对于系统管理员的 Fedora 40 中的更改
安装程序更改
有关 Fedora 的 Anaconda 安装程序和 Kickstart 等相关组件的更改列表,请参阅 上游发行注记。
Fedora IoT 可引导容器
Fedora IoT 版现在有了可启动镜像。这为用户提供了使用 Fedora IoT 的新方法,可能更适合他们的环境和生态系统,从而使其得到更广泛的采用。
您可以从 Fedora IoT 官方网页下载新镜像 。另请参阅 文档。
389 Directory Server 3.0.0
Fedora 40 对 389 Directory Server 进行了重大升级,与之前发布的 2.4.4 版本相比,升级幅度很大。
一个主要变化是,从这个版本开始,创建新实例时默认使用 LMDB,而不是以前默认的 BerkeleyDB。更多信息请参见 此处。
将 pam_userdb 从 BerkeleyDB 切换到 GDBM
pam_userdb
在构建时支持 BerkeleyDB,但该项目已不再作为开源项目维护,因此在 Fedora 40 中已被 GDBM 所取代。有关如何转换的信息,请参阅 Fedora 系统管理员指南。
删除了 AD 和 IPA 后端对`枚举`功能的支持
枚举`功能提供了使用 `getent passwd`或 `getent group
(不带参数)列出所有用户或组的功能。AD 和 FreeIPA 提供程序已不再支持`枚举`功能。
未来的版本将替换`sss_ssh_knownhostsproxy`工具
sss_ssh_knownhostsproxy
工具已被弃用,并将被更高效的新工具取代。详情请参见 上游票据。
移除 SSSD 的 files provider
Fedora 40 中移除了之前已废弃的 SSSD "files provider"功能,该功能允许处理本地用户。大多数情况下这不会影响 glibc 模块(libnss_files.so.2
)处理本地用户的默认配置。如果特定配置需要 SSSD 处理本地用户(智能卡身份验证或本地用户的会话记录),请改用 proxy provider
。如果您属于这些用例之一,请参阅 上游文档。
Authselect 最小配置文件由本地配置文件取代
Authselect 的`minimal`配置文件现由`local`取代。新的 local`配置文件基于 `minimal
,但增加了额外的可选功能,为没有 SSSD 的本地用户和群组提供服务。从 minimal
到 local
配置文件的迁移会在全新安装或升级到 Fedora 40 时自动执行,用户不会受到影响。不过,用户应调整其脚本以适应新的`local`配置文件,因为`minimal`配置文件已不再可用。
`bogofilter`使用 SQLite
Bogofilter (`bogofilter `软件包)是一种快速反垃圾邮件过滤机制,它使用贝叶斯统计分析法将电子邮件分为垃圾邮件或非垃圾邮件。 它使用 Berkeley DB(`libdb`软件包)作为数据库引擎,用于存储过滤过程中使用的单词概率和其他相关数据。
在此版本中,Bogofilter 将其数据库引擎从 Berkeley DB 改为 SQLite,因为 Fedora 废弃了 libdb
软件包。
Bogofilter 一次只支持一个数据库后端,所以更新后的 bogofilter
软件包将无法处理 libdb
数据。 因此,新软件包提供了一个迁移脚本。 或者,你也可以使用 bogomigrate-berkeley ~/.bogofilter/wordlist.db
命令手动迁移你的单词表。
Podman 5
podman
容器引擎已升级到第 5 版,其中提供了多个错误修复和增强功能。 值得注意的变化包括:
-
放弃对
cgroups
版本 1 的支持(环境必须切换到cgroups
版本 2) -
弃用了容器网络接口 (CNI) 插件(环境必须切换到
netavark
网络协议栈) -
弃用了 BoltDB
-
将
passt`设置为默认的无根网络服务,取代了`slirp4netns
-
改进了
containers.conf
文件的处理方式 -
隔离的
podman
绑定以确保提高可用性
有关更新的全部内容,请参阅 上游发行注记。
ROCm 6
用于图形处理器(GPU)计算的 ROCm 栈已更新至第 6 版,其中提供了多个错误修复和增强功能。值得注意的变化包括:
-
提高低精度数学和注意力层等范围的性能
-
新 hipSPARSELt 库,通过 AMD 稀疏矩阵核心技术加速人工智能工作负载
-
对 PyTorch、TensorFlow 和 JAX 等人工智能框架的最新支持
-
对 DeepSpeed、ONNX-RT 和 CuPy 等库的新支持
有关更新的全部内容,请参阅 上游发行注记。
Stratis 3.6
此次升级包括新发布的 stratisd 3.6.7 和 stratis-cli 3.6.0。
这些版本包括一系列改进、错误修复和内务变更。以下是更改的简要概述。
stratisd 3.6.7 修正了 stratisd 3.6.6 中的一个错误,即如果池已加密,且在命令行中指定了解锁池的密码,则 stratis-min 池启动命令会失败。 它还修正了 stratisd 3.6.4 中的一个错误,该错误导致在挂载 /etc/fstab 特定的文件系统时无法自动解锁池。
stratisd 3.6.6 修正了一个错误,即在尝试启动另一个 stratisd 实例时,有可能误报已运行实例的 PID。 它还限制了 Stratis 池级元数据中字符串值的长度。
stratisd 3.6.5 修改了内部锁定机制,允许与当前持有的锁不冲突的锁优先于冲突的锁。 这一修改放宽了公平性限制,在此之前,锁的优先级完全取决于它们在等待队列中的排列顺序。
stratisd 3.6.4 修正了 stratisd-min 对未加密池发送的启动命令的处理问题。 它还能捕捉并记录由 thin_check 或 mkfs.xfs 可执行程序发出的错误信息。
stratisd 3.6.3 会在调用 mkfs.xfs 时将 nrext64 选项显式设置为 0。 最近一个版本的 XFS 将 nrext64 的默认值改为 1。 将该值明确设置为 0 可以防止 stratisd 创建在早期内核上不可挂载的 XFS 文件系统。
stratisd 3.6.2 includes a fix in the way thin devices are allocated in order to avoid misalignment of distinct sections of the thin data device. Such misalignments may result in a performance degradation.
stratisd 3.6.1 包含一项修正,纠正了在同时使用 Clevis 和内核密钥环方法加密池,但内核密钥环中的密钥不可用的情况下,stratisd 无法解锁池的问题。
stratisd 3.6.0 扩展了它的功能,允许用户设置文件系统的大小限制,并包含了一些额外的增强功能。
stratis-cli 3.6.0 命令行界面新增了一个选项,用于在创建文件系统时设置文件系统大小限制,还新增了两个文件系统命令 set-size-limit 和 unset-size-limit,用于在创建文件系统后设置或取消文件系统大小限制。
所有版本都包含各种内部改进、便利措施和小错误修复。
详情请参见 stratisd更新日志 和 stratis-cli更新日志。
删除增量RPM
Delta RPM (DRPM) is a feature, which reduces the time and data required to update packages by downloading only the differences (deltas) between the old and the new version of an RPM package. Based on your current version and the delta, your system then locally re-assembles a complete RPM package with a new version of software.
With this Fedora release, DRPMs will no longer be generated during the compose process. Also, the DRPM support in dnf
and dnf5
will be disabled by default. Some of the most notable reasons for this change are as follows:
-
It is not possible to produce DRPMs for all packages, because of the way DRPMs are generated during the compose process. As a result, this can lead to upgrades that involve hundreds of packages, but only a small fraction of them (or none at all) have appropriate DRPMs available in the repository.
-
The re-construction of a new RPM version can fail. This causes an additional download of the complete RPM for the new version.
-
The presence of DRPMs in repositories inflate the size of the repository metadata. That metadata need to be downloaded by all users, whether the actual upgrade involves DRPMs or not.
This change aims to bring the following benefits:
-
Simplification of the compose process for "updates" and "updates-testing" repositories, because the generation of DRPMs is skipped.
-
Reduction in bandwidth use for repository metadata updates.
-
Reduction of storage requirements in Fedora infrastructure and on repository mirrors due to smaller metadata and dropped DRPMs.
-
More reliable upgrades for users.
Stop downloading filelists by default
Filelists are XML files that provide important metadata and information that facilitate RPM package installation, management, and maintenance.
With this Fedora release, the DNF behavior changed in a sense that the filelists will no longer be downloaded by default. The reason is, the metadata that filelists provide are unnecessary in the majority of use cases and they are large in size. This leads to a significant slowdown in the user experience.
This change aims to bring the following notable benefits:
-
Significant reduction in processing time and resource usage for RPM package building, installation, testing environment creation, and others
-
Decrease in costs of a Fedora mirror server operation
-
Reduction in RAM requirements of the DNF process, which addresses existing issues when you run the Fedora system on low-memory machines such as the Raspberry Pi’s
Note that you can still use DNF without filelists metadata when querying file provides located in /usr/bin
, /usr/sbin
or /etc
directories.
wget2 as wget
The wget
command in Fedora 40 uses Wget2.
GNU Wget2 is the successor to GNU Wget providing a modern implementation of wget backed by a new library: libwget2
. The intent to switch from wget 1.x to wget2 is to switch to an implementation that is more actively developed and provides a richer interface for leveraging wget’s functionality.
Enable IPv4 address conflict detection by default in NetworkManager
IPv4 address conflict detection is now enabled by default in NetworkManager. In other words, RFC 5527 is now enabled by default with an interval of 200 ms.
Assign individual, stable MAC addresses for Wi-Fi connections
Fedora 40 adopts stable-ssid
as the default mode for assigning individual, stable MAC addresses to Wi-Fi connections in NetworkManager, enhancing user privacy without compromising network stability.
The change adds a new file, /usr/lib/NetworkManager/conf.d/22-wifi-mac-addr.conf
, which sets wifi.cloned-mac-address=stable-ssid
as the default mode for MAC address selection in Wi-Fi connections within NetworkManager. The stable-ssid
mode generates a different MAC address based on each SSID it uses to connect to a network, which is designed to enhance user privacy by making it more difficult for users to be tracked across networks by their hardware MAC address.
This new default value overrides the NetworkManager default of preserve
and is applied to all existing and new Wi-Fi profiles in Fedora 40 and later that do not override the default, such as by cloning a specific MAC address in the NetworkManager GUI or independently setting wifi.cloned-mac-address
.
With the adoption of stable-ssid
as the default in Fedora 40, upgrading to Fedora 40 will apply this new MAC address generation by default, including on existing Wi-Fi profiles. This can result in potentially breaking changes to Wi-Fi connection behavior, particularly for users of networks with features or restrictions that rely on the device’s prior default MAC address.
Users who must maintain consistent MAC addresses for specific networks can address this by manually setting wifi.cloned-mac-address
to permanent
for specific profiles:
nmcli connection modify [$PROFILE] wifi.cloned-mac-address permanent
Replace [$PROFILE]
with the NetworkManager profile name, which is typically the SSID. To list profiles by name, run nmcli connection
.
To revert to previous behavior, override the new default by following one of these steps:
-
Create a custom configuration file in
/etc/NetworkManager/conf.d/22-wifi-mac-addr.conf
, which can be empty or contain specific configurations. This prevents Fedora from loading its default file in/usr/lib
. -
Create a higher priority .conf file, such as
/etc/NetworkManager/conf.d/90-wifi-mac-addr.conf
, which setswifi.cloned-mac-address
:[connection-90-wifi-mac-addr-conf] wifi.cloned-mac-address=permanent
For details on the order in which configuration files are loaded and their priority, refer to man NetworkManager.conf
. For other available wifi.cloned-mac-address
options, see the [NetworkManager documentation](https://networkmanager.dev/docs/api/1.46/settings-802-11-wireless.html).
PostgreSQL 16
Fedora 40 provides version 16 of PostgreSQL. For more information, see the upstream release notes.
SPDX 迁移
RPM packages use SPDX identifiers for licenses as a standard. 63 % of the packages and almost all packeges from ELN set have been migrated to SPDX identifiers. The remaining packages are estimated to be migrated to SPDX in Fedora 41.
Want to help? Learn how to contribute to Fedora Docs ›