I-ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kokusabalalisa kwe-Red Hat Enterprise Linux 9.1

Ukukhishwa kokusabalalisa kwe-Red Hat Enterprise Linux 9.1

I-Red Hat ishicilele ukukhishwa kokusatshalaliswa kweRed Hat Enterprise Linux 9.1. Izithombe zokufakwa esezilungile ziyatholakala kubasebenzisi ababhalisiwe be-Red Hat Customer Portal (Izithombe ze-CentOS Stream 9 iso nazo zingasetshenziswa ukuhlola ukusebenza). Ukukhishwa kuklanyelwe ukwakhiwa kwe-x86_64, s390x (IBM System z), ppc64le kanye ne-Aarch64 (ARM64). Ikhodi yomthombo yamaphakheji weRed Hat Enterprise Linux 9 rpm iyatholakala endaweni ye-CentOS Git.

Igatsha le-RHEL 9 liyathuthukiswa ngenqubo yokuthuthukisa evuleke kakhudlwana futhi lisebenzisa isisekelo sephakheji le-CentOS Stream 9 njengesisekelo salo. I-CentOS Stream ibekwe njengephrojekthi ekhuphukayo ye-RHEL, evumela ababambiqhaza beqembu lesithathu ukuthi balawule ukulungiswa kwamaphakheji e-RHEL, baphakamise izinguquko zabo futhi babe nomthelela ezinqumweni ezenziwe. Ngokuvumelana nomjikelezo wosekelo weminyaka eyi-10 wokusabalalisa, i-RHEL 9 izosekelwa kuze kube ngu-2032.

Izinguquko ezibalulekile:

  • Iseva ebuyekeziwe namaphakheji wesistimu: firewalld 1.1.1, chrony 4.2, unbound 1.16.2, frr 8.2.2, Apache httpd 2.4.53, opencryptoki 3.18.0, powerpc-utils 1.3.10, libvpd 2.2.9, ls . 1.7.14, ppc64-diag 2.7, PCP 5.3.7, Grafana 7.5.13, samba 4.16.1.
  • Ukwakheka kufaka phakathi izinguqulo ezintsha zabadidiyeli namathuluzi onjiniyela: GCC 11.2.1, GCC Toolset 12, LLVM Toolset 14.0.6, binutils 2.35.2, PHP 8.1, Ruby 3.1, Node.js 18, Rust Toolset 1.62, Go1.18.2set Toolset . 3.8.
  • Ukuthuthukiswa okusetshenziswe ku-Linux kernels 5.15 kanye no-5.16 kudluliselwe kusistimu engaphansi ye-eBPF (Berkeley Packet Filter). Isibonelo, ezinhlelweni ze-BPF, ikhono lokucela nokucubungula imicimbi yesibali sikhathi seliqalisiwe, ikhono lokwamukela nokusetha izinketho zesokhethi ze-setsockopt, ukusekelwa kokubiza imisebenzi yemojuli ye-kernel, isakhiwo sokugcinwa kwedatha okungenzeka (imephu ye-BPF) isihlungi se-bloom senziwe. okuhlongozwayo, kanye nekhono lokuhlanganisa amathegi kumapharamitha okusebenza lengeziwe.
  • Isethi yama-patches amasistimu esikhathi sangempela asetshenziswa ku-kernel-rt kernel ibuyekeziwe ukuze ibe yisimo esihambisana ne-5.15-rt kernel.
  • Ukuqaliswa kokusetshenziswa kwephrothokholi ye-MPTCP (MultiPath TCP), esetshenziselwa ukuhlela ukusebenza koxhumano lwe-TCP nokulethwa kwamaphakethe ngesikhathi esisodwa emizileni eminingana ngokusebenzisa ukuxhumana kwenethiwekhi okuhlukene, kubuyekeziwe. Izinguquko ezithwalwe zisuka ku-Linux kernel 5.19 (isibonelo, kungezwe usekelo lokuhlehlisa ukuxhumana kwe-MPTCP ku-TCP evamile futhi kwahlongoza i-API yokuphatha ukusakazwa kwe-MPTCP kusuka endaweni yomsebenzisi).
  • Kuzinhlelo ezine-64-bit ARM, AMD kanye ne-Intel processors, kungenzeka ukuguqula indlela yokuziphatha ye-Real-Time mode ku-kernel ngesikhathi sokusebenza ngokubhala igama lemodi efayeleni “/sys/kernel/debug/sched/preempt ” noma ngesikhathi sokuqalisa ngepharamitha ye-kernel “preempt=" (ayikho, izindlela zokuzithandela nezigcwele ezisekelwayo).
  • Izilungiselelo zokulayishwa kwebhuthi ye-GRUB zishintshiwe ukuze kufihlwe imenyu yokuqalisa ngokuzenzakalelayo, ngemenyu ebonisa uma ukuqalisa kwangaphambilini kwehlulekile. Ukuze ubonise imenyu ngesikhathi sokuqalisa, ungabamba ukhiye u-Shift noma ngezikhathi ezithile ucindezele izinkinobho ze-Esc noma ze-F8. Ukuze ukhubaze ukucasha, ungasebenzisa umyalo othi “grub2-editenv - unset menu_auto_hide”.
  • Usekelo lokudala amawashi ehadiwe (i-PHC, i-PTP Hardware Clock) lwengezwe kumshayeli we-PTP (Precision Time Protocol).
  • Umyalo ongeziwe we-modulesync, olayisha amaphakheji we-RPM kusuka kumamojula futhi yakhe inqolobane kumkhombandlela osebenzayo onemethadatha edingekayo ukuze kufakwe amaphakheji emojula.
  • Ishuniwe, isevisi yokuqapha impilo yesistimu kanye nokuthuthukisa amaphrofayili okusebenza okuphezulu ngokusekelwe ekulayisheni kwamanje, inikeza ikhono lokusebenzisa iphakheji yesikhathi sangempela yamaphrofayela ashuniwe ukuhlukanisa ama-CPU cores nokuhlinzeka ngochungechunge lohlelo lokusebenza ngazo zonke izinsiza ezitholakalayo.
  • I-NetworkManager isebenzisa ukuhunyushwa kwamaphrofayela okuxhumana ukusuka kufomethi yezilungiselelo ze-ifcfg (/etc/sysconfig/network-scripts/ifcfg-*) ibe ifomethi esekelwe kufayela elingukhiye. Ukuze uthuthe amaphrofayili, ungasebenzisa umyalo othi “nmcli connection migrate”.
  • Ikhithi yamathuluzi ye-SELinux ibuyekeziwe ukuze ikhiphe okungu-3.4, okuthuthukisa ukusebenza kokulebula kabusha ngenxa yokufana kokusebenza, inketho ethi “-m” (“--checksum”) yengezwe kunsiza yesemodule ukuze kutholwe ama-hashes angu-SHA256 wamamojula, mcstrans idluliselwe kulabhulali ye-PCRE2. Izinsiza ezintsha zokusebenza ngezinqubomgomo zokufinyelela zengeziwe: i-sepol_check_access, i-sepol_compute_av, i-sepol_compute_member, i-sepol_compute_relabel, i-sepol_validate_transition. Kwengezwe izinqubomgomo ze-SELinux zokuvikela i-ksm, i-nm-priv-helper, i-rhcd, i-stalld, i-systemd-network-generator, i-targetclid kanye nezinsizakalo ezisheshayo ze-wg.
  • Kwengezwe amandla okusebenzisa iklayenti le-Clevis (clevis-luks-systemd) ukuze uvule ngokuzenzakalelayo izingxenye zediski ezibethelwe nge-LUKS futhi zifakwe ngesikhathi sokuqalisa sekwephuzile, ngaphandle kwesidingo sokusebenzisa umyalo othi "systemctl nika amandla i-clevis-luks-askpass.path".
  • Ikhithi yamathuluzi yokulungiselela izithombe zesistimu inwetshiwe ukuze ifake ukusekela kokulayisha izithombe ku-GCP (I-Google Cloud Platform), ibeka isithombe ngokuqondile endaweni yokubhalisa yesiqukathi, ukulungisa usayizi we-partition /boot, kanye nokulungisa amapharamitha (I-Blueprint) phakathi nokukhiqizwa kwesithombe. (isibonelo, ukwengeza amaphakheji nokudala abasebenzisi).
  • Ithuluzi elingukhiye elingeziwe lokufakazela (ukufakazela ubuqiniso nokuqapha okuqhubekayo kobuqotho) kohlelo lwangaphandle lisebenzisa ubuchwepheshe be-TPM (Trusted Platform Module), isibonelo, ukuze kuqinisekiswe ubuqiniso bamadivayisi e-Edge kanye ne-IoT atholakala endaweni engalawulwa lapho ukufinyelela okungagunyaziwe kungenzeka khona.
  • I-RHEL ye-Edge edition inikeza amandla okusebenzisa insiza ye-fdo-admin ukuze ulungiselele izinsizakalo ze-FDO (FIDO Device Onboard) nokudala izitifiketi nokhiye bazo.
  • I-SSSD (I-System Security Services Daemon) yengeze usekelo lwezicelo ze-SID zokulondoloza isikhashana (isibonelo, ukuhlola kwe-GID/UID) ku-RAM, okwenze kwaba nokwenzeka ukusheshisa ukusebenza kokukopisha inombolo enkulu yamafayela ngeseva ye-Samba. Ukusekelwa kokuhlanganiswa neWindows Server 2022 kunikezwa.
  • В OpenSSH минимальный размер RSA-ключей по умолчанию ограничен 2048 битами, а в библиотеках NSS прекращена поддержка ключей RSA, размером менее 1023 бит. Для настройки собственных ограничений в OpenSSH добавлен параметр RequiredRSASize. Добавлена поддержка метода обмена ключами [i-imeyili ivikelwe], imelana nokugetshengwa kwamakhompyutha e-quantum.
  • Ikhithi yamathuluzi ye-ReaR (Relax-and-Recover) yengeze amandla okusebenzisa imiyalo engaqondakali ngaphambi nangemuva kokuthola.
  • Umshayeli wama-adaptha e-Intel E800 Ethernet usekela izimiso ze-iWARP ne-RoCE.
  • Iphakheji entsha ye-httpd-core yengezwe, lapho isethi eyinhloko yezingxenye ze-Apache httpd ihanjiswe, eyanele ukusebenzisa iseva ye-HTTP futhi ihlotshaniswa nenani elincane lokuncika. Iphakheji ye-httpd yengeza amamojula engeziwe njenge-mod_systemd ne-mod_brotli futhi ihlanganisa imibhalo.
  • Kwengezwe iphakheji elisha le-xmlstarlet, elihlanganisa izinsiza zokwahlukanisa, ukuguqula, ukuqinisekisa, ukukhipha idatha nokuhlela amafayela e-XML, afana ne-grep, sed, awk, diff, patch and join, kodwa eye-XML esikhundleni samafayela ombhalo.
  • Amandla ezindima zesistimu anwetshiwe, isibonelo, indima yenethiwekhi yengeze ukwesekwa kokusetha imithetho yomzila kanye nokusebenzisa i-nmstate API, indima yokugawula yengeze ukusekelwa kokuhlunga ngamazwi avamile (startmsg.regex, endmsg.regex), indima yokugcina yengeze ukusekelwa kwezigaba lapho indawo yokugcina eyabiwe ngamandla ("ukunikezwa okuncane"), ikhono lokuphatha nge-/etc/ssh/sshd_config lengezwe endimeni ye-sshd, ukuthunyelwa kwezibalo zokusebenza kwe-Postfix kwengezwe ku- indima yamamethrikhi, amandla okubhala phezu kokucushwa kwangaphambilini kusetshenziswe endimeni yohlelo lokuvikela futhi usekelo lokwengeza, ukuvuselela kanye nokususa kunikezwe amasevisi kuye ngezwe.
  • Ikhithi yamathuluzi yokuphatha iziqukathi ezihlukanisiwe ibuyekeziwe, okuhlanganisa amaphakheji afana ne-Podman, i-Buildah, i-Skopeo, i-crun ne-runc. Kungezwe usekelo lwe-GitLab Runner ezitsheni ezine-Runtime Podman. Ukuze ulungiselele isistimu engaphansi yenethiwekhi yesiqukathi, insiza ye-netavark kanye neseva ye-Aardvark DNS iyanikezwa.
  • Kungezwe usekelo lomyalo we-ap-check ku-mdevctl ukuze ulungiselele ukufinyelela kokudlulisela kuma-accelerator e-crypto emishinini ebonakalayo.
  • Kwengezwe ikhono lokuqala (lokuhlola kuqala kobuchwepheshe) lokuqinisekisa abasebenzisi kusetshenziswa abahlinzeki bangaphandle (i-IdP, abahlinzeki bomazisi) abasekela isandiso sephrothokholi ye-OAuth 2.0 “Yokugunyazwa Kwedivayisi” ukuze kuhlinzekwe amathokheni okufinyelela e-OAuth kumadivayisi ngaphandle kokusebenzisa isiphequluli.
  • Ngeseshini ye-GNOME esekwe Wayland, iFirefox yakha esebenzisa i-Wayland inikeziwe. Izakhiwo ezisekelwe ku-X11, ezenziwe endaweni yase-Wayland kusetshenziswa ingxenye ye-XWayland, zibekwe kuphakheji ehlukile i-firefox-x11.
  • Iseshini esekelwe ku-Wayland inikwe amandla ngokuzenzakalela kumasistimu ane-Matrox GPUs (i-Wayland ngaphambilini ibikade ingasetshenzisiwe ne-Matrox GPUs ngenxa yemikhawulo nezinkinga zokusebenza, manje esezixazululiwe).
  • Ukusekelwa kwama-GPU ahlanganiswe kuma-Intel Core processors esizukulwane se-12, okuhlanganisa i-Intel Core i3 12100T - i9 12900KS, i-Intel Pentium Gold G7400 ne-G7400T, i-Intel Celeron G6900 ne-G6900T Intel Core i5-12450HX - i9-12950KS - i-Intel-3 i-Intel-I-1220 i-Intel-Intel-I7 1280P. Usekelo olungeziwe lwe-AMD Radeon RX 6[345]00 kanye ne-AMD Ryzen 5/7/9 6[689]00 GPUs.
  • Ukulawula ukufakwa kokuvikela ezingozini kumshini we-MMIO (Memory Mapped Input) , ipharamitha yokuqalisa i-kernel “mmio_stale_data” iyasetshenziswa, engathatha amanani “ngokugcwele” (ukunika amandla ukuhlanzwa kwamabhafa lapho uthuthela endaweni yomsebenzisi futhi ku-VM), “full,nosmt” ( njengokuthi “full” + futhi ikhubaza i-SMT/Hyper-Threads) kanye “nokuvalwa” (ukuvikela kukhutshaziwe).
  • Ukuze ulawule ukufakwa kokuvikela ekubeni sengozini ye-Retbleed, ipharamitha ye-kernel boot "retbleed" iye yasetshenziswa, lapho ungakwazi ukukhubaza ukuvikela ("cisha") noma ukhethe i-algorithm yokuvimbela ubungozi (okuzenzakalelayo, nosmt, ibpb, unret).
  • Ipharamitha ye-acpi_sleep kernel boot manje isekela izinketho ezintsha zokulawula imodi yokulala: s3_bios, s3_mode, s3_beep, s4_hwsig, s4_nohwsig, old_ordering, nonvs, sci_force_enable, kanye nobl.
  • Kwengezwe ingxenye enkulu yabashayeli abasha bamadivayisi enethiwekhi, amasistimu okugcina kanye nama-graphic chips.
  • Ukunikezwa okuqhubekayo kosizo lokuhlola (Ukubuka kuqala Kobuchwepheshe) kwe-KTLS (ukuqaliswa kwe-TLS kwezinga le-kernel), i-VPN WireGuard, i-Intel SGX (Izandiso ze-Software Guard), i-Intel IDXD (I-Data Streaming Accelerator), i-DAX (Ukufinyelela Okuqondile) ye-ext4 ne-XFS, AMD I-SEV ne-SEV -ES ku-hypervisor ye-KVM, isevisi exazululwe nge-systemd, imenenja yokugcina i-Strat, i-Sigstore yokuqinisekisa iziqukathi zisebenzisa amasiginesha edijithali, iphakheji enomhleli wesithombe we-GIMP 2.99.8, izilungiselelo ze-MPTCP (Multipath TCP) nge-NetworkManager, ACME (Isitifiketi Esizenzakalelayo I-Management Environment) amaseva, i-virtio-mem, i-hypervisor ye-KVM ye-ARM64.
  • Ikhithi yamathuluzi ye-GTK 2 kanye namaphakheji ayo ahlobene ne-adwaita-gtk2-theme, i-gnome-common, gtk2, gtk2-immodules kanye ne-hexchat kwehlisiwe. Iseva ye-X.org ihoxisiwe (i-RHEL 9 inikeza iseshini ye-GNOME esekelwe e-Wayland ngokuzenzakalelayo), ehlelelwe ukuthi isuswe egatsheni elikhulu elilandelayo le-RHEL, kodwa izogcina ikhono lokusebenzisa izinhlelo zokusebenza ze-X11 kusukela kuseshini yase-Wayland isebenzisa Iseva ye-XWayland DDX.

Source: opennet.ru

Engeza amazwana