From Fedora Project Wiki

Removing libuser and passwd from Fedora

Important.png
This is a proposed Change for Fedora Linux.
This document represents a proposed Change. As part of the Changes process, proposals are publicly announced in order to receive community feedback. This proposal will only be implemented if approved by the Fedora Engineering Steering Committee.

Summary

Libuser is not actively developed. Most of the depending component have build-time option to work without libuser.

Owner


Current status

  • Targeted release: Fedora Linux 39
  • Last updated: 2023-07-13
  • devel thread
  • FESCo issue: #3024
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

The libuser provides library and command line utilities to manipulate user and group information. The purpose of the library is/was to hide the differences between users in LDAP and files in etc (passwd, groups...). The support for LDAP is not complete and there is no plan to extend the functionality.

The LDAP integration in Fedora is nowadays done by SSSD.

In the past, the libuser was used by more component including Fedora installer. Currently the list is short

  • usermode (Requires development, it is not complicated but the dependency is unconditional)
  • util-linux (compile time option)
  • passwd (I suggest to ship passwd utility from shadow-utils instead of passwd and drop passwd package as well)


Feedback

Benefit to Fedora

The main benefit is to decrease the maintenance and packaging work on library that does not bring much value while the functionality is provided by another components.

Scope

  • Proposal owners: Move the package to EPEL, remove dependencies from packages listed bellow. From discussion in Fedora mailing list I see that there are valid cases where libuser is used (puppet for example). Keeping it in EPEL repository will allow people with this requirements use it and it will not be present by default on every installation.


  • Other developers:
    • Update usermode code to make libuser dependency configurable.
    • Update usermode packaging to compile it without libuser
    • Change packaging of util-linux to compile without libuser dependency
    • Change packaging of shadow-utils to provide passwd utility


  • Release engineering: [1]

Libuser is part of base image and must be removed. IMO mass rebuild is not required.


  • Policies and guidelines: Since this is about dropping packages release notes must be updated.
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Community Initiatives: N/A

Upgrade/compatibility impact

People who used libuser to manipulate users in LDAP will have to move to SSSD.

How To Test

0. no special hardware needed 1. remove libuser, passwd, install new shadow-utils, usermod and util-linux 2. try to change password of some user 3. try to modify user using usermod 4. expected results: everything works normally

User Experience

This change should not be visible for users.


Dependencies

  • usermod (code modification, packaging to drop libuser dependency)
  • shadow-utils (packaging to provide passwd utility
  • util-linux (packaging to drop libuser dependency)
  • passwd (drop package)

Contingency Plan

  • Contingency mechanism: Revert the shipped configuration
  • Contingency deadline: final development freeze
  • Blocks release? No

Documentation

There is no extra documentation for this change except release notes.

Release Notes

Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/LibuserDeprecation&oldid=682924"