* cli: identify shadow-rs as part of uutils in --help and --version
Per #161, every tool now reports `(uutils shadow-rs) <ver>` in its
--version output and links to the project in --help via a shared
shadow_core::cli module.
While auditing the same uu_app() blocks for residual similarity to
GNU shadow-utils man-page phrasing, the medium-confidence findings
from a clean-room similarity check were also rewritten: 118 clap
.help() and .about() strings across all 14 tools now use phrasing
derived from the in-tree behavior of each flag, not from upstream
documentation.
Output strings that scripts grep for (chage -l column headings,
pwck/grpck diagnostic lines) were left intentionally untouched, since
drop-in compatibility is part of the project's contract.
- shadow-core: new cli module with VERSION and AFTER_HELP constants
- 14 tools: wire .version() and .after_help() in every uu_app()
- 14 tools: rewrite 118 flag-help and .about() strings
- shadow-rs multicall: handle --help/--version/-h/-V with project ID
- fmt + clippy + tests pass on debian, alpine, fedora (574 passed, 0 failed)
Closes#161
* docs: record clean-room audit results (2026-05-04)
Adds an evidence document for the clean-room similarity audit that
prompted the flag-help rewrite in the previous commit. Headline:
0 verbatim matches in 486 user-facing strings.
The audit protocol is reproducible and described in the doc, including
the schema-constrained output and post-run command-log scan that ensure
no upstream string crosses back into the workspace.
* cli: correct help/version text flagged in review
- multicall --version/--help now use the shared (uutils shadow-rs)
identifier instead of (uutils), matching the tool crates; clarify the
symlink invocation line in the help banner.
- --root help for the SysRoot tools (userdel, useradd, usermod, groupadd,
groupdel, groupmod, pwck, grpck) no longer claims a chroot(2): these
only resolve system files under a path prefix. Reword to match, and
rename the metavar CHROOT_DIR -> ROOT_DIR.
- userdel --force: documented as accepted-for-compatibility (no effect)
rather than promising behavior the code does not implement.
- groupadd -K: scope the help to the GID-range keys actually honored.
- passwd --repository: note only the local files backend is supported.
- passwd --stdin: reads password input generally (auth may consume the
current password too), not just the new password.
- chpasswd -m: state that MD5 is rejected, not supported.
- usermod --append: restore the note that -a is only effective with -G.
- clean-room audit doc: cite CONTRIBUTING.md (the in-tree policy) instead
of the gitignored CLAUDE.md.
- README: fix passwd flag count (17→16), add Landlock mention, add
Hardened goal, update usermod description with -p, fix past tense
- CONTRIBUTING: fix unsafe description to match actual workspace policy
- CHANGELOG: add [Unreleased] section for post-v0.1.0 changes
- OPENBSD-REFERENCE: move all implemented items to correct section
- SECURITY-HARDENING: mark all 21 items as implemented
- man/usermod: add -p/--password flag documentation