fedora-toolbox image doesn't have cracklib-dicts #1351
Comments
The message required entropy too low is misleading. The actual problem is the absence of the CrackLib dictionaries (on Fedora that's the Now the question is, why are the CrackLib dictionaries missing? We could also try to improve the error handling in libpwquality. |
If the CrackLib dictionaries were missing, pwmake(1) would complain that
the entropy is too low:
$ pwmake 64
/usr/share/cracklib/pw_dict.pwd.gz: No such file or directory
/usr/share/cracklib/pw_dict.pwd.gz: No such file or directory
/usr/share/cracklib/pw_dict.pwd.gz: No such file or directory
Error: Password generation failed - required entropy too low for
settings
... and confuse users [1].
This changes it to report something closer to the truth:
$ pwmake 64
/usr/share/cracklib/pw_dict.pwd.gz: No such file or directory
/usr/share/cracklib/pw_dict.pwd.gz: No such file or directory
/usr/share/cracklib/pw_dict.pwd.gz: No such file or directory
Error: The password fails the dictionary check
... so that users can help themselves by installing the CrackLib
dictionaries.
[1] containers/toolbox#1351
|
Here's a pull request to improve the error handling in libpwquality: |
|
Renaming the issue to highlight the problem closer to Toolbx's sphere of influence. ie., the |
debarshiray
changed the title
If the CrackLib dictionaries were missing, pwmake(1) would complain that
the entropy is too low:
$ pwmake 64
/usr/share/cracklib/pw_dict.pwd.gz: No such file or directory
/usr/share/cracklib/pw_dict.pwd.gz: No such file or directory
/usr/share/cracklib/pw_dict.pwd.gz: No such file or directory
Error: Password generation failed - required entropy too low for
settings
... and confuse users [1].
This changes it to report something closer to the truth:
$ pwmake 64
/usr/share/cracklib/pw_dict.pwd.gz: No such file or directory
/usr/share/cracklib/pw_dict.pwd.gz: No such file or directory
/usr/share/cracklib/pw_dict.pwd.gz: No such file or directory
Error: The password fails the dictionary check
... so that users can help themselves by installing the CrackLib
dictionaries.
[1] containers/toolbox#1351
Currently, the libpwquality package mentions cracklib-dicts as a weak
dependency [1,2]. However, the libpwquality package is part of the
fedora base image, which doesn't include weak dependencies [3], and that
leads to cracklib-dicts going missing.
The absence of the cracklib-dicts package causes various operations that
go through libpwquality (eg., pwmake(1)) to fail [1], and sometimes in
confusing ways [4].
[1] Fedora libpwquality commit f84a5e3ba6c166e5
https://src.fedoraproject.org/rpms/libpwquality/c/f84a5e3ba6c166e5
https://bugzilla.redhat.com/show_bug.cgi?id=2158891
[2] Fedora libpwquality commit 303154338d6d3650
https://src.fedoraproject.org/rpms/libpwquality/c/303154338d6d3650
https://bugzilla.redhat.com/show_bug.cgi?id=2006063
[3] fedora-kickstarts commit 1c39c0adb0d44866
https://pagure.io/fedora-kickstarts/c/1c39c0adb0d44866
https://pagure.io/fedora-kickstarts/pull-request/551
https://pagure.io/releng/issue/8530
[4] libpwquality/libpwquality#85
containers#1351
Otherwise the image fails to build with: $ podman build images/fedora/f38 ... Packages with missing files: libcomps ... containers#1351
|
Turns out that the |
|
Thanks for your feedback! |
Describe the bug
A clear and concise description of what the bug is. If possible, re-run the command(s) with
--log-level debugand put the output here.Steps how to reproduce the behaviour
Expected behaviour
Output of
toolbox --version(v0.0.90+)toolbox version 0.0.99.4Toolbox package info (
rpm -q toolbox)toolbox-0.0.99.4-1.fc38.x86_64Output of
podman versionPodman package info (
rpm -q podman)podman-4.6.0-1.fc38.x86_64Info about your OS
Fedora Silverblue 38
The text was updated successfully, but these errors were encountered: