EuroLinux 9 Beta Release Notes

Technical changes between EuroLinux 9 and 8

Installer and image creation

In EuroLinux 9.0 you can now use a standalone smart card to both authenticate yourself and gain additional privileges via sudo.

For the typical cases of installing EuroLinux with a medium such as a disk interactively a Quality of Life tweak has been implemented: the Anaconda installer will now automatically activate a network connection if applicable (will try to obtain an address via DHCP).

You can now optionally permit a password-based root login via SSH or completely lock the root account in any case. (While the former is not recommended due to security and disabled in EuroLinux 9 by default, there are valid use cases which we support with this single easy switch)

Administrative tools

If you want to rename a network interface, it is recommended that you use systemd link files. Check man 5 systemd.link for more information.

Alternatively udev rules may be used. If you need to use the ifcfg tool, please install the initscripts package first since it is not installed by default.

Security

EuroLinux 9 provides OpenSSL version 3.0.0. Among other things, the concept of providers has been added, which means that different programs can use different security algorithms depending on their needs. You can imagine a situation where you have implemented solutions where one needs to use FIPS mode, while others need to maintain compliance with less secure policies.

This new version comes with a few security-related implications. The TLS-1.3 protocol requires that a PKCS#11 token supports raw RSA or RSA-PSS signatures.

If this is applicable to your scenario, please configure your software to use TLS up to TLS-1.2. Additionally please edit the file /etc/pki/tls/openssl.cnf and add this snippet at the very end of the [ crypto_policy ] section:

SignatureAlgorithms = RSA+SHA256:RSA+SHA512:RSA+SHA384:ECDSA+SHA256:ECDSA+SHA512:ECDSA+SHA384
MaxProtocol = TLSv1.2

Developer tools

Some of the newest and most reliable technology stacks for developers are available in the repositories. These include:

• Ant 1.10
• GCC 11.2
• Git 2.31
• Go 1.17.5
• LLVM 13
• Maven 3.6.3
• NodeJS 16
• OpenJDK 17.0.1
• PHP 8.0
• Perl 5.32
• Python 3.9
• Ruby 3.0
• Rust 1.56
• SVN 1.14

The EuroLinux 9 platform ships glibc 2.34, which will provide 10 years of business-class stability support and the same amount of software binary interface compatibility time. As a result, programs written today will work the same way 10 years from now.

Web servers and database engines

The following software is now available in our repositories:

HTTP servers:

• Apache HTTPD 2.4
• nginx 1.20

Proxy servers:

• Squid 5.1
• Varnish Cache 6.5

Database engines:

• MariaDB 10.5.12
• MySQL 8.0
• PostgreSQL 13
• Redis 6.2.6

Security Policies - SCAP Security Guide

The SCAP Security Guide has been updated to version 0.1.57 and made a number of changes from the counterpart we provide in EuroLinux 8:

• Removed deprecated SCAP 1.2 source data streams.
• Removed Bash profile remediation scripts to encourage more secure practices.
• Although references for EuroLinux 8 have been left in place, the current package is designed for EuroLinux 9 - please kindly use packages for older releases if you need to check them for security policies.

GNOME 40

GNOME has been updated to GNOME 40, a major step forward from EuroLinux 8's GNOME 3.32.2 , which includes many new features.

GNOME 40 includes a new and improved style, including the user interface, icons and desktop, The Activities look and feel provides a better experience when working, launching applications and arranging your personal workspace - workspaces are now arranged horizontally and the window overview and application grid are available vertically.

Many Quality of Life improvements have also been added, including:

• running the software using a separate graphics card by right-clicking and selecting the appropriate option
• The ability to mute notifications by selecting Do not disturb, which will appear as a separate button in the notification
• Each screen can use a different refresh rate
• The Activities program allows you to group application icons into folders using a drag-and-drop method
• provide the ability to fractionally scale the display

Notable changes

EuroLinux 9 provides refreshed and updated versions of the following packages:

• m4 was updated from version 1.4.18 to 1.4.19
• xdp-tools was updated from version 1.1.1 to 1.2.1
• openchange was updated from 2.3 (version) 37 (release) to 2.3 (version) 38 (release)
• tigervnc was updated from 1.11.0 (version) 20 (release) to 1.11.0 (version) 21 (release)

We expect updated versions of these packages to be available in the GA version of RHEL.

Known issues

• Dotnet is not available at the moment. ~~Fix will arrive next week (the first week of march)~~ Update: It's planned for release with ARM Beta
• We are waiting for Secure Boot; as you can see here https://github.com/rhboot/shim-review/issues, it is a long process
• ~~There is only minimal ISO. AppStream complete ISO be published next week (the first week of April)~~ Update: AppStream ISO is available.
• SCAP is not usable. A fix will arrive with EuroLinux 9 beta for ARM64
• Until GA we will not rebuild other Enterprise Linuxes as it is pointless
• There might be branding issues. If you find one, please create an issue in our public bug tracker
• Migration scripts worked well in our tests. We were able to migrate from CentOS Stream 9 and Red Hat Enterprise Linux 9 beta. Because EuroLinux 9 and Red Hat Enterprise Linux 9 are in the beta stage, in the meantime, CentOS Stream 9 is heavily developed. We won't provide assistance and support for migration until the GA of EuroLinux 9.
• EuroLinux 9 beta is not officially supported for production uses
• We will update this section when fixes arrive, or new issues arise..

Batteries repositories

The battery repository is available for customers with Golden Key and Gaia subscriptions. There are about 1000 packages that are not part of any build (so they are not included in EuroLinux Open Build roots) but are required to rebuild EuroLinux/Custom Fork from RHEL or Eurolinux sources.

EuroLinux 9 for ARM

EuroLinux for ARM will use an updated Gaia rebuild stack. We decided that this is an ideal testbed because ARM64 is not as popular as x86_64 architecture. It also allowed us to create x86_64, open build roots for i686 and x86_64 and batteries repos faster. Because creating EuroLinux 9 beta took us about four weeks, ARM should take about two weeks, after updating Gaia Stack, as we have all the necessary batteries and build orders figured out.

Gaia updates

New Gaia used to rebuild EuroLinux 9 for ARM64 is even more distributed.

There are new commands in Gaia:

• new automodule-update Gaia subcommand, that well - automatically updates modules. No more manual config changes for modules
• new automodule-merge Gaia subcommand. This command uses multiple input files (RH/EuroLinux modules files + result build + custom files) to create an updated module definition

Other notable changes:

• Striga now creates automodule-* commands
• Striga can create --partial commands for module rebuild
• Vardoger now supports config files that allows ignoring chosen tests/levels for selected RPMs
• A lot of new configs for EuroLinux 9

We will also update hardware requirements for rebuild, including reference build servers for ARM and PowerPC. The rebuilds will start with the release of EuroLinux 9. It will also require updated infrastructure.

Container and cloud images

You can use the following publicly available images for EuroLinux 9 beta

• EuroLinux 9 Beta Vagrant Boxes (libvirt/VMware Workstation/VirtualBox)
• EuroLinux 9 Beta Container on the Docker Hub
• EuroLinux 9 Beta Container on the Quay.io

Additional resources

• Download EuroLinux ISO
• Download EuroLinux ISO secondary download
• EuroLinux universal migration scripts
• EuroLinux Public Request for Change and Bug Tracker
• Red Hat 9.0 beta Release Notes parts of our release notes are loosely based on this document.