对于系统管理员的 Fedora 40 中的更改

有关 Fedora 的 Anaconda 安装程序和 Kickstart 等相关组件的更改列表，请参阅 上游发行注记。

Fedora IoT 版现在有了可启动镜像。这为用户提供了使用 Fedora IoT 的新方法，可能更适合他们的环境和生态系统，从而使其得到更广泛的采用。

您可以从 Fedora IoT 官方网页下载新镜像 。另请参阅 文档。

Fedora 40 对 389 Directory Server 进行了重大升级，与之前发布的 2.4.4 版本相比，升级幅度很大。

一个主要变化是，从这个版本开始，创建新实例时默认使用 LMDB，而不是以前默认的 BerkeleyDB。更多信息请参见 此处。

pam_userdb 在构建时支持 BerkeleyDB，但该项目已不再作为开源项目维护，因此在 Fedora 40 中已被 GDBM 所取代。有关如何转换的信息，请参阅 Fedora 系统管理员指南。

The enumeration feature provides the ability to list all users or groups using getent passwd or getent group' without arguments. Support for the `enumeration feature has been removed for AD and FreeIPA providers.

sss_ssh_knownhostsproxy tool has been deprecated and will be replaced by a new, more efficient tool. See upstream ticket for details.

Fedora 40 中移除了之前已废弃的 SSSD "files provider"功能，该功能允许处理本地用户。大多数情况下这不会影响 glibc 模块（libnss_files.so.2）处理本地用户的默认配置。如果特定配置需要 SSSD 处理本地用户（智能卡身份验证或本地用户的会话记录），请改用 proxy provider。如果您属于这些用例之一，请参阅 上游文档。

Authselect 的`minimal`配置文件现由`local`取代。新的 local`配置文件基于 `minimal，但增加了额外的可选功能，为没有 SSSD 的本地用户和群组提供服务。从 minimal 到 local 配置文件的迁移会在全新安装或升级到 Fedora 40 时自动执行，用户不会受到影响。不过，用户应调整其脚本以适应新的`local`配置文件，因为`minimal`配置文件已不再可用。

Bogofilter (bogofilter package) is a fast anti-spam filtering mechanism that uses Bayesian statistical analysis to classify emails as either spam or non-spam. It uses Berkeley DB (libdb package) as its database engine for storing word probabilities and other relevant data used in the filtering process.

With this release, Bogofilter switched its database engine from Berkeley DB to SQLite, because Fedora deprecated the libdb package.

Bogofilter supports only one database backend at a time, therefore the updated bogofilter package will be unable to process the libdb data. As a result, the new package provides a migration script. Alternatively, you can migrate your word lists manually with this command bogomigrate-berkeley ~/.bogofilter/wordlist.db.

The podman container engine has been upgraded to version 5, which provides multiple bug fixes and enhancements. Notable changes include:

For full extent of updates, see the upstream release notes.

The ROCm stack for graphics processing unit (GPU) computation has been updated to version 6, which provides multiple bug fixes and enhancements. Notable changes include:

For full extent of updates, see the upstream release notes.

This upgrade includes new releases of stratisd 3.6.7 and stratis-cli 3.6.0.

这些版本包括一系列改进、错误修复和内务变更。以下是更改的简要概述。

stratisd 3.6.7 includes a fix to a bug introduced in stratisd 3.6.6 which caused the stratis-min pool start command to fail if the pool was encrypted and the password to unlock the pool was specified on the command-line. It also includes a fix to a bug introduced in stratisd 3.6.4 which prevented automatically unlocking a pool when mounting a filesystem specified in /etc/fstab.

stratisd 3.6.6 fixes a bug where it would be possible to misreport the PID of an already running instance of stratisd when attempting to start another instance. It also includes restrictions on the size of the string values in the Stratis pool-level metadata.

stratisd 3.6.5 includes a modification to its internal locking mechanism which allows a lock which does not conflict with a currently held lock to precede a lock that does. This change relaxes a fairness restriction that gave precedence to locks based solely on the order in which they had been placed on a wait queue.

stratisd 3.6.4 includes a fix for stratisd-min handling of the start command sent by stratis-min to unencrypted pools. It also captures and logs errors messages emitted by the thin_check or mkfs.xfs executables.

stratisd 3.6.3 explicitly sets the nrext64 option to 0 when invoking mkfs.xfs. A recent version of XFS changed the default for nrext64 to 1. Explicitly setting the value to 0 prevents stratisd from creating XFS filesystems that are unmountable on earlier kernels.

stratisd 3.6.2 includes a fix in the way thin devices are allocated in order to avoid misalignment of distinct sections of the thin data device. Such misalignments may result in a performance degradation.

stratisd 3.6.1 includes a fix to correct a problem where stratisd would fail to unlock a pool if the pool was encrypted using both Clevis and the kernel keyring methods but the key in the kernel keyring was unavailable.

stratisd 3.6.0 extends its functionality to allow a user to set a limit on the size of a filesystem and includes a number of additional enhancements.

The stratis-cli 3.6.0 command-line interface has been extended with an additional option to set the filesystem size limit on creation and two new filesystem commands, set-size-limit and unset-size-limit, to set or unset the filesystem size limit after a filesystem has been created.

All releases include sundry internal improvements, conveniences, and minor bug fixes.

Please see the stratisd changelog and the stratis-cli changelog for further details.

Delta RPM (DRPM) is a feature, which reduces the time and data required to update packages by downloading only the differences (deltas) between the old and the new version of an RPM package. Based on your current version and the delta, your system then locally re-assembles a complete RPM package with a new version of software.

With this Fedora release, DRPMs will no longer be generated during the compose process. Also, the DRPM support in dnf and dnf5 will be disabled by default. Some of the most notable reasons for this change are as follows:

This change aims to bring the following benefits:

Filelists are XML files that provide important metadata and information that facilitate RPM package installation, management, and maintenance.

With this Fedora release, the DNF behavior changed in a sense that the filelists will no longer be downloaded by default. The reason is, the metadata that filelists provide are unnecessary in the majority of use cases and they are large in size. This leads to a significant slowdown in the user experience.

This change aims to bring the following notable benefits:

Note that you can still use DNF without filelists metadata when querying file provides located in /usr/bin, /usr/sbin or /etc directories.

The wget command in Fedora 40 uses Wget2.

GNU Wget2 is the successor to GNU Wget providing a modern implementation of wget backed by a new library: libwget2. The intent to switch from wget 1.x to wget2 is to switch to an implementation that is more actively developed and provides a richer interface for leveraging wget’s functionality.

IPv4 address conflict detection is now enabled by default in NetworkManager. In other words, RFC 5527 is now enabled by default with an interval of 200 ms.

Fedora 40 adopts stable-ssid as the default mode for assigning individual, stable MAC addresses to Wi-Fi connections in NetworkManager, enhancing user privacy without compromising network stability.

The change adds a new file, /usr/lib/NetworkManager/conf.d/22-wifi-mac-addr.conf, which sets wifi.cloned-mac-address=stable-ssid as the default mode for MAC address selection in Wi-Fi connections within NetworkManager. The stable-ssid mode generates a different MAC address based on each SSID it uses to connect to a network, which is designed to enhance user privacy by making it more difficult for users to be tracked across networks by their hardware MAC address.

This new default value overrides the NetworkManager default of preserve and is applied to all existing and new Wi-Fi profiles in Fedora 40 and later that do not override the default, such as by cloning a specific MAC address in the NetworkManager GUI or independently setting wifi.cloned-mac-address.

With the adoption of stable-ssid as the default in Fedora 40, upgrading to Fedora 40 will apply this new MAC address generation by default, including on existing Wi-Fi profiles. This can result in potentially breaking changes to Wi-Fi connection behavior, particularly for users of networks with features or restrictions that rely on the device’s prior default MAC address.

Users who must maintain consistent MAC addresses for specific networks can address this by manually setting wifi.cloned-mac-address to permanent for specific profiles:

Replace [$PROFILE] with the NetworkManager profile name, which is typically the SSID. To list profiles by name, run nmcli connection.

To revert to previous behavior, override the new default by following one of these steps:

For details on the order in which configuration files are loaded and their priority, refer to man NetworkManager.conf. For other available wifi.cloned-mac-address options, see the [NetworkManager documentation](https://networkmanager.dev/docs/api/1.46/settings-802-11-wireless.html).

Fedora 40 provides version 16 of PostgreSQL. For more information, see the upstream release notes.

RPM packages use SPDX identifiers for licenses as a standard. 63 % of the packages and almost all packeges from ELN set have been migrated to SPDX identifiers. The remaining packages are estimated to be migrated to SPDX in Fedora 41.