Linux Weekly News

The Fedora Project is looking for solutions to an interesting problem with its image-based editions and spins, such as the Atomic Desktops or CoreOS, that are created with rpm-ostree or bootc. If a package that is part of a image-based version has a user or group created dynamically on installation, and it owns files installed on the system, the system may be subject to user ID (UID) and group ID (GID) "drift" on updates. This "UID/GID drift" may come about when a new image with updates is generated, and therefore files may have the wrong ownership. This can have side-effects ranging from mildly inconvenient to serious. No solutions have been adopted just yet, but there are a few ideas on how to deal with the problem.

The NLnet Foundation has announced the projects that have received funding from its October call for grant proposals from the Next Generation Internet (NGI) Zero Commons Fund.

The selected projects all contribute, one way or another, to the mission of the Commons Fund: reclaiming the public nature of the internet. For example, there are people working on interesting open hardware projects such as the tablet MNT Reform Touch and the Solar FemtoTX motherboard — a collaborative effort to create an ultra-low power motherboard that can run on solar power. LLM2FPGA aims to enable running open source LLMs locally on programmable chips ("FPGAs") using a fully open-source toolchain. bcachefs readies itself as the next generation filesystem for Linux, improving performance, scalability and reliability when compared to legacy filesystems.

In all, 42 projects have been selected for the NGI grants which are between €5,000 and €50,000. See the announcement for the full list of selected projects, and the current projects page for other recent projects funded by NLnet.

In the filesystem track at the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Amir Goldstein wanted to resume discussing a feature that he had briefly introduced at the end of a 2023 summit session: filesystem "write barriers". The idea is to have an operation that would wait for any in-flight write() system calls, but not block any new write() calls as bigger hammers, such as freezing the filesystem, would do. His prototype implementation is used by a hierarchical storage management (HSM) system to create a crash-consistent change log, but there may be other use cases to consider. He wanted to discuss implementation options and the possibility of providing an API for user-space applications.

Security updates have been issued by AlmaLinux (bluez, expat, and postgresql:12), Fedora (chromium, golang, LibRaw, moodle, openiked, ruby, and trafficserver), Red Hat (bluez, expat, gnutls, libtasn1, libxslt, mod_auth_openidc, mod_auth_openidc:2.3, ruby:3.1, thunderbird, and xmlrpc-c), and Ubuntu (linux, linux-aws, linux-gcp, linux-hwe-6.11, linux-lowlatency, linux-lowlatency-hwe-6.11, linux-oem-6.11, linux-oracle, linux-raspi, linux-realtime, linux-azure, linux-azure-6.11, linux-gcp-6.8, and matrix-synapse).

The Linux kernel can be configured so that kernel modules must be signed or otherwise authenticated to be loaded into the kernel. Some BPF developers want that to be an option for BPF programs as well — after all, if those are going to run as part of the kernel, they should be subject to the same code-signing requirements. Blaise Boscaccy and Cong Wang presented two different visions for how BPF code signing could work at the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit.

The Userspace I/O (UIO) subsystem was first added to the kernel by Hans J. Koch for the 2.6.32 release in 2007. Its purpose is to facilitate the writing of drivers (mostly) in user space; to that end, it provides access to a number of resources that user-space code normally cannot touch. One piece that is missing, though, is DMA addresses. A proposal to fill that gap from Bastien Curutchet is running into some opposition, though.

Security updates have been issued by AlmaLinux (java-1.8.0-openjdk, kernel, libxslt, mod_auth_openidc:2.3, and webkit2gtk3), Fedora (c-ares, giflib, jupyterlab, perl, perl-Devel-Cover, perl-PAR-Packer, prometheus-podman-exporter, python-notebook, python-pydantic-core, rpki-client, ruby, rust-adblock, rust-cookie_store, rust-gitui, rust-gstreamer, rust-icu_collections, rust-icu_locid, rust-icu_locid_transform, rust-icu_locid_transform_data, rust-icu_normalizer, rust-icu_normalizer_data, rust-icu_properties, rust-icu_properties_data, rust-icu_provider, rust-icu_provider_macros, rust-idna, rust-idna_adapter, rust-litemap, rust-ron, rust-sequoia-openpgp, rust-sequoia-openpgp1, rust-tinystr, rust-url, rust-utf16_iter, rust-version-ranges, rust-write16, rust-writeable, rust-zerovec, rust-zip, thunderbird, and uv), SUSE (erlang, erlang26, and govulncheck-vulndb), and Ubuntu (mosquitto).

Anton Protopopov kicked off the BPF track on the second day of the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit with a discussion about permitting indirect calls in BPF. He also spoke about his continuing work on static keys, a topic which is related because the implementation of indirect jumps and static keys in the verifier use some of the same mechanisms for tracking indirect control-flow. Although some design work remains to be done, it may soon be possible to make indirect calls in BPF without any extra work compared to normal C.

The Fedora Project's RISC-V special-interest group (SIG) has announced the availability of Fedora Linux 42 images for supported RISC-V boards, as well as QEMU and container images. The SIG is working toward making RISC-V a primary architecture for Fedora, and has made significant progress in the past year.

Our upstreaming work continues apace, and we want to acknowledge that none of this progress would be possible without the incredible collaboration from maintainers across the Fedora Project and beyond. Thank you to everyone who reviewed, accepted, merged, and built our patches. Your support makes this architecture possible.

We're also excited about just how many packages build cleanly without special treatment or overlay repositories that need to be cared for. RISC-V is becoming just another architecture, and that's exactly how it should be.

The Python Steering Council accepted PEP 750 ("Template Strings") on April 10. LWN covered the discussion around the proposal, including the substantial revisions to the idea that were needed for it to be accepted. Template strings (t-strings) are a new kind of string that produces structured data instead of a raw string, allowing library authors to build their own custom template-handling logic. Since the approval happened before the cutoff for new features (May 6), support for template strings will be included in Python 3.14, scheduled for October 2025.

Ask a Linux enthusiast who created the Linux kernel, and odds are they will have no trouble naming Linus Torvalds—but many would be stumped if asked what the first Linux distribution was, and who created it. Some might guess Slackware, or its predecessor, Softlanding Linux System (SLS); both were arguably more influential but arrived just a bit later. The first honest-to-goodness distribution with a proper installer was MCC Interim Linux, created by Owen Le Blanc, released publicly in early 1992. I recently reached out to Le Blanc to learn more about his work on the distribution, what he has been doing since, and his thoughts on Linux in 2025.

Security updates have been issued by Debian (erlang, fig2dev, shadow, wget, and zabbix), Fedora (chromium, jupyterlab, llama-cpp, prometheus-podman-exporter, python-notebook, python-pydantic-core, rpki-client, rust-adblock, rust-cookie_store, rust-gitui, rust-gstreamer, rust-icu_collections, rust-icu_locid, rust-icu_locid_transform, rust-icu_locid_transform_data, rust-icu_normalizer, rust-icu_normalizer_data, rust-icu_properties, rust-icu_properties_data, rust-icu_provider, rust-icu_provider_macros, rust-idna, rust-idna_adapter, rust-litemap, rust-ron, rust-sequoia-openpgp, rust-sequoia-openpgp1, rust-tinystr, rust-url, rust-utf16_iter, rust-version-ranges, rust-write16, rust-writeable, rust-zerovec, rust-zip, uv, and webkitgtk), Slackware (libxml2 and zsh), SUSE (argocd-cli, chromium, coredns, ffmpeg-6, and firefox), and Ubuntu (imagemagick).

The 6.15-rc3 kernel prepatch is out for testing. "There's absolutely nothing of huge note here as far as I can tell. Just a fair number of small fixes all over the place".

The 6.14.3, 6.13.12, and 6.12.24 stable kernel updates have been released; each contains another set of important fixes. Note that the 6.13.x series ends with 6.13.12.

The New Stack looks at EU OS, an attempt to create a desktop system for the European public sector.

EU OS is not a brand-new Linux distribution in the traditional sense. Instead, it is a proof-of-concept built atop Fedora's immutable KDE Plasma spin (Kinoite). EU OS takes a layered approach to customization. The project's vision is to provide a standard, adaptable Linux base that can be extended with national, regional or sector-specific customizations, making it suitable for a wide range of European public sector needs.

The final session in the memory-management track of the 2025 Linux Storage, Filesystem, Memory-Management, and BPF Summit was a brief, last-minute addition run by Kalesh Singh. The kernel's readahead mechanism is generally good for performance; it ensures that data is present by the time an application gets around to asking for it. Sometimes, though, readahead can go a little too far.

Adding tracepoints to some kernel subsystems has been controversial—or disallowed—due to concerns about the user-space ABI that they might create. The virtual filesystem (VFS) layer has long been one of the subsystems that has not allowed any tracepoints, but that may be changing. At the 2025 Linux Storage, Filesystem, Memory Management, and BPF Summit (LSFMM+BPF), Ted Ts'o led a discussion about whether the ABI concerns are outweighed by the utility of tracepoints for the VFS.

Security updates have been issued by Debian (graphicsmagick and libapache2-mod-auth-openidc), Fedora (giflib, mod_auth_openidc, mysql8.0, perl, perl-Devel-Cover, perl-PAR-Packer, perl-String-Compare-ConstantTime, rust-openssl, rust-openssl-sys, trunk, and workrave), Mageia (chromium-browser-stable and rust), Oracle (java-1.8.0-openjdk, java-17-openjdk, java-21-openjdk, kernel, libreoffice, and webkit2gtk3), Red Hat (gvisor-tap-vsock), SUSE (containerd, docker, docker-stable, forgejo, GraphicsMagick, libmozjs-115-0, perl-32bit, poppler, subfinder, and thunderbird), and Ubuntu (erlang and ruby2.3, ruby2.5).

Version 25.04 ("Plucky Puffin") of the Ubuntu Linux distribution has been released. This release includes Linux 6.14, GNOME 48, APT 3.0, and introduces a Arm64 desktop ISO to install Ubuntu Desktop on Arm64 systems. This is an interim release, with support through January 2026. See the release notes for a detailed list of new features and changes.

Version 14.5 of the Tor Browser has been released. Notable features in this release include the addition of Connection Assist for the Android version of the Tor Browser, and language support for Belarusian, Bulgarian, and Portuguese for all versions of the browser.

Should Tor Browser fail to establish a direct connection to the Tor network, Connection Assist will offer to find and try bridges for you. But before this feature could be made available on Android, we had to embark on a multi-year effort to refactor our tor integration across each platform first. This project has now reached an important milestone, and we're proud to announce the release of Connection Assist for Android today.

See the full changelog for all changes in this release, and the issues page for known problems.