Red Hat ya gabatar da sakin Red Hat Enterprise Linux 9 rarraba. Nan da nan za a sami hotunan shigarwa da aka shirya ga masu amfani da Red Hat Abokin Ciniki Portal (ana iya amfani da hotuna na CentOS Stream 9 don kimanta aiki). An tsara sakin don x86_64, s390x (IBM System z), ppc64le da Aarch64 (ARM64) gine-gine. Lambar tushe don fakitin Linux 9rpm na Red Hat Enterprise yana samuwa a cikin ma'ajiyar CentOS Git. Dangane da zagayen tallafi na shekaru 10 don rarrabawa, RHEL 9 za a tallafawa har zuwa 2032. Sabuntawa don RHEL 7 za a ci gaba da fitowa har zuwa 30 ga Yuni, 2024, RHEL 8 har zuwa Mayu 31, 2029.
Red Hat Enterprise Linux 9 sananne ne don ƙaura zuwa mafi buɗe tsarin ci gaba. Ba kamar rassan da suka gabata ba, ana amfani da tushen fakitin CentOS Stream 9 azaman tushen ginin rarrabawar CentOS Stream an sanya shi azaman aikin sama don RHEL, yana bawa mahalarta ɓangare na uku damar sarrafa shirye-shiryen fakiti don RHEL, ba da shawarar canje-canje da tasirin su. yanke shawara. A baya can, an yi amfani da hoton daya daga cikin Fedora da aka saki a matsayin tushen sabon reshe na RHEL, wanda aka kammala da kuma daidaita shi a bayan ƙofofin da aka rufe, ba tare da ikon sarrafa ci gaban ci gaba da yanke shawara ba. Yanzu, bisa ga hoton Fedora, tare da haɗin gwiwar al'umma, an kafa reshen CentOS Stream, wanda ake gudanar da ayyukan shirye-shirye kuma ana kafa tushen don sabon reshen RHEL mai mahimmanci.
Canje-canje masu mahimmanci:
- An sabunta yanayin tsarin da kayan aikin taro. Ana amfani da GCC 11 don gina fakiti. An sabunta daidaitaccen ɗakin karatu na C zuwa glibc 2.34. Kunshin kernel na Linux ya dogara ne akan sakin 5.14. An sabunta manajan fakitin RPM zuwa sigar 4.16 tare da goyan bayan sa ido na gaskiya ta hanyar fapolicyd.
- An kammala ƙaura na rarraba zuwa Python 3. Ana ba da reshen Python 3.9 ta tsohuwa. Python 2 an daina.
- Teburin yana dogara ne akan GNOME 40 (RHEL 8 wanda aka aika tare da GNOME 3.28) da ɗakin karatu na GTK 4. A cikin GNOME 40, kwamfyutocin kwamfyutoci masu kama-da-wane a cikin Yanayin Bayanin Ayyuka ana canza su zuwa yanayin shimfidar wuri kuma ana nunawa azaman sarkar gungurawa ta ci gaba daga hagu zuwa dama. Kowane tebur da aka nuna a cikin yanayin Dubawa yana hango abubuwan da ke akwai da tagogi da murɗaɗa da zuƙowa a hankali yayin da mai amfani ke hulɗa. An samar da sauyi marar lahani tsakanin jerin shirye-shirye da kwamfutoci masu kama-da-wane.
- GNOME ya haɗa da mai sarrafa bayanan martaba-daemon wanda ke ba da ikon canzawa tsakanin yanayin ceton wutar lantarki, yanayin daidaita wutar lantarki, da matsakaicin yanayin aiki.
- An matsar da duk rafukan sauti zuwa uwar garken watsa labarai na PipeWire, wanda yanzu shine tsoho maimakon PulseAudio da JACK. Yin amfani da PipeWire yana ba ku damar samar da ƙwarewar sarrafa sauti na ƙwararru a cikin bugu na yau da kullun, kawar da rarrabuwa da haɗa kayan aikin sauti don aikace-aikace daban-daban.
- Ta hanyar tsoho, menu na taya na GRUB yana ɓoye idan RHEL shine kawai rarrabawar da aka sanya akan tsarin kuma idan taya na ƙarshe ya yi nasara. Don nuna menu yayin taya, kawai ka riƙe maɓallin Shift ko danna maɓallin Esc ko F8 sau da yawa. Daga cikin canje-canje a cikin bootloader, mun kuma lura da sanya fayilolin sanyi na GRUB don duk gine-gine a cikin shugabanci ɗaya /boot/grub2/ (fayil ɗin /boot/efi/EFI/redhat/grub.cfg yanzu shine hanyar haɗi ta alama zuwa /boot). /grub2/grub.cfg), wadanda. Ana iya kunna tsarin shigar guda ɗaya ta amfani da EFI da BIOS.
- Abubuwan da aka haɗa don tallafawa harsuna daban-daban an tattara su a cikin jakunkuna, waɗanda ke ba ku damar bambanta matakin tallafin harshe da aka shigar. Misali, langpacks-core-font yana ba da haruffa kawai, langpacks-core yana ba da wurin glibc, font tushe, da hanyar shigarwa, kuma langpacks yana ba da fassarorin, ƙarin fonts, da ƙamus na duba haruffa.
- An sabunta abubuwan tsaro. Rarrabawa yana amfani da sabon reshe na OpenSSL 3.0 ɗakin karatu na sirri. Ta hanyar tsoho, an kunna ƙarin na zamani da abin dogara algorithms (misali, amfani da SHA-1 a cikin TLS, DTLS, SSH, IKEv2 da Kerberos an haramta, TLS 1.0, TLS 1.1, DTLS 1.0, RC4, Camellia, DSA, 3DES kuma FFDHE-1024 an kashe) . An sabunta fakitin OpenSSH zuwa sigar 8.6p1. An koma Cyrus SASL zuwa GDBM baya maimakon Berkeley DB. NSS (Network Security Services) dakunan karatu ba sa goyan bayan tsarin DBM (Berkeley DB). An sabunta GnuTLS zuwa sigar 3.7.2.
- Ingantaccen ingantaccen aikin SELinux da rage yawan amfani da ƙwaƙwalwar ajiya. A / sauransu / selinux / config, goyon bayan "SELINUX = naƙasasshe" saitin don musaki SELinux an cire (wannan saitin yanzu yana hana ƙaddamar da manufofin, kuma don musaki aikin SELinux yanzu yana buƙatar wucewar "selinux = 0" sigar zuwa ga kwaya).
- Ƙara goyan bayan gwaji don VPN WireGuard.
- Ta hanyar tsoho, shiga ta hanyar SSH kamar yadda aka haramta tushen.
- Kayan aikin sarrafa fakitin iptables-nft (iptables, ip6tables, ebtables da arptables utilities) da ipset an soke su. Yanzu ana ba da shawarar yin amfani da nftables don sarrafa Tacewar zaɓi.
- Ya haɗa da sabon mptcpd daemon don daidaita MPTCP (MultiPath TCP), haɓaka ƙa'idar TCP don tsara aikin haɗin TCP tare da isar da fakiti a lokaci guda tare da hanyoyi da yawa ta hanyoyin mu'amalar hanyar sadarwa daban-daban waɗanda ke da alaƙa da adiresoshin IP daban-daban. Yin amfani da mptcpd yana ba da damar daidaita MPTCP ba tare da amfani da iproute2 mai amfani ba.
- An cire kunshin-rubutun hanyar sadarwa; Ya kamata a yi amfani da NetworkManager don saita haɗin yanar gizo. Goyon baya ga tsarin saitin ifcfg yana riƙe, amma NetworkManager yana amfani da tsarin tushen fayil ta tsohuwa.
- Abun da ke ciki ya haɗa da sabbin nau'ikan masu tarawa da kayan aiki don masu haɓakawa: GCC 11.2, LLVM/Clang 12.0.1, Rust 1.54, Go 1.16.6, Node.js 16, OpenJDK 17, Perl 5.32, PHP 8.0, Python 3.9, Ruby 3.0. Git 2.31, Subversion 1.14, binutils 2.35, CMake 3.20.2, Maven 3.6, Ant 1.10.
- Fakitin uwar garken Apache HTTP Server 2.4.48, nginx 1.20, Varnish Cache 6.5, Squid 5.1 an sabunta su.
- DBMS MariaDB 10.5, MySQL 8.0, PostgreSQL 13, Redis 6.2 an sabunta su.
- Don gina ƙirar QEMU, Clang yana kunna ta tsohuwa, wanda ya ba da damar yin amfani da wasu ƙarin hanyoyin kariya ga hypervisor na KVM, kamar SafeStack don kariya daga dabarun amfani da su dangane da shirye-shiryen da suka dawo (ROP - Return-Oriented Programming).
- A cikin SSSD (System Security Services Daemon), an ƙara dalla-dalla na rajistan ayyukan, alal misali, lokacin kammala aikin yanzu an haɗa shi da abubuwan da suka faru kuma ana nuna kwararar tabbatarwa. Ƙara aikin bincike don nazarin saituna da batutuwan aiki.
- An faɗaɗa tallafi don IMA (Integrity Measurement Architecture) don tabbatar da amincin abubuwan tsarin aiki ta amfani da sa hannu na dijital da hashes.
- Ta hanyar tsoho, an kunna tsarin haɗin kai guda ɗaya (cgroup v2). Za a iya amfani da ƙungiyoyi v2, misali, don iyakance ƙwaƙwalwar ajiya, CPU da yawan amfani da I/O. Babban bambanci tsakanin ƙungiyoyin v2 da v1 shine amfani da tsarin ƙungiyoyin gama gari don kowane nau'in albarkatu, maimakon matsayi daban-daban don rarraba albarkatun CPU, don daidaita yawan ƙwaƙwalwar ajiya, da na I/O. Matsayi daban-daban ya haifar da matsaloli wajen tsara hulɗa tsakanin masu gudanarwa da ƙarin farashin albarkatun kwaya lokacin amfani da ƙa'idodi don tsarin da aka ambata a cikin manyan mukamai daban-daban.
- Ƙara goyon baya don aiki tare na ainihin lokaci dangane da ka'idar NTS (Network Time Security), wanda ke amfani da abubuwa na kayan aikin maɓalli na jama'a (PKI) kuma yana ba da damar yin amfani da TLS da ingantacciyar ɓoyayyen AEAD (Ingantacciyar Encryption tare da Associated Data) don kariya ta sirri hulɗar abokin ciniki da uwar garken ta hanyar ka'idar NTP (Protocol Time Protocol). An sabunta sabar NTP na zamani zuwa sigar 4.1.
- Bayar da tallafi na gwaji (Tsarin Fasaha) don KTLS (ayyukan aiwatar da matakin TLS na kernel), Intel SGX (Extensions Guard Software), DAX (Direct Access) don ext4 da XFS, tallafi ga AMD SEV da SEV-ES a cikin KVM hypervisor.
source: budenet.ru