Date: Mon, 3 May 2004 11:12:09 -0700 (PDT) From: Chris Vance <cvance@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 52152 for review Message-ID: <200405031812.i43IC9X0087006@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=52152 Change 52152 by cvance@cvance_g5 on 2004/05/03 11:11:52 Update installation instructions, significantly reducing the length and complexity. There are still a couple ugly steps at the end. Affected files ... .. //depot/projects/trustedbsd/sedarwin73/bootstrap_instructions.txt#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin73/bootstrap_instructions.txt#3 (text+ko) ==== @@ -23,6 +23,9 @@ //projects/trustedbsd/sedarwin73/... + The SEDarwin source CD will include a tarfile (sedarwin73.tgz) + containing these sources. + The remaining steps will assume that the current working directory at the start of each step is your local checkout of the sedarwin directory. @@ -38,9 +41,9 @@ cctools-495.2 These packages are included on the SEDarwin source CD, as well as a - tarfile containing binaries. - - Extract the tarfile into /usr/local on the build system. + tarfile containing binaries. Instead of building the individual + binaries, simply extract the tarfile into /usr/local on the build + system. cd /usr/local sudo tar xvzf buildtools_usrlocal.tgz @@ -50,120 +53,48 @@ You will need to customize a file named Makeconfig in the sedarwin directory so that the build can locate files that it needs. Several variables must be defined to follow the remainder of this build - and installation procedure. First, configure the DARWIN variable - to point at the sedarwin/apsl/xnu directory in your checkout: + and installation procedure. First, configure the SEDARWIN_ROOT + variable to point at the sedarwin73 directory: - DARWIN=/Users/andrew/p4/sedarwin/apsl/xnu + SEDARWIN_ROOT=/Users/andrew/p4/sedarwin/apsl/xnu - Next, define EXPORT_HDRS as the header file target relative to - your Darwin kernel build. Chances are, this default will work fine - for you if you're building XNU straight in the xnu tree: + Next, set the DESTDIR variable to point to a local destination + directory; this directory will be created to store the modified + kernel, system libraries, header files, and programs. The default + is to place them in the 'export' directory at the top of the build + tree. - EXPORT_HDRS=$(DARWIN)/BUILD/obj/EXPORT_HDRS + DESTDIR = $(SEDARWIN_ROOT)/export + + Finally, in order to override the owner and groups that are set by + system installation tools, set the EXPORT_OWNER variable to the user + and group of the person building the system. By default, the install + program will try to chown/chgrp the files to the root:wheel, resulting + in permission errors (unless you are building as root). - Finally, set the CFLAGS variable so that relative includes for - libraries and commands are right. The default here will likely also - work fine for you: + EXPORT_OWNER = cvance + - CFLAGS+=-I$(EXPORT_HDRS)/bsd -I$(EXPORT_HDRS) +Step 4: Build -Step 4: Create XNU export headers directory for use in building and - installing SEBSD headers + A top-level makefile automates the build process. To build the + kernel, libraries, and program binaries, run the following command + from the top of the extracted source tree: - In this step, the system headers included with the TrustedBSD/SEDarwin - version of the XNU source tree must be exported so that they can be - used for building and installing. - - cd apsl/xnu - make exporthdrs - cd ../.. + bsdmake NOTE: This step will fail if you have not installed bootstrap_cmds due to a dependence on the relpath tool. -Step 5: Install TrustedBSD/SEDarwin system headers +Step 5: Install TrustedBSD/SEDarwin into the export directory - In order to build many of the libraries and utilities required to - run TrustedBSD/SEDarwin, you will need to first install the system - headers for new system calls and services: + To install the kernel, libraries, and program binaries into the + temporary distribution directory, run the following command from the + top level of the source tree: + + bsdmake install - sudo make install-headers - - In particular, this will populate /usr/include with the extended - attribute, MAC, and SEBSD header files. - -Step 6: Build TrustedBSD and SEBSD support libraries - - Build the extended attribute support library: - - cd libextattr - make ; sudo make install - cd .. - - Build the MAC Framework support library: - - cd libmac - make ; sudo make install - cd .. - - Build the SEBSD support library: - - cd libsebsd - make ; sudo make install - cd .. - -Step 7: Build, Install Extended Attribute Tools - - cd extattr_cmds - make ; sudo make install - cd .. - -Step 8: Build, Install MAC Label Tools - - cd mac_cmds - make ; sudo make install - cd .. - -Step 9: Build, Install SEBSD Tools - - cd sebsd_cmds - make ; sudo make install - cd .. - -Step 9.1: Build and install modified MiG program - cd apsl/bootstrap_cmds/migcom.tproj - make ; sudo make install - cd ../../.. - - This mig program is compatible with old kernels as well, as long as the - new features are not used. - -Step 9.15: Install some modified Mach headers. You may want to save the old - headers also. - cp /usr/include/mach/message.h /usr/include/mach/mach_types.defs /tmp - cd apsl/xnu/BUILD/obj/EXPORT_HDRS/osfmk/mach - sudo cp message.h mach_types.defs /usr/include/mach - cd ../../../../../../.. - -Step 9.2: Build modified mach_init - BEFORE installing the new init program, save the original because this - one will only work with sedarwin kernels. - cd apsl/system_cmds/mach_init.tproj - make ; sudo make install - cd ../../.. - -Step 9.3: Build modified bootloader - The modified bootloader is necessary to read the security policy before - the root filesystem is available. It might work with other kernels as - well. - BEFORE installing this bootloader, make sure you have a working backup - partition (that boots) on the same machine. - cd apsl/BootX - chmod u+w bootx.tproj/bootinfo.hdr - make - sudo cp bootx.bootinfo /System/Library/CoreServices/BootX - cd ../.. - +XXX Danger below XXX Step 10: Build, Install wslogin and WindowServer wrapper In order to allow users to select roles during GUI login, you must @@ -190,115 +121,7 @@ sudo make install-window-server-wrapper cd ../.. -Step 11: Build SEDarwin Sample Policy - - Our sample policy file ships with three users: root, andrew, and rwatson. - Chances are, you'll want to add a line for your own user based on one of - those lines. - cd policy - make - sudo cp policy.16 / - sudo nvram load_sebsd_policy=policy.16 - cd .. - -Step 12: Build XNU - - NOTE: If you skipped the long and tedious elements of Step 2 above, - the chances are good this step will fail with a variety of hard to - interpret failures. - - cd apsl/xnu - make - - - Install the kernel. There are two choices for how to do this, which - depend on how you want to recover. If you have another working partition - on the same system (or a firewire disk), you can overwrite the default - kernel and not have to change OF settings. Then, to recover, hold down - "option" while rebooting, allowing a choice of boot partitions. The other - method is to change the kernel to boot in OF, while retaining the original - in the default location. - - If you have another working partition: - sudo cp /mach_kernel /mach_kernel.10.2.8 - sudo cp BUILD/obj/RELEASE_PPC/mach_kernel /mach_kernel - sudo chown root:wheel /mach_kernel - sudo chmod 644 /mach_kernel - cd ../.. - - Go to step 13. - - If you want to use OF to select the kernel: - sudo cp BUILD/obj/RELEASE_PPC/mach_kernel /mach_kernel.sedarwin - sudo chown root:wheel /mach_kernel.sedarwin - sudo chmod 644 /mach_kernel.sedarwin - cd ../.. - - Once you have a new kernel in place, you'll need to use the nvram - command to set that kernel as the active kernel by modifying the - bootfile variable: - - % nvram -p | grep boot - boot-script - boot-file - boot-command mac-boot - boot-args - boot-device mac-io/ata-4@1f000/@0:5,\\:tbxi - auto-boot? true - boot-screen - % sudo nvram "boot-file=mac-io/ata-4@1f000/@0:5,\mach_kernel.sedarwin" - - Note that the boot-file variable consists if {bootdevice},{filename}, - and that the bootdevice is extracted from the more confusing - boot-device OF variable as found above. - - As a quick note here: next time you boot, Open Firmware will boot - /mach_kernel.sedarwin. You can reset it using the nvram command, or - on boot you can press Command-Option-O-F to interactively set OF - variables, or press Command-Option-P-R to clear the PRAM in the event - of serious problems. Finally, you may want to set the boot-args flag - to "-v" to get a text-based boot with console messages, rather than the - pretty but less informative Apple logo, etc. If the system hangs during - verbose mode startup (whether running sedarwin or not), try using normal - boot options, as we have experienced unpredictable hangs with verbose - boots. - - We've found that boot-time failure modes with Darwin are a bit hard - to diagnose, and problems booting a new kernel frequent result in a - hang with the Apple logo showing. This can be a result of - incorrect permissions for the kernel file, among other things. We - recommend keeping a safe backup of your original mach_kernel in case - of accidental overwrite: - - sudo cp /mach_kernel /mach_kernel.safe - -Step 13: Build, Install "Libkvm" - - This will make sure that ps and related commands can read the new layout - of kernel memory due to changes in the size of kernel structures such - as processes and credentials. - - cd apsl/Libkvm - make ; sudo make install - cd ../.. - -Step 14: Build, Install "file_cmds" - - This will build commands like 'ls' with MAC label support. - - cd apsl/file_cmds - make ; sudo make install - cd ../.. - -Step 15: Build, Install "adv_cmds" - - This will build commands like 'ps' with MAC label support. - - cd other/adv_cmds - make ; sudo make install - cd ../.. - Step 16: Create extended attribute backing files This will allocate storage space for MAC labels on the root file system. @@ -310,18 +133,6 @@ sudo mkdir -p /.attribute/system sudo extattrctl initattr -p / 256 /.attribute/system/sebsd -Step 17: Install mac.conf - - cd etc - sudo make install - cd .. - -Step 17.9: Force kernel extension cache to be rebuilt - - sudo rm /System/Library/Extensions.kextcache /System/Library/Extensions.mkext - - You may need to do this before every reboot. - Step 18: Reboot At this point, you should now have a new Darwin kernel, support libraries,
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200405031812.i43IC9X0087006>