Re: bin/59990: /etc/security: first run mails megabytes of output

["Taylor R Campbell via gnats" <gnats-admin%NetBSD.org@localhost>]

The following reply was made to PR bin/59990; it has been noted by GNATS.

From: Taylor R Campbell <riastradh%NetBSD.org@localhost>
To: gnats-bugs%NetBSD.org@localhost, netbsd-bugs%NetBSD.org@localhost
Cc: uwe%NetBSD.org@localhost
Subject: Re: bin/59990: /etc/security: first run mails megabytes of output
Date: Fri, 13 Feb 2026 05:38:23 +0000

 This is a multi-part message in MIME format.
 --=_17Wymd7lPaKOmlAiVMiz9N/EY5eA0fm1
 
 The attached patch fixes this.  Some caveats; could stand review and
 additional thought by other eyeballs than mine.
 
 --=_17Wymd7lPaKOmlAiVMiz9N/EY5eA0fm1
 Content-Type: text/plain; charset="ISO-8859-1"; name="pr59990-securityfirstrun"
 Content-Transfer-Encoding: quoted-printable
 Content-Disposition: attachment; filename="pr59990-securityfirstrun.patch"
 
 # HG changeset patch
 # User Taylor R Campbell <riastradh%NetBSD.org@localhost>
 # Date 1770960370 0
 #      Fri Feb 13 05:26:10 2026 +0000
 # Branch trunk
 # Node ID 1b592182187334d0db950753ee819bfab9e74ed8
 # Parent  b521b79a1472b92939551ff546413543818a32a9
 # EXP-Topic riastradh-pr59990-securityfirstrun
 /etc/security: Don't show `additions' on first run.
 
 It is not helpful to send a multi-megabyte message with an entire
 copy of /etc, ls -l /dev, and whatever else to the operator the first
 run of /etc/security.  Instead, additions should be reported when
 they are _changes_ from the stock installation.
 
 Mechanism: If there's no /var/backups/.firstdone, we create it and
 skip printing file additions into the report.
 
 Caveats:
 
 - This does leave a window between the time of installation and the
   time of the first daily cron job.
 
   =3D> If that's important to avoid, you could avoid it by just running
      /etc/security once immediately after installation.
 
 - This won't show file additions on _upgrade_ from an earlier version
   of NetBSD whose /etc/security didn't create
   /var/backups/.firstdone.
 
 PR bin/59990: /etc/security: first run mails megabytes of output
 
 diff -r b521b79a1472 -r 1b5921821873 etc/security
 --- a/etc/security	Fri Nov 28 15:15:34 2025 +0000
 +++ b/etc/security	Fri Feb 13 05:26:10 2026 +0000
 @@ -44,6 +44,13 @@ if [ ! -d "$work_dir" ]; then
  	mkdir -p "$work_dir"
  fi
 =20
 +if [ -f "$backup_dir/.firstdone" ]; then
 +	firsttime=3Dfalse
 +else
 +	firsttime=3Dtrue
 +	printf '' >>"$backup_dir/.firstdone"
 +fi
 +
  SECUREDIR=3D$(mktemp -d -t _securedir) || exit 1
 =20
  trap "/bin/rm -rf $SECUREDIR ; exit 0" EXIT INT QUIT PIPE
 @@ -161,11 +168,13 @@ backup_and_diff()
  				backup_file update $_file $CUR $BACK
  			fi
  		else
 -			printf "\n=3D=3D=3D=3D=3D=3D\n%s added\n=3D=3D=3D=3D=3D=3D\n" $_file
 -			if [ "$_printdiff" -ne 0 ]; then
 -				diff ${diff_options} /dev/null $_file
 -			else
 -				echo "[changes omitted]"
 +			if ! $firsttime; then
 +				printf "\n=3D=3D=3D=3D=3D=3D\n%s added\n=3D=3D=3D=3D=3D=3D\n" $_file
 +				if [ "$_printdiff" -ne 0 ]; then
 +					diff ${diff_options} /dev/null $_file
 +				else
 +					echo "[changes omitted]"
 +				fi
  			fi
  			backup_file add $_file $CUR $BACK
  		fi
 @@ -855,9 +864,11 @@ if checkyesno check_devices; then
  				backup_file update $TMP1 $CUR $BACK
  			fi
  		else
 -			printf "Device additions:\n" >> $ERR
 -			column -t $TMP1 >> $ERR
 -			printf "\n" >> $ERR
 +			if ! $firsttime; then
 +				printf "Device additions:\n" >> $ERR
 +				column -t $TMP1 >> $ERR
 +				printf "\n" >> $ERR
 +			fi
  			backup_file add $TMP1 $CUR $BACK >> $ERR
  		fi
  	fi
 
 --=_17Wymd7lPaKOmlAiVMiz9N/EY5eA0fm1--