virt-sysprep: Further TODO items (thanks Marko Myllynen, James Antill).

[libguestfs.git] / TODO

diff --git a/TODO b/TODO
index 570502e..b412428 100644 (file)
--- a/TODO
+++ b/TODO
@@ -545,3 +545,39 @@ virt-sysprep ideas
  - Windows sysprep
    (see: https://github.com/clalancette/oz/blob/e74ce83283d468fd987583d6837b441608e5f8f0/oz/Windows.py )
  - blue skies: change the background image
+ - (librarian suggests ...)
+   . install a firstboot script      virt-sysprep --script=/tmp/foo.sh
+   . run an external shell script
+   . run external guestfish script   virt-sysprep --fish=/tmp/foo.fish
+ - log files (thanks Steve Grubb)
+   . as well as the obvious log files, also
+     utmp/wtmp/btmp/tallylog and pam_faillock's data files
+ - RNG seed (Steve Grubb)
+ - homedirs/.ssh directory, especially /root/.ssh (Steve Grubb)
+ - if drives are encrypted, then dm-crypt key should be changed
+   and drives all re-encrypted
+ - /etc/pki
+   (Steve says ...)
+   Rpm uses nss. Nss sets up its crypto database in
+   /etc/pki. Depending on how long the machine ran before cloning, you
+   may have picked up some certificates or things. This is an area
+   that you would want to look into.
+ - secure erase of inodes etc using scrub (Steve Grubb)
+ - touch /.autorelabel if we create any new files (thanks Dan Berrange)
+ - should we use guestmount instead of guestfish
+   and would that make it easier to run the tool inside VMs?
+ - other directories that could require cleaning include:
+    /var/lib/dhcpd/*
+    /var/lib/dhclient/*
+    /var/cache/gdm/*
+    /var/lib/fprint/*
+    /var/run/*
+    /var/spool/mail/*
+    /var/spool/cron/*
+    /var/lib/AccountService/users/*
+    /var/cache/yum/*
+    /var/lib/yum/*   (only /var/lib/yum/uuid)
+    /var/lib/sss/db/*
+    /var/lib/samba/*
+    /var/lib/samba/*/*
+  (thanks Marko Myllynen, James Antill)