# Repeating 'security updates' emails



## dvl@ (May 10, 2014)

I keep getting these emails every day. 


```
Looking up update.FreeBSD.org mirrors... 5 mirrors found.
Fetching metadata signature for 9.2-RELEASE from update3.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

The following files will be updated as part of updating to 9.2-RELEASE-p5:
/boot/kernel/linker.hints
```

Running `freebsd-update` does not resolve this issue. Such emails lose their urgency after a few weeks. Soon, people will start to ignore them entirely.

What can I do to help fix this annoying bug?

(Typed on phone; sorry for any typos)


----------



## wblock@ (May 10, 2014)

Maybe redirect stdout for that command in crontab(5), leaving stderr so it'll send mail only if there's a problem.


----------



## dvl@ (May 10, 2014)

That would also block authentic 'security updates' emails.


----------



## xtaz (May 11, 2014)

I have this in my /etc/periodic.conf file:


```
daily_output="/var/log/daily.log"
weekly_output="/var/log/weekly.log"
monthly_output="/var/log/monthly.log"
daily_status_security_inline="YES"
weekly_status_security_inline="YES"
monthly_status_security_inline="YES"
```

Which just logs the output to those files which are automatically rotated by settings in /etc/newsyslog.conf. This means I can still go and check the content of the files but means I don't have to be bothered by a daily email. The _inline variables make the security one be part of the others rather than its own separate mail, that might be more what you're looking for?


----------



## dvl@ (May 11, 2014)

Not quite.

I still want the email from freebsd-update when an update is required.  At the moment, freebsd-update is sending a false-postive; no update is required.  The server in question is already on the version which freebsd-update claims I need to upgrade to.

Perhaps a better goal is a nagios-like check.  Some kind of command we could issue to determine if the system needs an update.


----------



## kjpetrie (May 11, 2014)

I'm glad I'm not the only one suffering from this. I thought it must be something wrong with my server and I've been waiting for help at http://forums.freebsd.org/viewtopic.php?f=4&t=46269.

I don't know how the update process records what it's done, but I presume it's missing the fact it's updated linker.hints and every time it checks thinks the file still needs replacing. It ought to be fairly simple to fix if someone can point us to the right information (well, unless it requires us to edit a binary file, of course)!


----------



## dvl@ (May 11, 2014)

I have started creating a custom script for use with Nagios: https://gist.github.com/dlangille/f8cbf363aef45ced0c0f

FYI, raised a portaudit bug in February, and supplied a patch.  Still not working with pkg.  http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/186562


----------



## kjpetrie (May 11, 2014)

Maybe you're too unassuming in marking it as non-critical and low priority. It strikes me something that delays the application of security updates by hiding the need among cries of "Wolf!" is both critical and high priority.


----------



## dvl@ (May 12, 2014)

A good point.

I've replied to the PR suggesting a bump and pointed to my gist.


----------



## dvl@ (May 12, 2014)

see also http://forums.freebsd.org/viewtopic.php?f=4&t=46369


----------



## kpa (May 14, 2014)

This looks like a solution to the problem.

http://www.freebsd.org/security/advisories/FreeBSD-EN-14:04.kldxref.asc


----------



## kjpetrie (May 15, 2014)

Sadly not. The problem persists after applying p13 and rebooting.


----------

