141b0acb1SRobert WatsonUpgrade Instructions for OpenBSM 241b0acb1SRobert Watson-------------------------------- 341b0acb1SRobert Watson 4fd576390SRobert WatsonOpenBSM integrates into the FreeBSD source tree in several places: 5fd576390SRobert Watson 6fd576390SRobert Watsonsrc/contrib/openbsm The OpenBSM distribution itself 7fd576390SRobert Watsonsrc/sys/bsm Modified versions of some bsm/ include files 8fd576390SRobert Watsonsrc/sys/security/audit Kernel audit framework, some OpenBSM-based files 9fd576390SRobert Watsonsrc/usr.sbin/*audit* Makefiles for various OpenBSM tools 10fd576390SRobert Watsonsrc/etc/Makefile Installation of /etc OpenBSM files 11fd576390SRobert Watsonsrc/lib/libbsm/* Build for OpenBSM library 12fd576390SRobert Watson 13fd576390SRobert WatsonOpenBSM is normally built using an integrated autoconf/automake build 14fd576390SRobert Watsonsystem. For the purposes of tight integration with FreeBSD, we use an 15679b9244SRobert Watsonadapted BSD make (bmake) build system loosely based on the automake 16fd576390SRobert Watsonsetup. We also rely on a static config.h generated when OpenBSM is 17fd576390SRobert Watsonimported, rather than re-configuring every build. This leads to a 18fd576390SRobert Watsonmore reproduceable build environment, and avoids dependence on things 19fd576390SRobert Watsonnot in the base tree (i.e., autoconf, automake, GNU make, etc). An 20fd576390SRobert Watsonupgrade of OpenBSM generally involves the following steps: 21fd576390SRobert Watson 22fd576390SRobert Watson- Vendor import of OpenBSM into src/contrib. 23fd576390SRobert Watson- Run configure, commit src/contrib/openbsm/config/config.h. 24fd576390SRobert Watson- Replication of src/contrib/openbsm/bsm changes into src/sys/bsm. 25fd576390SRobert Watson- Possible updates to src/sys/security/audit, especially relating to 26fd576390SRobert Watson bsm_token.c. 27fd576390SRobert Watson- Update any library, tool, or etc BSD Makefiles to add new files, 28fd576390SRobert Watson defines, or other generally useful or necessary things. 29fd576390SRobert Watson 30fd576390SRobert WatsonNormally, the CVS vendor import goes along the following lines: 3141b0acb1SRobert Watson 3241b0acb1SRobert Watson cd ~/p4/projects/trustedbsd/openbsm 3341efe154SRobert Watson cvs -d rwatson@repoman.FreeBSD.org:/home/ncvs -q import src/contrib/openbsm \ 3441b0acb1SRobert Watson TrustedBSD OPENBSM_1_0_ALPHA_1 3541b0acb1SRobert Watson 3641b0acb1SRobert WatsonReplacing the version string as required. Use the "-n" argument to CVS to 3741b0acb1SRobert Watsondo a test run. 3841b0acb1SRobert Watson 39fd576390SRobert WatsonPropagation of changes to src/sys/{bsm,security/audit} is something that 40fd576390SRobert Watsonrequires careful coordination and attention to detail. These files are 41fd576390SRobert Watsonnot on CVS vendor branches, but do have the same local vs. vendor merge 42fd576390SRobert Watsonissues. 4341b0acb1SRobert Watson 4441b0acb1SRobert Watson$FreeBSD$ 45