Changes in Fedora 40 For System Administrators

RPM packages use SPDX identifiers for licenses as a standard. 63 % of the packages and almost all packeges from ELN set have been migrated to SPDX identifiers. The remaining packages are estimated to be migrated to SPDX in Fedora 41.

The enumeration feature provides the ability to list all users or groups using getent passwd or getent group' without arguments. Support for the `enumeration feature has been removed for AD and FreeIPA providers.

sss_ssh_knownhostsproxy tool has been deprecated and will be replaced by a new, more efficient tool. See upstream ticket for details.

Previously deprecated SSSD "files provider" feature that allows handling of local users has been removed in Fedora 40. This does not affect default configuration where local users are handled by glibc module (libnss_files.so.2), which is most cases. In case of specific configuration that requires SSSD to handle local users (smart card authentication or session recording of local users), switch to proxy provider instead. If you fall into one of these use cases, see the upstream documentation for more details.

The minimal profile for Authselect is now replaced by local. The new local profile is based on minimal but gains additional optional features, it is used to serve local users and groups without SSSD. This migration from minimal to local profile is performed automatically with a new installation or upgrade to Fedora 40 and users are not affected. However, users should adapt their scripts to the new local profile since the minimal profile is no longer available.

Bogofilter (bogofilter package) is a fast anti-spam filtering mechanism that uses Bayesian statistical analysis to classify emails as either spam or non-spam. It uses Berkeley DB (libdb package) as its database engine for storing word probabilities and other relevant data used in the filtering process.

With this release, Bogofilter switched its database engine from Berkeley DB to SQLite, because Fedora deprecated the libdb package.

Bogofilter supports only one database backend at a time, therefore the updated bogofilter package will be unable to process the libdb data. As a result, the new package provides a migration script. Alternatively, you can migrate your word lists manually with this command bogomigrate-berkeley ~/.bogofilter/wordlist.db.

The podman container engine has been upgraded to version 5, which provides multiple bug fixes and enhancements. Notable changes include:

For full extent of updates, see the upstream release notes.

This upgrade includes new releases of stratisd 3.6.7 and stratis-cli 3.6.0.

These releases include a number of improvements, bug fixes, and housekeeping changes. The following is a brief summary of the changes.

stratisd 3.6.7 includes a fix to a bug introduced in stratisd 3.6.6 which caused the stratis-min pool start command to fail if the pool was encrypted and the password to unlock the pool was specified on the command-line. It also includes a fix to a bug introduced in stratisd 3.6.4 which prevented automatically unlocking a pool when mounting a filesystem specified in /etc/fstab.

stratisd 3.6.6 fixes a bug where it would be possible to misreport the PID of an already running instance of stratisd when attempting to start another instance. It also includes restrictions on the size of the string values in the Stratis pool-level metadata.

stratisd 3.6.5 includes a modification to its internal locking mechanism which allows a lock which does not conflict with a currently held lock to precede a lock that does. This change relaxes a fairness restriction that gave precedence to locks based solely on the order in which they had been placed on a wait queue.

stratisd 3.6.4 includes a fix for stratisd-min handling of the start command sent by stratis-min to unencrypted pools. It also captures and logs errors messages emitted by the thin_check or mkfs.xfs executables.

stratisd 3.6.3 explicitly sets the nrext64 option to 0 when invoking mkfs.xfs. A recent version of XFS changed the default for nrext64 to 1. Explicitly setting the value to 0 prevents stratisd from creating XFS filesystems that are unmountable on earlier kernels.

stratisd 3.6.2 includes a fix in the way thin devices are allocated in order to avoid misalignment of distinct sections of the thin data device. Such misalignments may result in a performance degradation.

stratisd 3.6.1 includes a fix to correct a problem where stratisd would fail to unlock a pool if the pool was encrypted using both Clevis and the kernel keyring methods but the key in the kernel keyring was unavailable.

stratisd 3.6.0 extends its functionality to allow a user to set a limit on the size of a filesystem and includes a number of additional enhancements.

The stratis-cli 3.6.0 command-line interface has been extended with an additional option to set the filesystem size limit on creation and two new filesystem commands, set-size-limit and unset-size-limit, to set or unset the filesystem size limit after a filesystem has been created.

All releases include sundry internal improvements, conveniences, and minor bug fixes.

Please see the stratisd changelog and the stratis-cli changelog for further details.

Delta RPM (DRPM) is a feature, which reduces the time and data required to update packages by downloading only the differences (deltas) between the old and the new version of an RPM package. Based on your current version and the delta, your system then locally re-assembles a complete RPM package with a new version of software.

With this Fedora release, DRPMs will no longer be generated during the compose process. Also, the DRPM support in dnf and dnf5 will be disabled by default. Some of the most notable reasons for this change are as follows:

This change aims to bring the following benefits:

Filelists are XML files that provide important metadata and information that facilitate RPM package installation, management, and maintenance.

With this Fedora release, the DNF behavior changed in a sense that the filelists will no longer be downloaded by default. The reason is, the metadata that filelists provide are unnecessary in the majority of use cases and they are large in size. This leads to a significant slowdown in the user experience.

This change aims to bring the following notable benefits:

Note that you can still use DNF without filelists metadata when querying file provides located in /usr/bin, /usr/sbin or /etc directories.