Features:
+* All tools that support --root= should also learn --image= so that they can
+ operate on disk images directly. Specifically: bootctl, firstboot, tmpfiles,
+ sysusers, systemctl, repart, journalctl, coredumpctl.
+
+* per-service credential system. Specifically: add LoadCredential= (for loading
+ cred from file), AcquireCredential= (for asking user for cred, via
+ ask-password), PassCredential= (for passing on credential systemd itself
+ got). Then, place credentials in a per-service, immutable ramfs instance (so
+ that it cannot be swapped out), destroy after use. Also pass via keyring
+ (with graceful fallback to cover for containers). Define CredentialPath= for
+ defining subdir of /run/credentials/ where to place it. Set $CREDENTIAL_PATH
+ env var for services to the result. Also pass via fd passing (optionally).
+
+* homed: add native recovery key support. use 48 lowercase modhex characters
+ (192bit), show qr code of it, include pattern expression in user record.
+
+* homed: introduce "degraded" state for home directories that weren't cleanly
+ unmounted (use xattr we add and remove on the loop back file)
+
+* homed: during login resize fs automatically towards size goal. Specifically,
+ resize to diskSize if possible, but leave a certain amount (configured by a
+ new value diskLeaveFreeSize) of space free on the backing fs.
+
+* homed: permit multiple private keys to be used locally, and pick the right
+ one for signing records automatically depending on a pre-existing signature
+
+* homed: add a way to "adopt" a home directory, i.e. strip foreign signatures
+ and insert a local signature instead.
+
+* Maybe expose path_is_encrypted() as a new ConditionPathIsEncrypted=?
+
+* homed: as an extension to the directory+subvolume backend: if located on
+ especially marked fs, then sync down password into LUKS header of that fs,
+ and always verify passwords against it too. Bootstrapping is a problem
+ though: if noone is logged in (or no other user even exists yet), how do you
+ unlock the volume in order to create the first user and add the first pw.
+
* busctl: maybe expose a verb "ping" for pinging a dbus service to see if it
exists and responds.
-* homed: add homed.conf setting DefaultStorage= or so
-
* homed: maybe pre-create ~/.cache as subvol so that it can have separate quota
easily?
-* journalctl --image= which is like --root= but operates on disk images
-
* when systemd-nspawn and suchlike dissect an OS image, and there are multiple
root partitions, do an strverscmp() on the partition label and boot
first. That is inspired how sd-boot figures out which kernel to boot, and
* systemd-repart: allow config of partition uuid
+* systemd-repart: add --make= switch for fallocating a new file of the
+ specified size first.
+
* userdb: allow username prefix searches in varlink API, allow realname and
realname substr searches in varlink API
- rollback when resize fails mid-operation
- GNOME's side for forget key on suspend (requires rework so that lock screen runs outside of uid)
- resize on login?
- - fstrim on logout?
- shrink fs on logout?
- update LUKS password on login if we find there's a password that unlocks the JSON record but not the LUKS device.
- create on activate?