Hi, when security(8) uses open(..., '-|', ...) to fork a command and capture the output, and that command fails, it reports the exit status in the daily security mail. One of the commands forked that way is diff(1), which is documented as follows:
EXIT STATUS The diff utility exits with one of the following values: 0 No differences were found. 1 Differences were found. >1 An error occurred. So arguably, for diff(1), exit status 1 means "success", and Antoine has a point in arguing that the following output is both ugly and useless: ====== /etc/man.conf diffs (-OLD +NEW) ====== diff: exit code 1 ... The following diff gets rid of the line "diff: exit code 1" just in this particular case (exit code 1 from diff) without changing anything for other commands or for other exit codes. OK? Ingo Index: security =================================================================== RCS file: /cvs/src/libexec/security/security,v retrieving revision 1.34 diff -u -p -r1.34 security --- security 27 Mar 2015 13:26:19 -0000 1.34 +++ security 19 Apr 2015 12:15:45 -0000 @@ -738,7 +738,11 @@ sub diff { and return; local $/; my $diff = <$fh>; - close_or_nag $fh, "diff"; + { + close $fh and last; + nag $!, "diff: error closing pipe: $!" and last; + nag $? >> 8 > 1, "diff: exit code " . ($? >> 8); + } return nag !!$diff, $diff; }