ProHoster > Блог > labaran intanet > Sakin rarrabawar Red Hat Enterprise Linux 8.8

Sakin rarrabawar Red Hat Enterprise Linux 8.8

Bayan fitowar Red Hat Enterprise Linux 9.2, an buga sabuntawa zuwa reshe na baya na Red Hat Enterprise Linux 8.8, wanda aka goyan baya a layi daya tare da reshen RHEL 9.x kuma za a tallafawa aƙalla har zuwa 2029. Ana shirya ginin shigarwa don x86_64, s390x (IBM System z), ppc64le da gine-ginen Aarch64, amma ana samun su don saukewa kawai ga masu amfani da Portal Abokin Ciniki na Red Hat (CentOS Stream 9 iso images da free RHEL ginawa ga developers kuma za a iya amfani). Ana rarraba tushen fakitin Red Hat Enterprise Linux 8 rpm ta wurin ajiyar CentOS Git.

Ana yin shirye-shiryen sabbin abubuwan sakewa daidai da tsarin ci gaba, wanda ke nuna samuwar sakewa kowane watanni shida a ƙayyadadden lokaci. Har zuwa 2024, reshe na 8.x zai kasance a cikin cikakken goyon baya, yana nuna ƙaddamar da haɓaka aikin aiki, bayan haka zai matsa zuwa matakin kulawa, wanda abubuwan da suka fi dacewa za su canza zuwa gyare-gyaren kwari da tsaro, tare da ƙananan ci gaba da suka danganci tallafi. m hardware tsarin.

Canje-canje masu mahimmanci:

  • Sabbin sabar da fakitin tsarin: nginx 1.22, Libreswan 4.9, OpenSCAP 1.3.7, Grafana 7.5.15, powertop rebased 2.15, kunna 2.20.0, NetworkManager 1.40.16, mod_security 2.9.6, samba 4.17.5.
  • Abubuwan da aka haɗa sun haɗa da sababbin nau'ikan masu tarawa da kayan aiki don masu haɓakawa: GCC Toolset 12, LLVM Toolset 15.0.7, Rust Toolset 1.66, Go Toolset 1.19.4, Python 3.11, Node.js 18.14, PostgreSQL 15, Git 2.39.1, Valgrind 3.19nd. , SystemTap 4.8, Apache Tomcat 9.
  • An canza saitunan yanayin FIPS don biyan buƙatun daidaitattun FIPS 140-3. 3DES, ECDH da FFDH an kashe su, mafi ƙarancin girman maɓallan HMAC an iyakance shi zuwa rago 112, kuma ƙaramin girman maɓallan RSA shine 2048 rago, SHA-224, SHA-384, SHA512-224, SHA512-256, SHA3-224 kuma SHA3 hashes an kashe su a cikin janareta na lambar bazuwar DRBG -384.
  • An sabunta manufofin SELinux don ba da izinin tsarin-socket-proxyd yayi aiki.
  • Manajan fakitin yum yana aiwatar da umarnin haɓakawa a layi don amfani da sabuntawa ga tsarin a yanayin layi. Ma'anar sabuntawa ta layi shine da farko, ana zazzage sabbin fakiti ta amfani da umarnin "yum offline-upgrade download", bayan haka an aiwatar da umarnin "yum offline-upgrade reboot" don sake kunna tsarin zuwa ƙaramin mahalli da shigar da sabuntawar data kasance. a ciki ba tare da tsangwama ga tsarin aiki ba. Bayan an gama shigarwa na sabuntawa, tsarin zai sake farawa zuwa yanayin aiki na yau da kullun. Lokacin zazzage fakiti don sabuntawar layi, zaku iya amfani da masu tacewa, misali, "--shawara", "--security", "--bugfix".
  • An ƙara sabon fakitin sync4l don cin gajiyar fasahar daidaita mitar SyncE (Ethernet Synchronous), ana goyan bayan wasu katunan cibiyar sadarwa da masu sauya hanyar sadarwa, da kuma ba da damar sadarwa mai inganci a aikace-aikacen RAN (Radio Access Network) saboda ingantaccen aiki tare na lokaci.
  • Wani sabon fayil ɗin sanyi /etc/fapolicyd/rpm-filter.conf an ƙara shi zuwa tsarin fapolicyd (Fayil Access Policy Daemon), wanda ke ba ku damar sanin waɗanne shirye-shiryen za a iya ƙaddamar da wani takamaiman mai amfani da wanda ba zai iya ba, don saita jerin. na fayilolin bayanai na mai sarrafa fakitin RPM waɗanda ake sarrafa su. Misali, ana iya amfani da sabon fayil ɗin sanyi don keɓance takamaiman aikace-aikacen da aka shigar ta hanyar mai sarrafa fakitin RPM daga manufofin samun dama.
  • A cikin kwaya, lokacin zubar da bayanai game da ambaliyar SYN da aka gano a cikin log ɗin, ana ba da bayani game da adireshin IP ɗin da aka samu haɗin don sauƙaƙe ƙayyadaddun manufar ambaliya akan tsarin tare da masu kulawa da adiresoshin IP daban-daban.
  • Ƙara aikin tsarin don kayan aikin podman, yana ba ku damar sarrafa saitunan Podman, kwantena, da sabis na tsarin da ke tafiyar da kwantena na Podman. Podman yana ƙara tallafi don samar da abubuwan dubawa, haɗa masu sarrafa pre-exec (/usr/libexec/podman/pre-exec-hooks da /etc/containers/pre-exec-hooks), da amfani da tsarin Sigstore don adana sa hannun dijital tare da hotuna na akwati.
  • An sabunta kayan aikin kwantena don sarrafa keɓaɓɓen kwantena, gami da fakiti kamar Podman, Buildah, Skopeo, crun da runc.
  • An ƙara kayan aikin akwatin kayan aiki wanda ke ba ku damar ƙaddamar da ƙarin keɓantaccen yanayi, wanda za'a iya daidaita shi ta kowace hanya ta amfani da mai sarrafa fakitin DNF da aka saba. Mai haɓakawa kawai yana buƙatar gudanar da umarnin "akwatin kayan aiki", bayan haka a kowane lokaci zai iya shigar da yanayin da aka ƙirƙira tare da umarnin "akwatin shigar" kuma shigar da kowane fakiti ta amfani da yum utility.
  • Ƙara tallafi don ƙirƙirar hotuna a tsarin vhd da aka yi amfani da shi a cikin Microsoft Azure don gine-ginen ARM64.
  • SSSD (Sabis na Tsaro na Tsari Daemon) ya ƙara tallafi don sauya sunayen adireshi na gida zuwa ƙananan haruffa (ta hanyar amfani da maye gurbin "%h" a cikin sifa ta override_homedir da aka ƙayyade a /etc/sssd/sssd.conf). Bugu da kari, ana ba masu amfani damar canza kalmar sirri da aka adana a cikin LDAP (an kunna ta ta saita ƙimar inuwa don sifa ldap_pwd_policy a /etc/sssd/sssd.conf).
  • glibc yana aiwatar da sabon DSO mai tsauri mai daidaitawa algorithm wanda ke amfani da zurfin bincike na farko (DFS) don magance matsalolin aiki tare da dogaro da madauki. Don zaɓar rarrabuwar DSO algorithm, ana ba da shawarar siga glibc.rtld.dynamic_sort=2, wanda za'a iya saita shi zuwa "1" don mirgina zuwa tsohon algorithm.
  • Mai amfani na rteval yana ba da taƙaitaccen bayani game da nauyin shirin, zaren, da CPUs da aka yi amfani da su don aiwatar da waɗannan zaren.
  • Mai amfani oslat ya ƙara ƙarin zaɓuɓɓuka don auna jinkiri.
  • An ƙara sabbin direbobi don SoC Intel Elkhart Lake, Solarflare Siena, NVIDIA sn2201, AMD SEV, AMD TDX, ACPI Video, Intel GVT-g don KVM, HP iLO/iLO2.
  • Ƙara goyan bayan gwaji don katunan zane mai hankali na Intel Arc (DG2/Alchemist). Don ba da damar haɓaka kayan aiki akan irin waɗannan katunan bidiyo, yakamata ku saka ID na PCI na katin a taya ta hanyar sigar kernel “i915.force_probe=pci-id”.
  • Kunshin inkscape1 an maye gurbinsa da inkscape1, wanda ke amfani da Python 3. An sabunta sigar Inkscape daga 0.92 zuwa 1.0.
  • A cikin yanayin kiosk, zaku iya amfani da maballin allo na GNOME.
  • Laburaren libsoup da abokin ciniki na imel na Juyin Halitta sun ƙara goyan baya don tabbatarwa a cikin Microsoft Exchange Server ta amfani da ka'idar NTLMv2.
  • GNOME yana ba da damar tsara menu na mahallin da aka nuna lokacin da kake danna dama akan tebur. Yanzu mai amfani zai iya ƙara abubuwa zuwa menu don gudanar da umarni na sabani.
  • GNOME yana ba ku damar musaki canza kwamfutoci masu kama-da-wane ta hanyar matsawa sama ko ƙasa tare da yatsu uku akan faifan taɓawa.
  • Ci gaba da samar da goyan bayan gwaji (Tsarin Fasaha) don AF_XDP, saukar da kayan aikin XDP, Multipath TCP (MPTCP), MPLS (Tsarin Lakabin Lakabin Multi-Protocol), DSA (Mai saurin watsa bayanai), KTLS, dracut, kexec sake yi da sauri, nispor, DAX in ext4 da xfs, systemd-resolved, accel-config, igc, OverlayFS, Stratis, Software Guard Extensions (SGX), NVMe/TCP, DNSSEC, GNOME akan tsarin ARM64 da IBM Z, AMD SEV don KVM, Intel vGPU, Akwatin Kayan aiki.

source: budenet.ru

Add a comment