Latest revision as of 11:51, 2 February 2024

Deprecating libuser and removing passwd package from Fedora

Summary

Libuser is not actively developed. Most of the depending component have build-time option to work without libuser.

Owner

Name: Tomas Halman
Email: <thalman@redhat.com>

Current status

Targeted release: Fedora Linux 40
Last updated: 2024-02-02
devel thread
FESCo issue: #3024
Tracker bug: #2233275
Release notes tracker: N/A

Detailed Description

The libuser provides library and command line utilities to manipulate user and group information. The purpose of the library is/was to hide the differences between users in LDAP and files in etc (passwd, groups...). The support for LDAP is not complete and there is no plan to extend the functionality.

The LDAP integration in Fedora is nowadays done by SSSD.

In the past, the libuser was used by more component including Fedora installer. Currently the list is short

usermode (Requires development, it is not complicated but the dependency is unconditional)
util-linux (compile time option)
passwd (I suggest to ship passwd utility from shadow-utils instead of passwd and drop passwd package as well)

Feedback

Benefit to Fedora

The main benefit is to decrease the maintenance and packaging work on library that does not bring much value while the functionality is provided by another components.

Scope

Proposal owners: Deprecate libuser, remove dependencies from packages listed bellow. From the discussion in Fedora mailing list I see that there are valid cases where libuser is used (puppet for example). Keeping libuser available (but deprecated) will allow people with those requirements to adapt. Removing dependencies now allows us to avoid libuser being installed everywhere. It will also allow us to drop the package easily in one of the next Fedora versions (f41).

Other developers:
- Update usermode code to make libuser dependency configurable.
- Update usermode packaging to compile it without libuser
- Change packaging of util-linux to compile without libuser dependency
- Change packaging of shadow-utils to provide passwd utility

Release engineering: [1]

Libuser is part of base image and must be removed. IMO mass rebuild is not required.

Policies and guidelines: Since this is about dropping packages release notes must be updated.

Trademark approval: N/A (not needed for this Change)

Alignment with Community Initiatives: N/A

Upgrade/compatibility impact

People who used libuser to manipulate users in LDAP will have to move to SSSD.

How To Test

remove libuser, passwd, install new shadow-utils, usermode and util-linux
try to change password of some user
try to modify user using usermode
expected results: everything works normally

User Experience

Generally this change should not be visible for users. There are still small differences.

Changes in passwd utility

Differences between old and new passwd utility
old passwd options	new passwd options	Comment
-n, --minimum	-n, --mindays	Switch names differ, function is the same
-x, --maximum	-x, --maxdays	Switch names differ, function is the same
-w, --warning	-w, --warndays	Switch names differ, function is the same
--stdin	-s, --stdin	This option has been newly implemented in shadow utils passwd
--force		This option is not available in the shadow utils passwd

Dependencies

usermode (code modification, packaging to drop libuser dependency)
shadow-utils (packaging to provide passwd utility
util-linux (packaging to drop libuser dependency)
passwd (drop package)

Contingency Plan

Contingency mechanism: Revert the shipped configuration
Contingency deadline: final development freeze
Blocks release? No

Documentation

There is no extra documentation for this change except release notes.

Release Notes

@@ Line 1: / Line 1: @@
-{{admon/important | Comments and Explanations | The page source contains comments providing guidance to fill out each section. They are invisible when viewing this page. To read it, choose the "view source" link.<br/> '''Copy the source to a ''new page'' before making changes!  DO NOT EDIT THIS TEMPLATE FOR YOUR CHANGE PROPOSAL.'''}}
-{{admon/tip | Guidance | For details on how to fill out this form, see the [https://docs.fedoraproject.org/en-US/program_management/changes_guide/ documentation].}}
+= Deprecating libuser and removing passwd package from Fedora =
-{{admon/tip | Report issues | To report an issue with this template, file an issue in the [https://pagure.io/fedora-pgm/pgm_docs pgm_docs repo].}}
-<!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name.  This keeps all change proposals in the same namespace -->
-= Removing libuser and passwd from Fedora =
-{{Change_Proposal_Banner}}
 == Summary ==
@@ Line 30: / Line 23: @@
 == Current status ==
-[[Category:ChangePageIncomplete]]
+[[Category:ChangeAcceptedF40]]
 <!-- When your change proposal page is completed and ready for review and announcement -->
 <!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
@@ Line 40: / Line 33: @@
 [[Category:SystemWideChange]]
-* Targeted release: [https://docs.fedoraproject.org/en-US/releases/f39/ Fedora Linux 39]
+* Targeted release: [https://docs.fedoraproject.org/en-US/releases/f40/ Fedora Linux 40]
 * Last updated: <!-- this is an automatic macro — you don't need to change this line -->  {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}}
 <!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page
@@ Line 48: / Line 41: @@
 ON_QA -> change is fully code complete
 -->
-* [<will be assigned by the Wrangler> devel thread]
+* [https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/M6UATQKVB7IQKJ6EIOAVPYGJB5KQM7VN/ devel thread]
-* FESCo issue: <will be assigned by the Wrangler>
+* FESCo issue: [https://pagure.io/fesco/issue/3024 #3024]
-* Tracker bug: <will be assigned by the Wrangler>
+* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=2233275 #2233275]
-* Release notes tracker: <will be assigned by the Wrangler>
+* Release notes tracker: N/A
 == Detailed Description ==
@@ Line 103: / Line 96: @@
 == Scope ==
-* Proposal owners: Dropping the package, move it to EPEL eventually
+* Proposal owners: Deprecate libuser, remove dependencies from packages listed bellow. From the discussion in Fedora mailing list I see that there are valid cases where libuser is used (puppet for example). Keeping libuser available (but deprecated) will allow people with those requirements to adapt. Removing dependencies now allows us to avoid libuser being installed everywhere. It will also allow us to drop the package easily in one of the next Fedora versions (f41).
 <!-- What work do the feature owners have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
@@ Line 135: / Line 130: @@
 <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
+People who used libuser to manipulate users in LDAP will have to move to SSSD.
 == How To Test ==
@@ Line 154: / Line 149: @@
 <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
+# remove libuser, passwd, install new shadow-utils, usermode and util-linux
+# try to change password of some user
+# try to modify user using usermode
+# expected results: everything works normally
 == User Experience ==
+Generally this change should not be visible for users.
+There are still small differences.
+=== Changes in passwd utility ===
+{| class="wikitable"
+|+ Differences between old and new passwd utility
+|-
+! old passwd options !! new passwd options !! Comment
+|-
+| -n, --minimum || -n, --mindays  || Switch names differ, function is the same
+|-
+| -x, --maximum || -x, --maxdays  || Switch names differ, function is the same
+|-
+| -w, --warning || -w, --warndays || Switch names differ, function is the same
+|-
+| --stdin || -s, --stdin || This option has been newly implemented in shadow utils passwd
+|-
+| --force ||  || This option is not available in the shadow utils passwd
+|}
 <!-- If this change proposal is noticeable by users, how will their experiences change as a result?
@@ Line 172: / Line 192: @@
 <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
+* usermode (code modification, packaging to drop libuser dependency)
+* shadow-utils (packaging to provide passwd utility
+* util-linux (packaging to drop libuser dependency)
+* passwd (drop package)
 == Contingency Plan ==
 <!-- If you cannot complete your feature by the final development freeze, what is the backup plan?  This might be as simple as "Revert the shipped configuration".  Or it might not (e.g. rebuilding a number of dependent packages).  If you feature is not completed in time we want to assure others that other parts of Fedora will not be in jeopardy.  -->
-* Contingency mechanism: (What to do?  Who will do it?) N/A (not a System Wide Change)  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
+* Contingency mechanism: Revert the shipped configuration  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 <!-- When is the last time the contingency mechanism can be put in place?  This will typically be the beta freeze. -->
-* Contingency deadline: N/A (not a System Wide Change)  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
+* Contingency deadline: final development freeze  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 <!-- Does finishing this feature block the release, or can we ship with the feature in incomplete state? -->
-* Blocks release? N/A (not a System Wide Change), Yes/No <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
+* Blocks release? No <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
 == Documentation ==
@@ Line 187: / Line 210: @@
 <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
-N/A (not a System Wide Change)
+There is no extra documentation for this change except release notes.
 == Release Notes ==

Search

Changes/LibuserDeprecation: Difference between revisions