diff options
| author | Lennart Poettering <lennart@poettering.net> | 2021-11-10 15:59:58 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2021-11-11 18:38:26 +0100 |
| commit | af11e0ef843c19cbf8ccaefb93a44dbe4602f7a8 (patch) | |
| tree | 3e610e329759218fe4808dd8e37ee94b0ba10670 | |
| parent | c65417a01121301fdf7f8514ee7663d287af3a72 (diff) | |
| download | systemd-af11e0ef843c19cbf8ccaefb93a44dbe4602f7a8.tar.gz | |
update TODO
| -rw-r--r-- | TODO | 40 |
1 files changed, 40 insertions, 0 deletions
@@ -81,6 +81,46 @@ Janitorial Clean-ups: Features: +* userdb: when synthesizing NSS records, pick "best" password from defined + passwords, not just the first. i.e. if there are multiple defined, prefer + unlocked over locked and prefer non-empty over empty. + +* maybe add a tool inspired by the GPT auto discovery spec that runs in the + initrd and rearranges the rootfs hierarchy via bind mounts, if + enabled. Specifically in some top-level dir /@auto/ it will look for + dirs/symlinks/subvolumes that are named after their purpose, and optionally + encode a version as well as assessment counters, and then mount them into the + file system tree to boot into, similar to how we do that for the gpt auto + logic. Maybe then bind mount the original root into /.superior or something + like that (so that update tools can look there). Further discussion in this + thread: + https://lists.freedesktop.org/archives/systemd-devel/2021-November/047059.html + The GPT dissection logic should automatically enable this tool whenever we + detect a specially marked root fs (i.e introduce a new generic root gpt type + for this, that is arch independent). The also implement this in the image + dissection logic, so that nspawn/RootImage= and so on grok it. Maybe make + generic enough so that it can also work for ostrees arrangements. + +* if a path ending in ".auto.d/" is set for RootDirectory=/RootImage= then do a + strverscmp() of everything inside that dir and use that. i.e. implement very + simple version control. Also use this in systemd-nspawn --image= and so on. + +* homed: while a home dir is not activated generate slightly different NSS + records for it, that reports the home dir as "/" and the shell as some binary + provided by us. Then, when an SSH login happens and SSH permits it our binary + is invoked. This binary can then talk to homed and activate the homedir if + it's not around yet, prompting the user for a password. Once that succeeded + we'll switch to the real user record, i.e. home dir and shell, and our tool + exec()s the latter. Net effect: ssh'ing into a homed account will just work: + we'll neatly prompt for the homedir's password if its needed. –– Building on + this we could take this even further: since this tool will potentially have + access to the client's ssh-agent (if ssh-agent forwarding is enabled) we + could implement SSH unlocking of a homedir with that: when enrolling a new + ssh pubkey in a user record we'd ask the ssh-agent to sign some random value + with the privkey, then use that as luks key to unlock the home dir. Will not + work for ECDSA keys since their signatures contain a random component, but + will work for RSA and Ed25519 keys. + * add tiny service that decrypts encrypted user records passed via initrd credential logic and drops them into /run where nss-systemd can pick them up, similar to /run/host/userdb/. Usecase: drop a root user JSON record there, |