From 63a185dc728a1cfe6a08b6726345bbbaa3179143 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Thu, 17 Mar 2022 16:24:23 +0100 Subject: [PATCH] update TODO --- TODO | 44 +++++++++++++++----------------------------- 1 file changed, 15 insertions(+), 29 deletions(-) diff --git a/TODO b/TODO index 53542cad8f..cdca521ad2 100644 --- a/TODO +++ b/TODO @@ -78,6 +78,17 @@ Janitorial Clean-ups: Features: +* journalctl/timesyncd: whenever timesyncd acquires a synchronization from NTP, + create a structured log entry that contains boot ID, monotonic clock and + realtime clock (I mean, this requires no special work, as these three fields + are implicit). Then in journalctl when attempting to display the realtime + timestamp of a log entry, first search for the closest later log entry + of this kinda that has a matching boot id, and convert the monotonic clock + timestamp of the entry to the realtime clock using this info. This way we can + retroactively correct the wallclock timestamps, in particular for systems + without RTC, i.e. where initially wallclock timestamps carry rubbish, until + an NTP sync is acquired. + * kernel-install: - add --all switch for rerunning kernel-install for all installed kernels - maybe add env var that shortcuts kernel-install for installers that want to @@ -89,8 +100,6 @@ Features: * doc: prep a document explaining PID 1's internal logic, i.e. transactions, jobs, units -* userbdctl: show user types via colors, also display UID range info in some way - * bootspec: remove tries counter from boot entry ids * bootspec: bring UEFI and userspace enumeration of bootspec entries back into @@ -235,10 +244,7 @@ Features: * rework recursive read-only remount to use new mount API -* PAM: pick auf one authentication token from credentials - -* tpm2: figure out if we need to do anything for TPM2 parameter encryption? And - if so, what precisely? +* PAM: pick up authentication token from credentials * when mounting disk images: if IMAGE_ID/IMAGE_VERSION is set in os-release data in the image, make sure the image filename actually matches this, so @@ -292,9 +298,6 @@ Features: * importd: support image signature verification with PKCS#7 + OpenBSD signify logic, as alternative to crummy gpg -* sysext: optionally, if the merged trees allow it use bind mounts instead of - overlayfs - * add "systemd-analyze debug" + AttachDebugger= in unit files: The former specifies a command to execute; the latter specifies that an already running "systemd-analyze debug" instance shall be contacted and execution paused @@ -326,10 +329,6 @@ Features: * add tpm.target or so which is delayed until TPM2 device showed up in case firmware indicates there is one. -* tpm2: support a PIN policy, i.e. allowing windows-style short authentication - passwords by using the TPM2 to enforce ratelimiting and such, use for - cryptsetup and homed - * Add concept for upgrading TPM2 enrollments, maybe a new switch --pcrs=4: or so, i.e. select a PCR to include in the hash, and then override its hash @@ -434,8 +433,6 @@ Features: * seccomp: don't install filters for ABIs that are masked anyway for the specific service -* seccomp: maybe merge all filters we install into one with that libseccomp API that allows merging. - * busctl: maybe expose a verb "ping" for pinging a dbus service to see if it exists and responds. @@ -615,9 +612,7 @@ Features: selected user is resolvable in the service even if it ships its own /etc/passwd) * Fix DECIMAL_STR_MAX or DECIMAL_STR_WIDTH. One includes a trailing NUL, the - other doesn't. What a disaster. Probably to exclude it. Also - DECIMAL_STR_WIDTH should probably add an extra "-" into account for negative - numbers. + other doesn't. What a disaster. Probably to exclude it. * Check that users of inotify's IN_DELETE_SELF flag are using it properly, as usually IN_ATTRIB is the right way to watch deleted files, as the former only @@ -717,7 +712,7 @@ Features: * beef up pam_systemd to take unit file settings such as cgroups properties as parameters -* maybe hook of xfs/ext4 quotactl() with services? i.e. automatically manage +* maybe hook up xfs/ext4 quotactl() with services? i.e. automatically manage the quota of the user indicated in User= via unit file settings, like the other resource management concepts. Would mix nicely with DynamicUser=1. Or alternatively, do this with projids, so that we can also cover services @@ -740,10 +735,6 @@ Features: ReadWritePaths=:/var/lib/foobar -* hostnamed: populate form factor data from a new hwdb database, so that old - yogas can be recognized as "convertible" too, even if they predate the DMI - "convertible" form factor - * Add ExecMonitor= setting. May be used multiple times. Forks off a process in the service cgroup, which is supposed to monitor the service, and when it exits the service is considered failed by its monitor. @@ -818,8 +809,6 @@ Features: * when we detect that there are waiting jobs but no running jobs, do something -* push CPUAffinity= also into the "cpuset" cgroup controller - * PID 1 should send out sd_notify("WATCHDOG=1") messages (for usage in the --user mode, and when run via nspawn) * there's probably something wrong with having user mounts below /sys, @@ -1011,8 +1000,7 @@ Features: - add verification of [Install] section to systemd-analyze verify * timer units: - - timer units should get the ability to trigger when: - o DST changes + - timer units should get the ability to trigger when DST changes - Modulate timer frequency based on battery state * add libsystemd-password or so to query passwords during boot using the password agent logic @@ -1023,8 +1011,6 @@ Features: * make repeated alt-ctrl-del presses printing a dump -* hostnamed: before returning information from /etc/machine-info.conf check the modification data and reread. Similar for localed, ... - * currently x-systemd.timeout is lost in the initrd, since crypttab is copied into dracut, but fstab is not * add a pam module that passes the hdd passphrase into the PAM stack and then expires it, for usage by gdm auto-login.