tracker: Fedora 42 changes considerations

[marmijo]

Output generated by and stored alongside (with modifications) this script in a fork of the pgm_scripts repo.

---

Fedora 42 Accepted System-Wide Changes (wiki source)

101. ✔️ Update Zlib-ng to version 2.2.x
     • Update Zlib-ng on Fedora 42 to version 2.2.x. Currently, Fedora distributes Zlib-ng 2.1.7.
     • Tracking bug: MISSING, will update when available - marmijo
     • NOTES: TR: FCOS ships zlib-ng-compat. This should come as an update for us. Nothing specific to do.
102. ✔️ DNF/RPM Copy on Write enablement for all variants
     • RPM Copy on Write provides a better experience for Fedora Users as it reduces the amount of I/O and offsets CPU cost of package decompression. RPM Copy on Write uses reflinking capabilities in btrfs, which is the default filesystem starting from Fedora 33 for most variants. Note that this behavior is not being turned on by default for this Change.
     • Tracking bug: #1915976
     • NOTES: JL: This path of librpm is not used by rpm-ostree. The whole download and unpack path is ostree native and has different tradeoffs. Good to keep track of this
103. ✔️ Modernize Live Media
     • Modernize the live media by switching to the "new" live environment setup scripts provided by livesys-scripts and leverage new functionality in dracut to enable support for automatically enabling persistent overlays when flashed to USB sticks.
     • Tracking bug: #2139918
     • NOTES: DWM: This shouldn't affect FCOS. FCOS has its own live media separate from this process.
104. ✔️ Anaconda WebUI for Fedora Workstation by default
     • The new PatternFly-based UI has been developed by the Anaconda team for some time now and we would like to make it available for users of Fedora to enhance and modernize installation experience. As the first step in this user adoption process, we are targeting Fedora Workstation only.
     • Tracking bug: #2231339
     • NOTES: DWM: FCOS doesn't use an anaconda based installer. (JL: ...yet)
105. ✔️ Remove Python Mock Usage
     • python-mock has been deprecated since Fedora 34 - 6 releases ago, but is still in use in many packages. We plan to go through the remaining usages and clean them up, with the goal of retiring python-mock from Fedora.
     • Tracking bug: #2258085
     • NOTES: MA: FCOS doesn't ship python (yet), so this should have no impact.
106. Enable systemd service hardening features for default system services 👉 Tracker: Harden all our systemd units #1662
     • Improve security by enabling some of the high level systemd security hardening settings that isolate and sandbox default system services.
     • Tracking bug: #2260082
     • NOTES: MA: Effort is tracked in Tracker: Harden all our systemd units #1662
107. Unify /usr/bin and /usr/sbin 👉 Investigate what's needed for "Unify /usr/bin and /usr/sbin" Fedora change #1759
     • The /usr/sbin directory becomes a symlink to bin, which means paths like /usr/bin/foo and /usr/sbin/foo point to the same place. /bin and /sbin are already symlinks to usr/bin and usr/sbin, so effectively /bin/foo and /sbin/foo also point to the same place. /usr/sbin will be removed from the default $PATH. The same change is also done to make /usr/local/sbin point to bin, effectively making /usr/local/bin/foo and /usr/local/sbin/foo point to the same place. The definition of %_sbindir will be changed to %_bindir, so packages will start using the new directory after a rebuild without any further action. Maintainers may stop using %_sbindir, but don't need to.
     • Tracking bug: #2267022
     • NOTES: MA: See: tracker: Fedora 41 changes considerations #1714 (comment)
     • NOTES: MA: Status update requeted https://gitlab.com/fedora/bootc/tracker/-/issues/29#note_2220666613
108. ✔️ LLVM 19
     • Update all llvm sub-projects in Fedora Linux to version 19.
     • Tracking bug: #2293629
     • NOTES: (copied from f41) JL: Not sure if any CoreOS packages use LLVM currently, but should be transparent if so
109. ✔️ Anaconda as native Wayland application
     • Currently, Anaconda is still an X11 application, which we would like to fix and make Anaconda Wayland native application to allow us drop of the X11 dependencies from installation ISO images. However, this change is not just a simple switch and we need to do some adjustments during the path which will impact user experience.
     • Tracking bug: #2307282
     • NOTES: MA: This won't affect FCOS
110. ✔️ Setuptools 74+
     • Update to a new upstream release of python-setuptools that is not completely compatible with previous releases. Most notably, version 72.0.0 removed support for the setup.py test command (deprecated for 5 years). This is a breaking change and Fedora packages that use the setup.py test command during the build need to be adapted to use a different test runner, such as unittest, pytest, etc. There might be other breaking changes. We estimate 142 to 196 Fedora Rawhide packages to fail to build due to this upgrade (as of Sep 2024).
     • Tracking bug: #2319387
     • NOTES: MA: FCOS doesn't ship python (yet), so this should have no impact.
111. ✔️ Adjust java/java-devel requires to multi-vendor JDK world and replace legacy JDKs by third party Eclipse Temurin repositories
     • Adjust java/java-devel provides/requires to multivendor world and obsolete all non-system LTS JDKs (java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk in time of writing) by appropriate, properly integrating, RPMs from Eclipse Adoptium repositories.
     • Tracking bug: #2319402
     • NOTES: MA: FCOS doesn't ship java, so this should have no impact.
112. ✔️ Retire zbus v1
     • The packages for v1 of the zbus crate (and the packages for v2 of the zvariant crate) will be retired from Fedora 42. Dependent packages are to be ported to a non-obsolete version of these libraries (i.e. zbus v4 or v5) or to be retired as well.
     • Tracking bug: #2325879
     • NOTES: TR: Should be transparent, but we'll watch for issues affecting the nmstate package.

---

Fedora 42 Accepted Self-Contained Changes (wiki source)

201. ✔️ mkosi-initrd
     • mkosi-initrd is an alternative builder for initrds. It will be packaged in Fedora, so that users can use it to build initrds locally. A kernel-install plugin will be provided to build the initrd when a kernel package is installed. As a stretch goal, initrds will be build in koji and delivered via rpm packages. As a further stretch goal, pre-built initrds will be used in Unified Kernel Images that can be delivered via rpm packages.
     • Tracking bug: #2203221
     • NOTES: MA: No immediate action needed as FCOS builds it's own initrd for now
202. ✔️ Enable auto-updates by default in Fedora Kinoite
     • On Fedora Kinoite, Plasma Discover supports automatically updating the system in a safe fashion via rpm-ostree staged updates. We want users to benefit from bug fixes and updates in general by default thus we want to enable auto-updates by default. Users will still have the option of disabling that or tuning the frequency at which updates happen.
     • Tracking bug: #2233192
     • NOTES: MA: Should not impact FCOS
203. ✔️ Add bpfman to Fedora
     • bpfman: An eBPF Manager bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs. Its notable features encompass:
     • Tracking bug: #2271633
     • NOTES: JL: This is transparent to FCOS
204. Confidential Virtualization Host with AMD SEV-SNP 👉 Tracker: Confidential Virtualization Host with AMD SEV-SNP #1777
     • This enables Fedora virtualization hosts to launch confidential virtual machines using AMD's SEV-SNP technology. Confidential virtualization prevents admins with root shell access, or a compromised host software stack, from accessing memory of any running guest. SEV-SNP is an evolution of previously provided SEV and SEV-ES technologies providing stronger protection and unlocking new features such as a secure virtual TPM.
     • Tracking bug: #2298853
     • NOTES: MA: comment was added clarifying that this change is about running as a SEV-SNP host: Tracker: Confidential Virtualization Host with AMD SEV-SNP #1777 (comment)
205. ✔️ Reduce the amount of "dontaudit" rules pertaining to unlabeled_t
     • Reduce the amount of rules that prevent reporting of SELinux denials pertaining to unlabeled_t. This could influence the amount of SELinux-related logs on some systems, but will not cause any new permission denials.
     • Tracking bug: #2300338
     • NOTES: TR: Does not look like this will impact FCOS.
206. ✔️ Enable Drm Panic
     • Drm_panic is a new feature in the Linux kernel that displays a panic screen when a kernel panic occurs. This proposal is to enable DRM_PANIC in the Fedora kernel, to improve the kernel panic user experience.
     • Tracking bug: #2309205
     • NOTES: TR: Should be transparent to FCOS.
207. ✔️ Tomcat 10.1.x
     • This change involves upgrading the Apache Tomcat application server from versions 9.0.x to 10.1.x. This update will enhance the application server's performance, security, and support for the latest specifications. The affected packages include tomcat and related libraries and services that rely on the Tomcat server for web application deployment and management.
     • Tracking bug: #2309206
     • NOTES: TR: FCOS doesn't ship Tomcat
208. ✔️ Integrate FEX in Fedora Linux
     • FEX is a fast emulator that allows one to run x86 and x86-64 binaries on an AArch64 Linux host. FEX requires a number of supporting components, including a RootFS image, and integration with muvm to support 16k page-size hosts. The purpose of this Change is to integrate FEX itself and its supporting components into Fedora Linux, to provide a delightful out-of-box experience for users that want to run x86 and x86-64 binaries on their aarch64 systems. This also includes integration into the AArch64 Fedora KDE spin as a non-blocking component of the spin.
     • Tracking bug: #2318566
     • NOTES: TR: Nothing to do for now, but we'll revisit if requests come in
209. ✔️ PHP 8.4
     • Update the PHP stack in Fedora to the latest version 8.4.x
     • Tracking bug: #2318567
     • NOTES: TR: FCOS doesn't include PHP
210. ✔️ Distributing Kickstart Files as OCI Artifacts
     • Fedora distributed as bootable container ships via OCI registry. Installation is typically done by conversion into a VM image or ISO installer via osbuild (image builder), however, booting from network is a useful workflow for bare-metal fleet deployments. Required files to perform such installation are not available in the OCI repository that could be fetched from registry in a similar manner as the bootable container.
     • Tracking bug: #2320145
     • NOTES: TR: Does not impact FCOS
211. ✔️ Enabling composefs by default for Atomic Desktops
     • We want to enable composefs by default for Fedora Atomic Desktops. This makes the root mount of the system (/) a truly read only filesystem, increasing the system integrity and robustness. This is the first step toward a full at runtime verification of filesystem integrity.
     • Tracking bug: New tracker bug to be created. will update when available. -marmijo
     • NOTES: TR: This is for the Atomic Desktops and we already did this in FCOS. Nothing else to do.

[marmijo]

I updated the list with comments for changes that were deferred from F41.
initial comments for Fedora 42 changes

[travier]

We took a look at those changes during the 2024-11-20 community meeting. Each item and tickets will be updated independently.

[marmijo]

Updates from the community meeting on 2024-11-20

Summary of comments:

101: We ship zlib-ng-compat. This should come as an update for us. Nothing specific to do unless tests fail.
106: Already has tracker, nothing more to do at this time.
107: More discussion in tracker. A status update was requested https://gitlab.com/fedora/bootc/tracker/-/issues/29#note_2220666613
112: Should be transparent, but nmstate could be affected so we will watch it.
204: Nothing specific for us to do right now except clarify that this change is for running as a SEV-SNP Host, not a Guest.
206: Should be transparent to FCOS.
207: FCOS don't ship Tomcat
208: Nothing to do for now, but we'll revisit if requests come in
209: FCOS doesn't include PHP
210: Does not impact FCOS
211: Already completed in FCOS. Nothing else to do.

Current change considerations we're tracking:

106: Enable systemd service hardening features for default system services 👉 #1662
107: Unify /usr/bin and /usr/sbin 👉 #1759
204: Confidential Virtualization Host with AMD SEV-SNP 👉 #1777

[marmijo]

I ran the script today (2024-11-26) and no changes were reported.