Considerations in adopting RHEL 8
Key differences between Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8
Abstract
Providing feedback on Red Hat documentation
We appreciate your feedback on our documentation. Let us know how we can improve it.
Submitting feedback through Jira (account required)
- Log in to the Jira website.
- Click Create in the top navigation bar.
- Enter a descriptive title in the Summary field.
- Enter your suggestion for improvement in the Description field. Include links to the relevant parts of the documentation.
- Click Create at the bottom of the dialogue.
Chapter 1. Preface
This document provides an overview of differences between two major versions of Red Hat Enterprise Linux: RHEL 7 and RHEL 8. It provides a list of changes relevant for evaluating an upgrade to RHEL 8 rather than an exhaustive list of all alterations.
Capabilities and limits of RHEL 8 as compared to other versions of the system are available in the Knowledgebase article Red Hat Enterprise Linux technology capabilities and limits.
Information regarding the RHEL life cycle is provided in the Red Hat Enterprise Linux Life Cycle document.
The Package manifest document provides a package listing for RHEL 8.
For details regarding RHEL 8 usage, see the RHEL 8 product documentation.
For guidance regarding an in-place upgrade from RHEL 7 to RHEL 8, see Upgrading from RHEL 7 to RHEL 8.
For information about major differences between RHEL 6 and RHEL 7, see the RHEL 7 Migration Planning Guide.
Chapter 2. Architectures
Red Hat Enterprise Linux 8 is distributed with the kernel version 4.18, which provides support for the following architectures:
- AMD and Intel 64-bit architectures
- The 64-bit ARM architecture
- IBM Power Systems, little endian
- 64-bit IBM Z
Make sure you purchase the appropriate subscription for each architecture. For a list of available subscriptions, see Subscription Utilization on the Customer Portal.
Note that all architectures are supported by the standard kernel
packages in RHEL 8; no kernel-alt
package is needed.
Chapter 3. Repositories
Red Hat Enterprise Linux 8 is distributed through two main repositories:
- BaseOS
- AppStream
Both repositories are required for a basic RHEL installation, and are available with all RHEL subscriptions.
Content in the BaseOS repository is intended to provide the core set of the underlying OS functionality that provides the foundation for all installations. This content is available in the RPM format and is subject to support terms similar to those in previous releases of RHEL. For a list of packages distributed through BaseOS, see the Package manifest.
Content in the Application Stream repository includes additional user space applications, runtime languages, and databases in support of the varied workloads and use cases. Application Streams are available in the familiar RPM format, as an extension to the RPM format called modules, or as Software Collections. For a list of packages available in AppStream, see the Package manifest.
In addition, the CodeReady Linux Builder repository is available with all RHEL subscriptions. It provides additional packages for use by developers. Packages included in the CodeReady Linux Builder repository are unsupported.
For more information about RHEL 8 repositories, see the Package manifest.
Chapter 4. Application streams
Red Hat Enterprise Linux 8 introduces the concept of Application Streams. Multiple versions of user space components are now delivered and updated more frequently than the core operating system packages. This provides greater flexibility to customize Red Hat Enterprise Linux without impacting the underlying stability of the platform or specific deployments.
Components made available as Application Streams can be packaged as modules or RPM packages and are delivered through the AppStream repository in RHEL 8. Each Application Stream component has a given life cycle, either the same as RHEL 8 or shorter. For details, see Red Hat Enterprise Linux Life Cycle.
Modules are collections of packages representing a logical unit: an application, a language stack, a database, or a set of tools. These packages are built, tested, and released together.
Module streams represent versions of the Application Stream components. For example, several streams (versions) of the PostgreSQL database server are available in the postgresql
module with the default postgresql:10
stream. Only one module stream can be installed on the system. Different versions can be used in separate containers.
Detailed module commands are described in the Installing, managing, and removing user-space components document. For a list of modules available in AppStream, see the Package manifest.
Chapter 5. Installer and image creation
5.1. Add-ons
5.1.1. OSCAP
The Open Security Content Automation Protocol (OSCAP) add-on is enabled by default in RHEL 8.
5.1.2. Kdump
The Kdump add-on adds support for configuring kernel crash dumping during installation. This add-on has full support in Kickstart (using the %addon com_redhat_kdump
command and its options), and is fully integrated as an additional window in the graphical and text-based user interfaces.
5.2. Installer networking
A new network device naming scheme that generates network interface names based on a user-defined prefix is available in Red Hat Enterprise Linux 8. The net.ifnames.prefix
boot option allows the device naming scheme to be used by the installation program and the installed system.
Additional resources
- For more information, see RHEL-8 new custom NIC names helper or Customizing the prefix for Ethernet interfaces during installation.
5.3. Installation images and packages
5.3.1. Ability to register your system, attach RHEL subscriptions, and install from the Red Hat CDN
Since Red Hat Enterprise Linux 8.2, you can register your system, attach RHEL subscriptions, and install from the Red Hat Content Delivery Network (CDN) before package installation. Interactive GUI installations, as well as automated Kickstart installations, support this feature. For more information, see the RHEL 8.2 Release Notes document.
5.3.2. Ability to register your system to Red Hat Insights during installation
Red Hat Insights is a managed service that gathers and analyzes platform and application data to predict risk, recommend actions, and track costs. Insights alerts you about warnings or optimizations that are relevant to several operational areas: system availability (including potential outages), security (for example, a new CVE is discovered for your systems), and business (such as overspending). Insights is included as part of your Red Hat subscription and is accessible through the Red Hat Hybrid Cloud Console. See also the Red Hat Insights documentation.
Since Red Hat Enterprise Linux 8.2, you can register your system to Red Hat Insights during installation. Interactive GUI installations, as well as automated Kickstart installations, support this feature. For more information, see the RHEL 8.2 Release Notes document.
5.3.3. Unified ISO
In Red Hat Enterprise Linux 8, a unified ISO automatically loads the BaseOS and AppStream installation source repositories. This feature works for the first base repository that is loaded during installation. For example, if you boot the installation with no repository configured and have the unified ISO as the base repository in the graphical user interface (GUI), or if you boot the installation using the inst.repo=
option that points to the unified ISO.
As a result, the AppStream repository is enabled under the Additional Repositories section of the Installation Source GUI window. You cannot remove the AppStream repository or change its settings but you can disable it in Installation Source. This feature does not work if you boot the installation using a different base repository and then change it to the unified ISO. If you do that, the base repository is replaced. However, the AppStream repository is not replaced and points to the original file.
5.3.4. Stage2 image
In Red Hat Enterprise Linux 8, multiple network locations of stage2
or Kickstart files can be specified to prevent installation failure. This update enables the specification of multiple inst.stage2
and inst.ks
boot options with network locations of stage2
and a Kickstart file. This avoids the situation in which the requested files cannot be reached and the installation fails because the contacted server with the stage2
or the Kickstart file is inaccessible.
With this new update, the installation failure can be avoided if multiple locations are specified. If all the defined locations are URLs, namely HTTP
, HTTPS
, or FTP
, they will be tried sequentially until the requested file is fetched successfully. If there is a location that is not a URL, only the last specified location is tried. The remaining locations are ignored.
5.3.5. inst.addrepo parameter
Previously, you could only specify a base repository from the kernel boot parameters. In Red Hat Enterprise Linux 8, a new kernel parameter, inst.addrepo=<name>,<url>
, allows you to specify an additional repository during installation. This parameter has two mandatory values: the name of the repository and the URL that points to the repository. For more information, see the inst-addrepo usage.
5.3.6. Installation from an expanded ISO
Red Hat Enterprise Linux 8 supports installing from a repository on a local hard drive. Previously, the only installation method from a hard drive was using an ISO image as the installation source. However, the Red Hat Enterprise Linux 8 ISO image might be too big for some file systems; for example, the FAT32 file system cannot store files larger than 4 GiB. In Red Hat Enterprise Linux 8, you can enable installation from a repository on a local hard drive; you only need to specify the directory instead of the ISO image. For example: inst.repo=hd:<device>:<path to the repository>
.
For more information about the Red Hat Enterprise Linux 8 BaseOS and AppStream repositories, see the Repositories section of this document.
5.4. Installer Graphical User Interface
5.4.1. The Installation Summary window
The Installation Summary window of the Red Hat Enterprise Linux 8 graphical installation has been updated to a new three-column layout that provides improved organization of graphical installation settings.
5.5. System Purpose new in RHEL
5.5.1. System Purpose support in the graphical installation
Previously, the Red Hat Enterprise Linux installation program did not provide system purpose information to Subscription Manager. In Red Hat Enterprise Linux 8, you can set the intended purpose of the system during a graphical installation by using the System Purpose window, or in a Kickstart configuration file by using the syspurpose
command. When you set a system’s purpose, the entitlement server receives information that helps auto-attach a subscription that satisfies the intended use of the system.
5.5.2. System Purpose support in Pykickstart
Previously, it was not possible for the pykickstart
library to provide system purpose information to Subscription Manager. In Red Hat Enterprise Linux 8, pykickstart
parses the new syspurpose
command and records the intended purpose of the system during automated and partially-automated installation. The information is then passed to the installation program, saved on the newly-installed system, and available for Subscription Manager when subscribing the system.
5.6. Installer module support
5.6.1. Installing modules using Kickstart
In Red Hat Enterprise Linux 8, the installation program has been extended to handle all modular features. Kickstart scripts can now enable module and stream combinations, install module profiles, and install modular packages.
5.7. Kickstart changes
The following sections describe the changes in Kickstart commands and options in Red Hat Enterprise Linux 8.
auth or authconfig is deprecated in RHEL 8
The auth
or authconfig
Kickstart command is deprecated in Red Hat Enterprise Linux 8 because the authconfig
tool and package have been removed.
Similarly to authconfig
commands issued on command line, authconfig
commands in Kickstart scripts now use the authselect-compat
tool to run the new authselect
tool. For a description of this compatibility layer and its known issues, see the manual page authselect-migration(7)
. The installation program will automatically detect use of the deprecated commands and install on the system the authselect-compat
package to provide the compatibility layer.
Kickstart no longer supports Btrfs
The Btrfs file system is not supported from Red Hat Enterprise Linux 8. As a result, the Graphical User Interface (GUI) and the Kickstart commands no longer support Btrfs.
Using Kickstart files from previous RHEL releases
If you are using Kickstart files from previous RHEL releases, see the Repositories section of the Considerations in adopting RHEL 8 document for more information about the Red Hat Enterprise Linux 8 BaseOS and AppStream repositories.
5.7.1. Deprecated Kickstart commands and options
The following Kickstart commands and options have been deprecated in Red Hat Enterprise Linux 8.
Where only specific options are listed, the base command and its other options are still available and not deprecated.
-
auth
orauthconfig
- useauthselect
instead -
device
-
deviceprobe
-
dmraid
-
install
- use the subcommands or methods directly as commands -
multipath
-
bootloader --upgrade
-
ignoredisk --interactive
-
partition --active
-
reboot --kexec
-
syspurpose
- usesubscription-manager syspurpose
instead
Except the auth
or authconfig
command, using the commands in Kickstart files prints a warning in the logs.
You can turn the deprecated command warnings into errors with the inst.ksstrict
boot option, except for the auth
or authconfig
command.
5.7.2. Removed Kickstart commands and options
The following Kickstart commands and options have been completely removed in Red Hat Enterprise Linux 8. Using them in Kickstart files will cause an error.
-
device
-
deviceprobe
-
dmraid
-
install
- use the subcommands or methods directly as commands -
multipath
-
bootloader --upgrade
-
ignoredisk --interactive
-
partition --active
-
harddrive --biospart
-
upgrade
(This command had already previously been deprecated.) -
btrfs
-
part/partition btrfs
-
part --fstype btrfs
orpartition --fstype btrfs
-
logvol --fstype btrfs
-
raid --fstype btrfs
-
unsupported_hardware
Where only specific options and values are listed, the base command and its other options are still available and not removed.
5.8. Image creation
5.8.1. Custom system image creation with Image Builder
The Image Builder tool enables users to create customized RHEL images. As of Red Hat Enterprise Linux 8.3, Image Builder runs as a system service osbuild-composer package.
With Image Builder, users can create custom system images which include additional packages. Image Builder functionality can be accessed through:
- a graphical user interface in the web console
-
a command-line interface in the
composer-cli
tool.
Image Builder output formats include, among others:
- TAR archive
- qcow2 file for direct use with a virtual machine or OpenStack
- QEMU QCOW2 Image
- cloud images for Azure, VMWare and AWS
To learn more about Image Builder, see the documentation title Composing a customized RHEL system image.
Chapter 6. Software management
6.1. Notable changes to the YUM stack
6.1.1. Package management with YUM/DNF
On Red Hat Enterprise Linux 8, installing software is ensured by the YUM tool, which is based on the DNF technology (YUM v4). We deliberately adhere to usage of the yum
term for consistency with previous major versions of RHEL. However, if you type dnf
instead of yum
, the command works as expected because yum
is an alias to dnf
for compatibility.
For more details, see Installing, managing, and removing user-space components.
6.1.2. Advantages of YUM v4 over YUM v3
YUM v4 has the following advantages over the previous YUM v3 used on RHEL 7:
- Increased performance
- Support for modular content
- Well-designed stable API for integration with tooling
For detailed information about differences between the new YUM v4 tool and the previous version YUM v3 from RHEL 7, see Changes in DNF CLI compared to YUM.
6.1.3. How to use YUM v4
Installing software
YUM v4 is compatible with YUM v3 when using from the command line, editing or creating configuration files.
For installing software, you can use the yum
command and its particular options in the same way as on RHEL 7.
See more detailed information about Installing software packages.
Availability of plug-ins
Legacy YUM v3 plug-ins are incompatible with the new version of YUM v4. Selected yum plug-ins and utilities have been ported to the new DNF back end, and can be installed under the same names as in RHEL 7. They also provide compatibility symlinks, so the binaries, configuration files and directories can be found in usual locations.
In the event that a plug-in is no longer included, or a replacement does not meet a usability need, please reach out to Red Hat Support to request a Feature Enhancement as described in How do I open and manage a support case on the Customer Portal?
For more information, see Plugin Interface.
Availability of APIs
Note that the legacy Python API provided by YUM v3 is no longer available. Users are advised to migrate their plug-ins and scripts to the new API provided by YUM v4 (DNF Python API), which is stable and fully supported. The upstream project documents the new DNF Python API - see the DNF API Reference.
The Libdnf and Hawkey APIs (both C and Python) are to be considered unstable, and will likely change during RHEL 8 life cycle.
6.1.4. Availability of YUM configuration file options
The changes in configuration file options between RHEL 7 and RHEL 8 for the /etc/yum.conf
and /etc/yum.repos.d/*.repo
files are documented in the following summary.
RHEL 7 option | RHEL 8 status |
---|---|
alwaysprompt | removed |
assumeno | available |
assumeyes | available |
autocheck_running_kernel | available |
autosavets | removed |
bandwidth | available |
bugtracker_url | available |
cachedir | available |
check_config_file_age | available |
clean_requirements_on_remove | available |
color | available |
color_list_available_downgrade | available |
color_list_available_install | available |
color_list_available_reinstall | available |
color_list_available_running_kernel | removed |
color_list_available_upgrade | available |
color_list_installed_extra | available |
color_list_installed_newer | available |
color_list_installed_older | available |
color_list_installed_reinstall | available |
color_list_installed_running_kernel | removed |
color_search_match | available |
color_update_installed | available |
color_update_local | available |
color_update_remote | available |
commands | removed |
config_file_path | available |
debuglevel | available |
deltarpm | available |
deltarpm_metadata_percentage | removed |
deltarpm_percentage | available |
depsolve_loop_limit | removed |
disable_excludes | available |
diskspacecheck | available |
distroverpkg | removed |
enable_group_conditionals | removed |
errorlevel | available |
exactarchlist | removed |
exclude | available |
exit_on_lock | available |
fssnap_abort_on_errors | removed |
fssnap_automatic_keep | removed |
fssnap_automatic_post | removed |
fssnap_automatic_pre | removed |
fssnap_devices | removed |
fssnap_percentage | removed |
ftp_disable_epsv | removed |
gpgcheck | available |
group_command | removed |
group_package_types | available |
groupremove_leaf_only | removed |
history_list_view | available |
history_record | available |
history_record_packages | available |
http_caching | removed |
include | removed |
installonly_limit | available |
installonlypkgs | available |
installrootkeep | removed |
ip_resolve | available |
keepalive | removed |
keepcache | available |
kernelpkgnames | removed |
loadts_ignoremissing | removed |
loadts_ignorenewrpm | removed |
loadts_ignorerpm | removed |
localpkg_gpgcheck | available |
logfile | removed |
max_connections | removed |
mddownloadpolicy | removed |
mdpolicy | removed |
metadata_expire | available |
metadata_expire_filter | removed |
minrate | available |
mirrorlist_expire | removed |
multilib_policy | available |
obsoletes | available |
override_install_langs | removed |
overwrite_groups | removed |
password | available |
payload_gpgcheck | removed |
persistdir | available |
pluginconfpath | available |
pluginpath | available |
plugins | available |
protected_multilib | removed |
protected_packages | available |
proxy | available |
proxy_password | available |
proxy_username | available |
query_install_excludes | removed |
recent | available |
recheck_installed_requires | removed |
remove_leaf_only | removed |
repo_gpgcheck | available |
repopkgsremove_leaf_only | removed |
reposdir | available |
reset_nice | available |
retries | available |
rpmverbosity | available |
shell_exit_status | removed |
showdupesfromrepos | available |
skip_broken | available |
skip_missing_names_on_install | removed |
skip_missing_names_on_update | removed |
ssl_check_cert_permissions | removed |
sslcacert | available |
sslclientcert | available |
sslclientkey | available |
sslverify | available |
syslog_device | removed |
syslog_facility | removed |
syslog_ident | removed |
throttle | available |
timeout | available |
tolerant | removed |
tsflags | available |
ui_repoid_vars | removed |
upgrade_group_objects_upgrade | available |
upgrade_requirements_on_install | removed |
usercache | removed |
username | available |
usr_w_check | removed |
RHEL 7 option | RHEL 8 status |
---|---|
async | removed |
bandwidth | available |
baseurl | available |
compare_providers_priority | removed |
cost | available |
deltarpm_metadata_percentage | removed |
deltarpm_percentage | available |
enabled | available |
enablegroups | available |
exclude | available |
failovermethod | removed |
ftp_disable_epsv | removed |
gpgcakey | removed |
gpgcheck | available |
gpgkey | available |
http_caching | removed |
includepkgs | available |
ip_resolve | available |
keepalive | removed |
metadata_expire | available |
metadata_expire_filter | removed |
metalink | available |
mirrorlist | available |
mirrorlist_expire | removed |
name | available |
password | available |
proxy | available |
proxy_password | available |
proxy_username | available |
repo_gpgcheck | available |
repositoryid | removed |
retries | available |
skip_if_unavailable | available |
ssl_check_cert_permissions | removed |
sslcacert | available |
sslclientcert | available |
sslclientkey | available |
sslverify | available |
throttle | available |
timeout | available |
ui_repoid_vars | removed |
username | available |
6.1.5. YUM v4 features behaving differently
Some of the YUM v3 features may behave differently in YUM v4. If any such change negatively impacts your workflows, please open a case with Red Hat Support, as described in How do I open and manage a support case on the Customer Portal?
6.1.5.1. yum list presents duplicate entries
When listing packages using the yum list
command, duplicate entries may be presented, one for each repository where a package of the same name and version resides.
This is intentional, and it allows the users to distinguish such packages when necessary.
For example, if package-1.2 is available in both repo1 and repo2, YUM v4 will print both instances:
[…] package-1.2 repo1 package-1.2 repo2 […]
By contrast, the legacy YUM v3 command filtered out such duplicates so that only one instance was shown:
[…] package-1.2 repo1 […]
6.1.6. Changes in the transaction history log files
The changes in the transaction history log files between RHEL 7 and RHEL 8 are documented in the following summary.
In RHEL 7, the /var/log/yum.log
file stores:
- Registry of installations, updates, and removals of the software packages
- Transactions from yum and PackageKit
In RHEL 8, there is no direct equivalent to the /var/log/yum.log
file. To display the information about the transactions, including the PackageKit and microdnf, use the yum history
command.
Alternatively, you can search the /var/log/dnf.rpm.log
file, but this log file does not include the transactions from PackageKit and microdnf, and it has a log rotation which provides the periodic removal of the stored information.
6.1.7. The deltarpm functionality is no longer supported
RHEL 8 no longer supports the use of delta rpms
. To utilize delta rpms
, a user must install the deltarpm
package which is no longer available. The deltarpm
replacement, drpm
, does not provide the same functionality. Thus, the RHEL 8 content is not delivered in the deltarpm
format. Note that this functionality will be completely removed in future RHEL releases.
6.2. Notable RPM features and changes
Red Hat Enterprise Linux (RHEL) 8 is distributed with RPM 4.14. This version introduces many enhancements over RPM 4.11, which is available in RHEL 7.
Notable features include:
- The debuginfo packages can be installed in parallel
- Support for weak dependencies
- Support for rich or boolean dependencies
- Support for packaging files above 4 GB in size
- Support for file triggers
-
New
--nopretrans
and--noposttrans
switches to disable the execution of the%pretrans
and%posttrans
scriptlets respectively. -
New
--noplugins
switch to disable loading and execution of all RPM plug-ins. -
New
syslog
plug-in for logging any RPM activity by the System Logging protocol (syslog). The
rpmbuild
command can now do all build steps from a source package directly.This is possible if
rpmbuild
is used with any of the-r[abpcils]
options.Support for the reinstall mode.
This is ensured by the new
--reinstall
option. To reinstall a previously installed package, use the syntax below:rpm {--reinstall} [install-options] PACKAGE_FILE
This option ensures a proper installation of the new package and removal of the old package.
Support for SSD conservation mode.
This is ensured by the new
%_minimize_writes
macro, which is available in the/usr/lib/rpm/macros
file. The macro is by default set to 0. To minimize writing to SSD disks, set%_minimize_writes
to 1.-
New
rpm2archive
utility for converting rpm payload to tar archives
See more information about New RPM features in RHEL 8.
Notable changes include:
- Stricter spec-parser
- Simplified signature checking the output in non-verbose mode
Improved support for reproducible builds (builds that create an identical package):
- Setting build time
- Setting file mtime (file modification time)
- Setting buildhost
-
Using the
-p
option to query an uninstalled PACKAGE_FILE is now optional. For this use case, therpm
command now returns the same result with or without the-p
option. The only use case where the-p
option is necessary is to verify that the file name does not match anyProvides
in therpmdb
database. Additions and deprecations in macros
-
The
%makeinstall
macro has been deprecated. To install a program, use the%make_install
macro instead.
-
The
The
rpmbuild --sign
command has been deprecated.Note that using the
--sign
option with therpmbuild
command has been deprecated. To add a signature to an already existing package, userpm --addsign
instead.
Chapter 7. Infrastructure services
7.1. Time synchronization
Accurate timekeeping is important for a number of reasons. In Linux systems, the Network Time Protocol (NTP)
protocol is implemented by a daemon running in user space.
7.1.1. Implementation of NTP
RHEL 7 supported two implementations of the NTP
protocol: ntp and chrony.
In RHEL 8, the NTP
protocol is implemented only by the chronyd
daemon, provided by the chrony
package.
The ntp
daemon is no longer available. If you used ntp
on your RHEL 7 system, you might need to migrate to chrony.
Possible replacements for previous ntp features that are not supported by chrony are documented in Achieving some settings previously supported by ntp in chrony.
7.1.2. Introduction to chrony suite
chrony is an implementation of NTP
, which performs well in a wide range of conditions, including intermittent network connections, heavily congested networks, changing temperatures (ordinary computer clocks are sensitive to temperature), and systems that do not run continuously, or run on a virtual machine.
You can use chrony:
-
To synchronize the system clock with
NTP
servers - To synchronize the system clock with a reference clock, for example a GPS receiver
- To synchronize the system clock with a manual time input
-
As an
NTPv4(RFC 5905)
server or peer to provide a time service to other computers in the network
For more information about chrony, see Configuring basic system settings.
7.1.2.1. Differences between chrony and ntp
See the following resources for information about differences between chrony and ntp:
7.1.2.1.1. Chrony applies leap second correction by default
In RHEL 8, the default chrony configuration file, /etc/chrony.conf
, includes the leapsectz
directive.
The leapsectz
directive enables chronyd
to:
-
Get information about leap seconds from the system tz database (
tzdata
) - Set the TAI-UTC offset of the system clock in order that the system provides an accurate International Atomic Time (TAI) clock (CLOCK_TAI)
The directive is not compatible with servers that hide leap seconds from their clients using a leap smear
, such as chronyd
servers configured with the leapsecmode
and smoothtime
directives. If a client chronyd
is configured to synchronize to such servers, remove leapsectz
from the configuration file.
7.1.3. Additional information
For more information about how to configure NTP
using the chrony suite, see Configuring time synchronization.
7.2. BIND - Implementation of DNS
RHEL 8 includes BIND (Berkeley Internet Name Domain) in version 9.11. This version of the DNS server introduces multiple new features and feature changes compared to version 9.10.
New features:
- A new method of provisioning secondary servers called Catalog Zones has been added.
-
Domain Name System Cookies are now sent by the
named
service and thedig
utility. - The Response Rate Limiting feature can now help with mitigation of DNS amplification attacks.
- Performance of response-policy zone (RPZ) has been improved.
-
A new zone file format called
map
has been added. Zone data stored in this format can be mapped directly into memory, which enables zones to load significantly faster. -
A new tool called
delv
(domain entity lookup and validation) has been added, with dig-like semantics for looking up DNS data and performing internal DNS Security Extensions (DNSSEC) validation. -
A new
mdig
command is now available. This command is a version of thedig
command that sends multiple pipelined queries and then waits for responses, instead of sending one query and waiting for the response before sending the next query. -
A new
prefetch
option, which improves the recursive resolver performance, has been added. -
A new
in-view
zone option, which allows zone data to be shared between views, has been added. When this option is used, multiple views can serve the same zones authoritatively without storing multiple copies in memory. -
A new
max-zone-ttl
option, which enforces maximum TTLs for zones, has been added. When a zone containing a higher TTL is loaded, the load fails. Dynamic DNS (DDNS) updates with higher TTLs are accepted but the TTL is truncated. - New quotas have been added to limit queries that are sent by recursive resolvers to authoritative servers experiencing denial-of-service attacks.
-
The
nslookup
utility now looks up both IPv6 and IPv4 addresses by default. -
The
named
service now checks whether other name server processes are running before starting up. -
When loading a signed zone,
named
now checks whether a Resource Record Signature’s (RSIG) inception time is in the future, and if so, it regenerates the RRSIG immediately. - Zone transfers now use smaller message sizes to improve message compression, which reduces network usage.
Feature changes:
-
The version
3 XML
schema for the statistics channel, including new statistics and a flattened XML tree for faster parsing, is provided by the HTTP interface. The legacy version2 XML
schema is no longer supported. -
The
named
service now listens on both IPv6 and IPv4 interfaces by default. -
The
named
service no longer supports GeoIP databases. Access control lists (ACLs) defined by presumed location of query sender are unavailable. -
Since RHEL 8.2, the
named
service supports GeoIP2, which is provided in thelibmaxminddb
data format.
7.3. DNS resolution
In RHEL 7, the nslookup
and host
utilities were able to accept any reply without the recursion available
flag from any name server listed. In RHEL 8, nslookup
and host
ignore replies from name servers with recursion not available unless it is the name server that is last configured. In case of the last configured name server, answer is accepted even without the recursion available
flag.
However, if the last configured name server is not responding or unreachable, name resolution fails. To prevent such fail, you can use one of the following approaches:
-
Ensure that configured name servers always reply with the
recursion available
flag set. - Allow recursion for all internal clients.
Optionally, you can also use the dig
utility to detect whether recursion is available or not.
7.4. Postfix
By default in RHEL 8, Postfix
uses MD5 fingerprints with the TLS for backward compatibility. But in FIPS mode, the MD5 hashing function is not available, which may cause TLS to incorrectly function in the default Postfix
configuration. As a workaround, the hashing function needs to be changed to SHA-256
in the postfix configuration file.
For more details, see the related link: https://access.redhat.com/articles/5824391
7.5. Printing
7.5.1. Print settings tools
The Print Settings configuration tool, which was used in RHEL 7, is no longer available.
To achieve various tasks related to printing, you can choose one of the following tools:
- CUPS web user interface (UI)
- GNOME Control center
For more information about print setting tools in RHEL 8, see Configuring printing.
7.5.2. Location of CUPs logs
CUPS provides three kinds of logs:
- Error log
- Access log
- Page log
In RHEL 8, the logs are no longer stored in specific files within the /var/log/cups
directory, which was used in RHEL 7. Instead, all three types are logged centrally in systemd-journald together with logs from other programs.
For more information about how to use CUPS logs in RHEL 8, see Accessing the CUPS logs in the systemd journal.
7.5.3. Additional information
For more information about how to configure printing in RHEL 8, see Configuring printing.
7.6. Performance and power management options
7.6.1. Notable changes in the recommended TuneD profile
In RHEL 8, the recommended TuneD profile, reported by the tuned-adm recommend
command, is selected based on the following rules:
If the
syspurpose
role (reported by thesyspurpose show
command) containsatomic
, and at the same time:-
if TuneD is running on bare metal, the
atomic-host
profile is selected -
if TuneD is running in a virtual machine, the
atomic-guest
profile is selected
-
if TuneD is running on bare metal, the
-
If TuneD is running in a virtual machine, the
virtual-guest
profile is selected -
If the
syspurpose
role containsdesktop
orworkstation
and the chassis type (reported bydmidecode
) isNotebook
,Laptop
, orPortable
, then thebalanced
profile is selected -
If none of the above rules matches, the
throughput-performance
profile is selected
Note that the first rule that matches takes effect.
7.7. Other changes to infrastructure services components
The summary of other notable changes to particular infrastructure services components follows.
Name | Type of change | Additional information |
---|---|---|
acpid | Option change |
|
bind | Configuration option removal |
|
brltty | Configuration option change |
|
brltty | Configuration option removal |
|
brltty | Configuration option change |
A Bluetooth device address may now contain dashes (-) instead of colons (:). The |
cups | Functionality removal | Upstream removed support of interface scripts because of security reasons. Use ppds and drivers provided by OS or proprietary ones. |
cups | Directive options removal |
Removed |
cups | Directive options removal |
Removed |
cups | Directive options removal |
Removed |
cups | Directives moved between conf files |
|
cups | Directives moved between conf files |
|
cups-filters | Default configuration change | Names of remote print queues discovered by cups-browsed are now created based on device ID of printer, not on the name of remote print queue. |
cups-filters | Default configuration change |
|
cyrus-imapd | Data format change | Cyrus-imapd 3.0.7 has different data format. |
dhcp | Behavior change |
|
dhcp | Options incompatibility |
The |
dosfstools | Behavior change |
Data structures are now automatically aligned to cluster size. To disable the alignment, use the |
finger | Functionality removal | |
GeoIP | Functionality removal | |
grep | Behavior change |
|
grep | Behavior change |
|
grep | Behavior change |
|
grep | Behavior change |
|
grep | Behavior change |
When searching binary data, |
grep | Behavior change |
|
grep | Behavior change |
Context no longer excludes selected lines omitted because of |
irssi | Behavior change |
|
lftp | Change of options |
|
ntp | Functionality removal | ntp has been removed; use chrony instead |
postfix | Configuration change | 3.x version have compatibility safety net that runs Postfix programs with backwards-compatible default settings after an upgrade. |
postfix | Configuration change |
In the Postfix MySQL database client, the default option_group value has changed to |
postfix | Configuration change |
The postqueue command no longer forces all message arrival times to be reported in UTC. To get the old behavior, set
|
postfix | Configuration change |
ECDHE - |
postfix | Configuration change |
Changed defaults for |
postfix | Configuration change |
Changed defaults for |
postfix | Configuration change |
The |
powertop | Option removal |
|
powertop | Option change |
|
powertop | Option removal |
|
quagga | Functionality removal | |
sendmail | Configuration change |
sendmail uses uncompressed IPv6 addresses by default, which permits a zero subnet to have a more specific match. Configuration data must use the same format, so make sure patterns such as |
spamassasin | Command line option removal |
Removed |
spamassasin | Command line option change |
In spamc, the command line option |
spamassasin | Change in supported SSL versions | In spamc and spamd, SSLv3 is no longer supported. |
spamassasin | Functionality removal |
|
vim | Default settings change | Vim runs default.vim script, if no ~/.vimrc file is available. |
vim | Default settings change | Vim now supports bracketed paste from terminal. Include 'set t_BE=' in vimrc for the previous behavior. |
vsftpd | Default configuration change |
|
vsftpd | Default configuration change |
|
vsftpd | Functionality removal |
|
vsftpd | Default configuration change | TLSv1 and TLSv1.1 are disabled by default |
wireshark | Python bindings removal | Dissectors can no longer be written in Python, use C instead. |
wireshark | Option removal |
|
wireshark | Ouput change |
With the |
wvdial | Functionality removal |
Chapter 8. Security
8.1. Changes in core cryptographic components
8.1.1. System-wide cryptographic policies are applied by default
Crypto-policies is a component in Red Hat Enterprise Linux 8, which configures the core cryptographic subsystems, covering the TLS, IPsec, DNSSEC, Kerberos protocols, and the OpenSSH suite. It provides a small set of policies, which the administrator can select using the update-crypto-policies
command.
The DEFAULT
system-wide cryptographic policy offers secure settings for current threat models. It allows the TLS 1.2 and 1.3 protocols, as well as the IKEv2 and SSH2 protocols. The RSA keys and Diffie-Hellman parameters are accepted if larger than 2047 bits.
See the Consistent security by crypto policies in Red Hat Enterprise Linux 8 article on the Red Hat Blog and the update-crypto-policies(8)
man page for more information.
8.1.2. Strong crypto defaults by removing insecure cipher suites and protocols
The following list contains cipher suites and protocols removed from the core cryptographic libraries in RHEL 8. They are not present in the sources, or their support is disabled during the build, so applications cannot use them.
- DES (since RHEL 7)
- All export grade cipher suites (since RHEL 7)
- MD5 in signatures (since RHEL 7)
- SSLv2 (since RHEL 7)
- SSLv3 (since RHEL 8)
- All ECC curves < 224 bits (since RHEL 6)
- All binary field ECC curves (since RHEL 6)
8.1.3. Cipher suites and protocols disabled in all policy levels
The following cipher suites and protocols are disabled in all crypto policy levels. They can be enabled only by an explicit configuration of individual applications.
- DH with parameters < 1024 bits
- RSA with key size < 1024 bits
- Camellia
- ARIA
- SEED
- IDEA
- Integrity-only cipher suites
- TLS CBC mode cipher suites using SHA-384 HMAC
- AES-CCM8
- All ECC curves incompatible with TLS 1.3, including secp256k1
- IKEv1 (since RHEL 8)
8.1.4. Switching the system to FIPS mode
The system-wide cryptographic policies contain a policy level that enables cryptographic modules self-checks in accordance with the requirements by Federal Information Processing Standard (FIPS) Publication 140-2. The fips-mode-setup
tool that enables or disables FIPS mode internally uses the FIPS
system-wide cryptographic policy level.
To switch the system to FIPS mode in RHEL 8, enter the following command and restart your system:
# fips-mode-setup --enable
See the fips-mode-setup(8)
man page for more information.
8.1.5. TLS 1.0 and TLS 1.1 are deprecated
The TLS 1.0 and TLS 1.1 protocols are disabled in the DEFAULT
system-wide cryptographic policy level. If your scenario, for example, a video conferencing application in the Firefox web browser, requires using the deprecated protocols, switch the system-wide cryptographic policy to the LEGACY
level:
# update-crypto-policies --set LEGACY
For more information, see the Strong crypto defaults in RHEL 8 and deprecation of weak crypto algorithms Knowledgebase article on the Red Hat Customer Portal and the update-crypto-policies(8)
man page on your system.
8.1.6. TLS 1.3 support in cryptographic libraries
This update enables Transport Layer Security (TLS) 1.3 by default in all major back-end crypto libraries. This enables low latency across the operating system communications layer and enhances privacy and security for applications by taking advantage of new algorithms, such as RSA-PSS or X25519.
8.1.7. DSA is deprecated in RHEL 8
The Digital Signature Algorithm (DSA) is considered deprecated in Red Hat Enterprise Linux 8. Authentication mechanisms that depend on DSA keys do not work in the default configuration. Note that OpenSSH
clients do not accept DSA host keys even in the LEGACY
system-wide cryptographic policy level.
8.1.8. SSL2
Client Hello
has been deprecated in NSS
The Transport Layer Security (TLS
) protocol version 1.2 and earlier allow to start a negotiation with a Client Hello
message formatted in a way that is backward compatible with the Secure Sockets Layer (SSL
) protocol version 2. Support for this feature in the Network Security Services (NSS
) library has been deprecated and it is disabled by default.
Applications that require support for this feature need to use the new SSL_ENABLE_V2_COMPATIBLE_HELLO
API to enable it. Support for this feature may be removed completely in future releases of Red Hat Enterprise Linux 8.
8.1.9. NSS now use SQL by default
The Network Security Services (NSS) libraries now use the SQL file format for the trust database by default. The DBM file format, which was used as a default database format in previous releases, does not support concurrent access to the same database by multiple processes and it has been deprecated in upstream. As a result, applications that use the NSS trust database to store keys, certificates, and revocation information now create databases in the SQL format by default. Attempts to create databases in the legacy DBM format fail. The existing DBM databases are opened in read-only mode, and they are automatically converted to the SQL format. Note that NSS support the SQL file format since Red Hat Enterprise Linux 6.
8.2. SSH
8.2.1. OpenSSH
rebased to version 7.8p1
The openssh
packages have been upgraded to upstream version 7.8p1. Notable changes include:
-
Removed support for the
SSH version 1
protocol. -
Removed support for the
hmac-ripemd160
message authentication code. -
Removed support for RC4 (
arcfour
) ciphers. -
Removed support for
Blowfish
ciphers. -
Removed support for
CAST
ciphers. -
Changed the default value of the
UseDNS
option tono
. -
Disabled
DSA
public key algorithms by default. -
Changed the minimal modulus size for
Diffie-Hellman
parameters to 2048 bits. -
Changed semantics of the
ExposeAuthInfo
configuration option. -
The
UsePrivilegeSeparation=sandbox
option is now mandatory and cannot be disabled. -
Set the minimal accepted
RSA
key size to 1024 bits.
8.2.2. libssh
implements SSH as a core cryptographic component
This change introduces libssh
as a core cryptographic component in Red Hat Enterprise Linux 8. The libssh
library implements the Secure SHell (SSH) protocol.
8.2.3. libssh2
is not available in RHEL 8
The deprecated libssh2
library misses features, such as support for elliptic curves or Generic Security Service Application Program Interface (GSSAPI), and it has been removed from RHEL 8 in favor of libssh
8.3. Rsyslog
8.3.1. The default rsyslog
configuration file format is now non-legacy
The configuration files in the rsyslog
packages now use the non-legacy format by default. The legacy format can be still used, although mixing current and legacy configuration statements has several constraints. Configurations carried from previous RHEL releases should be revised. See the rsyslog.conf(5)
man page for more information.
8.3.2. The imjournal
option and configuring system logging with minimized journald
usage
To avoid duplicate records that might appear when journald
rotated its files, the imjournal
option has been added. Note that use of this option can affect performance.
Note that the system with rsyslog
can be configured to provide better performance as described in the Configuring system logging without journald or with minimized journald usage Knowledgebase article.
8.3.3. Negative effects of the default logging setup on performance
The default logging environment setup might consume 4 GB of memory or even more and adjustments of rate-limit values are complex when systemd-journald
is running with rsyslog
.
See the Negative effects of the RHEL default logging setup on performance and their mitigations Knowledgebase article for more information.
8.4. OpenSCAP
8.4.1. OpenSCAP API consolidated
This update provides OpenSCAP shared library API that has been consolidated. 63 symbols have been removed, 14 added, and 4 have an updated signature. The removed symbols in OpenSCAP 1.3.0 include:
- symbols that were marked as deprecated in version 1.2.0
- SEAP protocol symbols
- internal helper functions
- unused library symbols
- unimplemented symbols
8.4.2. oscap-podman
replaces oscap-docker
for security and compliance scanning of containers
In RHEL 8.2, a new utility for security and compliance scanning of containers has been introduced. The oscap-podman
tool provides an equivalent of the oscap-docker
utility that serves for scanning container and container images in RHEL 7.
For more information, see the Scanning container and container images for vulnerabilities section.
8.5. Audit
8.5.1. Audit 3.0 replaces audispd
with auditd
With this update, functionality of audispd
has been moved to auditd
. As a result, audispd
configuration options are now part of auditd.conf
. In addition, the plugins.d
directory has been moved under /etc/audit
. The current status of auditd
and its plug-ins can now be checked by running the service auditd state
command.
8.6. SELinux
8.6.1. SELinux packages migrated to Python 3
-
The
policycoreutils-python
has been replaced by thepolicycoreutils-python-utils
andpython3-policycoreutils
packages. -
The functionality of the
libselinux-python
package is now provided by thepython3-libselinux
package. -
The functionality of the
setools-libs
package is now provided by thepython3-setools
package. -
The functionality of the
libsemanage-python
package is now provided by thepython3-libsemanage
package.
8.6.2. Changes in SELinux sub-packages
-
The
libselinux-static
,libsemanage-static
,libsepol-static
, andsetools-libs-tcl
has been removed. -
The
setools-gui
andsetools-console-analyses
are not available in RHEL 8.0 and 8.1. RHEL 8.2 is the first minor version of RHEL 8 that contains these sub-packages.
8.6.3. Changes in SELinux policy
The init_t
domain type is no longer unconfined on RHEL 8. This might cause problems for third-party applications that use a different SELinux labeling approach.
To overcome SELinux labeling problems in the non-standard locations, you can configure file context equivalency for such locations.
Configure file context equivalency for the
/my/apps
and/
directories:# semanage fcontext -a -e / /my/apps
Verify file context equivalency by listing local customizations of the SELinux policy:
# semanage fcontext -l -C SELinux Local fcontext Equivalence /my/apps = /
Restore the context of
/my/apps
to the default, which is now equivalent to the context of/
:# restorecon -Rv /my/apps restorecon reset /my/apps context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:root_t:s0 restorecon reset /my/apps/bin context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:bin_t:s0 restorecon reset /my/apps/bin/executable context unconfined_u:object_r:default_t:s0->unconfined_u:object_r:bin_t:s0
This approach assigns correct labels to the majority of files and directories installed in the non-standard location, which also leads to correctly labeled processes started by some of the executable files.
To remove file context equivalency, use the following command:
# semanage fcontext -d -e / /my/apps
-
For additional information, see the
semanage-fcontext
man page on your system.
8.6.4. Changes in SELinux booleans
8.6.4.1. New SELinux booleans
This update of the SELinux system policy introduces the following booleans:
-
colord_use_nfs
-
deny_bluetooth
-
httpd_use_opencryptoki
-
logrotate_use_fusefs
-
mysql_connect_http
-
pdns_can_network_connect_db
-
ssh_use_tcpd
-
sslh_can_bind_any_port
-
sslh_can_connect_any_port
-
tor_can_onion_services
-
unconfined_dyntrans_all
-
use_virtualbox
-
virt_sandbox_share_apache_content
-
virt_use_pcscd
8.6.4.2. Removed SELinux booleans
The RHEL 8 SELinux policy does not provide the following booleans that were available in the previous release:
-
container_can_connect_any
-
ganesha_use_fusefs
8.6.4.3. Changes of default values
In RHEL 8, the following SELinux booleans are set to a different default value than in the previous release:
-
domain_can_mmap_files
is nowoff
by default. -
httpd_graceful_shutdown
is nowoff
by default. -
mozilla_plugin_can_network_connect
is nowon
by default. -
named_write_master_zones
is nowon
by default.
Additionally, the descriptions of the antivirus_use_jit
and ssh_chroot_rw_homedirs
booleans have been changed.
To get a list of booleans including their meaning, and to find out if they are enabled or disabled, install the selinux-policy-devel
package and use:
# semanage boolean -l
8.6.5. Changes in SELinux port types
The RHEL 8 SELinux policy provides the following additional port types:
-
appswitch_emp_port_t
-
babel_port_t
-
bfd_control_port_t
-
conntrackd_port_t
-
firepower_port_t
-
nmea_port_t
-
nsca_port_t
-
openqa_port_t
-
openqa_websockets_port_t
-
priority_e_com_port_t
-
qpasa_agent_port_t
-
rkt_port_t
-
smntubootstrap_port_t
-
statsd_port_t
-
versa_tek_port_t
Furthermore, the definitions of the dns_port_t
and ephemeral_port_t
port types have been changed, and the gluster_port_t
port type has been removed.
8.6.6. Changes in sesearch
usage
-
The
sesearch
command no longer uses the-C
option, and it requires to include conditional expressions. The
-T
,--type
option has been changed to:-
-T
,--type_trans
- find type_transition rules. -
--type_member
- find type_member rules. -
--type_change
- find type_change rules.
-
8.7. Removed security functionality
8.7.1. shadow-utils
no longer allow all-numeric user and group names
The useradd
and groupadd
commands disallow user and group names consisting purely of numeric characters. The reason for not allowing such names is that this can confuse potentially many tools that work with user and group names and user and group ids (which are numbers). Please note that the all-numeric user and group names are deprecated in Red Hat Enterprise Linux 7 and their support is completely removed in Red Hat Enterprise Linux 8.
8.7.2. securetty
is now disabled by default
Because of the dynamic nature of tty
device files on modern Linux systems, the securetty
PAM module has been disabled by default and the /etc/securetty
configuration file is no longer included in RHEL. Since /etc/securetty
listed many possible devices so that the practical effect in most cases was to allow by default, this change has only a minor impact. However, if you use a more restrictive configuration, you need to add a line enabling the pam_securetty.so
module to the appropriate files in the /etc/pam.d
directory, and create a new /etc/securetty
file.
8.7.3. The Clevis
HTTP pin has been removed
The Clevis
HTTP pin has been removed from RHEL 8, and the clevis encrypt http
sub-command is no longer available.
8.7.3.1. Coolkey
has been removed
The Coolkey
driver for smart cards has been removed from RHEL 8, and OpenSC
now provides its functionality.
8.7.3.2. crypto-utils
have been removed
The crypto-utils
packages have been removed from RHEL 8. You can use tools provided by the openssl
, gnutls-utils
, and nss-tools
packages instead.
8.7.3.3. KLIPS has been removed from Libreswan
In Red Hat Enterprise Linux 8, support for Kernel IP Security (KLIPS) IPsec stack has been removed from Libreswan
.
Chapter 9. Networking
9.1. NetworkManager
9.1.1. Legacy network scripts support
Network scripts are deprecated in Red Hat Enterprise Linux 8 and are no longer provided by default. The basic installation provides a new version of the ifup
and ifdown
scripts which call NetworkManager through the nmcli tool. In Red Hat Enterprise Linux 8, to run the ifup
and the ifdown
scripts, NetworkManager must be running.
Custom commands in /sbin/ifup-local
, ifdown-pre-local
and ifdown-local
scripts are not executed.
If any of these scripts are required, the installation of the deprecated network scripts in the system is still possible with the following command:
# yum install network-scripts
The ifup
and the ifdown
scripts link to the installed legacy network scripts.
Calling the legacy network scripts shows a warning about their deprecation.
9.1.2. NetworkManager supports SR-IOV virtual functions
In Red Hat Enterprise Linux 8, NetworkManager allows configuring the number of virtual functions (VF) for interfaces that support single-root I/O virtualization (SR-IOV). Additionally, NetworkManager allows configuring some attributes of the VFs, such as the MAC address, VLAN, the spoof checking
setting and allowed bitrates. Note that all properties related to SR-IOV are available in the sriov
connection setting. For more details, see the nm-settings(5)
man page on your system.
9.1.3. NetworkManager supports a wildcard interface name match for connections
Previously, it was possible to restrict a connection to a given interface using only an exact match on the interface name. With this update, connections have a new match.interface-name property which supports wildcards. This update enables users to choose the interface for a connection in a more flexible way using a wildcard pattern.
9.1.4. NetworkManager supports configuring ethtool offload features
With this enhancement, NetworkManager
supports configuring ethtool
offload features, and users no longer need to use init scripts or a NetworkManager
dispatcher script. As a result, users can now configure the offload feature as a part of the connection profile using one of the following methods:
-
By using the
nmcli
utility -
By editing keyfiles in the
/etc/NetworkManager/system-connections/
directory -
By editing the
/etc/sysconfig/network-scripts/ifcfg-*
files
Note that this feature is currently not supported in graphical interfaces and in the nmtui
utility.
For further details, see Configuring an ethtool offload feature by using nmcli.
9.1.5. NetworkManager now uses the internal DHCP plug-in by default
NetworkManager supports the internal
and dhclient
DHCP plug-ins. By default, NetworkManager in Red Hat Enterprise Linux (RHEL) 7 uses the dhclient
and RHEL 8 the internal
plug-in. In certain situations, the plug-ins behave differently. For example, dhclient
can use additional settings specified in the /etc/dhcp/
directory.
If you upgrade from RHEL 7 to RHEL 8 and NetworkManager behaves differently, add the following setting to the [main]
section in the /etc/NetworkManager/NetworkManager.conf
file to use the dhclient
plug-in:
[main] dhcp=dhclient
9.1.6. The NetworkManager-config-server package is not installed by default in RHEL 8
The NetworkManager-config-server
package is only installed by default if you select either the Server
or Server with GUI
base environment during the setup. If you selected a different environment, use the yum install NetworkManager-config-server
command to install the package.
9.2. Packet filtering
9.2.1. nftables
replaces iptables
as the default network packet filtering framework
The nftables
framework provides packet classification facilities and it is the designated successor to the iptables
, ip6tables
, arptables
, ebtables
, and ipset
tools. It offers numerous improvements in convenience, features, and performance over previous packet-filtering tools, most notably:
- lookup tables instead of linear processing
-
a single framework for both the
IPv4
andIPv6
protocols - rules all applied atomically instead of fetching, updating, and storing a complete rule set
-
support for debugging and tracing in the rule set (
nftrace
) and monitoring trace events (in thenft
tool) - more consistent and compact syntax, no protocol-specific extensions
- a Netlink API for third-party applications
Similarly to iptables
, nftables
use tables for storing chains. The chains contain individual rules for performing actions. The nft
tool replaces all tools from the previous packet-filtering frameworks. The libnftables
library can be used for low-level interaction with nftables
Netlink API over the libmnl
library.
The iptables
, ip6tables
, ebtables
and arptables
tools are replaced by nftables-based drop-in replacements with the same name. While external behavior is identical to their legacy counterparts, internally they use nftables
with legacy netfilter
kernel modules through a compatibility interface where required.
Effect of the modules on the nftables
rule set can be observed using the nft list ruleset
command. Since these tools add tables, chains, and rules to the nftables
rule set, be aware that nftables
rule-set operations, such as the nft flush ruleset
command, might affect rule sets installed using the formerly separate legacy commands.
To quickly identify which variant of the tool is present, version information has been updated to include the back-end name. In RHEL 8, the nftables-based iptables
tool prints the following version string:
$ iptables --version iptables v1.8.0 (nf_tables)
For comparison, the following version information is printed if legacy iptables
tool is present:
$ iptables --version iptables v1.8.0 (legacy)
9.2.2. Arptables
FORWARD is removed from filter tables in RHEL 8
The arptables
FORWARD chain functionality has been removed in Red Hat Enterprise Linux (RHEL) 8. You can now use the FORWARD chain of the ebtables
tool adding the rules into it.
9.2.3. Output of iptables-ebtables
is not 100% compatible with ebtables
In RHEL 8, the ebtables
command is provided by the iptables-ebtables
package, which contains an nftables
-based reimplementation of the tool. This tool has a different code base, and its output deviates in aspects, which are either negligible or deliberate design choices.
Consequently, when migrating your scripts parsing some ebtables
output, adjust the scripts to reflect the following:
- MAC address formatting has been changed to be fixed in length. Where necessary, individual byte values contain a leading zero to maintain the format of two characters per octet.
- Formatting of IPv6 prefixes has been changed to conform with RFC 4291. The trailing part after the slash character no longer contains a netmask in the IPv6 address format but a prefix length. This change applies to valid (left-contiguous) masks only, while others are still printed in the old formatting.
9.2.4. New tools to convert iptables
to nftables
This update adds the iptables-translate
and ip6tables-translate
tools to convert the existing iptables
or ip6tables
rules into the equivalent ones for nftables
. Note that some extensions lack translation support. If such an extension exists, the tool prints the untranslated rule prefixed with the #
sign. For example:
| % iptables-translate -A INPUT -j CHECKSUM --checksum-fill | nft # -A INPUT -j CHECKSUM --checksum-fill
Additionally, users can use the iptables-restore-translate
and ip6tables-restore-translate
tools to translate a dump of rules. Note that before that, users can use the iptables-save
or ip6tables-save
commands to print a dump of current rules. For example:
| % sudo iptables-save >/tmp/iptables.dump | % iptables-restore-translate -f /tmp/iptables.dump | # Translated by iptables-restore-translate v1.8.0 on Wed Oct 17 17:00:13 2018 | add table ip nat | ...
9.3. Changes in wpa_supplicant
9.3.1. journalctl
can now read the wpa_supplicant
log
In Red Hat Enterprise Linux (RHEL) 8, the wpa_supplicant
package is built with CONFIG_DEBUG_SYSLOG
enabled. This allows reading the wpa_supplicant
log using the journalctl
utility instead of checking the contents of the /var/log/wpa_supplicant.log
file.
9.3.2. The compile-time support for wireless extensions in wpa_supplicant
is disabled
The wpa_supplicant
package does not support wireless extensions. When a user is trying to use wext
as a command-line argument, or trying to use it on old adapters which only support wireless extensions, will not be able to run the wpa_supplicant
daemon.
9.4. A new data chunk type, I-DATA
, added to SCTP
This update adds a new data chunk type, I-DATA
, and stream schedulers to the Stream Control Transmission Protocol (SCTP). Previously, SCTP sent user messages in the same order as they were sent by a user. Consequently, a large SCTP user message blocked all other messages in any stream until completely sent. When using I-DATA
chunks, the Transmission Sequence Number (TSN) field is not overloaded. As a result, SCTP now can schedule the streams in different ways, and I-DATA
allows user messages interleaving (RFC 8260). Note that both peers must support the I-DATA
chunk type.
9.5. Notable TCP features in RHEL 8
Red Hat Enterprise Linux 8 is distributed with TCP networking stack version 4.18, which provides higher performances, better scalability, and more stability. Performances are boosted especially for busy TCP server with a high ingress connection rate.
Additionally, two new TCP congestion algorithms, BBR
and NV
, are available, offering lower latency, and better throughput than cubic in most scenarios.
9.5.1. TCP BBR support in RHEL 8
A new TCP congestion control algorithm, Bottleneck Bandwidth and Round-trip time (BBR) is now supported in Red Hat Enterprise Linux (RHEL) 8. BBR attempts to determine the bandwidth of the bottleneck link and the Round-trip time (RTT). Most congestion algorithms are based on packet loss, including CUBIC, the default Linux TCP congestion control algorithm, which have problems on high-throughput links. BBR does not react to loss events directly, it adjusts the TCP pacing rate to match it with the available bandwidth.
For more information about this, see the Red Hat Knowledgebase solution How to configure TCP BBR congestion control algorithm.
9.7. Network interface name changes
In Red Hat Enterprise Linux 8, the same consistent network device naming scheme is used by default as in RHEL 7. However, certain kernel drivers, such as e1000e
, nfp
, qede
, sfc
, tg3
and bnxt_en
changed their consistent name on a fresh installation of RHEL 8. However, the names are preserved on upgrade from RHEL 7.
9.8. The ipv6
, netmask
, gateway
, and hostname
kernel parameters have been removed
The ipv6
, netmask
, gateway
, and hostname
kernel parameters to configure the network in the kernel command line are no longer available since RHEL 8.3. Instead, use the consolidated ip
parameter that accepts different formats, such as the following:
ip=IP_address:peer:gateway_IP_address:net_mask:host_name:interface_name:configuration_method
For further details about the individual fields and other formats this parameter accepts, see the description of the ip
parameter in the dracut.cmdline(7)
man page on your system.
9.9. The -ok
option of the tc
command removed
The -ok
option of the tc
command has been removed in Red Hat Enterprise Linux 8. As a workaround, users can implement code to communicate directly via netlink with the kernel. Response messages received, indicate completion and status of sent requests. An alternative way for less time-critical applications is to call tc
for each command separately. This may happen with a custom script which simulates the tc -batch
behavior by printing OK
for each successful tc
invocation.
9.10. The PTP capabilities output format of the ethtool
utility has changed
Starting with RHEL 8.4, the ethtool
utility uses the netlink
interface instead of the ioctl()
system call to communicate with the kernel. Consequently, when you use the ethtool -T <network_controller>
command, the format of Precision Time Protocol (PTP) values changes.
Previously, with the ioctl()
interface, ethtool
translated the capability bit names by using an ethtool
-internal string table and, the ethtool -T <network_controller>
command displayed, for example:
Time stamping parameters for <network_controller>:
Capabilities:
hardware-transmit (SOF_TIMESTAMPING_TX_HARDWARE)
software-transmit (SOF_TIMESTAMPING_TX_SOFTWARE)
...
With the netlink
interface, ethtool
receives the strings from the kernel. These strings do not include the internal SOF_TIMESTAMPING_*
names. Therefore, ethtool -T <network_controller>
now displays, for example:
Time stamping parameters for <network_controller>:
Capabilities:
hardware-transmit
software-transmit
...
If you use the PTP capabilities output of ethtool
in scripts or applications, update them accordingly.
Chapter 10. Kernel
10.1. Resource control
10.1.1. Control group v2 available as a Technology Preview in RHEL 8
Control group v2 mechanism is a unified hierarchy control group. Control group v2 organizes processes hierarchically and distributes system resources along the hierarchy in a controlled and configurable manner.
Unlike the previous version, control group v2 has only a single hierarchy. This single hierarchy enables the Linux kernel to:
- Categorize processes based on the role of their owner.
- Eliminate issues with conflicting policies of multiple hierarchies.
Control group v2 supports numerous controllers:
CPU controller regulates the distribution of CPU cycles. This controller implements:
- Weight and absolute bandwidth limit models for normal scheduling policy.
- Absolute bandwidth allocation model for real time scheduling policy.
Memory controller regulates the memory distribution. Currently, the following types of memory usages are tracked:
- Userland memory - page cache and anonymous memory.
- Kernel data structures such as dentries and inodes.
- TCP socket buffers.
- I/O controller regulates the distribution of I/O resources.
- Remote Direct Memory Access (RDMA) controller limits RDMA/IB specific resources that certain processes can use. These processes are grouped through the RDMA controller.
-
Process number controller enables the control group to stop any new tasks from being
fork()
’d orclone()
’d after a certain limit. - Writeback controller acts as a mechanism, which balances conflicts between I/O and the memory controllers.
The information above was based on cgroups-v2 online documentation. You can refer to the same link to obtain more information about particular control group v2 controllers.
10.2. Memory management
10.2.1. 52-bit PA for 64-bit ARM available
With this update, support for 52-bit physical addressing (PA) for the 64-bit ARM architecture is available. This provides a larger physical address space than previous 48-bit PA.
10.2.2. 5-level page tables x86_64
In RHEL 7, existing memory bus had 48/46 bit of virtual/physical memory addressing capacity, and the Linux kernel implemented 4 levels of page tables to manage these virtual addresses to physical addresses. The physical bus addressing line put the physical memory upper limit capacity at 64 TB.
These limits have been extended to 57/52 bit of virtual/physical memory addressing with 128 PiB of virtual address space (64PB user/64PB kernel) and 4 PB of physical memory capacity.
With the extended address range, the memory management in RHEL 8 adds support for 5-level page table implementation. This implementation is able to handle the expanded address range with up to 128 PiB of virtual address space and 4 PiB of physical address space.
The 5-level page table is enabled by default for hardware capable of supporting this feature even if the installed physical memory is less than 64 TiB. For systems with less than 64 TiB of memory, there is a small overhead increase in walking the 5-level page table. To avoid this overhead, users can disable 5-level page table by using the no5lvl
kernel command-line parameter to force the use of 4-level page table.
10.2.3. Swapping algorithm changes
In RHEL 8, there is an update in the virtual memory management of Linux kernel algorithms. This might cause anonymous memory pages (process data) to be swapped to disk more often compared to earlier versions. These changes were made because the performance impact of modern solid-state drives (SSDs) is significantly lower compared to spinning disks. To ensure optimal system performance when migrating to RHEL 8, it is recommended that users evaluate and, if necessary, adjust the swappiness settings of the system.
10.3. Performance analysis and observability tools
10.3.1. bpftool added to kernel
The bpftool
utility that serves for inspection and simple manipulation of programs and maps based on extended Berkeley Packet Filtering (eBPF) has been added into the Linux kernel. bpftool
is a part of the kernel source tree, and is provided by the bpftool package, which is included as a sub-package of the kernel package.
10.3.2. eBPF available as a Technology Preview
The extended Berkeley Packet Filtering (eBPF) feature is available as a Technology Preview for both networking and tracing. eBPF enables the user space to attach custom programs onto a variety of points (sockets, trace points, packet reception) to receive and process data. The feature includes a new system call bpf()
, which supports creating various types of maps, and also to insert various types of programs into the kernel. Note that the bpf()
syscall can be successfully used only by a user with the CAP_SYS_ADMIN
capability, such as a root user. See the bpf
(2) man page for more information.
10.3.3. BCC is available as a Technology Preview
BPF Compiler Collection (BCC)
is a user space tool kit for creating efficient kernel tracing and manipulation programs that is available as a Technology Preview in RHEL 8. BCC
provides tools for I/O analysis, networking, and monitoring of Linux operating systems using the extended Berkeley Packet Filtering (eBPF)
.
10.4. Booting process
10.4.1. How to install and boot custom kernels in RHEL
The Boot Loader Specification (BLS) defines a scheme and file format to manage bootloader configurations for each boot option in a drop-in directory. There is no need to manipulate the individual drop-in configuration files. This premise is particularly relevant in RHEL 8 because not all architectures use the same bootloader:
-
x86_64
,aarch64
andppc64le
with open firmware useGRUB2
-
ppc64le
with Open Power Abstraction Layer (OPAL) usesPetitboot
-
s390x
useszipl
Each bootloader has a different configuration file and format that has to be modified when a new kernel is installed or removed. In the previous versions of RHEL, the component that permitted this work was the grubby
utility. However, for RHEL 8 the bootloader configuration was standardized by implementing the BLS file format, where grubby
works as a thin wrapper around the BLS operations.
10.4.2. Early kdump support in RHEL
Previously, the kdump
service started too late to register the kernel crashes that occurred in early stages of the booting process. As a result, the crash information together with a chance for troubleshooting was lost.
To address this problem, RHEL 8 introduced an early kdump
support. To learn more about this mechanism, see the /usr/share/doc/kexec-tools/early-kdump-howto.txt
file. Also, see the Red Hat Knowledgebase solution What is early kdump support and how do I configure it?.
Chapter 11. Hardware enablement
11.1. Removed hardware support
The following device drivers and adapters were supported in RHEL 7 but are no longer available in RHEL 8.0.
11.1.1. Removed device drivers
Support for the following device drivers has been removed in RHEL 8:
- 3w-9xxx
- 3w-sas
- aic79xx
- aoe
- arcmsr
ata drivers:
- acard-ahci
- sata_mv
- sata_nv
- sata_promise
- sata_qstor
- sata_sil
- sata_sil24
- sata_sis
- sata_svw
- sata_sx4
- sata_uli
- sata_via
- sata_vsc
- bfa
- cxgb3
- cxgb3i
- e1000
- floppy
- hptiop
- initio
- isci
- iw_cxgb3
- mptbase - This driver is left in place for virtualization use case and easy developer transition. However it is not supported.
- mptctl
- mptsas - This driver is left in place for virtualization use case and easy developer transition. However it is not supported.
- mptscsih - This driver is left in place for virtualization use case and easy developer transition. However it is not supported.
- mptspi - This driver is left in place for virtualization use case and easy developer transition. However it is not supported.
- mthca
- mtip32xx
- mvsas
- mvumi
OSD drivers:
- osd
- libosd
- osst
pata drivers:
- pata_acpi
- pata_ali
- pata_amd
- pata_arasan_cf
- pata_artop
- pata_atiixp
- pata_atp867x
- pata_cmd64x
- pata_cs5536
- pata_hpt366
- pata_hpt37x
- pata_hpt3x2n
- pata_hpt3x3
- pata_it8213
- pata_it821x
- pata_jmicron
- pata_marvell
- pata_netcell
- pata_ninja32
- pata_oldpiix
- pata_pdc2027x
- pata_pdc202xx_old
- pata_piccolo
- pata_rdc
- pata_sch
- pata_serverworks
- pata_sil680
- pata_sis
- pata_via
- pdc_adma
- pm80xx(pm8001)
- pmcraid
- qla3xxx - This driver is left in place for virtualization use case and easy developer transition. However it is not supported.
- qlcnic
- qlge
- stex
- sx8
- tulip
- ufshcd
wireless drivers:
- carl9170
- iwl4965
- iwl3945
- mwl8k
- rt73usb
- rt61pci
- rtl8187
- wil6210
11.1.2. Removed adapters
Support for the adapters listed below has been removed in RHEL 8. Support for other than listed adapters from the mentioned drivers remains unchanged.
PCI IDs are in the format of vendor:device:subvendor:subdevice. If the subdevice or subvendor:subdevice entry is not listed, devices with any values of such missing entries have been removed.
To check the PCI IDs of the hardware on your system, run the lspci -nn
command.
The following adapters from the
aacraid
driver have been removed:- PERC 2/Si (Iguana/PERC2Si), PCI ID 0x1028:0x0001:0x1028:0x0001
- PERC 3/Di (Opal/PERC3Di), PCI ID 0x1028:0x0002:0x1028:0x0002
- PERC 3/Si (SlimFast/PERC3Si), PCI ID 0x1028:0x0003:0x1028:0x0003
- PERC 3/Di (Iguana FlipChip/PERC3DiF), PCI ID 0x1028:0x0004:0x1028:0x00d0
- PERC 3/Di (Viper/PERC3DiV), PCI ID 0x1028:0x0002:0x1028:0x00d1
- PERC 3/Di (Lexus/PERC3DiL), PCI ID 0x1028:0x0002:0x1028:0x00d9
- PERC 3/Di (Jaguar/PERC3DiJ), PCI ID 0x1028:0x000a:0x1028:0x0106
- PERC 3/Di (Dagger/PERC3DiD), PCI ID 0x1028:0x000a:0x1028:0x011b
- PERC 3/Di (Boxster/PERC3DiB), PCI ID 0x1028:0x000a:0x1028:0x0121
- catapult, PCI ID 0x9005:0x0283:0x9005:0x0283
- tomcat, PCI ID 0x9005:0x0284:0x9005:0x0284
- Adaptec 2120S (Crusader), PCI ID 0x9005:0x0285:0x9005:0x0286
- Adaptec 2200S (Vulcan), PCI ID 0x9005:0x0285:0x9005:0x0285
- Adaptec 2200S (Vulcan-2m), PCI ID 0x9005:0x0285:0x9005:0x0287
- Legend S220 (Legend Crusader), PCI ID 0x9005:0x0285:0x17aa:0x0286
- Legend S230 (Legend Vulcan), PCI ID 0x9005:0x0285:0x17aa:0x0287
- Adaptec 3230S (Harrier), PCI ID 0x9005:0x0285:0x9005:0x0288
- Adaptec 3240S (Tornado), PCI ID 0x9005:0x0285:0x9005:0x0289
- ASR-2020ZCR SCSI PCI-X ZCR (Skyhawk), PCI ID 0x9005:0x0285:0x9005:0x028a
- ASR-2025ZCR SCSI SO-DIMM PCI-X ZCR (Terminator), PCI ID 0x9005:0x0285:0x9005:0x028b
- ASR-2230S + ASR-2230SLP PCI-X (Lancer), PCI ID 0x9005:0x0286:0x9005:0x028c
- ASR-2130S (Lancer), PCI ID 0x9005:0x0286:0x9005:0x028d
- AAR-2820SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029b
- AAR-2620SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029c
- AAR-2420SA (Intruder), PCI ID 0x9005:0x0286:0x9005:0x029d
- ICP9024RO (Lancer), PCI ID 0x9005:0x0286:0x9005:0x029e
- ICP9014RO (Lancer), PCI ID 0x9005:0x0286:0x9005:0x029f
- ICP9047MA (Lancer), PCI ID 0x9005:0x0286:0x9005:0x02a0
- ICP9087MA (Lancer), PCI ID 0x9005:0x0286:0x9005:0x02a1
- ICP5445AU (Hurricane44), PCI ID 0x9005:0x0286:0x9005:0x02a3
- ICP9085LI (Marauder-X), PCI ID 0x9005:0x0285:0x9005:0x02a4
- ICP5085BR (Marauder-E), PCI ID 0x9005:0x0285:0x9005:0x02a5
- ICP9067MA (Intruder-6), PCI ID 0x9005:0x0286:0x9005:0x02a6
- Themisto Jupiter Platform, PCI ID 0x9005:0x0287:0x9005:0x0800
- Themisto Jupiter Platform, PCI ID 0x9005:0x0200:0x9005:0x0200
- Callisto Jupiter Platform, PCI ID 0x9005:0x0286:0x9005:0x0800
- ASR-2020SA SATA PCI-X ZCR (Skyhawk), PCI ID 0x9005:0x0285:0x9005:0x028e
- ASR-2025SA SATA SO-DIMM PCI-X ZCR (Terminator), PCI ID 0x9005:0x0285:0x9005:0x028f
- AAR-2410SA PCI SATA 4ch (Jaguar II), PCI ID 0x9005:0x0285:0x9005:0x0290
- CERC SATA RAID 2 PCI SATA 6ch (DellCorsair), PCI ID 0x9005:0x0285:0x9005:0x0291
- AAR-2810SA PCI SATA 8ch (Corsair-8), PCI ID 0x9005:0x0285:0x9005:0x0292
- AAR-21610SA PCI SATA 16ch (Corsair-16), PCI ID 0x9005:0x0285:0x9005:0x0293
- ESD SO-DIMM PCI-X SATA ZCR (Prowler), PCI ID 0x9005:0x0285:0x9005:0x0294
- AAR-2610SA PCI SATA 6ch, PCI ID 0x9005:0x0285:0x103C:0x3227
- ASR-2240S (SabreExpress), PCI ID 0x9005:0x0285:0x9005:0x0296
- ASR-4005, PCI ID 0x9005:0x0285:0x9005:0x0297
- IBM 8i (AvonPark), PCI ID 0x9005:0x0285:0x1014:0x02F2
- IBM 8i (AvonPark Lite), PCI ID 0x9005:0x0285:0x1014:0x0312
- IBM 8k/8k-l8 (Aurora), PCI ID 0x9005:0x0286:0x1014:0x9580
- IBM 8k/8k-l4 (Aurora Lite), PCI ID 0x9005:0x0286:0x1014:0x9540
- ASR-4000 (BlackBird), PCI ID 0x9005:0x0285:0x9005:0x0298
- ASR-4800SAS (Marauder-X), PCI ID 0x9005:0x0285:0x9005:0x0299
- ASR-4805SAS (Marauder-E), PCI ID 0x9005:0x0285:0x9005:0x029a
- ASR-3800 (Hurricane44), PCI ID 0x9005:0x0286:0x9005:0x02a2
- Perc 320/DC, PCI ID 0x9005:0x0285:0x1028:0x0287
- Adaptec 5400S (Mustang), PCI ID 0x1011:0x0046:0x9005:0x0365
- Adaptec 5400S (Mustang), PCI ID 0x1011:0x0046:0x9005:0x0364
- Dell PERC2/QC, PCI ID 0x1011:0x0046:0x9005:0x1364
- HP NetRAID-4M, PCI ID 0x1011:0x0046:0x103c:0x10c2
- Dell Catchall, PCI ID 0x9005:0x0285:0x1028
- Legend Catchall, PCI ID 0x9005:0x0285:0x17aa
- Adaptec Catch All, PCI ID 0x9005:0x0285
- Adaptec Rocket Catch All, PCI ID 0x9005:0x0286
- Adaptec NEMER/ARK Catch All, PCI ID 0x9005:0x0288
The following Mellanox Gen2 and ConnectX-2 adapters from the
mlx4_core
driver have been removed:- PCI ID 0x15B3:0x1002
- PCI ID 0x15B3:0x676E
- PCI ID 0x15B3:0x6746
- PCI ID 0x15B3:0x6764
- PCI ID 0x15B3:0x675A
- PCI ID 0x15B3:0x6372
- PCI ID 0x15B3:0x6750
- PCI ID 0x15B3:0x6368
- PCI ID 0x15B3:0x673C
- PCI ID 0x15B3:0x6732
- PCI ID 0x15B3:0x6354
- PCI ID 0x15B3:0x634A
- PCI ID 0x15B3:0x6340
The following adapters from the
mpt2sas
driver have been removed:- SAS2004, PCI ID 0x1000:0x0070
- SAS2008, PCI ID 0x1000:0x0072
- SAS2108_1, PCI ID 0x1000:0x0074
- SAS2108_2, PCI ID 0x1000:0x0076
- SAS2108_3, PCI ID 0x1000:0x0077
- SAS2116_1, PCI ID 0x1000:0x0064
- SAS2116_2, PCI ID 0x1000:0x0065
- SSS6200, PCI ID 0x1000:0x007E
The following adapters from the
megaraid_sas
driver have been removed:- Dell PERC5, PCI ID 0x1028:0x0015
- SAS1078R, PCI ID 0x1000:0x0060
- SAS1078DE, PCI ID 0x1000:0x007C
- SAS1064R, PCI ID 0x1000:0x0411
- VERDE_ZCR, PCI ID 0x1000:0x0413
- SAS1078GEN2, PCI ID 0x1000:0x0078
- SAS0079GEN2, PCI ID 0x1000:0x0079
- SAS0073SKINNY, PCI ID 0x1000:0x0073
- SAS0071SKINNY, PCI ID 0x1000:0x0071
The following adapters from the
qla2xxx
driver have been removed:- ISP24xx, PCI ID 0x1077:0x2422
- ISP24xx, PCI ID 0x1077:0x2432
- ISP2422, PCI ID 0x1077:0x5422
- QLE220, PCI ID 0x1077:0x5432
- QLE81xx, PCI ID 0x1077:0x8001
- QLE10000, PCI ID 0x1077:0xF000
- QLE84xx, PCI ID 0x1077:0x8044
- QLE8000, PCI ID 0x1077:0x8432
- QLE82xx, PCI ID 0x1077:0x8021
The following adapters from the
qla4xxx
driver have been removed:- QLOGIC_ISP8022, PCI ID 0x1077:0x8022
- QLOGIC_ISP8324, PCI ID 0x1077:0x8032
- QLOGIC_ISP8042, PCI ID 0x1077:0x8042
The following adapters from the
be2iscsi
driver have been removed:BladeEngine 2 (BE2) devices
- BladeEngine2 10Gb iSCSI Initiator (generic), PCI ID 0x19a2:0x212
- OneConnect OCe10101, OCm10101, OCe10102, OCm10102 BE2 adapter family, PCI ID 0x19a2:0x702
- OCe10100 BE2 adapter family, PCI ID 0x19a2:0x703
BladeEngine 3 (BE3) devices
- OneConnect TOMCAT iSCSI, PCI ID 0x19a2:0x0712
- BladeEngine3 iSCSI, PCI ID 0x19a2:0x0222
The following Ethernet adapters controlled by the
be2net
driver have been removed:BladeEngine 2 (BE2) devices
- OneConnect TIGERSHARK NIC, PCI ID 0x19a2:0x0700
- BladeEngine2 Network Adapter, PCI ID 0x19a2:0x0211
BladeEngine 3 (BE3) devices
- OneConnect TOMCAT NIC, PCI ID 0x19a2:0x0710
- BladeEngine3 Network Adapter, PCI ID 0x19a2:0x0221
The following adapters from the
lpfc
driver have been removed:BladeEngine 2 (BE2) devices
- OneConnect TIGERSHARK FCoE, PCI ID 0x19a2:0x0704
BladeEngine 3 (BE3) devices
- OneConnect TOMCAT FCoE, PCI ID 0x19a2:0x0714
Fibre Channel (FC) devices
- FIREFLY, PCI ID 0x10df:0x1ae5
- PROTEUS_VF, PCI ID 0x10df:0xe100
- BALIUS, PCI ID 0x10df:0xe131
- PROTEUS_PF, PCI ID 0x10df:0xe180
- RFLY, PCI ID 0x10df:0xf095
- PFLY, PCI ID 0x10df:0xf098
- LP101, PCI ID 0x10df:0xf0a1
- TFLY, PCI ID 0x10df:0xf0a5
- BSMB, PCI ID 0x10df:0xf0d1
- BMID, PCI ID 0x10df:0xf0d5
- ZSMB, PCI ID 0x10df:0xf0e1
- ZMID, PCI ID 0x10df:0xf0e5
- NEPTUNE, PCI ID 0x10df:0xf0f5
- NEPTUNE_SCSP, PCI ID 0x10df:0xf0f6
- NEPTUNE_DCSP, PCI ID 0x10df:0xf0f7
- FALCON, PCI ID 0x10df:0xf180
- SUPERFLY, PCI ID 0x10df:0xf700
- DRAGONFLY, PCI ID 0x10df:0xf800
- CENTAUR, PCI ID 0x10df:0xf900
- PEGASUS, PCI ID 0x10df:0xf980
- THOR, PCI ID 0x10df:0xfa00
- VIPER, PCI ID 0x10df:0xfb00
- LP10000S, PCI ID 0x10df:0xfc00
- LP11000S, PCI ID 0x10df:0xfc10
- LPE11000S, PCI ID 0x10df:0xfc20
- PROTEUS_S, PCI ID 0x10df:0xfc50
- HELIOS, PCI ID 0x10df:0xfd00
- HELIOS_SCSP, PCI ID 0x10df:0xfd11
- HELIOS_DCSP, PCI ID 0x10df:0xfd12
- ZEPHYR, PCI ID 0x10df:0xfe00
- HORNET, PCI ID 0x10df:0xfe05
- ZEPHYR_SCSP, PCI ID 0x10df:0xfe11
- ZEPHYR_DCSP, PCI ID 0x10df:0xfe12
Lancer FCoE CNA devices
- OCe15104-FM, PCI ID 0x10df:0xe260
- OCe15102-FM, PCI ID 0x10df:0xe260
- OCm15108-F-P, PCI ID 0x10df:0xe260
11.1.3. Other removed hardware support
11.1.3.1. AGP graphics cards are no longer supported
Graphics cards using the Accelerated Graphics Port (AGP) bus are not supported in Red Hat Enterprise Linux 8. Use the graphics cards with the PCI Express bus as the recommended replacement.
11.1.3.2. FCoE software removal
Fibre Channel over Ethernet (FCoE) software has been removed from Red Hat Enterprise Linux 8. Specifically, the fcoe.ko
kernel module is no longer available for creating software FCoE interfaces over Ethernet adapters and drivers. This change is due to a lack of industry adoption for software-managed FCoE.
Specific changes to Red Hat Enterprise 8 include:
-
The
fcoe.ko
kernel module is no longer available. This removes support for software FCoE with Data Center Bridging enabled Ethernet adapters and drivers. Link-level software configuration via Data Center Bridging eXchange (DCBX) using
lldpad
is no longer supported for FCoE.-
The
fcoe-utils
tools (specificallyfcoemon
) is configured by default to not validate DCB configuration or communicate withlldpad
. -
The
lldpad
integration infcoemon
might be permanently disabled.
-
The
-
The
libhbaapi
andlibhbalinux
libraries are no longer used byfcoe-utils
, and will not undergo any direct testing from Red Hat.
Support for the following remains unchanged:
-
Currently supported offloading FCoE adapters that appear as Fibre Channel adapters to the operating system and do not use the
fcoe-utils
management tools, unless stated in a separate note. This applies to select adapters supported by thelpfc
FC driver. Note that thebfa
driver is not included in Red Hat Enterprise Linux 8. -
Currently supported offloading FCoE adapters that do use the
fcoe-utils
management tools but have their own kernel drivers instead offcoe.ko
and manage DCBX configuration in their drivers and/or firmware, unless stated in a separate note. Thefnic
,bnx2fc
, andqedf
drivers will continue to be fully supported in Red Hat Enterprise Linux 8. -
The
libfc.ko
andlibfcoe.ko
kernel modules that are required for some of the supported drivers covered by the previous statement.
For more information, see Software FCoE and Fibre Channel no longer support the target mode.
11.1.3.3. The e1000 network driver is not supported in RHEL 8
In Red Hat Enterprise Linux 8, the e1000 network driver is not supported. This affects both bare metal and virtual environments. However, the newer e1000e network driver continues to be fully supported in RHEL 8.
11.1.3.4. RHEL 8 does not support the tulip driver
With this update, the tulip network driver is no longer supported. As a consequence, when using RHEL 8 on a Generation 1 virtual machine (VM) on the Microsoft Hyper-V hypervisor, the "Legacy Network Adapter" device does not work, which causes PXE installation of such VMs to fail.
For the PXE installation to work, install RHEL 8 on a Generation 2 Hyper-V VM. If you require a RHEL 8 Generation 1 VM, use ISO installation.
11.1.3.5. The qla2xxx
driver no longer supports target mode
Support for target mode with the qla2xxx
QLogic Fibre Channel driver has been disabled. The effects of this change are:
-
The kernel no longer provides the
tcm_qla2xxx
module. -
The
rtslib
library and thetargetcli
utility no longer supportqla2xxx
.
Initiator mode with qla2xxx
is still supported.
Chapter 12. File systems and storage
12.1. File systems
12.1.1. Btrfs has been removed
The Btrfs file system has been removed in Red Hat Enterprise Linux 8. This includes the following components:
-
The
btrfs.ko
kernel module -
The
btrfs-progs
package -
The
snapper
package
You can no longer create, mount, or install on Btrfs file systems in Red Hat Enterprise Linux 8. The Anaconda installer and the Kickstart commands no longer support Btrfs.
12.1.3. The ext4 file system now supports metadata checksums
With this update, ext4 metadata is protected by checksums. This enables the file system to recognize the corrupt metadata, which avoids damage and increases the file system resilience.
12.1.4. The /etc/sysconfig/nfs
file and legacy NFS service names are no longer available
In Red Hat Enterprise Linux 8.0, the NFS configuration has moved from the /etc/sysconfig/nfs
configuration file, which was used in Red Hat Enterprise Linux 7, to /etc/nfs.conf
.
The /etc/nfs.conf
file uses a different syntax. Red Hat Enterprise Linux 8 attempts to automatically convert all options from /etc/sysconfig/nfs
to /etc/nfs.conf
when upgrading from Red Hat Enterprise Linux 7.
Both configuration files are supported in Red Hat Enterprise Linux 7. Red Hat recommends that you use the new /etc/nfs.conf
file to make NFS configuration in all versions of Red Hat Enterprise Linux compatible with automated configuration systems.
Additionally, the following NFS service aliases have been removed and replaced by their upstream names:
-
nfs.service
, replaced bynfs-server.service
-
nfs-secure.service
, replaced byrpc-gssd.service
-
rpcgssd.service
, replaced byrpc-gssd.service
-
nfs-idmap.service
, replaced bynfs-idmapd.service
-
rpcidmapd.service
, replaced bynfs-idmapd.service
-
nfs-lock.service
, replaced byrpc-statd.service
-
nfslock.service
, replaced byrpc-statd.service
12.2. Storage
12.2.1. The BOOM boot manager simplifies the process of creating boot entries
BOOM is a boot manager for Linux systems that use boot loaders supporting the BootLoader Specification for boot entry configuration. It enables flexible boot configuration and simplifies the creation of new or modified boot entries: for example, to boot snapshot images of the system created using LVM.
BOOM does not modify the existing boot loader configuration, and only inserts additional entries. The existing configuration is maintained, and any distribution integration, such as kernel installation and update scripts, continue to function as before.
BOOM has a simplified command-line interface (CLI) and API that ease the task of creating boot entries.
12.2.2. Stratis is now available
Stratis is a new local storage manager. It provides managed file systems on top of pools of storage with additional features to the user.
Stratis enables you to more easily perform storage tasks such as:
- Manage snapshots and thin provisioning
- Automatically grow file system sizes as needed
- Maintain file systems
To administer Stratis storage, use the stratis
utility, which communicates with the stratisd
background service.
Stratis is provided as a Technology Preview.
For more information, see the Stratis documentation: Setting up Stratis file systems.
12.2.3. LUKS2 is now the default format for encrypting volumes
In RHEL 8, the LUKS version 2 (LUKS2) format replaces the legacy LUKS (LUKS1) format. The dm-crypt
subsystem and the cryptsetup
tool now uses LUKS2 as the default format for encrypted volumes. LUKS2 provides encrypted volumes with metadata redundancy and auto-recovery in case of a partial metadata corruption event.
Due to the internal flexible layout, LUKS2 is also an enabler of future features. It supports auto-unlocking through the generic kernel-keyring token built in libcryptsetup
that allow users unlocking of LUKS2 volumes using a passphrase stored in the kernel-keyring retention service.
Other notable enhancements include:
- The protected key setup using the wrapped key cipher scheme.
- Easier integration with Policy-Based Decryption (Clevis).
- Up to 32 key slots - LUKS1 provides only 8 key slots.
For more details, see the cryptsetup(8)
and cryptsetup-reencrypt(8)
man pages.
12.2.4. Multiqueue scheduling on block devices
Block devices now use multiqueue scheduling in Red Hat Enterprise Linux 8. This enables the block layer performance to scale well with fast solid-state drives (SSDs) and multi-core systems.
The SCSI Multiqueue (scsi-mq
) driver is now enabled by default, and the kernel boots with the scsi_mod.use_blk_mq=Y
option. This change is consistent with the upstream Linux kernel.
Device Mapper Multipath (DM Multipath) requires the scsi-mq
driver to be active.
12.2.5. VDO now supports all architectures
Virtual Data Optimizer (VDO) is now available on all of the architectures supported by RHEL 8.
12.2.6. VDO no longer supports read cache
The read cache functionality has been removed from Virtual Data Optimizer (VDO). The read cache is always disabled on VDO volumes, and you can no longer enable it using the --readCache
option of the vdo
utility.
Red Hat might reintroduce the VDO read cache in a later Red Hat Enterprise Linux release, using a different implementation.
12.2.7. The dmraid
package has been removed
The dmraid
package has been removed from Red Hat Enterprise Linux 8. Users requiring support for combined hardware and software RAID host bus adapters (HBA) should use the mdadm
utility, which supports native MD software RAID, the SNIA RAID Common Disk Data Format (DDF), and the Intel® Matrix Storage Manager (IMSM) formats.
12.2.8. Software FCoE and Fibre Channel no longer support the target mode
- Software FCoE: NIC Software FCoE target functionality is removed in Red Hat Enterprise Linux 8.0.
-
Fibre Channel no longer supports the target mode. Target mode is disabled for the
qla2xxx
QLogic Fibre Channel driver in Red Hat Enterprise Linux 8.0.
For more information, see FCoE software removal.
12.2.9. The detection of marginal paths in DM Multipath has been improved
The multipathd
service now supports improved detection of marginal paths. This helps multipath devices avoid paths that are likely to fail repeatedly, and improves performance. Marginal paths are paths with persistent but intermittent I/O errors.
The following options in the /etc/multipath.conf
file control marginal paths behavior:
-
marginal_path_double_failed_time
-
marginal_path_err_sample_time
-
marginal_path_err_rate_threshold
-
marginal_path_err_recheck_gap_time
DM Multipath disables a path and tests it with repeated I/O for the configured sample time if:
-
the listed
multipath.conf
options are set, - a path fails twice in the configured time, and
- other paths are available.
If the path has more than the configured err rate during this testing, DM Multipath ignores it for the configured gap time, and then retests it to see if it is working well enough to be reinstated.
For more information, see the multipath.conf
man page on your system.
12.2.10. New overrides
section of the DM Multipath configuration file
The /etc/multipath.conf
file now includes an overrides
section that allows you to set a configuration value for all of your devices. These attributes are used by DM Multipath for all devices unless they are overwritten by the attributes specified in the multipaths
section of the /etc/multipath.conf
file for paths that contain the device. This functionality replaces the all_devs
parameter of the devices
section of the configuration file, which is no longer supported.
12.2.11. NVMe/FC is fully supported on Broadcom Emulex and Marvell Qlogic Fibre Channel adapters
The NVMe over Fibre Channel (NVMe/FC) transport type is now fully supported in Initiator mode when used with Broadcom Emulex and Marvell Qlogic Fibre Channel 32Gbit adapters that feature NVMe support.
NVMe over Fibre Channel is an additional fabric transport type for the Nonvolatile Memory Express (NVMe) protocol, in addition to the Remote Direct Memory Access (RDMA) protocol that was previously introduced in Red Hat Enterprise Linux.
Enabling NVMe/FC:
To enable NVMe/FC in the
lpfc
driver, edit the/etc/modprobe.d/lpfc.conf
file and add the following option:lpfc_enable_fc4_type=3
To enable NVMe/FC in the
qla2xxx
driver, edit the/etc/modprobe.d/qla2xxx.conf
file and add the following option:qla2xxx.ql2xnvmeenable=1
Additional restrictions:
- NVMe clustering is not supported with NVMe/FC.
-
kdump
is not supported with NVMe/FC. - Booting from Storage Area Network (SAN) NVMe/FC is not supported.
12.2.12. Support for Data Integrity Field/Data Integrity Extension (DIF/DIX)
DIF/DIX is an addition to the SCSI Standard. It remains in Technology Preview for all HBAs and storage arrays, except for those specifically listed as supported.
DIF/DIX increases the size of the commonly used 512 byte disk block from 512 to 520 bytes, adding the Data Integrity Field (DIF). The DIF stores a checksum value for the data block that is calculated by the Host Bus Adapter (HBA) when a write occurs. The storage device then confirms the checksum on receipt, and stores both the data and the checksum. Conversely, when a read occurs, the checksum can be verified by the storage device, and by the receiving HBA.
12.2.13. libstoragemgmt-netapp-plugin
has been removed
The libstoragemgmt-netapp-plugin
package used by the libStorageMgmt
library has been removed. It is no longer supported because:
- The package requires the NetApp 7-mode API, which is being phased out by NetApp.
-
RHEL 8 has removed default support for the TLSv1.0 protocol with the
TLS_RSA_WITH_3DES_EDE_CBC_SHA
cipher, using this plug-in with TLS does not work.
12.2.14. Removal of Cylinder-Head-Sector addressing from sfdisk
and cfdisk
Cylinder-Head-Sector (CHS) addressing is no longer useful for modern storage devices. It has been removed as an option from the sfdisk
and cfdisk
commands. Since RHEL 8, you cannot use the following options:
-
-C, --cylinders number
-
-H, --heads number
-
-S, --sectors number
For more information, see the sfdisk(8)
and cfdisk(8)
man pages.
12.3. LVM
12.3.2. Removal of lvmetad
daemon
LVM no longer uses the lvmetad
daemon for caching metadata, and will always read metadata from disk. LVM disk reading has been reduced, which reduces the benefits of caching.
Previously, autoactivation of logical volumes was indirectly tied to the use_lvmetad
setting in the lvm.conf
configuration file. The correct way to disable autoactivation continues to be setting auto_activation_volume_list
in the lvm.conf
file.
12.3.3. LVM can no longer manage devices formatted with the GFS pool volume manager or the lvm1
metadata format.
LVM can no longer manage devices formatted with the GFS pool volume manager or the`lvm1` metadata format. if you created your logical volume before Red Hat Enterprise Linux 4 was introduced, then this may affect you. Volume groups using the lvm1
format should be converted to the lvm2
format using the vgconvert
command.
12.3.4. LVM libraries and LVM Python bindings have been removed
The lvm2app
library and LVM Python bindings, which were provided by the lvm2-python-libs
package, have been removed. Red Hat recommends the following solutions instead:
-
The LVM D-Bus API in combination with the
lvm2-dbusd
service. This requires using Python version 3. -
The LVM command-line utilities with JSON formatting; this formatting has been available since the
lvm2
package version 2.02.158. -
The
libblockdev
library, included in AppStream, for C/C++
You must port any applications using the removed libraries and bindings to the D-Bus API before upgrading to Red Hat Enterprise Linux 8.
12.3.5. The ability to mirror the log for LVM mirrors has been removed
The mirrored log feature of mirrored LVM volumes has been removed. Red Hat Enterprise Linux (RHEL) 8 no longer supports creating or activating LVM volumes with a mirrored mirror log.
The recommended replacements are:
- RAID1 LVM volumes. The main advantage of RAID1 volumes is their ability to work even in degraded mode and to recover after a transient failure.
-
Disk mirror log. To convert a mirrored mirror log to disk mirror log, use the following command:
lvconvert --mirrorlog disk my_vg/my_lv
.
Chapter 13. High availability and clusters
In Red Hat Enterprise Linux 8, pcs
fully supports the Corosync 3 cluster engine and the Kronosnet (knet) network abstraction layer for cluster communication. When planning an upgrade to a RHEL 8 cluster from an existing RHEL 7 cluster, some of the considerations you must take into account are as follows:
- Application versions: What version of the highly-available application will the RHEL 8 cluster require?
- Application process order: What may need to change in the start and stop processes of the application?
-
Cluster infrastructure: Since
pcs
supports multiple network connections in RHEL 8, does the number of NICs known to the cluster change? - Needed packages: Do you need to install all of the same packages on the new cluster?
Because of these and other considerations for running a Pacemaker cluster in RHEL 8, it is not possible to perform in-place upgrades from RHEL 7 to RHEL 8 clusters and you must configure a new cluster in RHEL 8. You cannot run a cluster that includes nodes running both RHEL 7 and RHEL 8.
Additionally, you should plan for the following before performing an upgrade:
- Final cutover: What is the process to stop the application running on the old cluster and start it on the new cluster to reduce application downtime?
- Testing: Is it possible to test your upgrade strategy ahead of time in a development/test environment?
The major differences in cluster creation and administration between RHEL 7 and RHEL 8 are listed in the following sections.
13.1. New formats for pcs cluster setup
, pcs cluster node add
and pcs cluster node remove
commands
In Red Hat Enterprise Linux 8, pcs
fully supports the use of node names, which are now required and replace node addresses in the role of node identifier. Node addresses are now optional.
-
In the
pcs host auth
command, node addresses default to node names. -
In the
pcs cluster setup
andpcs cluster node add
commands, node addresses default to the node addresses specified in thepcs host auth
command.
With these changes, the formats for the commands to set up a cluster, add a node to a cluster, and remove a node from a cluster have changed. For information about these new command formats, see the help display for the pcs cluster setup
, pcs cluster node add
and pcs cluster node remove
commands.
13.2. Master resources renamed to promotable clone resources
Red Hat Enterprise Linux (RHEL) 8 supports Pacemaker 2.0, in which a master/slave resource is no longer a separate type of resource but a standard clone resource with a promotable
meta-attribute set to true
. The following changes have been implemented in support of this update:
-
It is no longer possible to create master resources with the
pcs
command. Instead, it is possible to createpromotable
clone resources. Related keywords and commands have been changed frommaster
topromotable
. - All existing master resources are displayed as promotable clone resources.
- When managing a RHEL7 cluster in the Web UI, master resources are still called master, as RHEL7 clusters do not support promotable clones.
13.3. New commands for authenticating nodes in a cluster
Red Hat Enterprise Linux (RHEL) 8 incorporates the following changes to the commands used to authenticate nodes in a cluster.
-
The new command for authentication is
pcs host auth
. This command allows users to specify host names, addresses andpcsd
ports. -
The
pcs cluster auth
command authenticates only the nodes in a local cluster and does not accept a node list -
It is now possible to specify an address for each node.
pcs
/pcsd
will then communicate with each node using the specified address. These addresses can be different than the onescorosync
uses internally. -
The
pcs pcsd clear-auth
command has been replaced by thepcs pcsd deauth
andpcs host deauth
commands. The new commands allow users to deauthenticate a single host as well as all hosts. -
Previously, node authentication was bidirectional, and running the
pcs cluster auth
command caused all specified nodes to be authenticated against each other. Thepcs host auth
command, however, causes only the local host to be authenticated against the specified nodes. This allows better control of what node is authenticated against what other nodes when running this command. On cluster setup itself, and also when adding a node,pcs
automatically synchronizes tokens on the cluster, so all nodes in the cluster are still automatically authenticated as before and the cluster nodes can communicate with each other.
Note that these changes are not backward compatible. Nodes that were authenticated on a RHEL 7 system will need to be authenticated again.
13.4. LVM volumes in a Red Hat High Availability active/passive cluster
When configuring LVM volumes as resources in a Red Hat HA active/passive cluster in RHEL 8, you configure the volumes as an LVM-activate
resource. In RHEL 7, you configured the volumes as an LVM
resource. For an example of a cluster configuration procedure that includes configuring an LVM volume as a resource in an active/passive cluster in RHEL 8, see Configuring an active/passive Apache HTTP server in a Red Hat High Availability cluster.
13.6. GFS2 file systems in a RHEL 8 Pacemaker cluster
In RHEL 8, LVM uses the LVM lock daemon lvmlockd
instead of clvmd
for managing shared storage devices in an active/active cluster as described in Section 12.3.1, “Removal of clvmd
for managing shared storage devices”.
To use GFS2 file systems that were created on a RHEL 7 system in a RHEL 8 cluster, you must configure the logical volumes on which they are mounted as shared logical volumes in a RHEL 8 system, and you must start locking for the volume group. For an example of the procedure that configures existing RHEL 7 logical volumes as shared logical volumes for use in a RHEL 8 Pacemaker cluster, see Migrating a GFS2 file system from RHEL7 to RHEL8.
Chapter 14. Shells and command-line tools
14.1. Localization is distributed in multiple packages
In RHEL 8, locales and translations are no longer provided by the single glibc-common
package. Instead, every locale and language is available in a glibc-langpack-CODE
package. Additionally, not all locales are installed by default, only these selected in the installer. Users must install all further locale packages that they need separately.
The meta-packages which install extra add-on packages containing translations, dictionaries and locales for every package installed on the system are called langpacks.
For more information see Using langpacks.
14.2. Removed support for all-numeric user and group names
In Red Hat Enterprise Linux (RHEL) 8, the useradd
and groupadd
commands does not allow you to use user and group names consisting purely of numeric characters. The reason for not allowing such names is that this can confuse tools that work with user and group names and user and group ids, which are numbers.
See more information about Adding a new user from the command line.
14.3. The nobody user replaces nfsnobody
Red Hat Enterprise Linux (RHEL) 7 used the nobody
user and group pair with the ID of 99 and the nfsnobody
user and group pair with the ID of 65534, which is also the default kernel overflow ID.
In RHEL 8, both of these pair have been merged into the nobody
user and group pair, which uses the ID of 65534. The nfsnobody
pair is not created in RHEL 8.
This change reduces the confusion about files that are owned by nobody
but are not related to NFS.
14.4. Version control systems
RHEL 8 provides the following version control systems:
-
Git 2.18
, a distributed revision control system with a decentralized architecture. -
Mercurial 4.8
, a lightweight distributed version control system, designed for efficient handling of large projects. -
Subversion 1.10
, a centralized version control system.
Note that the Concurrent Versions System (CVS) and Revision Control System (RCS), available in RHEL 7, are not distributed with RHEL 8.
14.4.1. Notable changes in Subversion 1.10
Subversion 1.10
introduces a number of new features since the version 1.7 distributed in RHEL 7, as well as the following compatibility changes:
-
Due to incompatibilities in the
Subversion
libraries used for supporting language bindings,Python 3
bindings forSubversion 1.10
are unavailable. As a consequence, applications that requirePython
bindings forSubversion
are unsupported. -
Repositories based on
Berkeley DB
are no longer supported. Before upgrading, back up repositories created withSubversion 1.7
by using thesvnadmin dump
command. After installing RHEL 8, restore the repositories using thesvnadmin load
command. -
Existing working copies checked out by the
Subversion 1.7
client in RHEL 7 must be upgraded to the new format before they can be used fromSubversion 1.10
. After installing RHEL 8, run thesvn upgrade
command in each working copy. -
Smartcard authentication for accessing repositories using
https://
is no longer supported.
14.5. Packages moved from crontab entries to systemd timer
The packages used in crontab
entries now use systemd
timers. Run the following commands to find packages with systemd
timer entries:
$ repoquery --qf %{name} -f '/usr/lib/systemd/system/*.timer'
$ repoquery --qf %{name} -f '/etc/cron./'
Chapter 15. Dynamic programming languages, web servers, database servers
15.1. Dynamic programming languages
15.1.1. Notable changes in Python
15.1.1.1. Python 3
is the default Python
implementation in RHEL 8
Red Hat Enterprise Linux 8 is distributed with several versions of Python 3
. Python 3.6
is going to be supported for the whole life cycle of RHEL 8. The respective package might not be installed by default.
Python 2.7
is available in the python2
package. However, Python 2
will have a shorter life cycle and its aim is to facilitate a smoother transition to Python 3
for customers.
For details, see Python versions.
Neither the default python
package nor the unversioned /usr/bin/python
executable is distributed with RHEL 8. Customers are advised to use python3
or python2
directly. Alternatively, administrators can configure the unversioned python
command using the alternatives
command. See Configuring the unversioned Python.
Additional resources
15.1.1.2. Migrating from Python 2 to Python 3
As a developer, you may want to migrate your former code that is written in Python 2 to Python 3.
For more information about how to migrate large code bases to Python 3, see The Conservative Python 3 Porting Guide.
Note that after this migration, the original Python 2 code becomes interpretable by the Python 3 interpreter and stays interpretable for the Python 2 interpreter as well.
15.1.1.3. Configuring the unversioned Python
System administrators can configure the unversioned python
command, located at /usr/bin/python
, using the alternatives
command. Note that the required package, python3
, python38
, python39
, python3.11
, python3.12
, or python2
, must be installed before configuring the unversioned command to the respective version.
The /usr/bin/python
executable is controlled by the alternatives
system. Any manual changes may be overwritten upon an update.
Additional Python-related commands, such as pip3
, do not have configurable unversioned variants.
15.1.1.3.1. Configuring the unversioned python command directly
You can configure the unversioned python
command directly to a selected version of Python.
Prerequisites
- Ensure that the required version of Python is installed.
Procedure
To configure the unversioned
python
command to Python 3.6, use:# alternatives --set python /usr/bin/python3
To configure the unversioned
python
command to Python 3.8, use:# alternatives --set python /usr/bin/python3.8
To configure the unversioned
python
command to Python 3.9, use:# alternatives --set python /usr/bin/python3.9
To configure the unversioned
python
command to Python 3.11, use:# alternatives --set python /usr/bin/python3.11
To configure the unversioned
python
command to Python 3.12, use:# alternatives --set python /usr/bin/python3.12
To configure the unversioned
python
command to Python 2, use:# alternatives --set python /usr/bin/python2
15.1.1.3.2. Configuring the unversioned python command to the required Python version interactively
You can configure the unversioned python
command to the required Python version interactively.
Prerequisites
- Ensure that the required version of Python is installed.
Procedure
To configure the unversioned
python
command interactively, use:# alternatives --config python
- Select the required version from the provided list.
To reset this configuration and remove the unversioned
python
command, use:# alternatives --auto python
15.1.1.3.3. Additional resources
-
alternatives(8)
andunversioned-python(1)
man pages on your system
15.1.1.4. Handling interpreter directives in Python scripts
In Red Hat Enterprise Linux 8, executable Python scripts are expected to use interpreter directives (also known as hashbangs or shebangs) that explicitly specify at a minimum the major Python version. For example:
#!/usr/bin/python3 #!/usr/bin/python3.6 #!/usr/bin/python3.8 #!/usr/bin/python3.9 #!/usr/bin/python3.11 #!/usr/bin/python3.12 #!/usr/bin/python2
The /usr/lib/rpm/redhat/brp-mangle-shebangs
buildroot policy (BRP) script is run automatically when building any RPM package, and attempts to correct interpreter directives in all executable files.
The BRP script generates errors when encountering a Python script with an ambiguous interpreter directive, such as:
#!/usr/bin/python
or
#!/usr/bin/env python
15.1.1.4.1. Modifying interpreter directives in Python scripts
Modify interpreter directives in the Python scripts that cause the build errors at RPM build time.
Prerequisites
- Some of the interpreter directives in your Python scripts cause a build error.
Procedure
To modify interpreter directives, complete one of the following tasks:
Apply the
pathfix.py
script from theplatform-python-devel
package:# pathfix.py -pn -i %{__python3} PATH …
Note that multiple
PATHs
can be specified. If aPATH
is a directory,pathfix.py
recursively scans for any Python scripts matching the pattern^[a-zA-Z0-9_]+\.py$
, not only those with an ambiguous interpreter directive. Add this command to the%prep
section or at the end of the%install
section.-
Modify the packaged Python scripts so that they conform to the expected format. For this purpose,
pathfix.py
can be used outside the RPM build process, too. When runningpathfix.py
outside an RPM build, replace%{__python3}
from the example above with a path for the interpreter directive, such as/usr/bin/python3
.
If the packaged Python scripts require a version other than Python 3.6, adjust the preceding commands to include the required version.
15.1.1.4.2. Changing /usr/bin/python3 interpreter directives in your custom packages
By default, interpreter directives in the form of /usr/bin/python3
are replaced with interpreter directives pointing to Python from the platform-python
package, which is used for system tools with Red Hat Enterprise Linux. You can change the /usr/bin/python3
interpreter directives in your custom packages to point to a specific version of Python that you have installed from the AppStream repository.
Procedure
To build your package for a specific version of Python, add the
python*-rpm-macros
subpackage of the respectivepython
package to the BuildRequires section of thespec
file. For example, for Python 3.6, include the following line:BuildRequires: python36-rpm-macros
As a result, the
/usr/bin/python3
interpreter directives in your custom package are automatically converted to/usr/bin/python3.6
.
To prevent the BRP script from checking and modifying interpreter directives, use the following RPM directive:
%undefine __brp_mangle_shebangs
15.1.1.5. Python
binding of the net-snmp
package is unavailable
The Net-SNMP
suite of tools does not provide binding for Python 3
, which is the default Python
implementation in RHEL 8. Consequently, python-net-snmp
, python2-net-snmp
, or python3-net-snmp
packages are unavailable in RHEL 8.
15.1.2. Notable changes in PHP
Red Hat Enterprise Linux 8 is distributed with PHP 7.2
. This version introduces the following major changes over PHP 5.4
, which is available in RHEL 7:
-
PHP
uses FastCGI Process Manager (FPM) by default (safe for use with a threadedhttpd
) -
The
php_value
andphp-flag
variables should no longer be used in thehttpd
configuration files; they should be set in pool configuration instead:/etc/php-fpm.d/*.conf
-
PHP
script errors and warnings are logged to the/var/log/php-fpm/www-error.log
file instead of/var/log/httpd/error.log
-
When changing the PHP
max_execution_time
configuration variable, thehttpd
ProxyTimeout
setting should be increased to match -
The user running
PHP
scripts is now configured in the FPM pool configuration (the/etc/php-fpm.d/www.conf
file; theapache
user is the default) -
The
php-fpm
service needs to be restarted after a configuration change or after a new extension is installed -
The
zip
extension has been moved from thephp-common
package to a separate package,php-pecl-zip
The following extensions have been removed:
-
aspell
-
mysql
(note that themysqli
andpdo_mysql
extensions are still available, provided byphp-mysqlnd
package) -
memcache
15.1.3. Notable changes in Perl
Perl 5.26
, distributed with RHEL 8, introduces the following changes over the version available in RHEL 7:
-
Unicode 9.0
is now supported. -
New
op-entry
,loading-file
, andloaded-file
SystemTap
probes are provided. - Copy-on-write mechanism is used when assigning scalars for improved performance.
-
The
IO::Socket::IP
module for handling IPv4 and IPv6 sockets transparently has been added. -
The
Config::Perl::V
module to accessperl -V
data in a structured way has been added. -
A new
perl-App-cpanminus
package has been added, which contains thecpanm
utility for getting, extracting, building, and installing modules from the Comprehensive Perl Archive Network (CPAN) repository. -
The current directory
.
has been removed from the@INC
module search path for security reasons. -
The
do
statement now returns a deprecation warning when it fails to load a file because of the behavioral change described above. -
The
do subroutine(LIST)
call is no longer supported and results in a syntax error. -
Hashes are randomized by default now. The order in which keys and values are returned from a hash changes on each
perl
run. To disable the randomization, set thePERL_PERTURB_KEYS
environment variable to0
. -
Unescaped literal
{
characters in regular expression patterns are no longer permissible. -
Lexical scope support for the
$_
variable has been removed. -
Using the
defined
operator on an array or a hash results in a fatal error. -
Importing functions from the
UNIVERSAL
module results in a fatal error. -
The
find2perl
,s2p
,a2p
,c2ph
, andpstruct
tools have been removed. -
The
${^ENCODING}
facility has been removed. Theencoding
pragma’s default mode is no longer supported. To write source code in other encoding thanUTF-8
, use the encoding’sFilter
option. -
The
perl
packaging is now aligned with upstream. Theperl
package installs also core modules and is suitable for development. On production systems, use theperl-interpreter
package, which contains the main/usr/bin/perl
interpreter. In previous releases, theperl
package included just a minimal interpreter, whereas theperl-core
package included both the interpreter and the core modules. -
The
IO::Socket::SSL
Perl module no longer loads a certificate authority certificate from the./certs/my-ca.pem
file or the./ca
directory, a server private key from the./certs/server-key.pem
file, a server certificate from the./certs/server-cert.pem
file, a client private key from the./certs/client-key.pem
file, and a client certificate from the./certs/client-cert.pem
file. Specify the paths to the files explicitly instead.
15.1.4. Notable changes in Ruby
RHEL 8 provides Ruby 2.5
, which introduces numerous new features and enhancements over Ruby 2.0.0
available in RHEL 7. Notable changes include:
- Incremental garbage collector has been added.
-
The
Refinements
syntax has been added. - Symbols are now garbage collected.
-
The
$SAFE=2
and$SAFE=3
safe levels are now obsolete. -
The
Fixnum
andBignum
classes have been unified into theInteger
class. -
Performance has been improved by optimizing the
Hash
class, improved access to instance variables, and theMutex
class being smaller and faster. - Certain old APIs have been deprecated.
-
Bundled libraries, such as
RubyGems
,Rake
,RDoc
,Psych
,Minitest
, andtest-unit
, have been updated. -
Other libraries, such as
mathn
,DL
,ext/tk
, andXMLRPC
, which were previously distributed withRuby
, are deprecated or no longer included. -
The
SemVer
versioning scheme is now used forRuby
versioning.
15.1.5. Notable changes in SWIG
RHEL 8 includes the Simplified Wrapper and Interface Generator (SWIG) version 3.0, which provides numerous new features, enhancements, and bug fixes over the version 2.0 distributed in RHEL 7. Most notably, support for the C++11 standard has been implemented. SWIG
now supports also Go 1.6
, PHP 7
, Octave 4.2
, and Python 3.5
.
15.1.6. Node.js
new in RHEL
Node.js
, a software development platform for building fast and scalable network applications in the JavaScript programming language, is provided for the first time in RHEL. It was previously available only as a Software Collection. RHEL 8 provides Node.js 10
.
15.2. Tcl
Tool command language (Tcl) is a dynamic programming language. The interpreter for this language, together with the C library, is provided by the tcl
package.
Using Tcl paired with Tk (Tcl/Tk) enables creating cross-platform GUI applications. Tk is provided by the tk
package.
Note that Tk can refer to any of the following:
- A programming toolkit for multiple languages
- A Tk C library bindings available for multiple languages, such as C, Ruby, Perl and Python
- A wish interpreter that instantiates a Tk console
- A Tk extension that adds a number of new commands to a particular Tcl interpreter
15.2.1. Notable changes in Tcl/Tk 8.6
RHEL 8 is distributed with Tcl/Tk version 8.6, which provides multiple notable changes over Tcl/Tk version 8.5:
- Object-oriented programming support
- Stackless evaluation implementation
- Enhanced exceptions handling
- Collection of third-party packages built and installed with Tcl
- Multi-thread operations enabled
- SQL database-powered scripts support
- IPv6 networking support
- Built-in Zlib compression
List processing
Two new commands,
lmap
anddict map
are available, which allow the expression of transformations over Tcl containers.Stacked channels by script
Two new commands,
chan push
andchan pop
are available, which allow to add or remove transformations to or from I/O channels.
For more detailed information about Tcl/Tk version 8.6 changes and new feaures, see the following resources:
If you need to migrate to Tcl/Tk 8.6, see Migration path for users scripting their tasks with Tcl/Tk.
15.3. Web servers
15.3.1. Notable changes in the Apache HTTP Server
The Apache HTTP Server has been updated from version 2.4.6 in RHEL 7 to version 2.4.37 in RHEL 8. This updated version includes several new features, but maintains backwards compatibility with the RHEL 7 version at the level of configuration and Application Binary Interface (ABI) of external modules.
New features include:
-
HTTP/2
support is now provided by themod_http2
package, which is a part of thehttpd
module. -
systemd socket activation is supported. See
httpd.socket(8)
man page for more details.
Multiple new modules have been added:
-
mod_proxy_hcheck
- a proxy health-check module -
mod_proxy_uwsgi
- a Web Server Gateway Interface (WSGI) proxy -
mod_proxy_fdpass
- provides support for the passing the socket of the client to another process -
mod_cache_socache
- an HTTP cache using, for example, memcache backend -
mod_md
- an ACME protocol SSL/TLS certificate service
-
The following modules now load by default:
-
mod_request
-
mod_macro
-
mod_watchdog
-
-
A new subpackage,
httpd-filesystem
, has been added, which contains the basic directory layout for the Apache HTTP Server including the correct permissions for the directories. -
Instantiated service support,
httpd@.service
has been introduced. See thehttpd.service
man page for more information.
-
A new
httpd-init.service
replaces the%post script
to create a self-signedmod_ssl
key pair.
-
Automated TLS certificate provisioning and renewal using the Automatic Certificate Management Environment (ACME) protocol is now supported with the
mod_md
package (for use with certificate providers such asLet’s Encrypt
). -
The Apache HTTP Server now supports loading TLS certificates and private keys from hardware security tokens directly from
PKCS#11
modules. As a result, amod_ssl
configuration can now usePKCS#11
URLs to identify the TLS private key, and, optionally, the TLS certificate in theSSLCertificateKeyFile
andSSLCertificateFile
directives. A new
ListenFree
directive in the/etc/httpd/conf/httpd.conf
file is now supported.Similarly to the
Listen
directive,ListenFree
provides information about IP addresses, ports, or IP address-and-port combinations that the server listens to. However, withListenFree
, theIP_FREEBIND
socket option is enabled by default. Hence,httpd
is allowed to bind to a nonlocal IP address or to an IP address that does not exist yet. This allowshttpd
to listen on a socket without requiring the underlying network interface or the specified dynamic IP address to be up at the time whenhttpd
is trying to bind to it.Note that the
ListenFree
directive is currently available only in RHEL 8.For more details on
ListenFree
, see the following table:Table 15.1. ListenFree directive’s syntax, status, and modules Syntax Status Modules ListenFree [IP-address:]portnumber [protocol]
MPM
event, worker, prefork, mpm_winnt, mpm_netware, mpmt_os2
Other notable changes include:
The following modules have been removed:
-
mod_file_cache
mod_nss
Use
mod_ssl
as a replacement. For details about migrating frommod_nss
, see the Exporting a private key and certificates from an NSS database to use them in an Apache web server configuration section in theDeploying different types of servers
documentation.-
mod_perl
-
-
The default type of the DBM authentication database used by the Apache HTTP Server in RHEL 8 has been changed from
SDBM
todb5
. -
The
mod_wsgi
module for the Apache HTTP Server has been updated to Python 3. WSGI applications are now supported only with Python 3, and must be migrated from Python 2. The multi-processing module (MPM) configured by default with the Apache HTTP Server has changed from a multi-process, forked model (known as
prefork
) to a high-performance multi-threaded model,event
.Any third-party modules that are not thread-safe need to be replaced or removed. To change the configured MPM, edit the
/etc/httpd/conf.modules.d/00-mpm.conf
file. See thehttpd.service(8)
man page for more information.- The minimum UID and GID allowed for users by suEXEC are now 1000 and 500, respectively (previously 100 and 100).
-
The
/etc/sysconfig/httpd
file is no longer a supported interface for setting environment variables for thehttpd
service. Thehttpd.service(8)
man page has been added for the systemd service. -
Stopping the
httpd
service now uses a “graceful stop” by default. -
The
mod_auth_kerb
module has been replaced by themod_auth_gssapi
module.
For instructions on deploying, see Setting up the Apache HTTP web server.
15.3.2. The nginx
web server new in RHEL
RHEL 8 introduces nginx 1.14
, a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. nginx
was previously available only as a Software Collection.
The nginx
web server now supports loading TLS private keys from hardware security tokens directly from PKCS#11
modules. As a result, an nginx
configuration can use PKCS#11
URLs to identify the TLS private key in the ssl_certificate_key
directive.
15.3.3. Apache Tomcat removed in RHEL 8.0, reintroduced in RHEL 8.8
The Apache Tomcat server was removed from Red Hat Enterprise Linux 8.0 and reintroduced in RHEL 8.8. Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0.
Users of earlier minor versions than RHEL 8.8 who require a servlet container can use the JBoss Web Server.
15.4. Proxy caching servers
15.4.1. Varnish Cache
new in RHEL
Varnish Cache
, a high-performance HTTP reverse proxy, is provided for the first time in RHEL. It was previously available only as a Software Collection. Varnish Cache
stores files or fragments of files in memory that are used to reduce the response time and network bandwidth consumption on future equivalent requests. RHEL 8.0 is distributed with Varnish Cache 6.0
.
15.4.2. Notable changes in Squid
RHEL 8.0 is distributed with Squid 4.4
, a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. This release provides numerous new features, enhancements, and bug fixes over the version 3.5 available in RHEL 7.
Notable changes include:
- Configurable helper queue size
- Changes to helper concurrency channels
- Changes to the helper binary
- Secure Internet Content Adaptation Protocol (ICAP)
- Improved support for Symmetric Multi Processing (SMP)
- Improved process management
- Removed support for SSL
- Removed Edge Side Includes (ESI) custom parser
- Multiple configuration changes
15.5. Database servers
RHEL 8 provides the following database servers:
-
MySQL 8.0
, a multi-user, multi-threaded SQL database server. It consists of theMySQL
server daemon,mysqld
, and many client programs. -
MariaDB 10.3
, a multi-user, multi-threaded SQL database server. For all practical purposes,MariaDB
is binary-compatible withMySQL
. -
PostgreSQL 10
andPostgreSQL 9.6
, an advanced object-relational database management system (DBMS). -
Redis 5
, an advanced key-value store. It is often referred to as a data structure server because keys can contain strings, hashes, lists, sets, and sorted sets.Redis
is provided for the first time in RHEL.
Note that the NoSQL MongoDB
database server is not included in RHEL 8.0 because it uses the Server Side Public License (SSPL).
Database servers are not installable in parallel
The mariadb
and mysql
modules cannot be installed in parallel in RHEL 8.0 due to conflicting RPM packages.
By design, it is impossible to install more than one version (stream) of the same module in parallel. For example, you need to choose only one of the available streams from the postgresql
module, either 10
(default) or 9.6
. Parallel installation of components is possible in Red Hat Software Collections for RHEL 6 and RHEL 7. In RHEL 8, different versions of database servers can be used in containers.
15.5.1. Notable changes in MariaDB 10.3
MariaDB 10.3
provides numerous new features over the version 5.5 distributed in RHEL 7, such as:
- Common table expressions
- System-versioned tables
-
FOR
loops - Invisible columns
- Sequences
-
Instant
ADD COLUMN
forInnoDB
- Storage-engine independent column compression
- Parallel replication
- Multi-source replication
In addition, the new mariadb-connector-c
packages provide a common client library for MySQL
and MariaDB
. This library is usable with any version of the MySQL
and MariaDB
database servers. As a result, the user is able to connect one build of an application to any of the MySQL
and MariaDB
servers distributed with RHEL 8.
Other notable changes include:
-
MariaDB Galera Cluster
, a synchronous multi-source cluster, is now a standard part ofMariaDB
. -
InnoDB
is used as the default storage engine instead ofXtraDB
. - The mariadb-bench subpackage has been removed.
- The default allowed level of the plug-in maturity has been changed to one level less than the server maturity. As a result, plug-ins with a lower maturity level that were previously working, will no longer load.
15.5.2. Notable changes in MySQL 8.0
RHEL 8 is distributed with MySQL 8.0
, which provides, for example, the following enhancements:
-
MySQL
now incorporates a transactional data dictionary, which stores information about database objects. -
MySQL
now supports roles, which are collections of privileges. -
The default character set has been changed from
latin1
toutf8mb4
. - Support for common table expressions, both nonrecursive and recursive, has been added.
-
MySQL
now supports window functions, which perform a calculation for each row from a query, using related rows. -
InnoDB
now supports theNOWAIT
andSKIP LOCKED
options with locking read statements. - GIS-related functions have been improved.
- JSON functionality has been enhanced.
-
The new
mariadb-connector-c
packages provide a common client library forMySQL
andMariaDB
. This library is usable with any version of theMySQL
andMariaDB
database servers. As a result, the user is able to connect one build of an application to any of theMySQL
andMariaDB
servers distributed with RHEL 8.
In addition, the MySQL 8.0
server distributed with RHEL 8 is configured to use mysql_native_password
as the default authentication plug-in because client tools and libraries in RHEL 8 are incompatible with the caching_sha2_password
method, which is used by default in the upstream MySQL 8.0
version.
To change the default authentication plug-in to caching_sha2_password
, edit the /etc/my.cnf.d/mysql-default-authentication-plugin.cnf
file as follows:
[mysqld] default_authentication_plugin=caching_sha2_password
15.5.3. Notable changes in PostgreSQL
RHEL 8.0 provides two versions of the PostgreSQL
database server, distributed in two streams of the postgresql
module: PostgreSQL 10
(the default stream) and PostgreSQL 9.6
. RHEL 7 includes PostgreSQL
version 9.2.
Notable changes in PostgreSQL 9.6
are, for example:
-
Parallel execution of the sequential operations:
scan
,join
, andaggregate
- Enhancements to synchronous replication
- Improved full-text search enabling users to search for phrases
-
The
postgres_fdw
data federation driver now supports remotejoin
,sort
,UPDATE
, andDELETE
operations - Substantial performance improvements, especially regarding scalability on multi-CPU-socket servers
Major enhancements in PostgreSQL 10
include:
-
Logical replication using the
publish
andsubscribe
keywords -
Stronger password authentication based on the
SCRAM-SHA-256
mechanism - Declarative table partitioning
- Improved query parallelism
- Significant general performance improvements
- Improved monitoring and control
Chapter 16. Compilers and development tools
16.1. Changes in toolchain since RHEL 7
The following sections list changes in toolchain since the release of the described components in Red Hat Enterprise Linux 7. See also Release notes for Red Hat Enterprise Linux 8.0.
16.1.1. Changes in GCC in RHEL 8
In Red Hat Enterprise Linux 8, the GCC toolchain is based on the GCC 8.2 release series. Notable changes since Red Hat Enterprise Linux 7 include:
- Numerous general optimizations have been added, such as alias analysis, vectorizer improvements, identical code folding, inter-procedural analysis, store merging optimization pass, and others.
- The Address Sanitizer has been improved.
- The Leak Sanitizer for detection of memory leaks has been added.
- The Undefined Behavior Sanitizer for detection of undefined behavior has been added.
- Debug information can now be produced in the DWARF5 format. This capability is experimental.
- The source code coverage analysis tool GCOV has been extended with various improvements.
- Support for the OpenMP 4.5 specification has been added. Additionally, the offloading features of the OpenMP 4.0 specification are now supported by the C, C++, and Fortran compilers.
- New warnings and improved diagnostics have been added for static detection of certain likely programming errors.
- Source locations are now tracked as ranges rather than points, which allows much richer diagnostics. The compiler now offers “fix-it” hints, suggesting possible code modifications. A spell checker has been added to offer alternative names and ease detecting typos.
Security
GCC has been extended to provide tools to ensure additional hardening of the generated code. Improvements related to security include:
-
The
__builtin_add_overflow
,__builtin_sub_overflow
, and__builtin_mul_overflow
built-in functions for arithmetics with overflow checking have been added. -
The
-fstack-clash-protection
option has been added to generate additional code guarding against stack clash. -
The
-fcf-protection
option was introduced to check target addresses of control-flow instructions for increased program security. -
The new
-Wstringop-truncation
warning option lists calls to bounded string manipulation functions such asstrncat
,strncpy
, orstpncpy
that might truncate the copied string or leave the destination unchanged. -
The
-Warray-bounds
warning option has been improved to detect out-of-bounds array indices and pointer offsets better. -
The
-Wclass-memaccess
warning option has been added to warn about potentially unsafe manipulation of objects of non-trivial class types by raw memory access functions such asmemcpy
orrealloc
.
Architecture and processor support
Improvements to architecture and processor support include:
- Multiple new architecture-specific options for the Intel AVX-512 architecture, a number of its microarchitectures, and Intel Software Guard Extensions (SGX) have been added.
- Code generation can now target the 64-bit ARM architecture LSE extensions, ARMv8.2-A 16-bit Floating-Point Extensions (FPE), and ARMv8.2-A, ARMv8.3-A, and ARMv8.4-A architecture versions.
-
Handling of the
-march=native
option on the ARM and 64-bit ARM architectures has been fixed. - Support for the z13 and z14 processors of the 64-bit IBM Z architecture has been added.
Languages and standards
Notable changes related to languages and standards include:
- The default standard used when compiling code in the C language has changed to C17 with GNU extensions.
- The default standard used when compiling code in the C++ language has changed to C++14 with GNU extensions.
- The C++ runtime library now supports the C++11 and C++14 standards.
-
The C++ compiler now implements the C++14 standard with many new features such as variable templates, aggregates with non-static data member initializers, the extended
constexpr
specifier, sized deallocation functions, generic lambdas, variable-length arrays, digit separators, and others. - Support for the C language standard C11 has been improved: ISO C11 atomics, generic selections, and thread-local storage are now available.
-
The new
__auto_type
GNU C extension provides a subset of the functionality of C++11auto
keyword in the C language. -
The
_FloatN
and_FloatNx
type names specified by the ISO/IEC TS 18661-3:2015 standard are now recognized by the C front end. -
The default standard used when compiling code in the C language has changed to C17 with GNU extensions. This has the same effect as using the
--std=gnu17
option. Previously, the default was C89 with GNU extensions. - GCC can now experimentally compile code using the C++17 language standard and certain features from the C++20 standard.
- Passing an empty class as an argument now takes up no space on the Intel 64 and AMD64 architectures, as required by the platform ABI. Passing or returning a class with only deleted copy and move constructors now uses the same calling convention as a class with a non-trivial copy or move constructor.
-
The value returned by the C++11
alignof
operator has been corrected to match the C_Alignof
operator and return minimum alignment. To find the preferred alignment, use the GNU extension__alignof__
. -
The main version of the
libgfortran
library for Fortran language code has been changed to 5. - Support for the Ada (GNAT), GCC Go, and Objective C/C++ languages has been removed. Use the Go Toolset for Go code development.
Additional resources
16.1.2. Security enhancements in GCC in RHEL 8
This following are changes in GCC related to security and added since the release of Red Hat Enterprise Linux 7.0.
New warnings
These warning options have been added:
Option | Displays warnings for |
---|---|
|
Calls to bounded string manipulation functions such as |
|
Objects of non-trivial class types manipulated in potentially unsafe ways by raw memory functions such as The warning helps detect calls that bypass user-defined constructors or copy-assignment operators, corrupt virtual table pointers, data members of const-qualified types or references, or member pointers. The warning also detects calls that would bypass access controls to data members. |
| Places where the indentation of the code gives a misleading idea of the block structure of the code to a human reader. |
|
Calls to memory allocation functions where the amount of memory to allocate exceeds size. Works also with functions where the allocation is specified by multiplying two parameters and with any functions decorated with attribute |
|
Calls to memory allocation functions that attempt to allocate zero amount of memory. Works also with functions where the allocation is specified by multiplying two parameters and with any functions decorated with attribute |
|
All calls to the |
|
Calls to the |
| Definitions of Variable Length Arrays (VLA) that can either exceed the specified size or whose bound is not known to be sufficiently constrained. |
|
Both certain and likely buffer overflow in calls to the |
|
Both certain and likely output truncation in calls to the |
|
Buffer overflow in calls to string handling functions such as |
Warning improvements
These GCC warnings have been improved:
-
The
-Warray-bounds
option has been improved to detect more instances of out-of-bounds array indices and pointer offsets. For example, negative or excessive indices into flexible array members and string literals are detected. -
The
-Wrestrict
option introduced in GCC 7 has been enhanced to detect many more instances of overlapping accesses to objects via restrict-qualified arguments to standard memory and string manipulation functions such asmemcpy
andstrcpy
. -
The
-Wnonnull
option has been enhanced to detect a broader set of cases of passing null pointers to functions that expect a non-null argument (decorated with attributenonnull
).
New UndefinedBehaviorSanitizer
A new run-time sanitizer for detecting undefined behavior called UndefinedBehaviorSanitizer has been added. The following options are noteworthy:
Option | Check |
---|---|
| Detect floating-point division by zero. |
| Check that the result of floating-point type to integer conversions do not overflow. |
| Enable instrumentation of array bounds and detect out-of-bounds accesses. |
| Enable alignment checking and detect various misaligned objects. |
| Enable object size checking and detect various out-of-bounds accesses. |
| Enable checking of C++ member function calls, member accesses, and some conversions between pointers to base and derived classes. Additionally, detect when referenced objects do not have correct dynamic type. |
|
Enable strict checking of array bounds. This enables |
| Diagnose arithmetic overflows even on arithmetic operations with generic vectors. |
|
Diagnose at run time invalid arguments to |
|
Perform cheap run-time tests for pointer wrapping. Includes checks from |
New options for AddressSanitizer
These options have been added to AddressSanitizer:
Option | Check |
---|---|
| Warn about comparison of pointers that point to a different memory object. |
| Warn about subtraction of pointers that point to a different memory object. |
| Sanitize variables whose address is taken and used after a scope where the variable is defined. |
Other sanitizers and instrumentation
-
The option
-fstack-clash-protection
has been added to insert probes when stack space is allocated statically or dynamically to reliably detect stack overflows and thus mitigate the attack vector that relies on jumping over a stack guard page provided by the operating system. -
A new option
-fcf-protection=[full|branch|return|none]
has been added to perform code instrumentation and increase program security by checking that target addresses of control-flow transfer instructions (such as indirect function call, function return, indirect jump) are valid.
Additional resources
For more details and explanation of the values supplied to some of the options above, see the gcc(1) manual page:
$ man gcc
16.1.3. Compatibility-breaking changes in GCC in RHEL 8
C++ ABI change in std::string
and std::list
The Application Binary Interface (ABI) of the std::string
and std::list
classes from the libstdc++
library changed between RHEL 7 (GCC 4.8) and RHEL 8 (GCC 8) to conform to the C++11 standard. The libstdc++
library supports both the old and new ABI, but some other C++ system libraries do not. As a consequence, applications that dynamically link against these libraries will need to be rebuilt. This affects all C++ standard modes, including C++98. It also affects applications built with Red Hat Developer Toolset compilers for RHEL 7, which kept the old ABI to maintain compatibility with the system libraries.
GCC no longer builds Ada, Go, and Objective C/C++ code
Capability for building code in the Ada (GNAT), GCC Go, and Objective C/C++ languages has been removed from the GCC compiler.
To build Go code, use the Go Toolset instead.
16.2. Compiler toolsets
RHEL 8 provides the following compiler toolsets as Application Streams:
- LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis.
-
Rust Toolset provides the Rust programming language compiler
rustc
, thecargo
build tool and dependency manager, thecargo-vendor
plugin, and required libraries. -
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as
golang
.
For more details and information about usage, see the compiler toolsets user guides on the Red Hat Developer Tools page.
16.3. Java implementations and Java tools in RHEL 8
The RHEL 8 AppStream repository includes:
-
The
java-11-openjdk
packages, which provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. -
The
java-1.8.0-openjdk
packages, which provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. -
The
icedtea-web
packages, which provide an implementation of Java Web Start. -
The
ant
module, providing a Java library and command-line tool for compiling, assembling, testing, and running Java applications.Ant
has been updated to version 1.10. -
The
maven
module, providing a software project management and comprehension tool.Maven
was previously available only as a Software Collection or in the unsupported Optional channel. -
The
scala
module, providing a general purpose programming language for the Java platform.Scala
was previously available only as a Software Collection.
In addition, the java-1.8.0-ibm
packages are distributed through the Supplementary repository. Note that packages in this repository are unsupported by Red Hat.
16.4. Compatibility-breaking changes in GDB
The version of GDB provided in Red Hat Enterprise Linux 8 contains a number of changes that break compatibility, especially for cases where the GDB output is read directly from the terminal. The following sections provide more details about these changes.
Parsing output of GDB is not recommended. Prefer scripts using the Python GDB API or the GDB Machine Interface (MI).
GDBserver now starts inferiors with shell
To enable expansion and variable substitution in inferior command line arguments, GDBserver now starts the inferior in a shell, same as GDB.
To disable using the shell:
-
When using the
target extended-remote
GDB command, disable shell with theset startup-with-shell off
command. -
When using the
target remote
GDB command, disable shell with the--no-startup-with-shell
option of GDBserver.
Example 16.1. Example of shell expansion in remote GDB inferiors
This example shows how running the /bin/echo /*
command through GDBserver differs on Red Hat Enterprise Linux versions 7 and 8:
On RHEL 7:
$ gdbserver --multi :1234 $ gdb -batch -ex 'target extended-remote :1234' -ex 'set remote exec-file /bin/echo' -ex 'file /bin/echo' -ex 'run /*' /*
On RHEL 8:
$ gdbserver --multi :1234 $ gdb -batch -ex 'target extended-remote :1234' -ex 'set remote exec-file /bin/echo' -ex 'file /bin/echo' -ex 'run /*' /bin /boot (...) /tmp /usr /var
gcj
support removed
Support for debugging Java programs compiled with the GNU Compiler for Java (gcj
) has been removed.
New syntax for symbol dumping maintenance commands
The symbol dumping maintenance commands syntax now includes options before file names. As a result, commands that worked with GDB in RHEL 7 do not work in RHEL 8.
As an example, the following command no longer stores symbols in a file, but produces an error message:
(gdb) maintenance print symbols /tmp/out main.c
The new syntax for the symbol dumping maintenance commands is:
maint print symbols [-pc address] [--] [filename] maint print symbols [-objfile objfile] [-source source] [--] [filename] maint print psymbols [-objfile objfile] [-pc address] [--] [filename] maint print psymbols [-objfile objfile] [-source source] [--] [filename] maint print msymbols [-objfile objfile] [--] [filename]
Thread numbers are no longer global
Previously, GDB used only global thread numbering. The numbering has been extended to be displayed per inferior in the form inferior_num.thread_num
, such as 2.1
. As a consequence, thread numbers in the $_thread
convenience variable and in the InferiorThread.num
Python attribute are no longer unique between inferiors.
GDB now stores a second thread ID per thread, called the global thread ID, which is the new equivalent of thread numbers in previous releases. To access the global thread number, use the $_gthread
convenience variable and InferiorThread.global_num
Python attribute.
For backwards compatibility, the Machine Interface (MI) thread IDs always contains the global IDs.
Example 16.2. Example of GDB thread number changes
On Red Hat Enterprise Linux 7:
# debuginfo-install coreutils $ gdb -batch -ex 'file echo' -ex start -ex 'add-inferior' -ex 'inferior 2' -ex 'file echo' -ex start -ex 'info threads' -ex 'pring $_thread' -ex 'inferior 1' -ex 'pring $_thread' (...) Id Target Id Frame * 2 process 203923 "echo" main (argc=1, argv=0x7fffffffdb88) at src/echo.c:109 1 process 203914 "echo" main (argc=1, argv=0x7fffffffdb88) at src/echo.c:109 $1 = 2 (...) $2 = 1
On Red Hat Enterprise Linux 8:
# dnf debuginfo-install coreutils $ gdb -batch -ex 'file echo' -ex start -ex 'add-inferior' -ex 'inferior 2' -ex 'file echo' -ex start -ex 'info threads' -ex 'pring $_thread' -ex 'inferior 1' -ex 'pring $_thread' (...) Id Target Id Frame 1.1 process 4106488 "echo" main (argc=1, argv=0x7fffffffce58) at ../src/echo.c:109 * 2.1 process 4106494 "echo" main (argc=1, argv=0x7fffffffce58) at ../src/echo.c:109 $1 = 1 (...) $2 = 1
Memory for value contents can be limited
Previously, GDB did not limit the amount of memory allocated for value contents. As a consequence, debugging incorrect programs could cause GDB to allocate too much memory. The max-value-size
setting has been added to enable limiting the amount of allocated memory. The default value of this limit is 64 KiB. As a result, GDB in Red Hat Enterprise Linux 8 will not display too large values, but report that the value is too large instead.
As an example, printing a value defined as char s[128*1024];
produces different results:
-
On Red Hat Enterprise Linux 7,
$1 = 'A' <repeats 131072 times>
-
On Red Hat Enterprise Linux 8,
value requires 131072 bytes, which is more than max-value-size
Sun version of stabs format no longer supported
Support for the Sun version of the stabs
debug file format has been removed. The stabs
format produced by GCC in RHEL with the gcc -gstabs
option is still supported by GDB.
Sysroot handling changes
The set sysroot path
command specifies system root when searching for files needed for debugging. Directory names supplied to this command may now be prefixed with the string target:
to make GDB read the shared libraries from the target system (both local and remote). The formerly available remote:
prefix is now treated as target:
. Additionally, the default system root value has changed from an empty string to target:
for backward compatibility.
The specified system root is prepended to the file name of the main executable, when GDB starts processes remotely, or when it attaches to already running processes (both local and remote). This means that for remote processes, the default value target:
makes GDB always try to load the debugging information from the remote system. To prevent this, run the set sysroot
command before the target remote
command so that local symbol files are found before the remote ones.
HISTSIZE no longer controls GDB command history size
Previously, GDB used the HISTSIZE
environment variable to determine how long command history should be kept. GDB has been changed to use the GDBHISTSIZE
environment variable instead. This variable is specific only to GDB. The possible values and their effects are:
- a positive number - use command history of this size,
-
-1
or an empty string - keep history of all commands, - non-numeric values - ignored.
Completion limiting added
The maximum number of candidates considered during completion can now be limited using the set max-completions
command. To show the current limit, run the show max-completions
command. The default value is 200. This limit prevents GDB from generating excessively large completion lists and becoming unresponsive.
As an example, the output after the input p <tab><tab>
is:
-
on RHEL 7:
Display all 29863 possibilities? (y or n)
-
on RHEL 8:
Display all 200 possibilities? (y or n)
HP-UX XDB compatibility mode removed
The -xdb
option for the HP-UX XDB compatibility mode has been removed from GDB.
Handling signals for threads
Previously, GDB could deliver a signal to the current thread instead of the thread for which the signal was actually sent. This bug has been fixed, and GDB now always passes the signal to the correct thread when resuming execution.
Additionally, the signal
command now always correctly delivers the requested signal to the current thread. If the program is stopped for a signal and the user switched threads, GDB asks for confirmation.
Breakpoint modes always-inserted off and auto merged
The breakpoint always-inserted
setting has been changed. The auto
value and corresponding behavior has been removed. The default value is now off
. Additionally, the off
value now causes GDB to not remove breakpoints from the target until all threads stop.
remotebaud commands no longer supported
The set remotebaud
and show remotebaud
commands are no longer supported. Use the set serial baud
and show serial baud
commands instead.
16.5. Compatibility-breaking changes in compilers and development tools
librtkaio removed
With this update, the librtkaio library has been removed. This library provided high-performance real-time asynchronous I/O access for some files, which was based on Linux kernel Asynchronous I/O support (KAIO).
As a result of the removal:
-
Applications using the
LD_PRELOAD
method to load librtkaio display a warning about a missing library, load the librt library instead and run correctly. -
Applications using the
LD_LIBRARY_PATH
method to load librtkaio load the librt library instead and run correctly, without any warning. -
Applications using the
dlopen()
system call to access librtkaio directly load the librt library instead.
Users of librtkaio have the following options:
- Use the fallback mechanism described above, without any changes to their applications.
- Change code of their applications to use the librt library, which offers a compatible POSIX-compliant API.
- Change code of their applications to use the libaio library, which offers a compatible API.
Both librt and libaio can provide comparable features and performance under specific conditions.
Note that the libaio package has Red Hat compatibility level of 2, while librtk and the removed librtkaio level 1.
For more details, see https://fedoraproject.org/wiki/Changes/GLIBC223_librtkaio_removal
Sun RPC and NIS interfaces removed from glibc
The glibc
library no longer provides Sun RPC and NIS interfaces for new applications. These interfaces are now available only for running legacy applications. Developers must change their applications to use the libtirpc
library instead of Sun RPC and libnsl2
instead of NIS. Applications can benefit from IPv6 support in the replacement libraries.
The nosegneg
libraries for 32-bit Xen have been removed
Previously, the glibc
i686 packages contained an alternative glibc
build, which avoided the use of the thread descriptor segment register with negative offsets (nosegneg
). This alternative build was only used in the 32-bit version of the Xen Project hypervisor without hardware virtualization support, as an optimization to reduce the cost of full paravirtualization. These alternative builds are no longer used and they have been removed.
make
new operator !=
causes a different interpretation of certain existing makefile syntax
The !=
shell assignment operator has been added to GNU make
as an alternative to the $(shell …)
function to increase compatibility with BSD makefiles. As a consequence, variables with name ending in exclamation mark and immediately followed by assignment such as variable!=value
are now interpreted as the shell assignment. To restore the previous behavior, add a space after the exclamation mark, such as variable! =value
.
For more details and differences between the operator and the function, see the GNU make
manual.
Valgrind library for MPI debugging support removed
The libmpiwrap.so
wrapper library for Valgrind provided by the valgrind-openmpi
package has been removed. This library enabled Valgrind to debug programs using the Message Passing Interface (MPI). This library was specific to the Open MPI implementation version in previous versions of Red Hat Enterprise Linux.
Users of libmpiwrap.so
are encouraged to build their own version from upstream sources specific to their MPI implementation and version. Supply these custom-built libraries to Valgrind using the LD_PRELOAD
technique.
Development headers and static libraries removed from valgrind-devel
Previously, the valgrind-devel
sub-package used to include development files for developing custom valgrind tools. This update removes these files because they do not have a guaranteed API, have to be linked statically, and are unsupported. The valgrind-devel
package still does contain the development files for valgrind-aware programs and header files such as valgrind.h
, callgrind.h
, drd.h
, helgrind.h
, and memcheck.h
, which are stable and well-supported.
Chapter 17. Identity Management
17.1. Identity Management packages are installed as a module
In RHEL 8, the packages necessary for installing an Identity Management (IdM) server and client are distributed as a module. The client
stream is the default stream of the idm
module, and you can download the packages necessary for installing the client without enabling the stream.
The IdM server module stream is called DL1
and contains multiple profiles that correspond to the different types of IdM servers:
-
server
: an IdM server without integrated DNS -
dns
: an IdM server with integrated DNS -
adtrust
: an IdM server that has a trust agreement with Active Directory -
client
: an IdM client
To download the packages in a specific profile of the DL1
stream:
Enable the stream:
# yum module enable idm:DL1
Switch to the RPMs delivered through the stream:
# yum distro-sync
Install the selected profile:
# yum module install idm:DL1/profile
Replace profile with one of the specific profiles defined above.
For details, see Installing packages required for an Identity Management server and Packages required to install an Identity Management client.
17.2. Adding a RHEL 9 replica in FIPS mode to an IdM deployment in FIPS mode that was initialized with RHEL 8.6 or earlier fails
The default RHEL 9 FIPS cryptographic policy aiming to comply with FIPS 140-3 does not allow the use of the AES HMAC-SHA1 encryption types' key derivation function as defined by RFC3961, section 5.1.
This constraint does not allow you to add a RHEL 9 IdM replica in FIPS mode to a RHEL 8 IdM environment in FIPS mode in which the first server was installed on a RHEL 8.6 or earlier systems. This is because there are no common encryption types between RHEL 9 and the previous RHEL versions, which commonly use the AES HMAC-SHA1 encryption types but do not use the AES HMAC-SHA2 encryption types.
You can view the encryption type of your IdM master key by entering the following command on the first IdM server in the RHEL 8 deployment:
# kadmin.local getprinc K/M | grep -E '^Key:'
If the string in the output contains the sha1
term, you must enable the use of AES HMAC-SHA1 on the RHEL 9 replica.
We are working on a solution to generate missing AES HMAC-SHA2-encrypted Kerberos keys on RHEL 7 and RHEL 8 servers. This will achieve FIPS 140-3 compliance on the RHEL 9 replica. However, this process cannot be fully automated, because the design of Kerberos key cryptography makes it impossible to convert existing keys to different encryption types. The only way is to ask users to renew their passwords.
17.3. Active Directory users can now administer Identity Management
In Red Hat Enterprise Linux (RHEL) 7, external group membership allows AD users and groups to access IdM resources in a POSIX environment with the help of the System Security Services Daemon (SSSD).
The IdM LDAP server has its own mechanisms to grant access control. RHEL 8 introduces an update that allows adding an ID user override for an AD user as a member of an IdM group. An ID override is a record describing what a specific Active Directory user or group properties should look like within a specific ID view, in this case the Default Trust View. As a consequence of the update, the IdM LDAP server is able to apply access control rules for the IdM group to the AD user.
AD users are now able to use the self service features of IdM UI, for example to upload their SSH keys, or change their personal data. An AD administrator is able to fully administer IdM without having two different accounts and passwords.
Currently, selected features in IdM may still be unavailable to AD users. For example, setting passwords for IdM users as an AD user from the IdM admins
group might fail.
17.4. IdM supports Ansible roles and modules for installation and management
Red Hat Enterprise Linux 8.1 introduces the ansible-freeipa
package, which provides Ansible roles and modules for Identity Management (IdM) deployment and management. You can use Ansible roles to install and uninstall IdM servers, replicas, and clients. You can use Ansible modules to manage IdM groups, topology, and users. There are also example playbooks available.
This update simplifies the installation and configuration of IdM based solutions.
17.5. ansible-freeipa
is available in the AppStream repository with all dependencies
Starting with RHEL 8.6, installing the ansible-freeipa
package automatically installs the ansible-core
package, a more basic version of ansible
, as a dependency. Both ansible-freeipa
and ansible-core
are available in the rhel-9-for-x86_64-appstream-rpms
repository.
ansible-freeipa
in RHEL 8.6 contains all the modules that it contained prior to RHEL 8.6.
Prior to RHEL 8.6, you first had to enable the Ansible repository and install the ansible
package. Only then could you install ansible-freeipa
.
17.6. An alternative to the traditional RHEL ansible-freeipa
repository: Ansible Automation Hub
As of Red Hat Enterprise Linux 8.6, you can download ansible-freeipa
modules from the Ansible Automation Hub (AAH) instead of downloading them from the standard RHEL repository. By using AAH, you can benefit from the faster updates of the ansible-freeipa
modules available in this repository.
In AAH, ansible-freeipa
roles and modules are distributed in the collection format. Note that you need an Ansible Automation Platform (AAP) subscription to access the content on the AAH portal. You also need ansible
version 2.14 or later.
The redhat.rhel_idm
collection has the same content as the traditional ansible-freeipa
package. However, the collection format uses a fully qualified collection name (FQCN) that consists of a namespace and the collection name. For example, the redhat.rhel_idm.ipadnsconfig
module corresponds to the ipadnsconfig
module in ansible-freeipa
provided by a RHEL repository. The combination of a namespace and a collection name ensures that the objects are unique and can be shared without any conflicts.
17.7. Identity Management users can use external identity providers to authenticate to IdM
As of RHEL 8.10, you can associate Identity Management (IdM) users with external identity providers (IdPs) that support the OAuth 2 device authorization flow. Examples of such IdPs include Red Hat build of Keycloak, Azure Entra ID, Github, Google, and Facebook.
If an IdP reference and an associated IdP user ID exist in IdM, you can use them to enable an IdM user to authenticate at the external IdP. After performing authentication and authorization at the external IdP, the IdM user receives a Kerberos ticket with single sign-on capabilities. The user must authenticate with the SSSD version available in RHEL 8.7 or later.
You can also use the idp
ansible-freeipa
module to configure IdP authentication for IdM users.
17.8. Session recording solution for RHEL 8 added
A session recording solution has been added to Red Hat Enterprise Linux 8 (RHEL 8). A new tlog
package and its associated web console session player enable to record and playback the user terminal sessions. The recording can be configured per user or user group via the System Security Services Daemon (SSSD) service. All terminal input and output is captured and stored in a text-based format in a system journal. The input is inactive by default for security reasons not to intercept raw passwords and other sensitive information.
The solution can be used for auditing of user sessions on security-sensitive systems. In the event of a security breach, the recorded sessions can be reviewed as a part of a forensic analysis. The system administrators are now able to configure the session recording locally and view the result from the RHEL 8 web console interface or from the Command-Line Interface using the tlog-play
utility.
17.9. Removed Identity Management functionality
17.9.1. No NTP Server
IdM server role
Because ntpd
has been deprecated in favor of chronyd
in RHEL 8, IdM servers are no longer configured as Network Time Protocol (NTP) servers and are only configured as NTP clients. The RHEL 7 NTP Server
IdM server role has also been deprecated in RHEL 8.
17.9.2. NSS databases not supported in OpenLDAP
The OpenLDAP suite in previous versions of Red Hat Enterprise Linux (RHEL) used the Mozilla Network Security Services (NSS) for cryptographic purposes. With RHEL 8, OpenSSL, which is supported by the OpenLDAP community, replaces NSS. OpenSSL does not support NSS databases for storing certificates and keys. However, it still supports privacy enhanced mail (PEM) files that serve the same purpose.
17.9.3. Selected Python Kerberos packages have been replaced
In Red Hat Enterprise Linux (RHEL) 8, the python-gssapi
package has replaced Python Kerberos packages such as python-krbV
, python-kerberos
, python-requests-kerberos
, and python-urllib2_kerberos
. Notable benefits include:
-
python-gssapi
is easier to use thanpython-kerberos
andpython-krbV
. -
python-gssapi
supports bothpython 2
andpython 3
whereaspython-krbV
does not. -
Additional Kerberos packages,
python-requests-gssapi
andpython-urllib-gssapi
, are currently available in the Extra Packages for Enterprise Linux (EPEL) repository.
The GSSAPI-based packages allow the use of other Generic Security Services API (GSSAPI) mechanisms in addition to Kerberos, such as the NT LAN Manager NTLM
for backward compatibility reasons.
This update improves the maintainability and debuggability of GSSAPI in RHEL 8.
17.10. SSSD
17.10.1. AD GPOs are now enforced by default
In RHEL 8, the default setting for the ad_gpo_access_control
option is enforcing
, which ensures that access control rules based on Active Directory Group Policy Objects (GPOs) are evaluated and enforced.
In contrast, the default for this option in RHEL 7 is permissive
, which evaluates but does not enforce GPO-based access control rules. With permissive
mode, a syslog message is recorded every time a user would be denied access by a GPO, but those users are still allowed to log in.
Red Hat recommends ensuring GPOs are configured correctly in Active Directory before upgrading from RHEL 7 to RHEL 8.
Misconfigured GPOs that do not affect authorization in default RHEL 7 hosts may affect default RHEL 8 hosts.
For more information about GPOs, see Applying Group Policy Object access control in RHEL and the ad_gpo_access_control
entry in the sssd-ad
Manual page.
17.10.2. authselect
replaces authconfig
In RHEL 8, the authselect
utility replaces the authconfig
utility. authselect
comes with a safer approach to PAM stack management that makes the PAM configuration changes simpler for system administrators. authselect
can be used to configure authentication methods such as passwords, certificates, smart cards and fingerprint. authselect
does not configure services required to join remote domains. This task is performed by specialized tools, such as realmd
or ipa-client-install
.
17.10.3. KCM replaces KEYRING as the default credential cache storage
In RHEL 8, the default credential cache storage is the Kerberos Credential Manager (KCM) which is backed by the sssd-kcm
deamon. KCM overcomes the limitations of the previously used KEYRING, such as its being difficult to use in containerized environments because it is not namespaced, and to view and manage quotas.
With this update, RHEL 8 contains a credential cache that is better suited for containerized environments and that provides a basis for building more features in future releases.
17.10.4. sssctl
prints an HBAC rules report for an IdM domain
With this update, the sssctl
utility of the System Security Services Daemon (SSSD) can print an access control report for an Identity Management (IdM) domain. This feature meets the need of certain environments to see, for regulatory reasons, a list of users and groups that can access a specific client machine. Running sssctl access-report
domain_name
on an IdM client prints the parsed subset of host-based access control (HBAC) rules in the IdM domain that apply to the client machine.
Note that no other providers than IdM support this feature.
17.10.5. As of RHEL 8.8, SSSD no longer caches local users by default nor serves them through the nss_sss
module
In RHEL 8.8 and later, the System Security Services Daemon (SSSD) files
provider, which serves users and groups from the /etc/passwd
and /etc/group
files, is disabled by default. The default value of the enable_files_domain
setting in the /etc/sssd/sssd.conf
configuration file is false
.
For RHEL 8.7 and earlier versions, the SSSD files
provider is enabled by default. The default value of the enable_files_domain
setting in the sssd.conf
configuration file is true
, and the sss
nsswitch module precedes files
in the /etc/nsswitch.conf
file.
17.10.6. SSSD now allows you to select one of the multiple smart-card authentication devices
By default, the System Security Services Daemon (SSSD) tries to detect a device for smart-card authentication automatically. If there are multiple devices connected, SSSD selects the first one it detects. Consequently, you cannot select a particular device, which sometimes leads to failures.
With this update, you can configure a new p11_uri
option for the [pam]
section of the sssd.conf
configuration file. This option enables you to define which device is used for smart-card authentication.
For example, to select a reader with the slot id 2
detected by the OpenSC PKCS#11 module, add:
p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2
to the [pam]
section of sssd.conf
.
For details, see the man sssd.conf
page.
17.11. Removed SSSD functionality
17.11.1. sssd-secrets
has been removed
The sssd-secrets
component of the System Security Services Daemon (SSSD) has been removed in Red Hat Enterprise Linux 8. This is because Custodia, a secrets service provider, is no longer actively developed. Use other Identity Management tools to store secrets, for example the Identity Management Vault.
17.11.2. The SSSD version of libwbclient has been removed
The SSSD implementation of the libwbclient
package allowed the Samba smbd
service to retrieve user and group information from AD without the need to run the winbind
service. As Samba now requires that the winbind
service is running and handling communication with AD, the related code has been removed from smdb
for security reasons. As this additional required functionality is not part of SSSD and the SSSD implementation of libwbclient
cannot be used with recent versions of Samba, the SSSD implementation of libwbclient
has been removed in RHEL 8.5.
Chapter 18. The web console
18.1. The web console is now available by default
Packages for the RHEL 8 web console, also known as Cockpit, are now part of Red Hat Enterprise Linux default repositories, and can therefore be immediately installed on a registered RHEL 8 system.
In addition, on a non-minimal installation of RHEL 8, the web console is automatically installed and firewall ports required by the console are automatically open.
A system message has also been added prior to login that provides information about how to enable or access the web console.
18.2. New firewall interface
The Networking tab in the RHEL 8 web console now includes the Firewall settings. In this section, users can:
- Enable/disable firewall
- Add/remove services
For details, see Managing firewall using the web console.
18.3. Subscription management
The RHEL 8 web console provides an interface for using Red Hat Subscription Manager installed on your local system. The Subscription Manager connects to the Red Hat Customer Portal and verifies all available:
- Active subscriptions
- Expired subscriptions
- Renewed subscriptions
If you want to renew the subscription or get a different one in Red Hat Customer Portal, you do not have to update the Subscription Manager data manually. The Subscription Manager synchronizes data with Red Hat Customer Portal automatically.
The web console’s Subscriptions page is now provided by the new subscription-manager-cockpit package.
For details, see Managing subscriptions in the web console.
18.4. Better IdM integration for the web console
If your system is enrolled in an Identity Management (IdM) domain, the RHEL 8 web console now uses the domain’s centrally managed IdM resources by default. This includes the following benefits:
- The IdM domain’s administrators can use the web console to manage the local machine.
- The console’s web server automatically switches to a certificate issued by the IdM certificate authority (CA) and accepted by browsers.
- Users with a Kerberos ticket in the IdM domain do not need to provide login credentials to access the web console.
- SSH hosts known to the IdM domain are accessible to the web console without manually adding an SSH connection.
Note that for IdM integration with the web console to work properly, the user first needs to run the ipa-advise utility with the enable-admins-sudo option in the IdM server.
18.5. The web console is now compatible with mobile browsers
With this update, the web console menus and pages can be navigated on mobile browser variants. This makes it possible to manage systems using the RHEL 8 web console from a mobile device.
18.6. The web console front page now displays missing updates and subscriptions
If a system managed by the RHEL 8 web console has outdated packages or a lapsed subscription, a warning is now displayed on the web console front page of the system.
18.7. The web console now supports PBD enrollment
With this update, you can use the RHEL 8 web console interface to apply Policy-Based Decryption (PBD) rules to disks on managed systems. This uses the Clevis decryption client to facilitate a variety of security management functions in the web console, such as automatic unlocking of LUKS-encrypted disk partitions.
18.8. Support LUKS v2
In the web console’s Storage tab, you can now create, lock, unlock, resize, and otherwise configure encrypted devices using the LUKS (Linux Unified Key Setup) version 2 format.
This new version of LUKS offers:
- More flexible unlocking policies
- Stronger cryptography
- Better compatibility with future changes
18.9. Virtual machines can now be managed using the web console
The Virtual Machines page can now be added to the RHEL 8 web console interface, which enables the user to create and manage libvirt-based virtual machines.
For information about the differences in virtual management features between the web console and the Virtual Machine Manager, see Differences in virtualization features in Virtual Machine Manager and the web console.
18.10. Internet Explorer unsupported by the web console
Support for the Internet Explorer browser has been removed from the RHEL 8 web console. Attempting to open the web console in Internet Explorer now displays an error screen with a list of recommended browsers that can be used instead.
Chapter 19. Virtualization
19.1. Virtual machines can now be managed using the web console
The Virtual Machines page can now be added to the RHEL 8 web console interface, which enables the user to create and manage libvirt-based virtual machines (VMs).
In addition, the Virtual Machine Manager (virt-manager
) application has been deprecated, and may become unsupported in a future major release of RHEL.
Note, however, that the web console currently does not provide all of the virtual management features that virt-manager
does. For details about the differences in available features between the RHEL 8 web console and the Virtual Machine Manager, see the Configuring and managing virtualization document.
19.2. The Q35 machine type is now supported by virtualization
Red hat Enterprise Linux 8 introduces the support for Q35
, a more modern PCI Express-based machine type. This provides a variety of improvements in features and performance of virtual devices, and ensures that a wider range of modern devices are compatible with virtualization. In addition, virtual machines created in Red Hat Enterprise Linux 8 are set to use Q35 by default.
Note that the previously default PC
machine type has become deprecated and may become unsupported in a future major release of RHEL. However, changing the machine type of existing VMs from PC
to Q35
is not recommended.
Notable differences between PC
and Q35
include:
- Older operating systems, such as Windows XP, do not support Q35 and will not boot if used on a Q35 VM.
Currently, when using RHEL 6 as the operating system on a Q35 VM, hot-plugging a PCI device to that VM in some cases does not work. In addition, certain legacy virtio devices do not work properly on RHEL 6 Q35 VMs.
Therefore, using the PC machine type is recommended for RHEL 6 VMs.
- Q35 emulates PCI Express (PCI-e) buses instead of PCI. As a result, a different device topology and addressing scheme is presented to the guest OS.
- Q35 has a built-in SATA/AHCI controller, instead of an IDE controller.
- The SecureBoot feature only works on Q35 VMs.
19.3. Removed virtualization functionality
The cpu64-rhel6
CPU model has been deprecated and removed
The cpu64-rhel6
QEMU virtual CPU model has been deprecated in RHEL 8.1, and has been removed from RHEL 8.2. It is recommended that you use the other CPU models provided by QEMU and libvirt
, according to the CPU present on the host machine.
IVSHMEM has been disabled
The inter-VM shared memory device (IVSHMEM) feature, which provides shared memory between multiple virtual machines, is now disabled in Red Hat Enterprise Linux 8. A virtual machine configured with this device will fail to boot. Similarly, attempting to hot-plug such a device device will fail as well.
virt-install
can no longer use NFS locations
With this update, the virt-install
utility cannot mount NFS locations. As a consequence, attempting to install a virtual machine using virt-install
with a NFS address as a value of the --location
option fails. To work around this change, mount your NFS share prior to using virt-install
, or use a HTTP location.
RHEL 8 does not support the tulip driver
With this update, the tulip network driver is no longer supported. As a consequence, when using RHEL 8 on a Generation 1 virtual machine (VM) on the Microsoft Hyper-V hypervisor, the "Legacy Network Adapter" device does not work, which causes PXE installation of such VMs to fail.
For the PXE installation to work, install RHEL 8 on a Generation 2 Hyper-V VM. If you require a RHEL 8 Generation 1 VM, use ISO installation.
LSI Logic SAS and Parallel SCSI drivers are not supported
The LSI Logic SAS driver (mptsas
) and LSI Logic Parallel driver (mptspi
) for SCSI are no longer supported. As a consequence, the drivers can be used for installing RHEL 8 as a guest operating system on a VMWare hypervisor to a SCSI disk, but the created VM will not be supported by Red Hat.
Installing virtio-win no longer creates a floppy disk image with the Windows drivers
Due to the limitation of floppy drives, virtio-win drivers are no longer provided as floppy images. Users should use the ISO image instead.
Chapter 20. Containers
A set of container images is available for Red Hat Enterprise Linux 8. Notable changes include:
Docker is not included in RHEL 8.0. For working with containers, use the podman, buildah, skopeo, and runc tools.
For information about these tools and on using containers in RHEL 8, see Building, running, and managing containers.
The podman tool has been released as a fully supported feature.
The podman tool manages pods, container images, and containers on a single node. It is built on the libpod library, which enables management of containers and groups of containers, called pods.
To learn how to use podman, see Building, running, and managing containers.
In RHEL 8 GA, Red Hat Universal Base Images (UBI) are newly available. UBIs replace some of the images Red Hat previously provided, such as the standard and the minimal RHEL base images.
Unlike older Red Hat images, UBIs are freely redistributable. This means they can be used in any environment and shared anywhere. You can use them even if you are not a Red Hat customer.
For UBI documentation, see Building, running, and managing containers.
-
In RHEL 8 GA, additional container images are available that provide AppStream components, for which container images are distributed with Red Hat Software Collections in RHEL 7. All of these RHEL 8 images are based on the
ubi8
base image. - Container images ARM for the 64-bit ARM architecture are fully supported in RHEL 8.
-
The
rhel-tools
container has been removed in RHEL 8. Thesos
andredhat-support-tool
tools are provided in thesupport-tools
container. System administrators can also use this image as a base for building system tools container image. The support for rootless containers is available as a technology preview in RHEL 8.
Rootless containers are containers that are created and managed by regular system users without administrative permissions.
Chapter 21. Desktop and graphics
21.1. GNOME Shell is the default desktop environment
RHEL 8 is distributed with GNOME Shell as the default desktop environment.
All packages related to KDE Plasma Workspaces (KDE) have been removed, and it is no longer possible to use KDE as an alternative to the default GNOME desktop environment.
Red Hat does not support migration from RHEL 7 with KDE to RHEL 8 GNOME. Users of RHEL 7 with KDE are recommended to back up their data and install RHEL 8 with GNOME Shell.
21.2. Notable changes in GNOME Shell
RHEL 8 is distributed with GNOME Shell, version 3.28.
This section:
- Highlights enhancements related to GNOME Shell, version 3.28.
- Informs about the change in default combination of GNOME Shell environment and display protocol.
- Explains how to access features that are not available by default.
- Explains changes in GNOME tools for software management.
21.2.1. GNOME Shell, version 3.28 in RHEL 8
GNOME Shell, version 3.28 is available in RHEL 8. Notable enhancements include:
- New GNOME Boxes features
- New on-screen keyboard
- Extended devices support, most significantly integration for the Thunderbolt 3 interface
- Improvements for GNOME Software, dconf-editor and GNOME Terminal
21.2.2. GNOME Shell environments
GNOME 3 provides two essential environments:
- GNOME Standard
- GNOME Classic
Both environments can use two different protocols to build a graphical user interface:
- The X11 protocol, which uses X.Org as the display server.
The Wayland protocol, which uses GNOME Shell as the Wayland compositor and display server.
This solution of display server is further referred as GNOME Shell on Wayland.
The default combination in RHEL 8 is GNOME Standard environment using GNOME Shell on Wayland as the display server.
However, you may want to switch to another combination of GNOME Shell environment and graphics protocol stack. For more information, see Section 21.3, “Selecting GNOME environment and display protocol”.
Additional resources
- For more information about basics of using both GNOME Shell environments, see Overview of GNOME environments.
21.2.3. Desktop icons
In RHEL 8, the Desktop icons functionality is no longer provided by the Nautilus file manager, but by the desktop icons gnome-shell extension.
To be able to use the extension, you must install the gnome-shell-extension-desktop-icons
package available in the Appstream repository.
Additional resources
- For more information about Desktop icons in RHEL 8, see Managing desktop icons.
21.2.4. Fractional scaling
On a GNOME Shell on Wayland session, the fractional scaling feature is available. The feature makes it possible to scale the GUI by fractions, which improves the appearance of scaled GUI on certain displays.
Note that the feature is currently considered experimental and is, therefore, disabled by default.
To enable fractional scaling, run the following command:
# gsettings set org.gnome.mutter experimental-features "['scale-monitor-framebuffer']"
21.2.5. GNOME Software for package management
The gnome-packagekit
package that provided a collection of tools for package management in graphical environment on RHEL 7 is no longer available.
On RHEL 8, similar functionality is provided by the GNOME Software utility, which enables you to install and update applications and gnome-shell extensions. GNOME Software is distributed in the gnome-software
package.
Additional resources
- For more information for installing applications with GNOME software, see Installing applications in GNOME.
21.2.6. Opening graphical applications with sudo
When attempting to open a graphical application in a terminal using the sudo
command, you must do the following:
X11 applications
If the application uses the X11
display protocol, add the local user root
in the X server access control list. As a result, root
is allowed to connect to Xwayland
, which translates the X11
protocol into the Wayland
protocol and reversely.
Example 21.1. Adding root
to the X server access control list to open xclock with sudo
$ xhost +si:localuser:root
$ sudo xclock
Wayland applications
If the application is Wayland
native, include the -E
option.
Example 21.2. Opening GNOME Calculator with sudo
$ sudo -E gnome-calculator
Otherwise, if you type just sudo
and the name of the application, the operation of opening the application fails with the following error message:
No protocol specified Unable to init server: could not connect: connection refused # Failed to parse arguments: Cannot open display
21.3. Selecting GNOME environment and display protocol
For switching between various combinations of GNOME environment and graphics protocol stacks, use the following procedure.
Procedure
From the login screen (GDM), click the gear button next to the Sign In button.
NoteYou cannot access this option from the lock screen. The login screen appears when you first start RHEL 8 or when you log out of your current session.
From the drop-down menu that appears, select the option that you prefer.
NoteNote that in the menu that appears on the login screen, the X.Org display server is marked as X11 display server.
The change of GNOME environment and graphics protocol stack resulting from the above procedure is persistent across user logouts, and also when powering off or rebooting the computer.
21.4. Removed functionality
gnome-terminal
removed support for non-UTF8 locales in RHEL 8
The gnome-terminal
application in RHEL 8 and later releases refuses to start when the system locale is set to non-UTF8 because only UTF8 locales are supported. For more information, see the The gnome-terminal application fails to start when the system locale is set to non-UTF8 Knowledgebase article.
Chapter 22. Internationalization
22.1. RHEL 8 International Languages
Red Hat Enterprise Linux 8 supports the installation of multiple languages and the changing of languages based on your requirements.
- East Asian Languages - Japanese, Korean, Simplified Chinese, and Traditional Chinese.
- European Languages - English, German, Spanish, French, Italian, Portuguese, and Russian.
The following table lists the fonts and input methods provided for various major languages.
Language | Default Font (Font Package) | Input Methods |
---|---|---|
English | dejavu-sans-fonts | |
French | dejavu-sans-fonts | |
German | dejavu-sans-fonts | |
Italian | dejavu-sans-fonts | |
Russian | dejavu-sans-fonts | |
Spanish | dejavu-sans-fonts | |
Portuguese | dejavu-sans-fonts | |
Simplified Chinese | google-noto-sans-cjk-ttc-fonts, google-noto-serif-cjk-ttc-fonts | ibus-libpinyin, libpinyin |
Traditional Chinese | google-noto-sans-cjk-ttc-fonts, google-noto-serif-cjk-ttc-fonts | ibus-libzhuyin, libzhuyin |
Japanese | google-noto-sans-cjk-ttc-fonts, google-noto-serif-cjk-ttc-fonts | ibus-kkc, libkkc |
Korean | google-noto-sans-cjk-ttc-fonts, google-noto-serif-cjk-ttc-fonts | ibus-hangul, libhangu |
22.2. Notable changes to internationalization in RHEL 8
RHEL 8 introduces the following changes to internationalization compared to RHEL 7:
- Support for the Unicode 11 computing industry standard has been added.
- Internationalization is distributed in multiple packages, which allows for smaller footprint installations. For more information, see Using langpacks.
-
The
glibc
package updates for multiple locales are now synchronized with the Common Locale Data Repository (CLDR).
Chapter 23. Red Hat Enterprise Linux for SAP Solutions
Red Hat Enterprise Linux for SAP Solutions provides a consistent foundation for SAP workloads. For a list of features and benefits provided by the RHEL for SAP Solutions subscription for business critical IT landscapes, like SAP environments, see Overview of the Red Hat Enterprise Linux for SAP Solutions subscription. The following resources provide an overview of the changes between RHEL 7 and RHEL 8.
- For information regarding the RHEL for SAP Solutions life cycle, see Red Hat Enterprise Linux Life Cycle.
- For details regarding RHEL 8 usage, see RHEL 8 product documentation.
- For guidance regarding an in-place upgrade from RHEL 7 to RHEL 8, see Upgrading from RHEL 7 to RHEL 8.
In addition to the two main RHEL repositories, BaseOS and AppStream, the RHEL 8 for SAP Solutions subscription includes the SAP Solutions and SAP NetWeaver repositories. Both repositories are required for SAP environments and workloads.
Repository name changes between RHEL 7 and RHEL 8
The following table lists the repositories that were renamed between RHEL 7 for SAP HANA / Solutions, and RHEL 8 for SAP Solutions:
Original repository name(s) | New repository name(s) [a] | Changed since | Note |
---|---|---|---|
rhel-sap-hana-for-rhel-7-<server|for-power-le>-rpms | rhel-8-for-<arch>-sap-solutions-rpms | RHEL 8.0 | Also applies to Extended Update Support (EUS) and Update Services for SAP Solutions (E4S) repositories |
rhel-sap-for-rhel-7-<server|for-power-le>-rpms | rhel-8-for-<arch>-sap-netweaver-rpms | RHEL 8.0 | Also applies to Extended Update Support (EUS) and Update Services for SAP Solutions (E4S) repositories |
[a]
This table uses examples to help identify the full repository ID, where <arch> is the specific architecture.
|
Appendix A. Changes to packages
The following chapters contain changes to packages between RHEL 7 and RHEL 8, as well as changes between minor releases of RHEL 8.
A.1. New packages
A.1.1. Packages added in RHEL 8 minor releases
The following packages were added in RHEL 8 minor relases starting from RHEL 8.1:
Package | Repository | New in |
---|---|---|
aardvark-dns | rhel8-AppStream | RHEL 8.6 |
accel-config | rhel8-BaseOS | RHEL 8.4 |
accel-config-devel | rhel8-CRB | RHEL 8.4 |
accel-config-libs | rhel8-BaseOS | RHEL 8.4 |
adwaita-icon-theme-devel | rhel8-CRB | RHEL 8.6 |
adwaita-qt5 | rhel8-AppStream | RHEL 8.5 |
alsa-sof-firmware | rhel8-BaseOS | RHEL 8.3 |
alsa-sof-firmware-debug | rhel8-BaseOS | RHEL 8.3 |
anaconda-widgets-devel | rhel8-CRB | RHEL 8.7 |
annobin-annocheck | rhel8-AppStream | RHEL 8.3 |
ansible-collection-microsoft-sql | rhel8-AppStream | RHEL 8.5 |
ansible-collection-redhat-rhel_mgmt | rhel8-AppStream | RHEL 8.5 |
ansible-core | rhel8-AppStream | RHEL 8.6 |
ansible-freeipa | rhel8-AppStream | RHEL 8.1 |
ansible-freeipa-tests | rhel8-AppStream | RHEL 8.5 |
ansible-pcp | rhel8-AppStream | RHEL 8.5 |
ansible-test | rhel8-AppStream | RHEL 8.6 |
apiguardian | rhel8-AppStream | RHEL 8.4 |
asio-devel | rhel8-CRB | RHEL 8.1 |
asio-devel | rhel8-CRB | RHEL 8.3 |
aspnetcore-runtime-3.1 | rhel8-AppStream | RHEL 8.2 |
aspnetcore-runtime-5.0 | rhel8-AppStream | RHEL 8.3 |
aspnetcore-runtime-6.0 | rhel8-AppStream | RHEL 8.5 |
aspnetcore-runtime-7.0 | rhel8-AppStream | RHEL 8.7 |
aspnetcore-runtime-8.0 | rhel8-AppStream | RHEL 8.10 |
aspnetcore-targeting-pack-3.1 | rhel8-AppStream | RHEL 8.2 |
aspnetcore-targeting-pack-5.0 | rhel8-AppStream | RHEL 8.3 |
aspnetcore-targeting-pack-6.0 | rhel8-AppStream | RHEL 8.5 |
aspnetcore-targeting-pack-7.0 | rhel8-AppStream | RHEL 8.7 |
aspnetcore-targeting-pack-8.0 | rhel8-AppStream | RHEL 8.10 |
autogen-libopts-devel | rhel8-CRB | RHEL 8.3 |
avahi-glib-devel | rhel8-CRB | RHEL 8.4 |
avahi-gobject-devel | rhel8-CRB | RHEL 8.4 |
avahi-tools | rhel8-AppStream | RHEL 8.9 |
avahi-ui | rhel8-CRB | RHEL 8.4 |
avahi-ui-devel | rhel8-CRB | RHEL 8.4 |
bash-devel | rhel8-CRB | RHEL 8.6 |
batik-css | rhel8-AppStream | RHEL 8.4 |
batik-util | rhel8-AppStream | RHEL 8.4 |
bcc-devel | rhel8-CRB | RHEL 8.2 |
bind9.16 | rhel8-AppStream | RHEL 8.6 |
bind9.16-chroot | rhel8-AppStream | RHEL 8.6 |
bind9.16-devel | rhel8-CRB | RHEL 8.6 |
bind9.16-dnssec-utils | rhel8-CRB | RHEL 8.6 |
bind9.16-doc | rhel8-CRB | RHEL 8.6 |
bind9.16-libs | rhel8-AppStream | RHEL 8.6 |
bind9.16-license | rhel8-AppStream | RHEL 8.6 |
bind9.16-utils | rhel8-AppStream | RHEL 8.6 |
chan | rhel8-AppStream | RHEL 8.3 |
cifs-utils-devel | rhel8-CRB | RHEL 8.8 |
clang-resource-filesystem | rhel8-AppStream | RHEL 8.5 |
clang-tools-extra-devel | rhel8-AppStream | RHEL 8.10 |
cockpit-leapp | rhel8-AppStream | RHEL 8.7 |
compat-exiv2-026 | rhel8-AppStream | RHEL 8.2 |
compat-hwloc1 | rhel8-BaseOS | RHEL 8.5 |
compat-sap-c++-10 | rhel8-SAP | RHEL 8.3 |
compat-sap-c++-11 | rhel8-SAP | RHEL 8.5 |
compat-sap-c++-12 | rhel8-SAP | RHEL 8.7 |
conmon | rhel8-AppStream | RHEL 8.2 |
coreos-installer | rhel8-AppStream | RHEL 8.5 |
coreos-installer-bootinfra | rhel8-AppStream | RHEL 8.5 |
coreos-installer-dracut | rhel8-AppStream | RHEL 8.6 |
crit | rhel8-AppStream | RHEL 8.2 |
criu-devel | rhel8-AppStream | RHEL 8.5 |
criu-libs | rhel8-AppStream | RHEL 8.5 |
crun | rhel8-AppStream | RHEL 8.3 |
crypto-policies-scripts | rhel8-BaseOS | RHEL 8.3 |
dejavu-lgc-sans-fonts | rhel8-AppStream | RHEL 8.4 |
delve | rhel8-AppStream | RHEL 8.2 |
directory-maven-plugin-javadoc | rhel8-AppStream | RHEL 8.2 |
directory-maven-plugin | rhel8-AppStream | RHEL 8.2 |
disruptor | rhel8-AppStream | RHEL 8.6 |
dotnet-apphost-pack-3.1 | rhel8-AppStream | RHEL 8.2 |
dotnet-apphost-pack-5.0 | rhel8-AppStream | RHEL 8.3 |
dotnet-apphost-pack-6.0 | rhel8-AppStream | RHEL 8.5 |
dotnet-apphost-pack-7.0 | rhel8-AppStream | RHEL 8.7 |
dotnet-apphost-pack-8.0 | rhel8-AppStream | RHEL 8.10 |
dotnet-build-reference-packages | rhel8-CRB | RHEL 8.5 |
dotnet-hostfxr-3.1 | rhel8-AppStream | RHEL 8.2 |
dotnet-hostfxr-5.0 | rhel8-AppStream | RHEL 8.3 |
dotnet-hostfxr-6.0 | rhel8-AppStream | RHEL 8.5 |
dotnet-hostfxr-7.0 | rhel8-AppStream | RHEL 8.7 |
dotnet-hostfxr-8.0 | rhel8-AppStream | RHEL 8.10 |
dotnet-runtime-3.1 | rhel8-AppStream | RHEL 8.2 |
dotnet-runtime-5.0 | rhel8-AppStream | RHEL 8.3 |
dotnet-runtime-6.0 | rhel8-AppStream | RHEL 8.5 |
dotnet-runtime-7.0 | rhel8-AppStream | RHEL 8.7 |
dotnet-runtime-8.0 | rhel8-AppStream | RHEL 8.10 |
dotnet-sdk-3.1-source-built-artifacts | rhel8-CRB | RHEL 8.5 |
dotnet-sdk-3.1 | rhel8-AppStream | RHEL 8.2 |
dotnet-sdk-5.0 | rhel8-AppStream | RHEL 8.3 |
dotnet-sdk-5.0-source-built-artifacts | rhel8-CRB | RHEL 8.5 |
dotnet-sdk-6.0 | rhel8-AppStream | RHEL 8.5 |
dotnet-sdk-6.0-source-built-artifacts | rhel8-CRB | RHEL 8.6 |
dotnet-sdk-7.0 | rhel8-AppStream | RHEL 8.7 |
dotnet-sdk-7.0-source-built-artifacts | rhel8-CRB | RHEL 8.7 |
dotnet-sdk-8.0 | rhel8-AppStream | RHEL 8.10 |
dotnet-sdk-8.0-source-built-artifacts | rhel8-CRB | RHEL 8.10 |
dotnet-targeting-pack-3.1 | rhel8-AppStream | RHEL 8.2 |
dotnet-targeting-pack-5.0 | rhel8-AppStream | RHEL 8.3 |
dotnet-targeting-pack-6.0 | rhel8-AppStream | RHEL 8.5 |
dotnet-targeting-pack-7.0 | rhel8-AppStream | RHEL 8.7 |
dotnet-targeting-pack-8.0 | rhel8-AppStream | RHEL 8.10 |
dotnet-templates-3.1 | rhel8-AppStream | RHEL 8.2 |
dotnet-templates-5.0 | rhel8-AppStream | RHEL 8.3 |
dotnet-templates-6.0 | rhel8-AppStream | RHEL 8.5 |
dotnet-templates-7.0 | rhel8-AppStream | RHEL 8.7 |
dotnet-templates-8.0 | rhel8-AppStream | RHEL 8.10 |
dotnet5.0-build-reference-packages | rhel8-CRB | RHEL 8.5 |
dwarves | rhel8-CRB | RHEL 8.2 |
ecj | rhel8-AppStream | RHEL 8.8 |
eclipse-ecf-core | rhel8-AppStream | RHEL 8.4 |
eclipse-ecf-runtime | rhel8-AppStream | RHEL 8.4 |
eclipse-emf-core | rhel8-AppStream | RHEL 8.4 |
eclipse-emf-runtime | rhel8-AppStream | RHEL 8.4 |
eclipse-emf-xsd | rhel8-AppStream | RHEL 8.4 |
eclipse-equinox-osgi | rhel8-AppStream | RHEL 8.4 |
eclipse-jdt | rhel8-AppStream | RHEL 8.4 |
eclipse-p2-discovery | rhel8-AppStream | RHEL 8.4 |
eclipse-pde | rhel8-AppStream | RHEL 8.4 |
eclipse-platform | rhel8-AppStream | RHEL 8.4 |
eclipse-swt | rhel8-AppStream | RHEL 8.4 |
ee4j-parent | rhel8-AppStream | RHEL 8.2 |
efivar-devel | rhel8-CRB | RHEL 8.6 |
egl-utils | rhel8-AppStream | RHEL 8.7 |
elfutils-debuginfod | rhel8-BaseOS | RHEL 8.3 |
elfutils-debuginfod-client-devel | rhel8-AppStream | RHEL 8.2 |
elfutils-debuginfod-client | rhel8-AppStream | RHEL 8.2 |
emoji-picker | rhel8-AppStream | RHEL 8.4 |
eth-tools-basic | rhel8-AppStream | RHEL 8.5 |
eth-tools-fastfabric | rhel8-AppStream | RHEL 8.5 |
evince-devel | rhel8-CRB | RHEL 8.4 |
evolution-data-server-ui | rhel8-AppStream | RHEL 8.10 |
evolution-data-server-ui-devel | rhel8-AppStream | RHEL 8.10 |
fapolicyd | rhel8-AppStream | RHEL 8.1 |
fapolicyd-selinux | rhel8-AppStream | RHEL 8.3 |
fasterxml-oss-parent | rhel8-AppStream | RHEL 8.10 |
fdo-admin-cli | rhel8-AppStream | RHEL 8.6 |
fdo-client | rhel8-AppStream | RHEL 8.6 |
fdo-init | rhel8-AppStream | RHEL 8.6 |
fdo-manufacturing-server | rhel8-AppStream | RHEL 8.6 |
fdo-owner-cli | rhel8-AppStream | RHEL 8.6 |
fdo-owner-onboarding-server | rhel8-AppStream | RHEL 8.6 |
fdo-rendezvous-server | rhel8-AppStream | RHEL 8.6 |
felix-gogo-command | rhel8-AppStream | RHEL 8.4 |
felix-gogo-runtime | rhel8-AppStream | RHEL 8.4 |
felix-gogo-shell | rhel8-AppStream | RHEL 8.4 |
felix-scr | rhel8-AppStream | RHEL 8.4 |
fence-agents-ibm-powervs | rhel8-AppStream | RHEL 8.6 |
fence-agents-ibm-vpc | rhel8-AppStream | RHEL 8.6 |
fence-agents-kubevirt | rhel8-AppStream | RHEL 8.6 |
fence-agents-openstack | rhel8-HighAvailability | RHEL 8.7 |
fence-virtd-cpg | rhel8-AppStream | RHEL 8.6 |
flatpak-devel | rhel8-CRB | RHEL 8.5 |
flatpak-selinux | rhel8-AppStream | RHEL 8.2 |
flatpak-session-helper | rhel8-AppStream | RHEL 8.2 |
flatpak-spawn | rhel8-AppStream | RHEL 8.4 |
flatpak-xdg-utils | rhel8-AppStream | RHEL 8.4 |
frr-selinux | rhel8-AppStream | RHEL 8.7 |
fstrm | rhel8-AppStream | RHEL 8.4 |
fstrm-devel | rhel8-AppStream | RHEL 8.4 |
fstrm-utils | rhel8-CRB | RHEL 8.7 |
fwupd-devel | rhel8-CRB | RHEL 8.6 |
gcc-plugin-annobin | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-9-libasan-devel | rhel8-AppStream | RHEL 8.2 |
gcc-toolset-9-libatomic-devel | rhel8-AppStream | RHEL 8.2 |
gcc-toolset-9-liblsan-devel | rhel8-AppStream | RHEL 8.2 |
gcc-toolset-9-libtsan-devel | rhel8-AppStream | RHEL 8.2 |
gcc-toolset-9-libubsan-devel | rhel8-AppStream | RHEL 8.2 |
gcc-toolset-10 | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-annobin | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-binutils | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-binutils-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-build | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-dwz | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-dyninst | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-dyninst-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-elfutils | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-elfutils-debuginfod-client | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-elfutils-debuginfod-client-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-elfutils-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-elfutils-libelf | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-elfutils-libelf-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-elfutils-libs | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-gcc | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-gcc-c++ | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-gcc-gdb-plugin | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-gcc-gfortran | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-gcc-plugin-devel | rhel8-CRB | RHEL 8.5 |
gcc-toolset-10-gdb | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-gdb-doc | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-gdb-gdbserver | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-libasan-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-libatomic-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-libitm-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-liblsan-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-libquadmath-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-libstdc++-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-libstdc++-docs | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-libtsan-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-libubsan-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-ltrace | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-make | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-make-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-perftools | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-runtime | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-strace | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-systemtap | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-systemtap-client | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-systemtap-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-systemtap-initscript | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-systemtap-runtime | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-systemtap-sdt-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-systemtap-server | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-toolchain | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-valgrind | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-10-valgrind-devel | rhel8-AppStream | RHEL 8.3 |
gcc-toolset-11 | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-annobin-annocheck | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-annobin-docs | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-annobin-plugin-gcc | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-binutils | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-binutils-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-build | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-dwz | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-dyninst | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-dyninst-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-elfutils | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-elfutils-debuginfod-client | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-elfutils-debuginfod-client-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-elfutils-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-elfutils-libelf | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-elfutils-libelf-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-elfutils-libs | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-gcc | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-gcc-c++ | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-gcc-gdb-plugin | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-gcc-gfortran | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-gcc-plugin-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-gdb | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-gdb-doc | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-gdb-gdbserver | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-libasan-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-libatomic-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-libgccjit | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-libgccjit-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-libgccjit-docs | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-libitm-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-liblsan-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-libquadmath-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-libstdc++-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-libstdc++-docs | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-libtsan-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-libubsan-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-ltrace | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-make | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-make-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-perftools | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-runtime | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-strace | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-systemtap | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-systemtap-client | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-systemtap-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-systemtap-initscript | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-systemtap-runtime | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-systemtap-sdt-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-systemtap-server | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-toolchain | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-valgrind | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-11-valgrind-devel | rhel8-AppStream | RHEL 8.5 |
gcc-toolset-12 | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-annobin-annocheck | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-annobin-docs | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-annobin-plugin-gcc | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-binutils | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-binutils-devel | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-binutils-gold | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-build | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-dwz | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-gcc | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-gcc-c++ | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-gcc-gfortran | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-gcc-plugin-annobin | rhel8-AppStream | RHEL 8.8 |
gcc-toolset-12-gcc-plugin-devel | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-gdb | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-libasan-devel | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-libatomic-devel | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-libgccjit | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-libgccjit-devel | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-libgccjit-docs | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-libitm-devel | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-liblsan-devel | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-libquadmath-devel | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-libstdc++-devel | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-libstdc++-docs | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-libtsan-devel | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-libubsan-devel | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-offload-nvptx | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-12-runtime | rhel8-AppStream | RHEL 8.7 |
gcc-toolset-13 | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-annobin-annocheck | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-annobin-docs | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-annobin-plugin-gcc | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-binutils | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-binutils-devel | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-binutils-gold | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-dwz | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-gcc | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-gcc-c++ | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-gcc-gfortran | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-gcc-plugin-annobin | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-gcc-plugin-devel | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-gdb | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-libasan-devel | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-libatomic-devel | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-libgccjit | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-libgccjit-devel | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-libitm-devel | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-liblsan-devel | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-libquadmath-devel | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-libstdc++-devel | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-libstdc++-docs | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-libtsan-devel | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-libubsan-devel | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-offload-nvptx | rhel8-AppStream | RHEL 8.9 |
gcc-toolset-13-runtime | rhel8-AppStream | RHEL 8.9 |
gdm-devel | rhel8-CRB | RHEL 8.6 |
gdm-pam-extensions-devel | rhel8-CRB | RHEL 8.6 |
git-credential-libsecret | rhel8-AppStream | RHEL 8.3 |
git-lfs | rhel8-AppStream | RHEL 8.3 |
glade | rhel8-CRB | RHEL 8.7 |
glassfish-jsp | rhel8-AppStream | RHEL 8.4 |
glibc-doc | rhel8-BaseOS | RHEL 8.7 |
glibc-gconv-extra | rhel8-AppStream | RHEL 8.6 |
gnome-session-kiosk-session | rhel8-AppStream | RHEL 8.5 |
gnome-shell-extension-classification-banner | rhel8-AppStream | RHEL 8.6 |
gnome-shell-extension-custom-menu | rhel8-AppStream | RHEL 8.9 |
gnome-shell-extension-dash-to-panel | rhel8-AppStream | RHEL 8.6 |
gnome-shell-extension-gesture-inhibitor | rhel8-AppStream | RHEL 8.5 |
gnome-shell-extension-heads-up-display | rhel8-AppStream | RHEL 8.6 |
gnome-software-devel | rhel8-CRB | RHEL 8.5 |
google-gson | rhel8-AppStream | RHEL 8.4 |
grafana-pcp | rhel8-AppStream | RHEL 8.2 |
grafana-selinux | rhel8-AppStream | RHEL 8.10 |
graphviz-python3 | rhel8-CRB | RHEL 8.2 |
graphviz-ruby | rhel8-AppStream | RHEL 8.10 |
greenboot | rhel8-AppStream | RHEL 8.3 |
greenboot-default-health-checks | rhel8-AppStream | RHEL 8.6 |
greenboot-grub2 | rhel8-AppStream | RHEL 8.3 |
greenboot-reboot | rhel8-AppStream | RHEL 8.3 |
greenboot-rpm-ostree-grub2 | rhel8-AppStream | RHEL 8.3 |
greenboot-status | rhel8-AppStream | RHEL 8.3 |
gtk-vnc2-devel | rhel8-CRB | RHEL 8.9 |
gtk3-devel-docs | rhel8-CRB | RHEL 8.7 |
guava | rhel8-AppStream | RHEL 8.2 |
gvnc-devel | rhel8-CRB | RHEL 8.9 |
HdrHistogram | rhel8-AppStream | RHEL 8.3 |
HdrHistogram_c | rhel8-AppStream | RHEL 8.3 |
HdrHistogram-javadoc | rhel8-AppStream | RHEL 8.3 |
hostapd | rhel8-AppStream | RHEL 8.6 |
http-parser-devel | rhel8-CRB | RHEL 8.2 |
ibus-table-devel | rhel8-CRB | RHEL 8.4 |
ibus-table-tests | rhel8-CRB | RHEL 8.4 |
ibus-typing-booster-tests | rhel8-CRB | RHEL 8.4 |
icu4j | rhel8-AppStream | RHEL 8.4 |
idm-jss | rhel8-AppStream | RHEL 8.10 |
idm-jss-javadoc | rhel8-AppStream | RHEL 8.10 |
idm-ldapjdk | rhel8-AppStream | RHEL 8.10 |
idm-ldapjdk-javadoc | rhel8-AppStream | RHEL 8.10 |
idm-pki-acme | rhel8-AppStream | RHEL 8.7 |
idm-pki-base | rhel8-AppStream | RHEL 8.7 |
idm-pki-base-java | rhel8-AppStream | RHEL 8.7 |
idm-pki-ca | rhel8-AppStream | RHEL 8.7 |
idm-pki-kra | rhel8-AppStream | RHEL 8.7 |
idm-pki-server | rhel8-AppStream | RHEL 8.7 |
idm-pki-symkey | rhel8-AppStream | RHEL 8.7 |
idm-pki-tools | rhel8-AppStream | RHEL 8.7 |
idm-tomcatjss | rhel8-AppStream | RHEL 8.10 |
idn2 | rhel8-AppStream | RHEL 8.1 |
ima-evm-utils0 | rhel8-BaseOS | RHEL 8.4 |
inkscape1 | rhel8-AppStream | RHEL 8.8 |
inkscape1-docs | rhel8-AppStream | RHEL 8.8 |
inkscape1-view | rhel8-AppStream | RHEL 8.8 |
intel-cmt-cat-devel | rhel8-CRB | RHEL 8.4 |
ipa-client-epn | rhel8-AppStream | RHEL 8.3 |
ipa-client-samba | rhel8-AppStream | RHEL 8.1 |
ipa-healthcheck | rhel8-AppStream | RHEL 8.1 |
ipa-healthcheck-core | rhel8-AppStream | RHEL 8.2 |
ipa-selinux | rhel8-AppStream | RHEL 8.3 |
ipxe-bootimgs-aarch64 | rhel8-AppStream | RHEL 8.6 |
ipxe-bootimgs-x86 | rhel8-AppStream | RHEL 8.6 |
iscsi-initiator-utils-devel | rhel8-CRB | RHEL 8.3 |
jackson-bom | rhel8-AppStream | RHEL 8.10 |
jackson-modules-base | rhel8-AppStream | RHEL 8.10 |
jackson-parent | rhel8-AppStream | RHEL 8.10 |
jaf-javadoc | rhel8-AppStream | RHEL 8.2 |
jaf | rhel8-AppStream | RHEL 8.2 |
jakarta-activation2 | rhel8-AppStream | RHEL 8.8 |
jakarta-annotations | rhel8-AppStream | RHEL 8.7 |
java-1.8.0-openjdk-accessibility-fastdebug | rhel8-CRB | RHEL 8.4 |
java-1.8.0-openjdk-accessibility-slowdebug | rhel8-CRB | RHEL 8.4 |
java-1.8.0-openjdk-demo-fastdebug | rhel8-CRB | RHEL 8.4 |
java-1.8.0-openjdk-demo-slowdebug | rhel8-CRB | RHEL 8.4 |
java-1.8.0-openjdk-devel-fastdebug | rhel8-CRB | RHEL 8.4 |
java-1.8.0-openjdk-devel-slowdebug | rhel8-CRB | RHEL 8.4 |
java-1.8.0-openjdk-fastdebug | rhel8-CRB | RHEL 8.4 |
java-1.8.0-openjdk-headless-fastdebug | rhel8-CRB | RHEL 8.4 |
java-1.8.0-openjdk-headless-slowdebug | rhel8-CRB | RHEL 8.4 |
java-1.8.0-openjdk-slowdebug | rhel8-CRB | RHEL 8.4 |
java-1.8.0-openjdk-src-fastdebug | rhel8-CRB | RHEL 8.4 |
java-1.8.0-openjdk-src-slowdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-demo-fastdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-demo-slowdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-devel-fastdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-devel-slowdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-fastdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-headless-fastdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-headless-slowdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-jmods-fastdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-jmods-slowdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-slowdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-src-fastdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-src-slowdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-static-libs | rhel8-AppStream | RHEL 8.3 |
java-11-openjdk-static-libs-fastdebug | rhel8-CRB | RHEL 8.4 |
java-11-openjdk-static-libs-slowdebug | rhel8-CRB | RHEL 8.4 |
java-17-openjdk | rhel8-AppStream | RHEL 8.5 |
java-17-openjdk-demo | rhel8-AppStream | RHEL 8.5 |
java-17-openjdk-demo-fastdebug | rhel8-CRB | RHEL 8.5 |
java-17-openjdk-demo-slowdebug | rhel8-CRB | RHEL 8.5 |
java-17-openjdk-devel | rhel8-AppStream | RHEL 8.5 |
java-17-openjdk-devel-fastdebug | rhel8-CRB | RHEL 8.5 |
java-17-openjdk-devel-slowdebug | rhel8-CRB | RHEL 8.5 |
java-17-openjdk-fastdebug | rhel8-CRB | RHEL 8.5 |
java-17-openjdk-headless | rhel8-AppStream | RHEL 8.5 |
java-17-openjdk-headless-fastdebug | rhel8-CRB | RHEL 8.5 |
java-17-openjdk-headless-slowdebug | rhel8-CRB | RHEL 8.5 |
java-17-openjdk-javadoc | rhel8-AppStream | RHEL 8.5 |
java-17-openjdk-javadoc-zip | rhel8-AppStream | RHEL 8.5 |
java-17-openjdk-jmods | rhel8-AppStream | RHEL 8.5 |
java-17-openjdk-jmods-fastdebug | rhel8-CRB | RHEL 8.5 |
java-17-openjdk-jmods-slowdebug | rhel8-CRB | RHEL 8.5 |
java-17-openjdk-slowdebug | rhel8-CRB | RHEL 8.5 |
java-17-openjdk-src | rhel8-AppStream | RHEL 8.5 |
java-17-openjdk-src-fastdebug | rhel8-CRB | RHEL 8.5 |
java-17-openjdk-src-slowdebug | rhel8-CRB | RHEL 8.5 |
java-17-openjdk-static-libs | rhel8-AppStream | RHEL 8.5 |
java-17-openjdk-static-libs-fastdebug | rhel8-CRB | RHEL 8.5 |
java-17-openjdk-static-libs-slowdebug | rhel8-CRB | RHEL 8.5 |
java-21-openjdk | rhel8-AppStream | RHEL 8.9 |
java-21-openjdk-demo | rhel8-AppStream | RHEL 8.9 |
java-21-openjdk-demo-fastdebug | rhel8-CRB | RHEL 8.9 |
java-21-openjdk-demo-slowdebug | rhel8-CRB | RHEL 8.9 |
java-21-openjdk-devel | rhel8-AppStream | RHEL 8.9 |
java-21-openjdk-devel-fastdebug | rhel8-CRB | RHEL 8.9 |
java-21-openjdk-devel-slowdebug | rhel8-CRB | RHEL 8.9 |
java-21-openjdk-fastdebug | rhel8-CRB | RHEL 8.9 |
java-21-openjdk-headless | rhel8-AppStream | RHEL 8.9 |
java-21-openjdk-headless-fastdebug | rhel8-CRB | RHEL 8.9 |
java-21-openjdk-headless-slowdebug | rhel8-CRB | RHEL 8.9 |
java-21-openjdk-javadoc | rhel8-AppStream | RHEL 8.9 |
java-21-openjdk-javadoc-zip | rhel8-AppStream | RHEL 8.9 |
java-21-openjdk-jmods | rhel8-AppStream | RHEL 8.9 |
java-21-openjdk-jmods-fastdebug | rhel8-CRB | RHEL 8.9 |
java-21-openjdk-jmods-slowdebug | rhel8-CRB | RHEL 8.9 |
java-21-openjdk-slowdebug | rhel8-CRB | RHEL 8.9 |
java-21-openjdk-src | rhel8-AppStream | RHEL 8.9 |
java-21-openjdk-src-fastdebug | rhel8-CRB | RHEL 8.9 |
java-21-openjdk-src-slowdebug | rhel8-CRB | RHEL 8.9 |
java-21-openjdk-static-libs | rhel8-AppStream | RHEL 8.9 |
java-21-openjdk-static-libs-fastdebug | rhel8-CRB | RHEL 8.9 |
java-21-openjdk-static-libs-slowdebug | rhel8-CRB | RHEL 8.9 |
jaxb-api4 | rhel8-AppStream | RHEL 8.8 |
jaxb-codemodel | rhel8-AppStream | RHEL 8.8 |
jaxb-core | rhel8-AppStream | RHEL 8.8 |
jaxb-dtd-parser | rhel8-AppStream | RHEL 8.8 |
jaxb-istack-commons-runtime | rhel8-AppStream | RHEL 8.8 |
jaxb-istack-commons-tools | rhel8-AppStream | RHEL 8.8 |
jaxb-relaxng-datatype | rhel8-AppStream | RHEL 8.8 |
jaxb-rngom | rhel8-AppStream | RHEL 8.8 |
jaxb-runtime | rhel8-AppStream | RHEL 8.8 |
jaxb-txw2 | rhel8-AppStream | RHEL 8.8 |
jaxb-xjc | rhel8-AppStream | RHEL 8.8 |
jaxb-xsom | rhel8-AppStream | RHEL 8.8 |
jctools | rhel8-AppStream | RHEL 8.6 |
jetty-continuation | rhel8-AppStream | RHEL 8.4 |
jetty-http | rhel8-AppStream | RHEL 8.4 |
jetty-io | rhel8-AppStream | RHEL 8.4 |
jetty-security | rhel8-AppStream | RHEL 8.4 |
jetty-server | rhel8-AppStream | RHEL 8.4 |
jetty-servlet | rhel8-AppStream | RHEL 8.4 |
jetty-util | rhel8-AppStream | RHEL 8.4 |
jigawatts | rhel8-AppStream | RHEL 8.5 |
jigawatts-javadoc | rhel8-AppStream | RHEL 8.5 |
jigawatts-javadoc | rhel8-AppStream | RHEL 8.8 |
jmc-core-javadoc | rhel8-AppStream | RHEL 8.2 |
jmc-core | rhel8-AppStream | RHEL 8.2 |
jmc | rhel8-AppStream | RHEL 8.2 |
jolokia-jvm-agent | rhel8-AppStream | RHEL 8.2 |
jq-devel | rhel8-CRB | RHEL 8.5 |
js-d3-flame-graph | rhel8-AppStream | RHEL 8.3 |
Judy-devel | rhel8-BaseOS | RHEL 8.1 |
Judy-devel | rhel8-CRB | RHEL 8.3 |
junit5 | rhel8-AppStream | RHEL 8.4 |
kernel-abi-stablelists | rhel8-BaseOS | RHEL 8.4 |
kmod-redhat-oracleasm | rhel8-BaseOS | RHEL 8.4 |
kpatch-dnf | rhel8-BaseOS | RHEL 8.4 |
lasso-devel | rhel8-CRB | RHEL 8.5 |
ldns-doc | rhel8-CRB | RHEL 8.10 |
ldns-utils | rhel8-CRB | RHEL 8.10 |
leapp | rhel8-AppStream | RHEL 8.7 |
leapp-deps | rhel8-AppStream | RHEL 8.7 |
leapp-upgrade-el8toel9 | rhel8-AppStream | RHEL 8.7 |
leapp-upgrade-el8toel9-deps | rhel8-AppStream | RHEL 8.7 |
libadwaita-qt5 | rhel8-AppStream | RHEL 8.5 |
libasan6 | rhel8-AppStream | RHEL 8.4 |
libasan8 | rhel8-AppStream | RHEL 8.7 |
libbabeltrace-devel | rhel8-CRB | RHEL 8.3 |
libblockdev-crypto-devel | rhel8-CRB | RHEL 8.3 |
libblockdev-devel | rhel8-CRB | RHEL 8.3 |
libblockdev-fs-devel | rhel8-CRB | RHEL 8.3 |
libblockdev-loop-devel | rhel8-CRB | RHEL 8.3 |
libblockdev-lvm-devel | rhel8-CRB | RHEL 8.3 |
libblockdev-mdraid-devel | rhel8-CRB | RHEL 8.3 |
libblockdev-part-devel | rhel8-CRB | RHEL 8.3 |
libblockdev-swap-devel | rhel8-CRB | RHEL 8.3 |
libblockdev-utils-devel | rhel8-CRB | RHEL 8.3 |
libblockdev-vdo-devel | rhel8-CRB | RHEL 8.3 |
libbpf-devel | rhel8-CRB | RHEL 8.2 |
libbpf-static | rhel8-CRB | RHEL 8.2 |
libbpf | rhel8-BaseOS | RHEL 8.2 |
libbytesize-devel | rhel8-CRB | RHEL 8.3 |
libcap-ng-python3 | rhel8-BaseOS | RHEL 8.5 |
libdazzle-devel | rhel8-CRB | RHEL 8.4 |
libdhash-devel | rhel8-CRB | RHEL 8.7 |
libdnf-devel | rhel8-CRB | RHEL 8.4 |
libdwarves1 | rhel8-CRB | RHEL 8.2 |
libecpg | rhel8-AppStream | RHEL 8.4 |
libecpg-devel | rhel8-CRB | RHEL 8.4 |
libepubgen-devel | rhel8-CRB | RHEL 8.4 |
libestr-devel | rhel8-CRB | RHEL 8.7 |
libgcab1-devel | rhel8-CRB | RHEL 8.6 |
libguestfs-appliance | rhel8-AppStream | RHEL 8.6 |
libnbd | rhel8-AppStream | RHEL 8.3 |
libnbd-bash-completion | rhel8-AppStream | RHEL 8.6 |
libnbd-devel | rhel8-AppStream | RHEL 8.3 |
libnetapi | rhel8-BaseOS | RHEL 8.8 |
libnetapi-devel | rhel8-CRB | RHEL 8.8 |
libnftnl-devel | rhel8-CRB | RHEL 8.2 |
libnumbertext | rhel8-AppStream | RHEL 8.4 |
libpgtypes | rhel8-AppStream | RHEL 8.4 |
libpinyin-devel | rhel8-CRB | RHEL 8.6 |
libpsl-devel | rhel8-CRB | RHEL 8.3 |
librabbitmq-tools | rhel8-AppStream | RHEL 8.10 |
libreoffice | rhel8-AppStream | RHEL 8.8 |
librepo-devel | rhel8-CRB | RHEL 8.4 |
librhsm-devel | rhel8-CRB | RHEL 8.4 |
libselinux-static | rhel8-CRB | RHEL 8.6 |
libsemanage-devel | rhel8-CRB | RHEL 8.3 |
libserf-devel | rhel8-CRB | RHEL 8.7 |
libslirp | rhel8-AppStream | RHEL 8.3 |
libslirp-devel | rhel8-AppStream | RHEL 8.3 |
libsmi-devel | rhel8-CRB | RHEL 8.4 |
libsndfile-utils | rhel8-AppStream | RHEL 8.8 |
libsolv-devel | rhel8-CRB | RHEL 8.4 |
libsolv-tools | rhel8-CRB | RHEL 8.4 |
libss-devel | rhel8-CRB | RHEL 8.6 |
libssh-config | rhel8-BaseOS | RHEL 8.1 |
libstoragemgmt-devel | rhel8-BaseOS | RHEL 8.3 |
libstoragemgmt-devel | rhel8-CRB | RHEL 8.3 |
libstoragemgmt-nfs-plugin | rhel8-AppStream | RHEL 8.7 |
libtimezonemap-devel | rhel8-CRB | RHEL 8.10 |
libtpms | rhel8-AppStream | RHEL 8.6 |
libtpms-devel | rhel8-AppStream | RHEL 8.6 |
libtraceevent | rhel8-BaseOS | RHEL 8.8 |
libtraceevent-devel | rhel8-CRB | RHEL 8.8 |
libtracefs | rhel8-BaseOS | RHEL 8.8 |
libtracefs-devel | rhel8-CRB | RHEL 8.8 |
libtsan2 | rhel8-AppStream | RHEL 8.7 |
libudisks2-devel | rhel8-CRB | RHEL 8.3 |
liburing-devel | rhel8-CRB | RHEL 8.3 |
liburing | rhel8-AppStream | RHEL 8.2 |
libuser-devel | rhel8-CRB | RHEL 8.6 |
libuv-devel | rhel8-CRB | RHEL 8.4 |
libverto-libev | rhel8-AppStream | RHEL 8.7 |
libvirt-daemon-driver-storage-iscsi-direct | rhel8-AppStream | RHEL 8.3 |
libvirt-wireshark | rhel8-AppStream | RHEL 8.6 |
libvma-utils | rhel8-AppStream | RHEL 8.9 |
libvoikko-devel | rhel8-CRB | RHEL 8.5 |
libwpe | rhel8-AppStream | RHEL 8.8 |
libwpe-devel | rhel8-CRB | RHEL 8.8 |
libxdp | rhel8-AppStream | RHEL 8.3 |
libxdp-devel | rhel8-CRB | RHEL 8.8 |
libxdp-static | rhel8-CRB | RHEL 8.8 |
libxkbfile-1.1.0-1.el8 | rhel8-AppStream | RHEL 8.3 |
libxmlb | rhel8-BaseOS | RHEL 8.3 |
libxmlb-devel | rhel8-CRB | RHEL 8.6 |
libXvMC-devel | rhel8-CRB | RHEL 8.3 |
libzstd-devel | rhel8-BaseOS | RHEL 8.2 |
libzstd | rhel8-BaseOS | RHEL 8.2 |
lld-test | rhel8-AppStream | RHEL 8.2 |
llvm-cmake-utils | rhel8-AppStream | RHEL 8.10 |
lmdb | rhel8-CRB | RHEL 8.8 |
lmdb-devel | rhel8-CRB | RHEL 8.6 |
lmdb-libs | rhel8-AppStream | RHEL 8.1 |
log4j | rhel8-AppStream | RHEL 8.6 |
log4j-jcl | rhel8-AppStream | RHEL 8.6 |
log4j-slf4j | rhel8-AppStream | RHEL 8.6 |
log4j-web | rhel8-AppStream | RHEL 8.8 |
lpsolve-devel | rhel8-CRB | RHEL 8.5 |
lucene | rhel8-AppStream | RHEL 8.4 |
lucene-analysis | rhel8-AppStream | RHEL 8.4 |
lucene-analyzers-smartcn | rhel8-AppStream | RHEL 8.4 |
lucene-queries | rhel8-AppStream | RHEL 8.4 |
lucene-queryparser | rhel8-AppStream | RHEL 8.4 |
lucene-sandbox | rhel8-AppStream | RHEL 8.4 |
lz4-java | rhel8-AppStream | RHEL 8.4 |
lz4-java-javadoc | rhel8-AppStream | RHEL 8.4 |
make43 | rhel8-AppStream | RHEL 8.7 |
make43-devel | rhel8-AppStream | RHEL 8.7 |
mariadb-pam | rhel8-AppStream | RHEL 8.4 |
marisa-devel | rhel8-CRB | RHEL 8.9 |
maven-openjdk11 | rhel8-AppStream | RHEL 8.2 |
maven-openjdk8 | rhel8-AppStream | RHEL 8.2 |
maven-openjdk17 | rhel8-AppStream | RHEL 8.6 |
maven-openjdk21 | rhel8-AppStream | RHEL 8.10 |
mdevctl | rhel8-AppStream | RHEL 8.3 |
memstrack | rhel8-BaseOS | RHEL 8.3 |
mercurial-chg | rhel8-AppStream | RHEL 8.7 |
micropipenv | rhel8-AppStream | RHEL 8.4 |
mingw32-spice-vdagent | rhel8-CRB | RHEL 8.2 |
mingw64-spice-vdagent | rhel8-CRB | RHEL 8.2 |
mobile-broadband-provider-info-devel | rhel8-CRB | RHEL 8.5 |
mod_auth_mellon-diagnostics | rhel8-AppStream | RHEL 8.1 |
modulemd-tools | rhel8-AppStream | RHEL 8.5c |
mpdecimal | rhel8-AppStream | RHEL 8.8 |
mpdecimal++ | rhel8-CRB | RHEL 8.8 |
mpdecimal-devel | rhel8-CRB | RHEL 8.8 |
mpdecimal-doc | rhel8-CRB | RHEL 8.8 |
mpich-doc | rhel8-AppStream | RHEL 8.4 |
mvapich2-devel | rhel8-AppStream | RHEL 8.4 |
mvapich2-doc | rhel8-AppStream | RHEL 8.4 |
mvapich2-psm2-devel | rhel8-AppStream | RHEL 8.4 |
mysql-selinux | rhel8-AppStream | RHEL 8.4 |
nbdfuse | rhel8-AppStream | RHEL 8.3 |
nbdkit-basic-filters | rhel8-AppStream | RHEL 8.3 |
nbdkit-curl-plugin | rhel8-AppStream | RHEL 8.3 |
nbdkit-gzip-filter | rhel8-AppStream | RHEL 8.6 |
nbdkit-gzip-plugin | rhel8-AppStream | RHEL 8.3 |
nbdkit-linuxdisk-plugin | rhel8-AppStream | RHEL 8.3 |
nbdkit-nbd-plugin | rhel8-AppStream | RHEL 8.6 |
nbdkit-python-plugin | rhel8-AppStream | RHEL 8.3 |
nbdkit-server | rhel8-AppStream | RHEL 8.3 |
nbdkit-ssh-plugin | rhel8-AppStream | RHEL 8.3 |
nbdkit-tar-filter | rhel8-AppStream | RHEL 8.6 |
nbdkit-tar-plugin | rhel8-AppStream | RHEL 8.6 |
nbdkit-tmpdisk-plugin | rhel8-AppStream | RHEL 8.6 |
nbdkit-vddk-plugin | rhel8-AppStream | RHEL 8.3 |
nbdkit-xz-filter | rhel8-AppStream | RHEL 8.3 |
netavark | rhel8-AppStream | RHEL 8.6 |
net-snmp-perl | rhel8-AppStream | RHEL 8.3 |
NetworkManager-cloud-setup | rhel8-AppStream | RHEL 8.2 |
NetworkManager-initscripts-updown | rhel8-BaseOS | RHEL 8.6 |
nftables-devel | rhel8-CRB | RHEL 8.6 |
nispor | rhel8-AppStream | RHEL 8.4 |
nispor-devel | rhel8-AppStream | RHEL 8.4 |
nginx-mod-devel | rhel8-AppStream | RHEL 8.6 |
nmstate-devel | rhel8-CRB | RHEL 8.6 |
nmstate-libs | rhel8-AppStream | RHEL 8.6 |
nmstate-plugin-ovsdb | rhel8-AppStream | RHEL 8.3 |
nodejs-full-i18n | rhel8-AppStream | RHEL 8.3 |
nodejs-packaging-bundler | rhel8-AppStream | RHEL 8.7 |
nss_wrapper-libs | rhel8-AppStream | RHEL 8.8 |
numatop | rhel8-BaseOS | RHEL 8.2 |
ocaml-libnbd | rhel8-CRB | RHEL 8.3 |
ocaml-libnbd-devel | rhel8-CRB | RHEL 8.3 |
oci-seccomp-bpf-hook | rhel8-AppStream | RHEL 8.3 |
oci-seccomp-bpf-hook | rhel8-BaseOS | RHEL 8.3 |
opae | rhel8-BaseOS | RHEL 8.3 |
openldap-servers | rhel8-CRB | RHEL 8.6 |
open-vm-tools-salt-minion | rhel8-AppStream | RHEL 8.7 |
open-vm-tools-sdmp | rhel8-AppStream | RHEL 8.3 |
opencv | rhel8-CRB | RHEL 8.5 |
openslp-devel | rhel8-CRB | RHEL 8.7 |
opentest4j | rhel8-AppStream | RHEL 8.4 |
osbuild | rhel8-AppStream | RHEL 8.3 |
osbuild-composer | rhel8-AppStream | RHEL 8.3 |
osbuild-composer-core | rhel8-AppStream | RHEL 8.4 |
osbuild-composer-dnf-json | rhel8-AppStream | RHEL 8.6 |
osbuild-composer-worker | rhel8-AppStream | RHEL 8.3 |
osbuild-depsolve-dnf | rhel8-AppStream | RHEL 8.10 |
osbuild-luks2 | rhel8-AppStream | RHEL 8.6 |
osbuild-lvm2 | rhel8-AppStream | RHEL 8.6 |
osbuild-ostree | rhel8-AppStream | RHEL 8.3 |
osbuild-selinux | rhel8-AppStream | RHEL 8.3 |
owasp-java-encoder-javadoc | rhel8-AppStream | RHEL 8.2 |
owasp-java-encoder | rhel8-AppStream | RHEL 8.2 |
pam_wrapper | rhel8-CRB | RHEL 8.7 |
pcm | rhel8-AppStream | RHEL 8.5 |
pcp-export-pcp2elasticsearch | rhel8-AppStream | RHEL 8.2 |
pcp-export-pcp2spark | rhel8-AppStream | RHEL 8.2 |
pcp-pmda-bpftrace | rhel8-AppStream | RHEL 8.2 |
pcp-pmda-denki | rhel8-AppStream | RHEL 8.6 |
pcp-pmda-hacluster | rhel8-AppStream | RHEL 8.4 |
pcp-pmda-mongodb | rhel8-AppStream | RHEL 8.6 |
pcp-pmda-mssql | rhel8-AppStream | RHEL 8.2 |
pcp-pmda-netcheck | rhel8-AppStream | RHEL 8.2 |
pcp-pmda-openmetrics | rhel8-AppStream | RHEL 8.2 |
pcp-pmda-openvswitch | rhel8-AppStream | RHEL 8.3 |
pcp-pmda-rabbitmq | rhel8-AppStream | RHEL 8.3 |
pcp-pmda-sockets | rhel8-AppStream | RHEL 8.4 |
pcp-pmda-statsd | rhel8-AppStream | RHEL 8.3 |
pcre2-tools | rhel8-CRB | RHEL 8.3 |
perl-AutoLoader | rhel8-AppStream | RHEL 8.6 |
perl-AutoSplit | rhel8-AppStream | RHEL 8.6 |
perl-autouse | rhel8-AppStream | RHEL 8.6 |
perl-B | rhel8-AppStream | RHEL 8.6 |
perl-base | rhel8-AppStream | RHEL 8.6 |
perl-Benchmark | rhel8-AppStream | RHEL 8.6 |
perl-blib | rhel8-AppStream | RHEL 8.6 |
perl-Class-Struct | rhel8-AppStream | RHEL 8.6 |
perl-Compress-Raw-Lzma | rhel8-AppStream | RHEL 8.6 |
perl-Config-Extensions | rhel8-AppStream | RHEL 8.6 |
perl-Convert-ASN1 | rhel8-AppStream | RHEL 8.2 |
perl-DBM_Filter | rhel8-AppStream | RHEL 8.6 |
perl-debugger | rhel8-AppStream | RHEL 8.6 |
perl-deprecate | rhel8-AppStream |