- Name: Changes in Fedora for System Administrators

      Dir: sysadmin

      Topics:

        - Name: Installation

          File: Installation

        - Name: Security

          File: Security

        - Name: Domain Controllers

          File: Domain_Controllers

    - Name: Changes in Fedora for Desktop Users

      Dir: desktop

      Topics:

        - Name: Desktop

          File: Desktop

    - Name: Changes in Fedora for Developers

      Dir: developers

      Topics:

          File: Development_Tools

        - Name: C and C++

          File: Development_C

        - Name: Go

          File: Development_Go

        - Name: Java

          File: Development_Java

        - Name: Perl

          File: Development_Ruby

        - Name: Web Development

          File: Development_Web

  [[appe-Release_Notes-Revision_History]]

  `26.01-3`:: Sun Jul 30 2017, (docs AT lists.fedoraproject.org), First AsciiDoc version.

  [[sect-desktop]]

  [[sect-desktop-dnfdragora]]

  Previous releases of Fedora have included https://github.com/timlau/yumex-dnf/blob/develop/README.md[Yumex-DNF] as a graphical user interface for package management.  Yumex-DNF is no longer under active development and so it has been replaced in Fedora 27 by https://github.com/manatools/dnfdragora[dnfdragora]. dnfdragora is a new DNF frontend that is written in Python 3 and uses https://github.com/libyui/libyui[libYui], the widget abstraction library written by SUSE, so that it can be run using Qt 5, GTK+ 3, or ncurses interfaces.

  [[sect-i18n]]

  [[sect-networking]]

  [[sect-containers]]

  [[sect-c]]

  [[sect-boost]]

  The http://www.boost.org[Boost C++ libraries] have been upgraded to version 1.64. Apart from a number of bugfixes and improvements to existing libraries, this brings a new library compared to Fedora 26, Boost.Process.

  For more information, see the http://www.boost.org/users/history/version_1_64_0.html[Boost 1.64 release notes].

  [[sect-c-glibc]]

  Fedora 27 ships with version 2.26 of the GNU C Library (glibc). New features include:

  * A per-thread malloc cache has been added that significantly improves the malloc API family of functions on certain multithreaded workloads.

  [[sect-d]]

  [[sect-development-go]]

  [#go-upgraded-to-1.9]

  Fedora 27 brings Golang 1.9, which includes performance improvements, bug fixes, and new features. Most notably, support for type aliasing, parallel compilation, and direct bit manipulation has been added. For a complete list of changes, see upstream change notes at link:https://tip.golang.org/doc/go1.9[https://tip.golang.org/doc/go1.9].

  [[sect-haskell]]

  [[sect-java]]

  [[sect-java-java9]]

  Fedora 27 includes a technology preview of Java 9, offered through the `java-9-openjdk` and `java-9-openjdk-devel` and new `java-9-openjdk-jmod` packages.

  Java 8 remains the default JDK for this release. The inclusion of Java 9 / OpenJDK 9 will allow developers to develop and test their applications for the next version of Java in parallel while everyone can continue using the stable Java 8 for daily use.

  More information about the new features of OpenJDK 9 is available from http://openjdk.java.net/projects/jdk9/[the OpenJDK website].

  [[sect-java-decouple]]

  In earlier versions of Fedora, Java applications installed from RPMs were run in the JVM that was found using the `PATH` environment variable. From this release, Java applications will be run using the default system JVM, which will be OpenJDK 8 in Fedora 27, without refering to `PATH`. Users will still be able to override the default by using the `JAVA_HOME` environment variable.

  More detail about this revised configuration can be found on the https://fedoraproject.org/wiki/Changes/Decouple_system_java_setting_from_java_command_setting[change page].

  [[sect-perl]]

  [[sect-perl-core]]

  The release of Fedora 27 brings a change in the way that the Perl core modules are packaged by Fedora. In Perl, the core modules are the standard set of modules that ship with the Perl interpreter.  Previously in Fedora, the Perl core modules were split into a number of subpackages in such a way that installing the `perl` package did not install the full set of Perl core modules.  This behaviour was not what was expected by most Perl users and so, from Fedora 27, installing the `perl` package now installs the full set of Perl core modules. It is still possible to install only a minimal Perl interpreter by installing just the `perl-interpreter` package.

  [[sect-perl-526]]

  A new version of perl is released every year and version 5.26 is 2017's stable release. This release includes three updates with widespread effects:

  ."." no longer in @INC

  [[sect-python]]

  [[sect-python-sudo-pip]]

  The location where sudo pip3 installs modules has been changed to /usr/local/lib/pythonX.Y/site-packages, and sudo pip3 is henceforth safer to use. No other changes in user experience are expected. Sudo pip3 is not considered a standard way to install Python packages. Virtual environment and pip3 install --user should still be the prefered options. Additionally, Fedora will increase it's compliance with the Filesystem Hierarchy Standard, as user-installed host-specific Python modules will now be correctly located under /usr/local.

  [[sect-ruby]]

  [[sect-ruby-rails]]

  Ruby on Rails has been updated to version 5.1 in Fedora 27.  Some of the highlights in Rails 5.1 include:

  * Drop jQuery as a default dependency

  [[sect-development-tools]]

  [[sect-development-tools-debuginfo]]

  To observe what a program is doing, Fedora provides additional meta-data about code that is installed and runs on your system. These can be used together with tracers, profilers and debuggers to better understand what is running on your system (or to understand crashes or failures better). Previously, these debug info meta-data packages were fairly large, containing lots of information about multiple sub-packages together. With Fedora 27, these debug info meta-data packages have been split up into smaller sub-packages, making it possible to install just the debuginfo for one specific sub-package or library. The source files needed for debuggers (but not necessarily for tracers and profilers) have been separated out into their own debugsource package and it is now possible to install multiple, different versions or architectures of the debug info packages at the same time. For example, when trying to introspect a program installed in a container or virtual machine that is a different version of the package installed on the host, or when both a 32 bit and 64 bit version of a library is available.

  [[sect-development-tools-bodhi]]

  Bodhi, the https://bodhi.fedoraproject.org/[Fedora Updates System], can now handle more than just RPM files. If it can be tagged in https://koji.fedoraproject.org/koji/[Koji], it should be accepted by Bodhi. The release of Bodhi 3.0.0 enables:

  * Support for updating non-RPM artifacts, like modules.

  [[sect-web-development]]

  [[sect-web-development-node]]

  Fedora 27 includes Node.js 8, which is the current version of the platform. This release line will become a Node.js Long Term Support (LTS) release at the end of October 2017.  Some of the highlights of Node.js 8 include:

  * http2 support

  include::en-US/entities.adoc[]

  Release Notes for Fedora {PRODVER}

  [abstract]

  [[sect-domain-controllers]]

  [[sect-domain-controllers-samba-changes]]

  Samba project completed conversion of Samba AD DC to support MIT Kerberos. Fedora 27 is the first Fedora version to include Samba AD domain controller functionality.

  [[sect-domain-controllers-freeipa-changes]]

  FreeIPA has been upgraded to version 4.6. This is a major FreeIPA release which supports Python 3.

  [[sect-installation]]

  [[sect-installation-trim]]

  With this change Fedora becomes more friendly to SSD drives. During the installation procedure, any newly created storage with LUKS encryption (newly formatted encrypted partitions, logical volumes, and so on) is configured to use the `discard` option which enables https://en.wikipedia.org/wiki/Trim_(computing)[TRIM]. This potentially increases the lifetime of SSD drives while **not** affecting encrypted data security and it has no effect on HDDs.

  [[sect-kernel]]

  [[sect-mail-servers]]

  [[sect-modularity]]

  == Fedora Modularity

  Modularity is the initiative to disconnect the lifecycle of applications from each other and from the lifecycle of the operating system, while still maintaining the ease of use of a typical Linux distribution. This work has produced two changes that have been incorporated into Fedora 27: Host and Platform and Modular Server.

  [[sect-security]]

  [[sect-security-kerberos-kcm]]

  Fedora 27 defaults to a new Kerberos credential cache type called Kerberos Cache Manager (KCM), implemented in the sssd-kcm service, that is better suited for containerized environments and also provides a better user experience in the general case. Key features of KCM include:

  * Kerberos credential caches are handled by a userspace deamon with a UNIX socket entry point. That means the UIDs and GIDs of the cache owners are subject to UID namespacing, which is beneficial in containerized environments.

  Information about using KCM can be found in `man sssd-kcm` and also in `man sssd-secrets`, because KCM uses sssd-secrets for data storage.  Additional information is contained in the https://docs.pagure.org/SSSD.sssd/design_pages/kcm.html[SSSD Design Page for KCM].

  [[sect-security-krb5-appl]]

  The `krb5-appl-clients` and `krb5-appl-servers` packages are considered to be obsolete and have been removed from Fedora. These packages provided Kerberos-aware telnet, ftp, rcp, rsh, and rlogin clients and servers. Users should to move to more modern security tools, such as openssh.

  [#sect-defauilt-ciopher-in-openvpn-changed-to-256-bit-aes-gcm]

  OpenVPN configurations utilizing the newer `openvpn-server@.service` unit file now use a stronger cipher for the VPN tunnel by default. The default is changed from the Blowfish algorithm using 128-bit keys to the newer AES-GCM algorithm with 256-bit keys.

  [#sect-openshh-server-now-follows-system-wide-crypto-policies]

  Fedora defines system-wide crypto policies, which are followed by cryptographic libraries and tools, including OpenSSH clients. This allows administrators to use different system-wide security levels. With this update, OpenSSH Server adheres to these system-wide crypto policies, too.

  [#sect-ssh-1-support-removed-from-openssh]

  The SSH-1 protocol is obsolete and no longer considered secure. As such, it is not supported by the default OpenSSH client binaries packaged for Fedora. This changes removes support for the SHH-1 protocol altogether by removing the *openssh-clients-ssh1* subpackage.

  [#sect-libcurl-switches-to-using-openssl]

  The *libcurl* library now uses OpenSSL for TLS and crypto (instead of NSS). TLS certificates and keys stored in the NSS database need to be exported to files for *libcurl* to be able to load them. See link:http://pki.fedoraproject.org/wiki/NSS_Database[http://pki.fedoraproject.org/wiki/NSS_Database] for instructions on how to work with the NSS database.

  [[sect-x-org]]

  [[sect-Release_Notes-Feedback]]

  Thank you for taking the time to provide your comments, suggestions, and bug reports to the Fedora community; this helps improve the state of Fedora, Linux, and free software worldwide.

  To provide feedback on Fedora software or other system elements, please refer to link:++http://fedoraproject.org/wiki/BugsAndFeatureRequests++[Bugs And Feature Requests]. A list of commonly reported bugs and known issues for this release is available from link:{COMMONBUGS_URL}[Common F26 Bugs] on the wiki.

  If you feel these release notes could be improved in any way, you can provide your feedback directly to the beat writers. There are several ways to provide feedback, in order of preference:

  [[sect-hardware-overview]]

  Fedora {PRODVER} provides software to suit a wide variety of applications. The storage, memory and processing requirements vary depending on usage. For example, a high traffic database server requires much more memory and storage than a business desktop, which in turn has higher requirements than a single-purpose virtual machine.

  [[hardware_overview-specs]]

  The figures below are a recommended minimum for the default installation. Your requirements may differ, and most applications will benefit from more than the minimum resources.

  .Low memory installations

  [NOTE]

  Fedora {PRODVER} can be installed and used on systems with limited resources for some applications. Text, VNC, or kickstart installations are advised over graphical installation for systems with very low memory. Larger package sets require more memory during installation, so users with less than 768MB of system memory may have better results preforming a minimal install and adding to it afterward.

  For best results on systems with less than 1GB of memory, use the DVD installation image.

  [[hardware_overview-resolution]]

  .Graphical Installation requires 800x600 resolution or higher

  [NOTE]

  Graphical installation of Fedora requires a minimum screen resolution of 800x600. Owners of devices with lower resolution, such as some netbooks, should use text or VNC installation.

  Once installed, Fedora will support these lower resolution devices. The minimum resolution requirement applies only to graphical installation.

  [[hardware_overview-graphics]]

  [[hardware_overview-graphics-legacy_gpus]]

  Fedora {PRODVER} supports most display adapters. Modern, feature-rich desktop environments like *GNOME3* and *KDE Plasma Workspaces* use video devices to provide 3D-accelerated desktops. Older graphics hardware may *not support* acceleration:

  * Radeon prior to R300 (Radeon 9500)

  [[hardware_overview-graphics-cpu_acceleration]]

  Systems with older or no graphics acceleration devices can have accelerated desktop environments using *LLVMpipe* technology, which uses the CPU to render graphics. *LLVMpipe* requires a processor with `SSE2` extensions. The extensions supported by your processor are listed in the `flags:` section of `/proc/cpuinfo`

  [[hardware_overview-graphics-desktops]]

  Fedora {PRODVER}'s default desktop environment, *GNOME3*, functions best with hardware acceleration. Alternative desktops are recommended for users with older graphics hardware or those seeing insufficient performance with *LLVMpipe*.

  [[sect-overview]]

  As always, Fedora continues to develop and integrate the latest free and open source software. The following sections provide a brief overview of major changes from the last release of Fedora.

  [[sect-welcome_to_fedora]]

  The Fedora Project is a partnership of Free software community members from around the globe. The Fedora Project builds open source software communities and produces a Linux distribution called Fedora.

  * link:++http://fedoraproject.org/wiki/Join++[Participate in the Fedora Project]

  [[sect-need-help]]

  There are a number of places you can get assistance should you run into problems.

  You may also find assistance on the `#fedora` channel on the IRC net `irc.freenode.net`. Keep in mind that the channel is populated by volunteers wanting to help, but folks knowledgeable about a specific topic might not always be available.

  [[sect-providing-help]]

  You can help the Fedora Project community continue to improve Fedora if you file bug reports and enhancement requests. Refer to link:++http://fedoraproject.org/wiki/BugsAndFeatureRequests++[Bugs And Feature Requests] on the Fedora Wiki for more information about bug and feature reporting. Thank you for your participation.