Tuesday, 9 January 2018

Ubuntu or Fedora?

MINIX NEO Z83-4 running Fedora 27 with Rawhide kernel
(showing working WiFi, Bluetooth and audio including headphone jack)

Three recent events have made me question whether to keep using Ubuntu as my preferred Linux distribution:

  1. Six weeks have passed since v4.15-rc1 was released and the Ubuntu config for the 'unstable' kernel still hasn't been updated to reflect the patches around the Serial Device Bus managing serial devices declared as attached to an UART in ACPI table. This prevents Bluetooth working on some mini PCs.
  2. The Ubuntu 17.10 ISO is still not available following the scramble to address the corrupted BIOS due to "Intel SPI bug in kernel" arguably actually caused by incorrectly enabling the Intel SPI drivers in the config.
  3. Canonical's slow response coupled with what appears to be a justification to adhere to previously agreed timescales resulting in their inability to immediately address the 'Meltdown' exploit. This has created a 'Window of Vulnerability' for existing Ubuntu users unaware they could temporarily upgrade to a the most recent Canonical mainline build.

The core of the problem appears to lie in the architectural approach of how kernels are adopted and released as part of the overall Ubuntu release structure. Whilst implementing Ubuntu LTS enablement (known as HWE or Hardware Enablement) stacks which provide newer kernel support for existing Ubuntu LTS releases, there is no equivalent for regular releases which are only guaranteed to receive security updates for the duration of their release life (normally 9 months for desktop and server releases). As a result the Ubuntu kernel support per se is not aligned with the mainline kernel development strategy of supporting the current release together with nominated LTS kernels.

Aside from the above points there is also the somewhat emotive issue of dropping Unity in preference for the GNOME desktop. Through dressing up GNOME to look similar to Unity by including the 'dock-to-dash' extension it inadvertently shows that changing the back-end distribution might not be so visible if GNOME is to be used especially for users reliant on a GUI.

Furthermore as I run Ubuntu 17.04 on a number of devices I have to make a 'release' decision now that Ubuntu 17.04 reaches 'end of life' on 13th January. Canonical will not be providing updated kernel packages for Ubuntu 17.04 as they will not be patching the 4.10 HWE kernel to address the Meltdown and Spectre vulnerabilities resulting in a '4.10 HWE EARLY END OF LIFE'. The consequence is that the rolling HWE kernel for Ubuntu 16.04 will go to 4.13 early.

To continue using Ubuntu on those devices I will need to either:
  • upgrade to Ubuntu 17.10 and use the GNOME desktop or gamble with 'Ubuntu Unity' as the Unity desktop in the long term, or
  • replace existing Ubuntu 17.04 instances with fresh installations of Ubuntu 16.04 and continue using the Unity desktop in the short term
or, and given my initial concerns, look for an alternative to Ubuntu.

Choosing a distributions is somewhat complex and ultimately personal however one candidate does immediately comes to mind: Fedora. Arguably not so user-friendly it is focused on leading-edge software. The principle difference between Ubuntu and Fedora is package management due to the origins of each namely Debian vs Red Hat respectively.

Becuase the ISO for Ubuntu 17.10 is unavailable and installing Ubuntu 16.04 is effectively downgrading I have made the decision to look at transitioning to Fedora. I'll start by using Fedora as a desktop for everyday use and gradually increase usage. There will be challenges ahead as Fedora 'OOTB' doesn't work on a number of mini PCs both old and new. For inspiration I've combined several well know quotes:
If things don’t change
    they’ll stay the way they are,
and if they stay the way they are
    they won't get any better,
but the more things change
    the more they stay the same.
as making things better need not necessarily make everything different. We shall see.

Update:

The target release date for respun Ubuntu 17.10 ISOs for all flavors is Thursday, January 11. These will include a kernel which fixes the "Intel SPI bug in kernel" (point 2 above).

However "Note that these images are being prepared in advance of the release of fixes for Spectre and Meltdown.  As a rule, we do not re-release install media for security bugs, even those as severe as this" [1].

Currently these respun ISOs include the Ubuntu 4.13.0-21.24 kernel rather than the Ubuntu 4.13.0-25.29 kernel which is version that includes the 'Meltdown' fix which was released yesterday Tuesday, January 9 [2].

It is difficult to understand why Canonical would respin ISOs to fix a 'bug' using a kernel that includes a highly publicized and well-known 'vulnerability' when they have released a fixed kernel.

Given the rationale is to make the Ubuntu 17.10 images available again due to the impending 17.04 EOL then maybe extend the life of 17.04 by a day or two as it is not like security matters or so it seems.

If you want an Ubuntu 17.10 ISO I believe you would be safer using respinning the current official Ubuntu 17.10 ISO [3] with:
isorespin.sh -i ubuntu-17.10-desktop-amd64.iso --upgrade \
-e "linux-image-4.13.0-16-generic linux-headers-4.13.0-16" \
-p "linux-generic linux-signed-generic" \
-p "gir1.2-gmenu-3.0 libgnome-menu-3-0"
as you would get Ubuntu 17.10 similar to the proposed respin ISO [4] together with the 'Meltdown' fixed kernel:
$ 7z x linuxium-ubuntu-17.10-desktop-amd64.iso casper/filesystem.manifest -so > \
  linuxium-ubuntu-17.10-desktop-amd64.iso_filesystem.manifest
$ wget -q \
  http://cdimage.ubuntu.com/artful/daily-live/20180105.1/artful-desktop-amd64.manifest -O - | \
  sed 's/:amd64//' | \
  diff -w linuxium-ubuntu-17.10-desktop-amd64.iso_filesystem.manifest -
1064,1065c1064,1065
< libpoppler-glib8 0.57.0-2ubuntu4.2
< libpoppler68 0.57.0-2ubuntu4.2
---
> libpoppler-glib8 0.57.0-2ubuntu4.1
> libpoppler68 0.57.0-2ubuntu4.1
1373,1382c1373,1382
< linux-generic 4.13.0.25.26
< linux-headers-4.13.0-25 4.13.0-25.29
< linux-headers-4.13.0-25-generic 4.13.0-25.29
< linux-headers-generic 4.13.0.25.26
< linux-image-4.13.0-25-generic 4.13.0-25.29
< linux-image-extra-4.13.0-25-generic 4.13.0-25.29
< linux-image-generic 4.13.0.25.26
< linux-signed-generic 4.13.0.25.26
< linux-signed-image-4.13.0-25-generic 4.13.0-25.29
< linux-signed-image-generic 4.13.0.25.26
---
> linux-generic 4.13.0.21.22
> linux-headers-4.13.0-21 4.13.0-21.24
> linux-headers-4.13.0-21-generic 4.13.0-21.24
> linux-headers-generic 4.13.0.21.22
> linux-image-4.13.0-21-generic 4.13.0-21.24
> linux-image-extra-4.13.0-21-generic 4.13.0-21.24
> linux-image-generic 4.13.0.21.22
> linux-signed-generic 4.13.0.21.22
> linux-signed-image-4.13.0-21-generic 4.13.0-21.24
> linux-signed-image-generic 4.13.0.21.22
1471c1471
< poppler-utils 0.57.0-2ubuntu4.2
---
> poppler-utils 0.57.0-2ubuntu4.1
1676c1676
< ubuntu-desktop 1.404
---
> ubuntu-desktop 1.404.1
$
Please donate if you find my work useful using the following link http://goo.gl/nXWSGf.

16 comments:

  1. You can grab "Artful.1" test version here:
    http://iso.qa.ubuntu.com/

    Works fine as of yesterday.

    I don't want to go bleeding edge with Fedora. I am hoping Ubuntu shapes up.

    ReplyDelete
    Replies
    1. I've updated the post with a link to the proposed respun Ubuntu ISO with a comment that it doesn't include the 'Meltdown' kernel fix.

      Delete
  2. p.s. Thank you.

    I got an "iSmart" mini pc the other day. Refind and your iso respin worked great.


    Right now I'm testing Ubuntu 18.04 beta. Seems to work out of box.

    Oddly 17.10 will not boot on this PC. Works fine under Virtualbox though.

    Copying the \efi\boot contents from 18.04 to a 17.10 usb seems to get it working.

    I know all distros are having headaches with a bunch of security updates. So I will cut Ubuntu a little slack, but hope it settles down soon.

    ReplyDelete
  3. Using now Fedora 27 on a Ideapad 100s, atom z3735f. They added 32bit uefi support out of the box, everything work, except for audio UCMs (added in post-install, work like a charm).
    Also Fedora is a good choice (now) :)
    The really good thing is that, from when you start, we now have some progress in mainline distros. Your work is incredible, I've start using this notebook with your Ubuntu respin, thanks for all the fish!

    ReplyDelete
    Replies
    1. What paramaters did you use when spinning the iso? Tried it before but the mouse and keyboard didnt work

      Delete
    2. The parameters are show above for Ubuntu. For Fedora I used the Fedora 27 Workstation ISO and then manually configured it after installation by adding wifi, upgrading the kernel, adding and configuring the extension and a couple of GNOME tweaks but nothing was required to make the mouse and keyboard work.

      Delete
  4. Hey Linuxium. Firstly I would like to thank you for your amazing help to our Atom-Community and would like to request the aformentioned respun Ubuntu 17.10 ISO, since I am having trouble respining the said ISO myself. I am in possession of just an Atom-based laptop and respinning an ISO on a live-usb is a pain in the ass (Takes forever and then fails).

    ReplyDelete
    Replies
    1. If you have a Windows machine you can respin in a VM ... see 'Running the script on Windows' in 'https://linuxiumcomau.blogspot.com.au/2017/06/customizing-ubuntu-isos-documentation.html'.

      Delete
  5. When I got in to Linux lots of years ago I started with Fedora. But then I seen Ubuntu and loved how if you type a wrong command it would come back with did you mean this command. So that's why I switch and never went back to Fedora. I think Fedora has this now too. Not sure.

    ReplyDelete
  6. many thanks for this idea. i tried it on a stick. very easy to install and it doesn't touch the bootlader of windows like ubuntu did in my case. then i booted this usb-stick, built on a 64-bit bootloader on my 32-bit bootloader tablet and it works ... great! many thanks!

    ReplyDelete
  7. Hi there

    Thank you for this awesome work you do. Can you help please?

    I tried to respin fedora cinnamon for my little lenovo 100S-11IBY atom however it didnt see the pen when I tried to boot from it. The ubuntu respins do work however using the --atom flag.

    Can you help me with the flags I would need to respin fedora please? Sound doesnt work at the moment in ubuntu well sometimes it sees the card sometimes it doesnt, very weird.

    Cheers

    Andy

    ReplyDelete
    Replies
    1. As you have an Intel Atom device you should be able to install an official Fedora ISO directly.

      You can also respin an Ubuntu ISO using my 'isorespin.sh' script and install Ubuntu *however* as you have a Lenovo device you should be careful that you only use the very latest kernel or the Ubuntu 17.10.1 ISO due to the SPI driver bug that may affect your device (see point 2) in the opening paragraph above.

      Delete
    2. Same notebook here. Just download the Fedora ISO (Fedora 27 is needed, <=26 doesn't boot easily), burn it on an usb device and boot up in UEFI mode.Not needed anything, just UCM for audio configs on pulse audio (you can find they github link in this blog pages :D). Everything out of the box also for fedora spins, like fedora MATE, XFCE, KDE and more (Which I use now, in this moment).

      Delete
  8. Thanks for all your work, could you please add ATOM support to the script? By the way why not debian it is closer than fedora

    ReplyDelete