manager or system manager can be always set. It would be better to reject
them when parsing config.
+* busctl prints errors to stdout:
+ busctl tree org.freedesktop.systemd1 /org/freedesktop/systemd1
+
External:
* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
Features:
+* journalctl --image= which is like --root= but operates on disk images
+
+* when systemd-nspawn and suchlike dissect an OS image, and there are multiple
+ root partitions, do an strverscmp() on the partition label and boot
+ first. That is inspired how sd-boot figures out which kernel to boot, and
+ thus allows defining OS images which can be A/B updated and we default to the
+ newest version automatically, both in nspawn and in sd-boot
+
+* drop sd_bus_message_set_priority() from sd-bus API and documentation as much
+ as we can, it's a kdbus left-over and unlikely to come back on AF_UNIX, since
+ it's not really implementable there.
+
* cryptsetup/homed: also support FIDO2 HMAC password logic for unlocking
- devices.
+ devices. (see: https://github.com/mjec/fido2-hmac-secret)
* systemd-gpt-auto should probably set x-systemd.growfs on the mounts it
creates
* honour specifiers in unit files that resolve to some very basic
/etc/os-release data, such as ID, VERSION_ID, BUILD_ID, VARIANT_ID.
+* cryptsetup: allow encoding key directly in /etc/crypttab, maybe with a
+ "base64:" prefix. Useful in particular for pkcs11 mode.
+
+* cryptsetup: reimplement the mkswap/mke2fs in cryptsetup-generator to use
+ systemd-makefs.service instead.
+
* socket units: allow creating a udev monitor socket with ListenDevices= or so,
with matches, then actviate app thorugh that passing socket oveer
device node of current system, /usr device node, and matching verity, so that
an installer can be made a "copy" installer of the booted OS
-* systemd-repart: make it a static checker during early boot for existance and
+* systemd-repart: make it a static checker during early boot for existence and
absence of other partitions for trusted boot environments
* systemd-repart: when no configuration is found, exit early do not check
* systemd-repart: allow config of partition uuid
-* userdb: allow username prefix searches in varlink API
+* userdb: allow username prefix searches in varlink API, allow realname and
+ realname substr searches in varlink API
-* userdb: allow existance checks
+* userdb: allow existence checks
* pid: activation by journal search expression
user@.service, which returns the XDG_RUNTIME_DIR value, and make this
behaviour selectable via pam module option.
+* homed:
+ - when user tries to log into record signed by unrecognized key, automatically add key to our chain after polkit auth
+ - hook up machined/nspawn users with a varlink user query interface
+ - rollback when resize fails mid-operation
+ - GNOME's side for forget key on suspend (requires rework so that lock screen runs outside of uid)
+ - resize on login?
+ - fstrim on logout?
+ - shrink fs on logout?
+ - update LUKS password on login if we find there's a password that unlocks the JSON record but not the LUKS device.
+ - create on activate?
+ - properties: icon url?, preferred session type?, administrator bool (which translates to 'wheel' membership)?, address?, telephone?, vcard?, samba stuff?, parental controls?
+ - communicate clearly when usb stick is safe to remove. probably involves
+ beefing up logind to make pam session close hook synchronous and wait until
+ systemd --user is shut down.
+ - logind: maybe keep a "busy fd" as long as there's a non-released session around or the user@.service
+ - maybe make automatic, read-only, time-based reflink-copies of LUKS disk images (think: time machine)
+ - distuingish destroy / remove (i.e. currently we can unregister a user, unregister+remove their home directory, but not just remove their home directory)
+ - in systemd's PAMName= logic: query passwords with ssh-askpassword, so that we can make "loginctl set-linger" mode work
+ - fingerprint authentication, pattern authentication, …
+ - make sure "classic" user records can also be managed by homed
+ - description field for groups
+ - make size of $XDG_RUNTIME_DIR configurable in user record
+ - reuse pwquality magic in firstboot
+ - query password from kernel keyring first
+ - update even if record is "absent"
+ - add a "access mode" + "fstype" field to the "status" section of json identity records reflecting the actually used access mode and fstype, even on non-luks backends
+ - move acct mgmt stuff from pam_systemd_home to pam_systemd?
+ - when "homectl --pkcs11-token-uri=" is used, synthesize ssh-authorized-keys records for all keys we have private keys on the stick for
+ - make slice for users configurable (requires logind rework)
+ - logind: populate auto-login list bus property from PKCS#11 token
+ - when determining state of a LUKS home directory, check DM suspended sysfs file
+
* introduce a new per-process uuid, similar to the boot id, the machine id, the
invocation id, that is derived from process creds, specifically a hashed
combination of AT_RANDOM + getpid() + the starttime from
* the a-posteriori stopping of units bound to units that disappeared logic
should be reworked: there should be a queue of units, and we should only
- enqeue stop jobs from a defer event that processes queue instead of
+ enqueue stop jobs from a defer event that processes queue instead of
right-away when we find a unit that is bound to one that doesn't exist
anymore. (similar to how the stop-unneeded queue has been reworked the same
way)
"systemd-gdb" for attaching to the start-up of any system service in its
natural habitat.
-* maybe add gpt-partition-based user management: each user gets his own
- LUKS-encrypted GPT partition with a new GPT type. A small nss module
- enumerates users via udev partition enumeration. UIDs are assigned in a fixed
- way: the partition index is added as offset to some fixed base uid. User name
- is stored in GPT partition name. A PAM module authenticates the user via the
- LUKS partition password. Benefits: strong per-user security, compatibility
- with stateless/read-only/verity-enabled root. (other idea: do this based on
- loopback files in /home, without GPT involvement)
-
* gpt-auto logic: related to the above, maybe support a "secondary" root
partition, that is mounted to / and is writable, and where the actual root's
/usr is mounted into.
* merge ~/.local/share and ~/.local/lib into one similar /usr/lib and /usr/share....
-* systemd.show_status= should probably have a mode where only failed
- units are shown.
-
* add systemd.abort_on_kill or some other such flag to send SIGABRT instead of SIGKILL
(throughout the codebase, not only PID1)
* teach ConditionKernelCommandLine= globs or regexes (in order to match foobar={no,0,off})
+* Add ConditionDirectoryNotEmpty= handle non-absoute paths as a search path or add
+ ConditionConfigSearchPathNotEmpty= or different syntax? See the discussion starting at
+ https://github.com/systemd/systemd/pull/15109#issuecomment-607740136.
+
* BootLoaderSpec: Clarify that the kernel has to be in $BOOT. Clarify
that the boot loader should be installed to the ESP. Define a way
how an installer can figure out whether a BLS compliant boot loader
make assumptions about their slice anymore.
- follow PropertiesChanged state more closely, to deal with quick logouts and
relogins
+ - (optionally?) spawn seat-manager@$SEAT.service whenever a seat shows up that as CanGraphical set
* journal:
- consider introducing implicit _TTY= + _PPID= + _EUID= + _EGID= + _FSUID= + _FSGID= fields
- journald: when we drop syslog messages because the syslog socket is
full, make sure to write how many messages are lost as first thing
to syslog when it works again.
- - change systemd-journal-flush into a service that stays around during
- boot, and causes the journal to be moved back to /run on shutdown,
- so that we do not keep /var busy. This needs to happen synchronously,
- hence doing this via signals is not going to work.
- - optionally support running journald from the command line for testing purposes in external projects
- journald: allow per-priority and per-service retention times when rotating/vacuuming
- journald: make use of uid-range.h to managed uid ranges to split
journals in.
a carrier is lost on a link. It should be removed instantly.
- expose in the API the following bits:
- option 15, domain name and/or option 119, search list
- - option 12, host name and/or option 81, fqdn
+ - option 12, hostname and/or option 81, fqdn
- option 123, 144, geolocation
- option 252, configure http proxy (PAC/wpad)
- provide a way to define a per-network interface default metric value