Alterações no Fedora 43 para administradores de sistema

Changes in the Anaconda installer

Fedora spins now use the new WebUI installer

Fedora 42 has introduced a new, redesigned graphical installer interface using a new, browser-based WebUI, which was available on Fedora Workstation. In Fedora 43, the same installer is now also used on Fedora KDE Edition, as well as some of the Spins.

No more support for installs on MBR-partitioned disks in UEFI mode on x86

Starting with Fedora 43, the installer no longer supports installing Fedora on disks using a Master Boot Record (MBR) while in UEFI boot mode on 32-bit x86 systems. Instead, the installer will enforce the use of a GUID Partition Table (GPT), which is a significantly more modern standard, and was already the default previously on some hardware configurations. Existing 32-bit UEFI systems with MBR-partitioned disks can be upgraded like normal, only new installations are affected.

Anaconda now uses DNF5

Fedora as a whole has switched to DNF5 in the 41 release for general package management and image building. Starting with Fedora 43, Anaconda is now also using DNF5 on the backend. The change should not be visible to most users.

Modularity support removal

Since the Fedora Modularity project has been deprecated, supports for package modularity has now also been removed from Anaconda. This change is related to the switch to DNF5, as DNF5 no longer supports modularity either, so this allows Anaconda to be upgraded to DNF5.

Default /boot partition is now 2G

Fedora Linux 43 has raised the size of the default /boot partition to 2 GiB. This is to accommodate increases in boot data over the past several releases and to maintain a usable experience. Users of older releases may be advised to consider reinstalling instead of upgrading to increase the /boot partition size.

Automatic updates by default on Fedora Kinoite

Updates to both the system and all Flatpaks on Fedora Kinoite are now downloaded automatically and applied on the next reboot. The change applies to all systems, whether newly installed or updated to Fedora 43, unless the autoupdate setting has been changed before.

You can change the frequency of automatic updates (or disable them completely, though this is not recommended) in system settings, under the Software Updates tab.

Stratis 3.8.5: stratisd 3.8.5 and stratis-cli 3.8.2

Stratis 3.8.5, which consists of stratisd 3.8.5 and stratis-cli 3.8.2 includes a number of significant enhancements and modifications.

stratisd

For stratisd, the release makes improvements to the Stratis support for mounting filesystems at boot. It introduces a new systemd unit file, stratis-fstab-setup-with-network@.service, which should be used when a filesystem’s pool requires unlocking with the network present, as is the case when a pool is encrypted using NBDE (network-bound disk encryption). The fstab entry for the filesystem must include the _netdev option if this systemd unit file is used.

If the stratis-fstab-setup-with-network@service unit is used and the _netdev option is omitted in the same fstab entry, systemd will calculate a cyclic dependency, and the boot process will fail.

An example fstab entry for a filesystem on a pool that is encrypted using NBDE should look something like this:

/dev/stratis/<POOL_NAME>/<FILESYSTEM_NAME> <MOUNTPOINT> xfs defaults,_netdev,x-systemd.requires=stratis-fstab-setup-with-network@<POOL_UUID>.service 0 2

If a filesystem’s pool does not require that the network is up to be unlocked then the fstab entry may use the existing stratis-fstab-setup@.service unit instead.

Additionally stratisd takes responsibility for maintaining the key used to encrypt a Stratis pool, so that it is guaranteed to be present in the kernel keyring if an automatic pool maintenance action needs to be performed on an encrypted pool. stratisd updates the new VolumeKeyLoaded D-Bus property on the affected pool with an error message if the key is not loaded.

stratisd also exposes additional information about stopped pools in the StoppedPools property.

stratis-cli

For stratis-cli, the release fixes a bug where a user would be unable to start an encrypted pool previously created with any Stratis release less than 3.8.0.

stratis-cli also exposes more information about a stopped pool in its detail view.

Confidential Virtualization Host for Intel TDX

Fedora virtualization hosts running on suitably configured Intel Xeon hardware now have the ability to launch confidential virtual machines using the Intel TDX feature.

Fedora has provided support for launching confidential virtual machines using KVM on x86_64 hosts for several years, using the SEV and SEV-ES technologies available from AMD CPUs, and since Fedora 41, using the SEV-SNP technology. In the Fedora 42 release, support for the Intel SGX platform was introduced, and this change builds on that work to allow creation of Intel TDX guests on Fedora hosts. Intel TDX provides confidential virtualization functionality that is on a par with the recent AMD SEV-SNP support.

PostgreSQL 18

PostgreSQL in Fedora 43 (the postgresql and libpq components) has been upgraded to major version 18. This continues the versioned packaging structure introduced in Fedora 40.

See the upstream release notes for more information and notes on migration.

Read-only BDB support in 389 Directory Server

Starting from 389-ds-base version 3.1.3, the 389 Directory Server no longer supports the deprecated BerkeleyDB, so the LDMB database must be used. Users still using BerkeleyDB will have to migrate their data. In Fedora this change is available starting from Fedora 43 (Version 3.2.0 that was also originally planned for Fedora 43 is delayed.)

Directory server instances created since Fedora 40 and using the default LMDB database are not impacted (that is typically the case for FreeIPA users). However, users still using BerkeleyDB (either because they have not yet migrated or because they explicitly choose to use BerkeleyDB) are required to migrate to LMDB.

If this step is not done, the instance will not be able to start after the upgrade, and the following error message is displayed in the dirsrv error log and in the system journal:

bdb implementation is no longer supported. Directory server cannot be started without migrating to lmdb first. To migrate, please run: dsctl instanceName dblib bdb2mdb

Users then need to migrate the data either using the dsctl command, or manually by following the steps in the upstream FAQ.

Dovecot 2.4

The Dovecot e-mails server has been updated to version 2.4 in Fedora 43. This is the latest major update, released after 7 years of development.

Note that Dovecot 2.4 configuration is not totally compatible with the previous version (2.3). See the Upgrading Dovecot CE from 2.3 to 2.4 document upstream.

For more information about this release, see the upstream release notes.

MySQL 8.4 as default

MySQL 8.4 is now the default version of MySQL in Fedora.

Those who wish to continue using the previous default version, MySQL 8.0, can use the mysql-8.0-server package.

For information about the latest releases, see the following links:

RPM 6.0

Fedora 43 updates the RPM packaging system to version 6.0. This release provides several security improvements, such as:

  • OpenPGP keys are referred to by their fingerprint or full key id where fingerprint not available (compared to the short keyid in previous versions).

  • OpenPGP keys can be updated with rpmkeys --import <key> and corresponding API(s).

  • Support for multiple signatures per package.

  • Support for automatic signing on package build (mainly for local use).

  • Support for OpenPGP v6 keys and signatures (including PQC).

  • Support for signing with Sequoia-sq as an alternative to GnuPG.

For full information about this release, see the upstream release notes. The Road to RPM 6.0 post also provides details in a more easily digestible format. Slightly smaller (in the range of a few megabytes) initrd sizes and faster boots. See https://github.com/coreos/fedora-coreos-tracker/issues/1247#issuecomment-1179490347 for some measurements. We did the change in Fedora CoreOS to reduce the size of the initrd to save disk space in the /boot partition.

initrd is now compressed by zstd by default

The compression algorithm used by dracut when generating an initrd has been changed from xz to zstd, and Dracut now depends on zstd to ensure it is available. This should result in slightly smaller initrd sizes and slightly faster boot times.

YASM is deprecated and has been replaced with NASM

The YASM assembler has been deprecated and no new packages should depend on it. Packages that require it to build are now built using NASM where possible.

Modular packaging for GnuPG2

The previously monolithic GnuPG package (gnupg2) has been modularized, with several tools and non-essential utilities having been split into separate subpackages. The non-essential utilities (in gnupg2-utils) and some services that are unused on most systems are no longer installed by default.

Want to help? Learn how to contribute to Fedora Docs