(Fedora Atomic Host talking points)
m (better docs for rpm-ostree automatic update checking)
|Line 33:||Line 33:|
===Automatic update checking is now supported===
===Automatic update checking is now supported===
Users of Fedora Atomic Host 28 can now configure <code>rpm-ostree</code> to automatically check for updates to the host. This functionality is disabled by default; users will have to opt in. For more information,
Users of Fedora Atomic Host 28 can now configure <code>rpm-ostree</code> to automatically check for updates to the host. This functionality is disabled by default; users will have to opt in. For more information, the [://.//rpm-ostree/ /rpm-.
===Atomic system containers now use the SELinux policy from the host===
===Atomic system containers now use the SELinux policy from the host===
Revision as of 17:43, 30 April 2018
These are the Talking Points for the Fedora 28 release. For information on how these talking points were chosen, see Talking Points SOP. They are intended to help Ambassadors quickly present an overview of highlighted features when talking about the release, and to help drive content for the release, etc.
The talking points are based in part on the Change Set for this release.
- 1 Overall Release Story
- 2 Fedora-Wide Changes and Improvements
- 3 Changes to talk about for regular users
- 4 Changes affecting security
- 5 Changes to talk about for developers
- 6 Fedora Atomic Host
- 6.1 Automatic update checking is now supported
- 6.2 Atomic system containers now use the SELinux policy from the host
- 6.3 Unified ostree repo for all Fedora Atomic Host and Fedora Atomic Workstation ostree content
- 6.4 Fedora Atomic Host 28 is available for AArch64 and PPCLE64
- 6.5 podman is now included by default in Fedora Atomic Host
- 6.6 Kubernetes 1.9 containers available
- 7 Fedora Server
- 8 Fedora Workstation
- 9 Fedora ARM (aarch64 and ARMv7)
- 10 Spins
- 11 Labs
- 12 Upgrading to the Latest Release
- 13 All Changes
- 13.1 Fedora 28 Accepted System Wide Changes Proposals
- 13.1.1 AArch64 Server Promotion
- 13.1.2 Anaconda modularization
- 13.1.3 Annotated Binaries
- 13.1.4 Make authselect default tool instead of authconfig
- 13.1.5 Binutils version 2.29.1
- 13.1.6 Deprecate TCP wrappers
- 13.1.7 Add-On Modularity
- 13.1.8 Fedora 28 Boost 1.66 upgrade
- 13.1.9 GCC8
- 13.1.10 GHC 8.2
- 13.1.11 The GNU C Library version 2.27
- 13.1.12 Glibc collation update and sync with cldr
- 13.1.13 Hardening Flags Updates for Fedora 28
- 13.1.14 IBus Unicode Typing
- 13.1.15 Switch libidn-using applications to IDNA2008
- 13.1.16 Improved Laptop Battery Life
- 13.1.17 NIS switching to new libnsl to support IPv6
- 13.1.18 NSS Default File Format SQL
- 13.1.19 OpenLDAP defaults to use only Shared System Certificates
- 13.1.20 OpenLDAP without Non-threaded Libraries
- 13.1.21 Reduce Initial Setup Redundancy
- 13.1.22 Rename "nobody" user
- 13.1.23 Replace glibc's libcrypt with libxcrypt
- 13.1.24 Ruby 2.5
- 13.1.25 Strong crypto settings
- 13.1.26 Removal of Sun RPC Interfaces From glibc
- 13.1.27 Golang 1.10
- 13.1.28 Kerberos in Python modernization
- 13.1.29 Switch libcurl to use libssh instead of libssh2
- 13.1.30 mpfr-4.0.0
- 13.1.31 time-1.8
- 13.2 Fedora 28 Accepted Self Contained Changes Proposals
- 13.2.1 Enabling Python Generators
- 13.2.2 GifLib5
- 13.2.3 Avoid /usr/bin/python in RPM build
- 13.2.4 Django 2.0
- 13.2.5 Erlang 20
- 13.2.6 Facter3
- 13.2.7 Fontconfig 2.13
- 13.2.8 MinGW MiniDebugInfo
- 13.2.9 OpenLDAP: Drop TCP wrappers support
- 13.2.10 Packaging Rust applications/libraries
- 13.2.11 Stratis Storage
- 13.2.12 Sugar 0.112
- 13.2.13 Thunderbolt Enablement
- 13.2.14 VirtualBox Guest Integration
- 13.2.15 librealsense2
- 13.2.16 PHP 7.2
- 13.2.17 VA-API 1.0.0
- 13.1 Fedora 28 Accepted System Wide Changes Proposals
Overall Release Story
Releases may slip if Fedora 28 isn't ready for our users, but the schedule calls for a beta release at the end of March and a final release at the beginning of May.
Fedora-Wide Changes and Improvements
- Modular updates repository: new in Fedora 28, a set of repositories will provide software and updates with alternative versions from those shipped in the default release.
- VirtualBox integration: VirtualBox guest drivers and tools are now included.
Changes to talk about for regular users
Changes affecting security
- curl: now uses libssh for SCP and SFTP protocols, adding support for GSS-API authentication and removing outdated cryptographic algorithms.
- Strong cryptographic settings: default security configuration removes weaker cryptographic settings.
Changes to talk about for developers
- GCC: upgraded to version 8.
- GoLang: upgraded to version 1.10.
- PHP: upgraded to version 7.2.
- Ruby: upgraded to version 2.5.
Fedora Atomic Host
Automatic update checking is now supported
Users of Fedora Atomic Host 28 can now configure
rpm-ostree to automatically check for updates to the host. This functionality is disabled by default; users will have to opt in. For more information, check out the Project Atomic blog, as well as
Atomic system containers now use the SELinux policy from the host
With the release of Fedora Atomic Host 28, every file in a system container gets the same label it would have if installed on the host (e.g.
/usr/bin/foo in the container has the same SELinux label as
/usr/bin/foo on the host). This allows users to run containerized system services without losing the possibility of having different SELinux contexts. Additionally, we can finally fully de-duplicate files on Fedora Atomic Host with the rest of the system, as there is no mismatch in the
xattrs. For more information, consult the upstream atomic issue.
Unified ostree repo for all Fedora Atomic Host and Fedora Atomic Workstation ostree content
With the release of Fedora Atomic Host 28, we now have a single ostree repo that serves up all the Fedora 28 content for Atomic Host and Fedora Atomic Workstation. This includes all the multi-arch content for
Fedora Atomic Host 28 is available for AArch64 and PPCLE64
Fedora Atomic Host continues to be available and supported on
podman is now included by default in Fedora Atomic Host
The release of Fedora Atomic Host 28 introduces a new tool for building and managing containers on your host. The
podman tool allows you to build, pull, run, stop, start, and otherwise manage your containers on your host without the need for the
docker daemon. For more information, check out the the upstream repo for podman.
Kubernetes 1.9 containers available
Along with the release of Fedora Atomic Host 28, we are pleased to announce the availability of version 1.9 of Kubernetes via containers on the Fedora Container Registry. There is a ton of new features in this release of Kubernetes; for more information consult the Kubernetes 1.9 release notes.
- Modularity: Fedora 28 Server Edition will deliver Fedora Modularity, adding support for alternative update streams for popular software such as Node.js and Golang.
- AArch64: AArch64 is now a primary architecture for Fedora Server releases.
Fedora 28 now includes some popular third-party software repositories. When GNOME Software 3.28 is launched for the first time, an alert bar asks about enabling third-party repositories. Selecting Enable will enable the following repositories:
- Google Chrome, the web browser from Google (google-chrome.repo)
- PyCharm, Python IDE for Professional Developers by JetBrains (_copr_phracek-PyCharm.repo)
- NVIDIA’s proprietary graphics drivers (rpmfusion-nonfree-nvidia-driver.repo)
- Steam client, digital distribution platform developed by Valve Corporation (rpmfusion-nonfree-steam.repo)
Improved battery life
Battery Life on laptops running Fedora Workstation is improved with various hardware power-saving features now enabled by default. These improvements include: a new default SATA Link Power Management policy on all Intel mobile chipsets. This policy sets the SATA link to a disk to into low-power mode when idle, saving approximately 1.0 - 1.5 watts of power on an idle laptop. Additionally, the Intel HDA codec power saving is enabled by default (with a 1 second timeout), saving approximately 0.4 watts of power on an idle laptop. Finally, USB autosuspend for USB Bluetooth receivers is enabled by default, saving approximately 0.4 watts of power on an idle laptop.
Fedora 28 Workstation features GNOME 3.28 as the default desktop environment. GNOME 3.28 includes a wide range of enhancements, including: updates to Files (nautilus), Contacts, Calendar, Clocks and the on-screen keyboard. Additionally, the new application Usage is added as a Technology Preview to “make it easy to diagnose and resolve performance and capacity issues”
GNOME 3.28 provides updated versions of many of the GNOME default applications. The ability to “star” items is added to both the Files and the Contacts applications. This allows the user to star an item — be it a file, folder, or a contact — for quick access later. Calendar now provides a neater month view, and weather updates displayed alongside your appointments.
The use of Thunderbolt 3 peripherals is now supported in Fedora 28. Thunderbolt™ is the brand name of a hardware interface developed by Intel® that allows the connection of external peripherals to a computer.
Fedora 28 ships with both boltd -- the system daemon for securely connecting Thunderbolt devices -- and changes to GNOME shell to connect these devices. Newly connected Thunderbolt devices are automatically enrolled by GNOME shell via the daemon if the current user is a system administrator and the session is unlocked. Subsequent connections of the same device will automatically authorize the device.
Improved emoji support
The Noto Color Emoji font is now the default for displaying Emoji on Fedora Workstation. This provides support for Unicode 10.0 emoji, including T-Rex (🦖), Hedgehog (🦔), Broccoli (🥦), and Curling Stone (🥌).
Fedora Workstation 28 introduces GNOME Photos as the default photo management application, replacing Shotwell. Photos is a simple application for viewing, browsing and organizing your photo library. In addition to photo organization, Photos also provides basic image editing capabilities, including the ability to add quick photographic filters over your images.
More information about the GNOME Photos application is available on the project's page on gnome.org
VirtualBox Guest Additions now default
VirtualBox Guest Additions and Guest Drivers are now shipped in the default Fedora Workstation installation. Consequently, any installation of Fedora Workstation as a guest on VirtualBox will have the Guest Additions features working out-of-the-box. Guest Additions add extra useful functionality to VirtualBox guests, including: automatic desktop resizing based on the window-size of the virtual machine, seamless mode (showing only windows from the guest), folder sharing, and copy/paste between host and guest.
Atomic Workstation: graphical updates
The rpm-ostree support in GNOME Software has been improved, and will now offer to update and restart on Atomic Workstation, just as it does on rpm-based systems.
Fedora ARM (aarch64 and ARMv7)
Raspberry Pi 3+ support
The newly released Raspberry Pi 3+ is supported on both ARMv7 and aarch64 with a similar feature set to that of the original Raspberry Pi 3.
Expanded support for aarch64 Single Board Computers
The support for aarch64 Single Board Computers was introduced in Fedora 27, the supported devices has been expanded and a lot of small improvements and bug reports to make the experience smoother.
KDE Plasma Desktop
- start HIDIPI support
- Using Thunderbird as email client
- Blender 2.79b and its add-ons are missing in this beta release due to a bug related to compiler GCC 8.0. The fix are under way and expected for the final release.
- Both Gnome ToDo and Books, originally introduced in Fedora 27 Design Suite are updated to 3.28.
- Inheriting features from Workstation, Gnome Photo is the default image viewer replacing Shotwell
- New release for Hugin, a panoramic photo stitcher, 2018.0.0
Upgrading to the Latest Release
To learn how to upgrade to the latest release from a recent Fedora release using DNF, see here.
Fedora 28 Accepted System Wide Changes Proposals
These changes have been accepted by the Fedora Engineering Steering Committee for the Fedora 28 Release as System Wide Changes.
Promote Aarch64 server technologies to Primary Architecture status. This would include the Server installer, the DVD installer ISOs, the Cloud (qcow2 images) and Docker base images to the same status as other primary Server architectures. This would NOT currently include other components such as Workstation images/installs, any of the various spins, or Fedora Atomic components.
Anaconda installer will be split into several modules that will communicate over DBus using stable API.
This change causes extra information to be stored in binary files compiled by gcc. This information can be used by scripts to check on various features of the file, such as the hardening options used or potential ABI conflicts.
Replace authconfig with authselect and make authselect a default tool to configure PAM and nsswitch.conf. A compatibility tool will help with transition period from authconfig to authselect.
Rebase the binutils package from version 2.29 to version 2.29.1. This will bring in the bug-fixes from the 2.29.1 point release, but not add any new features.
TCP wrappers is a simple tool to block incoming connection on application level. This was very useful 20 years ago, when there were no firewalls in Linux. This is not the case for today and connection filtering should be done in network level or completely in application scope if it makes sense. After recent discussions I believe it is time to go for this package, if not completely, than at least as a dependency of modern daemons in system by default.
Beginning in Fedora 28, Fedora will provide a new set of repositories for software and updates with alternative versions from those shipped in the default release.
This change brings Boost 1.66.0 to Fedora 28. This will mean F28 ships with a recent upstream Boost release.
Switch GCC in Fedora 28 to 8.x.y, rebuild all packages with it, or optionally rebuild just some packages with it and rebuild all packages only in Fedora 29.
Update the Haskell GHC compiler from major version 8.0.2 to 8.2.2.
Switch glibc in Fedora 28 to glibc version 2.27.
Update collation data in glibc to an ISO file from 2015 (in sync with Unicode 8.0.0) and sync collation rules of the locales with CLDR.
This system-wide change covers changes to the hardening flags in Fedora 28.
IBus core provides an Emoji dialog which users can type emoji annotations and output the emoji character using IBus (E.g. Typing "football" shows U+26BD). The proposal is the dialog also supports to type Unicode names (E.g. Typing "copyright sign" shows U+00A9).
The proposed change is about deprecating libidn, which supports IDNA2003, and switch all applications using libidn, to libidn2 2.0.0, which supports IDNA2008.
Improve Fedora (Workstation) Battery Life by enabling various hardware power-saving features by default.
This system-wide change covers the switch of NIS components to the new client side implementation in order to support IPv6, while detaching libnsl and nss_nis packages, previously bundled together with glibc.
Change the NSS library default to use the sqlite based data storage, when applications don't specify their preferred storage file format.
In order to go forward with adoption of SharedSystemCertificates after this change OpenLDAP clients and server will default to use only the system-wide certificates store.
OpenLDAP will not ship non-threaded versions of its libraries. Instead, it will link these to their threaded counterparts.
Currently there is a high level of redundancy between the Anaconda installer and gnome-initial-setup. This change aims to eliminate these redundancies and streamline the initial user experience in Fedora Workstation.
Use "nobody:nobody" as the names for the kernel overflow UID:GID pair, and retire the old "nfsnobody" name and the old "nobody:nobody" pair with 99:99 numbers.
There are plans to remove libcrypt from glibc, so we should have a replacement.
Ruby 2.5 is the latest stable version of Ruby. Many new features and improvements are included for the increasingly diverse and expanding demands for Ruby. With this major update from Ruby 2.4 in Fedora 26 to Ruby 2.5 in Fedora 28, Fedora becomes the superior Ruby development platform.
This change is about updating the current system-wide crypto policy to disable legacy and unused cryptographic protocols.
This system-wide change covers the removal of interfaces related to Sun RPC from glibc.
Rebase of Golang package to upcoming version 1.10 in Fedora 28, including rebuild of all dependent packages(pre-release version of Go will be used for rebuild, if released version will not be available at the time).
Replace usage of python-krbV and pykerberos with python-gssapi in all Fedora packages to enable their removal from Fedora. rharwood will author all necessary code changes; no new code from maintainers is required.
libcurl currently uses libssh2 to implement the SSH layer of SCP and SFTP protocols. After implementing this change, libcurl will use the libssh library instead.
Update the MPFR package to version 4.0.0.
A new time tool version 1.8 has changed output format.
Fedora 28 Accepted Self Contained Changes Proposals
These changes have been accepted by the Fedora Engineering Steering Committee for the Fedora 28 Release as Self Contained Changes.
This change enables the ability to choose to use the Python module dependency generator for packages that provide Python Egg/Wheel metadata.
Update the giflib package to the latest giflib-5.x version (currently 5.1.4).
Deprecate, and later disable, running /usr/bin/python (as opposed to /usr/bin/python3 or /usr/bin/python2) during RPM build.
This change is about upgrading python-django to version 2.0. The latest Django release drops support for Python 2, but a few Django apps packaged in Fedora do not yet support Python 3. A compatibility package will be provided for those.
Update Erlang/OTP to version 20.
This is an update of the Facter package from 2.X to 3.X. It is a self contained changed which will impact puppet directly and potentially any other tools that make use of facter to gather information.
Update fontconfig package to the latest version.
Analogously to the MiniDebugInfo change for native packages, install minimal debuginfos by default also for MinGW packages.
As per , TCP wrappers are being deprecated in Fedora. Also, as per , upstream discourages its usage in favour of other means of protection (e.g. firewall). After this change OpenLDAP will no longer be affected by TCP wrappers configuration.
Add required tools/instructions for packaging applications/libraries written in Rust. Rust is a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety.
Add initial support for Stratis, a local storage management solution. This will allow initial testing and user feedback that will guide Stratis's development and stabilization.
Update Sugar to the new upstream 0.112 stable feature release.
Support Thunderbolt 3 peripherals in a secure way hardware out of the box.
VirtualBox is popular, easy to use virtual-machine software. The purpose of this change is to ship the VirtualBox guest-drivers and -tools by default in the Fedora workstation product.
A new version of librealsense has been released, which does not support older camera versions. Bump librealsense to the new release and add the old library as librealsense1.
Update the PHP stack in Fedora to latest version 7.2.x
The VA-API components will be updated to 2.x. This will make some VA-API enabled media players to rely on this new version of the API for improved video hardware acceleration.