Hi Andreas, 2017-01-06 19:49 GMT+01:00 Andreas Henriksson <andr...@fatal.se>: > Hello Balint Reczey, > > On Fri, Jan 06, 2017 at 06:29:21PM +0100, Balint Reczey wrote: >> >> Hi, >> >> On Tue, 2 Aug 2016 11:45:40 +0200 Andreas Henriksson <andr...@fatal.se> >> wrote: >> > On Tue, Aug 02, 2016 at 11:01:56AM +0200, Laurent Bigonville wrote: >> > > Hi, >> > > >> > > ATM, on debian, login, su, ... are provided by the shadow package. >> > >> > Currently we use the --disable-login --disable-nologin and >> > --disable-su configure flags when building util-linux in Debian >> > because these are provided by the "login" package. >> > >> > We also use --disable-chfn-chsh as that's provided by the "passwd" >> > package. >> > >> > Both "login" and "passwd" are built from src:shadow. > [...] >> I have just stepped up as a new shadow maintainer and I would support >> the switch to the more widely used variants. > > Awesome both that you're stepping up a a new maintainer and that you're > interested in discussing this topic. I have to confess that I'm quite > ignorant about login tools. Please educate me. ;)
I have just started maintaining shadow and I still have to get familiar with it thus I can't provide much education. :-) I just wanted to assure you about cooperation on my side. > > If you do support moving to util-linux tools, then are you looking to > get rid of src:shadow completely as a long-term plan or how do you view > what role it'll play in the future? It is too early for me to sketch up long-term plans but when we reach the point where nothing useful can be provided by the shadow package it can go. > > Just yesterday I discussed about various bit being part of a debootstrap > --variant=minbase in Debian (smallest possible debootstrappable system) > and login came up as something questionable for the smallest possible > system (think init-less container). > The explanation that was mentioned was that login package shipped 'su'. > > Maybe we should split up this discussion in multiple tiers, where tier1 > could be just about u-l taking over su and allowing login package to > become non-essential and priority important? I would prefer u-l taking over all affected commands in one shot because this is easier to follow. > The tier2 discussion could be about other login package utils like > login, nologin, newgrp. Note that u-l does not provide replacement tools > for faillog, lastlog, sg. How do we handle these? Are they still > relevant? A quick test on a sid system showed that lastlog still works while faillog does not thus I need to check those commands one by one. Probably all of the commands work with sysv thus my first hunch is that they will still be provided by shadow. > The tier3 discussion might be about some passwd tools, for example these > are also provided by u-l: chfn, chsh. (Note: there are many other tools > in src:shadow passwd package that are not part of u-l.) > Maybe after that we could consider if Priority: required is the correct > one for passwd package (required means it's part of --variant=minbase > where I think it's questionable if it's always needed. Also libuuid1 > currently depending on passwd will need to be revisited. We should > be able to drop the old migration code from libuuid1 maintainer > scripts and drop the dependency.) I need more time to dive into these questions and comments are welcome. > > What do you think about the specific tools and packages? > Which ones specifically would you like to see provided by > util-linux instead (or if others which one?) and why? I need to get more familiar with the shadow codebase (and with u-l) to answer those questions. > > > (Goes without saying, but ofcourse any of these plans are > at this point targeted for Buster development cycle.) Sure. My short time plan is going through the shadow bugs to see what needs to be fixed for Jessie. After I'm done with them I will be in a much better position for answering the remaining questions. Cheers, Balint > > > [...] >> Maybe discussing the bigger picture on >> pkg-auth-maintain...@lists.alioth.debian.org would help the planning. > > Sure, added to CC for now. Lets drop the bug report if we drift > too far off-topic for it. > >> >> > >> > Also someone needs to make sure the different implementation of the >> > tools are actually 100% compatible or what migrations we need to handle >> > on package upgrades. >> > >> > Please note that while "login" is Essential: yes, the "passwd" package >> > is not. Things to keep in mind when expanding util-linux is that >> > all tools then become Essential: yes which I think is unfortunate as >> > we should strive to keep the essential set as small as possible. >> >> Rebootstrapping [1] already covers util-linux thus I think building >> login from util-linux would not cause big problems. >> >> Cheers, >> Balint >> >> [1] https://anonscm.debian.org/cgit/users/helmutg/rebootstrap.git/ > > Regards, > Andreas Henriksson
