Red Hat Company distribution release . Installation builds are prepared for the x86_64, s390x (IBM System z), ppc64le, and Aarch64 architectures, but for registered users of the Red Hat Customer Portal only. Red Hat Enterprise Linux 8 rpm packages are distributed via CentOS. The distribution will be supported until at least 2029.
The technologies included in the . The new branch is notable for switching to Wayland by default, replacing iptables with nftables, updating core components (kernel 4.18, GCC 8), using the DNF package manager instead of YUM, using a modular repository, ending support for KDE and Btrfs.
Key :
- Switching to a package manager with provision of a layer for compatibility with Yum at the level of command line options. Compared to Yum, DNF has noticeably higher speed and lower memory consumption, better manages dependencies and supports grouping packages into modules;
- Divided into a basic BaseOS repository and a modular AppStream repository. BaseOS distributes the minimum set of packages required for the system to operate; everything else to the AppStream repository. AppStream can be used in two versions: as a classic RPM repository and as a repository in a modular format.
The modular repository offers sets of rpm packages grouped into modules, which are supported regardless of distribution releases. Modules can be used to install alternative versions of a particular application (for example, you can install PostgreSQL 9.6 or PostgreSQL 10). The modular organization allows the user to switch to new significant releases of the application without waiting for a new release of the distribution and remain on old, but still supported, versions after updating the distribution. Modules include the base application and the libraries necessary for its operation (other modules can be used as dependencies);
- Proposed as default desktop using a Wayland-based display server by default. An X.Org Server based environment is available as an option. Packages with the KDE desktop have been excluded, leaving only GNOME support;
- The Linux kernel package is based on the release . Enabled as default compiler . Glibc system library updated to release .
- The default implementation of the Python programming language is Python 3.6. Limited support for Python 2.7 is provided. Python is not included in the basic package; it must be installed additionally. Updated versions of Ruby 2.5, PHP 7.2, Perl 5.26, Node.js 10, Java 8 and 11, Clang/LLVM Toolset 6.0, .NET Core 2.1, Git 2.17, Mercurial 4.8, Subversion 1.10. The CMake build system (3.11) is included;
- Added support for installing the system on NVDIMM drives to the Anaconda installer;
- The ability to encrypt disks using the LUKS2 format has been added to the installer and the system, which replaced the previously used LUKS1 format (in dm-crypt and cryptsetup LUKS2 is now offered by default). LUKS2 is notable for its simplified key management system, the ability to use large sectors (4096 instead of 512, reduces the load during decryption), symbolic partition identifiers (label) and metadata backup tools with the ability to automatically restore them from a copy if damage is detected.
- A new Composer utility has been added, providing tools for creating customized bootable system images suitable for deployment in environments of various cloud platforms;
- Removed support for the Btrfs file system. The btrfs.ko kernel module, the btrfs-progs utilities, and the snapper package are no longer included;
- Toolkit included , which provides tools to unify and simplify the setup and management of a pool of one or more local drives. Stratis is implemented as a layer (stratisd daemon) built on top of the devicemapper and XFS subsystem, and allows you to use features such as dynamic storage allocation, snapshots, integrity assurance and the creation of caching layers, without the qualifications of an expert in storage system administration;
- System-wide policies for setting up cryptographic subsystems have been implemented, covering the TLS, IPSec, SSH, DNSSec and Kerberos protocols. Using the update-crypto-policies command you can now select one of
modes for selecting cryptographic algorithms: default, legacy, future and fips. Release is enabled by default with TLS 1.3 support; - Provided system-wide support for smart cards and HSM (Hardware Security Modules) with PKCS#11 cryptographic tokens;
- The iptables, ip6tables, arptables and ebtables packet filter has been replaced by the nftables packet filter, which is now used by default and is notable for the unification of packet filtering interfaces for IPv4, IPv6, ARP and network bridges. Nftables provides only a generic, protocol-independent interface at the kernel level that provides basic functions for extracting data from packets, performing data operations, and flow control. The filtering logic itself and protocol-specific handlers are compiled into bytecode in user space, after which this bytecode is loaded into the kernel using the Netlink interface and executed in a special virtual machine reminiscent of BPF (Berkeley Packet Filters). The firewalld daemon has been switched to use nftables as its default backend. To convert old rules, the iptables-translate and ip6tables-translate utilities have been added;
- To ensure network communication between several containers, support for drivers for building an IPVLAN virtual network has been added;
- The basic package includes the nginx http server (1.14). Apache httpd has been updated to version 2.4.35, and OpenSSH to 7.8p1.
From the DBMS, MySQL 8.0, MariaDB 10.3, PostgreSQL 9.6/10 and Redis 4.0 are available in the repositories. The MongoDB DBMS was not included due to for a new SSPL license, which is not yet recognized as open;
- Components for virtualization have been upgraded. By default, when creating virtual machines, the type is used (ICH9 chipset emulation) with PCI Express support. You can now use the Cockpit web interface to create and manage virtual machines. The virt-manager interface has been deprecated. QEMU updated to version . QEMU implements sandbox isolation mode, which limits the system calls that QEMU components can use;
- Added support for eBPF-based tracing mechanisms, including using the SystemTap (4.0) toolkit. The composition includes utilities for assembling and loading BPF programs;
- Added experimental support for the XDP (eXpress Data Path) subsystem, which allows running BPF programs on Linux at the network driver level with the ability to directly access the DMA packet buffer and at the stage before the skbuff buffer is allocated by the network stack;
- The boom utility has been added to manage bootloader settings. Boom makes it easy to perform operations such as creating new boot entries, for example, if you need to boot from an LVM snapshot. Boom is only limited to adding new boot entries and cannot be used to modify existing ones;
- Integrated lightweight toolkit for managing isolated containers, which is used to build containers , for start - and to search for ready-made images - ;
- The capabilities related to clustering have been expanded. The Pacemaker cluster resource manager has been updated to version 2.0. In the utility Full support for Corosync 3, knet and node name calling is provided;
- Classic scripts for setting up a network (network-scripts) have been declared obsolete and are no longer supplied by default. To ensure backward compatibility, instead of the ifup and ifdown scripts, bindings have been added to NetworkManager, working through the nmcli utility;
- packages: crypto-utils, cvs, dmraid, empathy, finger, gnote, gstreamer, ImageMagick, mgetty, phonon, pm-utils, rdist, ntp (replaced by chrony), qemu (replaced by qemu-kvm), qt (replaced by qt5-qt), rsh, rt, rubygems (now included in the main ruby ββpackage), system-config-firewall, tcp_wrappers, wxGTK.
- Prepared a universal base image (UBI, ) for creating isolated containers, including allowing you to create containers for a single application. UBI includes a minimal stripped-down environment, runtime add-ons to support programming languages ββ(nodejs, ruby, python, php, perl) and a set of additional packages in the repository.
Source: opennet.ru