mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-25 01:55:19 +01:00
d37eb51047
Sponsored by: Netflix
55 lines
2.6 KiB
Plaintext
55 lines
2.6 KiB
Plaintext
Upgrade Instructions for OpenBSM
|
|
--------------------------------
|
|
|
|
OpenBSM integrates into the FreeBSD source tree in several places:
|
|
|
|
src/contrib/openbsm The OpenBSM distribution itself
|
|
src/sys/bsm Modified versions of some bsm/ include files
|
|
src/sys/security/audit Kernel audit framework, some OpenBSM-based files
|
|
src/usr.sbin/*audit* Makefiles for various OpenBSM tools
|
|
src/etc/Makefile Installation of /etc OpenBSM files
|
|
src/lib/libbsm/* Build for OpenBSM library
|
|
|
|
OpenBSM is normally built using an integrated autoconf/automake build
|
|
system. For the purposes of tight integration with FreeBSD, we use an
|
|
adapted BSD make (bmake) build system loosely based on the automake
|
|
setup. We also rely on a static config.h generated when OpenBSM is
|
|
imported, rather than re-configuring every build. This leads to a
|
|
more reproduceable build environment, and avoids dependence on things
|
|
not in the base tree (i.e., autoconf, automake, GNU make, etc). An
|
|
upgrade of OpenBSM generally involves the following steps:
|
|
|
|
- Vendor import of OpenBSM into src/contrib.
|
|
- Run configure, commit src/contrib/openbsm/config/config.h.
|
|
- Replication of src/contrib/openbsm/bsm changes into src/sys/bsm.
|
|
- Possible updates to src/sys/security/audit, especially relating to
|
|
audit_bsm_token.c.
|
|
- Update any library, tool, or etc BSD Makefiles to add new files,
|
|
defines, or other generally useful or necessary things.
|
|
|
|
Certain files are present only in the vendor branch, and not in FreeBSD
|
|
development branches:
|
|
|
|
contrib/openbsm/bsm audit.h audit_internal.h audit_kevents.h
|
|
audit_record.h
|
|
|
|
This prevents confusion regarding whether the src/sys/bsm or contrib
|
|
versions of the include files should be used in the build. Normally, the
|
|
CVS vendor import goes along the following lines:
|
|
|
|
cd ~/p4/projects/trustedbsd/openbsm
|
|
cvs -n -d rwatson@repoman.FreeBSD.org:/home/ncvs -q import \
|
|
src/contrib/openbsm TrustedBSD OPENBSM_1_0_ALPHA_1
|
|
|
|
Replacing the version string as required. Remove the "-n" argument once
|
|
the import is tested in order to perform the actual import.
|
|
|
|
Propagation of changes to src/sys/{bsm,security/audit} is something that
|
|
requires careful coordination and attention to detail. These files are
|
|
not on CVS vendor branches, but do have the same local vs. vendor merge
|
|
issues. Remember that contrib/openbsm (and the rest of the system) will
|
|
be built with the version of the bsm/ include files in src/sys/bsm, not
|
|
the version in contrib/openbsm/bsm, so buildworld tests before committing
|
|
are necessary, and the commits to various parts of the system must be
|
|
made in close succession.
|