tracker: Fedora 40 changes considerations

[dustymabe]

Output generated by and stored alongside (with modifications) this script in a fork of the pgm_scripts repo.

---

Fedora 40 Accepted System-Wide Changes (wiki source)

101. DNF/RPM Copy on Write enablement for all variants
     • RPM Copy on Write provides a better experience for Fedora Users as it reduces the amount of I/O and offsets CPU cost of package decompression. RPM Copy on Write uses reflinking capabilities in btrfs, which is the default filesystem starting from Fedora 33 for most variants. Note that this behavior is not being turned on by default for this Change.
     • Tracking bug: #1915976
     • NOTES (copied forward): JL: This path of librpm is not used by rpm-ostree. The whole download and unpack path is ostree native and has different tradeoffs. Good to keep track of this conceptually, but nothing for FCOS to do here.
     • NOTES: DWM: This proposal was deferred.
102. KTLS implementation for GnuTLS
     • Acceleration of GnuTLS with software Kernel TLS (KTLS)
     • Tracking bug: #2130000
     • NOTES: JL: This should be transparent to us.
     • NOTES: DWM: This proposal was deferred.
103. Modernize Live Media
     • Modernize the live media by switching to the "new" live environment setup scripts provided by livesys-scripts and leverage new functionality in dracut to enable support for automatically enabling persistent overlays when flashed to USB sticks.
     • Tracking bug: #2139918
     • NOTES: DWM: This shouldn't affect us. We create our own live media separate from this process.
     • NOTES: DWM: This proposal was deferred.
104. ✔️Porting Fedora to Modern C
     • Back in 1999, a new revision of the C standard removed several backwards compatibility features. However, GCC still accepts these obsolete constructs by default. Support for these constructs is confusing to programmers and potentially affect GCC's ability to implement features from future C standards. It is expected that a future GCC version (likely GCC 14) will disable support for these legacy language constructs by default. The goal of this change is to prepare Fedora for this transition.
     • Tracking bug: #2142177
     • NOTES: DWM: This may affect some of our dependencies, but should be handled at the package level.
105. Ostree Native Container (Phase 2, stable)
     • Continue the work done in https://fedoraproject.org/wiki/Changes/OstreeNativeContainer but in an officially stable format, and expanded to cover more OSTree-based editions. This goes "all in" on being container-native and significantly changes the technology and user emphasis.
     • Tracking bug: #2151321
     • NOTES: JL: this is ongoing and is already quite visible on our team. more changes are likely soon to be made to this proposal. see also Ship layering as an "equal" model in Fedora CoreOS #1363.
     • NOTES: DWM: This proposal was deferred.
106. Remove webkit2gtk-4.0 API Version
     • The webkit2gtk-4.0 API version will no longer be built. Packages that depend on it will fail to build from source and eventually be retired.
     • Tracking bug: #2193249
     • NOTES: DWM: I don't think we use anything based in webkitgtk
     • NOTES: DWM:️ This proposal was withdrawn.
107. Anaconda WebUI for Fedora Workstation by default
     • The new PatternFly-based UI has been developed by the Anaconda team for some time now and we would like to make it available for users of Fedora to enhance and modernize installation experience. As the first step in this user adoption process, we are targeting Fedora Workstation only.
     • Tracking bug: #2231339
     • NOTES: DWM: We don't use an anaconda based installer.
     • NOTES: DWM: This proposal was withdrawn.
108. ✔️Build Fedora Workstation live ISO with Image Builder
     • Image Builder is a set of modern tools for building operating system images. Its goal is to make the builds reliable and reproducible. Moreover, it's designed to give the end users a simple workflow to build their own custom images. The aim of this change is to create an additional, non-blocking Fedora Workstation live ISO using Image Builder.
     • Tracking bug: #2233273
     • NOTES: DWM: This change is specific to Workstation.
109. ✔️Deprecating libuser and removing passwd package from Fedora
     • Libuser is not actively developed. Most of the depending component have build-time option to work without libuser.
     • Tracking bug: #2233275
     • NOTES: TR: This should not impact us. rpm-ostree and ostree do not link to libuser.
110. ✔️Build JDKs once, repack everywhere
     • This is the last step in https://fedoraproject.org/wiki/MoveFedoraJDKsToBecomePortableJDKs effort. JDKs in fedora are already static, and we repack portable tarballs into RPMs. Currently, the portable tarball is built for each Fedora and EPEL version. Goal here is to build each JDK (8,11,17,21,latest (20)) only once, in oldest live Fedora repack in all live Fedoras. If jdk is buitl in epel, it will be built in oldest possible epel and repacked in newer live epels.
     • Tracking bug: #2233283
     • NOTES: jlebon: we don't ship Java
111. ✔️Drop Delta RPMs
     • Stop producing Delta RPMs during the compose process, and disable deltarpm support in the default configuration of DNF / DNF5.
     • Tracking bug: #2245148
     • NOTES: jlebon: good to be aware of, but shouldn't affect us directly
112. ⚠️Switch pam_userdb from BerkeleyDB to GDBM 👉 Fedora 40 Change: Switch pam_userdb from BerkeleyDB to GDBM #1634
     • pam_userdb was built with support for BerkeleyDB, but this project is no longer maintained as open source, so it is replaced by GDBM.
     • Tracking bug: #2245149
     • NOTES: jlebon: NEEDS INVESTIGATION. looks like they expect users to run a conversion tool
113. ✔️Changes/SQLAlchemy 2
     • The python-sqlalchemy package is upgraded to major version 2. A compatibility package python-sqlalchemy1.4 is added to the distribution to cater for software which doesn’t yet use the new API, this can be installed alternatively. Other packages using SQLAlchemy are identified and, if necessary, steps are taken to ensure they use the correct major version package.
     • Tracking bug: #2249679
     • NOTES: jlebon: We don't ship Python. I don't think we use that package in our build tools.
114. ✔️KDE Plasma 6
     • KDE Plasma 6 is successor to KDE Plasma 5 created by the KDE Community. It is based on Qt 6 and KDE Frameworks 6 and brings many changes and improvements over previous versions. For Fedora Linux, the transition to KDE Plasma 6 will also include dropping support for the X11 session entirely, leaving only Plasma Wayland as the sole offered desktop mode.
     • Tracking bug: #2250089
     • NOTES: jlebon: We don't ship KDE.
115. ✔️Ruby 3.3
     • Ruby 3.3 is the latest stable version of Ruby. Many new features and improvements are included for the increasingly diverse and expanding demands for Ruby. With this major update from Ruby 3.2 in Fedora 39 to Ruby 3.3 in Fedora 40, Fedora becomes the superior Ruby development platform.
     • Tracking bug: #2251105
     • NOTES: jlebon: We don't ship Ruby.
116. ✔️Build Fedora with DNF 5
     • We are proposing to change the Mock configuration in Mock (mock-core-configs), Koji, and Copr to use DNF 5 as Mock's package manager instead of DNF 4. DNF 5 would be used by Mock to install build dependencies into chroots for package builds. This change is related to the build infrastructure and is distinct from changing the default package manager in Fedora.
     • Tracking bug: #2252074
     • NOTES: jlebon: good to be aware of, but shouldn't have any affect on FCOS.
117. ✔️Modernize Thread Building Blocks for Fedora 40
     • Fedora is currently shipping version 2020.3 (released July 10, 2020) of the Thread Building Blocks library. The current upstream version is 2021.8 (released December 22, 2022). The Fedora community has expressed interest in moving the TBB package to track a more modern version of the upstream.
     • Tracking bug: #2252075
     • NOTES: jlebon: we don't ship libtbb
118. ⚠️Removing SSSD ‘files provider’ 👉 Fedora 40 Changes: Removing SSSD ‘files provider’ #1635
     • Remove SSSD “files provider” feature that allows handling of local users.
     • Tracking bug: #2252765
     • NOTES: jlebon: should be transparent to us, but this touches nsswitch.conf, which is sensitive
119. ✔️Changes/MinizipNGTransition
     • Transition of the minizip to minizip-ng as it brings much more optimization and also this change is strongly tied to the Zlib Transition Change as by removing zlib package it will also remove minizip-compat subpackage.
     • Tracking bug: #2252766
     • NOTES: jlebon: we don't ship minizip
120. ✔️Changes/ZlibNGTransition
     • Replace Zlib with Zlib-ng. This change is strongly tied to Changes/MinizipNGTransition.
     • Tracking bug: #2252767
     • NOTES: jlebon: I think we should expect to see zlib get dropped out in favour of zlib-ng in our package list automatically. we should probably sanity-check that happens when the change is enacted.
121. ✔️Changes/Linker Error On Security Issues
     • Extend the %{hardened_build} feature of the redhat-rpm-config package so that the linker will generate an error message and fail if it is asked to create an executable binary that contains one or more known security issues. These issues are:
     • Tracking bug: #2254787
     • NOTES: DWM: should be transparent to us as failures would happen during rpm builds before reaching FCOS builds.
122. ✔️389_Directory_Server_3.0.0
     • 389-ds-base upgrade from version 2.4.4 to the latest upstream version 3.0.0 in Fedora. Newly created instances now are using LDMB database by default instead of BerkeleyDB.
     • Tracking bug: #2254788
     • NOTES: jlebon: Nothing to do, we don't ship 389-ds-base.
123. ⚠️DNF: Do not download filelists by default 👉 Fedora 40 Changes: DNF: Do not download filelists by default #1643
     • Change the DNF behavior to not download filelists by default. These metadata, which describe all the files contained within each package, are unnecessary in the majority of use cases. Additionally, these metadata files can be large in size, leading to a significant slowdown in the user experience.
     • Tracking bug: #2254789
     • NOTES: DWM: We'll open an issue and investigate this further.
124. ⚠️Golang 1.22
     • Update of Go (golang package) to the upcoming version 1.22 in Fedora 40.
     • Tracking bug: #2258082
     • NOTES: DWM: spresti has an action item to investigate upstream projects testing of GoLang 1.22.
125. ⚠️Enable IPv4 Address Conflict Detection by default 👉 Fedora 40 Changes: Enable IPv4 Address Conflict Detection by default #1656
     • Enable IPv4 Address Conflict Detection by default in NetworkManager.
     • Tracking bug: #2258083
     • NOTES: DWM: Opened ticket to investigate if delayed boot time is something we want.
126. ✔️LLVM 18
     • Update all llvm sub-projects in Fedora Linux to version 18.
     • Tracking bug: #2258084
     • NOTES: DWM: for LLVM this should not affect us or should be transparent to us
127. Remove Python Mock Usage
     • python-mock has been deprecated since Fedora 34 - 6 releases ago, but is still in use in many packages. We plan to go through the remaining usages and clean them up, with the goal of retiring python-mock from Fedora.
     • Tracking bug: #2258085
     • NOTES: DWM: in our CoreOS org we don't really ship any python packages in Fedora so there should be no work for us to do.
     • NOTES: DWM: This proposal was withdrawn.
128. ✔️Change Firefox desktop file
     • Recent Firefox desktop file (firefox.desktop) does not comply with DBus/Gnome search provider rules thus Firefox can't provide DBus Gnome search service.
     • Tracking bug: #2258087
     • NOTES: DWM: Nothing to do. We don't ship Firefox.
129. ✔️Assign individual, stable MAC addresses for Wi-Fi connections
     • Adopt stable-ssid as the default mode for assigning individual, stable MAC addresses to Wi-Fi connections in NetworkManager for Fedora 40, enhancing user privacy without compromising network stability.
     • Tracking bug: #2258088
     • NOTES: DWM: we don't ship wifi enabled by default in FCOS but we do know people layer it in. We have added this as an item to highlight when making F40 release announcements to our users.
130. ✔️Boost 1.83 upgrade
     • This change brings Boost 1.83 to Fedora. This will mean Fedora ships with a recent upstream Boost release.
     • Tracking bug: #2258089
     • NOTES: TR: Should not impact us
131. ✔️Removing OpenSSL 1.1 package
     • We are going to remove the openssl11 package from Fedora 40.
     • Tracking bug: #2258090
     • NOTES: TR: Should not impact us either
132. ✔️SPDX License Phase 3
     • The third phase of transition from using Fedora's short names for licenses to SPDX identifiers in the License: field of Fedora package spec files. This phase focuses on finishing migrating packages from ELN set. We still do not expect that all packages from Fedora Linux will be migrated in this phase.
     • Tracking bug: #2258888
     • NOTES: TR: We did our packages in F39 Change: SPDX License Phase 2 #1497. Nothing for us to do.
133. ✔️Build Fedora Cloud Edition Images Using Kiwi in Koji
     • Fedora Cloud Edition images will be built with Kiwi, which will replace the unmaintained ImageFactory tooling that is currently being used to build the cloud base images.
     • Tracking bug: #2260081
     • NOTES: TR: Should not impact us (and we're doing osbuild)
134. ⚠️Enable systemd service hardening features for default system services 👉 Tracker: Harden all our systemd units #1662
     • Improve security by enabling some of the high level systemd security hardening settings that isolate and sandbox default system services.
     • Tracking bug: #2260082
     • NOTES: TR: Opened issue to track hardening our units
135. ✔️GNU Toolchain Update (gcc 14.0, binutils 2.41, glibc 2.39, gdb 14.1)
     • Update the Fedora 40 GNU Toolchain to gcc 14.0, binutils 2.41, glibc 2.39 and gdb 14.1.
     • Tracking bug: #2260083
     • NOTES: TR: this should not impact us
136. ✔️java-21-openjdk as the system JDK in F40
     • Update the system JDK in Fedora from java-17-openjdk to java-21-openjdk.
     • Tracking bug: #2262141
     • NOTES: JL: We don't ship Java.

---

Fedora 40 Accepted Self-Contained Changes (wiki source)

201. ✔️Retire python3.7
     • The python3.7 package will be retired without replacement from Fedora Linux 40. Python 3.7 will be End of Life in June 2023 and it will be kept around only to test software targeting Debian 10 “Buster” LTS. The removal is more or less aligned with Debian 10 TLS EOL (June 2024) -- Fedora 39 (the last one to include Python 3.7) will likely EOL on 2024-11-12.
     • Tracking bug: #2105404
     • NOTES: DWM: We don't ship python.
202. ✔️Enable bootupd for Fedora Silverblue & Kinoite
     • By design, ostree does not manage bootloader updates as they can not (yet) happen in a safe fashion. To solve this issue, bootupd (https://github.com/coreos/bootupd) was created. bootupd is a small socket activated program that takes care of updating the bootloader. It currently only supports EFI booted systems and rpm-ostree based systems. The updates are triggered by an administrator and are not (yet) automated for safety reasons. This change is about enabling bootupd integration in Fedora Silverblue and Fedora Kinoite to make bootloader updates easier. bootupd is already used in Fedora CoreOS.
     • Tracking bug: #2150982
     • NOTES: DWM: This change is Silverblue/Kinoite Specific
203. mkosi-initrd
     • mkosi-initrd is an alternative builder for initrds. It will be packaged in Fedora, so that users can use it to build initrds locally. A kernel-install plugin will be provided to build the initrd when a kernel package is installed. As a stretch goal, initrds will be build in koji and delivered via rpm packages. As a further stretch goal, pre-built initrds will be used in Unified Kernel Images that can be delivered via rpm packages.
     • Tracking bug: #2203221
     • NOTES: jlebon: good to be aware of, but doesn't affect us in the short-term
     • NOTES: DWM: This proposal was withdrawn.
204. Enable auto-updates by default in Fedora Kinoite
     • On Fedora Kinoite, Plasma Discover supports automatically updating the system in a safe fashion via rpm-ostree staged updates. We want users to benefit from bug fixes and updates in general by default thus we want to enable auto-updates by default. Users will still have the option of disabling that or tuning the frequency at which updates happen.
     • Tracking bug: #2233192
     • NOTES: DWM: This change is Fedora Kinoite specific
     • NOTES: DWM: This proposal was withdrawn.
205. ✔️Revitalize Forge Macros
     • Up until now, the forge macros have been part of redhat-rpm-config. We will split them out into a new forge-srpm-macros package. We will add more test coverage and add a new %forgeversion macro to allow adding snapshot info to Version instead of Release.
     • Tracking bug: #2238452
     • NOTES: DWM: This change should mostly be transparent to us
206. ✔️Restructure Kubernetes Packages
     • New or revised (sub)package names are proposed for Kubernetes packages in Fedora. The new names will better align Kubernetes with current usage as documented upstream and improve alignment of package content with current Fedora practices and standards.
     • Tracking bug: #2241263
     • NOTES: DWM: We don't ship Kubernetes in our base layer.
207. ✔️PHP 8.3
     • Update the PHP stack in Fedora to the latest version 8.3.x
     • Tracking bug: #2241987
     • NOTES: DWM: We don't ship PHP
208. ️✔️Passim Peer-to-Peer Metadata
     • Passim is a local caching server that broadcasts specific shared metadata to other clients on your local network to reduce the amount of duplicate data downloaded from the internet.
     • Tracking bug: #2242387
     • NOTES: DWM: This change won't cause passim to get installed by default on CoreOS systems, because it's just a suggests.
209. ✔️Update To Pydantic Version 2
     • python-pydantic, a Python data validation library, will be updated from 1.10.z to 2.y.z. The Change owners will perform a test rebuild and work with package maintainers and upstreams to port code.
     • Tracking bug: #2249663
     • NOTES: DWM: We don't ship Python
210. ✔️PostgreSQL 16
     • Update of default PostgreSQL stream (postgresql and libpq components) in Fedora from version 15 to version 16. Since modularity was marked as retired, there will also be a change in the packaging concept.
     • Tracking bug: #2251109
     • NOTES: DWM: We don't ship PostgreSQL
211. ✔️F40 MariaDB & MySQL repackaging
     • A bigger set of smaller changes which I want to extend visibility for:
     • Tracking bug: #2252771
     • NOTES: DWM: We don't ship Mariadb/MySQL
212. ✔️Switch bogofilter to use SQLite
     • Switch bogofilter to use SQLite as its database engine, rather than Berkeley DB (libdb).
     • Tracking bug: #2252772
     • NOTES: DWM: We don't ship bogofilter.
213. ✔️Wget2 as wget
     • Replace wget with wget2 (a modern implementation of wget intended to replace wget 1.x) as the provider of wget.
     • Tracking bug: #2254790
     • NOTES: DWM: Nothing to do, we don't ship wget.
214. ✔️Move /var/run selinux-policy entries to /run
     • Actual path for system runtime files moved from /var/run to /run some 10 years ago [1], but the policy has been managed since then in a way that keeps the old entries and have updates still with the incorrect path while the real path is handled by file equivalency feature. This can confuse sysadmins not to be sure which path should be actually used and can also effect in userspace tools not working properly [2].
     • Tracking bug: #2258068
     • NOTES: TR: I don't think we need to do anything here
215. ✔️Update Kubernetes to v1.29 in Rawhide
     • Replace Kubernetes 1.28 in rawhide (F40) with v1.29.
     • Tracking bug: #2258069
     • NOTES: TR: We don't ship kubernetes in FCOS
216. ✔️Haskell GHC 9.6 and Stackage LTS 22
     • Update the GHC Haskell compiler from major version 9.4 to 9.6 and Haskell packages from Stackage LTS 21 to LTS 22 versions.
     • Tracking bug: #2258070
     • NOTES: TR: we don't have GHC/Haskell packages in FCOS AFAIK
217. ⚠️Podman 5 👉 Fedora 40 Changes: Podman v5 #1629
     • Ship Podman 5 in Fedora 40.
     • Tracking bug: #2258071
     • NOTES: TR: We have a tracking bug for this.
218. ✔️Unified Kernel Support Phase 2
     • Improve support for unified kernels in Fedora.
     • Tracking bug: #2258073
     • NOTES: TR: It's interesting for the UKI work to support that in FCOS but not something we need to act on now
219. ✔️Fedora Atomic Desktops
     • We will regroup all desktop, rpm-ostree based variants of Fedora under the Fedora Atomic Desktops name. Each individual variant (Silverblue, Kinoite, Sericea, Onyx) may keep their name as is. While this is a Change Request, it is not addressed at FESCo but at the Fedora Council as this is not a technical change but a marketing / policy one.
     • Tracking bug: #2260161
     • NOTES: TR: This is a name change only for the Desktop OSTree variants.
220. ✔️ROCm 6 Release
     • The AMD ROCm™ 6.0 is the latest release of AMD’s software optimized for AI and HPC workload performance on AMD GPU’s. This latest release enables the newest flagship datacenter GPU the AMD Instinct™ MI300 as well as continuing the GPUs enabled in their last 5.x release, most/all of their recent GPUs.
     • Tracking bug: #2262138
     • NOTES: JL: We don't ship this.
221. ✔️PyTorch Release
     • This change will bring the first iteration of PyTorch to Fedora.
     • Tracking bug: #2262139
     • NOTES: JL: We don't ship this.
222. ✔️Replace iotop with iotop-c
     • Replace (obsolete) iotop with iotop-c
     • Tracking bug: #2262144
     • NOTES: JL: We don't ship this.
223. ✔️ibus-anthy 1.5.16
     • ibus-anthy will update the Japanese era for 2024.
     • Tracking bug: #2263301
     • NOTES: TR: We don't ship ibus so that should not impact us.
224. ✔️IBus 1.5.30
     • IBus 1.5.30 will have some enhancements.
     • Tracking bug: #2263302
     • NOTES: JB: We dont ship ibus, so not impacted.
225. ✔️IoT Simplified Provisioning
     • Offer Fedora IoT users a new, non-release blocking deliverable to deploy and configure Fedora IoT systems using a new tool called Simplified Provisioning.
     • Tracking bug: #2263304
     • NOTES: JL: We won't ship Simplified Provisioning, but it's good to be aware as IoT is a known user/contributor of coreos-installer.
226. ✔️Deprecate_ntlm_in_cyrus_sasl
     • NTLM has been deprecated for years and is obsolete. Support for it should be removed as a SASL mechanism. This is no longer supported by cyrus-sasl upstream. The cyrus-sasl-ntlm subpackage should be removed.
     • Tracking bug: #2263305
     • NOTES: TR: we don't ship the cyrus-sasl-ntlm subpackage
227. ✔️Build Fedora IoT using rpm-ostree unified core
     • Upstream rpm-ostree development is now focused on "unified core" mode, with plans to deprecate the previous mode in the future. Fedora IoT is the last rpm-ostree based Fedora edition using this older, soon to be deprecated mode with SilverBlue and Kinoite making the change in Fedora 39. This change will align IoT with the other ostree-based editions in Fedora.
     • Tracking bug: #2263306
     • NOTES: JB: This does not impact us

[dustymabe]

Updated with some preliminary review done by @jlebon and myself: https://pagure.io/fork/dustymabe/fedora-pgm/pgm_scripts/c/08286ba9a2daee5845dcc433802d49820bf9bc21?branch=dusty-fcos-changes

[dustymabe]

Updated description from the outcomes of the 2023-12-12 community meeting.

[dustymabe]

Ran the script and updated the description just now.

[dustymabe]

Updated description from the outcomes of the 2024-01-03 community meeting.

[prestist]

This was discussed in the meeting today, however there have been no new changes since the last meeting.

[dustymabe]

Ran the script and updated the description just now.

[dustymabe]

Updated description from the outcomes of the 2024-01-24 community meeting.

[prestist]

⚠️Golang 1.22

Update of Go (golang package) to the upcoming version 1.22 in Fedora 40.
Tracking bug: [#2258082](https://bugzilla.redhat.com/show_bug.cgi?id=2258082)
NOTES: DWM: spresti has an action item to investigate upstream projects testing of GoLang 1.22.

With the impending release of 1.22 the ci tests can be updated to test against Go 1.22 by simply updating the config.yml field go_versions to include the latest version. Then after this is done as long as the upstream repo is mentioned in the go test config repo templates will open a PR to update all repos CI. Also at time of updating we should ensure there are no EOL go versions and prune as necessary.

This should be very non invasive due to the already exemplary infrastructure around this.

[travier]

I've created #1662 to track hardening units.

[dustymabe]

Updated description from the outcomes of the 2024-01-31 community meeting.

[jlebon]

Updated description from the outcomes of the 2024-02-07 community meeting.

[dustymabe]

Ran the script and updated the description just now.

[dustymabe]

Ran the script and updated the description just now.