Red Hat Enterprise Linux 8.10 distribution released

by

Following the release of Red Hat Enterprise Linux 9.4 published update of previous thread Red Hat Enterprise Linux 8.10, which is maintained in parallel with the RHEL 9.x branch and will be supported at least until 2029. Installation assemblies are prepared for x86_64, s390x (IBM System z), ppc64le and Aarch64 architectures, but available For downloads only to registered Red Hat Customer Portal users (you can also use iso images CentOS Stream 9 and free builds RHEL for developers).

The preparation of new releases of Red Hat Enterprise Linux 8.x is carried out in accordance with the development cycle, which implies the formation of releases every six months at a predetermined time. RHEL 8.10 was the last release in the 8.x branch, formed at the full support stage, implying the inclusion of functional improvements. On May 31, 2024, the 8.x branch will be translated into the maintenance phase, where priorities will shift toward bug fixes and security, with minor improvements to support critical hardware systems.

Advertisement

As in the case of the RHEL 9 branch, the sources of RHEL 8 rpm packages are no longer publicly distributed through Git repository CentOS, but remain available to the company’s clients through a closed section of the site, which has a user agreement (EULA) prohibiting data redistribution. The source code can be found in the CentOS Stream repository, but it is not completely synchronized with RHEL and the latest versions of packages do not always match the packages from RHEL. Rocky Linux, Oracle and SUSE have joined forces and reproduce source texts of rpm packages for RHEL releases within the OpenELA project. AlmaLinux has switched to using the CentOS Stream repository and allows for minor differences in behavior (may differ at the individual patch level), but maintains binary compatibility at the ABI level.

Key changes:

  • The composition includes new versions of compilers and tools for developers: GCC Toolset 13, LLVM Toolset 17.0.6, Rust Toolset 1.75.0, Go Toolset 1.21.0, Python 3.12, Ruby 3.3, PHP 8.2, Git 2.43.0, Git LFS 3.4 .1, elfutils 0.190, valgrind 3.22, Ant 1.10.9, cmake 3.26.
  • Updated server and system packages: nginx 1.24, samba 4.19.4, PostgreSQL 16, MariaDB 10.11, chrony 4.5, libkcapi 1.4.0, stunnel 5.71, SSG 0.1.72, Apache Kafka (librdkafka) 1.6.1, audit 3.1.2, openCryptoki 3.22.0, linuxptp 4.2, nispor 1.2.10, rteval 3.7, ipa 4.9.13, 389-ds-base 1.4.3.39, Podman 4.9.
  • Full support for the technology of creating isolated enclaves is provided Intel SGX (Software Guard Extensions). SGX versions 1 and 2 are supported, allowing the use of FLC (Flexible Launch Control) and EDMM (Enclave Dynamic Memory Management) mechanisms to change access rights to individual enclave memory pages, dynamically add/remove memory pages to the enclave, and expand the enclave.
  • The IDXD (Data Streaming Accelerator) driver has been stabilized to enable data acceleratorsbuilt into the Intel CPU.
  • The ability to use memory protection mechanisms DEP (Data Execution Prevention), NX (No Execute) and XD (Execute Disable) has been added to the GRUB boot loader and the shim layer to prohibit the execution of instructions in certain memory areas at the stage before the system boots. Added support for hardware isolation of virtual machines (VMs Trust Domains) using Intel Trust Domain Extension (Intel TDX) technology.
  • Added support for hashing passwords using the bcrypt algorithm.
  • The RHEL image builder provides the ability to specify arbitrary mount points and create various partitioning modes (auto-lvm, lvm, raw).
  • OpenSSL provides protection against time-based RSA decryption attacks using variants of the Bleichenbacher method.
  • IdM (Identity Management) implements the ability to authenticate users through external providers (IdPs) that support the OAuth 2 (Device Authorization Grant) protocol.
  • Added experimental “podman build farm” command to create container images for multiple architectures at once. Podman has added full support for a SQLite-based backend and the ability to use containers.conf modules to selectively load settings. Containerfile allows multi-line HereDoc statements. The CNI (Container Network Interface) network stack has been deprecated. Using the “podman machine” command, the ability to forward USB devices to QEMU virtual machines has been implemented.
  • Added a “–bound-inactive” option to the ss utility included in the iproute2 package to display inactive TCP network sockets that are bound to an IP address and network port (bind call made) but not connected (connect call) or not translated into connection waiting mode (listen call).
  • Multipathd adds support for handling FPIN-Li (Fabric Performance Impact Notification) events to optimize access to NVMe drives.
  • Added grafana-selinux package to run grafana with SELinux protection.
  • The rtla utility has been updated to match the Linux 6.6 kernel. Added “rtla -C” option to attach additional cgroups to threads.
  • The rteval utility now has the ability to use “+” and “-” prefixes to attach and unpin CPU cores from the list of monitored cores (measurement-cpulist).
  • The web console simplifies storage management and partition resizing. Added support for generating shell scripts and Ansible scripts for configuring kdump. To connect to virtual machines, VNC is used instead of the SPICE protocol. The Virtual Machines section provides the ability to add SSH public keys and connect already formatted block devices.
  • New system roles have been added: bootloader to manage the bootloader and kernel; fapolicyd to configure fapolicyd; snapshot for managing LVM snapshots. The ability to authenticate using certificates has been added to the sshd role.
  • Added support for migrating virtual machines in Multi-FD mode (multiple file descriptors), in which, when migrating a virtual machine, several parallel connections are established, which allows for faster data transfer in the presence of a high-speed network connection (20 Gbps and higher).
  • Continued provision of experimental (Technology Preview) support for AF_XDP, XDP hardware offloading, Multipath TCP (MPTCP), MPLS (Multi-protocol Label Switching), dracut, kexec fast reboot, nispor, DAX in ext4 and xfs, systemd-resolved, accel-config , igc, OverlayFS, Stratis, NVMe/TCP, DNSSEC, GNOME on ARM64 and IBM Z systems, AMD SEV for KVM, Intel vGPU, Toolbox.

Thanks for reading:

Advertisement