Bug 2055572 - pam: please split out pam-libs subpackage
Summary: pam: please split out pam-libs subpackage
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: pam
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Björn 'besser82' Esser
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-02-17 09:27 UTC by Zbigniew Jędrzejewski-Szmek
Modified: 2022-02-17 19:59 UTC (History)
3 users (show)

Fixed In Version: pam-1.5.2-11.fc37, pam-1.5.2-11.fc36
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-02-17 19:59:15 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Zbigniew Jędrzejewski-Szmek 2022-02-17 09:27:48 UTC 
Description of problem:
There are many packages which link to libpam, and thus get an automatically generated dependency
which pulls in the pam package. Having the library split out will make it easier to not pull in the full pam stack e.g. in containers and custom installations.

There is also a more subtle benefit for installation ordering: the dependency on pam means that rpm will install pam early in the transaction. But in fact the pam stack will not be used *during* installation, and many packages would be happy with Requires(meta):pam to have it available *after* installation.

Some packages that require pam: util-linux, systemd, systemd-pam, systemd-tests, qemu-img, libcgroup-pam, libpamtest, libpwquality, libreswan, libuser, lxc-libs.

Once the package is split out, we can start replacing Requires:pam with Requires(meta):pam in other packages.
Comment 1 Iker Pedrosa 2022-02-17 14:53:48 UTC 
Can you specify with more details a use case? AFAIK, Fedora is tightly built around libpam and its module so I find it difficult to find a reason to provide them in two different packages.
Comment 2 Zbigniew Jędrzejewski-Szmek 2022-02-17 16:48:35 UTC 
pam has three libraries, libpam which is 70k, and libmap_misc and libpamc which are 20k each, together 110k.
The whole package is ~2000k. In addition, those three libraries depend on a subset of libraries that the whole
package depends on.

Various packages (listed above) link to libmap and libpam_misc, so they require those libraries to be on
disk to be able to launch their executables. To actually use PAM, the other files would need to be installed
too. But in minimal installs like containers or build chroots where no authentication is ever required,
PAM will never be actually used, so we'd be fine with just having the -libs so satisfy linking requirements.
Similarly, during system installation, various libs needs to be provided early in the transaction so that
installation scriptlets can invoke binaries. For all those reasons, it makes sense to split out the libraries
into a separate subpackage, so it is possible to satisfy the linking requirements without having functional
pam.

Or in other words, having a separate pam-libs subpackage will things like util-linux and systemd to be
installed earlier in the dnf transaction, allowing scriptlets for other packages to be executed earlier
and avoid dependency loops like those described in https://bugzilla.redhat.com/show_bug.cgi?id=2018913.
Comment 3 Björn 'besser82' Esser 2022-02-17 19:34:39 UTC 
Please have a look at [1], as that should implement the requested feature.


[1]  https://src.fedoraproject.org/rpms/pam/pull-request/25
Comment 4 Björn 'besser82' Esser 2022-02-17 19:59:15 UTC 
Rawhide:  https://bodhi.fedoraproject.org/updates/FEDORA-2022-55e09f711e
F36:      https://bodhi.fedoraproject.org/updates/FEDORA-2022-a181dc7676
Note You need to log in before you can comment on or make changes to this bug.