Features:
+* complement root=, rootflags=, rootfstype= with rootsubdir= which allows
+ mounting a subdir of the root fs as actual root. This can be used as
+ fstype-agnostic version of btrfs' rootflags=subvol=foobar.
+
* add --copy-from and --copy-to command to systemd-dissect which copies stuff
in and out of a disk image
* nspawn: support time namespaces
+* systemd-firstboot: make sure to always use chase_symlinks() before
+ reading/writing files
+
* add ConditionSecurity=tpm2
* Remove any support for booting without /usr pre-mounted in the initrd entirely.
this, it's useful to have one that can dump contents of them, too.
* All tools that support --root= should also learn --image= so that they can
- operate on disk images directly. Specifically: bootctl, firstboot, tmpfiles,
- sysusers, systemctl, repart, journalctl, coredumpctl.
+ operate on disk images directly. Specifically: bootctl, tmpfiles, sysusers,
+ systemctl, repart, journalctl, coredumpctl. (Already done: systemd-nspawn,
+ systemd-firstboot)
* seccomp: by default mask x32 ABI system wide on x86-64. it's on its way out
* homed: support new FS_IOC_ADD_ENCRYPTION_KEY ioctl for setting up fscrypt
-* busctl: maybe expose a verb "ping" for pinging a dbus service to see if it
- exists and responds.
-
* homed: maybe pre-create ~/.cache as subvol so that it can have separate quota
easily?
+* busctl: maybe expose a verb "ping" for pinging a dbus service to see if it
+ exists and responds.
+
* when systemd-nspawn and suchlike dissect an OS image, and there are multiple
root partitions, do an strverscmp() on the partition label and boot
first. That is inspired how sd-boot figures out which kernel to boot, and
thus allows defining OS images which can be A/B updated and we default to the
newest version automatically, both in nspawn and in sd-boot
-* cryptsetup/homed: also support FIDO2 HMAC password logic for unlocking
- devices. (see: https://github.com/mjec/fido2-hmac-secret)
+* cryptsetup: support FIDO2 tokens for deriving keys (i.e. do what homed can do
+ also in plain cryptsetup)
* systemd-gpt-auto should probably set x-systemd.growfs on the mounts it
creates
* homed:
- when user tries to log into record signed by unrecognized key, automatically add key to our chain after polkit auth
- - hook up machined/nspawn users with a varlink user query interface
- rollback when resize fails mid-operation
- GNOME's side for forget key on suspend (requires rework so that lock screen runs outside of uid)
- resize on login?
beefing up logind to make pam session close hook synchronous and wait until
systemd --user is shut down.
- logind: maybe keep a "busy fd" as long as there's a non-released session around or the user@.service
- - maybe make automatic, read-only, time-based reflink-copies of LUKS disk images (think: time machine)
+ - maybe make automatic, read-only, time-based reflink-copies of LUKS disk
+ images (and btrfs snapshots of subvolumes) (think: time machine)
- distinguish destroy / remove (i.e. currently we can unregister a user, unregister+remove their home directory, but not just remove their home directory)
- in systemd's PAMName= logic: query passwords with ssh-askpassword, so that we can make "loginctl set-linger" mode work
- fingerprint authentication, pattern authentication, …
- make slice for users configurable (requires logind rework)
- logind: populate auto-login list bus property from PKCS#11 token
- when determining state of a LUKS home directory, check DM suspended sysfs file
+ - introduce API for "making room", that grows/shrinks home directory
+ according to elastic parameters, discards blocks, and removes additional snapshots. Call it
+ either from UI when disk space gets low
* introduce a new per-process uuid, similar to the boot id, the machine id, the
invocation id, that is derived from process creds, specifically a hashed