Hardened Desktop Profiles

From Gentoo Wiki
Jump to:navigation Jump to:search

A lot of people ask about combining the hardened and desktop profiles. Here's how!

GNOME and KDE

For these desktop environments, please see GNOME/Guide/Hardened_GNOME_Profiles and KDE/Hardened_KDE_Plasma_profile.

Other DEs

Create a local repository

A local repository is needed for the custom profile to be created.

First, install app-eselect/eselect-repository:

root #emerge --ask app-eselect/eselect-repository

Create a local repository:

root #eselect repository create local

Set up the repository layout

It's recommended to make use of a Portage extension for the repository as it simplifies configuration.

FILE /var/db/repos/local/metadata/layout.conf
masters = gentoo
thin-manifests = true

# Needed for profiles parent with repo syntax
profile-formats = portage-2

Create the profile

profiles.desc

profiles.desc provides a list of profiles for eselect profile list to consume:

FILE /var/db/repos/local/profiles/profiles.desc
# Adjust the list below as needed, no need to make them all
amd64 hardened-desktop stable
amd64 hardened-desktop-systemd stable
amd64 hardened-desktop-split-usr stable

The profile itself

Create the following directories (adjust as needed):

  • /var/db/repos/local/profiles/hardened-desktop
  • /var/db/repos/local/profiles/hardened-desktop-systemd
  • /var/db/repos/local/profiles/hardened-desktop-split-usr

Use the following command:

root #mkdir -p /var/db/repos/local/profiles/{hardened-desktop,hardened-desktop-systemd,hardened-desktop-split-usr}

hardened-desktop

Create the following files:

FILE /var/db/repos/local/profiles/hardened-desktop/eapi
8
FILE /var/db/repos/local/profiles/hardened-desktop/parent
gentoo:default/linux/amd64/23.0/hardened
gentoo:targets/desktop

hardened-desktop-systemd

Create the following files:

FILE /var/db/repos/local/profiles/hardened-desktop-systemd/eapi
8
FILE /var/db/repos/local/profiles/hardened-desktop-systemd/parent
gentoo:default/linux/amd64/23.0/hardened
gentoo:targets/desktop
gentoo:targets/systemd

hardened-desktop-split-usr

Create the following files:

FILE /var/db/repos/local/profiles/hardened-desktop-split-usr/eapi
8
FILE /var/db/repos/local/profiles/hardened-desktop-split-usr/parent
gentoo:default/linux/amd64/23.0/hardened
gentoo:features/split-usr
gentoo:targets/desktop

Selecting the profile

The new profiles should now appear in eselect profile list. Enjoy!

Retrieved from "https://wiki.gentoo.org/index.php?title=Hardened_Desktop_Profiles&oldid=1314745"