[Package Request] - Need support for below packages

[manojsihag]

(Edited by @stewartsmith to point to where each is being tracked, and again 2024-09-26)

---

Trying to migrate from AL2 to AL2023. Could not find AL2023 compatible rpm for below packages.

1. haveged
2. lshell - See https://github.com/amazonlinux/amazon-linux-2023/issues/744#issuecomment-2246628826
3. monit - See https://github.com/amazonlinux/amazon-linux-2023/issues/124
4. python3-redis
5. python3-psutil - available
6. python-plumbum
7. PyYAML - python3-pyyaml available
8. tmpwatch.

Some of these packages are available in epel which is not supported by AL2023. Could you please provide support for these packages and suggest a way forward regarding these.

[danie-dejager]

• haveged is no longer needed in kernel 5.15+ as improvements have been made in how entropy is gathered and managed, making haveged less necessary. Use rngd instead.
• lshell is unmaintained. What access do you want to limit with it? Will sudo or ssh not suffice? Restricting access to programs is very hard to do right, I'd rather not use unmaintained software for the purpose.
• monit builds from Fedora source in COPR without any missing dependencies. It is very old though. Probably better to configure systemd to do some of the work instead.
• python3-redis is missing and would need to be built to cater for the different name for redis used in al2023.
• python3-psutil 5.8.0 is part of al2023.
• PyYAML can easily be built from Fedora source in COPR without any missing dependencies.
• tmpwatch is still in use but have you looked at systemd-tmpfiles as a modern replacement?

[stewartsmith]

monit is tracked in https://github.com/amazonlinux/amazon-linux-2023/issues/124

[stewartsmith]

The lshell package has never been shipped as part of Amazon Linux. It was available in EPEL6. The Fedora packaging repository for lshell covers why it was not packaged in EPEL7 or Fedora 30. It was also removed from Debian.

The upstream lshell project is no longer being actively maintained and contains known unpatched Critical CVEs: CVE-2016-6902 and CVE-2016-6903.

The alternative suggested in the Debian bug, rssh is also unmaintained upstream, with the author citing unfixable security issues as the reason.

For these reasons, adding lshell to AL2023 is not planned.

[stewartsmith]

python3-pyyaml is certainly present and can be used, I think it's been there since the start? Not sure, but a long time.

[stewartsmith]

python3-psutil is also present.

[stewartsmith]

The documentation now covers that havegd is no longer needed on AL2023.

[stewartsmith]

We have also added documentation regarding lshell (and rssh) and the outstanding security issues which are the reason they will not be added to Amazon Linux.

[stewartsmith]

There is also now documentation regarding systemd replacing the functionality provided by monit.

[stewartsmith]

The documentation now covers that in AL2023, systemd-tmpfiles provides the functionality of tmpwatch.

[stewartsmith]

This seems to leave two package requests left:

1. python-plumbum was not shipped in Amazon Linux 1 or 2, but is part of the third party epel repository.
2. python3-redis was also not shipped in Amazon Linux 1 or 2, but was part of the third party epel repository.

I'm going to split these out into two separate issues rather than keeping them in one.

python3-redis can be tracked in https://github.com/amazonlinux/amazon-linux-2023/issues/835 and python-plumbum can be tracked in https://github.com/amazonlinux/amazon-linux-2023/issues/836

I'm going to resolve this issue in favor of those now that we have covered the other packages.