system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-10-06 16:21:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

update TODO

Browse source
This commit is contained in:
Lennart Poettering 2021-08-28 07:15:12 +02:00
parent 6e5485617e
commit 9c53de8bc5
1 changed files with 32 additions and 42 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

74
TODO
View file

@ -83,6 +83,8 @@ Janitorial Clean-ups:
Features: Features:
* PAM: pick auf one authentication token from credentials
* tpm2: figure out if we need to do anything for TPM2 parameter encryption? And * tpm2: figure out if we need to do anything for TPM2 parameter encryption? And
if so, what precisely? if so, what precisely?
@ -92,8 +94,6 @@ Features:
data in the image, make sure the image filename actually matches this, so data in the image, make sure the image filename actually matches this, so
that images cannot be misused. that images cannot be misused.
* use credentials logic/TPM2 logic to store homed signing key
* New udev block device symlink names: * New udev block device symlink names:
/dev/disk/by-parttypelabel/<pttype>/<ptlabel>. Use case: if pt label is used /dev/disk/by-parttypelabel/<pttype>/<ptlabel>. Use case: if pt label is used
as partition image version string, this is a safe way to reference a specific as partition image version string, this is a safe way to reference a specific
@ -1199,46 +1199,36 @@ Features:
- when homed is in use, maybe start the user session manager in a mount namespace with MS_SLAVE, - when homed is in use, maybe start the user session manager in a mount namespace with MS_SLAVE,
so that mounts propagate down but not up - eg, user A setting up a backup volume so that mounts propagate down but not up - eg, user A setting up a backup volume
doesn't mean user B sees it doesn't mean user B sees it
- use credentials logic/TPM2 logic to store homed signing key
* homed: during login resize fs automatically towards size goal. Specifically, - during login resize fs automatically towards size goal. Specifically,
resize to diskSize if possible, but leave a certain amount (configured by a resize to diskSize if possible, but leave a certain amount (configured by a
new value diskLeaveFreeSize) of space free on the backing fs. new value diskLeaveFreeSize) of space free on the backing fs.
- permit multiple user record signing keys to be used locally, and pick
* homed: permit multiple user record signing keys to be used locally, and pick the right one for signing records automatically depending on a pre-existing
the right one for signing records automatically depending on a pre-existing signature
signature - add a way to "adopt" a home directory, i.e. strip foreign signatures
and insert a local signature instead.
* homed: add a way to "adopt" a home directory, i.e. strip foreign signatures - as an extension to the directory+subvolume backend: if located on
and insert a local signature instead. especially marked fs, then sync down password into LUKS header of that fs,
and always verify passwords against it too. Bootstrapping is a problem
* homed: as an extension to the directory+subvolume backend: if located on though: if no one is logged in (or no other user even exists yet), how do you
especially marked fs, then sync down password into LUKS header of that fs, unlock the volume in order to create the first user and add the first pw.
and always verify passwords against it too. Bootstrapping is a problem - support new FS_IOC_ADD_ENCRYPTION_KEY ioctl for setting up fscrypt
though: if no one is logged in (or no other user even exists yet), how do you - maybe pre-create ~/.cache as subvol so that it can have separate quota
unlock the volume in order to create the first user and add the first pw. easily?
- if kernel 5.12 uid mapping mounts exist, use that instead of recursive
* homed: support new FS_IOC_ADD_ENCRYPTION_KEY ioctl for setting up fscrypt chowns.
- add a switch to homectl (maybe called --first-boot) where it will check if
* homed: maybe pre-create ~/.cache as subvol so that it can have separate quota any non-system users exist, and if not prompts interactively for basic user
easily? info, mimicking systemd-firstboot. Then, place this in a service that runs
after systemd-homed, but before gdm and friends, as a simple, barebones
* homed: if kernel 5.12 uid mapping mounts exist, use that instead of recursive fallback logic to get a regular user created on uninitialized systems.
chowns. - store PKCS#11 + FIDO2 token info in LUKS2 header, compatible with
systemd-cryptsetup, so that it can unlock homed volumes
* add a switch to homectl (maybe called --first-boot) where it will check if - try to unmount in regular intervals when home dir was busy when we
any non-system users exist, and if not prompts interactively for basic user tried because idle.
info, mimicking systemd-firstboot. Then, place this in a service that runs - keep an fd to the homedir open at all times, to keep the fs pinned
after systemd-homed, but before gdm and friends, as a simple, barebones (autofs and such) while user is logged in.
fallback logic to get a regular user created on uninitialized systems.
* homed: store PKCS#11 + FIDO2 token info in LUKS2 header, compatible with
systemd-cryptsetup, so that it can unlock homed volumes
* homed: try to unmount in regular intervals when home dir was busy when we
tried because idle.
* homed: keep an fd to the homedir open at all times, to keep the fs pinned
(autofs and such) while user is logged in.
* add a new switch --auto-definitions=yes/no or so to systemd-repart. If * add a new switch --auto-definitions=yes/no or so to systemd-repart. If
specified, synthesize a definition automatically if we can: enlarge last specified, synthesize a definition automatically if we can: enlarge last