시스템 관리자를 위한 페도라 41의 변경 사항

페도라 41에서 기본 꾸러미 관리자는 DNF 5입니다. 이는 다음과 같이 주목 할 수 있는 많은 개선을 갖고 오도록 하는 가장 큰 향상입니다:

이와 같은 출시에 대한 정보를 위해, 업스트림 DNF5 문서, 특별히 DNF 및 DNF5 사이의 변경 목록을 참고하세요. 개발자는 또한 dnf 데몬을 위한 DBus API 바인딩도 확인해야 합니다.

RPM in Fedora 41 has been updated to version 4.20, which provides a number of improvements, such as:

자세히 알기 위해 업스트림 출시 기록을 참조하세요.

Starting with Fedora 41, the Fedora Atomic Desktops, Fedora CoreOS and Fedora IOT will ship bootc and DNF5 as part of the image. Now you can use dnf commands as part of container builds that use these Fedora variants as the base image. While rpm-ostree is still available, you can now use bootc to manage your image mode deployments and updates.

When running dnf on a booted image mode system, DNF will give a better error message pointing to the available tools on your booted system to accomplish your task. This is the start of a process to enable DNF with rpm-ostree features and the re-focus on bootc to manage image mode deployments.

RPM 꾸러미는 저작권을 위한 표준으로 SPDX 식별자를 사용합니다. 꾸러미의 90%는 SPDX 식별자로 이전 되었습니다. 잔여 꾸러미는 페도라 42에서 SPDX로 이전 되리라 예상됩니다. 페도라 리눅스에서 허용된(함께 사용된) 모든 저작권의 목록은 페도라 법률 부분에서 찾을 수 있습니다. 90% 부분에서, 꾸러미의 9%는 SPDX로 준수하는 임시 저작권 `LicenseRef-Callaway-*`를 가지고 있으나, SPDX 협회에서 적합한 저작권 ID가 지정되어야 합니다.

NetworkManager는 ifcfg 형식에서 저장된 연결 프로파일을 위한 지원을 제거합니다. 더 이상 사용되지 않는 업스트림 및 기본 키파일 형식이 유효하고 더 나은 대체 형식입니다. 다음 꾸러미는 채택되지 않았습니다. NetworkManager-initscripts-ifcfg-rh, NetworkManager-dispatcher-routing-rules 및 NetworkManager-initscripts-updown.

To support general system hardening (running software with least privileges possible), the SSSD service is now configured to run under sssd or root user using the systemd service configuration files. This service user now defaults to sssd and irrespective of what service user is configured, root or sssd, all root capabilities are dropped with the exception of a few privileged helper processes.

The sss_ssh_knownhostsproxy tool was deprecated in the previous release and has now been removed. It is replaced by the sss_ssh_knownhosts tool. See man sss_ssh_knownhosts(1) to learn how to use it.

Previously, the Fedora Cloud edition used to set the net.ifnames=0 kernel command-line parameter during the kickstart process. This would disable the consistent naming for networking devices and ensured that Ethernet devices kept their traditional names such as eth0, eth1, and so on. With this update, net.ifnames=0 has been removed from the Fedora Cloud kickstart file to ensure consistency in the network device naming and to align with the other Fedora editions.

With this update, the long-deprecated package network-scripts will be removed. The package provided the legacy utilities ifup and ifdown, as well as the network.service. Network scripts heavily depend on the Dynamic Host Configuration Protocol (DHCP) client, and without active development, there is no chance of updating them to use an alternative client.

Packages that depend to some extent on network-scripts:

Note that this change also affects all users with local custom network-scripts that require functionality from the network-scripts package.

Starting with Fedora 41, all supported versions of Kubernetes, CRI-O and CRI-Tools will be available concurrently. As an example, Fedora 41 has the following Kubernetes RPMs at release:

This is a significant change from the past Fedora releases, which only had a single version of Kubernetes available in Fedora repositories. CRI-O and CRI-Tools RPMs also share this change with versions available to complement Kubernetes. For more information, see this Fedora Quick Doc.

TuneD replaced power-profiles-daemon as a default power profile management daemon for the following Fedora workstation spins:

The server users can customize the desktop-exposed power profiles by editing the /etc/tuned/ppd.conf file in the command-line. The workstation users can set the power profile through the GUI control center.

The tuned-ppd package provides a drop-in replacement for the power-profiles-daemon, which allows it to be used with the current desktops.

Those applications that already use power-profiles-daemon can access TuneD without modifying the code.

Netavark is a container networking tool used by Podman. Netavark manages interfaces and firewall rules and with this Fedora update, it will use nftables by default to create firewall rules for containers.

On Atomic Desktops, the policy controlling access to the rpm-ostree daemon has been updated to:

On Fedora CoreOS and Fedora IoT systems, the root mount of the system (/) is now mounted using composefs, which makes it a truly read only filesystem, increasing the system integrity and robustness. This is the first step toward a full at runtime verification of filesystem integrity.

On Atomic Desktops, the bootloader is now automatically updated using bootupd. New systems are now installed with a static GRUB configuration which relies only on the Boot Loader Specification configuration files and is not regenerated for each update.

The upstream Kubernetes project maintains 3 concurrent versions with a new release every 4 months. Previously, in Fedora, only one of these versions was always provided, and matched with a specific release. Starting with Fedora 41, all currently supported Kubernetes versions are provided, using separate packages named after each major version. Using the kubernetes-client rpm as an example, instead of kubernetes-client-1.29.2-1.fc41, Fedora now offers kubernetes1.29-client-1.29.2-1.fc41, kubernetes1.28-client-1.28.5-1.fc41, and kubernetes1.27-client-1.27.8-1.fc41.

Upgrading to Fedora 41 on a machine with Fedora 40 or Fedora 39 requires a manual step by the user to select the appropriate versioned Kubernetes package.

더 많은 정보를 위해, 페도라 빠른 문서를 참고하세요.

Fedora 41 is the first Fedora release that provides the dm-vdo (virtual data optimizer) device mapper target, along with the vdo user tools package.

The dm-vdo target provides inline deduplication, compression, and thin provisioning. These features can be added to the storage stack, compatible with any file system. A dm-vdo target can be backed by up to 256TB of storage, and can present a logical size of up to 4PB. This target was originally developed starting in 2009. It was first released in 2013, and has been used in production environments ever since. It was made open-source in 2017, and merged into the upstream Linux kernel in 2024.

To support dm-vdo targets, the vdo user tool package provides the following tools:

Additional diagnostic tools are also included in the vdo package. However, they are rarely needed for normal operation.

Although not required, it is strongly recommended that lvm2 be used to manage vdo volumes. See the lvm2 documentation for more information.

If you have a vdo volume created with the kvdo module, be sure to refer to the kvdo documentation for important considerations prior to attempting to upgrade to a dm-vdo target.

추가적인 세부 정보를 위해 dm-vdo 및 vdo 업스트림 문서를 참고하세요.

This update includes releases of stratisd 3.7.3 and stratis-cli 3.7.0. It includes one significant enhancement, several minor enhancements, and a number of small improvements.

Most significantly, Stratis 3.7.3 extends its functionality to allow a user to revert a snapshot, i.e., to overwrite a Stratis filesystem with a previously taken snapshot of that filesystem. The process of reverting requires two steps. First, a snapshot must be scheduled for revert. However, the revert can only take place when a pool is started. This can be done while stratisd is running, by stopping and then restarting the pool. A revert may also be occasioned by a reboot of the system stratisd is running on. Restarting stratisd will also cause a scheduled revert to occur, so long as the pool containing the filesystem to be reverted has already been stopped. To support this functionality, stratis-cli includes two new filesystem subcommands, schedule-revert and cancel-revert.

Some additional functionality has been added to support this revert functionality. First, a filesystem’s origin field is now included among its D-Bus properties and updated as appropriate. stratis-cli displays an origin value in its newly introduced filesystem detail view. stratisd also support a new filesystem D-Bus method which returns the filesystem metadata. The filesystem debug commands in stratis-cli now include a get-metadata option which will display the filesystem metadata for a given pool or filesystem. Equivalent functionality has been introduced for the pool metadata as well.

stratisd also includes a considerable number of dependency version bumps, minor fixes and additional testing, while stratis-cli includes improvements to its command-line parsing implementation.

이와 같은 출시에 대한 추가 정보를 위해 stratisd 및 stratis-cli 변경기록을 문의해 주세요.

Fedora 41 provides a new tool for querying repositories, fedora-repoquery, a small commandline tool for doing repoqueries of Fedora, EPEL, eln, and Centos Stream package repositories. It wraps dnf repoquery separating cached repo data under separate repo names for faster cached querying.

사용 예제, 또는 설치 후에 fedora-repoquery --help 사용을 위해 업스트림 readme를 참고하세요.

OpenSSL in Fedora 41 no longer trusts SHA-1 signatures by default and blocks their creation as well. This change was implemented because chosen-prefix collision attacks on SHA-1 are becoming increasingly feasible. This brings Fedora’s security defaults closer to what is considered secure in modern day cryptographic landscape.

You can revert to previous default behavior either system-wide by using update-crypto-policies --set FEDORA40, or per process with runcp FEDORA40 command args, using the crypto-policies-extra tool available Copr. These old policies will be maintained in Fedora for several future releases. However, their use is generally not recommended.

Fedora package builds are now more deterministic, bringing the distribution closer to the goal of achieving fully reproducible builds for all of its packages.

더 많은 정보를 위해, 페도라의 재현 가능한 제작 문서를 참고하세요.

The libvirt virtual network has been changed to prefer use of the nftables firewall backend instead of iptables.

이와 같은 변경은 일부 잠재적인 호환성 영향을 갖고 있습니다; 자세한 내용 및 해결 방법을 위해 변경 부분을 참고하세요.

Redis has been replaced with Valkey in Fedora 41 due to Redis' license change to RASLv2/SSPL which rendered it incompatible with Free and Open Source principles. Valkey is a full replacement of Redis which preserves the original BSD licensing.

When upgrading to Fedora Linux 41, systems with redis installed will be switched to valkey via the valkey-compat package. The change should be mostly transparent to users as the valkey-compat package provides config and data migration for most common configurations. The valkey systemd units will have aliases for redis to ease the migration for users.

Support for OpenSSL engines is deprecated in Fedora 41. Engines are not FIPS compatible and corresponding API is deprecated since OpenSSL 3.0. Those currently using OpenSSL engines should switch to using providers.