FYI: OpenBSM 1.0 alpha 4 tarball up for download

Fri Feb 24 16:25:51 PST 2006

On Fri, 24 Feb 2006, Martin Fong wrote:

> Robert Watson wrote,
>
>>  This is an FYI that the OpenBSM 1.0a4 tarball is now available for
>>  download on the OpenBSM web page:
>>
>>       http://www.OpenBSM.org/
>
> I've downloaded a copy but have encountered the following compilation
> problems while building on Mac OS X 10.4.5:

It sounds like all of these problems, with the exception of LOG_SECURITY, have 
to do with differences in the BSD make framework in FreeBSD and Darwin.  At 
least some of these problems did not always exist, so it could well be that 
the BSD make parts in Darwin are decaying over time (the -lSystem error, for 
example).  More below.

> - Various Makefiles have incorrectly defined CFLAGS+ options;
>  specifically, there are embedded spaces after '-L':

I've merged changes to remove these spaces.  I'm unclear whether this is a new 
problem or not.

>    building shared library libbsm.1.dylib
>    /usr/bin/libtool: for architecture: cputype (16777234) cpusubtype
>    (0) file: -lSystem is not an object file (not allowed in a
>    library)
...
>  Is this due to a development environment requirement other than
>  using bsdmake?

I'm sure this error wasn't always present -- it could be a result of changes 
in Tiger.

> - While building bin/auditd, I got the following:
>
>    cc -O -pipe -I- -I../.. -I../../libbsm -L../../libbsm -I. -c auditd.c
>    auditd.c: In function `main':
>    auditd.c:798: error: `LOG_SECURITY' undeclared (first use in this 
> function)
>    auditd.c:798: error: (Each undeclared identifier is reported only once
>    auditd.c:798: error: for each function it appears in.)
>    *** Error code 1
>
>  Where is LOG_SECURITY defined?

In FreeBSD.  In Darwin, we should use LOG_AUTH.  I've submitted a change to 
Perforce to check for the definition of LOG_SECURITY and use LOG_AUTH instead 
if it's not present.  It might be desirable to use LOG_AUTHPRIV, which appears 
to be in 10.4.x, but I've not checked earlier versions.

> - While building bin/audit, I got the following:
>
>    make: don't know how to make audit.1. Stop
>
>  (N.b., audit/Makefile only declares audit.8 and not audit.1.)
>
>     I look forward to your suggestions,

This sounds like a different in the BSD makefile infrastructure.  Sadly, I 
think the lesson here is one we knew already: that for the portable 
distribution of OpenBSM, we need to use a more portable Makefile 
infrastructure.  For the version integrated into FreeBSD, we can use the 
FreeBSD Makefile infrastructure.  The direction taken in OpenPAM was to use 
GNU make and configure for the separate (non-FreeBSD-integrated) distribution. 
This sounds like it's probably the right way to go.  However, I don't have 
much experience with these, so it may take a bit of reading, or someone else 
contributing those changes.  However, getting the build working on Solaris and 
Linux would be great, and might well fall out more naturally once that change 
is made.

Once I worked around the above problems, I also ran into an issue where the 
build of auditd was missing the symbol for gatauevent_r.  This appears to be 
because the Apple libbsm in /usr/lib is taking precedence over the local one 
in the openbsm/libbsm tree.

Thanks for the feedback!

Robert N M Watson