ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > Siideynta koofiyadda cas ee Linux 9.1 qaybinta

Siideynta koofiyadda cas ee Linux 9.1 qaybinta

Koofiyada Cas ayaa daabacday sii deynta Koofiyada Cas ee Linux 9.1 qaybinta. Sawirro rakiban oo diyaarsan ayaa diyaar u ah isticmaalayaasha Xariirka Macmiilka ee Koofiyada Cas ee diiwaangashan (Sawirada CentOS Stream 9 sidoo kale waxaa loo isticmaali karaa in lagu qiimeeyo shaqeynta). Siideynta waxaa loogu talagalay x86_64, s390x (IBM System z), ppc64le iyo Aarch64 (ARM64). Koodhka isha ee xidhmooyinka Koofiyada Cas ee Linux 9 rpm ayaa laga heli karaa kaydka CentOS Git.

Laanta RHEL 9 waxaa lagu horumarinayaa hannaan horumarineed oo furan waxayna isticmaashaa saldhigga xirmada ee CentOS Stream 9. CentOS Stream waxaa loo dhigayaa sidii mashruuc kor loogu qaadayo RHEL, taasoo u oggolaanaysa kaqeybgalayaasha saddexaad inay xakameeyaan diyaarinta xirmooyinka RHEL, soo jeediyaan isbeddelkooda iyo saamaynta go'aannada la gaaray. Sida waafaqsan wareegga taageerada 10-sano ee qaybinta, RHEL 9 waa la taageeri doonaa ilaa 2032.

Isbeddellada muhiimka ah:

  • Xirmooyinka nidaamka iyo server-ka la cusboonaysiiyay: firewalld 1.1.1, Chrony 4.2, unbound 1.16.2, frr 8.2.2, Apache httpd 2.4.53, opencryptoki 3.18.0, powerpc-utils 1.3.10, libvpd 2.2.9, ls.1.7.14pd. 64, ppc2.7-diag 5.3.7, PCP 7.5.13, Grafana 4.16.1, samba XNUMX.
  • Halabuurka waxaa ku jira noocyo cusub oo isku-dubarid iyo qalab loogu talagalay horumarinta: GCC 11.2.1, GCC Toolset 12, LLVM Toolset 14.0.6, binutils 2.35.2, PHP 8.1, Ruby 3.1, Node.js 18, Rust Toolset 1.62 Go Toolset . 1.18.2.
  • Hagaajinta lagu hirgaliyay kernels Linux 5.15 iyo 5.16 ayaa loo wareejiyay eBPF (Berkeley Packet Filter). Tusaale ahaan, barnaamijyada BPF, awoodda codsashada iyo habaynta dhacdooyinka saacadaha ayaa la hirgeliyay, awoodda helitaanka iyo dejinta ikhtiyaarrada godadka ee setsockot, taageerada wicitaanka hawlaha moduleka kernel, qaab dhismeedka kaydinta xogta macquulka ah (maabka BPF) filtarka ubaxa ayaa la sameeyay la soo jeediyay, iyo awoodda lagu xidho tags si ay u cabiraan shaqada ayaa lagu daray.
  • Qaabka balastarrada ee nidaamyada waqtiga-dhabta ah ee loo isticmaalo kernel-rt kernel ayaa la cusboonaysiiyay oo loo dhigay gobol u dhigma 5.15-rt kernel.
  • Dhaqangelinta nidaamka MPTCP (MultiPath TCP), oo loo isticmaalo in lagu abaabulo hawlgalka isku xirka TCP ee gaarsiinta baakadaha isla mar ahaantaana iyadoo la raacayo waddooyin dhowr ah oo loo maro is-dhexgalka shabakado kala duwan, ayaa la cusbooneysiiyay. Isbeddellada laga soo qaaday Linux kernel 5.19 (tusaale ahaan, taageerada lagu daray dib loogu soo celinayo isku xirka MPTCP ee TCP caadiga ah waxayna soo jeedisay API si loogu maareeyo durdurrada MPTCP ee booska isticmaalaha).
  • Nidaamyada leh 64-bit ARM, AMD iyo soo-saareyaasha Intel, waxaa suurtagal ah in la beddelo hab-dhaqanka habka-waqtiga-dhabta ah ee kernel-ka wakhtiga runtime adigoo ku qoraya magaca qaabka faylka "/ sys/kernel/debug/sched/preempt "ama waqtiga bootinta iyada oo loo marayo halbeegga kernel" preempt=" (midna, ikhtiyaari iyo qaabab buuxa ayaa la taageeray).
  • Dejinta bootloader GRUB waa la bedelay si loo qariyo liiska boot-ka sida caadiga ah, iyadoo menu-ku muujinayo haddii bootkii hore uu ku guuldareystay. Si aad u muujiso liiska inta lagu jiro boot, waxaad hoos u dhigi kartaa furaha Shift ama waxaad si joogta ah u riixi kartaa furayaasha Esc ama F8. Si aad u joojiso qarinta, waxaad isticmaali kartaa amarka "grub2-editenv - unset menu_auto_hide".
  • Taageerada abuuritaanka saacadaha qalabka farsamada (PHC, PTP Hardware Clocks) ayaa lagu daray PTP (Precision Time Protocol) darawalka.
  • Amarka modulesync oo lagu daray, kaas oo ka soo qaada xirmooyinka RPM cutubyada oo ka abuura meel kayd ah tusaha shaqada oo wata xogta badan ee lagama maarmaanka u ah rakibidda xirmooyinka moduleka.
  • Tuned, adeeg loogu talagalay la socodka caafimaadka nidaamka iyo wanaajinta profiles ee waxqabadka ugu sarreeya ee ku saleysan culeyska hadda jira, wuxuu bixiyaa awoodda lagu isticmaalo xirmada-profiles-ka-waqtiga-dhabta ah si loo go'doomiyo xudunta CPU iyo bixinta dunta codsiga oo leh dhammaan agabyada la heli karo.
  • NetworkManager waxa uu fuliyaa tarjumaadda boggaga isku xirka qaabka ifcfg ee qaabka (/etc/sysconfig/network-scripts/ifcfg-*) una sameeyso qaab ku saleysan feylka furaha. Si aad u guurto profiles, waxaad isticmaali kartaa amarka "nmcli connection migrate".
  • Qalabka SELinux waa la cusboonaysiiyay si loo sii daayo 3.4, kaas oo wanaajinaya waxqabadka dib-u-dejinta sababtoo ah isbarbardhigga hawlgallada, ikhtiyaarka "-m" ("--checksum") ayaa lagu daray utility semodule si loo helo SHA256 hashes of modules, mcstrans waxaa loo wareejiyay maktabadda PCRE2. Adeegyada cusub ee ka shaqaynta siyaasadaha gelitaanka ayaa lagu daray: sepol_check_access, sepol_compute_av, sepol_compute_member, sepol_compute_relabel, sepol_validate_transition. Xeerarka SELinux ee lagu daray si loo ilaaliyo ksm, nm-priv-helper, rhcd, stald, nidaamka-shabakadda-dhaliye, bartilmaameed-clid iyo adeegyada degdegga ah wg.
  • Waxaa lagu daray awoodda isticmaalka macmiilka Clevis (clevis-luks-systemd) si ay si toos ah u furto qaybaha diskka ee ku qarsoon LUKS oo lagu rakibay marxaladda boot ee soo daahay, iyada oo aan loo baahnayn in la isticmaalo amarka "systemctl awood clevis-luks-askpass.path".
  • Qalabka loogu talagalay diyaarinta sawirada nidaamka waa la ballaariyay si loogu daro taageerada sawirada GCP (Google Cloud Platform), iyadoo si toos ah sawirka loo gelinayo diiwaanka weelka, hagaajinta cabbirka qaybta kabaha, iyo hagaajinta cabbirada (Blueprint) inta lagu jiro abuurista sawirka. (tusaale ahaan, ku darida baakadaha iyo abuurista isticmaalayaasha).
  • Ku-darka utility keylime ee caddaynta (xaqiijinta iyo kormeerka joogtada ah ee daacadnimada) ee nidaamka dibadda iyadoo la adeegsanayo tignoolajiyada TPM (Trusted Platform Module), tusaale ahaan, si loo xaqiijiyo xaqiiqada qalabka Edge iyo IoT oo ku yaal meel aan la koontaroolin halkaasoo gelitaan aan la oggolayn ay suurtagal tahay.
  • Daabacaadda RHEL ee Edge waxay bixisaa awoodda isticmaalka fdo-admin utility si loo habeeyo adeegyada FDO (Aaladda FIDO ee saaran) loona abuuro shahaadooyin iyo furayaal iyaga.
  • SSSD (System Security Services Daemon) waxa ay ku dartay taageerada kaydinta codsiyada SID (tusaale, jeegaga GID/UID) RAM-ka, taas oo suurtogal ka dhigtay in la dedejiyo koobiyaynta hawlaha faylal tiro badan iyada oo loo marayo server-ka Samba. Taageerada la qabsiga Windows Server 2022 waa la bixiyaa.
  • Π’ OpenSSH ΠΌΠΈΠ½ΠΈΠΌΠ°Π»ΡŒΠ½Ρ‹ΠΉ Ρ€Π°Π·ΠΌΠ΅Ρ€ RSA-ΠΊΠ»ΡŽΡ‡Π΅ΠΉ ΠΏΠΎ ΡƒΠΌΠΎΠ»Ρ‡Π°Π½ΠΈΡŽ ΠΎΠ³Ρ€Π°Π½ΠΈΡ‡Π΅Π½ 2048 Π±ΠΈΡ‚Π°ΠΌΠΈ, Π° Π² Π±ΠΈΠ±Π»ΠΈΠΎΡ‚Π΅ΠΊΠ°Ρ… NSS ΠΏΡ€Π΅ΠΊΡ€Π°Ρ‰Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° ΠΊΠ»ΡŽΡ‡Π΅ΠΉ RSA, Ρ€Π°Π·ΠΌΠ΅Ρ€ΠΎΠΌ ΠΌΠ΅Π½Π΅Π΅ 1023 Π±ΠΈΡ‚. Для настройки собствСнных ΠΎΠ³Ρ€Π°Π½ΠΈΡ‡Π΅Π½ΠΈΠΉ Π² OpenSSH Π΄ΠΎΠ±Π°Π²Π»Π΅Π½ ΠΏΠ°Ρ€Π°ΠΌΠ΅Ρ‚Ρ€ RequiredRSASize. Π”ΠΎΠ±Π°Π²Π»Π΅Π½Π° ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° ΠΌΠ΅Ρ‚ΠΎΠ΄Π° ΠΎΠ±ΠΌΠ΅Π½Π° ΠΊΠ»ΡŽΡ‡Π°ΠΌΠΈ [emailka waa la ilaaliyay], oo u adkaysata jabsiga kombayutarada quantum
  • Qalabka ReaR (Nasso-iyo-Soo kabashada) wuxuu ku daray awoodda fulinta amarrada aan sabab lahayn ka hor iyo ka dib soo kabashada.
  • Darawalka Intel E800 Ethernet adapters wuxuu taageeraa iWARP iyo borotokoolka RoCE.
  • Xirmado cusub oo httpd-core ah ayaa lagu daray, kaas oo qayb muhiim ah oo ka mid ah qaybaha Apache httpd la raray, oo ku filan in lagu socodsiiyo server HTTP oo la xidhiidha tirada ugu yar ee ku-tiirsanaanta. Xirmada httpd waxay ku daraysaa qaybo dheeraad ah sida mod_systemd iyo mod_brotli oo ay ku jiraan dukumeenti
  • Waxaa lagu daray xirmo cusub xmlstarlet, oo ay ku jiraan utility for shaandheynta, beddelka, ansaxinta, soo saarista xogta iyo tafatirka faylasha XML, la mid ah grep, sed, awk, diff, patch iyo ku biir, laakiin loogu talagalay XML halkii faylasha qoraalka ah.
  • Awoodaha doorarka nidaamka waa la balaariyay, tusaale ahaan, doorka shabakadu waxay ku dartay taageerada dejinta xeerarka marinka iyo adeegsiga nmstate API, doorka qorista ayaa ku daray taageerada shaandhaynta tibaaxaha caadiga ah (startmsg.regex, endmsg.regex), Doorka kaydinta ayaa ku daray taageerada qaybaha kuwaas oo si firfircoon loo qoondeeyey meel kaydinta ("bixinta khafiifka ah"), awoodda lagu maareeyo iyada oo loo marayo /etc/ssh/sshd_config ayaa lagu daray doorka sshd, dhoofinta tirakoobka waxqabadka Postfix ayaa lagu daray Doorka metrics, awoodda dib u qorida qaabeynta hore ayaa loo hirgeliyay doorka firewall-ka iyo taageerada ku darida, cusbooneysiinta iyo tirtirka ayaa la bixiyay adeegyo ku xiran gobolka.
  • Qalabka lagu maamulo weelasha go'doonsan waa la cusboonaysiiyay, oo ay ku jiraan baakadaha sida Podman, Buildah, Skopeo, crun iyo runc. Taageero lagu daray GitLab Runner oo ku jira weelasha ay ku jiraan Podman runtime. Si loo habeeyo nidaamka hoose ee shabakada weelka, utility netavark iyo server-ka Aardvark DNS ayaa la bixiyaa.
  • Taageero lagu daray amarka ap-check mdevctl si loo habeeyo u gudbinta xawaaraha crypto ee mashiinnada farsamada.
  • Waxaa lagu daray awood horudhac ah (Tiknoolijiyada Horudhac) si loo xaqiijiyo isticmaaleyaasha iyadoo la adeegsanayo bixiyeyaasha dibadda (IdP, bixiyaha aqoonsiga) ee taageera OAuth 2.0 "Device Authorization Grant" kordhinta borotokoolka si loo bixiyo calaamadaha gelitaanka OAuth aaladaha iyadoon la isticmaalin browserka.
  • Fadhiga GNOME-ku-salaysan Wayland, Firefox waxay dhistaa adeegsada Wayland waa la bixiyaa. Dhismayaal ku salaysan X11, oo lagu fuliyay deegaanka Wayland iyadoo la adeegsanayo qaybta XWayland, waxaa lagu meeleeyaa xirmo gooni ah Firefox-x11.
  • Kalfadhi ku salaysan Wayland waxa si toos ah loogu furay nidaamyada Matrox GPUs (Wayland markii hore looma isticmaalin Matrox GPUs sababtoo ah xaddidaadyo iyo arrimaha waxqabadka, kuwaas oo hadda la xalliyay).
  • Taageerada GPU-yada lagu dhex daray processor-rada jiilka 12-aad ee Intel Core, oo ay ku jiraan Intel Core i3 12100T - i9 12900KS, Intel Pentium Gold G7400 iyo G7400T, Intel Celeron G6900 iyo G6900T Intel Core i5-12450HX - i9-12950H-3 i1220-7H-1280 6P. Taageero lagu daray AMD Radeon RX 345[00]5 iyo AMD Ryzen 7/9/6 689[00]XNUMX GPUs.
  • Si loo xakameeyo ku darida ka hortagga dayacanka ee habka MMIO (Memory Mapped Input Output) habka, cabirka boot-ka kernel "mmio_stale_data" waa la hirgeliyay, kaas oo qaadan kara qiyamka "buuxa" gudaha VM), "full, nosmt" (sida "buuxa" + waxa kale oo uu baabi'iyaa SMT/Hyper-strings) iyo "off" (ilaalintu waa naafo).
  • Si loo xakameeyo ku darida ilaalinta nuglaanshaha Retbleed, halbeegga boot kernel "retbleed" ayaa la hirgeliyay, kaas oo aad ku joojin karto ilaalinta ("off") ama dooro nuglaanta xannibista algorithm (auto, nosmt, ibpb, unret).
  • Halbeegga boot kernel-ka acpi_sleep hadda waxa uu taageerayaa doorashooyin cusub oo lagu xakameynayo qaabka hurdada: s3_bios, s3_mode, s3_beep, s4_hwsig, s4_nohwsig, old_ordering, nonvs, sci_force_enable, iyo nobl.
  • Waxaa lagu daray qayb weyn oo ah darawallada cusub ee aaladaha shabakadda, nidaamyada kaydinta iyo chips-garaafyada.
  • Bixinta sii socota ee taageerada tijaabada ah (Tijaabada Tiknoolajiyada) ee KTLS (fulinta heerka kernel ee TLS), VPN WireGuard, Intel SGX (Extensions Guard Software), Intel IDXD (Data Streaming Accelerator), DAX ( Helitaanka Tooska ah) ee ext4 iyo XFS, AMD SEV iyo SEV -ES gudaha KVM hypervisor, adeegga habaysan, maamulaha kaydinta Stratis, Sigstore si loo xaqiijiyo weelasha iyadoo la adeegsanayo saxeexyada dhijitaalka ah, xirmo leh GIMP 2.99.8 tifaftiraha garaafyada, MPTCP (Multipath TCP) dejinta iyada oo loo sii marayo NetworkManager, ACME (Shahaadada Automated) Maareynta Deegaanka) Adeegayaasha, virtio-mem, KVM hypervisor ee ARM64.
  • Qalabka GTK 2 iyo xidhmooyinka la xidhiidha adwaita-gtk2-theme, gnome-common, gtk2, gtk2-immodules iyo hexchat waa la joojiyay. X.org Server waa la jaray (RHEL 9 waxay bixisaa fadhiga GNOME ku salaysan Wayland si caadi ah), kaas oo la qorsheeyay in laga saaro laanta weyn ee RHEL ee soo socota, laakiin waxay sii hayn doontaa awoodda codsiyada X11 ee fadhiga Wayland iyadoo la adeegsanayo XWayland DDX server.

Source: opennet.ru

Add a comment