コンテンツにスキップ

Release Notes For Rocky Linux 9.1

Upgrading

You can upgrade from Rocky Linux 9.0 to Rocky Linux 9.1 by simply running sudo dnf -y upgrade

Note

Rocky Linux does not offer an upgrade path from any version of Rocky Linux 8. We recommend doing a fresh OS install to move to Rocky Linux 9.x.

Image changes

As well as the normal install images, there are several images available for new and existing cloud and container platforms.

In between Rocky Linux 9.0 and 9.1, images for Oracle Cloud Platform (OCP) were developed and released. The Oracle images join our existing set of images including GenericCloud, Amazon AWS (EC2), Container RootFS/OCI, Google Cloud Platform, Microsoft Azure, and other CSP-maintained images.

Additionally, the GenericCloud, EC2, and Azure images now have a variant which uses an LVM partition for the root filesystem, allowing systems administrators additional flexibility and options for configuring their systems. And the GenericCloud image is also available for ppc64le and s390x now!

Also the build pipeline for the container (Base, Minimal, and UBI) and Vagrant (Libvirt, VirtualBox, and VMWare) images got overhauled. Vagrant images are now available for x86_64 and aarch64, and container images for all 4 arches.

More information on the artifacts produced by the Cloud Special Interest Group, as well as information on how to get involved can be found on the SIG/Cloud Wiki page.

Installing

Prior to installing, ensure your CPU is compatible with this procedure!

To install Rocky Linux 9.1, head to the download page and download the version you need for your architecture.

Known Issues

Major Changes

For a complete list of major changes, please see the upstream listing here.

Some highlights from this release are detailed next.

Software Management

  • The modulesync command is now available to replace certain workflows in dnf and createrepo_c.

Security

Changes to OpenSSH

  • New option supports setting the minimum RSA key length
  • crypto-policies enforce 2048-bit RSA key length minimum by default
  • crypto-policies now support sntrup761x25519-sha512@openssh.com

Changes to SELinux

  • SELinux policy confines additional services
  • SELinux supports the self keyword in type transitions
  • SELinux user-space packages updated
  • SELinux automatic relabeling is now parallel by default

Other Changes

  • New option in OpenSSL supports SHA-1 for signatures
  • Network Security Services (NSS) no longer support RSA keys shorter than 1023 bits
  • SCAP Security Guide rebased to 0.1.63
  • New packages: keylime a tool for attestation of remote systems, which uses the trusted platform module (TPM) technology. With Keylime, you can verify and continuously monitor the integrity of remote systems.
  • Added a maximum size option for Rsyslog error files
  • clevis-luks-askpass is now enabled by default
  • fapolicyd rebased to 1.1.3

Shells And command-line Tools

  • Cronie adds support for a randomized time within a selected range
  • ReaR adds new variables for executing commands before and after recovery
  • New package: xmlstarlet - A set of command-line utilities for parsing, transforming, querying, validating, and editing XML files
  • pencryptoki rebased to version 3.18.0
  • powerpc-utils rebased to version 1.3.10
  • libvpd rebased to version 2.2.9
  • lsvpd rebased to version 1.7.14
  • ppc64-diag rebased to version 2.7.8
  • sysctl introduces identical syntax for arguments as systemd-sysctl

Infrastructure Services

Changes to chrony

  • now uses DHCPv6 NTP servers as well as DHCPv4
  • rebased to version 4.2

Other Changes

  • unbound rebased to version 1.16.2
  • The password encryption function is now available in whois
  • frr rebased to version 8.2.2

Networking

  • The act_ctinfo kernel module has been added
  • The PTP driver now supports virtual clocks and time stamping
  • firewalld was rebased to version 1.1.1
  • NetworkManager now supports advmss, rto_min, and quickack route attributes
  • Support for the 802.ad vlan-protocol option in nmstate
  • More DHCP and IPv6 auto-configuration attributes have been added to the nmstate API
  • NetworkManager now clearly indicates that WEP support is not available

High Availability and Cluster

  • pcs supports updating multipath SCSI devices without requiring a system restart
  • Support for cluster UUID
  • New pcs resource config command option to display the pcs commands that re-create configured resources
  • New pcs stonith config command option to display the pcs commands that re-create configured fence devices
  • Pacemaker rebased to version 2.1.4
  • Samba no longer automatically installed with cluster packages

Dynamic Programming Languages, Web and Database Servers

Module Streams

  • A new module stream: php:8.1
  • A new module stream: ruby:3.1

Other Changes

  • httpd rebased to version 2.4.53
  • A new default for the LimitRequestBody directive in httpd configuration
  • New package: httpd-core
  • pcre2 rebased to version 10.40

Compilers and Development Tools

Module Streams

  • A new module stream: maven:3.8

New GCC Toolset 12

  • GCC Toolset 12: Annobin rebased to version 10.79
  • GCC Toolset 12: binutils rebased to version 2.38
  • GCC 12 and later supports _FORTIFY_SOURCE level 3
  • GCC Toolset 12: GDB rebased to version 11.2

Other Changes

  • GCC compiler 11.2.1 has been updated with numerous bug fixes and enhancements
  • DNS stub resolver option now supports no-aaaa option
  • GDB supports Power 10 PLT instructions
  • Rust Toolset rebased to version 1.62.1
  • LLVM Toolset rebased to version 14.0.0

Identity Management

SSSD Changes

  • SSSD now supports memory caching for SID requests
  • SSSD support for anonymous PKINIT for FAST
  • SSSD now supports direct integration with Windows Server 2022

IdM Changes

  • IdM now supports Random Serial Numbers
  • IdM now supports a limit on the number of LDAP binds allowed after a user password has expired
  • IdM now supports configuring an AD Trust with Windows Server 2022

Other Changes

  • New ipasmartcard_server and ipasmartcard_client roles
  • The ipa-dnskeysyncd and ipa-ods-exporter debug messages are no longer logged to /var/log/messages by default
  • samba rebased to version 4.16.1
  • Directory Server now supports recursive delete operations when using ldapdelete

Virtualization

  • Improved KVM architectural compliance
  • open-vm-tools rebased to 12.0.5

Reporting Bugs

Please report any bugs you encounter to the Rocky Linux Bug Tracker. We also welcome you to join our community in any way you wish be it on our Forums, Mattermost, IRC on Libera.Chat, Reddit, Mailing Lists, or any other way you wish to participate!