Red Hat Enterprise Linux 9 beta testing has begun

Red Hat has announced the first beta of Red Hat Enterprise Linux 9 . Ready- to-use installation images have been prepared for registered users of Red Hat Customer Portal ( CentOS Stream 9 iso images can also be used to evaluate functionality ). Package repositories are available without restriction for x86_64, s390x (IBM System z), ppc64le, and Aarch64 (ARM64) architectures. The sources for the Red Hat Enterprise Linux 9 rpm packages are located in the CentOS Git repository . The release is expected in the first half of next year. In line with a 10-year support cyclethe RHEL 9 distribution will be maintained until 2032. Updates for RHEL 7 will continue to be released until June 30, 2024, and RHEL 8 until May 31, 2029.

Red Hat Enterprise Linux 9 is notable for its move to a more open development process. Unlike previous branches, the CentOS Stream 9 package base was used as the basis for building the distribution.… CentOS Stream is positioned as an upstream project for RHEL, allowing third-party participants to control the preparation of packages for RHEL, propose their changes and influence decisions. Previously, a snapshot of one of the Fedora releases was used as the basis for a new RHEL branch, which was refined and stabilized behind closed doors, without the ability to control the development process and decisions made. Now, based on the Fedora snapshot, with the participation of the community, the CentOS Stream branch is being formed, in which the preparatory work is carried out and the basis for a new significant RHEL branch is formed.

Key changes :

• The system environment and assembly tools have been updated. GCC 11 is used to build packages. The C standard library has been updated to glibc 2.34. The Linux kernel package builds on the Linux 5.14 release. RPM package manager has been updated to version 4.16 with support for integrity control via fapolicyd.
• The migration of the distribution to Python 3 is completed. By default, the Python 3.9 branch is offered. Python 2 has been discontinued.
• The desktop is based on GNOME 40 (GNOME 3.28 shipped in RHEL 8) and the GTK 4 library. In GNOME 40, virtual desktops in the Activities Overview are set to landscape orientation and appear as a continuous loop from left to right. Each desktop displayed in overview mode clearly shows the available windows, which are dynamically panned and scaled by user interaction. Seamless transition between program list and virtual desktops is provided.
• GNOME uses the power-profiles-daemon handler, which provides the ability to switch on the fly between power saving mode, power balanced mode, and peak performance mode.
• All audio streams have been migrated to the PipeWire media server , which is now the default instead of PulseAudio and JACK. Using PipeWire allows you to deliver professional audio processing capabilities in a typical desktop edition, eliminate fragmentation, and unify your audio infrastructure for different applications.
• By default, the GRUB boot menu is hidden if RHEL is the only distribution on the system and if the previous boot was successful. To display the menu during boot, just hold down the Shift key or press the Esc or F8 key several times. The bootloader changes also note placing GRUB configuration files for all architectures in the same directory / boot / grub2 / (the file /boot/efi/EFI/redhat/grub.cfg is now a symbolic link to /boot/grub2/grub.cfg), those. the same installed system can be booted using either EFI or BIOS.
• Components for supporting different languages ​​have been moved into langpacks, allowing you to vary the level of installed language support. For example, langpacks-core-font offers only fonts, langpacks-core offers the glibc locale, base font and input method, and langpacks offers translations, additional fonts, and spelling dictionaries.
• For the simultaneous installation of different versions of programs and more frequent generation of updates, Application Streams components are used, which can now be generated using all package distribution options supported in RHEL, including RPM packages, modules (sets of rpm packages grouped into modules), SCL (Software Collection ) and Flatpak.
• Updated security components. The distribution uses a new branch of the OpenSSL 3.0 cryptographic library . By default, more modern and reliable cryptographic algorithms are enabled (for example, SHA-1 is prohibited in TLS, DTLS, SSH, IKEv2 and Kerberos, TLS 1.0, TLS 1.1, DTLS 1.0, RC4, Camellia, DSA, 3DES and FFDHE-1024 are disabled) … The OpenSSH package has been updated to version 8.6p1. Cyrus SASL moved to GDBM backend instead of Berkeley DB. NSS (Network Security Services) libraries have dropped support for the DBM (Berkeley DB) format. GnuTLS has been updated to version 3.7.2.
• SELinux performance has been significantly improved and memory consumption has been reduced. In / etc / selinux / config, removed support for the “SELINUX = disabled” setting for disabling SELinux (the specified setting now only disables loading policies, and to actually disable SELinux functionality now requires passing the “selinux = 0” parameter to the kernel).
• Added experimental VPN WireGuard support .
• By default, SSH login as root is denied.
• Declared obsolete packet filter management tools iptables-nft (utility iptables, ip6tables, ebtables and arptables) and ipset. It is now recommended to use nftables to manage the firewall .
• The composition includes a new daemon mptcpd for configuring MPTCP (MultiPath TCP), an extension of the TCP protocol for organizing a TCP connection with the delivery of packets simultaneously along several routes through different network interfaces associated with different IP addresses. Using mptcpd makes it possible to configure MPTCP without using the iproute2 utility.
• Removed network-scripts package, use NetworkManager to configure network connections. The ifcfg settings format is still supported, but NetworkManager defaults to a keyfile based format.
• Includes new versions of compilers and development tools: GCC 11.2, LLVM / Clang 12.0.1, Rust 1.54, Go 1.16.6, Node.js 16, OpenJDK 17, Perl 5.32, PHP 8.0, Python 3.9, Ruby 3.0, Git 2.31, Subversion 1.14, binutils 2.35, CMake 3.20.2, Maven 3.6, Ant 1.10.
• Updated server packages Apache HTTP Server 2.4, nginx 1.20, Varnish Cache 6.5, Squid 5.1.
• Updated DBMS MariaDB 10.5, MySQL 8.0, PostgreSQL 13, Redis 6.2.
• Clang is used by default to build the QEMU emulator, which allowed the KVM hypervisor to use some additional protection mechanisms, such as SafeStack to protect against Return-Oriented Programming (ROP) exploitation practices.
• The capabilities of the web console have been expanded: additional performance metrics have been added to identify bottlenecks (CPU, memory, disk, network resources), the export of metrics for visualization using Grafana has been simplified, the ability to manage live patches to the kernel has been added, and support for authentication via smart cards has been provided (including sudo and SSH).
• The SSSD (System Security Services Daemon) has increased the granularity of logs, for example, the task completion time is now attached to events and the authentication flow is reflected. Added search functions to analyze configuration and performance issues.
• Expanded support for IMA (Integrity Measurement Architecture) for checking the integrity of operating system components using digital signatures and hashes.
• By default, a single unified cgroup hierarchy (cgroup v2) is used. Cgroups v2 can be used, for example, to limit memory consumption, CPU resources, and I / O. The key difference between cgroups v2 and v1 is the use of a common cgroups hierarchy for all kinds of resources, instead of separate hierarchies for CPU resource allocation, memory throttling, and I / O. Separate hierarchies led to difficulties in organizing communication between handlers and to additional costs of kernel resources when applying rules for a process referred to in different hierarchies.
• Added support for accurate time synchronization based on NTS (Network Time Security) protocol , which uses elements of public key infrastructure (PKI) and allows the use of TLS and Authenticated Encryption with Associated Data ( Network Time Protocol). Chrony NTP server updated to version 4.1.
• Added new Ansible system roles to automate the installation, configuration and running of Postfix, Microsoft SQL Server, VPN tunnels and timesync service. Added new Ansible role to support LVM (Logical Volume Manager) VDO (Virtual Data Optimizer) partitions.
• Provided experimental (Technology Preview) support for KTLS (kernel-level TLS implementation), Intel SGX (Software Guard Extensions), DAX (Direct Access) for ext4 and XFS, AMD SEV and SEV-ES support in the KVM hypervisor.
• Included are changes related to the work of translating Red Hat code, documentation and web resources to use more inclusive terminology, meaning that the words master, slave, blacklist and whitelist are not used.