path: root/TODO

TODO                                                            -*- outline -*-
====


Most new TODO items are marked @todo in the source code and listed in
the Doxygen-generated documentation in doc/schroot/html/todo.html


PLANNED
-------

* Add API to run multiple commands to replace auth::run().

* Add extra file permissions checking

Both to run-parts, to ensure that shell scripts are owned by root and
not world writable (as for config files).  And also add the same
permissions check to script-config files.

* Generalise permissions checking

Create a standard function which can use either stat, fstat or lstat
and test for particular permissions.

* SCHROOT_CONF error messages must also mention chroot.d.


POTENTIAL
---------

* Use of passwd/group databases should be thread-safe

  - Use the _r variants of getpw*, getgr*.

* Add tests for

** Auth
** AuthConv
** AuthConvTty
** AuthMessage
** Session
** schroot::Options
** schroot_releaselock::Options

None of these are urgent and/or are difficult to test in an automated
fashion.  expect might be useful for testing the PAM wrappers.

* Add tests for dchroot and dchroot-dsa classes.

* Line reporting while parsing config files misses file name.

  log_warning() is used, because we don't throw an exception.  The
  code has no knowledge of the file name, so can't report it.
  Outright errors throw, and the handler adds the needed context.

* Unify fork/exec code into a spawn function.

* Pass configured sysconfdir, pkglibexecdir prefix exec_prefix etc. to scripts.

* Tests for chroots:

** -source chroots

* logging should allow customisation of log level

  See end of Debian Bug #279408.

** log functions should have a severity (to complement existing I/W/E types)

  Similar to debug level, but for normal messages
  e.g. quiet/normal/verbose/extra verbose.

** config file should have a "message" key.

  Overridden by --quiet/--verbose options.

* Create separate namespaces for chroots and sessions

Note: how to deal with duplicated names in both namespaces for --all?
Maybe just list twice, first chroots and then sessions?

Have separate namespaces for
* chroots (for --all-chroots)
* chroot aliases (for chroot commands)
* source chroots (for --all-source-chroots)
* source chroot aliases (for source chroot commands; add --source option)
* sessions (for all session commands)

* Testcase for chroot-loopback

file: Set full unpack dir with session ID like LVM snapshot.

* Add a read-only mount option for union underlay (both for
  devices and bind mounts).

Security: Record user who created a session, and don't allow other
users access (except root?).
This might involve serialising the authentication state into the
chroot object.

Move chroot-specific session setup from sbuild::session for chroot
vfunc.

Union: Don't allow overlay/underlay to be user-specified?  Or only
allow underlay to be specified (but it's already specified in the
chroot definition, so don't allow?).
Note: Currently user settings are automatically overridden.

Add directories under /var to man pages

Add checks for unsupported features in setup scripts.

Define operator &= and |= for enum types defining | and & operators.

Header include order: chroot-facet depends upon sbuild-chroot being
included first.  Try to break this dependency.

block-device used to allow sessions to work without writing out
a session file; this will break across upgrades to the new
version (since orphan mounts will not be accessible).

--end-session --force should forcibly end "broken" sessions by
manually umounting and purging mount and session directories and
metadata.

Chroot validation does not distinguish between chroots and sessions.
Also, sbuild::session uses find_alias to find chroots, but it should
specifically look for either chroots or sessions (and potentially
also source chroots).  Teach sbuild::chroot_config to treat all these
separately.  Aliases are only useful for SESSION_AUTOMATIC and BEGIN.