Mail archive

Re: [alpine-devel] Alpine features and the future

From: Jakub Jirutka <>
Date: Tue, 05 Dec 2017 03:41:10 +0100

> The amount of things that are broken by not having `useradd` is

Maybe on Adélie, I've never encountered any issue on Alpine from not having useradd...

> Alpine build scripts
still think `adduser` and `addgroup` are the way to go.

Hm, we really should add a declarative way for creating users/groups in abuilds. Not (just) because of Adélie, the current approach has more problems.

> I could also write wrappers the other way around...

I was thinking about this several times, but always something more important appeared. I also don't like some behaviour of adduser.

> BTW, is there a reason Alpine doesn't ship shadow as a base dep?

Alpine's philosophy is small, simple and secure. shadow is not very small and it depends on PAM which is everything but small and simple. Moreover, it's mostly not really needed and useful. I surely don't wanna this in *base* system.


(I'm sending this mail from mobile, so please forgive me typos etc.)

On 5 December 2017 00:45:33 CET, "A. Wilcox" <> wrote:
>Hash: SHA256
>On 04/12/17 17:00, Shiz wrote:
>>> On 4 Dec 2017, at 21:30, Drew DeVault <>
>>> wrote: I would also recommend just porting shadow over using
>>> busybox user management tooling. I think `useradd` et al has a
>>> more Unix design than `adduser` et al. Thankfully the shadow
>>> codebase hasn't yet been corrupted beyond saving by the broader
>>> Linux ecosystem's influence.
>> Definitely agree with this. I am also of the opinion that `useradd`
>> and friends seem more commonly used, and it’s a shame to have to
>> recommend using the shadow package for everyone that wants to
>> either use it themselves or have tooling using it.
>The amount of things that are broken by not having `useradd` is
>insane. We ship shadow in base in Adélie anyway, so this isn't too
>big of an issue, but what is an issue is that Alpine build scripts
>still think `adduser` and `addgroup` are the way to go. Our builders
>don't have busybox so I had to write clumsy shell shims to 'translate'
>I can send them to the list if anyone would be interested; normally I
>would put a link, but our Git server ENOSPC'd and I'm still trying to
>clean up the pieces before bringing the web interface back online.
>I could also write wrappers the other way around if Alpine is really
>tied to using `adduser` and `addgroup` so that build scripts can use
>`useradd` and `groupadd` without a dependency on shadow.
>BTW, is there a reason Alpine doesn't ship shadow as a base dep? Does
>Alpine really recommend use of tcb, or is it some other system? I've
>never been able to figure this out and in fact this is why I gave up
>trying to deploy Alpine at my last employer. We used LDAP and I
>couldn't for the life of me make Alpine login(1) use it.
>> s6 with a porcelain layer still seems very interesting
>- --arw
>- --
>A. Wilcox (awilfox)
>Project Lead, Adélie Linux
>Version: GnuPG v2

Received on Tue Dec 05 2017 - 03:41:10 UTC