Re: bin/59990: /etc/security: first run mails megabytes of output

To: gnats-bugs%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Subject: Re: bin/59990: /etc/security: first run mails megabytes of output
From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
Date: Fri, 13 Feb 2026 05:38:23 +0000

The attached patch fixes this.  Some caveats; could stand review and
additional thought by other eyeballs than mine.

# HG changeset patch
# User Taylor R Campbell <riastradh%NetBSD.org@localhost>
# Date 1770960370 0
#      Fri Feb 13 05:26:10 2026 +0000
# Branch trunk
# Node ID 1b592182187334d0db950753ee819bfab9e74ed8
# Parent  b521b79a1472b92939551ff546413543818a32a9
# EXP-Topic riastradh-pr59990-securityfirstrun
/etc/security: Don't show `additions' on first run.

It is not helpful to send a multi-megabyte message with an entire
copy of /etc, ls -l /dev, and whatever else to the operator the first
run of /etc/security.  Instead, additions should be reported when
they are _changes_ from the stock installation.

Mechanism: If there's no /var/backups/.firstdone, we create it and
skip printing file additions into the report.

Caveats:

- This does leave a window between the time of installation and the
  time of the first daily cron job.

  => If that's important to avoid, you could avoid it by just running
     /etc/security once immediately after installation.

- This won't show file additions on _upgrade_ from an earlier version
  of NetBSD whose /etc/security didn't create
  /var/backups/.firstdone.

PR bin/59990: /etc/security: first run mails megabytes of output

diff -r b521b79a1472 -r 1b5921821873 etc/security
--- a/etc/security	Fri Nov 28 15:15:34 2025 +0000
+++ b/etc/security	Fri Feb 13 05:26:10 2026 +0000
@@ -44,6 +44,13 @@ if [ ! -d "$work_dir" ]; then
 	mkdir -p "$work_dir"
 fi
 
+if [ -f "$backup_dir/.firstdone" ]; then
+	firsttime=false
+else
+	firsttime=true
+	printf '' >>"$backup_dir/.firstdone"
+fi
+
 SECUREDIR=$(mktemp -d -t _securedir) || exit 1
 
 trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
@@ -161,11 +168,13 @@ backup_and_diff()
 				backup_file update $_file $CUR $BACK
 			fi
 		else
-			printf "\n======\n%s added\n======\n" $_file
-			if [ "$_printdiff" -ne 0 ]; then
-				diff ${diff_options} /dev/null $_file
-			else
-				echo "[changes omitted]"
+			if ! $firsttime; then
+				printf "\n======\n%s added\n======\n" $_file
+				if [ "$_printdiff" -ne 0 ]; then
+					diff ${diff_options} /dev/null $_file
+				else
+					echo "[changes omitted]"
+				fi
 			fi
 			backup_file add $_file $CUR $BACK
 		fi
@@ -855,9 +864,11 @@ if checkyesno check_devices; then
 				backup_file update $TMP1 $CUR $BACK
 			fi
 		else
-			printf "Device additions:\n" >> $ERR
-			column -t $TMP1 >> $ERR
-			printf "\n" >> $ERR
+			if ! $firsttime; then
+				printf "Device additions:\n" >> $ERR
+				column -t $TMP1 >> $ERR
+				printf "\n" >> $ERR
+			fi
 			backup_file add $TMP1 $CUR $BACK >> $ERR
 		fi
 	fi

Prev by Date: kern/59999: umass(4): disklabel takes minutes to fail on nonresponsive device
Next by Date: Re: bin/59990: /etc/security: first run mails megabytes of output
Previous by Thread: Re: bin/59990: /etc/security: first run mails megabytes of output
Next by Thread: Re: bin/59990: /etc/security: first run mails megabytes of output
Indexes:

Home | Main Index | Thread Index | Old Index