# 20230517_FCOS-F39-Changes *Output generated by and [stored alongside](https://pagure.io/fork/dustymabe/fedora-pgm/pgm_scripts/blob/dusty-fcos-changes/f/changes/FCOS-changes.md.orig) ([with modifications](https://pagure.io/fork/dustymabe/fedora-pgm/pgm_scripts/blob/dusty-fcos-changes/f/changes/FCOS-changes.md)) [this](https://pagure.io/fork/dustymabe/fedora-pgm/pgm_scripts/blob/dusty-fcos-changes/f/changes/genFCOSChanges.sh) script in a fork of the [pgm_scripts repo](https://pagure.io/fedora-pgm/pgm_scripts).* --- **Fedora 39 Accepted System-Wide Changes** ([wiki source](https://fedoraproject.org/wiki/Releases/39/ChangeSet#Fedora_Linux_39_Accepted_System-Wide_Changes)) 101. ✔️ [DNF/RPM Copy on Write enablement for all variants](https://fedoraproject.org/wiki/Changes/RPMCoW) - RPM Copy on Write provides a better experience for Fedora Users as it reduces the amount of I/O and offsets CPU cost of package decompression. RPM Copy on Write uses reflinking capabilities in btrfs, which is the default filesystem starting from Fedora 33 for most variants. Note that this behavior is not being turned on by default for this Change. - Tracking bug: [#1915976](https://bugzilla.redhat.com/show_bug.cgi?id=1915976) - NOTE: JL: This path of librpm is not used by rpm-ostree. The whole download and unpack path is ostree native and has different tradeoffs. Good to keep track of this conceptually, but nothing for FCOS to do here. 101. ✔️ [Changes/LegacyXorgDriverRemoval](https://fedoraproject.org/wiki/Changes/LegacyXorgDriverRemoval) - This change removes the xorg-x11-drv-vesa and xorg-x11-drv-fbdev driver packages, and associated support code from the xorg-x11-server-Xorg package. - Tracking bug: [#2078921](https://bugzilla.redhat.com/show_bug.cgi?id=2078921) - NOTE: JL:️ We don't ship X11 101. ✔️ [KTLS implementation for GnuTLS](https://fedoraproject.org/wiki/Changes/KTLSSupportForGnuTLS) - Acceleration of GnuTLS with software Kernel TLS (KTLS) - Tracking bug: [#2130000](https://bugzilla.redhat.com/show_bug.cgi?id=2130000) - NOTE: JL:️ This should be transparent to us. 101. ✔️ [Python 3.12](https://fedoraproject.org/wiki/Changes/Python3.12) - Update the Python stack in Fedora from Python 3.11 to Python 3.12, the newest major release of the Python programming language. - Tracking bug: [#2135404](https://bugzilla.redhat.com/show_bug.cgi?id=2135404) - NOTE: JL:️ We don't ship Python 101. ✔️ [Modernize Live Media](https://fedoraproject.org/wiki/Changes/ModernizeLiveMedia) - Modernize the live media by switching to the "new" live environment setup scripts provided by livesys-scripts and leverage new functionality in dracut to enable support for automatically enabling persistent overlays when flashed to USB sticks. - Tracking bug: [#2139918](https://bugzilla.redhat.com/show_bug.cgi?id=2139918) - NOTE: JL:️ We use our own live media. It already supports this via Ignition. :) 101. ⚠️ [Ostree Native Container (Phase 2, stable)](https://fedoraproject.org/wiki/Changes/OstreeNativeContainerStable) - Continue the work done in https://fedoraproject.org/wiki/Changes/OstreeNativeContainer but in an officially stable format, and expanded to cover more OSTree-based editions. This goes "all in" on being container-native and significantly changes the technology and user emphasis. - Tracking bug: [#2151321](https://bugzilla.redhat.com/show_bug.cgi?id=2151321) - NOTE: JL:️ Tracked at https://github.com/coreos/fedora-coreos-tracker/issues/1363 101. ✔️ [Add Fedora Auto Firstboot Services to desktop variants](https://fedoraproject.org/wiki/Changes/AutoFirstBootServices) - Add fedora-autofirstboot to desktop variants to run a predetermined set of tasks on first boot after post installation, notably installing codecs and cleaning up installer packages from the installed system. - Tracking bug: [#2152200](https://bugzilla.redhat.com/show_bug.cgi?id=2152200) - NOTE: JL:️ This only affects Desktop variants. Good to stay aware of the discussions around how this would work on FSB though. See thread in https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/O7YIKYEYTYN7TKQF6HSC7W3XYPXQTNOS/#JAGJ6BYIRJLONNCZF2IQZRWUGWVOYA5F. 101. ✔️ [Boost 1.81 upgrade](https://fedoraproject.org/wiki/Changes/F39Boost181) - This change brings Boost 1.81 to Fedora. This will mean Fedora ships with a recent upstream Boost release. - Tracking bug: [#2158241](https://bugzilla.redhat.com/show_bug.cgi?id=2158241) - NOTE: JL:️ This should be transparent to us. 101. ⚠️ [Make DNF5 The Default](https://fedoraproject.org/wiki/Changes/ReplaceDnfWithDnf5) - Make DNF5 the new default packaging tool. The change will replace DNF, YUM, and DNF-AUTOMATIC with the new DNF5 and new Libdnf5 library. The change will mainly impact command-line users of DNF. It is a second step after https://fedoraproject.org/wiki/Changes/MajorUpgradeOfMicrodnf. - Tracking bug: [#2166026](https://bugzilla.redhat.com/show_bug.cgi?id=2166026) - NOTE: JL:️ This does not directly affect FCOS (we don't ship dnf), but is of interest as part of the discussions around layering and bootc. We also need to investigate switching rpm-ostree to use the latest libdnf. 101. ✔️ [Remove pam_console](https://fedoraproject.org/wiki/Changes/RemovePamConsole) - Remove pam_console as it is not enabled by default, can be replaced by systemd and has security issues. - Tracking bug: [#2166692](https://bugzilla.redhat.com/show_bug.cgi?id=2166692) - NOTE: JL:️ We don't enable pam_console either so this shouldn't affect our default configuration. It's possible users may have enabled it themselves, in which case they would be affected by this change, but I don't think it's worth providing a notice. 101. ✔️ [Modernize Thread Building Blocks for Fedora 39](https://fedoraproject.org/wiki/Changes/F39ModernizeTBB) - Fedora is currently shipping version 2020.3 (released July 10, 2020) of the Thread Building Blocks library. The current upstream version is 2021.8 (released December 22, 2022). The Fedora community has expressed interest in moving the TBB package to track a more modern version of the upstream. - Tracking bug: [#2175941](https://bugzilla.redhat.com/show_bug.cgi?id=2175941) - NOTE: [travier] Does not impact FCOS (we don't ship this package) ✔️ 101. ⚠️ [MinGW toolchain update](https://fedoraproject.org/wiki/Changes/F39MingwEnvToolchainUpdate) - Update the MinGW toolchain to the latest upstream stable releases. - Tracking bug: [#2176849](https://bugzilla.redhat.com/show_bug.cgi?id=2176849) - NOTE: [travier] We build Windows binaries for Butane. Should be fine but a simple check would be nice. 101. ⚠️ [SPDX License Phase 2](https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_2) - Second phase of transition from using Fedora's short names for licenses to SPDX identifiers in the License: field of Fedora package spec files. This phase addresses how to update the License: field for existing packages, including documenting more specific guidance on how to find licenses in a package. - Tracking bug: [#2184184](https://bugzilla.redhat.com/show_bug.cgi?id=2184184) - NOTE: [travier] We need to ensure our packages are compliant 101. ⚠️ [Changes of defaults in createrepo_c-1.0.0](https://fedoraproject.org/wiki/Changes/createrepo_c_1.0.0) - Update createrepo_c to 1.0.0, new release will include change of default compression to zstd, no longer generating metadata in sqlite database format by default and simplified comps xml type in repodata. - Tracking bug: [#2185617](https://bugzilla.redhat.com/show_bug.cgi?id=2185617) - Note: [travier] Should not impact FCOS. Maybe check with rpm-ostree? 101. ⚠️ [RPM 4.19](https://fedoraproject.org/wiki/Changes/RPM-4.19) - Update RPM to the 4.19 release. - Tracking bug: [#2187480](https://bugzilla.redhat.com/show_bug.cgi?id=2187480) - Note: [travier] Should not impact FCOS. Maybe check with rpm-ostree? 101. ✔️ [Perl 5.38](https://fedoraproject.org/wiki/Changes/perl5.38) - A new perl 5.38 version brings a lot of changes done over a year of development. Perl 5.38 will be released in May 20th 2023. See perldelta for 5.37.11 for more details about new release. - Tracking bug: [#2203264](https://bugzilla.redhat.com/show_bug.cgi?id=2203264) - Note: [travier] Does not impact FCOS (we don't ship this package) --- **Fedora 39 Accepted Self-Contained Changes** ([wiki source](https://fedoraproject.org/wiki/Releases/39/ChangeSet#Fedora_Linux_39_Accepted_Self-Contained_Changes)) 201. ✔️ [Modular GNOME Keyring services](https://fedoraproject.org/wiki/Changes/ModularGnomeKeyring) - The monolithic daemon provided by GNOME Keyring will be split into dedicated sub-daemons, so that they can be consistently managed by systemd. - Tracking bug: [#1899998](https://bugzilla.redhat.com/show_bug.cgi?id=1899998) - Note: [travier] Does not impact FCOS (we don't ship this package) 201. ✔️ [LXQt image for aarch64](https://fedoraproject.org/wiki/Changes/LXQt_image_for_aarch64) - Generate LXQt image (both iso and disk image) for aarch64 architecture. - Tracking bug: [#2139111](https://bugzilla.redhat.com/show_bug.cgi?id=2139111) - Note: [travier] Does not impact FCOS (we don't ship this package) 201. ✔️ [Enable bootupd for Fedora Silverblue & Kinoite](https://fedoraproject.org/wiki/Changes/FedoraSilverblueBootupd) - By design, ostree does not manage bootloader updates as they can not (yet) happen in a safe fashion. To solve this issue, bootupd (https://github.com/coreos/bootupd) was created. bootupd is a small socket activated program that takes care of updating the bootloader. It currently only supports EFI booted systems and rpm-ostree based systems. The updates are triggered by an administrator and are not (yet) automated for safety reasons. This change is about enabling bootupd integration in Fedora Silverblue and Fedora Kinoite to make bootloader updates easier. bootupd is already used in Fedora CoreOS. - Tracking bug: [#2150982](https://bugzilla.redhat.com/show_bug.cgi?id=2150982) - Note: [travier] Does not impact FCOS (already done) 201. ✔️ [Build Fedora Silverblue & Kinoite using rpm-ostree unified core mode](https://fedoraproject.org/wiki/Changes/FedoraSilverblueUnifiedCore) - rpm-ostree upstream development is focusing on the "unified core" mode and the previous mode is being deprecated. Fedora Silverblue and Fedora Kinoite are currently building using the old mode and we've wanted to move over for a while. The main advantage of the unified core mode is that it is stricter and safer, while enabling some post processing steps to happen during or after the image build. - Tracking bug: [#2150984](https://bugzilla.redhat.com/show_bug.cgi?id=2150984) - Note: [travier] Does not impact FCOS (already done) 201. ✔️ [Man-pages-ru Retirement](https://fedoraproject.org/wiki/Changes/ManPagesRuRetirement) - Retiring man-pages-ru because it is already part of the man-pages-l10n. - Tracking bug: [#2163421](https://bugzilla.redhat.com/show_bug.cgi?id=2163421) - NOTE: DWM: This is a self contained change and FCOS doesn't ship man pages 201. ✔️ [Mass Retire Golang Leaves](https://fedoraproject.org/wiki/Changes/Mass_Retire_Golang_Leaves) - As of Jan 2023, 275/1660 (17%) library only Go source packages are leaves. Overall, these packages are maintained by 35 different maintainers along with the Go SIG. These leaves(by maintainer) will be mass retired in Fedora 39. - Tracking bug: [#2170956](https://bugzilla.redhat.com/show_bug.cgi?id=2170956) - NOTE: DWM: This should be no action for us. As long as the packages we consume keep getting built we're happy. 201. ✔️ [FontAwesome6](https://fedoraproject.org/wiki/Changes/FontAwesome6) - Update the FontAwesome package in Fedora to version 6.x, with a compatibility package for packages still needing 4.x. - Tracking bug: [#2181567](https://bugzilla.redhat.com/show_bug.cgi?id=2181567) - NOTE: DWM: Skip, We don't ship many font packages in FCOS. 201. ⚠️ [Register EC2 Cloud Images with IMDSv2-only AMI flag](https://fedoraproject.org/wiki/Changes/CloudEC2IMDSv2Only) - In November 2019, AWS launched IMDSv2 (Instance Meta-Data Store version 2 - see https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/ ) which provides "belt and suspenders" protections for four types of vulnerabilities that could be used to try to access the Instance Meta-Data Store available to EC2 instances. In that announcement, AWS recommended adopting IMDSv2 and restricting access to IMDSv2 only for added security. This can be done at instance launch time, or (more recently in October 2022) by providing a flag when registering an AMI to indicate that the AMI should by default launch with IMDSv1 disabled, and thus require IMDSv2. - Tracking bug: [#2185248](https://bugzilla.redhat.com/show_bug.cgi?id=2185248) 201. ⚠️ [EC2 AMIs default to the gp3 EBS volume type](https://fedoraproject.org/wiki/Changes/CloudEC2gp3) - In Amazon EC2, Elastic Block Store (EBS) volumes can be one of several types. These can be specified at volume creation time, including for the default volumes that are created on instance launch. An AMI will have default volumes and volume types configured. Fedora currently defaults to the gp2 volume type. This proposal is to switch to gp3 as the default volume type for Fedora. The gp3 volume type is both more flexible than gp2, and can be up to 20% cheaper per GB. - Tracking bug: [#2185249](https://bugzilla.redhat.com/show_bug.cgi?id=2185249) 201. ⚠️ [Register EC2 Cloud Images with uefi-preferred AMI flag](https://fedoraproject.org/wiki/Changes/CloudEC2UEFIPreferred) - A new feature of EC2 is to be able to register AMIs with a boot mode of uefi-preferred rather than picking one of bios or uefi. In EC2, aarch64 has always been UEFI, while x86-64 started out as BIOS only and some instance types have recently begun to support booting in UEFI mode. Previously, an AMI had to pick if it was UEFI or BIOS. With uefi-preferred it allows an AMI to launch with whatever firmware stack is available for the instance type, preferring UEFI when UEFI is an option. - Tracking bug: [#2185883](https://bugzilla.redhat.com/show_bug.cgi?id=2185883) - NOTES: JL: https://github.com/coreos/coreos-assembler/pull/3402 201. ✔️ [Remove standard storage option from Fedora EC2 images](https://fedoraproject.org/wiki/Changes/CloudEC2ImagesNoStandardStorage) - AWS offers multiple types of block storage depending on the needs of the individual user. Fedora images are uploaded with standard and gp2 currently (gp3 will replace gp2 very soon with another approved change). - Tracking bug: [#2192929](https://bugzilla.redhat.com/show_bug.cgi?id=2192929) - NOTE: DWM: This change is about the offered Fedora Cloud images. FCOS already doesn't offer a standard versus gp2 AWS image. Nothing for us to do here. 201. ✔️ [Fedora Images on Azure](https://fedoraproject.org/wiki/Changes/Fedora_Images_On_Azure) - Azure is a massive public cloud and offering an official Fedora Cloud image there would expand Fedora's user base. It also gives Fedora Cloud users more options when selecting public clouds. - Tracking bug: [#2203192](https://bugzilla.redhat.com/show_bug.cgi?id=2203192) - NOTE: DWM: skip, we ship Azure FCOS images to download already and have cards to upload those to the marketplace. 201. ️⚠️ [mkosi-initrd](https://fedoraproject.org/wiki/Changes/mkosi-initrd) - mkosi-initrd is an alternative builder for initrds. It will be packaged in Fedora, so that users can use it to build initrds locally. A kernel-install plugin will be provided to build the initrd when a kernel package is installed. As a stretch goal, initrds will be build in koji and delivered via rpm packages. As a further stretch goal, pre-built initrds will be used in Unified Kernel Images that can be delivered via rpm packages. - Tracking bug: [#2203221](https://bugzilla.redhat.com/show_bug.cgi?id=2203221) 201. ✔️ [Lazarus repackaging](https://fedoraproject.org/wiki/Changes/F39-Lazarus-repackaging) - Split the lazarus package (the Lazarus IDE for Free Pascal) into several sub-packages (built from the same spec file) and enable building the Lazarus Component Library for multiple widget sets, instead of just the default GTK2. - Tracking bug: [#2203269](https://bugzilla.redhat.com/show_bug.cgi?id=2203269) - NOTE: DWM: Skip. We don't ship Lazarus in FCOS.