I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukusabalalisa kwe-Red Hat Enterprise Linux 9 kwethulwe

Ukusabalalisa kwe-Red Hat Enterprise Linux 9 kwethulwe

I-Red Hat yethule ukukhishwa kokusatshalaliswa kwe-Red Hat Enterprise Linux 9. Izithombe zokufakwa esezilungile zizotholakala maduze kubasebenzisi ababhalisiwe be-Red Hat Customer Portal (izithombe ze-CentOS Stream 9 iso nazo zingasetshenziswa ukuhlola ukusebenza). Ukukhishwa kuklanyelwe ukwakhiwa kwe-x86_64, s390x (IBM System z), ppc64le kanye ne-Aarch64 (ARM64). Ikhodi yomthombo yamaphakheji weRed Hat Enterprise Linux 9 rpm iyatholakala endaweni ye-CentOS Git. Ngokuvumelana nomjikelezo wosekelo weminyaka eyi-10 wokusabalalisa, i-RHEL 9 izosekelwa kuze kube ngu-2032. Izibuyekezo ze-RHEL 7 zizoqhubeka nokukhishwa kuze kube nguJuni 30, 2024, RHEL 8 kuze kube nguMeyi 31, 2029.

I-Red Hat Enterprise Linux 9 iphawuleka ngokuhamba kwayo enqubweni yokuthuthukisa evuleleke kakhudlwana. Ngokungafani namagatsha angaphambilini, isisekelo sephakheji ye-CentOS Stream 9 sisetshenziswa njengesisekelo sokwakha ukusatshalaliswa. I-CentOS Stream ibekwe njengephrojekthi ekhuphukayo ye-RHEL, evumela abahlanganyeli bezinkampani zangaphandle ukuthi balawule ukulungiswa kwamaphakheji e-RHEL, baphakamise izinguquko zabo kanye nomthelela. izinqumo ezenziwe. Ngaphambilini, isifinyezo sokunye kokukhishwa kwe-Fedora sasisetshenziswa njengesisekelo segatsha elisha le-RHEL, elaphothulwa futhi lazinziswa ngemuva kweminyango evaliwe, ngaphandle kwekhono lokulawula ukuqhubeka kwentuthuko nezinqumo ezenziwe. Manje, ngokusekelwe kusifinyezo se-Fedora, ngokubamba iqhaza komphakathi, kwakhiwa igatsha le-CentOS Stream, lapho kwenziwa khona umsebenzi wokulungiselela futhi kwakhiwa isisekelo segatsha elisha elibalulekile le-RHEL.

Izinguquko ezibalulekile:

  • Imvelo yesistimu namathuluzi okuhlanganisa abuyekeziwe. I-GCC 11 isetshenziselwa ukwakha amaphakheji. Ilabhulali evamile ye-C ibuyekezelwe ku-glibc 2.34. Iphakheji ye-Linux kernel isuselwe ekukhishweni kwe-5.14. Umphathi wephakheji we-RPM ubuyekezelwe enguqulweni engu-4.16 ngosekelo lokuqapha ubuqotho nge-fapolicyd.
  • Ukuthuthwa kokusabalalisa ku-Python 3 kuqediwe. Igatsha le-Python 3.9 linikezwa ngokuzenzakalelayo. I-Python 2 iyekisiwe.
  • Ideskithophu isekelwe ku-GNOME 40 (i-RHEL 8 ihanjiswe ne-GNOME 3.28) kanye nelabhulali ye-GTK 4. Ku-GNOME 40, amadeskithophu abonakalayo kumodi yokubuka yonke imisebenzi ashintshelwa ku-landscape futhi akhonjiswa njengeketango eliskrola ngokuqhubekayo ukusuka kwesokunxele kuye kwesokudla. Ideskithophu ngayinye eboniswa kumodi yokubuka konke ibona ngeso lengqondo amafasitela atholakalayo futhi amapani aguquguqukayo kanye nokusondeza njengoba umsebenzisi exhumana. Uguquko olungenamthungo luhlinzekwa phakathi kohlu lwezinhlelo namadeskithophu abonakalayo.
  • I-GNOME ihlanganisa isibambi se-power-profiles-daemon esinikeza amandla okushintsha ukundiza phakathi kwemodi yokonga amandla, imodi yokulinganisa amandla, kanye nemodi yokusebenza ephezulu.
  • Konke ukusakazwa komsindo kuyiswe kuseva yemidiya ye-PipeWire, manje eseyikhona emisiwe esikhundleni se-PulseAudio ne-JACK. Ukusebenzisa i-PipeWire kukuvumela ukuthi unikeze amandla okusebenza omsindo ochwepheshe enguqulweni evamile yedeskithophu, ukhiphe ukuhlukana futhi uhlanganise ingqalasizinda yomsindo yezinhlelo zokusebenza ezahlukene.
  • Ngokuzenzakalelayo, imenyu yokuqalisa ye-GRUB iyafihlwa uma i-RHEL kuwukuphela kokusabalalisa okufakwe ohlelweni futhi uma ukuqalisa kokugcina kuphumelele. Ukuze ubonise imenyu ngesikhathi sokuqalisa, vele ubambe ukhiye u-Shift noma ucindezele ukhiye we-Esc noma u-F8 izikhathi ezimbalwa. Phakathi kwezinguquko ku-bootloader, siphinde siphawule ukubekwa kwamafayela okucushwa kwe-GRUB azo zonke izakhiwo kumkhombandlela owodwa /boot/grub2/ (ifayela /boot/efi/EFI/redhat/grub.cfg manje isiyisixhumanisi esingokomfanekiso esiya ku-/boot /grub2/grub.cfg), labo. uhlelo olufanayo olufakiwe lungaqalwa kusetshenziswa kokubili i-EFI ne-BIOS.
  • Izingxenye zokusekela izilimi ezahlukene zipakishwa kuma-langpacks, akuvumela ukuthi uguqule izinga lokusekelwa kolimi olufakiwe. Isibonelo, i-langpacks-core-font inikezela ngamafonti kuphela, i-langpacks-core inikeza indawo ye-glibc, ifonti eyisisekelo, nendlela yokufaka, futhi ama-langpacks ahlinzeka ngokuhumusha, amafonti engeziwe, nezichazamazwi zokuhlola ukupela.
  • Izingxenye zokuphepha zibuyekeziwe. Ukusabalalisa kusebenzisa igatsha elisha lomtapo wolwazi we-cryptographic we-OpenSSL 3.0. Ngokuzenzakalela, ama-algorithms esimanjemanje futhi anokwethenjelwa okubhalwa kwe-cryptographic anikwe amandla (isibonelo, ukusetshenziswa kwe-SHA-1 ku-TLS, DTLS, SSH, IKEv2 kanye ne-Kerberos akuvunyelwe, TLS 1.0, TLS 1.1, DTLS 1.0, RC4, Camellia, DSA, 3DES kanye ne-FFDHE-1024 kukhutshaziwe) . Iphakheji ye-OpenSSH ibuyekezelwe enguqulweni engu-8.6p1. I-Cyrus SASL iyiswe ku-GDBM backend esikhundleni se-Berkeley DB. Imitapo yolwazi ye-NSS (Network Security Services) ayisasekeli ifomethi ye-DBM (Berkeley DB). I-GnuTLS ibuyekezelwe kunguqulo 3.7.2.
  • Ukusebenza kwe-SELinux okuthuthukisiwe kakhulu nokunciphisa ukusetshenziswa kwememori. Ku-/etc/selinux/config, usekelo lwesilungiselelo se-"SELINUX=disabled" ukukhubaza i-SELinux sisusiwe (lesi silungiselelo manje sikhubaza ukulayishwa kwenqubomgomo kuphela, futhi ukukhubaza ukusebenza kwe-SELinux manje kudinga ukudlulisa ipharamitha ethi "selinux=0" ku- i-kernel).
  • Kwengezwe usekelo lokuhlola lwe-VPN WireGuard.
  • Ngokuzenzakalelayo, ukungena ngemvume nge-SSH njengoba impande inqatshelwe.
  • Amathuluzi okuphatha isihlungi sephakethe le-iptables-nft (ama-iptables, ama-ip6tables, izinsiza ze-ebtable kanye nama-arptables) kanye ne-ipset kuhoxisiwe. Manje kuyanconywa ukusebenzisa ama-nftables ukuphatha i-firewall.
  • Kuhlanganisa i-daemon entsha ye-mptcpd yokumisa i-MPTCP (MultiPath TCP), isandiso sephrothokholi ye-TCP yokuhlela ukusebenza koxhumano lwe-TCP nokulethwa kwamaphakethe ngesikhathi esisodwa emizileni embalwa ngokusebenzisa ukuxhumana kwenethiwekhi okuhlukile okuhlotshaniswa namakheli e-IP ahlukene. Ukusebenzisa i-mptcpd kwenza kube nokwenzeka ukumisa i-MPTCP ngaphandle kokusebenzisa i-iproute2 utility.
  • Iphakheji ye-network-scripts isusiwe; I-NetworkManager kufanele isetshenziselwe ukulungisa uxhumano lwenethiwekhi. Ukusekelwa kwefomethi yezilungiselelo ze-ifcfg kuyagcinwa, kodwa i-NetworkManager isebenzisa ifomethi esekelwe kukhiye wefayela ngokuzenzakalelayo.
  • Ukwakhiwa kufaka phakathi izinguqulo ezintsha zabadidiyeli namathuluzi onjiniyela: GCC 11.2, LLVM/Clang 12.0.1, Rust 1.54, Go 1.16.6, Node.js 16, OpenJDK 17, Perl 5.32, PHP 8.0, Python 3.9, Ruby Git 3.0, Subversion 2.31, binutils 1.14, CMake 2.35, Maven 3.20.2, Ant 3.6.
  • Amaphakheji eseva i-Apache HTTP Server 2.4.48, nginx 1.20, Varnish Cache 6.5, Squid 5.1 abuyekeziwe.
  • I-DBMS MariaDB 10.5, MySQL 8.0, PostgreSQL 13, Redis 6.2 ibuyekeziwe.
  • Ukuze kwakhiwe i-emulator ye-QEMU, i-Clang inikwe amandla ngokuzenzakalela, okwenze kwaba nokwenzeka ukusebenzisa ezinye izindlela zokuvikela ezengeziwe ku-hypervisor ye-KVM, njenge-SafeStack ukuze kuvikelwe amasu okuxhashazwa asekelwe ohlelweni olugxile ekubuyiseleni (ROP - Return-Oriented Programming).
  • Ku-SSSD (I-System Security Services Daemon), imininingwane yamalogi inyusiwe, isibonelo, isikhathi sokuqeda umsebenzi manje sinamathiselwe emicimbini futhi nokugeleza kokuqinisekisa kuyaboniswa. Kwengezwe umsebenzi wokusesha ukuze kuhlaziywe izilungiselelo nezinkinga zokusebenza.
  • Usekelo lwe-IMA (Integrity Measurement Architecture) lunwetshiwe ukuze kuqinisekiswe ubuqotho bezingxenye zesistimu yokusebenza kusetshenziswa amasiginesha edijithali namahashi.
  • Ngokuzenzakalelayo, ukulandelana kweqembu elilodwa elihlanganisiwe (iqembu v2) kunikwe amandla. Π‘groups v2 ingasetshenziswa, isibonelo, ukukhawulela inkumbulo, CPU kanye ne-I/O ukusetshenziswa. Umehluko oyinhloko phakathi kwamaqoqo v2 kanye ne-v1 ukusetshenziswa kwesigaba samaqembu esivamile kuzo zonke izinhlobo zezinsiza, esikhundleni sezigaba ezihlukene zokwaba izinsiza ze-CPU, zokulawula ukusetshenziswa kwememori, kanye ne-I/O. Izigaba ezihlukene ziholele ebunzimeni ekuhleleni ukusebenzelana phakathi kwabaphathi kanye nasezindlekweni ezengeziwe zensiza ye-kernel lapho kusetshenziswa imithetho yenqubo ebalulwe ezigabeni ezihlukene.
  • Ukwesekwa okwengeziwe kokuvumelanisa isikhathi esiqondile ngokusekelwe kuphrothokholi ye-NTS (Network Time Security), esebenzisa izici zengqalasizinda yokhiye womphakathi (PKI) futhi ivumela ukusetshenziswa kwe-TLS kanye nokubethela okuqinisekisiwe kwe-AEAD (Ukubethela Okuqinisekisiwe Ngedatha Ehlobene) ukuze kuvikelwe i-cryptographic. ukusebenzisana kweklayenti neseva nge-NTP protocol (Iphrothokholi Yesikhathi Senethiwekhi). Iseva ye-chrony NTP ibuyekezelwe enguqulweni engu-4.1.
  • Kunikezwe usekelo lokuhlola (Ukubuka Kuqala Kobuchwepheshe) kwe-KTLS (ukuqaliswa kwe-TLS yezinga le-kernel), i-Intel SGX (Izandiso Zesivikelo Sesofthiwe), i-DAX (Ukufinyelela Okuqondile) kwe-ext4 ne-XFS, usekelo lwe-AMD SEV ne-SEV-ES ku-hypervisor ye-KVM.

Source: opennet.ru

Engeza amazwana