Rocky Linux 9.0, the latest version of the open source enterprise OS designed to be fully bug-for-bug compatible with Red Hat Enterprise Linux (RHEL), is now generally available. The update includes new security and networking features, and a new open source build system called Peridot.
Released July 14, Rocky Linux 9.0 has all of the build chain infrastructure tools for developers to pick up Rocky Linux or extend or reproduce the OS, should a developer want to do something independently of the community or any upstream supporting organisation.
A primary goal behind developing the new, cloud-native build system was assuring that new versions of Rocky can be released within one week of new RHEL version releases, project representatives said.
Hosted by the Rocky Enterprise Software Foundation (RESF), Rocky Linux was created by one of the original CentOS founders, CIQ CEO Gregory Kurtzer, to achieve the original goal of CentOS to serve as a production-ready downstream version of RHEL.
Developed by CIQ and given to the RESF, Peridot serves as a cloud-native stack for building and managing Rocky Linux. The stack has been released as open source. Rocky Linux uses open source tools to provide a “reproducible” operating system to ensure there is no repeat of CentOS end-of-life issues, the project said.
Other highlights of Rocky Linux 9.0 include the following security enhancements and networking features such as the improvement of SELinux performance, memory overhead, and time to load.
In addition, OpenSSL, now at version 3.0.1, features a new versioning scheme, an improved HTTP(S) client, and support for new protocols and formats while Rocky Linux supports automatic configuration of security compliance settings for PCI-DSS, HIPPA, DISA, and others through the Anaconda installer, thus saving time and effort.
OpenSSH, now at version 8.7p1, also features the replacement of the SCP/RCP protocol with the SFTP protocol, offering more predictable filename handling.
Furthermore, the use of SHA-1 message digests has been deprecated -- as the cryptographic hash functions produced by SHA-1 are no longer considered secure -- and Multipath TCP Daemon, or mptcpd, can be used instead of iproute2 to configure Multipath TCP endpoints.
Rounding off the enhancements, NetworkManager now uses key files to store new connection profiles as a default but still supports ifcfg. and the network-scripts package has been removed -- use NetworkManager to configure network connections.