From: Lennart Poettering Date: Fri, 24 Nov 2023 12:24:49 +0000 (+0100) Subject: update TODO X-Git-Tag: v256-rc1~1299 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c16167ea10241292aa6d0c1cdc31e525da21e754;p=thirdparty%2Fsystemd.git update TODO --- diff --git a/TODO b/TODO index ee6bfc304be..ae710eede00 100644 --- a/TODO +++ b/TODO @@ -147,6 +147,12 @@ Features: * use udev rule networkd ownership property to take ownership of network interfaces nspawn creates +* support encrypted credentials in user context too. This is complicated by the + fact that the user does not have access to the TPM nor the system + credential. Implementation idea: extend the systemd-creds Varlink interface + to allow this: user must supply some per-user secret, that we'll include in + the encryption key. + * add a kernel cmdline switch (and cred?) for marking a system to be "headless", in which case we never open /dev/console for reading, only for writing. This would then mean: systemd-firstboot would process creds but not @@ -306,7 +312,6 @@ Features: - coredumpcl - systemd-bless-boot - systemd-measure - - systemd-creds (allowing clients to encrypt credentials locally) - systemd-cryptenroll (to allow UIs to enroll FIDO2 keys and such) - systemd-dissect - systemd-sysupdate @@ -314,9 +319,6 @@ Features: - systemd-pcrlock (to allow fwupd to relax policy) - kernel-install -* Varlink: add glue code to allow varlink clients to be authenticated via - Polkit by passing client pidfd over. - * in the service manager, pick up ERRNO= + BUSERROR= + VARLINKERROR= error identifiers, and store them along with the exit status of a server and report via "systemctl status". @@ -367,7 +369,6 @@ Features: - sd_bus_creds - unit_attach_pid_to_cgroup_via_bus() - cg_attach() – requires new kernel feature - - varlink_get_peer_pid() * ddi must be listed as block device fstype