141b0acb1SRobert WatsonUpgrade Instructions for OpenBSM 241b0acb1SRobert Watson-------------------------------- 341b0acb1SRobert Watson 4fd576390SRobert WatsonOpenBSM integrates into the FreeBSD source tree in several places: 5fd576390SRobert Watson 6fd576390SRobert Watsonsrc/contrib/openbsm The OpenBSM distribution itself 7fd576390SRobert Watsonsrc/sys/bsm Modified versions of some bsm/ include files 8fd576390SRobert Watsonsrc/sys/security/audit Kernel audit framework, some OpenBSM-based files 9fd576390SRobert Watsonsrc/usr.sbin/*audit* Makefiles for various OpenBSM tools 10fd576390SRobert Watsonsrc/etc/Makefile Installation of /etc OpenBSM files 11fd576390SRobert Watsonsrc/lib/libbsm/* Build for OpenBSM library 12fd576390SRobert Watson 13fd576390SRobert WatsonOpenBSM is normally built using an integrated autoconf/automake build 14fd576390SRobert Watsonsystem. For the purposes of tight integration with FreeBSD, we use an 15679b9244SRobert Watsonadapted BSD make (bmake) build system loosely based on the automake 16fd576390SRobert Watsonsetup. We also rely on a static config.h generated when OpenBSM is 17fd576390SRobert Watsonimported, rather than re-configuring every build. This leads to a 18fd576390SRobert Watsonmore reproduceable build environment, and avoids dependence on things 19fd576390SRobert Watsonnot in the base tree (i.e., autoconf, automake, GNU make, etc). An 20fd576390SRobert Watsonupgrade of OpenBSM generally involves the following steps: 21fd576390SRobert Watson 22fd576390SRobert Watson- Vendor import of OpenBSM into src/contrib. 23fd576390SRobert Watson- Run configure, commit src/contrib/openbsm/config/config.h. 24fd576390SRobert Watson- Replication of src/contrib/openbsm/bsm changes into src/sys/bsm. 25fd576390SRobert Watson- Possible updates to src/sys/security/audit, especially relating to 267932086eSRobert Watson audit_bsm_token.c. 27fd576390SRobert Watson- Update any library, tool, or etc BSD Makefiles to add new files, 28fd576390SRobert Watson defines, or other generally useful or necessary things. 29fd576390SRobert Watson 3033c207f0SRobert WatsonCertain files are present only in the vendor branch, and not in FreeBSD 3133c207f0SRobert Watsondevelopment branches: 3233c207f0SRobert Watson 3333c207f0SRobert Watson contrib/openbsm/bsm audit.h audit_internal.h audit_kevents.h 3433c207f0SRobert Watson audit_record.h 3533c207f0SRobert Watson 3633c207f0SRobert WatsonThis prevents confusion regarding whether the src/sys/bsm or contrib 3733c207f0SRobert Watsonversions of the include files should be used in the build. Normally, the 3833c207f0SRobert WatsonCVS vendor import goes along the following lines: 3941b0acb1SRobert Watson 4041b0acb1SRobert Watson cd ~/p4/projects/trustedbsd/openbsm 4121b2c802SRobert Watson cvs -n -d rwatson@repoman.FreeBSD.org:/home/ncvs -q import \ 4221b2c802SRobert Watson src/contrib/openbsm TrustedBSD OPENBSM_1_0_ALPHA_1 4341b0acb1SRobert Watson 4421b2c802SRobert WatsonReplacing the version string as required. Remove the "-n" argument once 4521b2c802SRobert Watsonthe import is tested in order to perform the actual import. 4641b0acb1SRobert Watson 47fd576390SRobert WatsonPropagation of changes to src/sys/{bsm,security/audit} is something that 48fd576390SRobert Watsonrequires careful coordination and attention to detail. These files are 49fd576390SRobert Watsonnot on CVS vendor branches, but do have the same local vs. vendor merge 507932086eSRobert Watsonissues. Remember that contrib/openbsm (and the rest of the system) will 517932086eSRobert Watsonbe built with the version of the bsm/ include files in src/sys/bsm, not 527932086eSRobert Watsonthe version in contrib/openbsm/bsm, so buildworld tests before committing 537932086eSRobert Watsonare necessary, and the commits to various parts of the system must be 547932086eSRobert Watsonmade in close succession. 55