ProHoster > Блог > labaran intanet > Sakin rarrabawar Red Hat Enterprise Linux 9.1

Sakin rarrabawar Red Hat Enterprise Linux 9.1

Red Hat ya wallafa sakin Red Hat Enterprise Linux 9.1 rarraba. Hotunan shigarwa na shirye-shiryen suna samuwa ga masu amfani da Portal Abokin Ciniki na Red Hat (ana iya amfani da hotunan iso na CentOS Stream 9 don kimanta ayyuka). An tsara sakin don x86_64, s390x (IBM System z), ppc64le da Aarch64 (ARM64) gine-gine. Lambar tushe don fakitin Linux 9rpm na Red Hat Enterprise yana samuwa a cikin ma'ajiyar CentOS Git.

Ana haɓaka reshe na RHEL 9 tare da ƙarin tsarin ci gaba mai buɗewa kuma yana amfani da tushen fakitin CentOS Stream 9 azaman tushen sa. CentOS Stream an sanya shi azaman aikin haɓaka don RHEL, yana bawa mahalarta ɓangare na uku damar sarrafa shirye-shiryen fakiti don RHEL, ba da shawarar canje-canjen su da tasiri ga yanke shawara da aka yanke. Dangane da zagayen tallafi na shekaru 10 don rarrabawa, RHEL 9 za a tallafawa har zuwa 2032.

Canje-canje masu mahimmanci:

  • Sabbin sabar da fakitin tsarin: Firewalld 1.1.1, Chrony 4.2, unbound 1.16.2, frr 8.2.2, Apache httpd 2.4.53, opencryptoki 3.18.0, powerpc-utils 1.3.10, libvpd 2.2.9, ls.1.7.14 64, ppc2.7-diag 5.3.7, PCP 7.5.13, Grafana 4.16.1, samba XNUMX.
  • Tsarin ya haɗa da sababbin nau'ikan masu tarawa da kayan aiki don masu haɓakawa: GCC 11.2.1, GCC Toolset 12, LLVM Toolset 14.0.6, binutils 2.35.2, PHP 8.1, Ruby 3.1, Node.js 18, Rust Toolset 1.62 Go Toolset . 1.18.2.
  • Abubuwan haɓakawa waɗanda aka aiwatar a cikin Linux kernels 5.15 da 5.16 an canza su zuwa tsarin eBPF (Berkeley Packet Filter). Misali, don shirye-shiryen BPF, an aiwatar da ikon nema da aiwatar da al'amuran mai ƙidayar lokaci, ikon karɓa da saita zaɓuɓɓukan soket don setsockopt, tallafi don kiran ayyukan kernel module, tsarin ma'ajin bayanai mai yuwuwa (taswirar BPF) tace fure ya kasance. an tsara, kuma an ƙara ikon ɗaure tags zuwa sigogin aiki.
  • Saitin faci don tsarin ainihin-lokaci da aka yi amfani da shi a cikin kernel-rt kernel an sabunta shi zuwa jihar da ta yi daidai da kernel 5.15-rt.
  • An sabunta aiwatar da tsarin MPTCP (MultiPath TCP), wanda aka yi amfani da shi don tsara aikin haɗin TCP tare da isar da fakiti a lokaci guda tare da hanyoyi da yawa ta hanyar mu'amalar hanyar sadarwa daban-daban. Canje-canje da aka ɗauka daga Linux kernel 5.19 (misali, ƙarin tallafi don jujjuya haɗin haɗin MPTCP zuwa TCP na yau da kullun kuma ya ba da shawarar API don sarrafa rafukan MPTCP daga sararin mai amfani).
  • A kan tsarin tare da 64-bit ARM, AMD da na'urori na Intel, yana yiwuwa a canza yanayin yanayin Real-Time a cikin kernel a lokacin aiki ta hanyar rubuta sunan yanayin zuwa fayil "/ sys / kernel / debug / sched / preempt ” ko a lokacin taya ta hanyar sigar kernel “preempt=” (babu, na son rai da cikakken yanayin da ake tallafawa).
  • An canza saitunan mai ɗaukar kaya na GRUB don ɓoye menu na taya ta tsohuwa, tare da menu yana nuna idan takalmin da ya gabata ya gaza. Don nuna menu yayin taya, zaku iya riƙe maɓallin Shift ko danna maɓallan Esc ko F8 lokaci-lokaci. Don hana ɓoyewa, zaku iya amfani da umarnin "grub2-editenv - unset menu_auto_hide".
  • An ƙara tallafi don ƙirƙirar agogon kayan masarufi (PHC, PTP Hardware Clocks) zuwa direban PTP (Precision Time Protocol).
  • Ƙara umarnin modulesync, wanda ke ɗaukar fakitin RPM daga kayayyaki kuma yana ƙirƙirar wurin ajiya a cikin kundin aiki tare da metadata da ake buƙata don shigar da fakitin module.
  • Saurara, sabis don kula da lafiyar tsarin da haɓaka bayanan martaba don iyakar aiki dangane da nauyin halin yanzu, yana ba da damar yin amfani da fakitin da aka gyara-profiles-realtime don keɓance nau'ikan CPU da samar da zaren aikace-aikace tare da duk albarkatun da ake da su.
  • NetworkManager yana aiwatar da fassarar bayanan bayanan haɗin kai daga tsarin saitunan ifcfg (/etc/sysconfig/network-scripts/ifcfg-*) cikin tsari dangane da fayil ɗin maɓalli. Don ƙaura bayanan martaba, zaku iya amfani da umarnin "nmcli dangane ƙaura".
  • An sabunta kayan aikin SELinux don saki 3.4, wanda ke inganta aikin relabeling saboda daidaitattun ayyuka, zaɓin "-m" ("-checksum") an ƙara shi zuwa mai amfani da semodule don samun SHA256 hashes na kayayyaki, mcstrans. an canza shi zuwa ɗakin karatu na PCRE2. An ƙara sabbin kayan aiki don aiki tare da manufofin shiga: sepol_check_access, sepol_compute_av, sepol_compute_member, sepol_compute_relabel, sepol_validate_transition. Ƙara manufofin SELinux don kare ksm, nm-priv-helper, rhcd, stald, systemd-network-generator, targetclid da wg-sauri ayyuka.
  • An ƙara ikon yin amfani da abokin ciniki na Clevis (clevis-luks-systemd) don buɗe ɓoyayyen ɓoyayyen diski ta atomatik tare da LUKS kuma an saka shi a ƙarshen taya, ba tare da buƙatar amfani da umarnin "systemctl kunna clevis-luks-askpass.path".
  • An faɗaɗa kayan aiki don shirya hotunan tsarin don haɗawa da tallafi don loda hotuna zuwa GCP (Google Cloud Platform), sanya hoton kai tsaye a cikin rajistar akwati, daidaita girman ɓangaren ɓangaren boot, da daidaita sigogi (Blueprint) yayin ƙirƙirar hoto. (misali, ƙara fakiti da ƙirƙirar masu amfani).
  • Ƙara kayan aiki na keylime don shaida (tabbaci da ci gaba da saka idanu na gaskiya) na tsarin waje ta amfani da fasahar TPM (Trusted Platform Module), alal misali, don tabbatar da sahihancin na'urorin Edge da IoT da ke cikin wani wuri mara izini inda damar shiga mara izini zai yiwu.
  • Buga na RHEL don Edge yana ba da damar yin amfani da fdo-admin mai amfani don daidaita ayyukan FDO (FIDO Na'urar Onboard) da ƙirƙirar takaddun shaida da maɓallai gare su.
  • SSSD (System Security Services Daemon) ya ƙara goyon baya don caching buƙatun SID (misali, GID/UID cak) a cikin RAM, wanda ya ba da damar hanzarta kwafin ayyuka don babban adadin fayiloli ta uwar garken Samba. An ba da tallafi don haɗawa tare da Windows Server 2022.
  • A cikin OpenSSH, tsoho mafi ƙarancin maɓalli na RSA yana iyakance ga rago 2048, kuma ɗakunan karatu na NSS ba sa goyan bayan maɓallan RSA ƙasa da 1023. Don saita hane-hane naku, an ƙara ma'aunin RequiredRSASize zuwa OpenSSH. Ƙara tallafi don hanyar musanya maɓalli [email kariya], mai jure wa hacking akan kwamfutoci masu yawa.
  • Kayan aikin ReaR (Relax-and-Recover) ya kara da ikon aiwatar da umarni na sabani kafin da bayan murmurewa.
  • Direba don masu adaftar Ethernet E800 na Intel yana goyan bayan ka'idojin iWARP da RoCE.
  • An ƙara sabon kunshin httpd-core, wanda a cikinsa aka motsa ainihin saitin abubuwan haɗin gwiwar Apache httpd, wanda ya isa ya tafiyar da sabar HTTP kuma yana da alaƙa da ƙaramin adadin abin dogaro. Kunshin httpd yana ƙara ƙarin samfura kamar mod_systemd da mod_brotli kuma ya haɗa da takardu.
  • An ƙara sabon fakitin xmlstarlet, wanda ya haɗa da kayan aiki don tantancewa, canzawa, ingantawa, cire bayanai da gyara fayilolin XML, kama da grep, sed, awk, diff, patch da haɗawa, amma don XML maimakon fayilolin rubutu.
  • An faɗaɗa ƙarfin ayyukan tsarin, alal misali, aikin cibiyar sadarwa ya ƙara goyon baya don kafa ƙa'idodin kewayawa da kuma amfani da API nmstate, aikin shiga ya ƙara goyon baya don tacewa ta hanyar maganganu na yau da kullum (startmsg.regex, endmsg.regex), Matsayin ajiya ya ƙara tallafi don sassan da aka keɓe sararin ajiya mai ƙarfi ("bakin ciki na samarwa"), ikon sarrafa ta / sauransu / ssh / sshd_config an ƙara zuwa matsayin sshd, an ƙara fitar da kididdigar aikin Postfix zuwa ga Matsayin ma'auni, ikon sake rubuta tsarin da ya gabata an aiwatar da shi zuwa aikin Tacewar zaɓi da tallafi don ƙarawa, sabuntawa da sharewa an ba da sabis ɗin dangane da jihar.
  • An sabunta kayan aikin kayan aiki don sarrafa keɓaɓɓen kwantena, gami da fakiti kamar Podman, Buildah, Skopeo, crun da runc. Ƙara goyon baya ga GitLab Runner a cikin kwantena tare da lokacin aiki Podman. Don saita tsarin cibiyar sadarwar kwantena, ana samar da kayan aikin netavark da uwar garken DNS na Aardvark.
  • Ƙara goyon baya ga umarnin ap-check zuwa mdevctl don saita isar da isar da isar da saƙon crypto zuwa injunan kama-da-wane.
  • An ƙara ikon farko (Tsarin Fasaha) don tantance masu amfani ta amfani da masu samar da waje (IdP, mai ba da shaida) waɗanda ke goyan bayan tsawaita yarjejeniya ta OAuth 2.0 “Gyaran Izinin Na'ura” don samar da alamun samun damar OAuth zuwa na'urori ba tare da amfani da mai bincike ba.
  • Don zaman GNOME na tushen Wayland, Firefox yana gina masu amfani da Wayland ana ba da su. Gina akan X11, wanda aka kashe a cikin yanayin Wayland ta amfani da bangaren XWayland, ana sanya su a cikin wani fakitin Firefox-x11 daban.
  • An kunna zaman tushen Wayland ta tsohuwa don tsarin tare da Matrox GPUs (A baya ba a yi amfani da Wayland tare da Matrox GPUs ba saboda iyakancewa da batutuwan aiki, waɗanda yanzu an warware su).
  • Taimakawa ga GPUs da aka haɗa cikin na'urori masu sarrafawa na Intel Core na ƙarni na 12, gami da Intel Core i3 12100T - i9 12900KS, Intel Pentium Gold G7400 da G7400T, Intel Celeron G6900 da G6900T Intel Core i5-12450HX - i9-12950X-3 da Intel Core i1220-7H-1280 6P. Supportara tallafi don AMD Radeon RX 345[00]5 da AMD Ryzen 7/9/6 689[00]XNUMX GPUs.
  • Don sarrafa hada da kariya daga raunin da ya faru a cikin tsarin MMIO (Memory Mapped Input Output), ana aiwatar da siginar taya na kernel "mmio_stale_data", wanda zai iya ɗaukar ƙimar "cikakku" (ba da damar tsaftace abubuwan buffers yayin motsawa zuwa sararin mai amfani a cikin VM), "cikakken, nosmt" (kamar "cikakken" + bugu da ƙari yana hana SMT/Hyper-Threads) da "kashe" (kare kariya).
  • Don sarrafa hada da kariya daga raunin Retbleed, an aiwatar da sigar taya ta kernel "retbleed", ta inda zaku iya kashe kariyar ("kashe") ko zaɓi algorithm toshe rauni (auto, nosmt, ibpb, unret).
  • Sigar boot na acpi_sleep kernel yanzu yana goyan bayan sabbin zaɓuɓɓuka don sarrafa yanayin bacci: s3_bios, s3_mode, s3_beep, s4_hwsig, s4_nohwsig, old_ordering, nonvs, sci_force_enable, da nobl.
  • An ƙara babban yanki na sababbin direbobi don na'urorin cibiyar sadarwa, tsarin ajiya da kwakwalwan kwamfuta.
  • Ci gaba da samar da tallafi na gwaji (Tsarin Fasaha) don KTLS (aikin matakin kernel na TLS), VPN WireGuard, Intel SGX (Extensions Guard Software), Intel IDXD (Data Streaming Accelerator), DAX (Direct Access) don ext4 da XFS, AMD SEV da SEV -ES a cikin KVM hypervisor, sabis na warware tsarin, Stratis ajiya manajan, Sigstore don tabbatar da kwantena ta amfani da sa hannu na dijital, kunshin tare da GIMP 2.99.8 editan hoto, saitunan MPTCP (Multipath TCP) ta hanyar NetworkManager, ACME (Takaddun shaida ta atomatik Muhalli na Gudanarwa) sabobin, virtio-mem, KVM hypervisor don ARM64.
  • Kayan aikin GTK 2 da abubuwan haɗin sa adwaita-gtk2-jigon, gnome-common, gtk2, gtk2-immodules da hexchat an soke su. An soke uwar garken X.org (RHEL 9 yana ba da zaman GNOME na tushen Wayland ta tsohuwa), wanda aka shirya don cire shi a cikin babban reshe na RHEL na gaba, amma zai riƙe ikon gudanar da aikace-aikacen X11 daga zaman Wayland ta amfani da XWayland DDX uwar garken.

source: budenet.ru

Add a comment