Ir para o conteúdo

Release Notes For Rocky Linux 9.2

PowerPC (ppc64le) held back

During the testing of Rocky Linux 9.2 for Power (Little Endian) AKA ppc64le, the Rocky Release Engineering and Testing teams identified a serious issue with the version of python3.9 bundled with release 9.2 of RHEL and Rocky Linux that is considered a Release Blocker per our policies.

Due to the nature of this bug and the potential it has to break existing installations of Rocky Linux on Power, we have made the decision as a community to hold back only the ppc64le architecture for Rocky Linux 9.2 and release the other three architectures as they have passed our testing procedures and met criteria. Notably, we have not been able to reproduce the python3.9 bug on any other architecture (x86_64, aarch64, or s390x), and believe that the bug is architecture specific.

rhbz#2203919 has been opened to track this bug that exists in CentOS Stream 9 and RHEL 9, in addition to Rocky 9.

Running DNF from a ppc64le Rocky 9 system that is configured to use the mirrorlist and/or is configured with the dnf variable releasever set to 9 will result in failed DNF metadata transactions as our mirrorlist is unable to hold back a single architecture. To work around this, please set the releasever variable to 9.1. This can be done by using the --releasever 9.1 argument to your DNF command, or by editing or creating the file /etc/dnf/vars/releasever with the content 9.1. Once Rocky 9.2 for Power is released, you will need to undo this change and setting releasever will no longer be necessary.

Upgrading

You can upgrade from Rocky Linux 9.x to Rocky Linux 9.2 by doing sudo dnf -y upgrade

Note

Rocky Linux does not offer an upgrade path from any version of Rocky Linux 8. We recommend doing a fresh OS install to move to Rocky Linux 9.2.

Upgrading with LVM devices may result in boot failure

Due to changes in the lvm2 package between Rocky 9.0, 9.1, and 9.2, upon rebooting after upgrading your system may drop into recovery mode due to one or more LVM partitions not being found. We have opened rhbz#2208039 to track this regression.

While this bug affects both physical and virtual systems, problems with Libvirt(KVM), VMWare, as well as some other guests have yet to be reported.

To see if you may be impacted by this bug, inspect the contents of /etc/lvm/devices/system.devices. If this file exists and contains a "sys_wwid"-type device which are followed by multiple repeated underscores, you are likely impacted. See the following for an example:

# Created by LVM command lvmdevices pid 3668 at Wed May 17 12:15:53 2023
VERSION=1.1.2
IDTYPE=sys_wwid IDNAME=t10.ATA_____Colorful_SL500_256GB____________________A157DB6A12200152343_ DEVNAME=/dev/sda3 PVID=LHWedIRTsSv3aXFpM2w4vyJc3cygYyh9 PART=3

If you are impacted by this bug, then until the bug fix is released by RHEL and Rocky, please review and follow one of the following options before upgrading and rebooting your system:

  1. After upgrading the lvm2 package, but prior to rebooting, regenerate /etc/lvm/devices/system.devices by running lvmdevices --update. Confirm that the contents of /etc/lvm/devices/system.devices is changed to match the new format before rebooting the system.
  2. Prior to rebooting after upgrading, rename the /etc/lvm/devices/system.devices file (e.g., mv /etc/lvm/devices/system.devices{,.bak}) and, once the system has rebooted, run vgimportdevices --all to regenerate the file in the new format.

A correctly formatted system.devices file for Rocky Linux 9.2 will not have repeated underscores in the device's IDNAME field.

In the case of a system which has already been upgraded and is in recovery mode, you may simply move the /etc/lvm/devices/system.devices file out of the way from recovery mode and reboot the system. Once the system has rebooted, regenerate the file in the new format. See option 2 above for more information.

Images

As well as the normal install images, there are several images available for many cloud and container platforms.

Images for Oracle Cloud Platform (OCP), GenericCloud, Amazon AWS (EC2), Container RootFS/OCI, Google Cloud Platform, Microsoft Azure, and other CSP-maintained images are available. The GenericCloud, EC2, and Microsoft Azure images have a variant that uses an LVM partition for the root filesystem, allowing systems administrators additional flexibility and options for configuring their systems, and the GenericCloud image is also available for s390x.

Vagrant images are available for x86_64 and aarch64, and container images for all 4 arches. Since the last release there has also been added the rockylinux/rockylinux:9-ubi-init variant for usage of systemd in a container, and the rockylinux/rockylinux:9-ubi-micro variant, which is the most bare minimum image possible to put in self-contained applications without the use of a package manager. As well more toolbox images for more arches got added.

More information on the artifacts produced by the Cloud Special Interest Group, as well as information on how to get involved can be found on the SIG/Cloud Wiki page.

To the already available Workstation/Workstation Lite/KDE/XFCE/MATE live images, the Cinnamon Live image has been added in both x86_64 and aarch64.

Installing

Prior to installing, ensure the compatibility of your CPU with this procedure!

To install Rocky Linux 9.2, head to the download page and download the version you need for your architecture.

The Rocky Team Release Highlights

Breaking Changes

  • centos-release-nfv now provides content built on RHEL 9 buildroots instead of CentOS Stream 9, for compatibility reasons
  • The Container Universal Base Image rockylinux/rockylinux:9-ubi is changed to be more similar to the RHEL UBI images. This means the following changes were made:

    • Replaced packages: libcurl -> curl-minimal, libcurl-minimal
    • Added packages: gdb-gdbserver, gzip
    • Removed packages: binutils, brotli, dmidecode
    • network config cleanup added
  • Microsoft Azure images are now published in the Shared Image Gallery as well as in the Marketplace. The Shared Image Gallery option provides a direct way to consume Rocky Images on Microsoft Azure without jumping through the hoops of subscribing to the image via the Marketplace. In addition, this Shared Image Gallery will allow us to publish more frequently-updated images to the Marketplace.

  • LVM cloud image variants for all types now remove /etc/lvm/devices/system.devices to resolve issues with PV/VG/LVs upon installation of the images due to being hardcoded to a specific device.

New and Notable

  • An aarch64 64k kernel was added (kernel-64k)
  • NFS nfsrahead was added
  • Wayland is now enabled by default for Aspeed GPUs
  • Intel ARC GPUs should theoretically also work now
  • The Flatpak bug, that breaks all fonts in Flatpaks (Cantarell) got fixed
  • Wireguard works with SELinux again now

Major Changes

For a complete list of major changes, please see the upstream listing here.

Some highlights and new features from this release are detailed next.

Installer and Image Creation

  • Image builder now offers a new and improved way to create blueprints and images in the image builder web console.
  • Creating customized files and directories in the /etc directory is now supported.

Security

Security-related highlights in the latest Rocky Linux 9.2 release are listed below. For a complete list of security related changes, see the upstream link here.

  • The OpenSSL secure communications library was rebased to version 3.0.7.
  • SELinux user-space packages were updated to version 3.5.
  • Keylime was rebased to version 6.5.2
  • OpenSCAP was rebased to version 1.3.7.
  • SCAP Security Guide was rebased to version 0.1.66.
  • A new rule for idle session termination was added to the SCAP Security Guide.
  • Clevis now accepts external tokens.
  • Rsyslog TLS-encrypted logging now supports multiple CA files.
  • Rsyslog privileges are limited to minimize security exposure. (this will affect anyone with a custom rsyslog configuration!)
  • The fapolicyd framework now provides filtering of the RPM database.

Dynamic programming languages, web and database servers

For a detailed list of the changes in this category see the upstream link here.

Later versions of the following Application Streams are now available:

  • nginx 1.22
  • PostgreSQL 15
  • Swig 4.1 (part of CRB)

The following applications got added:

  • Python 3.11
  • Tomcat 9

The following components have been added or upgraded:

  • Git to version 2.39.1:

    • Commit signing with SSH keys supported is supported now
  • Git LFS to version 3.2.0

Compilers and Development Tools

For details on the changes in this category see the upstream link here.

Updated system toolchain

The following system toolchain components have been updated:

  • GCC 11.3.1
  • glibc 2.34
  • binutils 2.35.2

Updated performance tools and debuggers

The following performance tools and debuggers have been updated:

  • GDB 10.2
  • Valgrind 3.19
  • SystemTap 4.8
  • Dyninst 12.1.0
  • elfutils 0.188

Updated performance monitoring tools

The following performance monitoring tools have been updated:

  • PCP 6.0.1
  • Grafana 9.0.9

Updated compiler toolsets

The following compiler toolsets have been updated:

  • GCC Toolset 12
  • LLVM Toolset 15.0.7
  • Rust Toolset 1.66
  • Go Toolset 1.19.6

Containers

For details on changes in this category see the upstream link here. Notable changes include:

  • The podman Linux System Role is now available
  • Clients for sigstore signatures with Fulcio and Rekor are now available
  • Skopeo now supports generating sigstore key pairs
  • Podman now supports events for auditing
  • The Container Tools packages have been updated
  • The Aardvark and Netavark networks stack now supports custom DNS server selection
  • Podman Quadlet is now available as a Technology Preview
  • The CNI network stack has been deprecated

Known Issues

There are a great number of known issues in 9.2 relating to:

  • Installer and Image creation
  • Software Management
  • Shells and command line tools
  • Infrastructure services
  • Security
  • Networking
  • Kernel
  • Boot loader
  • File systems and storage
  • Dynamic programming languages, web and database services
  • Compilers and development tools
  • Identity Management
  • Desktop
  • Graphic Infrastructure
  • The web console
  • System roles
  • Virtualization
  • Cloud environments
  • Supportability
  • Containers

Review the upstream listing for the complete details on these issues.

Reporting Bugs

Please report any bugs you encounter to the Rocky Linux Bug Tracker. We also welcome you to join our community in any way you wish be it on our Forums, Mattermost, IRC on Libera.Chat, Reddit, Mailing Lists, or any other way you wish to participate!