# Best way to check if freebsd-updates are available?



## japoc (May 31, 2017)

Hello,

I've been reading about

`freebsd-update cron`

That looks interesting. I'd be interested in receiving an email each time updates are available.
However I guess this would require me to install and configure sendmail, postfix or something like that to send me e-mails over the internet, right?
I think I'd rather have a script execute each time updates are available. Each time an update is available, this script would connect to one of my existing e-mail accounts (for example a gmail account) and send an email to me using this account. This is usually what I do to send emails programmatically. I don't like to rely on something like sendmail to send emails as these emails tend to be marked as spam, or sometimes are blocked by email providers.

So what is the correct way to check if freebsd-updates are available?
`freebsd-update fetch`
doesn't seem to provide a particular return code for this scenario.

Thanks for your advices.


----------



## SirDice (May 31, 2017)

The easiest is to sign up for the freebsd-announce@ mailinglist. Another way is to check https://www.freebsd.org/security/advisories.html and https://www.freebsd.org/security/notices.html.


----------



## drhowarddrfine (May 31, 2017)

japoc said:


> I guess this would require me to install and configure sendmail


sendmail(8) is already installed on your system. I don't know how much configuration you would have to do to make it work with freebsd-update(8).



japoc said:


> I don't like to rely on something like sendmail to send emails as these emails tend to be marked as spam, or sometimes are blocked by email providers.


That has nothing to do with sendmail(8) and everything to do with your reputation and email set up. Everyone who isn't MailChimp or Gmail has the same problem but it isn't always a problem everywhere if you set up your email properly. It's not effortless but not impossible either.


----------



## japoc (May 31, 2017)

SirDice said:


> The easiest is to sign up for the freebsd-announce@ mailinglist. Another way is to check https://www.freebsd.org/security/advisories.html and https://www.freebsd.org/security/notices.html.


Thanks, I'm going to subscribe to these mailing lists. Is there is a similar mailing list for security advisories about packages installed using pkg?


----------



## SirDice (May 31, 2017)

japoc said:


> Is there is a similar mailing list for security advisories about packages installed using pkg?


Not really, but you can use pkg-audit(8) for that. The weekly security periodic(8) scripts makes use of that:

```
Checking for packages with security vulnerabilities:
Database fetched: Sat May 27 03:58:25 UTC 2017
mariadb100-server-10.0.30_1
libressl-2.5.3
```


----------



## Max Khon (Oct 21, 2019)

You can use this: https://github.com/mkhon/zabbix-freebsd-release
Also obtains current version EoL from update.FreeBSD.org


----------



## richardtoohey2 (Oct 21, 2019)

For ports/packages you can look here: http://www.vuxml.org/freebsd/

I think that's what pkg audit will use.


----------



## ondra_knezour (Oct 22, 2019)

Also `freebsd-update updatesready` should be coming in the next releases.


> Like discussed somewhere else, I also added an updatesready command that can be used to check if there are any pending fetched updates that can be installed. It exits on status code 2 in case there aren't any pending updates so that if one can tell apart exit 1 (=error) from it (right now there is no code path for that, but if more checks are added in the future this could be useful).


----------



## JAW (Mar 21, 2020)

SirDice said:


> The easiest is to sign up for the freebsd-announce@ mailinglist. Another way is to check https://www.freebsd.org/security/advisories.html and https://www.freebsd.org/security/notices.html.





SirDice said:


> Not really, but you can use pkg-audit(8) for that. The weekly security periodic(8) scripts makes use of that:





ondra_knezour said:


> Also `freebsd-update updatesready` should be coming in the next releases.



How come the periodic(8) scripts check the packages for vulnerabilties, but do not check base?

Wouldn't it be useful if the daily security mail also checked for an outdated base (possibly using the `freebsd-update updatesready`)?


----------



## SirDice (Mar 23, 2020)

JAW said:


> How come the periodic(8) scripts check the packages for vulnerabilties, but do not check base?
> 
> Wouldn't it be useful if the daily security mail also checked for an outdated base (possibly using the  freebsd-update updatesready)?


That option didn't exist back then (I wrote that 3 years ago).


----------



## JAW (Mar 23, 2020)

SirDice said:


> That option didn't exist back then (I wrote that 3 years ago).



I suppose it only works after doing a `freebsd-update fetch` beforehand though. But it would still be nice if the periodic security email informed us that base could be vulnerable.


----------



## ctaranotte (Mar 23, 2020)

If you have a RSS feed reader, just subscribe to:


			http://www.freebsd.org/security/rss.xml
		


And you will know when to fetch, what updates and why.


----------

