path: root/TODO

TODO                                                            -*- outline -*-
====


Most new TODO items are marked @todo in the source code and listed in
the Doxygen-generated documentation in doc/schroot/html/todo.html


PLANNED
-------

* Add API to run multiple commands to replace auth::run().

* Add extra file permissions checking

Both to run-parts, to ensure that shell scripts are owned by root and
not world writable (as for config files).  And also add the same
permissions check to script-config files.

* Generalise permissions checking

Create a standard function which can use either stat, fstat or lstat
and test for particular permissions.

* SCHROOT_CONF error messages must also mention chroot.d.


POTENTIAL
---------

* Use of passwd/group databases should be thread-safe

  - Use the _r variants of getpw*, getgr*.

* Add tests for

** Auth
** AuthConv
** AuthConvTty
** AuthMessage
** Session
** schroot::Options
** schroot_releaselock::Options

None of these are urgent and/or are difficult to test in an automated
fashion.  expect might be useful for testing the PAM wrappers.

* Add tests for dchroot and dchroot-dsa classes.

* Line reporting while parsing config files misses file name.

  log_warning() is used, because we don't throw an exception.  The
  code has no knowledge of the file name, so can't report it.
  Outright errors throw, and the handler adds the needed context.

* Unify fork/exec code into a spawn function.

* Pass configured sysconfdir, pkglibexecdir prefix exec_prefix etc. to scripts.

* Tests for chroots:

** -source chroots

* logging should allow customisation of log level

  See end of Debian Bug #279408.

** log functions should have a severity (to complement existing I/W/E types)

  Similar to debug level, but for normal messages
  e.g. quiet/normal/verbose/extra verbose.

** config file should have a "message" key.

  Overridden by --quiet/--verbose options.

* Create separate namespaces for chroots and sessions

Note: how to deal with duplicated names in both namespaces for --all?
Maybe just list twice, first chroots and then sessions?

Have separate namespaces for
* chroots (for --all-chroots)
* chroot aliases (for chroot commands)
* source chroots (for --all-source-chroots)
* source chroot aliases (for source chroot commands; add --source option)
* sessions (for all session commands)

* Testcase for chroot-loopback

fs-union mounting simplifications
Rather than having a very complex scheme for setting up unions, we
could
have
- an "underlay" (ro)
- the "overlay" (rw) both mounted under /var/lib/schroot
- the union of both mounted in the usual place.

file: Set full unpack dir with session ID like LVM snapshot.

* Add a read-only mount option for union underlay (both for
  devices and bind mounts).

Security: Record user who created a session, and don't allow other
users access (except root?).
This might involve serialising the authentication state into the
chroot object.

Does a NULL ptr from clone_source get stored?

Move chroot-specific session setup from sbuild::session for chroot
vfunc.

Union: Don't allow overlay/underlay to be user-specified?  Or only
allow underlay to be specified (but it's already specified in the
chroot definition, so don't allow?).
Note: Currently user settings are automatically overridden.

Add directories under /var to man pages

Add checks for unsupported features in setup scripts.

Separate UUID support into support function

Set session ID in chroot configuration in addition to name.
This will allow the removal of chroot-specific session setup from
sbuild::session.  This also means the session ID is chroot-specific
rather than session-specific, so won't be reused if using multiple
chroots.

SESSION_CREATE | SESSION_CLONE confusion.  When is it appropriate to
set SESSION_CREATE?  Should already created sessions set it?

Define operator &= and |= for enum types defining | and & operators.

Remove use of virtual public for sbuild::chroot inheritance, since
it breaks the default copy constructors.