ProHoster > Blog > internet news > Red Hat Enterprise Linux 9 Distribution Introduced

Red Hat Enterprise Linux 9 Distribution Introduced

Red Hat has unveiled the release of the Red Hat Enterprise Linux 9 distribution. Ready-made installation images will soon be available to registered users of the Red Hat Customer Portal (you can also use CentOS Stream 9 iso images to evaluate functionality). The release is built for the x86_64, s390x (IBM System z), ppc64le, and Aarch64 (ARM64) architectures. The sources of the Red Hat Enterprise Linux 9 rpm packages are located in the CentOS Git repository. In accordance with the 10-year support cycle for the distribution, RHEL 9 will be maintained until 2032. Updates for RHEL 7 will continue to be released until June 30, 2024, RHEL 8 until May 31, 2029.

The Red Hat Enterprise Linux 9 distribution is notable for its move to a more open development process. Unlike previous branches, the CentOS Stream 9 package base was used as the basis for building the distribution. CentOS Stream is positioned as an upstream project for RHEL, enabling third-party participants to control the preparation of packages for RHEL, propose their changes and influence decisions. Previously, a snapshot of one of the Fedora releases was used as the basis for a new RHEL branch, which was finalized and stabilized behind closed doors, without the ability to control the development progress and decisions made. Now based on the Fedora snapshot, with the participation of the community, the CentOS Stream branch is being formed, in which the preparatory work is carried out and the basis for a new significant branch of RHEL is formed.

Key changes:

  • Updated system environment and assembly tools. GCC 11 is used to build packages. The standard C library has been updated to glibc 2.34. The Linux kernel package is based on release 5.14. RPM package manager has been updated to version 4.16 with support for integrity control via fapolicyd.
  • Distribution migration to Python 3 completed. By default, the Python 3.9 branch is proposed. Python 2 has been discontinued.
  • The desktop is based on GNOME 40 (RHEL 8 shipped GNOME 3.28) and the GTK 4 library. In GNOME 40, virtual desktops in the Activities Overview mode are switched to landscape mode and are displayed as a continuously scrolling chain from left to right. Each desktop shown in overview mode provides a visual representation of the available windows that are dynamically panned and zoomed as the user interacts. A seamless transition between the list of programs and virtual desktops is provided.
  • GNOME includes the power-profiles-daemon handler, which provides the ability to switch on the fly between power save mode, power balance mode, and maximum performance mode.
  • All audio streams have been moved to the PipeWire media server, which is now the default instead of PulseAudio and JACK. Using PipeWire allows you to provide professional audio processing capabilities in a regular desktop edition, get rid of fragmentation and unify the audio infrastructure for different applications.
  • By default, the GRUB boot menu is hidden if RHEL is the only distribution installed on the system and if the last boot was successful. To display the menu during boot, just hold down the Shift key or press the Esc or F8 key several times. Of the changes in the bootloader, the placement of GRUB configuration files for all architectures in the same /boot/grub2/ directory is also noted (the /boot/efi/EFI/redhat/grub.cfg file is now a symbolic link to /boot/grub2/grub.cfg), those. the same installed system can be booted using both EFI and BIOS.
  • Components for support of various languages ​​are placed in langpacks packages, allowing you to vary the level of installed language support. For example, langpacks-core-font only offers fonts, langpacks-core provides the glibc locale, base font, and input method, and langpacks provides translations, additional fonts, and spelling dictionaries.
  • Updated security components. The distribution includes a new branch of the OpenSSL 3.0 cryptographic library. By default, more modern and secure cryptographic algorithms are enabled (for example, the use of SHA-1 in TLS, DTLS, SSH, IKEv2 and Kerberos is disabled, TLS 1.0, TLS 1.1, DTLS 1.0, RC4, Camellia, DSA, 3DES and FFDHE-1024 are disabled) . The OpenSSH package has been updated to version 8.6p1. Cyrus SASL moved to GDBM backend instead of Berkeley DB. The NSS (Network Security Services) libraries no longer support the DBM (Berkeley DB) format. GnuTLS has been updated to version 3.7.2.
  • Significantly improved SELinux performance and reduced memory consumption. Removed support for setting "SELINUX=disabled" to disable SELinux in /etc/selinux/config (the specified setting now only disables policy loading, and actually disabling SELinux functionality now requires passing the "selinux=0" parameter to the kernel).
  • Added experimental support for VPN WireGuard.
  • By default, SSH login as root is disabled.
  • The iptables-nft packet filter management tools (iptables, ip6tables, ebtables and arptables utilities) and ipset have been deprecated. It is now recommended to use nftables to manage the firewall.
  • A new mptcpd daemon is included for configuring MPTCP (MultiPath TCP), an extension of the TCP protocol for organizing the operation of a TCP connection with the delivery of packets simultaneously along several routes through different network interfaces bound to different IP addresses. Using mptcpd makes it possible to configure MPTCP without using the iproute2 utility.
  • The network-scripts package has been removed, NetworkManager should be used to configure network connections. Support for the ifcfg settings format has been retained, but NetworkManager defaults to a format based on the keyfile.
  • New versions of compilers and developer tools included: GCC 11.2, LLVM/Clang 12.0.1, Rust 1.54, Go 1.16.6, Node.js 16, OpenJDK 17, Perl 5.32, PHP 8.0, Python 3.9, Ruby 3.0, Git 2.31, Subversion 1.14, binutils 2.35, CMake 3.20.2, Maven 3.6, Ant 1.10.
  • Updated server packages Apache HTTP Server 2.4.48, nginx 1.20, Varnish Cache 6.5, Squid 5.1.
  • Updated DBMS MariaDB 10.5, MySQL 8.0, PostgreSQL 13, Redis 6.2.
  • By default, Clang is used to build the QEMU emulator, which allowed some additional protection mechanisms to be applied in the KVM hypervisor, such as SafeStack to protect against Return-Oriented Programming (ROP) exploitation methods.
  • The SSSD (System Security Services Daemon) has increased the detail of the logs, for example, the task completion time is now attached to the events and the authentication flow is reflected. Added search functionality to analyze settings and performance issues.
  • Support for IMA (Integrity Measurement Architecture) has been extended to check the integrity of operating system components using digital signatures and hashes.
  • By default, a single unified cgroup hierarchy (cgroup v2) is enabled. Cgroups v2 can be used, for example, to limit memory, CPU, and I/O consumption. The key difference between cgroups v2 and v1 is the use of a common cgroups hierarchy for all resource types, instead of separate hierarchies for CPU allocation, memory management, and I/O. Separate hierarchies led to difficulties in organizing interaction between handlers and to additional costs of kernel resources when applying rules for a process mentioned in different hierarchies.
  • Added support for precise time synchronization based on the NTS (Network Time Security) protocol, which uses public key infrastructure (PKI) elements and allows the use of TLS and authenticated AEAD (Authenticated Encryption with Associated Data) encryption for cryptographic protection of client-server interaction over the NTP protocol ( Network Time Protocol). The chrony NTP server has been updated to version 4.1.
  • Provided experimental (Technology Preview) support for KTLS (TLS implementation at the kernel level), Intel SGX (Software Guard Extensions), DAX (Direct Access) for ext4 and XFS, support for AMD SEV and SEV-ES in the KVM hypervisor.

Source: opennet.ru

Add a comment