Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#61920 - [shadow] unwanted dependency on audit
Attached to Project:
Arch Linux
Opened by Olivier Brunel (jjacky) - Tuesday, 05 March 2019, 16:08 GMT
Last edited by Levente Polyak (anthraxx) - Wednesday, 03 April 2019, 20:38 GMT
Opened by Olivier Brunel (jjacky) - Tuesday, 05 March 2019, 16:08 GMT
Last edited by Levente Polyak (anthraxx) - Wednesday, 03 April 2019, 20:38 GMT
|
DetailsDescription: Since shadow-4.6-2 it comes with an unwanted dependency on audit
|
This task depends upon
Closed by Levente Polyak (anthraxx)
Wednesday, 03 April 2019, 20:38 GMT
Reason for closing: Not a bug
Additional comments about closing: marked as explicit dependency in 4.6-3
Wednesday, 03 April 2019, 20:38 GMT
Reason for closing: Not a bug
Additional comments about closing: marked as explicit dependency in 4.6-3
shadow should have audit support for audit-logs of system administration relevant changes, which all shadow utils very explicitly are.
Fact is, shadow did not have a dependency on audit up to 4.6-1 and everything was fine (nor was audit support requested). Now during the 4.6-2 rebuild such a dependency was added; I may be wrong but it seems to me this wasn't done on purpose (though forgetting to explicitly add audit to depends) but may have been unwanted (and simply due to audit being present during build process). I guess this might be due to systemd being in base-devel and now depending on audit... which might indeed lead to audit being added as dependency on shadow (or audit support could be disabled)
It is a very small dependency and by having systemd installed one has it installed anyway.
However the main reason is that it adds very useful functionality in terms of security to provide kernel audit log entries for a very elemental part of the system.