ProHoster > Blog > internet nhau > Kuburitswa kweRed Hat Enterprise Linux 8.1 kugovera

Kuburitswa kweRed Hat Enterprise Linux 8.1 kugovera

Red Hat Company yakaburitswa kugovera kit Red Hat Enterprise Linux 8.1. Kuisa magungano akagadzirirwa x86_64, s390x (IBM System z), ppc64le uye Aarch64 zvivakwa, asi inowanikwa nokuti downloads chete kune vakanyoreswa Red Hat Mutengi Portal vashandisi. Iwo masosi eRed Hat Enterprise Linux 8 rpm mapakeji anogoverwa kuburikidza Git repository CentOS. Bazi reRHEL 8.x richatsigirwa kusvika muna 2029.

Red Hat Enterprise Linux 8.1 yaive yekutanga kuburitswa kwakagadzirirwa zvinoenderana neiyo nyowani inofungidzira budiriro kutenderera, izvo zvinoreva kuumbwa kwekuburitswa kwemwedzi mitanhatu yega yega panguva yakatarwa. Kuve neruzivo rwakakwana nezve rinhi kuburitswa kutsva kunobvumidza iwe kuwiriranisa masisitimu ebudiriro emapurojekiti akasiyana, gadzirira pachine nguva kuburitswa kutsva, uye kuronga rinhi zvigadziriso zvichashandiswa.

Zvinozivikanwa kuti itsva life cycle Zvigadzirwa zveRHEL zvinotenderera akati wandei, kusanganisira Fedora sechitubu chehunyanzvi hutsva, CentOS Rukova yekuwana mapakeji akagadzirwa kune inotevera yepakati kuburitswa kweRHEL (inotenderera vhezheni yeRHEL),
minimalistic universal base image (UBI, Universal Base Image) yekushandisa zvikumbiro mumidziyo yakasarudzika uye RHEL Developer Kunyoresa kushandiswa kwemahara kweRHEL mukuita kwekusimudzira.

Key change:

  • Rutsigiro rwakazara rwemashini ekushandisa Live zvigamba zvinopihwa (kpatch) kubvisa kusagadzikana muLinux kernel pasina kutangazve sisitimu uye pasina kumisa basa. Pakutanga, kpatch yakarongedzwa sechinhu chekuedza;
  • Kubva pane zvakarongwa fapolicyd Iko kugona kugadzira chena uye nhema rondedzero yezvishandiso yaitwa, iyo inokutendera iwe kusiyanisa kuti ndeapi mapurogiramu anogona kutangwa nemushandisi uye asingagone (semuenzaniso, kuvharira kuvhurwa kwemafaira ekunze asina kusimbiswa ekunze). Sarudzo yekuvharisa kana kubvumidza kuvhurwa inogona kuitwa zvichibva pazita rekunyorera, nzira, yemukati hashi, uye MIME mhando. Kuongorora kwemutemo kunoitika panguva yekuvhurika () uye exec () system mafoni, saka inogona kuve nemhedzisiro yakaipa pakuita;
  • Kuumbwa kwacho kunosanganisira SELinux profiles, yakatarisana nekushandiswa nemidziyo yakasarudzika uye kubvumira yakawanda granular kutonga pamusoro pekuwana masevhisi anomhanya mumidziyo kugamuchira system zviwanikwa. Kugadzira SELinux mitemo yemidziyo, itsva udica utility yakatsanangurwa, iyo inobvumira, tichifunga nezve chaiyo mudziyo, kupa mukana chete kune anodiwa ekunze zviwanikwa, senge kuchengetedza, zvishandiso uye network. Izvo SELinux zvinoshandiswa (libsepol, libselinux, libsemanage, policycoreutils, checkpolicy, mcstrans) zvakagadziridzwa kuburitsa 2.9, uye SETools package kuti ishandure 4.2.2.

    Yakawedzera rudzi rutsva rweSELinux, boltd_t, iyo inorambidza boltd, maitiro ekugadzirisa Thunderbolt 3 zvishandiso (boltd ikozvino inomhanya mumudziyo wakaganhurirwa neSELinux). Yakawedzera kirasi itsva yeSELinux mitemo - bpf, iyo inodzora kupinda kweBerkeley Packet Filter (BPF) uye inoongorora zvikumbiro zveBPF;

  • Inosanganisira stack yemaprotocol ekufambisa FRRouting (BGP4, MP-BGP, OSPFv2, OSPFv3, RIPv1, RIPv2, RIPng, PIM-SM/MSDP, LDP, IS-IS), iyo yakatsiva iyo yaimboshandiswa Quagga package (FRRouting iforogo yeQuagga, saka kugarisana hakuna kukanganiswa. );
  • Kune ecrypted partitions muLUKS2 fomati, rutsigiro rwakawedzerwa kune re-encrypting block zvishandiso panhunzi, pasina kumisa kushandiswa kwavo muhurongwa (semuenzaniso, iwe unogona ikozvino kushandura kiyi kana encryption algorithm pasina kuburitsa chikamu);
  • Tsigiro yeshanduro nyowani yeSCAP 1.3 protocol (Security Content Automation Protocol) yakawedzerwa kune OpenSCAP chimiro;
  • Shanduro dzakagadziridzwa dzeOpenSSH 8.0p1, Tuned 2.12, chrony 3.5, samba 4.10.4. Mamodule ane matavi matsva ePHP 7.3, Ruby 2.6, Node.js 12 uye nginx 1.16 akawedzerwa kune AppStream repository (updating modules nemapazi apfuura kwaenderera mberi). Mapakeji ane GCC 9, LLVM 8.0.1, Rust 1.37 uye Go 1.12.8 akawedzerwa kuSoftware Collection;
  • The SystemTap tracing toolkit yakagadziridzwa kune bazi 4.1, uye iyo Valgrind memory debugging toolkit yakagadziridzwa kushanduro 3.15;
  • Chishandiso chitsva chehutano chakawedzerwa kune identification server deployment tools (IdM, Identity Management), iyo inorerutsa kuzivikanwa kwematambudziko nekushanda kwenzvimbo neserver yekuzivikanwa. Kuiswa uye kumisikidzwa kweIdM nharaunda kunorerutswa, nekuda kwerutsigiro rweAnsible mabasa uye kugona kuisa modules. Yakawedzerwa rutsigiro rweActive Directory Yakavimbika Masango yakavakirwa paWindows Server 2019.
  • Iyo virtual desktop switcher yakashandurwa muchikamu cheGNOME Classic. Widget yekuchinja pakati pematafura ikozvino yave kudivi rekurudyi repazasi pepaneru uye yakagadzirwa semutsetse une zvigunwe zvedesktop (kuchinja kune imwe desktop, ingobaya pachigunwe chinoratidza zvirimo);
  • Iyo DRM (Direct Rendering Manager) subsystem uye yakaderera-level madhiraivha madhiraivha (amdgpu, nouveau, i915, mgag200) akagadziridzwa kuti aenderane neLinux 5.1 kernel. Yakawedzerwa rutsigiro rwe AMD Raven 2, AMD Picasso, AMD Vega, Intel Amber Lake-Y uye Intel Comet Lake-U vhidhiyo subsystems;
  • Turusi rekusimudzira RHEL 7.6 kuenda kuRHEL 8.1 rawedzera tsigiro yekusimudzira pasina kuisirwazve zveArM64, IBM POWER (diki endian) uye IBM Z. Yakawedzera cockpit-leapp plugin kudzoreredza mamiriro kana paine matambudziko panguva yekuvandudza. Iyo / var uye / usr madhairekitori akapatsanurwa muzvikamu zvakasiyana. Yakawedzera UEFI rutsigiro. IN Leapp mapakeji anovandudzwa kubva kune Supplementary repository (inosanganisira proprietary mapakeji);
  • Mugadziri Wemifananidzo akawedzera rutsigiro rwekuvaka mifananidzo yeGoogle Cloud uye Alibaba Cloud Cloud nharaunda. Paunenge uchigadzira kuzadza mufananidzo, kugona kushandisa repo.git kwakawedzerwa kuti ubatanidze mamwe mafaera kubva kune anopokana Git repositories;
  • Macheki ekuwedzera akawedzerwa kuGlibc kuti malloc aone kana zvivharo zvendangariro zvashatiswa;
  • Iyo dnf-utils package yakatumidzwa zita rekuti yum-utils yekuenderana (kugona kuisa dnf-utils kunochengetwa, asi iyi package inozongotsiviwa neyum-utils);
  • Yakawedzera chinyorwa chitsva cheRed Hat Enterprise Linux System Roles, kupa seti yemamodule uye mabasa ekuisa iyo centralized configuration manejimendi sisitimu yakavakirwa pane Ansible uye configuring subsystems kugonesa chaiwo mabasa ane chekuita nekuchengetedza, networking, nguva kuwiriranisa, SElinux mitemo uye kushandiswa kwe kdump mechanism. Somuenzaniso, basa idzva
    kuchengetedza kunokubvumira kuita mabasa akadai sekugadzirisa mafaira emafaira pa diski, kushanda nemapoka eLVM uye zvikamu zvine musoro;

  • Iyo network stack yeVXLAN neGENEVE tunnels yakaisa kugona kugadzirisa ICMP mapaketi "Kuenda Kusingasvikiki", "Packet Yakanyanya Kukura" uye "Redirect Message", iyo yakagadzirisa dambudziko nekusakwanisa kushandisa nzira redirections uye Path MTU Discovery muVXLAN neGENEVE. .
  • Kuitwa kwekuyedza kweiyo XDP (eXpress Data Path) subsystem, iyo inobvumira Linux kuti imhanye zvirongwa zveBPF padanho rekutyaira network nekugona kuwana zvakananga DMA packet buffer uye pachinhanho chisati chapihwa skbuff buffer netiweki stack, pamwe nezvikamu zveBPF, zvakawiriraniswa neLinux 5.0 kernel. Yakawedzera rutsigiro rwekuyedza yeAF_XDP kernel subsystem (eXpress Dhata Path);
  • Yakazara network protocol rutsigiro rwakapihwa TIPC (Transparent Inter-process Communication), yakagadzirirwa kuronga inter-process kutaurirana muboka. Iyo protocol inopa nzira yekuti zvikumbiro zvikurukure nekukurumidza uye nekuvimbika, zvisinei nekuti ndeapi nodes musumbu raari kumhanya pariri;
  • Iyo nzira nyowani yekuchengetedza yekurasa yakakosha kana ikatadza yawedzerwa kune initramfs - "kurasira kwekutanga", kushanda mumatanho ekutanga ekurodha;
  • Yakawedzera kernel parameter ipcmni_extend, iyo inowedzera IPC ID muganho kubva pa32 KB (15 bits) kusvika ku16 MB (24 bits), ichibvumira mapurogiramu kushandisa mamwe akagovaniswa ndangariro zvikamu;
  • Ipset yakagadziridzwa kuburitsa 7.1 nerutsigiro rweIPSET_CMD_GET_BYNAME uye IPSET_CMD_GET_BYINDEX maitiro;
  • Iyo rngd daemon, iyo inozadza dziva re entropy ye pseudorandom nhamba jenareta, inosunungurwa kubva pakuda kumhanya semudzi;
  • Rutsigiro rwakakwana rwakapihwa Intel OPA (Omni-Path Architecture) yemidziyo ine Host Fabric Interface (HFI) uye izere rutsigiro rweIntel Optane DC Persistent Memory zvishandiso.
  • Debug kernels nekusarudzika zvinosanganisira kuvaka neiyo UBSAN (Undefined Behavior Sanitizer) detector, iyo inowedzera mamwe macheki kune yakaunganidzwa kodhi kuona mamiriro ezvinhu kana maitiro echirongwa achinge asina kutsanangurwa (semuenzaniso, kushandiswa kweasina-static akasiyana asati atanga, kupatsanura. manhamba ne zero, anofashukira akasaina emhando dzemhando, kubvisa NULL anonongedzera, matambudziko neanonongedza, nezvimwewo);
  • Iyo kernel source muti ine chaiyo-nguva yekuwedzera (kernel-rt) inowiriraniswa neiyo huru RHEL 8 kernel kodhi;
  • Yakawedzera ibmvnic mutyairi wevNIC (Virtual Network Interface Controller) network controller nekuitwa kwePowerVM chaiyo network tekinoroji. Kana yakashandiswa pamwe chete neSR-IOV NIC, mutyairi mutsva anobvumira bandwidth uye hutano hwekutonga kwesevhisi padanho redhinairi network, zvakanyanya kuderedza virtualization pamusoro uye kuderedza CPU mutoro;
  • Yakawedzera tsigiro yeData Integrity Extensions, iyo inokutendera iwe kuchengetedza data kubva mukukuvadzwa paunenge uchinyorera kukuchengetedza nekuchengetedza mamwe mabhuroki ekugadzirisa;
  • Yakawedzera rutsigiro rwekuyedza (Tekinoroji Preview) yepasuru nmstate, iyo inopa iyo nmstatectl raibhurari uye utility yekugadzirisa zvigadziriso zvenetiweki kuburikidza nedeclarative API (iyo network network inotsanangurwa nenzira yeyakafanotsanangurwa diagraph);
  • Yakawedzerwa kuyedza rutsigiro rwekernel-level TLS (KTLS) kuitiswa neAES-GCM-based encryption, pamwe nerutsigiro rwekuyedza kweOverlayFS, cgroup v2, Stratis, mdev(Intel vGPU) uye DAX (kusvika kwakananga kune faira system ichipfuura cache peji pasina kushandisa block device level) mu ext4 uye XFS;
  • Kutsigirwa kwakaderedzwa kweDSA, TLS 1.0 uye TLS 1.1, iyo yakabviswa kubva kuDEFAULT set uye yakaendeswa kune LEGACY ("update-crypto-policies -set LEGACY");
  • Iwo 389-ds-base-legacy-tools mapakeji akaregwa.
    authd
    kuchengetedza,
    zita remugamuchiri,
    libidn,
    net-zvishandiso,
    network zvinyorwa,
    nss-pam-ldapd,
    sendmail,
    yp-zvishandiso
    ypbind uye ypsv. Vanogona kubviswa mune ramangwana rinokosha kusunungurwa;

  • Iyo ifup uye ifdown zvinyorwa zvakatsiviwa nemaputi anodaidza NetworkManager kuburikidza nenmcli (kudzosera zvinyorwa zvekare, unofanirwa kumhanya "yum install network-scripts").

Source: opennet.ru

Voeg