TODO -*- outline -*- ==== Most new TODO items are marked @todo in the source code and listed in the Doxygen-generated documentation in doc/schroot/html/todo.html PLANNED ------- * Add API to run multiple commands to replace auth::run(). * Add extra file permissions checking Both to run-parts, to ensure that shell scripts are owned by root and not world writable (as for config files). And also add the same permissions check to script-config files. * Generalise permissions checking Create a standard function which can use either stat, fstat or lstat and test for particular permissions. * SCHROOT_CONF error messages must also mention chroot.d. POTENTIAL --------- * Use of passwd/group databases should be thread-safe - Use the _r variants of getpw*, getgr*. * Add tests for ** Auth ** AuthConv ** AuthConvTty ** AuthMessage ** Session ** schroot::Options ** schroot_releaselock::Options None of these are urgent and/or are difficult to test in an automated fashion. expect might be useful for testing the PAM wrappers. * Add tests for dchroot and dchroot-dsa classes. * Line reporting while parsing config files misses file name. log_warning() is used, because we don't throw an exception. The code has no knowledge of the file name, so can't report it. Outright errors throw, and the handler adds the needed context. * Unify fork/exec code into a spawn function. * Pass configured sysconfdir, pkglibexecdir prefix exec_prefix etc. to scripts. * basic-keyfile should not use string_list. * Tests for chroots: ** -source chroots * logging should allow customisation of log level See end of Debian Bug #279408. ** log functions should have a severity (to complement existing I/W/E types) Similar to debug level, but for normal messages e.g. quiet/normal/verbose/extra verbose. ** config file should have a "message" key. Overridden by --quiet/--verbose options.