* add --copy-from and --copy-to command to systemd-dissect which copies stuff
in and out of a disk image
-* add systemd.random_seed= on the kernel cmdline, taking some hex or base64
- encoded data. During earliest boot, credit it to entropy. This is not useful
- for general purpose systems, but certainly for testing environments in VMs
- and such, as it allows us to boot up instantly with fully initialized entropy
- pool even if RNG pass-thru is not available.
-
* Support ProtectProc= or so, using: https://patchwork.kernel.org/cover/11310197/
* if /usr/bin/swapoff fails due to OOM, log a friendly explanatory message about it
-* warn if User=nobody is used in a unit file. It's the overflow UID after all,
- and the service might thus get access to files it really should not get
- access to on NFS and userns environments.
+* add loud warning to the logs (with catalog entry) if systemd-udev-settle is
+ pulled into the boot process
* build short web pages out of each catalog entry, build them along with man
pages, and include hyperlinks to them in the journal output
anything like that.
* journald: do journal file writing out-of-process, with one writer process per
- client UID, so tht synthetic hash table collisions can slow down a specific
+ client UID, so that synthetic hash table collisions can slow down a specific
user's journal stream down but not the others.
* add "throttling" to sd-event event sources: optionally, when we wake up too
thus allows defining OS images which can be A/B updated and we default to the
newest version automatically, both in nspawn and in sd-boot
-* cryptsetup/homed: also support FIDO2 HMAC password logic for unlocking
- devices. (see: https://github.com/mjec/fido2-hmac-secret)
+* cryptsetup: support FIDO2 tokens for deriving keys (i.e. do what homed can do
+ also in plain cryptsetup)
* systemd-gpt-auto should probably set x-systemd.growfs on the mounts it
creates
- teach it to copy in unified kernel images and maybe type #1 boot loader spec entries from host
- make it operate on loopback files, dissecting enough to find ESP to operate on
+* Maybe add a separate GPT partition type to the discoverable partition spec
+ for "hibernate" partitions, that are exactly like swap partitions but only
+ activated right before hibernation and thus never used for regular swapping.
+
* by default, in systemd --user service bump the OOMAdjust to 100, as privs
allow so that systemd survives
end), in order to maximize dd'ability. Requires libfdisk work, see
https://github.com/karelzak/util-linux/issues/907
-* systemd-repart: optionally, allow specifying a path to initialize new
- partitions from, i.e. an fs image file or a source device node. This would
- then turn systemd-repart into a simple installer: with a few .repart files
- you could replicate the host system on another device. a full installer would
- then be: "systemd-repart /dev/sda && bootctl install /dev/sda &&
- systemd-firstboot --image= …"
-
* systemd-repart: MBR partition table support. Care needs to be taken regarding
Type=, so that partition definitions can sanely apply to both the GPT and the
MBR case. Idea: accept syntax "Type=gpt:home mbr:0x83" for setting the types
* systemd-repart: allow managing the gpt read-only partition flag + auto-mount flag
+* systemd-repart: allow boolean option that ensures that if existing partition
+ doesn't exist within the configured size bounds the whole command fails. This
+ is useful to implement ESP vs. XBOOTLDR schemes in installers: have one set
+ of repart files for the case where ESP is large enough and one where it isn't
+ and XBOOTLDR is added in instead. Then apply the former first, and if it
+ fails to apply use the latter.
+
+* systemd-repart: add per-partition option to never reuse existing partition
+ and always create anew even if matching partition already exists.
+
+* systemd-repart: add per-partition option to fail if partition already exist,
+ i.e. is not added new. Similar, add option to fail if partition does not exist yet.
+
+* systemd-repart: add --size=auto for generating/resizing images of minimal
+ size, i.e. where the image file is sized exactly as large as necessary taking
+ SizeMin= into account, but not a single byte larger.
+
* systemd-repart: allow disabling growing of specific partitions, or making
them (think ESP: we don't ever want to grow it, since we cannot resize vfat)
-* systemd-repart: add specifier expansion, add especifier that refers to root
- device node of current system, /usr device node, and matching verity, so that
- an installer can be made a "copy" installer of the booted OS
-
* systemd-repart: make it a static checker during early boot for existence and
absence of other partitions for trusted boot environments
-* systemd-repart: allow config of partition uuid
-
* userdb: allow username prefix searches in varlink API, allow realname and
realname substr searches in varlink API