Inkampani yezigqoko ezibomvu ukukhishwa kokusabalalisa . Imihlangano yokufaka ilungiselwe i-x86_64, s390x (IBM System z), ppc64le kanye ne-Aarch64 izakhiwo, kodwa ngoba kuphela kubasebenzisi ababhalisiwe be-Red Hat Customer Portal. Imithombo yamaphakheji weRed Hat Enterprise Linux 8 rpm isatshalaliswa I-CentOS. Ukusabalalisa kuzosekelwa kuze kube okungenani u-2029.
Ubuchwepheshe obufakwe ku- . Igatsha elisha liphawuleka ngokushintshela ku-Wayland ngokuzenzakalelayo, esikhundleni sama-iptables ngama-nftables, ukuvuselela izingxenye eziyinhloko (i-kernel 4.18, i-GCC 8), kusetshenziswa umphathi wephakheji we-DNF esikhundleni se-YUM, kusetshenziswa inqolobane eyimodular, eqeda ukusekelwa kwe-KDE nama-Btrfs.
Ukhiye :
- Ishintshela kumphathi wephakheji ngokuhlinzekwa kwesendlalelo sokusebenzisana ne-Yum ezingeni lezinketho zomugqa womyalo. Uma kuqhathaniswa ne-Yum, i-DNF inesivinini esiphezulu ngokuphawulekayo nokusebenzisa inkumbulo ephansi, ilawula kangcono ukuncika futhi isekela ukuqoqa amaphakheji abe amamojula;
- Ihlukaniswe yaba inqolobane eyisisekelo ye-BaseOS kanye nekhosombe eliyimojuli ye-AppStream. I-BaseOS isabalalisa isethi encane yamaphakheji adingekayo ukuze isistimu isebenze; endaweni yokugcina ye-AppStream. I-AppStream ingasetshenziswa ezinguqulweni ezimbili: njengendawo yokugcina ye-RPM yakudala futhi njengendawo yokugcina ngefomethi yemojuli.
Inqolobane ye-modular inikeza amasethi amaphakheji we-rpm aqoqwe abe amamojula, asekelwa kungakhathaliseki ukukhishwa kokusabalalisa. Amamojula angasetshenziswa ukufaka ezinye izinguqulo zohlelo oluthile (isibonelo, ungafaka i-PostgreSQL 9.6 noma i-PostgreSQL 10). Inhlangano ye-modular ivumela umsebenzisi ukuthi ashintshele ekukhishweni okusha okubalulekile kohlelo lokusebenza ngaphandle kokulinda ukukhishwa okusha kokusabalalisa futhi ahlale kuzinguqulo ezindala, kodwa ezisasekelwa, ngemva kokubuyekeza ukusatshalaliswa. Amamojula afaka isicelo esiyisisekelo kanye nemitapo yolwazi edingekayo ekusebenzeni kwayo (amanye amamojula angasetshenziswa njengokuncika);
- Iphakanyiswe njengedeskithophu ezenzakalelayo usebenzisa iseva yokubonisa esekwe ku-Wayland ngokuzenzakalelayo. Indawo esekwe kuseva ye-X.Org iyatholakala njengenketho. Amaphakheji anedeskithophu ye-KDE awafakiwe, okushiya kuphela ukwesekwa kwe-GNOME;
- Iphakheji ye-Linux kernel isuselwe ekukhishweni . Inikwe amandla njengesihlanganisi esizenzakalelayo . Ilabhulali yesistimu ye-Glibc ibuyekeziwe ukuze ikhululwe .
- Ukuqaliswa okuzenzakalelayo kolimi lohlelo lwePython yiPython 3.6. Ukusekelwa okulinganiselwe kwePython 2.7 kunikezwa. I-Python ayifakiwe kuphakheji eyisisekelo; Izinguqulo ezibuyekeziwe ze-Ruby 2.5, PHP 7.2, Perl 5.26, Node.js 10, Java 8 and 11, Clang/LLVM Toolset 6.0, .NET Core 2.1, Git 2.17, Mercurial 4.8, Subversion 1.10. Uhlelo lokwakha lwe-CMake (3.11) lufakiwe;
- Ukwesekwa okwengeziwe kokufaka isistimu kumadrayivu e-NVDIMM kusifaki se-Anaconda;
- Ikhono lokubethela amadiski kusetshenziswa ifomethi ye-LUKS2 lengezwe kusifaki nohlelo, oluthathe indawo yefomethi ye-LUKS1 esetshenziswe ngaphambilini (nge-dm-crypt kanye ne-cryptsetup LUKS2 manje isinikezwa ngokuzenzakalelayo). I-LUKS2 iphawuleka ngohlelo lwayo olulula lokulawula ukhiye, ikhono lokusebenzisa imikhakha emikhulu (4096 esikhundleni se-512, inciphisa umthwalo ngesikhathi sokukhishwa kwemfihlo), izihlonzi zokuhlukanisa ezingokomfanekiso (ilebula) namathuluzi okulondoloza imethadatha anekhono lokuzibuyisela ngokuzenzakalelayo kusuka kukhophi uma umonakalo utholakele.
- Kungezwe insiza entsha yomqambi, ehlinzeka ngamathuluzi okudala izithombe zesistimu ebhuthayo ezenziwe ngokwezifiso ezifanele ukuthunyelwa ezindaweni zamapulatifomu amafu ahlukahlukene;
- Kususwe usekelo lwesistimu yefayela ye-Btrfs. Imojula ye-btrfs.ko kernel, izinsiza ze-btrfs-progs, kanye nephakheji ye-snapper ayisafakiwe;
- Ikhithi yamathuluzi ifakiwe , ehlinzeka ngamathuluzi okuhlanganisa nokwenza lula ukusethwa nokuphathwa kweqoqo ledrayivu yasendaweni eyodwa noma ngaphezulu. I-Stratis isetshenziswa njengesendlalelo (i-stratisd daemon) eyakhelwe phezu kwe-devicemapper kanye nesistimu engaphansi ye-XFS, futhi ikuvumela ukuthi usebenzise izici ezifana nokwabiwa kwesitoreji esishintshashintshayo, izifinyezo, ukuqinisekiswa kobuqotho nokudala izendlalelo zenqolobane, ngaphandle kweziqu zochwepheshe ukuphathwa kwesistimu yokugcina;
- Izinqubomgomo zohlelo olubanzi zokusetha ama-cryptographic subsystems seziqalisiwe, ezifaka izivumelwano ze-TLS, IPSec, SSH, DNSSec kanye ne-Kerberos. Usebenzisa umyalo we-update-crypto-policies manje ungakhetha owodwa kuwo
izindlela zokukhetha ama-cryptographic algorithms: okuzenzakalelayo, ifa, ikusasa kanye namafips. Ukukhishwa kunikwe amandla ngokuzenzakalela ngokusekelwa kwe-TLS 1.3; - Kunikezwe ukusekelwa okubanzi kohlelo lwamakhadi ahlakaniphile kanye ne-HSM (Amamojula Okuphepha Kwezingxenyekazi Zekhompyutha) ane-PKCS#11 amathokheni e-cryptographic;
- Isihlungi sephakethe le-iptables, ip6tables, arptables kanye ne-ebtables sithathelwe indawo isihlungi sephakethe le-nftables, manje esisetshenziswa ngokuzenzakalelayo futhi esiphawuleka ngokuhlanganiswa kwezindawo zokuhlunga iphakethe ze-IPv4, IPv6, ARP kanye namabhuloho enethiwekhi. I-Nftables inikeza kuphela isixhumi esibonakalayo esijwayelekile, esizimele esisekelwe kuphrothokholi ezingeni le-kernel esihlinzeka ngemisebenzi eyisisekelo yokukhipha idatha kumaphakethe, ukwenza imisebenzi yedatha, nokulawula ukugeleza. I-logic yokuhlunga ngokwayo kanye nezibambi eziqondene nephrothokholi kuhlanganiswa ku-bytecode esikhaleni somsebenzisi, ngemva kwalokho le-bytecode ilayishwa ku-kernel kusetshenziswa isixhumi esibonakalayo se-Netlink futhi sisetshenziswe emshinini obonakalayo okhethekile osikhumbuza i-BPF (Izihlungi ze-Berkeley Packet). I-firewalld daemon ishintshiwe ukuze isebenzise ama-nftables njengengemuva layo elizenzakalelayo. Ukuze uguqule imithetho emidala, izinsiza ze-iptables-translate kanye ne-ip6tables-translate zengeziwe;
- Ukuqinisekisa ukuxhumana kwenethiwekhi phakathi kweziqukathi ezimbalwa, ukwesekwa kwabashayeli bokwakha inethiwekhi ebonakalayo ye-IPVLAN yengeziwe;
- Iphakheji eyisisekelo ihlanganisa iseva ye-nginx http (1.14). I-Apache httpd ibuyekezelwe enguqulweni engu-2.4.35, kanye ne-OpenSSH yaba ngu-7.8p1.
Kusuka ku-DBMS, MySQL 8.0, MariaDB 10.3, PostgreSQL 9.6/10 kanye neRedis 4.0 kuyatholakala kumakhosombe. I-MongoDB DBMS ayizange ifakwe ngenxa ukuthola ilayisensi entsha ye-SSPL, engakaqashelwa njengevuliwe;
- Izingxenye ze-virtualization zithuthukisiwe. Ngokuzenzakalelayo, lapho udala imishini ebonakalayo, uhlobo lusetshenziswa (i-ICH9 chipset emulation) ngokusekelwa kwe-PCI Express. Manje ungasebenzisa isixhumi esibonakalayo sewebhu se-Cockpit ukuze udale futhi uphathe imishini ebonakalayo. Isixhumi esibonakalayo somphathi we-virt sihoxisiwe. I-QEMU ibuyekezelwe enguqulweni . I-QEMU isebenzisa imodi yokuhlukanisa i-sandbox, ekhawulela izingcingo zesistimu ezingase zisetshenziswe izingxenye ze-QEMU;
- Usekelo olungeziwe lwezindlela zokulandelela ezisuselwe ku-eBPF, okuhlanganisa ukusebenzisa ikhithi yamathuluzi ye-SystemTap (4.0). Ukwakheka kubandakanya izinsiza zokuhlanganisa nokulayisha izinhlelo ze-BPF;
- Kwengezwe ukusekelwa kokuhlola kwesistimu engaphansi ye-XDP (i-eXpress Data Path), evumela ukusebenzisa izinhlelo ze-BPF ku-Linux ezingeni lomshayeli wenethiwekhi enekhono lokufinyelela ngokuqondile ibhafa yephakethe le-DMA kanye nasesiteji ngaphambi kokuthi isitaki se-skbuff sinikezwe isitaki senethiwekhi;
- Isisetshenziswa se-boom sengeziwe ukuphatha izilungiselelo ze-bootloader. I-Boom yenza kube lula ukwenza imisebenzi efana nokudala okufakiwe okusha kwe-boot, isibonelo, uma udinga ukuqala kusuka kusifinyezo se-LVM. I-Boom ikhawulelwe kuphela ekungezeni okufakiwe okusha kwe-boot futhi ayikwazi ukusetshenziselwa ukulungisa ezikhona kakade;
- Ikhithi yamathuluzi engasindi ehlanganisiwe yokuphatha iziqukathi ezingazodwa, ezisetshenziselwa ukwakha iziqukathi , okokuqala - kanye nokusesha izithombe esezilungile - ;
- Amakhono ahlobene nokuhlanganisa anwetshiwe. Umphathi wensiza yeqoqo le-Pacemaker ubuyekezelwe enguqulweni engu-2.0. Esisetshenziswa Ukusekelwa okugcwele kwe-Corosync 3, ukubizwa kwe-knet kanye ne-node kuhlinzekwa;
- Imibhalo yakudala yokusetha inethiwekhi (izikripthi zenethiwekhi) kuthiwa ayisebenzi futhi azisalethwa ngokuzenzakalela. Ukuqinisekisa ukuhambisana okusemuva, esikhundleni sezikripthi ze-ifup kanye ne-ifdown, izibopho zengezwe ku-NetworkManager, esebenza ngosizo lwe-nmcli;
- amaphakheji: i-crypto-utils, ama-cvs, i-dmraid, uzwela, umunwe, i-gnote, i-gstreamer, i-ImageMagick, i-mgetty, i-phonon, i-pm-utils, i-rdist, i-ntp (ithathelwe indawo yi-chrony), qemu (ithathelwe indawo ngu-qemu-kvm), qt (ithathelwe indawo ngu qt5-qt), rsh, rt, rubygems (manje ifakiwe ephaketheni elikhulu le-ruby), uhlelo-config-firewall, tcp_wrappers, wxGTK.
- Kulungiswe isithombe esiyisisekelo somhlaba wonke (UBI, ) ngokudala iziqukathi ezingazodwa, okuhlanganisa ukukuvumela ukuthi udale iziqukathi zohlelo lokusebenza olulodwa. I-UBI ihlanganisa indawo encane esusiwe, izengezo zesikhathi sokusebenza ukuze zisekele izilimi zokuhlela (ama-nodejs, i-ruby, i-python, i-php, i-perl) kanye nesethi yamaphakheji engeziwe endaweni yokugcina.
Source: opennet.ru