Description of problem: In Fedora 25, libpwquality does not depend any more on cracklib-dicts. That package is not installed in a minimal environment such as mock or mkosi, and "rpm -e cracklib-dicts" even works in a reasonably fat install. Version-Release number of selected component (if applicable): 1.3.0-6.fc25.x86_64 How reproducible: On Fedora 25: $ mock --init $ mock --shell 'echo foobar123 | pwscore' [...] /usr/share/cracklib/pw_dict.pwd.gz: No such file or directory Password quality check failed: The password fails the dictionary check - error loading dictionary Actual results: pwscore fails on Fedora 25 without cracklib-dicts. This e. g. breaks cockpit when trying to create a new user, without /usr/share/cracklib/pw_dict.pwd.gz the user creation never succeeds (see https://github.com/cockpit-project/cockpit/issues/5684). This is not an issue in RHEL/centos 7: there cracklib-dicts is a dependency of libpwquality. Expected results: If the removal of the cracklib-dicts dependency of libpwquality was deliberate, then pwscore should gracefully fall back, i. e. just skip the dictionary check. Otherwise the dependency should be put back.
No, the dependency is a weak one via Recommends so dnf will normally install it but you should be able to uninstall it if you do not need the dictionary check. And you can configure libpwquality to skip the dictionary check via setting dictcheck = 0 in /etc/security/pwquality.conf but we do not want that to be default.
A weak dependency is fine, but then it shouldn't fail hard if it isn't installed, but gracefully fall back. Or something should pull it into mock/mkosi and similarly small environments as well..
Gracefully falling back would mean that incorrectly or inadvertently missing dictionary would get undetected. I do not want that.