PERFORCE change 52152 for review
Chris Vance
cvance at FreeBSD.org
Mon May 3 18:12:09 GMT 2004
http://perforce.freebsd.org/chv.cgi?CH=52152
Change 52152 by cvance at cvance_g5 on 2004/05/03 11:11:52
Update installation instructions, significantly reducing the length
and complexity. There are still a couple ugly steps at the end.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin73/bootstrap_instructions.txt#3 edit
Differences ...
==== //depot/projects/trustedbsd/sedarwin73/bootstrap_instructions.txt#3 (text+ko) ====
@@ -23,6 +23,9 @@
//projects/trustedbsd/sedarwin73/...
+ The SEDarwin source CD will include a tarfile (sedarwin73.tgz)
+ containing these sources.
+
The remaining steps will assume that the current working directory
at the start of each step is your local checkout of the sedarwin
directory.
@@ -38,9 +41,9 @@
cctools-495.2
These packages are included on the SEDarwin source CD, as well as a
- tarfile containing binaries.
-
- Extract the tarfile into /usr/local on the build system.
+ tarfile containing binaries. Instead of building the individual
+ binaries, simply extract the tarfile into /usr/local on the build
+ system.
cd /usr/local
sudo tar xvzf buildtools_usrlocal.tgz
@@ -50,120 +53,48 @@
You will need to customize a file named Makeconfig in the sedarwin
directory so that the build can locate files that it needs. Several
variables must be defined to follow the remainder of this build
- and installation procedure. First, configure the DARWIN variable
- to point at the sedarwin/apsl/xnu directory in your checkout:
+ and installation procedure. First, configure the SEDARWIN_ROOT
+ variable to point at the sedarwin73 directory:
- DARWIN=/Users/andrew/p4/sedarwin/apsl/xnu
+ SEDARWIN_ROOT=/Users/andrew/p4/sedarwin/apsl/xnu
- Next, define EXPORT_HDRS as the header file target relative to
- your Darwin kernel build. Chances are, this default will work fine
- for you if you're building XNU straight in the xnu tree:
+ Next, set the DESTDIR variable to point to a local destination
+ directory; this directory will be created to store the modified
+ kernel, system libraries, header files, and programs. The default
+ is to place them in the 'export' directory at the top of the build
+ tree.
- EXPORT_HDRS=$(DARWIN)/BUILD/obj/EXPORT_HDRS
+ DESTDIR = $(SEDARWIN_ROOT)/export
+
+ Finally, in order to override the owner and groups that are set by
+ system installation tools, set the EXPORT_OWNER variable to the user
+ and group of the person building the system. By default, the install
+ program will try to chown/chgrp the files to the root:wheel, resulting
+ in permission errors (unless you are building as root).
- Finally, set the CFLAGS variable so that relative includes for
- libraries and commands are right. The default here will likely also
- work fine for you:
+ EXPORT_OWNER = cvance
+
- CFLAGS+=-I$(EXPORT_HDRS)/bsd -I$(EXPORT_HDRS)
+Step 4: Build
-Step 4: Create XNU export headers directory for use in building and
- installing SEBSD headers
+ A top-level makefile automates the build process. To build the
+ kernel, libraries, and program binaries, run the following command
+ from the top of the extracted source tree:
- In this step, the system headers included with the TrustedBSD/SEDarwin
- version of the XNU source tree must be exported so that they can be
- used for building and installing.
-
- cd apsl/xnu
- make exporthdrs
- cd ../..
+ bsdmake
NOTE: This step will fail if you have not installed bootstrap_cmds
due to a dependence on the relpath tool.
-Step 5: Install TrustedBSD/SEDarwin system headers
+Step 5: Install TrustedBSD/SEDarwin into the export directory
- In order to build many of the libraries and utilities required to
- run TrustedBSD/SEDarwin, you will need to first install the system
- headers for new system calls and services:
+ To install the kernel, libraries, and program binaries into the
+ temporary distribution directory, run the following command from the
+ top level of the source tree:
+
+ bsdmake install
- sudo make install-headers
-
- In particular, this will populate /usr/include with the extended
- attribute, MAC, and SEBSD header files.
-
-Step 6: Build TrustedBSD and SEBSD support libraries
-
- Build the extended attribute support library:
-
- cd libextattr
- make ; sudo make install
- cd ..
-
- Build the MAC Framework support library:
-
- cd libmac
- make ; sudo make install
- cd ..
-
- Build the SEBSD support library:
-
- cd libsebsd
- make ; sudo make install
- cd ..
-
-Step 7: Build, Install Extended Attribute Tools
-
- cd extattr_cmds
- make ; sudo make install
- cd ..
-
-Step 8: Build, Install MAC Label Tools
-
- cd mac_cmds
- make ; sudo make install
- cd ..
-
-Step 9: Build, Install SEBSD Tools
-
- cd sebsd_cmds
- make ; sudo make install
- cd ..
-
-Step 9.1: Build and install modified MiG program
- cd apsl/bootstrap_cmds/migcom.tproj
- make ; sudo make install
- cd ../../..
-
- This mig program is compatible with old kernels as well, as long as the
- new features are not used.
-
-Step 9.15: Install some modified Mach headers. You may want to save the old
- headers also.
- cp /usr/include/mach/message.h /usr/include/mach/mach_types.defs /tmp
- cd apsl/xnu/BUILD/obj/EXPORT_HDRS/osfmk/mach
- sudo cp message.h mach_types.defs /usr/include/mach
- cd ../../../../../../..
-
-Step 9.2: Build modified mach_init
- BEFORE installing the new init program, save the original because this
- one will only work with sedarwin kernels.
- cd apsl/system_cmds/mach_init.tproj
- make ; sudo make install
- cd ../../..
-
-Step 9.3: Build modified bootloader
- The modified bootloader is necessary to read the security policy before
- the root filesystem is available. It might work with other kernels as
- well.
- BEFORE installing this bootloader, make sure you have a working backup
- partition (that boots) on the same machine.
- cd apsl/BootX
- chmod u+w bootx.tproj/bootinfo.hdr
- make
- sudo cp bootx.bootinfo /System/Library/CoreServices/BootX
- cd ../..
-
+XXX Danger below XXX
Step 10: Build, Install wslogin and WindowServer wrapper
In order to allow users to select roles during GUI login, you must
@@ -190,115 +121,7 @@
sudo make install-window-server-wrapper
cd ../..
-Step 11: Build SEDarwin Sample Policy
-
- Our sample policy file ships with three users: root, andrew, and rwatson.
- Chances are, you'll want to add a line for your own user based on one of
- those lines.
- cd policy
- make
- sudo cp policy.16 /
- sudo nvram load_sebsd_policy=policy.16
- cd ..
-
-Step 12: Build XNU
-
- NOTE: If you skipped the long and tedious elements of Step 2 above,
- the chances are good this step will fail with a variety of hard to
- interpret failures.
-
- cd apsl/xnu
- make
-
-
- Install the kernel. There are two choices for how to do this, which
- depend on how you want to recover. If you have another working partition
- on the same system (or a firewire disk), you can overwrite the default
- kernel and not have to change OF settings. Then, to recover, hold down
- "option" while rebooting, allowing a choice of boot partitions. The other
- method is to change the kernel to boot in OF, while retaining the original
- in the default location.
-
- If you have another working partition:
- sudo cp /mach_kernel /mach_kernel.10.2.8
- sudo cp BUILD/obj/RELEASE_PPC/mach_kernel /mach_kernel
- sudo chown root:wheel /mach_kernel
- sudo chmod 644 /mach_kernel
- cd ../..
-
- Go to step 13.
-
- If you want to use OF to select the kernel:
- sudo cp BUILD/obj/RELEASE_PPC/mach_kernel /mach_kernel.sedarwin
- sudo chown root:wheel /mach_kernel.sedarwin
- sudo chmod 644 /mach_kernel.sedarwin
- cd ../..
-
- Once you have a new kernel in place, you'll need to use the nvram
- command to set that kernel as the active kernel by modifying the
- bootfile variable:
-
- % nvram -p | grep boot
- boot-script
- boot-file
- boot-command mac-boot
- boot-args
- boot-device mac-io/ata-4 at 1f000/@0:5,\\:tbxi
- auto-boot? true
- boot-screen
- % sudo nvram "boot-file=mac-io/ata-4 at 1f000/@0:5,\mach_kernel.sedarwin"
-
- Note that the boot-file variable consists if {bootdevice},{filename},
- and that the bootdevice is extracted from the more confusing
- boot-device OF variable as found above.
-
- As a quick note here: next time you boot, Open Firmware will boot
- /mach_kernel.sedarwin. You can reset it using the nvram command, or
- on boot you can press Command-Option-O-F to interactively set OF
- variables, or press Command-Option-P-R to clear the PRAM in the event
- of serious problems. Finally, you may want to set the boot-args flag
- to "-v" to get a text-based boot with console messages, rather than the
- pretty but less informative Apple logo, etc. If the system hangs during
- verbose mode startup (whether running sedarwin or not), try using normal
- boot options, as we have experienced unpredictable hangs with verbose
- boots.
-
- We've found that boot-time failure modes with Darwin are a bit hard
- to diagnose, and problems booting a new kernel frequent result in a
- hang with the Apple logo showing. This can be a result of
- incorrect permissions for the kernel file, among other things. We
- recommend keeping a safe backup of your original mach_kernel in case
- of accidental overwrite:
-
- sudo cp /mach_kernel /mach_kernel.safe
-
-Step 13: Build, Install "Libkvm"
-
- This will make sure that ps and related commands can read the new layout
- of kernel memory due to changes in the size of kernel structures such
- as processes and credentials.
-
- cd apsl/Libkvm
- make ; sudo make install
- cd ../..
-
-Step 14: Build, Install "file_cmds"
-
- This will build commands like 'ls' with MAC label support.
-
- cd apsl/file_cmds
- make ; sudo make install
- cd ../..
-
-Step 15: Build, Install "adv_cmds"
-
- This will build commands like 'ps' with MAC label support.
-
- cd other/adv_cmds
- make ; sudo make install
- cd ../..
-
Step 16: Create extended attribute backing files
This will allocate storage space for MAC labels on the root file system.
@@ -310,18 +133,6 @@
sudo mkdir -p /.attribute/system
sudo extattrctl initattr -p / 256 /.attribute/system/sebsd
-Step 17: Install mac.conf
-
- cd etc
- sudo make install
- cd ..
-
-Step 17.9: Force kernel extension cache to be rebuilt
-
- sudo rm /System/Library/Extensions.kextcache /System/Library/Extensions.mkext
-
- You may need to do this before every reboot.
-
Step 18: Reboot
At this point, you should now have a new Darwin kernel, support libraries,
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list