From Fedora Project Wiki
(→‎Current status: Deferred to F40)
 
(7 intermediate revisions by 2 users not shown)
Line 44: Line 44:
* FESCo issue: [https://pagure.io/fesco/issue/3024 #3024]
* FESCo issue: [https://pagure.io/fesco/issue/3024 #3024]
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=2233275 #2233275]
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=2233275 #2233275]
* Release notes tracker: <will be assigned by the Wrangler>
* Release notes tracker: N/A


== Detailed Description ==
== Detailed Description ==
Line 96: Line 96:


== Scope ==
== Scope ==
* Proposal owners: Deprecate libuser, remove dependencies from packages listed bellow. From the discussion in Fedora mailing list I see that there are valid cases where libuser is used (puppet for example). Keeping libuser available (but deprecated) will allow people with those requirements to adapt. Removing dependencies now allows us to avoid libuser being installed everywhere. It will also allow us to drop the package easily in one of the next Fedora versions (f40).
* Proposal owners: Deprecate libuser, remove dependencies from packages listed bellow. From the discussion in Fedora mailing list I see that there are valid cases where libuser is used (puppet for example). Keeping libuser available (but deprecated) will allow people with those requirements to adapt. Removing dependencies now allows us to avoid libuser being installed everywhere. It will also allow us to drop the package easily in one of the next Fedora versions (f41).




Line 148: Line 148:


<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
0. no special hardware needed
 
1. remove libuser, passwd, install new shadow-utils, usermod and util-linux
# remove libuser, passwd, install new shadow-utils, usermode and util-linux
2. try to change password of some user
# try to change password of some user
3. try to modify user using usermod
# try to modify user using usermode
4. expected results: everything works normally
# expected results: everything works normally


== User Experience ==
== User Experience ==
This change should not be visible for users.
Generally this change should not be visible for users.
There are still small differences.
 
=== Changes in passwd utility ===
 
{| class="wikitable"
|+ Differences between old and new passwd utility
|-
! old passwd options !! new passwd options !! Comment
|-
| -n, --minimum || -n, --mindays  || Switch names differ, function is the same
|-
| -x, --maximum || -x, --maxdays  || Switch names differ, function is the same
|-
| -w, --warning || -w, --warndays || Switch names differ, function is the same
|-
| --stdin || -s, --stdin || This option has been newly implemented in shadow utils passwd
|-
| --force ||  || This option is not available in the shadow utils passwd
|}


<!-- If this change proposal is noticeable by users, how will their experiences change as a result?
<!-- If this change proposal is noticeable by users, how will their experiences change as a result?
Line 173: Line 192:
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->


* usermod (code modification, packaging to drop libuser dependency)
* usermode (code modification, packaging to drop libuser dependency)
* shadow-utils (packaging to provide passwd utility
* shadow-utils (packaging to provide passwd utility
* util-linux (packaging to drop libuser dependency)
* util-linux (packaging to drop libuser dependency)

Latest revision as of 11:51, 2 February 2024

Deprecating libuser and removing passwd package from Fedora

Summary

Libuser is not actively developed. Most of the depending component have build-time option to work without libuser.

Owner


Current status

Detailed Description

The libuser provides library and command line utilities to manipulate user and group information. The purpose of the library is/was to hide the differences between users in LDAP and files in etc (passwd, groups...). The support for LDAP is not complete and there is no plan to extend the functionality.

The LDAP integration in Fedora is nowadays done by SSSD.

In the past, the libuser was used by more component including Fedora installer. Currently the list is short

  • usermode (Requires development, it is not complicated but the dependency is unconditional)
  • util-linux (compile time option)
  • passwd (I suggest to ship passwd utility from shadow-utils instead of passwd and drop passwd package as well)


Feedback

Benefit to Fedora

The main benefit is to decrease the maintenance and packaging work on library that does not bring much value while the functionality is provided by another components.

Scope

  • Proposal owners: Deprecate libuser, remove dependencies from packages listed bellow. From the discussion in Fedora mailing list I see that there are valid cases where libuser is used (puppet for example). Keeping libuser available (but deprecated) will allow people with those requirements to adapt. Removing dependencies now allows us to avoid libuser being installed everywhere. It will also allow us to drop the package easily in one of the next Fedora versions (f41).


  • Other developers:
    • Update usermode code to make libuser dependency configurable.
    • Update usermode packaging to compile it without libuser
    • Change packaging of util-linux to compile without libuser dependency
    • Change packaging of shadow-utils to provide passwd utility


  • Release engineering: [1]

Libuser is part of base image and must be removed. IMO mass rebuild is not required.


  • Policies and guidelines: Since this is about dropping packages release notes must be updated.
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Community Initiatives: N/A

Upgrade/compatibility impact

People who used libuser to manipulate users in LDAP will have to move to SSSD.

How To Test

  1. remove libuser, passwd, install new shadow-utils, usermode and util-linux
  2. try to change password of some user
  3. try to modify user using usermode
  4. expected results: everything works normally

User Experience

Generally this change should not be visible for users. There are still small differences.

Changes in passwd utility

Differences between old and new passwd utility
old passwd options new passwd options Comment
-n, --minimum -n, --mindays Switch names differ, function is the same
-x, --maximum -x, --maxdays Switch names differ, function is the same
-w, --warning -w, --warndays Switch names differ, function is the same
--stdin -s, --stdin This option has been newly implemented in shadow utils passwd
--force This option is not available in the shadow utils passwd


Dependencies

  • usermode (code modification, packaging to drop libuser dependency)
  • shadow-utils (packaging to provide passwd utility
  • util-linux (packaging to drop libuser dependency)
  • passwd (drop package)

Contingency Plan

  • Contingency mechanism: Revert the shipped configuration
  • Contingency deadline: final development freeze
  • Blocks release? No

Documentation

There is no extra documentation for this change except release notes.

Release Notes