FS#74724 - [whois] include mkpasswd

Attached to Project: Arch Linux
Opened by jd (averageguy) - Friday, 13 May 2022, 09:53 GMT
Last edited by Evangelos Foutras (foutrelis) - Wednesday, 14 September 2022, 16:44 GMT
Task Type Feature Request
Category Packages: Extra
Status Closed
Assigned To Evangelos Foutras (foutrelis)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:

The program `mkpasswd` is not included and can be enabled by invoking `make` with `install-mkpasswd`. Maybe a split package is possible `whois-mkpasswd`.
The program `mkpasswd` provided in the whois package is different to https://man.archlinux.org/man/mkpasswd.1.en.

Maybe there is a good reason why mkpasswd is not includes in the whois package I didn't noticed.

Additional info:
* package version(s)
* config and/or log files etc.
* link to upstream bug report, if any

Steps to reproduce:
This task depends upon
 FS#75880 - [expect] mkpasswd name clash 

Closed by  Evangelos Foutras (foutrelis)
Wednesday, 14 September 2022, 16:44 GMT
Reason for closing:  Implemented
Additional comments about closing:  whois 5.5.13-2
Comment by jd (averageguy) - Friday, 13 May 2022, 10:05 GMT
I forget to mention that I was trying to execute the following command `mkpasswd --rounds=4096 -m sha-512 "MySecret"` and couldn't find the correct `mkpasswd` program.
Comment by Toolybird (Toolybird) - Wednesday, 27 July 2022, 07:21 GMT
Yeah, that man page ref is from the "expect" pkg. One obvious problem is a file conflict. It's a weird situation because whois upstream says:

"Because of historical reasons this package also contains the mkpasswd
program, which can be used to encrypt a password with crypt(3)."

Debian appear to install the expect version as "expect_mkpasswd". Not sure whether PM would be interested in modifying *both* pkgs (whois and expect) but you never know until you ask :)
Comment by Toolybird (Toolybird) - Sunday, 11 September 2022, 23:08 GMT
Dupe  FS#75880 
Comment by Gerd v. Egidy (gvegidy) - Monday, 12 September 2022, 20:37 GMT
Currently this issue is assigned to maintainer of whois (foutrelis). It looks to me like the conflict should be tackled on the expect-side first, by renaming the mkpasswd script from expect to something like "expect_mkpasswd" (like debian) or "mkpasswd-expect" (like Fedora).

So shouldn't this issue better be assigned to the expect maintainer (jelly) first?
Comment by Evangelos Foutras (foutrelis) - Monday, 12 September 2022, 20:59 GMT
Even without the name conflict, I'm not fond of the idea of packaging whois' mkpasswd. I feel it has nothing to do with the main purpose of the upstream repository, which is to provide a utility to query WHOIS servers. As Toolybird noted, the mkpasswd tool is included for "historical reasons".

As far as I can tell, `openssl passwd -6` can be used to generate SHA-512 password hashes (without rounds though). If someone needs the extra functionality from whois's mkpasswd, it can be found in the AUR. Its usefulness isn't substantial enough to warrant packaging it in the context of the whois package.
Comment by Gerd v. Egidy (gvegidy) - Monday, 12 September 2022, 21:28 GMT
I think the mkpasswd from whois has a quite unique feature: Using the whois mkpasswd and manually writing the output to shadow is currently often the only way to use advanced hash algorithms like yescrypt for hashing system passwords, as the pam stack used by passwd hasn't caught up yet.

If you don't want it in the whois package (which I can fully understand, it has nothing to do with whois), wouldn't it make sense to create an additional output package out of the same whois source package?

Edit: Just to clarify, I mean using whois as base package (pkgbase), and create whois and mkpasswd pakages out of it (pkgname=(whois, mkpasswd))
Comment by Evangelos Foutras (foutrelis) - Monday, 12 September 2022, 22:15 GMT
It appears that yescrypt is supported by pam since two years ago. [1]

In any case, I'll poke Jelle to see if we can rename expect's mkpasswd to mkpasswd-expect like Fedora did.

[1] https://github.com/linux-pam/linux-pam/commit/16bd523f85ed
Comment by loqs (loqs) - Monday, 12 September 2022, 23:32 GMT
pam supports yescrypt it is shadow  FS#71393  that does not and pambase  FS#67393  that hardcodes sha512.

Loading...