An gabatar da sakin beta na rarrabawar AlmaLinux 9, wanda aka gina ta amfani da fakiti daga reshen Red Hat Enterprise Linux 9 kuma yana ɗauke da duk canje-canjen da aka gabatar a cikin wannan sakin. An shirya taro don x86_64, ARM64, s390x da ppc64le gine-gine a cikin nau'i na taya (780 MB), kadan (1.7 GB) da cikakken hoto (8 GB). Ana sa ran fitowar RHEL 9 da AlmaLinux 9 a farkon watan Mayu.
Rarraba yana kama da RHEL a cikin aiki, ban da canje-canjen da ke da alaƙa da sakewa da kuma cire takamaiman fakitin RHEL kamar redhat-*, fahimta-abokin ciniki da biyan kuɗi-mai sarrafa- ƙaura *. AlmaLinux kyauta ne ga duk nau'ikan masu amfani, waɗanda aka haɓaka tare da shigar al'umma da kuma amfani da tsarin gudanarwa mai kama da ƙungiyar aikin Fedora. Masu kirkiro na AlmaLinux sunyi ƙoƙari don cimma daidaito mafi kyau tsakanin goyon bayan kamfanoni da bukatun al'umma - a gefe guda, albarkatun da masu haɓaka CloudLinux, wanda ke da kwarewa mai yawa wajen kula da cokali na RHEL, sun shiga cikin ci gaba, kuma a kan ci gaba. a daya hannun kuma, aikin a bayyane yake kuma al'umma ne ke sarrafa shi.
CloudLinux ne ya kafa Rarraba AlmaLinux, wanda, duk da shigar albarkatunsa da masu haɓakawa, sun tura aikin zuwa wata ƙungiya mai zaman kanta ta daban, Gidauniyar AlmaLinux OS, don haɓakawa akan wani wuri mai tsaka tsaki tare da sa hannun al'umma. An ware dala miliyan daya a kowace shekara domin bunkasa aikin. Ana buga duk abubuwan ci gaba na AlmaLinux ƙarƙashin lasisin kyauta.
Babban canje-canje a AlmaLinux 9 da RHEL 9 idan aka kwatanta da reshen RHEL 8:
- An sabunta yanayin tsarin da kayan aikin taro. Ana amfani da GCC 11 don gina fakiti. An sabunta daidaitaccen ɗakin karatu na C zuwa glibc 2.34. Kunshin kernel na Linux ya dogara ne akan sakin 5.14. An sabunta manajan fakitin RPM zuwa sigar 4.16 tare da goyan bayan sa ido na gaskiya ta hanyar fapolicyd.
- An kammala ƙaura na rarraba zuwa Python 3. Ana ba da reshen Python 3.9 ta tsohuwa. Python 2 an daina.
- Teburin yana dogara ne akan GNOME 40 (RHEL 8 wanda aka aika tare da GNOME 3.28) da ɗakin karatu na GTK 4. A cikin GNOME 40, kwamfyutocin kwamfyutoci masu kama-da-wane a cikin Yanayin Bayanin Ayyuka ana canza su zuwa yanayin shimfidar wuri kuma ana nunawa azaman sarkar gungurawa ta ci gaba daga hagu zuwa dama. Kowane tebur da aka nuna a cikin yanayin Dubawa yana hango abubuwan da ke akwai da tagogi da murɗaɗa da zuƙowa a hankali yayin da mai amfani ke hulɗa. An samar da sauyi marar lahani tsakanin jerin shirye-shirye da kwamfutoci masu kama-da-wane.
- GNOME ya haɗa da mai sarrafa bayanan martaba-daemon wanda ke ba da ikon canzawa tsakanin yanayin ceton wutar lantarki, yanayin daidaita wutar lantarki, da matsakaicin yanayin aiki.
- An matsar da duk rafukan sauti zuwa uwar garken watsa labarai na PipeWire, wanda yanzu shine tsoho maimakon PulseAudio da JACK. Yin amfani da PipeWire yana ba ku damar samar da ƙwarewar sarrafa sauti na ƙwararru a cikin bugu na yau da kullun, kawar da rarrabuwa da haɗa kayan aikin sauti don aikace-aikace daban-daban.
- Ta hanyar tsoho, menu na taya na GRUB yana ɓoye idan RHEL shine kawai rarrabawar da aka sanya akan tsarin kuma idan taya na ƙarshe ya yi nasara. Don nuna menu yayin taya, kawai ka riƙe maɓallin Shift ko danna maɓallin Esc ko F8 sau da yawa. Daga cikin canje-canje a cikin bootloader, mun kuma lura da sanya fayilolin sanyi na GRUB don duk gine-gine a cikin shugabanci ɗaya /boot/grub2/ (fayil ɗin /boot/efi/EFI/redhat/grub.cfg yanzu shine hanyar haɗi ta alama zuwa /boot). /grub2/grub.cfg), wadanda. Ana iya kunna tsarin shigar guda ɗaya ta amfani da EFI da BIOS.
- Abubuwan da aka haɗa don tallafawa harsuna daban-daban an tattara su a cikin jakunkuna, waɗanda ke ba ku damar bambanta matakin tallafin harshe da aka shigar. Misali, langpacks-core-font yana ba da haruffa kawai, langpacks-core yana ba da wurin glibc, font tushe, da hanyar shigarwa, kuma langpacks yana ba da fassarorin, ƙarin fonts, da ƙamus na duba haruffa.
- An sabunta abubuwan tsaro. Rarrabawa yana amfani da sabon reshe na OpenSSL 3.0 ɗakin karatu na sirri. Ta hanyar tsoho, an kunna ƙarin na zamani da abin dogara algorithms (misali, amfani da SHA-1 a cikin TLS, DTLS, SSH, IKEv2 da Kerberos an haramta, TLS 1.0, TLS 1.1, DTLS 1.0, RC4, Camellia, DSA, 3DES kuma FFDHE-1024 an kashe) . An sabunta fakitin OpenSSH zuwa sigar 8.6p1. An koma Cyrus SASL zuwa GDBM baya maimakon Berkeley DB. NSS (Network Security Services) dakunan karatu ba sa goyan bayan tsarin DBM (Berkeley DB). An sabunta GnuTLS zuwa sigar 3.7.2.
- Ingantaccen ingantaccen aikin SELinux da rage yawan amfani da ƙwaƙwalwar ajiya. A / sauransu / selinux / config, goyon bayan "SELINUX = naƙasasshe" saitin don musaki SELinux an cire (wannan saitin yanzu yana hana ƙaddamar da manufofin, kuma don musaki aikin SELinux yanzu yana buƙatar wucewar "selinux = 0" sigar zuwa ga kwaya).
- Ƙara goyan bayan gwaji don VPN WireGuard.
- Ta hanyar tsoho, shiga ta hanyar SSH kamar yadda aka haramta tushen.
- Kayan aikin sarrafa fakitin iptables-nft (iptables, ip6tables, ebtables da arptables utilities) da ipset an soke su. Yanzu ana ba da shawarar yin amfani da nftables don sarrafa Tacewar zaɓi.
- Ya haɗa da sabon mptcpd daemon don daidaita MPTCP (MultiPath TCP), haɓaka ƙa'idar TCP don tsara aikin haɗin TCP tare da isar da fakiti a lokaci guda tare da hanyoyi da yawa ta hanyoyin mu'amalar hanyar sadarwa daban-daban waɗanda ke da alaƙa da adiresoshin IP daban-daban. Yin amfani da mptcpd yana ba da damar daidaita MPTCP ba tare da amfani da iproute2 mai amfani ba.
- An cire kunshin-rubutun hanyar sadarwa; Ya kamata a yi amfani da NetworkManager don saita haɗin yanar gizo. Goyon baya ga tsarin saitin ifcfg yana riƙe, amma NetworkManager yana amfani da tsarin tushen fayil ta tsohuwa.
- Abun da ke ciki ya haɗa da sabbin nau'ikan masu tarawa da kayan aiki don masu haɓakawa: GCC 11.2, LLVM/Clang 12.0.1, Rust 1.54, Go 1.16.6, Node.js 16, OpenJDK 17, Perl 5.32, PHP 8.0, Python 3.9, Ruby 3.0. Git 2.31, Subversion 1.14, binutils 2.35, CMake 3.20.2, Maven 3.6, Ant 1.10.
- Fakitin uwar garken Apache HTTP Server 2.4.48, nginx 1.20, Varnish Cache 6.5, Squid 5.1 an sabunta su.
- DBMS MariaDB 10.5, MySQL 8.0, PostgreSQL 13, Redis 6.2 an sabunta su.
- Don gina ƙirar QEMU, Clang yana kunna ta tsohuwa, wanda ya ba da damar yin amfani da wasu ƙarin hanyoyin kariya ga hypervisor na KVM, kamar SafeStack don kariya daga dabarun amfani da su dangane da shirye-shiryen da suka dawo (ROP - Return-Oriented Programming).
- A cikin SSSD (System Security Services Daemon), an ƙara dalla-dalla na rajistan ayyukan, alal misali, lokacin kammala aikin yanzu an haɗa shi da abubuwan da suka faru kuma ana nuna kwararar tabbatarwa. Ƙara aikin bincike don nazarin saituna da batutuwan aiki.
- An faɗaɗa tallafi don IMA (Integrity Measurement Architecture) don tabbatar da amincin abubuwan tsarin aiki ta amfani da sa hannu na dijital da hashes.
- Ta hanyar tsoho, an kunna tsarin haɗin kai guda ɗaya (cgroup v2). Za a iya amfani da ƙungiyoyi v2, misali, don iyakance ƙwaƙwalwar ajiya, CPU da yawan amfani da I/O. Babban bambanci tsakanin ƙungiyoyin v2 da v1 shine amfani da tsarin ƙungiyoyin gama gari don kowane nau'in albarkatu, maimakon matsayi daban-daban don rarraba albarkatun CPU, don daidaita yawan ƙwaƙwalwar ajiya, da na I/O. Matsayi daban-daban ya haifar da matsaloli wajen tsara hulɗa tsakanin masu gudanarwa da ƙarin farashin albarkatun kwaya lokacin amfani da ƙa'idodi don tsarin da aka ambata a cikin manyan mukamai daban-daban.
- Ƙara goyon baya don aiki tare na ainihin lokaci dangane da ka'idar NTS (Network Time Security), wanda ke amfani da abubuwa na kayan aikin maɓalli na jama'a (PKI) kuma yana ba da damar yin amfani da TLS da ingantacciyar ɓoyayyen AEAD (Ingantacciyar Encryption tare da Associated Data) don kariya ta sirri hulɗar abokin ciniki da uwar garken ta hanyar ka'idar NTP (Protocol Time Protocol). An sabunta sabar NTP na zamani zuwa sigar 4.1.
- Bayar da goyan bayan gwaji don KTLS (aiwatar da matakin kernel na TLS), Intel SGX (Extensions Guard Software), DAX (Direct Access) don ext4 da XFS, tallafi ga AMD SEV da SEV-ES a cikin KVM hypervisor.
source: budenet.ru