[Pkg-shadow-devel] plans for shadow in trixie

Chris Hofstaedtler zeha at debian.org
Mon Aug 5 00:45:30 BST 2024 

Hi!

Marc has, in another mail thread, asked what plans there are for
shadow right now. I've tried to summarize what is going on below.
Feedback very much welcome.


I don't really know what is happening upstream, but ISTM Serge,
Alejandro, Iker are actively working on cleaning up the code base.
I understand shadow will keep a lot of things that Debian doesn't
care about, f.e. support of non-PAM systems.

Anyone looking at the code will agree that it needs the clean up :-)

At the same time there is upstream interest in dropping utilities
overlapping with util-linux, see:
    https://github.com/shadow-maint/shadow/issues/999


For Debian
==========


Maintainership
--------------

As you've probably noticed, Balint has stepped down, and I've
stepped in. In case you didn't know, I'm also wearing the Debian
Maintainer: hat for util-linux.

I hope Serge can focus on upstream in the meantime.


Historic patches
----------------

Our packaging carried a lot old stuff of dubious value. Balint and
others have in the past cleaned this up, and I've dropped some more
things. Generally speaking I want to get rid of all our
code-changing patches.

Specifically, I want to drop:
* cppw
* Relaxed user/group name checks. This one in particular exposed us
  to #1076619. To make this feasible, adduser will also need
  changes (#1077804, #1074306, FD).

For the other patches we shall see if we can turn them into
configure options or similar.


lastlog/faillog/utmp
--------------------

wtmpdb and pam_lastlog2 have been packaged and
the lastlog/faillog/utmp support in login were turned off already.

Feel free to test this in sid.

There is probably some fallout like #1075733 where some software is
not fully prepared for a world without /var/log/utmp. 

#1074320 asked about a NEWS item to have admins remove
/var/log/faillog, which we could do. Text suggestions welcome.


login 
-----

login became non-Essential. This immediately regressed mmdebstrap,
which assumes it can call useradd/user* from a host environment
acting on a chroot. Without login installed, login.defs became
unavailable, causing some breakage.
Since shadow 4.16.0-1 /etc/login.defs is split out into the
login.defs package.

#833256 (from a long time ago) asks util-linux to take over login. I
think we are ready to do this. I'll try to stage it in experimental
later today.
If we want to use chsh, etc from util-linux, I'd take advice on
which package should carry these.


tests
-----

Serge worked on getting the testsuite to run in autopkgtest. We
still have a tiny patch to fix some parts up, but that can go away
after a new upstream release.


NIS
---

I have seen various other packages in Debian disabling NIS support.
I am unsure how much support src:shadow actually has, and if
disabling that would be worth anything. Generally I think NIS is on
the way out.


non-shadow password systems
---------------------------

Still supported, any new Debian install starts out as non-shadow.
Once passwd gets installed, it converts the system over. However,
"unconverting" is still possible.
Unclear if "unconverting" should be removed.


I think that's all? Quite a long list anyway.


Chris

More information about the Pkg-shadow-devel mailing list