From owner-p4-projects@FreeBSD.ORG  Mon Mar  1 11:05:47 2004
Return-Path: <owner-p4-projects@FreeBSD.ORG>
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 7BBB216A4D0; Mon,  1 Mar 2004 11:05:47 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3BCDB16A4CE
	for <perforce@freebsd.org>; Mon,  1 Mar 2004 11:05:47 -0800 (PST)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3572D43D2F
	for <perforce@freebsd.org>; Mon,  1 Mar 2004 11:05:47 -0800 (PST)
	(envelope-from areisse@nailabs.com)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.12.10/8.12.10) with ESMTP id i21J5lGe039409
	for <perforce@freebsd.org>; Mon, 1 Mar 2004 11:05:47 -0800 (PST)
	(envelope-from areisse@nailabs.com)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.12.10/8.12.10/Submit) id i21J5ix5039405
	for perforce@freebsd.org; Mon, 1 Mar 2004 11:05:44 -0800 (PST)
	(envelope-from areisse@nailabs.com)
Date: Mon, 1 Mar 2004 11:05:44 -0800 (PST)
Message-Id: <200403011905.i21J5ix5039405@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	areisse@nailabs.com using -f
From: Andrew Reisse <areisse@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Subject: PERFORCE change 47927 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Mar 2004 19:05:48 -0000

http://perforce.freebsd.org/chv.cgi?CH=47927

Change 47927 by areisse@areisse_ibook on 2004/03/01 11:05:35

	use sudo instead of su

Affected files ...

.. //depot/projects/trustedbsd/sedarwin/bootstrap_instructions.txt#28 edit

Differences ...

==== //depot/projects/trustedbsd/sedarwin/bootstrap_instructions.txt#28 (text+ko) ====

@@ -13,6 +13,9 @@
   continuing, so that absolute paths and 'make install' targets
   will be in the right place.
 
+  Enabling sshd (under "Remote Login" in "Sharing" control panel)
+  will help in recovering systems that boot, but can't login graphically.
+
 Step 2: Check out TrustedBSD/SEDarwin source tree
 
   In our environment, this requires installing and configuring the
@@ -177,11 +180,10 @@
 
 Step 9.15: Install some modified Mach headers. You may want to save the old
     headers also.
-    su
     cp /usr/include/mach/message.h /usr/include/mach/mach_types.defs /tmp
-    cd apsl/xnu/BUILD/obj/EXPORT_HDRS
-    cp message.h mach_types.defs /usr/include/mach
-    exit
+    cd apsl/xnu/BUILD/obj/EXPORT_HDRS/osfmk/mach
+    sudo cp message.h mach_types.defs /usr/include/mach
+    cd ../../../../../../..
 
 Step 9.2: Build modified mach_init
     BEFORE installing the new init program, save the original because this
@@ -200,6 +202,7 @@
     chmod u+w bootx.tproj/bootinfo.hdr
     make
     sudo cp bootx.bootinfo /System/Library/CoreServices/BootX
+    cd ../..
 
 Step 10: Build, Install wslogin and WindowServer wrapper
 
@@ -247,6 +250,26 @@
 
     cd apsl/xnu
     make
+
+
+  Install the kernel. There are two choices for how to do this, which
+  depend on how you want to recover. If you have another working partition
+  on the same system (or a firewire disk), you can overwrite the default
+  kernel and not have to change OF settings. Then, to recover, hold down
+  "option" while rebooting, allowing a choice of boot partitions. The other
+  method is to change the kernel to boot in OF, while retaining the original
+  in the default location.
+
+ If you have another working partition:
+    sudo cp /mach_kernel /mach_kernel.10.2.8
+    sudo cp BUILD/obj/RELEASE_PPC/mach_kernel /mach_kernel
+    sudo chown root:wheel /mach_kernel
+    sudo chmod 644 /mach_kernel
+    cd ../..
+
+    Go to step 13.
+
+ If you want to use OF to select the kernel:
     sudo cp BUILD/obj/RELEASE_PPC/mach_kernel /mach_kernel.sedarwin
     sudo chown root:wheel /mach_kernel.sedarwin
     sudo chmod 644 /mach_kernel.sedarwin
@@ -302,7 +325,7 @@
 
 Step 14: Build, Install "file_cmds"
 
-  This will build commands like ls with MAC label support.
+  This will build commands like 'ls' with MAC label support.
 
     cd apsl/file_cmds
     make ; sudo make install
@@ -310,7 +333,7 @@
 
 Step 15: Build, Install "adv_cmds"
 
-  This will build commands like ps with MAC label support.
+  This will build commands like 'ps' with MAC label support.
 
     cd other/adv_cmds
     make ; sudo make install
@@ -324,7 +347,7 @@
   insert the same directory in front of "/.attribute/system/sebsd" to
   store the attributes in that file system.
 
-    mkdir -p /.attribute/system
+    sudo mkdir -p /.attribute/system
     sudo extattrctl initattr -p / 256 /.attribute/system/sebsd
 
 Step 17: Install mac.conf
@@ -354,4 +377,4 @@
   If you want to run in enforcing mode, you can use the "kenv_sebsd_enforce"
   OF variable. Set it with:
   
-  # nvram kenv_sebsd_enforce=1
+    sudo nvram kenv_sebsd_enforce=1