Features:
+* insert the new pidfs inode number as a third field into PidRef, so that
+ PidRef are reasonably serializable without having to pass around fds.
+
+* systemd-analyze smbios11 to dump smbios type 11 vendor strings
+
* move documentation about our common env vars (SYSTEMD_LOG_LEVEL,
SYSTEMD_PAGER, …) into a man page of its own, and just link it from our
various man pages that so far embed the whole list again and again, in an
speed than SHA256 on 64bit archs (since based on 64bit words unlike SHA256
which uses 32bit words).
-* send out sd_notify() from PID 1 when we determined hostname and machine ID
-
-* send out sd_notify() from PID 1 whenever we reach a target unit. Then
- introduce ssh.target or so. And in vmspawn/nspawn wait for that as indication
- whether/when SSH is available. Similar for D-Bus (but just use sockets.target for that)
+* In vmspawn/nspawn/machined wait for X_SYSTEMD_UNIT_ACTIVE=ssh-active.target
+ and X_SYSTEMD_SIGNAL_LEVEL=2 as indication whether/when SSH and the POSIX
+ signals are available. Similar for D-Bus (but just use sockets.target for
+ that). Report as property for the machine.
* teach nspawn/machined a new bus call/verb that gets you a
shell in containers that have no sensible pid1, via joining the container,
SOURCE_DATE_EPOCH (maybe even under that name?). Would then be used to
initialize the timestamp logic of ConditionNeedsUpdate=.
-* ptyfwd: look for window title ANSI sequences and insert colored dot in front
- of it while passing it through, to indicate whether we are in privileged, VM,
- container terminal sessions.
-
* nspawn/vmspawn/pid1: add ability to easily insert fully booted VMs/FOSC into
shell pipelines, i.e. add easy to use switch that turns off console status
output, and generates the right credentials for systemd-run-generator so that
* add a new ExecStart= flag that inserts the configured user's shell as first
word in the command line. (maybe use character '.'). Usecase: tool such as
- uid0 can use that to spawn the target user's default shell.
+ run0 can use that to spawn the target user's default shell.
* varlink: figure out how to do docs for our varlink interfaces. Idea: install
interface files augmented with docs in /usr/share/ somewhere. And have
policy from currently booted kernel/event log, to close gap for first boot
for pre-built images
-* add a new systemd-project@.service that is very similar to user@.service but
- uses DynamicUser=1 and no PAMName= to invoke an unprivileged somewhat
- light-weight service manager. Use HOME=/var/lib/systemd/projects/%i as home
- dir. Similar for $XDG_RUNTIME_DIR. Start project@%i.target. Use LogField= to
- add a field identifying the project.
-
* in sd-boot and sd-stub measure the SMBIOS vendor strings to some PCR (at
least some subset of them that look like systemd stuff), because apparently
some firmware does not, but systemd honours it. avoid duplicate measurement
systemd.import_encrypted_creds=foobar.waldo,tmpfiles.extra to protect locked
down kernels from credentials generated on the host with a weak kernel
+* Merge systemd-creds options --uid= (which accepts user names) and --user.
+
* Add support for extra verity configuration options to systemd-repart (FEC,
hash type, etc)
* systemd-analyze netif that explains predictable interface (or networkctl)
+* Figure out naming of verbs in systemd-analyze: we have (singular) capability,
+ exit-status, but (plural) filesystems, architectures.
+
* Add service setting to run a service within the specified VRF. i.e. do the
equivalent of "ip vrf exec".
- fingerprint authentication, pattern authentication, …
- make sure "classic" user records can also be managed by homed
- make size of $XDG_RUNTIME_DIR configurable in user record
- - query password from kernel keyring first
- - update even if record is "absent"
- move acct mgmt stuff from pam_systemd_home to pam_systemd?
- when "homectl --pkcs11-token-uri=" is used, synthesize ssh-authorized-keys records for all keys we have private keys on the stick for
- make slice for users configurable (requires logind rework)