dependencies. |
| net-misc/chrony caps -nts |
| |
| # ChromeOS uses hostname from coreutils instead of hostname from net-tools. |
| # Since the coreutils version has strictly fewer features, and we may have |
| # customers that depend on net-tools hostname, let's keep the net-tools hostname. |
| sys-apps/coreutils -hostname |
| sys-apps/net-tools hostname |
| |
| # Remove building of xfstests since we run these tests outside of autotest-tests |
| chromeos-base/autotest-tests -tests_xfsFilesystemTestSuite |
| |
| # Disable compilation of autotest tests that we don't care about. These pull |
| # lots of unnecessary dependencies into our build (e.g. graphics libraries). |
| chromeos-base/autotest-tests -tests_camera_HAL3 -tests_camera_HAL3Perf |
| chromeos-base/autotest-tests -tests_camera_V4L2 |
| |
| # Disable crash_sender test because it failed all the boards. |
| chromeos-base/autotest-tests -tests_logging_UserCrash |
| |
| # The version currently in portage only supports the neon flag, |
| # which will fail because it only detects neon on arm32. |
| dev-libs/libgcrypt -cpu_flags_arm_neon |
| dev-libs/nettle -cpu_flags_arm_neon |
| |
| # Disable support for parsing rust symbols. We don't collect crash dumps from |
| # rust programs at the moment, and this adds a few unnecessary dependencies. |
| chromeos-base/google-breakpad -rustc-demangle |
| |
| # Disable oniguruma from jq since its not needed. |
| app-misc/jq -oniguruma |
| |
| # Enable rpc for lsof to support portmapper registration reporting. |
| sys-process/lsof rpc |
| |
| net-firewall/iptables nftables |