manager or system manager can be always set. It would be better to reject
them when parsing config.
+* userdbctl: "Password OK: yes" is shown even when there are no passwords
+ or the password is locked.
+
External:
* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
* nss-systemd: also synthesize shadow records for users/groups
-* make use of the new statx mountid and rootmount fields in path_get_mnt_id()
- and fd_is_mount_point()
-
* nspawn: move "incoming mount" directory to /run/host, move "inaccessible"
nodes to /run/host, move notify socket (for sd_notify() between payload and
container manager)
- elfutils (always)
- p11-kit-trust (always)
- kmod-libs (only when called from PID 1)
- - cryptsetup-libs (only in RootImage= handling in PID 1, but not in systemd-cryptsetup)
- - similar: libblkid
+ - libblkid (only in RootImage= handling in PID 1, but not elsewhere)
- libpam (only when called from PID 1)
- bzip2, xz, lz4 (always — gzip and zstd should probably stay static deps the way they are,
since they are so basic and our defaults)
* seccomp: maybe merge all filters we install into one with that libseccomp API that allows merging.
-* per-service credential system. Specifically: add LoadCredential= (for loading
- cred from file), AcquireCredential= (for asking user for cred, via
- ask-password), PassCredential= (for passing on credential systemd itself
- got). Then, place credentials in a per-service, immutable ramfs instance (so
- that it cannot be swapped out), destroy after use. Also pass via keyring
- (with graceful fallback to cover for containers). Define CredentialPath= for
- defining subdir of /run/credentials/ where to place it. Set $CREDENTIAL_PATH
- env var for services to the result. Also pass via fd passing (optionally).
-
-* homed: add native recovery key support. use 48 lowercase modhex characters
- (192bit), show qr code of it, include pattern expression in user record.
-
-* homed: introduce "degraded" state for home directories that weren't cleanly
- unmounted (use xattr we add and remove on the loop back file)
+* credentials system:
+ - maybe add AcquireCredential= for querying a cred via ask-password
+ - maybe try to acquire creds via keyring?
+ - maybe try to pass creds via keyring?
+ - maybe optionally pass creds via memfd
+ - maybe add support for decrypting creds via TPM
+ - maybe add support for decrypting/importing creds via pkcs11
+ - make systemd-cryptsetup acquire pw via creds logic
+ - make PAMName= acquire pw via creds logic
+ - make macsec/wireguard code in networkd read key via creds logic
+ - make gatwayd/remote read key via creds logic
+ - add sd_notify() command for flushing out creds not needed anymore
* homed: during login resize fs automatically towards size goal. Specifically,
resize to diskSize if possible, but leave a certain amount (configured by a
* systemd-gpt-auto should probably set x-systemd.growfs on the mounts it
creates
-* homed/userdb: distinguish passwords and recovery keys in the records, since
- we probably want to use different PBKDF algorithms/settings for them:
- passwords have low entropy but recovery keys should have good entropy key
- hence we can make them quicker to work.
-
* bootctl:
- teach it to prepare an ESP wholesale, i.e. with mkfs.vfat invocation
- teach it to copy in unified kernel images and maybe type #1 boot loader spec entries from host
* systemd-repart: allow sizing partitions as factor of available RAM, so that
we can reasonably size swap partitions for hibernation.
-* systemd-repart: allow running mkfs before making partitions pop up +
- encryption via LUKS to allow booting into an empty root with only /usr mounted in
-
* systemd-repart: allow managing the gpt read-only partition flag + auto-mount flag
* systemd-repart: allow boolean option that ensures that if existing partition
* systemd-repart: add per-partition option to fail if partition already exist,
i.e. is not added new. Similar, add option to fail if partition does not exist yet.
-* systemd-repart: add --size=auto for generating/resizing images of minimal
- size, i.e. where the image file is sized exactly as large as necessary taking
- SizeMin= into account, but not a single byte larger.
-
* systemd-repart: allow disabling growing of specific partitions, or making
them (think ESP: we don't ever want to grow it, since we cannot resize vfat)
directory trees from the host to the services RootImage= and RootDirectory=
environment. Which we can use for /etc/machine-id and in particular
/etc/resolv.conf. Should be smart and do something useful on read-only
- images, for example fallback to read-only bind mounting the file instead.
+ images, for example fall back to read-only bind mounting the file instead.
* show invocation ID in systemd-run output
- journald: also get thread ID from client, plus thread name
- journal: when waiting for journal additions in the client always sleep at least 1s or so, in order to minimize wakeups
- add API to close/reopen/get fd for journal client fd in libsystemd-journal.
- - fallback to /dev/log based logging in libsystemd-journal, if we cannot log natively?
+ - fall back to /dev/log based logging in libsystemd-journal, if we cannot log natively?
- declare the local journal protocol stable in the wiki interface chart
- sd-journal: speed up sd_journal_get_data() with transparent hash table in bg
- journald: when dropping msgs due to ratelimit make sure to write