From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 30 Sep 2024 15:29:01 +0000 (+0200)
Subject: update TODO
X-Git-Tag: v257-rc1~358
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=26e6986527fe553edf35a442a520deb10c45a155;p=thirdparty%2Fsystemd.git

update TODO
---

diff --git a/TODO b/TODO
index 70d4a1eea7b..76ddfb5a0a7 100644
--- a/TODO
+++ b/TODO
@@ -39,7 +39,6 @@ External:
   - how to make changes to sysctl and sysfs attributes
   - remote access
   - how to pass throw-away units to systemd, or dynamically change properties of existing units
-  - testing with Harald's awesome test kit
   - auto-restart
   - how to develop against journal browsing APIs
   - the journal HTTP iface
@@ -130,6 +129,24 @@ Deprecations and removals:
 
 Features:
 
+* define a generic "report" varlink interface, which services can implement to
+  provide health/statistics data about themselves. then define a dir somewhere
+  in /run/ where components can bind such sockets. Then make journald, logind,
+  and pid1 itself implement this and expose various stats on things there. Then
+  issue parallel calls to these interfaces from the systemd-report tool,
+  combine into one json document, and include measurment logs and tpm
+  quote. tpm quote should proctect the json doc via the nonce field
+  studd. Allow shipping this off elsewhere for analyze.
+
+* sd-varlink: maybe add flag(s) to mark methods accepti/require "more" calls in
+  introspection structures already now, even if IDL doesn't know a construct to
+  advertise this. But do enforce it when validating incoming method calls, so
+  that we definitely have the data around and valid. For now, generate an IDL
+  comment based on this info.
+
+* The bind(AF_UNSPEC) construct (for resetting sockets to their initial state)
+  should be blocked in many cases because it punches holes in many sandboxes.
+
 * find a nice way to opt-in into auto-masking SIGCHLD on first
   sd_event_add_child(), and then get rid of many more explicit sigprocmask()
   calls.
@@ -598,6 +615,8 @@ Features:
 * measure some string via pcrphase whenever we end up booting into emergency
   mode.
 
+* similar, measure some string via pcrphase whenver we resume from hibernate
+
 * homed: add a basic form of secrets management to homed, that stores
   secrets in $HOME somewhere, is protected by the accounts own authentication
   mechanisms. Should implement something PKCS#11-like that can be used to