In addition to a host of new features and support for new architectures, Rocky Linux 9 includes more than just binaries and an installer; with the release of Peridot, anyone can reproduce Rocky Linux from scratch, like any open source project, ensuring there’s no repeat of the CentOS end-of-life issues.
RENO, Nevada—July 14, 2022—Rocky Linux 9 arrives today, delivering a host of new security, application and networking features. But the capability in version 9 taking center stage is the availability of all the build chain infrastructure tools that developers would need to pick up Rocky Linux to extend or reproduce the operating system, should they desire to do something independently of the community or any upstream supporting organization. As a result, Rocky Linux v9 delivers a supported enterprise Linux platform for the next decade.
Rocky Linux uses only open source tools to deliver a completely reproducible operating system assuring there's no repeat of the CentOS end-of-life issues.
“When we release any version of Rocky Linux, it is more than just a bunch of binaries, package repositories, and installers,” said Gregory Kurtzer, CEO of CIQ and founder of the Rocky Enterprise Software Foundation (RESF), the entity behind Rocky Linux. “With Rocky version 8, we used Koji, the Fedora build system. But, with version 9, CIQ has created a completely cloud native build stack called Peridot which we have given to the RESF and released as open source to the world. Peridot allows anyone to recreate, build, enhance and manage Rocky Linux as we do. Additionally, every Rocky Linux release is built 100% in the open, by the community, for the community. They ship with all of our infrastructure and secure material like keys and secure boot shims being managed by the RESF. This is our commitment to our users and community from day one, ensuring that Rocky Linux will always be freely available and community controlled.”
Surge in Rocky Linux Use
Data made available by Fedora from the Extra Packages for Enterprise Linux (EPEL) usage metrics indicate a rapid rise in Rocky Linux usage among those with EPEL enabled. Specifically, the data show usage of Rocky Linux surpassing that of CentOS Stream, AlmaLinux and even the RHEL. This is depicted graphically, courtesy of Michael Larabel at Photonix, where the data show utilization numbers continuing to rise, outpacing all other Enterprise Linux variants. (More on EPEL)
Build System Details
Rocky Linux 9 was built with a community-developed and open-source cloud native build system called Peridot, built in Golang. Peridot was used to build Rocky Linux 9 for the x86_64, aarch64, s390x and ppc64le architectures. A primary goal in developing the new build system was assuring that new versions of Rocky can be released within one week after each Red Hat Enterprise Linux new version release. The source code for the build system is available here https://github.com/rocky-linux/peridot-releng, and soon it will be easily installable via Helm Charts for anyone to leverage.
Security advancements in Rocky 9 include:
- The use of SHA-1 message digest for cryptographic purposes has been deprecated, as the cryptographic hash functions produced by SHA-1 are no longer considered secure.
- OpenSSL is now version 3.0.1 with many improvements, including provider concept, new versioning scheme, an improved HTTP(S) client, support for new protocols, formats, and algorithms, and more.
- OpenSSH is now version 8.7p1 with many improvements, most notably the replacement of the SCP/RCP protocol with the SFTP protocol which offers more predictable filename handling.
- SELinux performance, memory overhead, time to load, and more have been substantially improved.
- Rocky Linux 9 supports automatic configuration of security compliance settings for PCI-DSS, HIPAA, DISA and others directly through the Anaconda installer, saving time and effort to meet complicated requirements.
New Networking Features
The main networking changes in Rocky 9 include:
- mptcpd or MultiPath TCP Daemon, can be used instead of iproute2 to configure MultiPath TCP endpoints.
- NetworkManager now uses key files to store new connection profiles as a default, but still supports the use of ifcfg.
- iptables-nft and ipset are now deprecated which included the utilities, iptables, ip6tables, ebtables, and arptables. These are all replaced by the nftables framework.
- network-scripts package has been removed. Use NetworkManager to configure network connections.
About Rocky Linux
Rocky Linux is an open-source enterprise operating system designed to be 100% bug-for-bug compatible with Red Hat Enterprise Linux®. It was created by one of the original CentOS founders, Gregory Kurtzer, to achieve the original goals of CentOS as a production-ready downstream version of Red Hat Enterprise Linux. It is hosted by the Rocky Enterprise Software Foundation (RESF).
The RESF does not spend donations or sponsorship funds on marketing, so this news release is sponsored by CIQ. CIQ is the founding support and services partner of Rocky Linux and drives software infrastructure optimizations for enterprise, cloud, hyperscale and HPC.