search

coreos / fedora-coreos-tracker

Issue tracker for Fedora CoreOS
https://fedoraproject.org/coreos/
262 stars 59 forks source link

tracker: Fedora 37 changes considerations #1222

Closed dustymabe closed 1 year ago

dustymabe commented 2 years ago

Output generated by and stored alongside (with modifications) this script in a fork of the pgm_scripts repo.

Fedora 37 Accepted System-Wide Changes (wiki source)

  1. ✔️ DNS Over TLS
  2. ✔️ DNF/RPM Copy on Write enablement for all variants
    • RPM Copy on Write provides a better experience for Fedora Users as it reduces the amount of I/O and offsets CPU cost of package decompression. RPM Copy on Write uses reflinking capabilities in btrfs, which is the default filesystem starting from Fedora 33 for most variants. Note that this behavior is not being turned on by default for this Change.
    • Tracking bug: #1915976
    • NOTES: JL: this path of librpm is not used by rpm-ostree. the whole download and unpack path is ostree native and has different tradeoffs. good to keep track of this conceptually, but nothing for FCOS to do here.
  3. ✔️ Python 3.11
    • Update the Python stack in Fedora from Python 3.10 to Python 3.11, the newest major release of the Python programming language.
    • Tracking bug: #2016048
    • NOTES: JL: we don't ship Python. but might be worth going over Python 3.11 release notes for Python-based codebases like cosa for e.g. deprecations.
  4. ✔️ Drop NIS(+) support from PAM
    • This change is about dropping user-authentication using NIS(+) from PAM.
    • Tracking bug: #2021660
    • NOTES: JL: may affect users who use NIS+? likely not though. If so, we should direct them to e.g. LDAP or FreeIPA as the Change proposal suggests. so overall, skip.
  5. ✔️~~ Retire the NIS(+) user-space utility programs~~
    • This change is about retiring the ypbind, yp-tools, and ypserv packages, and removal of the {nis,yp}domainname user-space utility programs from the hostname package.
    • Tracking bug: #2022386
    • NOTES: JL: may affect users who use NIS+? likely not though. If so, we should direct them to e.g. LDAP or FreeIPA as the Change proposal suggests. so overall, skip.
  6. ✔️ ELN-Extras
    • ELN-extras will be a new build target and compose similar in behavior to ELN, but closer to EPEL in function. It will be a place to prepare and maintain packages that may be desired for EPEL N+1 while RHEL N+1 is still being incubated in ELN.
    • Tracking bug: #2028161
    • NOTES: JL: not directly relevant to FCOS.
  7. ✔️ RetireARMv7
    • Retire the ARMv7 architecture AKA arm32 or armhfp architecture.
    • Tracking bug: #2028172
    • Notes: DM: FCOS doesn't ship ARMv7. Nothing to do.
  8. ✔️ MinGW toolchain update
    • Update the MinGW toolchain to the latest upstream stable releases.
    • Tracking bug: #2060050
    • NOTES: DM: skipping MinGW environment and toolchain update because it's a Windows cross-compiler, not relevant.
  9. ✔️ Boost 1.78 upgrade
    • This change brings Boost 1.78 to Fedora. This will mean Fedora ships with a recent upstream Boost release.
    • Tracking bug: #2062915
    • NOTES: DM: skipping Boost 1.78 upgrade because it should be contained to the build system (making sure dependent packages compile)
  10. ⚠️ Signed RPM Contents
  11. ✔️ Changes/LegacyXorgDriverRemoval
    • This change removes the xorg-x11-drv-vesa and xorg-x11-drv-fbdev driver packages, and associated support code from the xorg-x11-server-Xorg package.
    • Tracking bug: #2078921
    • NOTES: DM: FCOS doesn't ship a graphical desktop. This shouldn't affect us.
  12. ️✔️ RPM 4.18
    • Update RPM to the 4.18 release.
    • Tracking bug: #2079029
    • NOTES: DM: Nothing in particular jumps out that we need to update. 4.18 alpha has been in rawhide since april and our rawhide stream is building fine.
  13. ✔️ Drop i686 builds of jdk8,11,17 and latest (18) rpms from f37 onwards
    • java-1.8.0-openjdk, java-11-openjdk, java-17-openjdk and java-latest-openjdk packages will no longer build i686 subpackages
    • Tracking bug: #2083750
    • NOTES: LB: we don't ship i686 images/packages in FCOS
  14. ✔️ Node.js 18.x by default
    • The latest release of Node.js to carry a 30-month lifecycle is the 18.x series. As with 16.x, 14.x, 12.x, 10.x and 8.x before it, Fedora 37 will carry 18.x as the default Node.js interpreter for the system. The 16.x, and 14.x interpreters will remain available as non-default module streams.
    • Tracking bug: #2087185
    • NOTES: LB: we don't ship NodeJS
  15. ✔️ Perl 5.36
    • A new perl 5.36 version brings a lot of changes done over a year of development. Perl 5.36 will be released in May 28th 2022. See perldelta for more details about new release.
    • Tracking bug: #2088002
    • NOTES: LB: we don't ship Perl
  16. ⚠️ Strong crypto settings: phase 3, forewarning 1/2 👉 https://github.com/coreos/fedora-coreos-tracker/issues/1230
    • Cryptographic policies will be tightened in Fedora 38-39, SHA-1 signatures will no longer be trusted by default. Fedora 37 specifically doesn't come with any change of defaults, and this Fedora Change is an advance warning filed for extra visibility. Test your setup with TEST-FEDORA39 today and file bugs so you won't get bit by Fedora 38-39.
    • Tracking bug: #2089811
    • NOTES: LB: we may want to check how much we will be impact by this in F38/F39
  17. ✔️ Python: Add -P to default shebangs
    • The -P flag will be added to the Python shebang macros (%{py3_shbang_opts}, %{py3_shebang_flags}, ...). Packages that adhere to those macros will change their Python shebangs from #! /usr/bin/python3 -s to #! /usr/bin/python3 -sP and as a result, will no longer have the directory of the script (such as /usr/bin) in sys.path. An opt-out mechanism exists.
    • Tracking bug: #2090866
    • NOTES: LB: we don't ship Python packages
  18. ⚠️ BIOS boot.iso with GRUB2 👉 https://github.com/coreos/fedora-coreos-tracker/issues/1231
    • Modify lorax-generic-templates to use GRUB2 when booting the boot.iso on BIOS systems, instead of syslinux. Upstream syslinux development is dead, and the Fedora maintainer would like to drop the package from the distribution. GRUB2 works as a replacement in most situations and continues to have upstream support.
    • Tracking bug: #2092065
    • NOTES: LB: I think we'd like to do this move too, in coreos-assembler and FCOS-config. Also consider what happens for RHCOS.
  19. ✔️ Install Using GPT on x86_64 BIOS by Default
    • This Change makes it so that Fedora Linux systems installed on legacy x86 BIOS systems will get GPT partitioning by default instead of legacy MBR partitioning. This makes x86 BIOS installs more similar to x86 UEFI installs.
    • Tracking bug: #2092091
    • NOTES: LB: We do already have this kind of disk layout in FCOS.
  20. ✔️ Return Cloud Base to Edition Status
    • Cloud should be listed on getfedora.org with Workstation, Server and IoT. The petition to reinstate the Cloud Base as an official Edition is based on the clear identification of unique environmental support requirements for private hyperscaler and public cloud environments not specifically addressed by other Editions.
    • Tracking bug: #2096419
    • NOTES: DM: This only affects the Fedora Cloud edition.
  21. ✔️ Build all JDKs in Fedora against in-tree libraries and with static stdc++lib
  22. ✔️ RPM Macros for Build Flags
    • Create a corresponding macro for each compiler flag in the redhat-rpm-config macro file and create "extra flag" macros to make it easier for packages to add and remove compiler flags.
    • Tracking bug: #2100610
    • NOTES: DM: We may want to update our packages, but no need to update anything now.
  23. ✔️ Gettext Runtime Subpackage
    • Subpackage gettext's runtime programs in a small runtime subpackage, reducing the default install footprint.
    • Tracking bug: #2103239
    • NOTES: DM: Nothing to do. If the packages in FCOS are updated to just require the gettext-runtime package then we'll get the space savings as well.
  24. ✔️ Golang 1.19
    • Rebase of Golang package to upcoming version 1.19 in Fedora 37, including the rebuild of all dependent packages(the pre-release version of Go will be used for the rebuild if released version will not be available at the time of the mass rebuild).
    • Tracking bug: #2103240
    • NOTES: DM: We may want to update the CI for our repos, but nothing to do at the FCOS level. Rawhide will pick it up first and notify us of problems.
  25. ✔️ Fallback Hostname
  26. ✔️ libsoup 3: Part One
    • libsoup 3 is a new API version of libsoup that provides support for HTTP/2. Unfortunately, it is incompatible with libsoup 2. To avoid misbehavior, applications will crash on startup if linked to both libsoup 2 and libsoup 3 at the same time. Because many libraries depend on libsoup, and applications have limited control over which libsoup they link to transitively, this transition will be tricky and requires attention from all Fedora packages that depend on libsoup, even if only indirectly.
    • Tracking bug: #2105119
    • NOTES: JL: Nothing to do. We don't have any packages in FCOS that require or pull in libsoup.
  27. ✔️ Make Fedora CoreOS a Fedora Edition
  28. ✔️ IBus 1.5.27
    • In IBus 1.5.27, ibus restart subcommand will be enhanced to be able to restart ibus-daemon in GNOME desktop, ibus im-module subcommand will be added to get internal gtk-im-module value in an GTK instance, ibus-setup will provides custom themes for the IBus candidate window.
    • Tracking bug: #2107753
    • NOTES: JL: Nothing to do. We don't ship IBus.
  29. ✔️ MAC Address Policy none
    • The systemd-udev package installs "/usr/lib/systemd/network/99-default.link", which sets Link.MACAddressPolicy=persistent for all software NIC devices. This proposal is to add to the policy so that we use Link.MACAddressPolicy=none for bond/bridge/team devices.
    • Tracking bug: #2107754
    • NOTES: DM: This is our change proposal. See https://github.com/coreos/fedora-coreos-tracker/issues/919
  30. ✔️ Firefox Langpacks Subpackage
    • Firefox langpacks, which have been bundled in the Fedora firefox base package until now, will be moved to a firefox-langpacks subpackage.
    • Tracking bug: #2108184
    • NOTES: DM: Nothing to do. We don't ship Firefox.
  31. ✔️ GNU Toolchain Update (glibc 2.36, binutils 2.38)
    • Update the Fedora 37 GNU Toolchain to glibc 2.36, binutils 2.38.
    • Tracking bug: #2108675
    • NOTES: JL: Should be nothing for us to do here.
  32. ✔️ Deprecate openssl1.1 package

Fedora 37 Accepted Self-Contained Changes (wiki source)

  1. ✔️ glibc 32 Build Adjustments
    • The glibc32 package is a special package used by gcc and a few other packages to work around the lack of RPM multilib repository support in Koji. It is difficult to maintain, and the current approach raises questions regarding (L)GPL compliance.
    • Tracking bug: #1598524
    • NOTES: JL: none of our components use glibc32 AFAIK, so should be good to skip.
  2. ✔️ Modular GNOME Keyring services
    • The monolithic daemon provided by GNOME Keyring will be split into dedicated sub-daemons, so that they can be consistently managed by systemd.
    • Tracking bug: #1899998
    • NOTES: *LB**: we don't ship these GNOME services in FCOS
  3. ✔️ Wayland by Default for SDDM
    • Change the default display server mode for SDDM to use a Wayland-based greeter rather than an X11-based one.
    • Tracking bug: #2050378
    • NOTES: LB: we don't ship sddm in FCOS
  4. ✔️ Python Dist RPM provides to only provide PEP503-normalized names
    • The legacy python3dist(NAME) and python3.11dist(NAME) RPM provides with dots (.) in NAME will no longer be automatically provided. NAME will only be normalized according to PEP 503. E.g. on Fedora 36 a package provides both python3dist(ruamel-yaml) and python3dist(ruamel.yaml), on Fedora 37+ it will only provide python3dist(ruamel-yaml) (and similarly, python3.11dist(ruamel-yaml)).
    • Tracking bug: #2052217
    • NOTES: LB: we don't ship Python in FCOS
  5. ✔️ MinGW UCRT target
    • This proposal is to add the UCRT target & support from Fedora to the MinGW cross-toolchains.
    • Tracking bug: #2055254
    • NOTES: LB: mingw is not a concern for FCOS
  6. ✔️ MinGW OpenSSL 3.x update
    • Update OpenSSL for MinGW to version 3.x
    • Tracking bug: #2055724
    • NOTES: LB: mingw is not a concern for FCOS
  7. ⚠️ Enable read only /sysroot for Fedora Silverblue & Kinoite 👉 https://github.com/coreos/fedora-coreos-tracker/issues/1232
    • This change is about enabling an opt-in ostree feature that re-mounts /sysroot as read only to avoid accidental changes.
    • Tracking bug: #2060976
    • NOTES: LB: we did this in FCOS early on, but we never migrated older instances
  8. ✔️ Encourage Dropping Unused / Leaf Packages on i686
    • Package maintainers are empowered to stop building their packages for i686 — especially if supporting this architecture requires significant investment of time or resources. This will not apply to packages which are still depended on by other i686 packages, or which get used in a "multilib" context (i.e. for running 32-bit applications on x86_64). Dropping i686 architecture support from a leaf package will no longer be considered a breaking change, will not require any announcements, or tracker bugs.
    • Tracking bug: #2069738
    • NOTES: JL: we don't explicitly try to support i686, though we do build it by default for various components. we could look at explicitly disabling it, or just ride the wave until Fedora itself turns it off.
  9. ⚠️ Support FIDO Device Onboarding
    • Package and enable the FIDO Device Onboarding software stack for Zero Touch Onboarding on Fedora IoT.
    • Tracking bug: #2075529
    • NOTES: LB: not exactly the same, but we may look into this and possibly file a feature-request for ourselves for Ignition
  10. ✔️ Build Fedora IoT Artifacts with osbuild
    • Build the key Fedora IoT artifacts such as the raw images and the traditional anaconda installer with osbuild.
    • Tracking bug: #2075530
    • NOTES: LB: IoT specific
  11. Haskell GHC 9.0 & Stackage LTS 19
    • The GHC Haskell compiler will be updated from major version 8.10 to 9.0, and Haskell packages will be updated from Stackage LTS 18 to LTS 19 versions.
    • Tracking bug: #2080355
    • NOTES: LB: we don't ship GHC in FCOS
  12. ✔️ Replace jwhois package with whois for Fedora Workstation
    • Fedora Workstation product core group includes jwhois package. Replace it with whois package which is more actively developed.
    • Tracking bug: #2081764
    • NOTES: SA: we don't ship jwhois
  13. ✔️ Enhance Persian Font Support
    • This change aims to provide a consistent experience for those who use Fedora in Persian or write or read Persian text in Fedora.
    • Tracking bug: #2095025
    • NOTES: DM: I don't think any changes for FCOS are needed here.
  14. ✔️ LLVM 15
    • Update all llvm sub-projects in Fedora Linux to version 15.
    • Tracking bug: #2100620
    • NOTES: DM: This shouldn't affect FCOS.
  15. ✔️ Supplement of Server distributables by a KVM VM disk image
    • Virtualization has long been a steadily growing use case of Fedora Server Edition, but it is still time consuming and tedious for the system administrator to create a Fedora Server VM. Supplementing the downloads by a KVM VM image remedies the deficiency.
    • Tracking bug: #2100621
    • NOTES: DM: This is limited to the Server edition deliverables.
  16. ✔️ Erlang 25
    • Update Erlang/OTP to version 25.
    • Tracking bug: #2100623
    • NOTES: DM: This shouldn't affect FCOS.
  17. ✔️ Stratis 3.2.0
    • Stratis 3.2.0 includes one significant enhancement, one bug fix, and a number of more minor improvements.
    • Tracking bug: #2108166
    • NOTES: JL: Nothing do do. We don't ship Stratis.
  18. ✔️ LXQt 1.1.0
    • Update LXQt to 1.1.0 in Fedora.
    • Tracking bug: #2109614
    • NOTES: DM: Not applicable. We don't ship it.
  19. ✔️ Officially Support Raspberry Pi 4
    • The work around Raspberry Pi 4 has been on going for a number of years, but we've never officially supported it due to lack of accelerated graphics and other key features. With Fedora 37, Raspberry Pi 4 is now officially supported, including accelerated graphics using the V3D GPU.
    • Tracking bug: #2109648
    • NOTES: DM: No action for us to take. Hardware support is getting better in the kernel.
  20. ⚠️ Preset All Systemd Units on First Boot 👉 https://github.com/coreos/ignition/issues/1440
    • Systemd will execute the equivalent of systemctl preset-all when an unconfigured system is booted ("First Boot" condition). This means that units will be enabled or disabled according to the preset configuration. We currently do the equivalent of systemctl preset-all --preset-mode=enable-only, and this will be extended to also disable units, i.e. systemctl preset-all --preset-mode=full. Any units which are manually symlinked but presets say they shouldn't (which is against the packaging guidelines for packaged units) will be disabled.
    • Tracking bug: #2114065
    • NOTES: DM: This will require some work for us. @jlebon filed https://github.com/coreos/ignition/issues/1440
  21. ✔️ Public release of the Anaconda Web UI preview image
    • The work on Web UI for the Anaconda installer has advanced enough so that it is possible to create and publish self contained preview images.
    • Tracking bug: #2114325
    • NOTES: DM: Not applicable. We don't ship anaconda.
  22. ✔️ BIND 9.18
    • Owner
    • Tracking bug: #2114330
    • NOTES: DM: Not applicable. We don't ship bind (the server). We do ship bind-utils, but that should be fine.
  23. ✔️ ibus-libpinyin 1.13
    • This ibus-libpinyin release includes new features for English input and Table input.
    • Tracking bug: #2114336
    • NOTES: DM: Not applicable. We don't ship ibus.
  24. ✔️ SELinux Parallel Autorelabel
    • After a system's SELinux mode is switched from disabled to enabled, or after an administrator runs fixfiles onboot, SELinux autorelabel will be run in parallel by default.
    • Tracking bug: #2114341
    • NOTES: DM: No action. We don't support auto-relabel.
  25. ✔️ Haskell GHC 8.10.7 & Stackage LTS 18.28
    • The GHC Haskell compiler will be updated from minor version 8.10.5 to 8.10.7, and Haskell packages will be updated to Stackage LTS 18.28 minor versions.
    • Tracking bug: #2115399
    • NOTES: DM: No action. We don't ship any related software.
  26. ✔️ Mumble 1.4
    • Update the Mumble voice chat application from 1.3 to 1.4.
    • Tracking bug: #2115400
    • NOTES: DM: No action. We don't ship Mumble.
  27. ✔️ Emacs 28
    • Update GNU Emacs to 28.1 release. This release includes a wide variety of new features, including native compilation of Lisp files.
    • Tracking bug: #2118435
    • NOTES: DM: No action. We don't ship Emacs.
  28. ✔️ Minizip Renaming
    • Renaming the "minizip" package to "minizip-ng" to align with the upstream naming.
    • Tracking bug: #2129079
    • NOTES: DM: We don't ship minizip in FCOS, so this should be a NOOP for us.
jlebon commented 2 years ago

Enable read only /sysroot for Fedora Silverblue & Kinoite

  • This change is about enabling an opt-in ostree feature that re-mounts /sysroot as read only to avoid accidental changes.
  • Tracking bug: #2060976

A similar issue exists in FCOS BTW: the first official FCOS stable release was January 11, 2020. It did not ship with read-only sysroot. That came in May/June 2020. So we have potentially really old FCOS stable nodes provisioned in those first 5-6 months (and of course testing too, which started even earlier) which today still don't have read-only sysroot.

It'd be nice to have some stats to know how many such nodes exist, but it likely isn't worth the effort/risk to try migrating them. Maybe instead we can add a CLHM dropin which suggests reprovisioning if read-only sysroot isn't active?

dustymabe commented 2 years ago

Updated the description with the outcomes from our small groups session earlier today.

dustymabe commented 2 years ago

We discussed the accepted changes today with a small group earlier today and also again later in the FCOS community meeting. We found a few issues we wanted to discuss further and I have opened dedicated tickets for those discussions/investigations.

dustymabe commented 2 years ago

Reran the script and updated the description with new changes that have come in.

dustymabe commented 2 years ago

We discussed this in the community meeting today.

We went over the newly added items in the changeset (121->125 and 214->216). I have updated the description with the results.

dustymabe commented 2 years ago

Reran the script and updated the description with new changes that have come in.

dustymabe commented 2 years ago

We discussed this in the community meeting yesterday. We went over newly added items in the changeset (126->132 and 217). I have updated the description with the results.

dustymabe commented 2 years ago

Reran the script and updated the description with new changes that have come in.

lucab commented 2 years ago

We ran through the newly added entries and found some actionable items:

* jlebon to ensure there are FCOS/Ignition ticket to track the preset changes
* lucab to check if/where we want to start using 'restorecon -T 0' in our initramfs logic
* travier to split off selinux and ostree/fcos concerns to a new ticket/PR, mainly for docs purposes

I did look through our usages of restorecon and I didn't spot any places where we could really benefit from multi-threading.

The SELinux docs ticket is at https://github.com/coreos/fedora-coreos-docs/issues/439.

dustymabe commented 2 years ago

We discussed this in the community meeting today.

12:38:22   dustymabe | ok a few updates on this topic.. the macaddresspolicy
                     | change fell out (thomas got busy and went on vacation)
                     | but we'll get it into F38. https://fedoraproject.org/w
                     | iki/Changes/MAC_Address_Policy_none

12:39:11   dustymabe | #info the hostname change got into f38/f37: https://gi
                     | thub.com/coreos/fedora-coreos-tracker/issues/902#issue
                     | comment-1225839825

We also covered the new self contained changes since the last time. All of them have no impact because we don't ship them.

dustymabe commented 1 year ago

Reran the script and updated the description with new changes that have come in.

dustymabe commented 1 year ago

We discussed this in the community meeting today.

13:32:45  dustymabe | #info we don't ship minizip in FCOS, so this should be a noop for us
cgwalters commented 1 year ago

I believe this is done.