From owner-p4-projects@FreeBSD.ORG  Fri Mar  3 22:04:13 2006
Return-Path: <owner-p4-projects@FreeBSD.ORG>
X-Original-To: p4-projects@freebsd.org
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id 56E3016A423; Fri,  3 Mar 2006 22:04:13 +0000 (GMT)
X-Original-To: perforce@freebsd.org
Delivered-To: perforce@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 165FB16A420
	for <perforce@freebsd.org>; Fri,  3 Mar 2006 22:04:13 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4D20043D62
	for <perforce@freebsd.org>; Fri,  3 Mar 2006 22:04:07 +0000 (GMT)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id k23M47CE078138
	for <perforce@freebsd.org>; Fri, 3 Mar 2006 22:04:07 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Received: (from perforce@localhost)
	by repoman.freebsd.org (8.13.1/8.13.1/Submit) id k23M46Ui078135
	for perforce@freebsd.org; Fri, 3 Mar 2006 22:04:06 GMT
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Fri, 3 Mar 2006 22:04:06 GMT
Message-Id: <200603032204.k23M46Ui078135@repoman.freebsd.org>
X-Authentication-Warning: repoman.freebsd.org: perforce set sender to
	bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
To: Perforce Change Reviews <perforce@freebsd.org>
Cc: 
Subject: PERFORCE change 92697 for review
X-BeenThere: p4-projects@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: p4 projects tree changes <p4-projects.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/p4-projects>
List-Post: <mailto:p4-projects@freebsd.org>
List-Help: <mailto:p4-projects-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/p4-projects>,
	<mailto:p4-projects-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 03 Mar 2006 22:04:14 -0000

http://perforce.freebsd.org/chv.cgi?CH=92697

Change 92697 by rwatson@rwatson_zoo on 2006/03/03 22:03:23

	Update FreeBSD integration notes for post-autoconf world.

Affected files ...

.. //depot/projects/trustedbsd/audit3/contrib/openbsm/FREEBSD-upgrade#2 edit

Differences ...

==== //depot/projects/trustedbsd/audit3/contrib/openbsm/FREEBSD-upgrade#2 (text) ====

@@ -1,7 +1,33 @@
 Upgrade Instructions for OpenBSM
 --------------------------------
 
-Currently this is very straight forward:
+OpenBSM integrates into the FreeBSD source tree in several places:
+
+src/contrib/openbsm        The OpenBSM distribution itself
+src/sys/bsm                Modified versions of some bsm/ include files
+src/sys/security/audit     Kernel audit framework, some OpenBSM-based files
+src/usr.sbin/*audit*       Makefiles for various OpenBSM tools
+src/etc/Makefile           Installation of /etc OpenBSM files
+src/lib/libbsm/*           Build for OpenBSM library
+
+OpenBSM is normally built using an integrated autoconf/automake build
+system.  For the purposes of tight integration with FreeBSD, we use an
+adapted BSD make (bmake) build system loosely based on the autmake
+setup.  We also rely on a static config.h generated when OpenBSM is
+imported, rather than re-configuring every build.  This leads to a
+more reproduceable build environment, and avoids dependence on things
+not in the base tree (i.e., autoconf, automake, GNU make, etc).  An
+upgrade of OpenBSM generally involves the following steps:
+
+- Vendor import of OpenBSM into src/contrib.
+- Run configure, commit src/contrib/openbsm/config/config.h.
+- Replication of src/contrib/openbsm/bsm changes into src/sys/bsm.
+- Possible updates to src/sys/security/audit, especially relating to
+  bsm_token.c.
+- Update any library, tool, or etc BSD Makefiles to add new files,
+  defines, or other generally useful or necessary things.
+
+Normally, the CVS vendor import goes along the following lines:
 
   cd ~/p4/projects/trustedbsd/openbsm
   cvs -d rwatson@repoman.FreeBSD.org:/home/ncvs -q import src/contrib/openbsm \
@@ -10,10 +36,9 @@
 Replacing the version string as required.  Use the "-n" argument to CVS to
 do a test run.
 
-Right now, no local FreeBSD modification or configuration is required.  In
-future OpenBSM versions, this is likely to change.
-
-After importing OpenBSM, make sure to propagate any changes to files that
-appear in both contrib/openbsm/bsm and sys/bsm.
+Propagation of changes to src/sys/{bsm,security/audit} is something that
+requires careful coordination and attention to detail.  These files are
+not on CVS vendor branches, but do have the same local vs. vendor merge
+issues.
 
 $FreeBSD: src/contrib/openbsm/FREEBSD-upgrade,v 1.2 2006/02/06 00:03:39 rwatson Exp $