ProHoster > Блог > labaran intanet > Sakin rarraba Red Hat Enterprise Linux 9.3

Sakin rarraba Red Hat Enterprise Linux 9.3

Kamfanin Red Hat ya fitar da rarrabawar kamfanin Red Hat Enterprise. Linux 9.3 (an sanar da sabon reshen a makon da ya gabata, amma an buga bayanan sakin ne kawai jiya, kuma kafin hakan, shafin har yanzu yana nuna alamar sigar beta). Ana sa ran sabuntawa ga reshen da ya gabata, RHEL 8.9, a ranar 15 ga Nuwamba. Ana samun hotunan shigarwa masu shirye don amfani ga masu amfani da aka yi rijista na Red Hat Customer Portal (ana iya amfani da hotunan ISO don kimanta aikin). CentOS Yawo na 9 da ginawa kyauta na masu haɓaka RHEL. An tsara fitowar don tsarin gine-ginen x86_64, s390x (IBM System z), ppc64le, da Aarch64 (ARM64).

Ana haɓaka reshen RHEL 9 tare da tsarin haɓakawa mai buɗewa kuma yana amfani da tushen kunshin a matsayin tushe CentOS Watsawa ta 9. CentOS An sanya Stream a matsayin wani aiki na sama ga RHEL, wanda ke ba wa masu ba da gudummawa na ɓangare na uku damar sarrafa haɓaka kunshin RHEL, gabatar da canje-canje, da kuma rinjayar yanke shawara. Dangane da zagayowar tallafi na shekaru 10 na rarrabawa, za a tallafa wa RHEL 9 har zuwa 2032.

RHEL 9.3 shine farkon fitowar da tushen fakitin RPM ɗinsa ba a adana shi a cikin ma'ajiyar git na jama'a ba.centos.org kuma ana ba wa abokan cinikin kamfanin ne kawai ta hanyar wani sashe na rufe na gidan yanar gizon, wanda ke ƙarƙashin yarjejeniyar mai amfani (EULA) wanda ke hana sake rarraba bayanai, yana hana amfani da waɗannan fakitin don ƙirƙirar rarrabawa daga asali. Lambar tushe tana nan a cikin ma'ajiyar. CentOS Yawo, amma ba a haɗa shi gaba ɗaya da RHEL ba kuma ba koyaushe yana da sabbin nau'ikan fakiti waɗanda suka dace da waɗanda ke cikin RHEL ba. Rocky Linux, Oracle da SUSE sun haɗu kuma yanzu suna sake buga lambar tushe ta fakitin RHEL release rpm a matsayin wani ɓangare na aikin OpenELA.

Canje-canje masu mahimmanci a cikin RHEL 9.3:

  • Abubuwan da aka haɗa sun haɗa da sababbin nau'ikan masu tarawa da kayan aiki don masu haɓakawa: GCC Toolset 13, LLVM Toolset 16.0.6, Rust Toolset 1.71.1, Go Toolset 1.20.10, GCC 11.4.1 (mai haɗa tsarin), Redis 7, Node.js 20 , java-21-openjdk (java-17-openjdk, java-11-openjdk da java-1.8.0-openjdk suma suna jigilar kaya), Valgrind 3.21, SystemTap 4.9, elfutils 0.189, PCP 6.0.5na , Gra.fa. .
  • Sabuntawar uwar garken da fakitin tsarin: samba 4.18.6, iproute 6.2.0, Apache httpd 2.4.57 (+ mod_authnz_fcgi module wanda aka ƙara), SEtools 4.4.3, OpenSCAP 1.3.8, opencryptoki 3.21.0, NetworkManager 1.44tools, xd. .1.4.0, perf 6.2, dmpd 1.0.2, nvme-cli 2.4, Pacemaker 2.1.6, 389-ds-base 2.3.4.
  • Ƙara umarnin "sake yi" zuwa mai sarrafa fakitin DNF don sake yi ta atomatik bayan an gama ɗaukakawa. Akwai hanyoyi masu zuwa: "ba" (tsoho) - ba tare da sake kunnawa ba, "lokacin-canza" - sake yi bayan kowane sabuntawa (dnf haɓakawa) da "lokacin da ake buƙata" - sake kunnawa kawai idan an shigar da canje-canje yana buƙatar shi (misali, bayan shigarwa). Sabunta kernel ko systemd). Don kashe shi maimakon sake kunnawa, an samar da sigar “-poweroff”.
  • An ƙara sababbin plugins zuwa DNF: "dnf ganye" don nuna duk fakitin da aka shigar waɗanda ba su dogara ga sauran fakitin ba; "Leaves-nuna" don nuna shigar da irin wannan fakiti ko fakitin kwanan nan waɗanda ba a amfani da su azaman abin dogaro bayan ciniki.
  • Daga sabuwar sigar kernel Linux An yi amfani da ka'idojin SCTP (Stream Control Transmission Protocol) da MPTCP (Multipath TCP) wajen aiwatar da su.
  • Dandalin ARM64 yana ba da cikakken goyon baya ga kyamarori tare da kebul na USB, adaftar mara waya (Wi-Fi) da Bluetooth.
  • An bayar da cikakken tallafi don katunan zane-zane na Intel Arc A-Series (Alchemist ko DG2).
  • An daidaita aiwatar da tsarin eBPF tare da kernel Linux 6.3.
  • Ƙara kayan aiki na Stratis don sarrafa ma'ajiyar gida, yana ba da fasali kamar ƙayyadaddun ajiya mai ƙarfi, hotunan hoto, mutunci da yadudduka caching.
  • systemd-udevd an canza shi don ba da damar sunaye na dindindin don mu'amalar hanyar sadarwa ta InfiniBand.
  • Postfix ya haɗa da ikon duba bayanan SRV na DNS don ƙayyade mai watsa shiri da tashar jiragen ruwa na sabar saƙon da za a yi amfani da su don aika saƙonni. Za a iya amfani da fasalin da aka tsara a cikin abubuwan more rayuwa waɗanda ake amfani da sabis tare da keɓaɓɓun lambobin tashar tashar sadarwa don isar da saƙon imel.
  • Kunshin filtata-kofu yana ƙara direban LF-zuwa-CRLF wanda za'a iya amfani dashi don canza haruffan "\n" (filin layi) zuwa haruffa "\r\n" (komawar karusa da ciyarwar layi) haruffa don firintocin da ke tallafawa fayil kawai- kawo karshen layukan sarrafawa "\r\n".
  • FUSE3 yana ƙara ikon ɓata shigarwar kundin adireshi ba tare da buɗe wuraren dutsen da ke da alaƙa da waccan shigarwa ta atomatik ba.
  • NetworkManager ya ƙara goyan baya don zaɓin "no-aaaa" a cikin resolv.conf, wanda ke hana tambayoyin DNS don rikodin AAAA (ƙayyade adireshin IPv6 daga sunan mai watsa shiri). Ƙara goyon baya don zaɓin "lacp_active" don sarrafa sarrafa firam ɗin LACPDU (Link Aggregation Control Protocol Data Units). An aiwatar da sake kunna NetworkManager bayan sake kunna sabis ɗin dbus. Ana nuna sanarwar yanzu idan an yi amfani da tsohon tsarin saitin ifcfg don bayanan bayanan haɗin gwiwa. Ƙara goyon baya ga kaddarorin masu zuwa: link.tx-queue-length, link.gro-max-size, link.gso-max-segments da link.gso-max-size.
  • Don hanyar sadarwa iri ɗaya, NetworkManager yana ba da damar amfani da saitunan madaidaici da tsauri (DHCP); alal misali, mai amfani da nmstate zai iya saita adireshi na tsaye don dubawa wanda aka kunna goyon bayan DHCP. nmstate yana ba da damar ɗaure saitunan zuwa cibiyar sadarwa ta adireshin MAC, maimakon sunan dubawa.
  • An faɗaɗa tallafin kayan aiki. An ƙara tallafi ga ARM64 NVIDIA Grace CPUs. Daga kernel Linux 6.2 ya haɗa da direban Intel QAT tare da tallafin na'urorin Intel Quick Assist Technology 401xx/402xx.
  • Don kare kai daga hare-haren Specter v2 da ke da alaƙa da aiwatar da ƙayyadaddun umarni, an ƙara yanayin AutoIBRS (Aikin Ƙuntataccen Hasashen Reshen Kai tsaye), yana goyan bayan AMD CPUs waɗanda ke farawa da dangin EPYC 9004 Genoa.
  • Don kwantena, yana yiwuwa a yi amfani da kwakwalwan kwamfuta na kama-da-wane don adana maɓallan cryptographic (vTPM), waɗanda aka aiwatar bisa tushen TPM na zahiri na gama gari (Trusted Platform Module).
  • LVM ya ƙara goyan baya don ɓangarori na ma'ana vmcore don jujjuyawar asali ta tsarin kdump.
  • An ƙara ma'aunin "inst.wait_for_disks" zuwa majalissar shigarwa, wanda ke ƙayyade lokacin jiran fayil ɗin kickstart don lodawa ko don direbobi su kasance a shirye yayin aikin taya.
  • Lokacin shigarwa akan tsarin ARM, mai sakawa yana ba da damar zaɓar nau'in kernel ɗin da aka shigar (misali, tare da shafukan ƙwaƙwalwar ajiya 64 KB). An cire kunshin s390utils-base daga mafi ƙarancin yanayin shigarwa kuma s390utils-core kawai ya rage.
  • Mai Ginin Hoton RHEL ya kara da ikon samar da fayilolin OVA don VMware VSphere.
  • A cikin fayilolin kickstart, sababbin zaɓuɓɓukan "-ipv4-dns-search" da "-ipv6-dns-search" an ƙara su zuwa umarnin cibiyar sadarwa don saita saitunan tushe don umarnin "bincike" a /etc/resolv.conf, haka kuma zaɓi “—ipv4 -ignore-auto-dns” da “-ipv6-ignore-auto-dns” don yin watsi da dawo da saitunan DNS ta DHCP.
  • Ingantattun tallafi don tsawaita TLS EMS (Sirrin Jagora, RFC 7627, da ake buƙata don tabbatar da bin buƙatun FIPS-140-3 a cikin haɗin tushen TLS 1.2.
  • OpenSSH ta fara rage amfani da tsarin hash ɗinta na SHA-1 don maye gurbin SHA-2. uwar garke Maɓallan SHA-1 da suka ɓace a cikin sshd yanzu za su yi amfani da SHA-2 ne kawai don tabbatar da maɓallan masu masaukin baki, wanda hakan na iya haifar da rashin jituwa da RHEL 8 da tsofaffin abokan ciniki.
  • OpenSSL yana ƙara goyan baya don daidaita sigogi don Brainpool amintattu masu lanƙwasa elliptic kuma yana ba da kariya daga hare-haren ɓarnawar RSA dangane da lokacin aiki ta amfani da bambance-bambancen hanyar Bleichenbacher.
  • RPCSEC GSS Kerberos V5 yana ƙara tallafi don camellia128-cts-cmac, camellia256-cts-cmac, aes128-cts-hmac-sha256-128 da aes256-cts-hmac-sha384-192 hanyoyin ɓoyewa.
  • An ƙara tallafi don abubuwan FANOTIFY zuwa kayan aikin tantancewa da filayen fan_type (nau'in taron), fan_info (bayanan da ke da alaƙa), sub_trust da obj_trust (matakan amincewa ga batun da abin taron) an adana su a cikin log ɗin. Don sauƙaƙe matsalolin gyara kuskure, sabis ɗin fapolicyd ya ƙara watsa lambobin mulki don kiran da aka ƙi zuwa ga fanotify API.
  • An ƙara wani matsayi na tsarin don kayan aikin kayan aiki na maɓalli, wanda ke sauƙaƙa daidaitawar mai rejista na Keylime da mai tabbatarwa, ana amfani da shi don tabbatar da sahihanci da ci gaba da lura da amincin tsarin waje. Misali, zaku iya tabbatar da asalin na'urorin Edge da IoT da ke cikin wani wuri mara sarrafawa inda zai yiwu samun dama mara izini. Sabon sakin keylime 7.3 yana da hannu.
  • Ƙara aikin tsarin don sarrafawa da shigar da na'urori masu tsarin. An ƙara rawar tsarin don shigarwa, daidaitawa, sarrafawa da gudanar da PostgreSQL DBMS. An ƙara tallafi don ayyana, canzawa da share ipset zuwa aikin tsarin Tacewar zaɓi.
  • A Kudancin KoriyaLinux An ƙara zaɓin virt_qemu_ga_run_unconfined, wanda ke ba da damar aiwatar da qemu-ga (QEMU Guest Agent) don aiwatar da umarni a cikin yanayin da ba a haɗa ba (unconfined_t domain) kamar mount, waɗanda aka ƙayyade su ta hanyar SELinuxAn ƙara manufofin SELinux don kare ayyukan qat, systemd-pstore, boothd, fdo-manufacturing-server, fdo-rendezvous-server, fdo-client-linuxapp, da kuma ayyukan uwar garken fdo-owner-onboarding.
  • Ƙara goyon baya don kayan aikin haɓakawa don ƙarni na 4 na Intel Xeon Scalable (Sapphire Rapids) na'urori masu sarrafawa, wanda ke ba ku damar amfani da samfurin SapphireRapids CPU a cikin injunan kama-da-wane da kuma amfani da ƙarfin haɓakawa na ci gaba da ke cikin waɗannan na'urori.
  • Podman yana ƙara tallafi don kwantena da aka matsa ta amfani da zstd algorithm. Ƙara ikon yin amfani da Quadlets don samar da tsarin aiki ta atomatik daga kwatancen kwantena. Ƙara harsashi podmansh, wanda za'a iya amfani dashi maimakon /usr/bin/bash don fara zaman mai amfani a cikin akwati. Sabbin nau'ikan Podman, Buildah, Skopeo, crun da runc.
  • An ƙara sabbin zaɓuɓɓukan layin umarni na kernel:
    • amd_pstate don sarrafa yanayin amfani da wutar lantarki na AMD CPUs;
    • arm64.nosve don kashe SVE (Scalable Vector Extension);
    • arm64.nosme don kashe SME (Scalable Matrix Extension);
    • gather_data_sampling don sarrafa yanayin kariya daga harin GDS (Tara Samfuran Bayanai ko Faɗuwa);
    • nospectre_bhb don kashe kariyar Specter-BHB;
    • trace_clock don saita mai ƙididdigewa.
  • Ƙarfafa ƙarfin aiki don gungu da tsarin jure rashin kuskure: Taimako don maye gurbin (cirewa) na ƙungiyoyin ɓangarori waɗanda ba su da ɓangarori na zahiri an ƙara su zuwa wakilin LVM-activate. An ƙara goyan baya don tafiyar da manufofin zuwa ga wakilan albarkatu na tari IPaddr2 da IPsrcaddr. An ƙara tallafi don EFS (Tsarin Fayil na Elastic na Amazon) zuwa ocf: bugun zuciya: Wakilin tsarin fayil.
  • An ƙara sabbin hotunan kwantena tare da saitunan FDO (FIDO Na'urar Akan Jirgin): fdo-manufacturing-server, fdo-owner-onboarding-server, fdo-rendezvous-uwar garken da fdo-serviceinfo-api-uwar garke. An ƙara sabon hoton ganga rhel9/squid tare da wakili na Squid. Buga na RHEL don Edge yana goyan bayan sabbin nau'ikan hoto "ƙananan-raw", "edge-vsphere" (*.vmdk) da "edge-ami" (*.ami).
  • An ƙara tallafi don yin booting a yanayin UEFI zuwa hotunan AMI don mahallin girgije na AWS EC2.
  • Don yin aiki tare da katunan wayo da alamun USB CCID (Na'urar Interface Card Chip Card) da ICCD (Integrated Circuit Card Device), ana amfani da sabon sakin direban pcsc-lite-ccid 1.5.2, wanda ke warware matsaloli tare da mai sarrafa Alcor Micro AU9560 kuma yana ƙara tallafi don sabbin katunan wayo masu karatu
  • An soke fakitin saitin farko da pmdk (Kit ɗin Haɓaka Ƙwaƙwalwar Ƙwaƙwalwa).
  • Ƙara goyon bayan gwaji don PRP (Parallel Redundancy Protocol) da HSR (High-ailability Seamless Redundancy) ladabi.
  • An ƙara fasalin gwaji don haɓaka kayan aikin IPsec ta hanyar motsa ayyukan ɓoye fakiti zuwa gefen katin cibiyar sadarwa.
  • Ƙara goyan bayan gwaji don SRv6 (Yankin Roting akan IPV6).
  • Aiwatar da gwaji na kTLS (matakin kernel TLS) yana aiki tare da kwaya 6.3. Ƙara tallafi don amfani da kTLS don haɓaka GnuTLS.
  • Ƙara goyan bayan gwaji don io_uring asynchronous I/O interface, sanannen don goyon bayan sa don jefa ƙuri'a na I/O da ikon yin aiki tare da ko ba tare da buffer ba. Tare da io_uring API, masu haɓaka kernel sun yi ƙoƙarin kawar da gazawar tsohuwar ƙirar aio. Dangane da aiki, io_uring yana kusa da SPDK kuma yana gaba da libaio sosai lokacin aiki tare da kunna ƙuri'a.
  • Goyon bayan gwaji don ACME (Automated Certificate Management Environment) ka'idar gudanarwar takardar shedar da aka yi amfani da ita a cikin ikon ba da takaddun shaida na Let's Encrypt an ƙara zuwa IdM (Gudanar da Shaida).
  • Podman ya ƙara wani zaɓi na gwaji don amfani da tushen bayanan ajiya na SQLite (maimakon BoltDB).
  • Ci gaba da samar da goyan bayan gwaji (Tsarin Fasaha):
    • VPN WireGuard,
    • Intel SGX (Extensions Guard Software),
    • Intel IDXD (Data Streaming Accelerator),
    • DAX (Aiki kai tsaye) don ext4 da XFS,
    • AMD SEV da SEV-ES a cikin KVM hypervisor,
    • sabis na warware tsarin,
    • Hanyar sigstore don tabbatar da kwantena ta amfani da sa hannun dijital,
    • kunshin tare da editan hoto GIMP 2.99.8,
    • Saitunan MPTCP (Multipath TCP) ta hanyar NetworkManager,
    • DNSSEC a cikin IDM,
    • virtio-mem
    • KVM hypervisor don ARM64,
    • shigarwa akan NVMe akan tashar Fiber,
    • API ɗin Socket don TuneD,
    • Soft-iWARP (Internet Wide- Area RDMA Protocol),
    • GNOME don ARM64 da IBM Z.

    source: budenet.ru

    Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster