I-ProHoster > Блог > izindaba ze-inthanethi > Ukusatshalaliswa kwe-CentOS Stream 9 kwethulwe ngokusemthethweni

Ukusatshalaliswa kwe-CentOS Stream 9 kwethulwe ngokusemthethweni

I-CentOS Project isimemezele ngokusemthethweni ukutholakala kokusabalalisa kwe-CentOS Stream 9, esetshenziswa njengesisekelo sokusatshalaliswa kweRed Hat Enterprise Linux 9 njengengxenye yenqubo entsha, evuleleke kakhudlwana yokuthuthukiswa. I-CentOS Stream iwukusabalalisa okubuyekeziwe ngokuqhubekayo futhi ivumela ukufinyelela kwangaphambi kwesikhathi kumaphakheji athuthukiswayo ukuze kukhishwe i-RHEL yesikhathi esizayo. Izakhiwo zilungiselelwa izakhiwo ze-x86_64, Aarch64 kanye ne-ppc64le (IBM Power 9+). Ukwengeza, kumenyezelwa ukusekelwa kwezakhiwo ze-IBM Z (s390x Z14+), kodwa imihlangano yayo ayikakatholakali.

I-CentOS Stream ibekwe njengephrojekthi ekhuphukayo ye-RHEL, enikeza abahlanganyeli bezinkampani zangaphandle ithuba lokulawula ukulungiswa kwamaphakheji e-RHEL, baphakamise izinguquko zabo futhi babe nomthelela ezinqumweni ezenziwe. Ngaphambilini, isifinyezo sokunye kokukhishwa kwe-Fedora sasisetshenziswa njengesisekelo segatsha elisha le-RHEL, elaphothulwa futhi lazinziswa ngemuva kweminyango evaliwe, ngaphandle kwekhono lokulawula ukuqhubeka kwentuthuko nezinqumo ezenziwe. Ngesikhathi sokuthuthukiswa kwe-RHEL 9, ngokusekelwe esifanekisweni se-Fedora 34, ngokubamba iqhaza komphakathi, igatsha le-CentOS Stream 9 lakhiwa, lapho umsebenzi wokulungiselela wenziwa khona futhi kwakhiwa isisekelo segatsha elisha elibalulekile le-RHEL.

Ukusatshalaliswa kwe-CentOS Stream 9 kwethulwe ngokusemthethweni

Kuyaphawulwa ukuthi izibuyekezo ezifanayo zishicilelwe ze-CentOS Stream ezilungiselwe ukukhishwa kwesikhashana okuzayo okungakakhululwa kwe-RHEL futhi umgomo oyinhloko wabathuthukisi ukuzuza izinga lokuzinza le-CentOS Stream elifana nele-RHEL. Ngaphambi kokuthi iphakheji inikezwe ku-CentOS Stream, idlula kumasistimu okuhlola okuzenzakalelayo nezandla, futhi ishicilelwa kuphela uma izinga layo lokuzinza libhekwa njengelihlangabezana nezindinganiso zekhwalithi zamaphakheji alungele ukushicilelwa ku-RHEL. Ngesikhathi esifanayo ne-CentOS Stream, izibuyekezo ezilungisiwe zifakwa ekwakhiweni kwasebusuku kwe-RHEL.

Izinguquko ezinkulu ku-CentOS Stream 9 uma kuqhathaniswa negatsha elibalulekile langaphambilini:

  • Imvelo yesistimu namathuluzi okuhlanganisa abuyekeziwe. I-GCC 11 isetshenziselwa ukwakha amaphakheji. Ilabhulali evamile ye-C ibuyekezelwe ku-glibc 2.34. Iphakheji ye-Linux kernel isuselwe ekukhishweni kwe-5.14. Umphathi wephakheji we-RPM ubuyekezelwe enguqulweni engu-4.16 ngosekelo lokuqapha ubuqotho nge-fapolicyd.
  • Ukuthuthwa kokusabalalisa ku-Python 3 kuqediwe. Igatsha le-Python 3.9 linikezwa ngokuzenzakalelayo. I-Python 2 iyekisiwe.
  • Ideskithophu isekelwe ku-GNOME 40 (i-RHEL 8 ihanjiswe ne-GNOME 3.28) kanye nelabhulali ye-GTK 4. Ku-GNOME 40, amadeskithophu abonakalayo kumodi yokubuka yonke imisebenzi ashintshelwa ku-landscape futhi akhonjiswa njengeketango eliskrola ngokuqhubekayo ukusuka kwesokunxele kuye kwesokudla. Ideskithophu ngayinye eboniswa kumodi yokubuka konke ibona ngeso lengqondo amafasitela atholakalayo futhi amapani aguquguqukayo kanye nokusondeza njengoba umsebenzisi exhumana. Uguquko olungenamthungo luhlinzekwa phakathi kohlu lwezinhlelo namadeskithophu abonakalayo.
  • I-GNOME ihlanganisa isibambi se-power-profiles-daemon esinikeza amandla okushintsha ukundiza phakathi kwemodi yokonga amandla, imodi yokulinganisa amandla, kanye nemodi yokusebenza ephezulu.
  • Konke ukusakazwa komsindo kuyiswe kuseva yemidiya ye-PipeWire, manje eseyikhona emisiwe esikhundleni se-PulseAudio ne-JACK. Ukusebenzisa i-PipeWire kukuvumela ukuthi unikeze amandla okusebenza omsindo ochwepheshe enguqulweni evamile yedeskithophu, ukhiphe ukuhlukana futhi uhlanganise ingqalasizinda yomsindo yezinhlelo zokusebenza ezahlukene.
  • Ngokuzenzakalelayo, imenyu yokuqalisa ye-GRUB iyafihlwa uma i-RHEL kuwukuphela kokusabalalisa okufakwe ohlelweni futhi uma ukuqalisa kokugcina kuphumelele. Ukuze ubonise imenyu ngesikhathi sokuqalisa, vele ubambe ukhiye u-Shift noma ucindezele ukhiye we-Esc noma u-F8 izikhathi ezimbalwa. Phakathi kwezinguquko ku-bootloader, siphinde siphawule ukubekwa kwamafayela okucushwa kwe-GRUB azo zonke izakhiwo kumkhombandlela owodwa /boot/grub2/ (ifayela /boot/efi/EFI/redhat/grub.cfg manje isiyisixhumanisi esingokomfanekiso esiya ku-/boot /grub2/grub.cfg), labo. uhlelo olufanayo olufakiwe lungaqalwa kusetshenziswa kokubili i-EFI ne-BIOS.
  • Izingxenye zokusekela izilimi ezahlukene zipakishwa kuma-langpacks, akuvumela ukuthi uguqule izinga lokusekelwa kolimi olufakiwe. Isibonelo, i-langpacks-core-font inikezela ngamafonti kuphela, i-langpacks-core inikeza indawo ye-glibc, ifonti eyisisekelo, nendlela yokufaka, futhi ama-langpacks ahlinzeka ngokuhumusha, amafonti engeziwe, nezichazamazwi zokuhlola ukupela.
  • Izingxenye zokuphepha zibuyekeziwe. Ukusabalalisa kusebenzisa igatsha elisha lomtapo wolwazi we-cryptographic we-OpenSSL 3.0. Ngokuzenzakalela, ama-algorithms esimanjemanje futhi anokwethenjelwa okubhalwa kwe-cryptographic anikwe amandla (isibonelo, ukusetshenziswa kwe-SHA-1 ku-TLS, DTLS, SSH, IKEv2 kanye ne-Kerberos akuvunyelwe, TLS 1.0, TLS 1.1, DTLS 1.0, RC4, Camellia, DSA, 3DES kanye ne-FFDHE-1024 kukhutshaziwe) . Iphakheji ye-OpenSSH ibuyekezelwe enguqulweni engu-8.6p1. I-Cyrus SASL iyiswe ku-GDBM backend esikhundleni se-Berkeley DB. Imitapo yolwazi ye-NSS (Network Security Services) ayisasekeli ifomethi ye-DBM (Berkeley DB). I-GnuTLS ibuyekezelwe kunguqulo 3.7.2.
  • Ukusebenza kwe-SELinux okuthuthukisiwe kakhulu nokunciphisa ukusetshenziswa kwememori. Ku-/etc/selinux/config, usekelo lwesilungiselelo se-"SELINUX=disabled" ukukhubaza i-SELinux sisusiwe (lesi silungiselelo manje sikhubaza ukulayishwa kwenqubomgomo kuphela, futhi ukukhubaza ukusebenza kwe-SELinux manje kudinga ukudlulisa ipharamitha ethi "selinux=0" ku- i-kernel).
  • Kwengezwe usekelo lokuhlola lwe-VPN WireGuard.
  • Ngokuzenzakalelayo, ukungena ngemvume nge-SSH njengoba impande inqatshelwe.
  • Amathuluzi okuphatha isihlungi sephakethe le-iptables-nft (ama-iptables, ama-ip6tables, izinsiza ze-ebtable kanye nama-arptables) kanye ne-ipset kuhoxisiwe. Manje kuyanconywa ukusebenzisa ama-nftables ukuphatha i-firewall.
  • Kuhlanganisa i-daemon entsha ye-mptcpd yokumisa i-MPTCP (MultiPath TCP), isandiso sephrothokholi ye-TCP yokuhlela ukusebenza koxhumano lwe-TCP nokulethwa kwamaphakethe ngesikhathi esisodwa emizileni embalwa ngokusebenzisa ukuxhumana kwenethiwekhi okuhlukile okuhlotshaniswa namakheli e-IP ahlukene. Ukusebenzisa i-mptcpd kwenza kube nokwenzeka ukumisa i-MPTCP ngaphandle kokusebenzisa i-iproute2 utility.
  • Iphakheji ye-network-scripts isusiwe; I-NetworkManager kufanele isetshenziselwe ukulungisa uxhumano lwenethiwekhi. Ukusekelwa kwefomethi yezilungiselelo ze-ifcfg kuyagcinwa, kodwa i-NetworkManager isebenzisa ifomethi esekelwe kukhiye wefayela ngokuzenzakalelayo.
  • Ukwakhiwa kufaka phakathi izinguqulo ezintsha zabadidiyeli namathuluzi onjiniyela: GCC 11.2, LLVM/Clang 12.0.1, Rust 1.54, Go 1.16.6, Node.js 16, OpenJDK 17, Perl 5.32, PHP 8.0, Python 3.9, Ruby Git 3.0, Subversion 2.31, binutils 1.14, CMake 2.35, Maven 3.20.2, Ant 3.6.
  • Amaphakheji eseva i-Apache HTTP Server 2.4.48, nginx 1.20, Varnish Cache 6.5, Squid 5.1 abuyekeziwe.
  • I-DBMS MariaDB 10.5, MySQL 8.0, PostgreSQL 13, Redis 6.2 ibuyekeziwe.
  • Ukuze kwakhiwe i-emulator ye-QEMU, i-Clang inikwe amandla ngokuzenzakalela, okwenze kwaba nokwenzeka ukusebenzisa ezinye izindlela zokuvikela ezengeziwe ku-hypervisor ye-KVM, njenge-SafeStack ukuze kuvikelwe amasu okuxhashazwa asekelwe ohlelweni olugxile ekubuyiseleni (ROP - Return-Oriented Programming).
  • Ku-SSSD (I-System Security Services Daemon), imininingwane yamalogi inyusiwe, isibonelo, isikhathi sokuqeda umsebenzi manje sinamathiselwe emicimbini futhi nokugeleza kokuqinisekisa kuyaboniswa. Kwengezwe umsebenzi wokusesha ukuze kuhlaziywe izilungiselelo nezinkinga zokusebenza.
  • Usekelo lwe-IMA (Integrity Measurement Architecture) lunwetshiwe ukuze kuqinisekiswe ubuqotho bezingxenye zesistimu yokusebenza kusetshenziswa amasiginesha edijithali namahashi.
  • Ngokuzenzakalelayo, ukulandelana kweqembu elilodwa elihlanganisiwe (iqembu v2) kunikwe amandla. Сgroups v2 ingasetshenziswa, isibonelo, ukukhawulela inkumbulo, CPU kanye ne-I/O ukusetshenziswa. Umehluko oyinhloko phakathi kwamaqoqo v2 kanye ne-v1 ukusetshenziswa kwesigaba samaqembu esivamile kuzo zonke izinhlobo zezinsiza, esikhundleni sezigaba ezihlukene zokwaba izinsiza ze-CPU, zokulawula ukusetshenziswa kwememori, kanye ne-I/O. Izigaba ezihlukene ziholele ebunzimeni ekuhleleni ukusebenzelana phakathi kwabaphathi kanye nasezindlekweni ezengeziwe zensiza ye-kernel lapho kusetshenziswa imithetho yenqubo ebalulwe ezigabeni ezihlukene.
  • Ukwesekwa okwengeziwe kokuvumelanisa isikhathi esiqondile ngokusekelwe kuphrothokholi ye-NTS (Network Time Security), esebenzisa izici zengqalasizinda yokhiye womphakathi (PKI) futhi ivumela ukusetshenziswa kwe-TLS kanye nokubethela okuqinisekisiwe kwe-AEAD (Ukubethela Okuqinisekisiwe Ngedatha Ehlobene) ukuze kuvikelwe i-cryptographic. ukusebenzisana kweklayenti neseva nge-NTP protocol (Iphrothokholi Yesikhathi Senethiwekhi). Iseva ye-chrony NTP ibuyekezelwe enguqulweni engu-4.1.
  • Kuhlinzekelwe ukusekelwa kokuhlola kwe-KTLS (ukuqaliswa kwe-TLS kwezinga le-kernel), i-Intel SGX (Izandiso Zesivikelo Sesofthiwe), i-DAX (Ukufinyelela Okuqondile) kwe-ext4 ne-XFS, ukusekelwa kwe-AMD SEV ne-SEV-ES ku-hypervisor ye-KVM.

Ngokuhambisanayo, igatsha le-CentOS Stream 8 liyaqhubeka nokuthuthuka, elisetshenziswa ekulungiseleleni ukukhishwa okusha kwe-RHEL 8.x futhi kunconywa ukuthi kuhunyushwe amasistimu kusetshenziswa ukusatshalaliswa kwe-CentOS 8.x yakudala, ukusekelwa okuzoyekwa. ekupheleni kwenyanga. Ukuze ushintshele ku-CentOS Stream, vele ufake iphakheji ye-centos-release-stream (“dnf install centos-release-stream”) bese uqhuba umyalo othi “dnf update”. Igatsha le-CentOS Stream 8 lizosekelwa kuze kube umhla ka-31 Meyi 2024, futhi ukusekelwa kwe-CentOS 7.x yakudala kuzophela ngoJuni 30, 2024.

Njengenye indlela, abasebenzisi bangashintshela ekusabalaliseni okuqhubeka nokuthuthukiswa kwegatsha le-CentOS 8: i-AlmaLinux (isikripthi sokufuduka), i-Rocky Linux (isikripthi sokufuduka), i-VzLinux (isikripthi sokufuduka) noma i-Oracle Linux (isikripthi sokufuduka). Ngaphezu kwalokho, i-Red Hat inikeze ithuba (isikripthi sokufuduka) ukuze kusetshenziswe mahhala i-RHEL ezinhlanganweni ezakha isofthiwe yomthombo ovulekile nasezindaweni zonjiniyela ngamunye ezinezinhlelo ezibonakalayo noma ezibonakalayo ezingafika kwezingu-16.

Source: opennet.ru

Engeza amazwana