freebsd-update IDS and mandoc.db

I have a script that runs freebsd-update IDS each night on all my servers. Since installing 11.0, I have noticed the following output:

Code:
/usr/share/man/mandoc.db has been modified!
/usr/share/man/mandoc.db has been modified!
/usr/share/man/mandoc.db has been modified!
/usr/share/openssl/man/mandoc.db has been modified!
/usr/share/openssl/man/mandoc.db has been modified!
/usr/share/openssl/man/mandoc.db has been modified!

If I patch my servers, the warnings go away for a couple of days then return, which suggests to me that the files are being modified outside of the patch updates. I can fix this by patching my servers again.

Code:
$ sudo freebsd-update fetch
Looking up update.FreeBSD.org mirrors... 4 mirrors found.
Fetching metadata signature for 11.0-RELEASE from update5.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

The following files will be updated as part of updating to 11.0-RELEASE-p3:
/usr/share/man/mandoc.db
/usr/share/openssl/man/mandoc.db

Questions:
1. Is it normal for the above listed mandoc.db files to change outside of patching?
2. If this is normal, should freebsd-update IDS even be checking these files?
3. Why are these files listed three times each in the freebsd-update IDS output? All of the other exceptions, such as /etc/crontab only show up once, as you would expect.
 
It's normal because those databases get updated from time to time, I believe by a periodic(8) job. The location of those databases is technically speaking wrong because if you take hier(7) literally they should be under /var/db and not be part of the IDS check at all.
 
Back
Top