# Install minimal AppArmor profiles.
sec-policy/apparmor-profiles minimal

# Docker uses libapparmor, so this should have static libs included.
sys-libs/libapparmor static-libs

# Lakitu uses overlayfs graph driver in docker.
app-containers/docker -device-mapper overlay

# Pigz is for faster docker image downloads:
# https://github.com/moby/moby/pull/35697.
app-containers/docker pigz

# Btrfs is not supported on lakitu.
app-containers/containerd -btrfs

# Remove unnecessary dependencies
app-emulation/open-vm-tools -deploypkg -dnet -fuse -icu -pam -resolutionkms -ssl -vgauth

# Docker uses tini, so this should be static
sys-process/tini static

# Use generated test key.
chromeos-base/chromeos-ssh-testkeys generated_ssh_key

# We don't use the few features this adds, and it avoids a circ dep.
# https://crbug.com/599986
sys-apps/util-linux -systemd

# procps' "systemd" support is nothing but the "ps" tool printing systemd units,
# which "systemd-cgls" can do. Disabling it avoids a circ dep.
sys-process/procps -systemd

# Enable full-featured vim.
# Do not enable additional functionality which depends on a
# package not available in source i.e. dev-libs/libsodium.
app-editors/vim -minimal -crypt

# Docker uses libseccomp, so this should have static libs included.
sys-libs/libseccomp static-libs

# This removed dependency on libmix which is depricated and unsupported.
net-analyzer/netcat -crypt

# Enable 'poweroff', 'reboot' and other similar commands that control init.
# Disable split-usr to install units at /usr/lib
# Enable vanilla to have code aligned with gentoo, though it is not used
sys-apps/systemd sysv-utils -split-usr vanilla

# Disable systemd-logind session tracker
sys-auth/pambase -systemd

# Disable PAM for busybox, because it conflicts with 'static' use flag.
sys-apps/busybox -pam static

# The JavaScript SSH client implementation on GCE developer console
# ('ssh-in-browser') does not handle HPN-capable server very well, so disable
# HPN support in OpenSSH (b/64450408).
net-misc/openssh -hpn

# Enable warmstarts for rpcbind because if systemd is enabled it
# requires warmstarts flag to be enabled
net-nds/rpcbind warmstarts

# Disable oobe_config to avoid surprising users (b/112722312).
chromeos-base/chromeos-installer -oobe_config

# Disable metrics daemon.
chromeos-base/metrics -passive_metrics

# Disable kernel module signing and lockdown for dump capture kernel.
sys-kernel/dump-capture-kernel -module_sign -lockdown

# Enable full lvm2 install.
sys-fs/lvm2 -device-mapper-only

# Enable virtio balloon driver.
sys-kernel/lakitu-kernel-5_15 virtio_balloon

# Out-of-tree kernel module should use the same compiler as kernel.
sys-apps/loadpin-trigger clang

# Enable libyaml for the pyyaml
# netplan requires pyyaml to be enabled with libyaml.
dev-python/pyyaml libyaml

# chrony needs libcap to drop root privilages and switch to chrony user.
#
# Disable Network Time Security (NTS) support, because NTP servers on cloud
# platforms don't support it, and it pulls in a few dependencies.
net-misc/chrony caps -nts

# ChromeOS uses hostname from coreutils instead of hostname from net-tools.
# Since the coreutils version has strictly fewer features, and we may have
# customers that depend on net-tools hostname, let's keep the net-tools hostname.
sys-apps/coreutils -hostname
sys-apps/net-tools hostname

# Remove building of xfstests since we run these tests outside of autotest-tests
chromeos-base/autotest-tests -tests_xfsFilesystemTestSuite

# Disable compilation of autotest tests that we don't care about. These pull
# lots of unnecessary dependencies into our build (e.g. graphics libraries).
chromeos-base/autotest-tests -tests_camera_HAL3 -tests_camera_HAL3Perf
chromeos-base/autotest-tests -tests_camera_V4L2

# The version currently in portage only supports the neon flag,
# which will fail because it only detects neon on arm32.
dev-libs/libgcrypt -cpu_flags_arm_neon
dev-libs/nettle -cpu_flags_arm_neon

# Disable support for parsing rust symbols. We don't collect crash dumps from
# rust programs at the moment, and this adds a few unnecessary dependencies.
chromeos-base/google-breakpad -rustc-demangle

# Disable oniguruma from jq since its not needed.
app-misc/jq -oniguruma

# Enable rpc for lsof to support portmapper registration reporting.
sys-process/lsof rpc

net-firewall/iptables nftables