Fedora 34 Change proposal: Remove and deprecate nscd in favour of
sssd and systemd-resolved (Self-Contained Change)
by Ben Cotton
https://fedoraproject.org/wiki/Changes/RemoveNSCD
== Summary ==
This proposal intends to replace the ''nscd'' cache for named services
with ''systemd-resolved'' for the `hosts` database and the ''sssd''
daemon for everything else.
== Owner ==
* Name: [[User:submachine| Arjun Shankar]]
* Email: arjun(a)redhat.com
== Detailed Description ==
''nscd'' is a daemon that provides caching for accesses of the
`passwd`, `group`, `hosts`, `services`, and `netgroup` databases
through standard libc interfaces (such as `getpwnam`, `getpwuid`,
`getgrnam`, `getgrgid`, `gethostbyname`, etc.). This proposal intends
to replace ''nscd'' in Fedora with ''systemd-resolved'' for the
`hosts` database and the ''sssd'' daemon for everything else.
Accordingly, the `nscd` sub-package of glibc will be removed and
obsoleted.
== Benefit to Fedora ==
While still maintained within the glibc source tree, ''nscd'' has
received less than forty commits in the past three years and has
gathered significant technical debt, and has bugs which are hard to
fix. There are concurrency bugs in the shared mappings, cache
unification (IPv4 vs. IPv6 vs. AF_UNSPEC) issues, and more which would
require significant investment to fix in nscd. Such an investment
seems like duplicate effort among our communities given the quality
and state of ''sssd'', and ''systemd-resolved'' which is already
proposed to be enabled by default from [[Changes/systemd-resolved |
Fedora 33 onwards]].
At a high level, sssd and systemd-resolved together provide a caching
solution that has feature parity with nscd, with systemd-resolved
covering the hosts cache and sssd the rest. The removal of nscd from
Fedora will:
* move the user base over to a more modern solution for named services
caching, and
* reduce maintenance work on the Fedora glibc package and the
duplication of effort on nscd upstream.
== Scope ==
* Proposal owners:
The volume of work required is minimal, with the only change being the
removal and obsolescence of the nscd sub-package offered by glibc
which can be achieved by minor changes to the spec file. Since nscd is
not installed by default, the affect on the distribution is minimal.
Users who have installed nscd in an earlier release of Fedora will
need to install and configure sssd instead.
* Other developers: `nss-pam-ldapd` has a weak dependency on nscd that
will need to be removed. `libuser` has a build dependency on nscd that
will also need to be removed.
* Release engineering:
This change does not require coordination with or have impact on
release engineering and does not require a mass rebuild.
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives: Yes, this proposal aligns with the
[https://docs.fedoraproject.org/en-US/project/objectives current
objective] of "Fedora Minimization".
== Upgrade/compatibility impact ==
N/A (not a System Wide Change)
== User Experience ==
* Most users will be unaffected by this change because nscd is not
installed by default. It is usually used on systems configured with
LDAP, where nscd provides caching of remote queries.
* On a system using nscd that is updated to Fedora 34 from a previous
version, the system administrator will need to install and configure
sssd to replace it after the update. Even when this is not done, the
only visible affect will be slower resolution of named service queries
due to a missing cache.
* Users on a system running sssd and systemd-resolved instead of nscd
shouldn't see any noticeable difference in system behaviour or latency
in resolving named services.
== Dependencies ==
* `nss-pam-ldapd` has a weak dependency on nscd that will need to be removed.
* `libuser` has a build dependency on nscd that will also need to be removed.
Both changes are minimal, requiring a removal of the dependency in the
spec file, and a rebuild.
== Contingency Plan ==
* Contingency mechanism: Revert changes to glibc spec file and
continue to ship nscd. Revert changes to libuser and nss-pam-ldapd
packages; this will need to be done by the respective package
maintainers.
* Contingency deadline: Fedora 34 Beta Freeze
* Blocks release? N/A (not a System Wide Change)
* Blocks product? None
== Documentation ==
N/A (not a System Wide Change)
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
3 years, 4 months
Fedora 33 election results
by Ben Cotton
Greetings, all!
The Fedora 33 elections have completed.
## Fedora Council
Tom Callaway is elected to the Fedora Council.
## Fedora Engineering Steering Committee (FESCo)
The following candidates are elected to FESCo:
* Miro Hrončok
* Kevin Fenzi
* Zbigniew Jędrzejewski-Szmek
* Fabio Valentini
* David Cantrell
## Fedora Mindshare Committee
Till Maas is elected to the Fedora Mindshare Committee.
For more details, visit the Community Blog post:
https://communityblog.fedoraproject.org/fedora-33-elections-results/
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
3 years, 4 months
Fedora 34 Change: GitRepos-master-to-main (Self-Contained Change)
by Ben Cotton
https://fedoraproject.org/wiki/Changes/GitRepos-master-to-main
== Summary ==
This Change will move Fedora git repositories to use "main" as the
default git branch instead of "master". Specific repositories will be
manually moved and default git branch for new projects will be set to
use "main".
The Fedora Community strives to be open and welcoming. Some language
around our git repositories is dated and could be more inclusive. Many
git repositories currently use "master" as the default branch. This
Change will move many repositories (see below) to use a "main" branch
as default. This small bit of naming adjustment is in-line with
Fedora's vision for free and open source software built by inclusive,
welcoming, and open-minded communities.
== Owner ==
* Name: [[User:Kevin| Kevin Fenzi]], [[User:bcotton| Ben Cotton]],
[[User:pingou| pingou]], [[User:mohanboddu| Mohan Boddu]],
[[User:till| Till Maas]]
* Email: kevin(a)scrye.com, bcotton(a)redhat.com, pingou(a)pingoured.fr,
mboddu(a)bhujji.com, opensource(a)till.name
== Detailed Description ==
The Fedora Project controls a number of git repositories. This change
will move the default branch (that is, the git branch used when
nothing is specified) from 'master' to 'main'. Existing git clones
will need to pull to get the changed default branch. Existing Pull
Requests against the 'master' branch will need to be rebased against
the 'main' branch. Documentation will be updated.
== Benefit to Fedora ==
The Fedora Project will be a more welcoming place for new contributors.
== Scope ==
This change will take place in a number of phases:
=== Phase0 - 2020-12-14 ===
A guide will be published to explain how maintainers/project
managers can change the default
branch on pagure.io, which they can then do based in their projects desires.
=== Phase1 - 2020-12-15 ===
The following repos will be switched:
src.fedoraproject.org/flatpacks/*
pagure.io:
releng
releng/*
fedora-comps
fedora-kickstarts
fedora-infrastructure
fedora-lorax-templates
fedora-mediawikitheme
fedora-packager
fedora-infra/*
infra-docs
koji-fedmsg-plugin
workstation-ostree-config
pungi-fedora
github.com
fedora-infra/*
=== Phase2 - 2021-01-13 ===
src.fedoraproject.org/*
pagure.io default for new projects will be changed to 'main'
* Proposal owners:
Switching all above listed projects git repos to use 'main'
Deleting the 'master' branch
Announcing when changes have been made on devel-announce / other lists.
* Other developers:
Other developers are encouraged to change their upstream projects
on pagure.io, github or gitlab.
* Release engineering:
Releng will adjust any scripts that assume 'master' branch to use
'main' instead. The list includes and maybe few more
[https://pagure.io/releng/blob/master/f/scripts/update-critpath.py
update-critpath.py]
[https://pagure.io/releng/blob/master/f/scripts/block_retired.py
block_retired.py]
[https://pagure.io/releng/blob/master/f/scripts/update-docs.sh
update-docs.sh]
[https://pagure.io/releng/blob/master/f/scripts/find_unblocked_orphans.py
find_unblocked_orphans.py]
[https://pagure.io/releng/blob/master/f/scripts/mass-rebuild-second-run.py
mass-rebuild-second-run.py]
[https://pagure.io/releng/blob/master/f/scripts/adjust-eol-modules.py
adjust-eol-modules.py]
[https://pagure.io/releng/blob/master/f/scripts/pdc/adjust-eol-modules.py
adjust-eol-modules.py]
[https://pagure.io/releng/blob/master/f/scripts/pdc/adjust-eol-modules.py
adjust-eol-modules.py]
[https://pagure.io/releng/blob/master/f/scripts/pdc/adjust-eol.py
adjust-eol.py]
[https://pagure.io/releng/blob/master/f/scripts/pdc/create-new-release-bra...
create-new-release-branches.py]
[https://pagure.io/releng/blob/master/f/scripts/pdc/create-branch.py
create-branch.py]
[https://pagure.io/releng/blob/master/f/scripts/pdc/adjust-eol-all.py
adjust-eol-all.py]
[https://pagure.io/releng/blob/master/f/scripts/check-unretirement.py
check-unretirement.py]
[https://pagure.io/releng/blob/master/f/scripts/mass-rebuild-special.py
mass-rebuild-special.py]
[https://pagure.io/releng/blob/master/f/scripts/need-rebuild.py
need-rebuild.py]
[https://pagure.io/releng/blob/master/f/scripts/distgit-branch-unused.py
distgit-branch-unused.py]
[https://pagure.io/releng/blob/master/f/scripts/create-new-release-branche...
create-new-release-branches.py]
* Policies and guidelines: N/A
* Trademark approval: N/A
* Alignment with Objectives:
== Upgrade/compatibility impact ==
Users with old checkouts will need to update their git configuration
or re-clone repositories that have changed before they can see any new
changes.
Repos used to build content for docs.fedoraproject.org can change the
default git branch, but the Antora module version (in `antora.yml`)
should remain `master` pending support for alternate "unversioned"
versions upstream.
== How To Test ==
# git clone <one of the listed repositories>
# cd <repositoryname>
# git branch
should return: `* main`
== User Experience ==
Users and developers will see more welcoming language and that the
fedora project expended effort to be more welcoming to them.
== Dependencies ==
none
== Contingency Plan ==
* Contingency mechanism: Revert repositories, scripts, and docs back
to the unwelcoming 'master'
* Contingency date: 2020-01-13
== Documentation ==
A short guide on how to change this for pagure.io will be produced.
== Release Notes ==
Many git repositories used to create Fedora releases were moved to use
a 'main' branch instead of a 'master' branch. The Fedora Project
envisions a world where everyone benefits from free and open source
software built by inclusive, welcoming, and open-minded communities.
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
3 years, 4 months
Fedora 34 Change: Ruby 3.0 (System-Wide Change)
by Ben Cotton
https://fedoraproject.org/wiki/Changes/Ruby_3.0
== Summary ==
Ruby 3.0 is the latest stable version of Ruby. Many new features and
improvements are included for the increasingly diverse and expanding
demands for Ruby. With this major update from Ruby 2.7 in Fedora 33 to
Ruby 3.0 in Fedora 34, Fedora becomes the superior Ruby development
platform.
== Owner ==
* Name: [[User:vondruch| Vít Ondruch]], [[User:pvalena| Pavel Valena]]
* Email: vondruch(a)redhat.com, pvalena(a)redhat.com
== Detailed Description ==
<!-- Expand on the summary, if appropriate. A couple sentences
suffices to explain the goal, but the more details you can provide the
better. -->
Ruby 3.0 is upstream's new major release of Ruby. Many new features
and improvements are included.
=== RBS ===
RBS is a language to describe the types of Ruby programs. Type
checkers including type-profiler and other tools supporting RBS will
understand Ruby programs much better with RBS definitions.
You can write down the definition of classes and modules: methods
defined in the class, instance variables and their types, and
inheritance/mix-in relations. The goal of RBS is to support commonly
seen patterns in Ruby programs and it allows writing advanced types
including union types, method overloading, and generics. It also
supports duck typing with interface types.
Ruby 3.0 ships with `rbs` gem, which allows parsing and processing
type definitions written in RBS.
=== Ractor (experimental) ===
Ractor is an Actor-model like concurrent abstraction designed to
provide a parallel execution feature without thread-safety concerns.
You can make multiple ractors and you can run them in parallel. Ractor
enables to make thread-safe parallel programs because ractors can not
share normal objects. Communication between ractors are supported by
message passing.
To limit sharing objects, Ractor introduces several restrictions to
the Ruby’s syntax (without multiple Ractors, there is no changes).
The specification and implementation are not matured and changed in
future, so this feature is marked as experimental and show the
experimental feature warning if Ractor is created.
=== Scheduler (Experimental) ===
`Thread#scheduler` is introduced for intercepting blocking operations.
This allows for light-weight concurrency without changing existing
code.
CAUTION: This feature is strongly experimental. Both the name and
feature will change in next preview release.
=== Other Notable New Features ===
* Rightward assignment statement is added.
* Endless method definition is added.
* Find pattern is added.
* `Hash#except` is now built-in.
* Memory view is added as an experimental feature
=== Performance improvements ===
Many improvements were implemented in MJIT.
=== Other notable changes since 2.7 ===
* Keyword arguments are separated from other arguments.
* The feature of `$SAFE` was completely removed; now it is a normal
global variable.
* The order of backtrace had been reversed at Ruby 2.5, but it was
cancelled. Now it behaves like Ruby 2.4; an error message and the line
number where the exception occurs are printed first, and its callers
are printed later.
* Some standard libraries are updated.
== Benefit to Fedora ==
With a latest release, Ruby language is supporting the newest language
features, which enables even faster and easier development of Ruby
applications.
== Scope ==
* Proposal owners:
** Finish packaging of Ruby 3.0. Current changes available in PR
https://src.fedoraproject.org/rpms/ruby/pull-request/70
** Rebuilding of Ruby packages providing native extensions (i.e.
packages which depends on libruby).
* Other developers:
** Rebuild of packages with binary extensions (i.e. packages which
depends on libruby) will be handled automatically, but some packages
might need fixes/updates to support Ruby 3.0 properly.
* Release engineering: [https://pagure.io/releng/issue/9882 #9882] (a
check of an impact with Release Engineering is needed)
** The packages are going to be rebuild in side-tag, but that does not
need releng involvement nowadays.
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives:
== Upgrade/compatibility impact ==
* User specific Ruby binary extensions need to be rebuild.
== How To Test ==
* No special hardware is needed.
* To test, install Ruby 3.0. The test builds are pusblished in PR or
on Ruby-SIG ML
* Try to locally rebuild your packages using Ruby 3.0.
* Use the packages with your applications previously written in Ruby.
* If something doesn't work as it should, let us know.
== User Experience ==
The Ruby programs/scripts should behave as they were used to.
== Dependencies ==
<pre>
$ dnf repoquery --disablerepo=* --enablerepo=rawhide
--enablerepo=rawhide-source --arch=src --whatrequires 'ruby-devel' |
sort | uniq | wc -l
138
</pre>
== Contingency Plan ==
* Contingency mechanism: We would like to get a special buildroot tag
to be able to rebuild necessary the packages with Ruby 3.0. If
anything goes wrong, the tag could be easily dropped and previous
version of Ruby 2.7 and its dependencies stays intact. The tag would
be merged into F34 after everything is rebuild.
* Contingency deadline: Mass Rebuild
* Blocks release? No (not a System Wide Change), Yes/No
* Blocks product? No
== Documentation ==
* [http://www.ruby-doc.org/ Help and documentation for the Ruby
programming language]
* [https://github.com/ruby/ruby/blob/v3_0_0_preview1/NEWS.md Ruby
3.0.0.preview1 NEWS]
== Release Notes ==
* The Ruby 3.0 bumps soname, therefore Ruby packages, which use binary
extensions, should be rebuilt. Nevertheless, since upstream paid great
attention to source compatibility, no changes to your code are needed.
https://github.com/ruby/ruby/blob/master/NEWS
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
3 years, 4 months
Fedora 34 Change: ntp replacement (Self-Contained Change)
by Ben Cotton
https://fedoraproject.org/wiki/Changes/NtpReplacement
== Summary ==
The `ntp` package is replaced with `ntpsec`.
== Owner ==
* Name: [[User:mlichvar| Miroslav Lichvar]]
* Email: mlichvar(a)redhat.com
== Detailed Description ==
`ntp` is one of the few NTP implementations provided in Fedora. It is
not used or installed by default.
The [https://www.ntp.org/ upstream project] is not in a good shape and
it doesn't seem to be improving. The development is slow and happens
behind closed doors. There is a significant number of known security
issues that have not been fixed yet. Some are exploitable in the
default configuration.
[https://www.ntpsec.org/ ntpsec] is a fork of `ntp` with focus on
security. It has removed a lot of code and fixed or avoided most of
the security issues in `ntp`. It doesn't support all features, but in
typical configurations it can be used as a drop-in replacement for
`ntp`.
There are few packages in Fedora that have a dependency on `ntp`:
* `nagios-plugins-ntp-perl`
* `ntpstat`
== Benefit to Fedora ==
This change makes Fedora more secure.
== Scope ==
* Proposal owners:
# Package `ntpsec` obsoleting the `ntp` package.
# Retire `ntp` package.
# Make sure the dependent packages still work.
* Other developers: N/A (not a System Wide Change)
* Release engineering: N/A (not needed for this Change)
* Policies and guidelines: N/A (not a System Wide Change)
* Trademark approval: N/A (not needed for this Change)
== Upgrade/compatibility impact ==
The `ntp` package is replaced automatically on upgrade to Fedora 34.
The configuration file ''/etc/ntp.conf'' is saved as to
''/etc/ntp.conf.rpmsave'' and it needs to be renamed to
''/etc/ntp.conf'' to be used by `ntpsec`. Otherwise, `ntpsec` will
fall back to the default configuration in ''/etc/ntp.d'' using the
''pool.ntp.org'' servers.
The `ntpd` service is disabled after the upgrade and needs to be enabled again.
== How To Test ==
* Install `ntpsec`
* Run `ntpdate pool.ntp.org`
* Start the `ntpd` service
* Run `ntpq -p` to verify `ntpd` is polling servers and synchronizing the clock
== User Experience ==
For most users of `ntp` the experience is not expected to change
significantly. Advanced configurations may need to be modified to work
with `ntpsec`.
== Dependencies ==
N/A (not a System Wide Change)
== Contingency Plan ==
* Contingency mechanism: Unretire `ntp` and remove the obsoletes in `ntpsec`
* Contingency deadline: Fedora 34 Beta
* Blocks release? N/A (not a System Wide Change)
* Blocks product?
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
TBD
--
Ben Cotton
He / Him / His
Senior Program Manager, Fedora & CentOS Stream
Red Hat
TZ=America/Indiana/Indianapolis
3 years, 4 months