From 1ccfb792e4f1baaa6bb7b7bc44187c35de091954 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 19 Nov 2021 15:39:19 +0100 Subject: update TODO --- TODO | 35 +++++++++++------------------------ 1 file changed, 11 insertions(+), 24 deletions(-) diff --git a/TODO b/TODO index e06d9edc93..7786166c35 100644 --- a/TODO +++ b/TODO @@ -81,6 +81,15 @@ Janitorial Clean-ups: Features: +* cryptsetup/homed: implement TOTP authentication backed by TPM2 and its + internal clock. + +* resolved: listen on 127.0.0.54 in addition to 127.0.0.53 and operate in proxy + mode there unconditionally. + +* nspawn: optionally set up nftables/iptables routes that forward UDP/TCP + traffic on port 53 to resolved stub. + * extend src/basic/filesystems.[ch] so that it can be used to translate any fs magic into a string. Then use that to replace fstype_magic_to_name() in homed sources, and similar code. @@ -262,12 +271,6 @@ Features: * expose MS_NOSYMFOLLOW in various places -* allow passing creds into kernel when booting: in EFI stub, collect creds - files from ESP directory, generate CPIO archive on the fly from them, so that - they are dropped into /run/initramfs/creds/ and pass to kernel as additional - initrd. Then, use LoadCredentialEncrypted=foo:/run/initramfs/creds/foo to - load them. - * make LoadCredential= automatically find credentials in /etc/creds, /run/creds, … and so on, if path component is unqualified @@ -365,14 +368,6 @@ Features: * make use of new glibc 2.32 APIs sigabbrev_np() and strerrorname_np(). -* add /etc/integritytab, to support dm-integrity setups. In particular those - with HMAC as hash function, so that we can have a protected /home without - encryption (leaving encryption to the individual dirs/homed). - -* complement root=, rootflags=, rootfstype= with rootsubdir= which allows - mounting a subdir of the root fs as actual root. This can be used as - fstype-agnostic version of btrfs' rootflags=subvol=foobar. - * if /usr/bin/swapoff fails due to OOM, log a friendly explanatory message about it * Remove any support for booting without /usr pre-mounted in the initrd entirely. @@ -558,9 +553,6 @@ Features: * introduce per-unit (i.e. per-slice, per-service) journal log size limits. -* sd-boot: automatically load EFI modules from some drop-in dir, so that people - can add in file system drivers and such - * sd-boot: optionally, show boot menu when previous default boot item has non-zero "tries done" count @@ -1039,10 +1031,8 @@ Features: ConditionConfigSearchPathNotEmpty= or different syntax? See the discussion starting at https://github.com/systemd/systemd/pull/15109#issuecomment-607740136. -* BootLoaderSpec: Clarify that the kernel has to be in $BOOT. Clarify - that the boot loader should be installed to the ESP. Define a way - how an installer can figure out whether a BLS compliant boot loader - is installed. +* BootLoaderSpec: Define a way how an installer can figure out whether a BLS + compliant boot loader is installed. * think about requeuing jobs when daemon-reload is issued? usecase: the initrd issues a reload after fstab from the host is accessible @@ -1057,9 +1047,6 @@ Features: * merge unit_kill_common() and unit_kill_context() -* hw watchdog: optionally try to use the preset watchdog timeout instead of always overriding it - https://bugs.freedesktop.org/show_bug.cgi?id=54712 - * add a dependency on standard-conf.xml and other included files to man pages * MountFlags=shared acts as MountFlags=slave right now. -- cgit v1.2.1