1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
Upgrade Instructions for OpenBSM
--------------------------------
OpenBSM integrates into the FreeBSD source tree in several places:
src/contrib/openbsm The OpenBSM distribution itself
src/sys/bsm Modified versions of some bsm/ include files
src/sys/security/audit Kernel audit framework, some OpenBSM-based files
src/usr.sbin/*audit* Makefiles for various OpenBSM tools
src/etc/Makefile Installation of /etc OpenBSM files
src/lib/libbsm/* Build for OpenBSM library
OpenBSM is normally built using an integrated autoconf/automake build
system. For the purposes of tight integration with FreeBSD, we use an
adapted BSD make (bmake) build system loosely based on the automake
setup. We also rely on a static config.h generated when OpenBSM is
imported, rather than re-configuring every build. This leads to a
more reproduceable build environment, and avoids dependence on things
not in the base tree (i.e., autoconf, automake, GNU make, etc). An
upgrade of OpenBSM generally involves the following steps:
- Vendor import of OpenBSM into src/contrib.
- Run configure, commit src/contrib/openbsm/config/config.h.
- Replication of src/contrib/openbsm/bsm changes into src/sys/bsm.
- Possible updates to src/sys/security/audit, especially relating to
bsm_token.c.
- Update any library, tool, or etc BSD Makefiles to add new files,
defines, or other generally useful or necessary things.
Normally, the CVS vendor import goes along the following lines:
cd ~/p4/projects/trustedbsd/openbsm
cvs -d rwatson@repoman.FreeBSD.org:/home/ncvs -q import src/contrib/openbsm \
TrustedBSD OPENBSM_1_0_ALPHA_1
Replacing the version string as required. Use the "-n" argument to CVS to
do a test run.
Propagation of changes to src/sys/{bsm,security/audit} is something that
requires careful coordination and attention to detail. These files are
not on CVS vendor branches, but do have the same local vs. vendor merge
issues.
$FreeBSD$
|
