I am running Fedora on my desktop since started working for Red Hat. Kind of ‘eat your own dogfood’ style despite fact that I am not active in Fedora development for some time.
Fedora 33 reached Beta status so it was time to upgrade.
Do it Debian style
I use Debian since 1999 so got used to several ways of doing things which may not always fit into official Fedora guidelines.
One of them is my way of upgrading to newer release:
LANGUAGE=C dnf distrosync --releasever 33
If there is a problem listed then I try to solve it with use of “—best” or even “—allow-erasing” options to check which packages are a problem. But this time it went smoothly.
Rebooted and system works fine. Or so I thought…
Fedora ships OpenSSH 8.4p1 so if you used ‘ssh-rsa’ keys then you may need to generate newer ones. More info in OpenSSH 8.3 announcement.
I got hit by this on Gerrit instances:
$ git remote update Fetching gerrit firstname.lastname@example.org: Permission denied (publickey).
One workaround is small addition to ssh configuration file:
Host * PubkeyAcceptedKeyTypes +rsa-sha2-256,rsa-sha2-512
TLS v1.2 is the new default
New distribution version, new defaults. This time TLS v1.2 became default version. I was informed about it when wanted to send email and Thunderbird told me that it is unable to talk to my mail server…
Logged to server, checked Postfix log and found this:
connect from IP_ADDRESS SSL_accept error from IP_ADDRESS: -1 warning: TLS library problem: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol:../ssl/statem/statem_srvr.c:1661: lost connection after CONNECT from IP_ADDRESS disconnect from IP_ADDRESS commands=0/0
Looks nasty. Did some searching and changed Postfix config to accept TLSv1.2 on incoming connections.
One of features of Fedora 33 is switch from dnsmasq to systemd-resolved for name resolution. On my system I have some local changes to former one to get internal Red Hat names resolved without using company DNS for everything. Therefore I reverted migration and keep using dnsmasq.
One day I may be able to understand systemd-resolved documentation and migrate my local configuration to it.
So far no other issues found. System works as it should. I still run kind of KDE desktop on X11.