TODO -*- outline -*- ==== Most new TODO items are marked @todo in the source code and listed in the Doxygen-generated documentation in doc/schroot/html/todo.html PLANNED ------- * Add API to run multiple commands to replace auth::run(). * Add extra file permissions checking Both to run-parts, to ensure that shell scripts are owned by root and not world writable (as for config files). And also add the same permissions check to script-config files. * Generalise permissions checking Create a standard function which can use either stat, fstat or lstat and test for particular permissions. * SCHROOT_CONF error messages must also mention chroot.d. POTENTIAL --------- * Use of passwd/group databases should be thread-safe - Use the _r variants of getpw*, getgr*. * Add tests for ** Auth ** AuthConv ** AuthConvTty ** AuthMessage ** Session ** schroot::Options ** schroot_releaselock::Options None of these are urgent and/or are difficult to test in an automated fashion. expect might be useful for testing the PAM wrappers. * Add tests for dchroot and dchroot-dsa classes. * Line reporting while parsing config files misses file name. log_warning() is used, because we don't throw an exception. The code has no knowledge of the file name, so can't report it. Outright errors throw, and the handler adds the needed context. * Unify fork/exec code into a spawn function. * Pass configured sysconfdir, pkglibexecdir prefix exec_prefix etc. to scripts. * Tests for chroots: ** -source chroots * logging should allow customisation of log level See end of Debian Bug #279408. ** log functions should have a severity (to complement existing I/W/E types) Similar to debug level, but for normal messages e.g. quiet/normal/verbose/extra verbose. ** config file should have a "message" key. Overridden by --quiet/--verbose options. * Create separate namespaces for chroots and sessions Note: how to deal with duplicated names in both namespaces for --all? Maybe just list twice, first chroots and then sessions? Have separate namespaces for * chroots (for --all-chroots) * chroot aliases (for chroot commands) * source chroots (for --all-source-chroots) * source chroot aliases (for source chroot commands; add --source option) * sessions (for all session commands) * Testcase for chroot-loopback fs-union mounting simplifications Rather than having a very complex scheme for setting up unions, we could have - an "underlay" (ro) - the "overlay" (rw) both mounted under /var/lib/schroot - the union of both mounted in the usual place. file: Set full unpack dir with session ID like LVM snapshot. * Add a read-only mount option for union underlay (both for devices and bind mounts). Security: Record user who created a session, and don't allow other users access (except root?). This might involve serialising the authentication state into the chroot object. Does a NULL ptr from clone_source get stored? Move chroot-specific session setup from sbuild::session for chroot vfunc. Union: Don't allow overlay/underlay to be user-specified? Or only allow underlay to be specified (but it's already specified in the chroot definition, so don't allow?). Note: Currently user settings are automatically overridden. Add directories under /var to man pages Add checks for unsupported features in setup scripts. Separate UUID support into support function Set session ID in chroot configuration in addition to name. This will allow the removal of chroot-specific session setup from sbuild::session. This also means the session ID is chroot-specific rather than session-specific, so won't be reused if using multiple chroots. SESSION_CREATE | SESSION_CLONE confusion. When is it appropriate to set SESSION_CREATE? Should already created sessions set it? Define operator &= and |= for enum types defining | and & operators. Remove use of virtual public for sbuild::chroot inheritance, since it breaks the default copy constructors.