mirror of
https://github.com/systemd/systemd
synced 2024-07-21 02:05:05 +00:00
update TODO
This commit is contained in:
parent
b33c2757d8
commit
bbe29ca29b
12
TODO
12
TODO
|
@ -79,6 +79,11 @@ Janitorial Clean-ups:
|
||||||
|
|
||||||
Features:
|
Features:
|
||||||
|
|
||||||
|
* journald: generate recognizable log events whenever we shutdown journald
|
||||||
|
cleanly, and when we migrate run → var. This way tools can verify that a
|
||||||
|
previous boot terminated cleanly, because either of these two messages must
|
||||||
|
be safely written to disk, then.
|
||||||
|
|
||||||
* systemd-creds: extend encryption logic to support asymmetric
|
* systemd-creds: extend encryption logic to support asymmetric
|
||||||
encryption/authentication. Idea: add new verb "systemd-creds public-key"
|
encryption/authentication. Idea: add new verb "systemd-creds public-key"
|
||||||
which generates a priv/pub key pair on the TPM2 and stores the priv key
|
which generates a priv/pub key pair on the TPM2 and stores the priv key
|
||||||
|
@ -92,6 +97,9 @@ Features:
|
||||||
the dropped in certs and encrypted with machine pubkey, and pass to machine.
|
the dropped in certs and encrypted with machine pubkey, and pass to machine.
|
||||||
Machine is then able to authenticate you, and confidentiality is guaranteed.
|
Machine is then able to authenticate you, and confidentiality is guaranteed.
|
||||||
|
|
||||||
|
* building on top of the above, the pub/priv key pair generated on the TPM2
|
||||||
|
should probably also one you can use to get a remote attestation quote.
|
||||||
|
|
||||||
* bootctl: add "gc" verb that loads all type #1 .conf files, and then removes
|
* bootctl: add "gc" verb that loads all type #1 .conf files, and then removes
|
||||||
all files from the set of files from the ESP/XBOOTLDR matching the entry
|
all files from the set of files from the ESP/XBOOTLDR matching the entry
|
||||||
token that are not referenced by any. Then, change kernel-install to use only
|
token that are not referenced by any. Then, change kernel-install to use only
|
||||||
|
@ -109,6 +117,10 @@ Features:
|
||||||
|
|
||||||
* run-generator: allow defining additional commands to run via a credential
|
* run-generator: allow defining additional commands to run via a credential
|
||||||
|
|
||||||
|
* resolved: allow defining additional /etc/hosts entries via a credential (it
|
||||||
|
might make sense to then synthesize a new combined /etc/hosts file in /run
|
||||||
|
and bind mount it on /etc/hosts for other clients that want to read it.
|
||||||
|
|
||||||
* define a JSON format for units, separating out unit definitions from unit
|
* define a JSON format for units, separating out unit definitions from unit
|
||||||
runtime state. Then, expose it:
|
runtime state. Then, expose it:
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue