manager or system manager can be always set. It would be better to reject
them when parsing config.
+* userdbctl: "Password OK: yes" is shown even when there are no passwords
+ or the password is locked.
+
External:
* Fedora: add an rpmlint check that verifies that all unit files in the RPM are listed in %systemd_post macros.
- elfutils (always)
- p11-kit-trust (always)
- kmod-libs (only when called from PID 1)
- - cryptsetup-libs (only in RootImage= handling in PID 1, but not in systemd-cryptsetup)
- - similar: libblkid
+ - libblkid (only in RootImage= handling in PID 1, but not elsewhere)
- libpam (only when called from PID 1)
- bzip2, xz, lz4 (always — gzip and zstd should probably stay static deps the way they are,
since they are so basic and our defaults)
- make gatwayd/remote read key via creds logic
- add sd_notify() command for flushing out creds not needed anymore
-* homed: add native recovery key support. use 48 lowercase modhex characters
- (192bit), show qr code of it, include pattern expression in user record.
-
-* homed: introduce "degraded" state for home directories that weren't cleanly
- unmounted (use xattr we add and remove on the loop back file)
-
* homed: during login resize fs automatically towards size goal. Specifically,
resize to diskSize if possible, but leave a certain amount (configured by a
new value diskLeaveFreeSize) of space free on the backing fs.
* systemd-gpt-auto should probably set x-systemd.growfs on the mounts it
creates
-* homed/userdb: distinguish passwords and recovery keys in the records, since
- we probably want to use different PBKDF algorithms/settings for them:
- passwords have low entropy but recovery keys should have good entropy key
- hence we can make them quicker to work.
-
* bootctl:
- teach it to prepare an ESP wholesale, i.e. with mkfs.vfat invocation
- teach it to copy in unified kernel images and maybe type #1 boot loader spec entries from host