December 1, 2022

What's New in Rocky Linux 9.1

Operating Systems

Rocky Linux 9.1 is already here, less than two weeks after RHEL 9.1 was released. According to the official announcement, it is now generally available for the x86-64, aarch64, ppc64le, and s390x architectures. 

In this blog, our expert, who is a contributor to the Rocky Linux project and worked on the Testing Team for this release, explains what's new in Rocky Linux 9.1 and what teams can expect in future 9.x releases.

About the Rocky Linux 9.1 Release

Rocky Linux 9.1 was built using the project’s custom Peridot tool. Peridot is a custom distribution build and release system that leverages Kubernetes orchestration. It was first introduced in Rocky Linux 9 to enable more customization for different use cases.

Rocky Linux 9.1 Release Date 

Rocky Linux 9.1 was released on November 26, 2022.

The Release Engineering, Infrastructure, and Testing Teams worked throughout the Thanksgiving week to get Rocky Linux 9.1 built, tested, and released. Mirrors started to receive the Rocky Linux 9.1 artifacts late on November 24, which was Thanksgiving Day. Once most of the mirrors had synced the 9.1 files on Saturday, November 26, the repo bits were flipped and Rocky Linux 9.1 was officially released.

Rocky Linux 9.1 Support Lifecycle

The support lifecycle for Rocky Linux is ten years. Rocky Linux 9 was released on July 14, 2022, and May 31, 2032 has been set as the end-of-life date for 9.x releases. 

Other Notable Details 

Rocky Linux 9.1 was released just 10 days after RHEL 9.1, whereas Rocky Linux 9 trailed RHEL 9's release by 58 days. Rocky Linux isn’t the fastest RHEL-rebuild distribution to release new versions*, but compared to the 34-day average release lag for CentOS Linux 7 or the 52-day average release lag for CentOS Linux 8, it is releasing faster than the distribution it is intended to replace.

*major and minor releases, not including package updates

Rocky Linux 9.1 Key Changes and Features 

There are quite a few updates and changes in Rocky Linux 9.1 of varying importance depending on how much you rely on them. In this section, I’ll focus on those that I think are likely to have the most impact in terms of user experience.

  • Anyone who has had to perform SELinux relabeling most likely agrees that it takes longer than is ideal. That was due to the relabeling process using only a single core. In Rocky Linux 9.1, relabeling uses all available cores by default, which reduces the time it takes to complete this task.
     
  • Keylime is a new tool in Rocky Linux 9.1 that uses TPM hardware to ensure cryptographic trust for remote systems. It will be interesting to see how this tool blossoms!
     
  • ReaR, another Open Source package that I have been involved with, now offers the ability to execute pre- and post-recovery commands.
     
  • The chrony time synchronization client now supports DHCPv6 NTP servers.
     
  • In this release, pcs no longer requires a system restart to update multipath SCSI devices. 
     
  • New PHP 8.1 and Ruby 3.1 module streams have been added.
     
  • The httpd package no longer contains the core httpd files. These are now provided by the new, aptly named, httpd-core package.

You can read the full release notes to find more details about these and other changes in Rocky Linux 9.1.

Rocky Linux 9.1 Migration and Upgrade Considerations

OpenSSH and OpenSSL received a few updates which may impact users who update from EL 9.0 or who are using EL 9.x for the first time. Specifically, how crypto-policies are handled is a little different — 2048-bit RSA key length is now default, and SHA-1 signatures are available without setting the system-wide policy to LEGACY.

Support for RSA keys shorter than 1023 bits has also been restricted.

What to Expect in Future Rocky Linux 9.x Releases

Earlier this month, I participated in an OpenLogic panel with Perforce Software's Javier Perez (Chief OSS Evangelist) and two experts from the Rocky Enterprise Software Foundation: Brian Clemens (Project Manager) and Louis Abel (Release Engineering Lead). We discussed Rocky Linux 9.1 and the development roadmap for future Rocky Linux releases. Click the video below to watch!

 

As we discussed in the webinar, the Rocky Linux Security Team has been diligently working to obtain certifications for Rocky Linux, including FIPS validation 140-3. While it’s true that FIPS support was available in CentOS, CentOS was FIPS capable, but uncertified. Currently, Rocky Linux is in the same situation, but thanks to a very large contribution by CIQ, Rocky Linux 9.2 is slated to be fully FIPS certified.

Rocky Linux Special Interest Groups (SIGs) are also gaining momentum within the Rocky Linux community, opening up future extensions to the distribution. SIG/Core, SIG/AltArch, and SIG/Cloud are among the most active and are typically looking for new members to help drive Rocky Linux into the future.

Finally, as Peridot matures and the Rocky Linux Testing Team’s processes become more streamlined, we should see increasingly shorter lags between distribution releases while maintaining the same quality Rocky Linux users have come to expect.

Final Thoughts

As with previous Rocky Linux releases, 9.1 was designed to be 100% bug-for-bug compatible with RHEL 9.1. The lag time between this release and the upstream version was significantly shorter than with Rocky Linux 9, which came out 58 days after RHEL 9. The Rocky Linux community has always championed quality over speed, but with Rocky Linux 9.1, it seems like both have been achieved. 

Get SLA-Backed Support For Your Enterprise Linux 

If you want assistance planning a migration to Rocky Linux, optimizing your deployments, or need extended support for EOL CentOS, OpenLogic can help. 

Talk to a Linux Expert

Additional Resources