1155310SrwatsonUpgrade Instructions for OpenBSM 2155310Srwatson-------------------------------- 3155310Srwatson 4156288SrwatsonOpenBSM integrates into the FreeBSD source tree in several places: 5155310Srwatson 6156288Srwatsonsrc/contrib/openbsm The OpenBSM distribution itself 7156288Srwatsonsrc/sys/bsm Modified versions of some bsm/ include files 8156288Srwatsonsrc/sys/security/audit Kernel audit framework, some OpenBSM-based files 9156288Srwatsonsrc/usr.sbin/*audit* Makefiles for various OpenBSM tools 10156288Srwatsonsrc/etc/Makefile Installation of /etc OpenBSM files 11156288Srwatsonsrc/lib/libbsm/* Build for OpenBSM library 12156288Srwatson 13156288SrwatsonOpenBSM is normally built using an integrated autoconf/automake build 14156288Srwatsonsystem. For the purposes of tight integration with FreeBSD, we use an 15156310Srwatsonadapted BSD make (bmake) build system loosely based on the automake 16156288Srwatsonsetup. We also rely on a static config.h generated when OpenBSM is 17156288Srwatsonimported, rather than re-configuring every build. This leads to a 18156288Srwatsonmore reproduceable build environment, and avoids dependence on things 19156288Srwatsonnot in the base tree (i.e., autoconf, automake, GNU make, etc). An 20156288Srwatsonupgrade of OpenBSM generally involves the following steps: 21156288Srwatson 22156288Srwatson- Vendor import of OpenBSM into src/contrib. 23156288Srwatson- Run configure, commit src/contrib/openbsm/config/config.h. 24156288Srwatson- Replication of src/contrib/openbsm/bsm changes into src/sys/bsm. 25156288Srwatson- Possible updates to src/sys/security/audit, especially relating to 26161636Srwatson audit_bsm_token.c. 27156288Srwatson- Update any library, tool, or etc BSD Makefiles to add new files, 28156288Srwatson defines, or other generally useful or necessary things. 29156288Srwatson 30161866SrwatsonCertain files are present only in the vendor branch, and not in FreeBSD 31161866Srwatsondevelopment branches: 32156288Srwatson 33161866Srwatson contrib/openbsm/bsm audit.h audit_internal.h audit_kevents.h 34161866Srwatson audit_record.h 35161866Srwatson 36161866SrwatsonThis prevents confusion regarding whether the src/sys/bsm or contrib 37161866Srwatsonversions of the include files should be used in the build. Normally, the 38161866SrwatsonCVS vendor import goes along the following lines: 39161866Srwatson 40155310Srwatson cd ~/p4/projects/trustedbsd/openbsm 41159984Srwatson cvs -n -d rwatson@repoman.FreeBSD.org:/home/ncvs -q import \ 42159984Srwatson src/contrib/openbsm TrustedBSD OPENBSM_1_0_ALPHA_1 43155310Srwatson 44159984SrwatsonReplacing the version string as required. Remove the "-n" argument once 45159984Srwatsonthe import is tested in order to perform the actual import. 46155310Srwatson 47156288SrwatsonPropagation of changes to src/sys/{bsm,security/audit} is something that 48156288Srwatsonrequires careful coordination and attention to detail. These files are 49156288Srwatsonnot on CVS vendor branches, but do have the same local vs. vendor merge 50161636Srwatsonissues. Remember that contrib/openbsm (and the rest of the system) will 51161636Srwatsonbe built with the version of the bsm/ include files in src/sys/bsm, not 52161636Srwatsonthe version in contrib/openbsm/bsm, so buildworld tests before committing 53161636Srwatsonare necessary, and the commits to various parts of the system must be 54161636Srwatsonmade in close succession. 55155310Srwatson 56155310Srwatson$FreeBSD$ 57