Red Hat Enterprise Linux 9

Red Hat Enterprise Linux 9 can seamlessly be provisioned as a guest machine on a hypervisor such as KVM, and VMware, on a physical server, on the cloud, or run as a container built from Red Hat Universal Base Images (UBIs). Like its predecessor, RHEL 9 is available as part of the Red Hat Developer program subscription. This is a zero-cost offering of the Red Hat Developer program that is tailored for individual developers. It includes access to Red Hat Enterprise Linux and many of its products.

This announcement was made on 18th May 2022. The latest release is crafted to meet the needs of a hybrid cloud environment and can be readily deployed from the edge to the cloud.

New Features

Installer and image creation

Licensing, system, and user setting configuration screens have been disabled post standard installation

Previously, RHEL users were configuring Licensing, System (Subscription manager), and User Settings prior to gnome-initial-setup and login screens. With this update, the initial setup screens have been disabled by default to improve user experience.

If you must run the initial setup for user creation or license display, install the following packages based on the requirements.

• Install initial setup packages.

# dnf install initial-setup initial-setup-gui

• Enable initial setup while the next reboot of the system.

# systemctl enable initial-setup

• Reboot the system to view the initial setup.

For kickstart installations, add initial-setup-GUI to the packages section and enable the initial-setup service.

firstboot --enable
%packages
@^graphical-server-environment
initial-setup-gui
%end

RHEL 9 for Edge

RHEL for Edge now supports Greenboot built-in health checks by default

With this update, RHEL for Edge Greenboot now includes built-in health checks with a watchdog feature to ensure that the hardware does not hang or freeze while rebooting. With that, you can benefit from the following features:

• It makes it simple for watchdogs hardware users to adopt the built-in health checks
• A set of default health checks that provide value for built-in OS components
• The watchdog is now present as a default preset, which makes it easy to enable or disable this feature
• Ability to create custom health checks based on the already available health checks.

Subscription management

Merged system purpose commands under subscription-manager syspurpose

Previously, there were two different commands to set system purpose attributes; syspurpose and subscription-manager. To unify all the system purpose attributes under one module, all the addons, role, service-level, and usage commands from subscription-manager have been moved to the new submodule, subscription-manager syspurpose.

Existing subscription-manager commands outside the new submodule are deprecated. The separate package (python3-syspurpose) that provides the syspurpose command line tool has been removed in RHEL 9.

This update provides a consistent way to view, set, and update all system purpose attributes using a single command of subscription-manager; this replaces all the existing system purpose commands with their equivalent versions available as a new subcommand. For example, subscription-manager role –set SystemRole becomes subscription-manager syspurpose role –set SystemRole and so on.

For complete information about the new commands, options, and other attributes, see the SYSPURPOSE OPTIONS section in the subscription-manager man page.

Software management RHEL 9

RHEL 9 provides RPM 4.16

RHEL 9 is distributed with RPM version 4.16. Notable bug fixes and enhancements over version 4.14 include:

• New SPEC features, most notably:
  • Fast macro-based dependency generators
  • The %generate_buildrequires section that allows for generating dynamic build dependencies
  • Meta (unordered) dependencies
  • Increased parallelism in package builds
  • Native version comparison in expressions
  • Caret version operator, opposite of tilde
  • %elif, %elifos and %elifarch statements
  • Optional automatic patch and source numbering
  • %autopatch now accepts patch ranges
  • %patchlist and %sourcelist sections
  • Enforced UTF-8 validation of header data at build-time
• The rpm database is now based on the sqlite library. Read-only support for BerkeleyDB databases has been retained for migration and query purposes.
• A new rpm-plugin-audit plug-in for issuing audit log events on transactions, previously built into RPM itself

Shells and command-line tools

The bracketed paste is now enabled in bash by default

The bash readline library version 8.1 is now available, which enables bracketed paste mode by default. When you paste text to your terminal, bash highlights the text, and you must press enter to execute the pasted command. Bracketed paste mode is the default setting to avoid accidentally executing malicious commands.

To disable the bracketed paste mode for a specific user, add the following line to ~/.inputrc:

set enable-bracketed-paste off

To disable the bracketed paste mode for all users, add the following line to /etc/inputrc:

set enable-bracketed-paste off

When you disable the bracketed paste mode, commands are directly executed on paste, and you do not need to confirm them by pressing enter.

Infrastructure services

s-nail replaces mailx

The s-nail mail processing system has replaced the mailx utility. The s-nail utility is compatible with mailx and adds numerous new features. The mailx package is no longer maintained in the upstream.

Security

System-wide crypto-policies are now more secure

With this update, the system-wide cryptographic policies have been adjusted to provide up-to-date secure defaults:

• Disabled TLS 1.0, TLS 1.1, DTLS 1.0, RC4, Camellia, DSA, 3DES, and FFDHE-1024 in all policies.
• Increased minimum RSA key size and minimum Diffie-Hellman parameter size in LEGACY.
• Disabled TLS and SSH algorithms using SHA-1, with an exception of SHA-1 usage in Hash-based Message Authentication Codes (HMACs).

If your scenario requires enabling some of the disabled algorithms and ciphers, use custom policies or subpolicies.

Networking

The diag modules are now available in the kernel

The diag modules are now included with the kernel image. With this update, the diag modules no longer need to be dynamically loaded when the ss command is used. This allows better debugging of networking issues regardless of the customer policy on kernel modules. Modules included in the kernel:

CONFIG_INET_DIAG
CONFIG_INET_RAW_DIAG
CONFIG_INET_TCP_DIAG
CONFIG_INET_UDP_DIAG
CONFIG_INET_MPTCP_DIAG
CONFIG_NETLINK_DIAG
CONFIG_PACKET_DIAG
CONFIG_UNIX_DIAG

Kernel

Kernel version in RHEL 9

Red Hat Enterprise Linux 9.0 is distributed with the kernel version 5.14.0-70.

Boot loader

Boot loader configuration files are unified across CPU architectures

Configuration files for the GRUB boot loader are now stored in the /boot/grub2/ directory on all supported CPU architectures. The /boot/efi/EFI/redhat/grub.cfg file, which GRUB previously used on UEFI systems, is now a symbolic link to the /boot/grub2/grub.cfg file.

This change simplifies the layout of the GRUB configuration file, improves user experience, and provides the following notable benefits:

• You can boot the same installation with either EFI or legacy BIOS.
• You can use the same documentation and commands for all architectures.
• GRUB configuration tools are more robust, because they no longer rely on symbolic links and they do not have to handle platform-specific cases.
• The usage of the GRUB configuration files is aligned with images generated by CoreOS Assembler (COSA) and OSBuild.
• The usage of the GRUB configuration files is aligned with other Linux distributions.

(JIRA:RHELPLAN-101246)