1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 23:21:22 +03:00
Commit Graph

1949 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
bc8ec170d2 Drop FOREACH_WORD_QUOTED 2016-11-05 18:54:27 -04:00
Lennart Poettering
add005357d core: add new RestrictNamespaces= unit file setting
This new setting permits restricting whether namespaces may be created and
managed by processes started by a unit. It installs a seccomp filter blocking
certain invocations of unshare(), clone() and setns().

RestrictNamespaces=no is the default, and does not restrict namespaces in any
way. RestrictNamespaces=yes takes away the ability to create or manage any kind
of namspace. "RestrictNamespaces=mnt ipc" restricts the creation of namespaces
so that only mount and IPC namespaces may be created/managed, but no other
kind of namespaces.

This setting should be improve security quite a bit as in particular user
namespacing was a major source of CVEs in the kernel in the past, and is
accessible to unprivileged processes. With this setting the entire attack
surface may be removed for system services that do not make use of namespaces.
2016-11-04 07:40:13 -06:00
Lennart Poettering
67234d218b update TODO 2016-11-02 08:49:59 -06:00
Lennart Poettering
b5bdbcd5ba update TODO 2016-10-20 14:22:43 -04:00
Lennart Poettering
da597d2b52 update TODO 2016-10-12 20:33:33 +02:00
Zbigniew Jędrzejewski-Szmek
b744e8937c Merge pull request #4067 from poettering/invocation-id
Add an "invocation ID" concept to the service manager
2016-10-11 13:40:50 -04:00
Lennart Poettering
642d6665f4 update TODO 2016-10-10 19:56:45 +02:00
Lennart Poettering
a46eac1bbd update TODO 2016-10-07 20:32:23 +02:00
Lennart Poettering
d21494ea25 update TODO 2016-10-06 17:27:23 +02:00
Zbigniew Jędrzejewski-Szmek
4a77c53d64 NEWS: add another batch of entries 2016-10-03 07:36:59 -04:00
Zbigniew Jędrzejewski-Szmek
dd5e7000cb core: complain if Before= dep on .device is declared
[Unit]
Before=foobar.device

[Service]
ExecStart=/bin/true
Type=oneshot

$ systemd-analyze verify before-device.service
before-device.service: Dependency Before=foobar.device ignored (.device units cannot be delayed)
2016-10-01 22:53:17 +02:00
Zbigniew Jędrzejewski-Szmek
73a99163a7 coredump,catalog: give better notice when a core file is truncated
coredump had code to check if copy_bytes() hit the max_bytes limit,
and refuse further processing in that case.
But in 84ee096044, the return convention for copy_bytes() was changed
from -EFBIG to 1 for the case when the limit is hit, so the condition
check in coredump couldn't ever trigger.
But it seems that *do* want to process such truncated cores [1].
So change the code to detect truncation properly, but instead of
returning an error, give a nice log entry.

[1] https://github.com/systemd/systemd/issues/3883#issuecomment-239106337

Should fix (or at least alleviate) #3883.
2016-09-28 23:50:29 +02:00
Lennart Poettering
0439746492 Update TODO 2016-09-25 10:52:57 +02:00
Susant Sahani
1bc7460bf2 TODO: update networkd TODO 2016-09-15 10:18:22 +05:30
Zbigniew Jędrzejewski-Szmek
e031c227cb TODO: remove duplicated item 2016-09-13 20:10:57 -04:00
Zbigniew Jędrzejewski-Szmek
481a2b02a3 Always use unicode ellipsis when ellipsizing
We were already unconditionally using the unicode character when the
input string was not pure ASCII, leading to different behaviour in
depending on the input string.

systemd[1]: Starting printit.service.
python3[19962]: foooooooooooooooooooooooooooooooooooo…oooo
python3[19964]: fooąęoooooooooooooooooooooooooooooooo…oooo
python3[19966]: fooąęoooooooooooooooooooooooooooooooo…ąęąę
python3[19968]: fooąęoooooooooooooooooąęąęąęąęąęąęąęą…ąęąę
systemd[1]: Started printit.service.
2016-09-13 20:10:57 -04:00
Zbigniew Jędrzejewski-Szmek
432b5c8a4d TODO: remove strerror entry
I believe the remaining call sites are legitimate uses which cannot be
easily replaced with %m.
2016-09-13 20:10:57 -04:00
Seraphime Kirkovski
07b0b339d6 machinectl: split OS field in two; print ip addresses (#4058)
This splits the OS field in two : one for the distribution name
and one for the the version id.
Dashes are written for missing fields.
This also prints ip addresses of known machines. The `--max-addresses`
option specifies how much ip addresses we want to see. The default is 1.
When more than one address is written for a machine, a `,` follows it.
If there are more ips than `--max-addresses`, `...` follows the last
address.
2016-08-31 20:06:57 +02:00
Lennart Poettering
2c5f295823 update TODO 2016-08-22 17:31:41 +02:00
Zbigniew Jędrzejewski-Szmek
d87a2ef782 Merge pull request #3884 from poettering/private-users 2016-08-06 17:04:45 -04:00
Lennart Poettering
d47f681b28 update TODO 2016-08-04 23:08:05 +02:00
Lennart Poettering
8ce9b83a8f update TODO 2016-08-03 20:43:50 +02:00
Lennart Poettering
d82047bef5 update TODO 2016-07-22 15:53:45 +02:00
Lennart Poettering
36376e0b71 update TODO 2016-07-21 11:09:24 +02:00
Torstein Husebø
61233823aa treewide: fix typos and remove accidental repetition of words 2016-07-11 16:18:43 +02:00
Douglas Christman
32b5236916 calendarspec: allow ranges in date and time specifications
Resolves #3042
2016-07-01 23:13:58 -04:00
Lennart Poettering
563a69f480 update TODO 2016-07-01 18:39:26 -07:00
Lennart Poettering
3efb871a3c update 2016-06-24 11:45:06 +02:00
Doug Christman
39c38ce17c systemctl: Create new unit files with "edit --force" (#3584) 2016-06-24 08:00:35 +02:00
Lennart Poettering
79e21f7a71 update TODO 2016-06-16 16:48:16 +02:00
Lennart Poettering
0e2e03c67a update TODO 2016-06-14 20:01:45 +02:00
Lennart Poettering
0e3f29f03f update TODO 2016-06-13 16:25:54 +02:00
Lennart Poettering
7a79d1ec08 update TODO 2016-06-10 20:13:29 +02:00
Lennart Poettering
f8afc2a9ba update TODO 2016-06-10 18:21:11 +02:00
Lennart Poettering
ac83514cbf update TODO 2016-05-30 19:36:25 +02:00
Lennart Poettering
42d61dedcf update TODO 2016-05-12 20:14:46 +02:00
Lennart Poettering
54ff1d6913 update TODO 2016-05-09 15:45:31 +02:00
Lennart Poettering
e40a326cef NEWS: bring NEWS a bit up-to-date 2016-05-06 16:55:44 +02:00
Zbigniew Jędrzejewski-Szmek
b920500ef1 Merge pull request #3190 from poettering/logind-fixes 2016-05-05 20:28:23 -04:00
Lennart Poettering
89f193fac8 update TODO 2016-05-05 22:50:09 +02:00
Lennart Poettering
ed3902530e update TODO 2016-05-05 22:34:47 +02:00
Zbigniew Jędrzejewski-Szmek
a819a985e0 Merge pull request #3173 from poettering/dnssec-incapdns-fix
Dnssec incapdns fix
2016-05-03 14:50:43 -04:00
Lennart Poettering
9e2db6894f update TODO 2016-05-02 18:35:09 +02:00
Lennart Poettering
3e8a82dbd0 update TODO 2016-05-02 11:17:07 +02:00
Lennart Poettering
f9bf1b8fee update TODO 2016-04-29 16:27:49 +02:00
Lennart Poettering
6809de5bb1 update TODO a bit 2016-04-29 12:23:34 +02:00
Lennart Poettering
b8c7afdf4b update TODO 2016-04-22 16:18:32 +02:00
Zbigniew Jędrzejewski-Szmek
ccddd104fc tree-wide: use mdash instead of a two minuses 2016-04-21 23:00:13 -04:00
Lennart Poettering
1e555cb52b update TODO 2016-04-12 13:43:33 +02:00
Michal Sekletar
e01ff70a77 nspawn: always setup machine id
We check /etc/machine-id of the container and if it is already populated
we use value from there, possibly ignoring value of --uuid option from
the command line. When dealing with R/O image we setup transient machine
id.

Once we determined machine id of the container, we use this value for
registration with systemd-machined and we also export it via
container_uuid environment variable.

As registration with systemd-machined is done by the main nspawn process
we communicate container machine id established by setup_machine_id from
outer child to the main process by unix domain socket. Similarly to PID
of inner child.
2016-04-11 16:43:16 +02:00
Zbigniew Jędrzejewski-Szmek
a44202e98b basic/copy: use copy_file_range()
For btrfs, c_f_r() is like BTRFS_IOC_CLONE which we already used, but also
works when max_bytes is set. We do call copy_bytes in coredump code with
max_bytes set, and for large files, so we might see some benefit from using
c_f_r() on btrfs.

For other filesystems, c_f_r() falls back to do_splice_direct(), the same as
sendfile, which we already call, so there shouldn't be much difference.

Tested with test-copy and systemd-coredump on Linux 4.3 (w/o c_f_r)
and 4.5 (w/ c_f_r).
2016-03-17 13:02:18 -04:00
Daniel Mack
232c84b2d2 Remove systemd-bootchart
This commit rips out systemd-bootchart. It will be given a new home, outside
of the systemd repository. The code itself isn't actually specific to
systemd and can be used without systemd even, so let's put it somewhere
else.
2016-02-23 13:30:09 +01:00
Lennart Poettering
c8048350b8 update TODO 2016-02-21 20:59:55 +01:00
Lennart Poettering
8eff97a103 Merge pull request #2618 from zonque/busproxy-removal
remove bus-proxyd
2016-02-15 14:54:09 +01:00
Lennart Poettering
c834959498 update TODO 2016-02-13 20:33:49 +01:00
Lennart Poettering
479050b363 core: drop Capabilities= setting
The setting is hardly useful (since its effect is generally reduced to zero due
to file system caps), and with the advent of ambient caps an actually useful
replacement exists, hence let's get rid of this.

I am pretty sure this was unused and our man page already recommended against
its use, hence this should be a safe thing to remove.
2016-02-13 11:59:34 +01:00
Daniel Mack
798c486fbc remove bus-proxyd
As kdbus won't land in the anticipated way, the bus-proxy is not needed in
its current form. It can be resurrected at any time thanks to the history,
but for now, let's remove it from the sources. If we'll have a similar tool
in the future, it will look quite differently anyway.

Note that stdio-bridge is still available. It was restored from a version
prior to f252ff17, and refactored to make use of the current APIs.
2016-02-12 19:10:01 +01:00
Lennart Poettering
648b122045 update TODO 2016-02-10 22:54:33 +01:00
Lennart Poettering
2f1a7412b2 update TODO 2016-02-10 16:09:24 +01:00
Lennart Poettering
c5962fcff0 update TODO 2016-02-01 22:18:16 +01:00
Tom Gundersen
cfd77192c1 Merge pull request #2437 from poettering/dnssec19
nineteenth dnssec patch
2016-01-26 18:07:19 +01:00
Lennart Poettering
590e0ac4bd Merge pull request #2441 from msekletar/killing-spree-excluded-log-v3
shutdown: complain if process excluded from killing spree runs of the same rootfs as PID1 (v3)
2016-01-26 14:50:43 +01:00
Lennart Poettering
720652b30b update TODO
This gets rid of the private DNSSEC TODO and moves it in the main TODO dump site, as the DNSSEC implementation is
pretty complete now, and the remaining bits are low-priority.
2016-01-26 14:42:04 +01:00
Michal Sekletar
1359fffa57 shutdown: complain if process excluded from killing spree runs of the same rootfs as PID1 2016-01-26 14:13:13 +01:00
Zbigniew Jędrzejewski-Szmek
ca8625e9f9 TODO: remove syslog broadcasting
This should most likely be implemented as part of journal-netlogd
(https://github.com/systemd/systemd/pull/1890), which it seems
is not going to be merged.

systemctl edit was mentioned twice.
2016-01-23 19:49:00 -05:00
Michal Sekletar
99d7bd1c00 Remove TODO entry
Feature was introduced by 06af2a0
2016-01-22 10:10:45 +01:00
Lennart Poettering
3d39e6e5d4 Update TODO 2016-01-17 20:44:25 +01:00
Lennart Poettering
f506d09f71 update TODO 2016-01-13 20:21:36 +01:00
Daniel Mack
c57d67f718 Merge pull request #2096 from teg/resolved-cache
Misc resolved cache fixes
2015-12-10 20:48:42 +01:00
Tom Gundersen
2250592422 TODO 2015-12-10 19:47:47 +01:00
Lennart Poettering
b43d75c378 importd: drop dkr support
The current code is not compatible with current dkr protocols anyway,
and dkr has a different focus ("microservices") than nspawn anyway
("whole machine containers"), hence drop support for it, we cannot
reasonably keep this up to date, and it creates the impression we'd
actually care for the microservices usecase.
2015-12-10 16:54:41 +01:00
Lennart Poettering
daa27350c3 update TODO 2015-11-27 00:46:51 +01:00
Lennart Poettering
ccc3e8a104 update TODO 2015-11-24 00:20:39 +01:00
Lennart Poettering
39609489ca update TODO 2015-11-18 17:07:11 +01:00
David Herrmann
e25b5a8d73 TODO: sort 2015-11-16 15:05:00 +01:00
Michal Schmidt
7152869f0a Merge pull request #1869 from poettering/kill-overridable
Remove support for RequiresOverridable= and RequisiteOverridable=
2015-11-13 14:04:34 +01:00
Lennart Poettering
63fdeeb7df update TODO 2015-11-12 22:04:49 +01:00
Lennart Poettering
06ce859b58 update TODO 2015-11-12 20:25:39 +01:00
Filipe Brandenburger
b4c14404b3 execute: Add new PassEnvironment= directive
This directive allows passing environment variables from the system
manager to spawned services. Variables in the system manager can be set
inside a container by passing `--set-env=...` options to systemd-spawn.

Tested with an on-disk test.service unit. Tested using multiple variable
names on a single line, with an empty setting to clear the current list
of variables, with non-existing variables.

Tested using `systemd-run -p PassEnvironment=VARNAME` to confirm it
works with transient units.

Confirmed that `systemctl show` will display the PassEnvironment
settings.

Checked that man pages are generated correctly.

No regressions in `make check`.
2015-11-11 07:55:23 -08:00
Lennart Poettering
bd098bcedd update TODO 2015-11-11 14:32:26 +01:00
Zbigniew Jędrzejewski-Szmek
3917a2bb45 TODO: remove SYSTEMD_PAGER
This is already done in Fedora rawhide.
2015-11-10 18:50:52 -05:00
Lennart Poettering
de7399eb74 update TODO 2015-11-10 17:36:53 +01:00
Tom Gundersen
5af12d8b09 Merge pull request #1831 from keszybz/todo-trimming
Todo trimming
2015-11-10 14:43:42 +01:00
Zbigniew Jędrzejewski-Szmek
9f6434a675 man: describe the reason why runlevels are obsolete
Put it at the top of the file, where it's hard to miss.

Also add the mapping of runlevel → target because since it is now
static.

I'm not adding runlevel(7), because we do not want to make obsolete
stuff even more prominent.
2015-11-10 08:16:08 -05:00
Zbigniew Jędrzejewski-Szmek
28f90ea25f man: tweak description of machinectl show
Also, machinectl status is anything but terse. Remove "terse".
2015-11-10 07:53:43 -05:00
Zbigniew Jędrzejewski-Szmek
474acc9870 TODO: update for lz4/xz stuff
No point in fixing xz now that lz4 is the default.
2015-11-10 07:46:22 -05:00
Jan Engelhardt
a8eaaee72a doc: correct orthography, word forms and missing/extraneous words 2015-11-06 13:45:21 +01:00
Lennart Poettering
dcd1262673 Revert "utf8.[ch]: use char32_t and char16_t instead of int, int32_t, int16_t" 2015-11-02 11:21:25 +01:00
Daniel Mack
86b4428a58 Merge pull request #1740 from shawnl/master
utf8.[ch]: use char32_t and char16_t instead of int, int32_t, int16_t
2015-11-02 10:57:38 +01:00
Karel Zak
4c8965ad0a update TODO
- inotify utab has been removed and we use libmount now
- x-systemd.requires= fstab option has been implemented to specify
  dependencies in fstab
2015-11-02 09:59:27 +01:00
Shawn Landden
025b4c4105 utf8.[ch]: use char32_t and char16_t instead of int, int32_t, int16_t
rework C11 utf8.[ch] to use char32_t instead of uint32_t when referring
to unicode chars, to make things more expressive.
2015-10-31 21:00:57 -07:00
Lennart Poettering
5e524b404b update TODO 2015-10-27 13:45:53 +01:00
Lennart Poettering
0d4c4b7141 update TODO 2015-10-22 01:59:25 +02:00
Lennart Poettering
3efc8c72f0 update TODO 2015-10-19 22:30:11 +02:00
Michal Sekletar
63b20d5c0f update TODO 2015-10-09 12:21:34 +02:00
Lennart Poettering
42718282f5 update TODO 2015-10-07 21:38:29 +02:00
Lennart Poettering
eb7ec83860 update TODO 2015-09-30 12:23:33 +02:00
Lennart Poettering
03364e472b update TODO 2015-09-22 17:42:59 +02:00
Lennart Poettering
5738311653 TODO 2015-09-11 18:28:03 +02:00
Lennart Poettering
e11d45682e update TODO 2015-09-10 18:18:58 +02:00
Lennart Poettering
e2bf1764fd update TODO 2015-09-08 01:37:04 +02:00
David Herrmann
b47c788854 TODO: update networkd section
Remove two freshly implemented features, and add TSO support as a new
one.
2015-09-05 18:29:14 +02:00
Lennart Poettering
abab50081c update TODO 2015-08-31 13:09:29 +02:00
Lennart Poettering
d56cc29880 update TODO 2015-08-27 21:05:13 +02:00
Lennart Poettering
0d43ffef5a update TODO 2015-08-20 12:20:14 +02:00
Daniel Mack
e036a5f1d5 Merge pull request #974 from teg/resolved-fixes-2
resolved: debugging improvements
2015-08-17 10:04:31 +02:00
Lennart Poettering
0d4605ec3c update TODO 2015-08-16 21:59:58 +02:00
Lennart Poettering
0038aed166 Merge pull request #908 from richardmaw-codethink/nspawn-path-escapes-v3
Allow arbitrary file paths to be passed to nspawn (v3)
2015-08-16 21:32:03 +02:00
Tom Gundersen
17018c3cc7 TODO 2015-08-16 20:52:30 +02:00
Lennart Poettering
e6a26d8c97 update TODO 2015-08-16 18:25:34 +02:00
Lennart Poettering
c5974b33e7 update TODO 2015-08-14 12:47:57 +02:00
Richard Maw
8adaf7bd23 strv: convert strv_split_quotes into a generic strv_split_extract
strv_split_extract is to strv_split_quotes as extract_first_word was to
unquote_first_word.

Now there's extract_first_word for extracting a single argument,
extract_many_words for extracting a bounded number of arguments,
and strv_split_extract for extracting an arbitrary number of arguments.
2015-08-07 15:50:43 +00:00
Richard Maw
6868560773 util: change unquote_*_word to extract_*_word
It now takes a separators argument, which defaults to WHITESPACE if NULL
is passed.
2015-08-07 15:50:42 +00:00
Lennart Poettering
5df0997459 update TODO 2015-08-06 13:44:24 +03:00
Johnny Robeson
caaf2d1f19 TODO: remove obsolete fedup related todos
Fedup is being replaced by a dnf plugin that relies on systemd offline
updates as per
https://fedoraproject.org/wiki/Changes/DNF_System_Upgrades
2015-08-05 17:28:29 -04:00
Tom Gundersen
510cc5ae08 TODO 2015-07-28 00:07:32 +02:00
David Herrmann
8cd4eb791a Merge pull request #537 from poettering/nss-mymachines-userns
Hook up container userns with nss-mymachines
2015-07-23 09:53:47 +02:00
Tom Gundersen
31053e929e Merge pull request #549 from ssahani/dhcp
networkd: allow hostname override
2015-07-20 17:58:45 +02:00
Daniel Mack
9ecec7d766 Merge pull request #586 from teg/resolved-rrs-3
resolved: minor improvements to RR handling
2015-07-14 13:43:18 -04:00
Tom Gundersen
7c6423e191 resolved: rr - print formated timestamps in RRSIG 2015-07-14 19:16:12 +02:00
Tom Gundersen
d20b1667db resolved: use one UDP socket per transaction
We used to have one global socket, use one per transaction instead. This
has the side-effect of giving us a random UDP port per transaction, and
hence increasing the entropy and making cache poisoining significantly
harder to achieve.

We still reuse the same port number for packets belonging to the same
transaction (resent packets).
2015-07-14 18:50:57 +02:00
Tom Gundersen
29815b6c60 resolved: implement RFC5452
This improves the resilience against cache poisoning by being stricter
about only accepting responses that match precisely the requst they
are in reply to.

It should be noted that we still only use one port (which is picked
at random), rather than one port for each transaction. Port
randomization would improve things further, but is not required by
the RFC.
2015-07-14 18:50:57 +02:00
Tom Gundersen
1bf968f363 resolved: rr - print DNSKEY and RRSIG in base64
As mandated by RFC4034.
2015-07-14 01:18:51 +02:00
Susant Sahani
d88ba7f02e TODO: remove DHCP override hostname 2015-07-11 09:27:28 +05:30
Lennart Poettering
35914919a4 update TODO 2015-07-09 14:50:40 -03:00
Lennart Poettering
1361205099 update TODO 2015-07-06 12:35:58 +02:00
Susant Sahani
a521dbf43b TODO: remove ipv6 Ipv6 privacy extensions 2015-07-05 11:25:54 +05:30
Lennart Poettering
a2088fd025 update TODO 2015-06-19 01:12:54 +02:00
Lennart Poettering
c874ef05a7 update TODO 2015-06-18 20:08:01 +02:00
Lennart Poettering
affb71da79 update TODO 2015-06-18 20:03:11 +02:00
Lennart Poettering
ff609b8ecd update TODO 2015-06-18 19:45:06 +02:00
Lennart Poettering
eedb4ac831 update TODO 2015-06-18 13:32:24 +02:00
Lennart Poettering
de587378ea update TODO 2015-06-17 23:03:27 +02:00
Lennart Poettering
203e81db24 update TODO 2015-06-17 15:40:51 +02:00
Lennart Poettering
5febf10c1c update TODO 2015-06-16 01:02:52 +02:00
Lennart Poettering
63432f5d95 update TODO 2015-06-15 00:41:10 +02:00
Lennart Poettering
0bea2e3dde update TODO 2015-06-15 00:15:20 +02:00
Kay Sievers
2375607039 remove gudev and gtk-doc
The library moved to:
  https://git.gnome.org/browse/libgudev/
2015-06-03 00:22:53 +02:00
Lennart Poettering
ebc9d21131 update TODO 2015-05-21 21:31:23 +02:00
Lennart Poettering
cb7aa6569c update TODO 2015-05-21 19:49:08 +02:00
Lennart Poettering
ef6fc8ee57 update TODO 2015-05-21 16:32:01 +02:00
Zbigniew Jędrzejewski-Szmek
eba6fd30f2 TODO: add --merge support for sd-j-remote 2015-05-19 23:59:37 -04:00
Lennart Poettering
e885c2084a update TODO 2015-05-19 19:54:39 +02:00
Lennart Poettering
711e02cb47 Update TODO 2015-05-19 16:57:33 +02:00
Lennart Poettering
6b83b5e8d4 update TODO 2015-05-19 16:02:51 +02:00
Lennart Poettering
41bc22f3a0 update TODO 2015-05-19 01:32:40 +02:00
Lennart Poettering
fd6c2363af update TODO 2015-05-19 01:27:33 +02:00
Dimitri John Ledkov
304b3079a2 core: Execute first boot presets in an enable-only preset-mode.
This means any existing enabled units well be preserved and no
pre-created symlinks will be removed. This is done on first boot, when
the assumption is that /etc is not populated at all (no machine-id
setup). For minimal containers that gives a significant first boot
speed up, approximately ~20ms / ~16% in my trials.
2015-05-15 12:49:33 +02:00
Tom Gundersen
24c083dfcb networkd: network_get - allow udev_device to be NULL
In containers we never have udev devices, so drop the assert.

This fixes an assertion introduced in af3aa30274.
2015-05-12 00:43:45 +02:00
Lennart Poettering
0a98c46d50 update TODO 2015-05-11 22:59:11 +02:00