Author Topic: Rocky Linux 9 comes with everything you need to replicate the distro on your own  (Read 116 times)

Online javajolt

  • Administrator
  • Hero Member
  • *****
  • Posts: 35127
  • Gender: Male
  • I Do Windows
    • windows10newsinfo.com
Rocky Linux is more than just a CentOS clone. With its Peridot build system, anyone can reproduce Rocky Linux from scratch.

A little over a year ago, Rocky Linux arrived, and it was an instant hit. Rocky Linux, the brainchild of CentOS co-founder and high-performance computing (HPC) veteran Gregory Kurtzer has come a long way since then. First, the Linux distro became available on the major public clouds. Now, Rocky Linux 9, a Red Hat Enterprise Linux (RHEL) 9 clone, has arrived.

But, Rocky Linux 9 is not just another RHEL clone. True, like its rivals, such as AlmaLinux 9, it is based on CentOS Stream and duplicates RHEL 9's functionality. But, to me, the real killer difference is that the new Rocky Linux comes with an open-source build system called Peridot.

As Kurtzer, CEO of HPC company CIQ and founder of the Rocky Enterprise Software Foundation (RESF), Rocky Linux's parent organization, explained, "When we release any version of Rocky Linux, it is more than just a bunch of binaries, package repositories, and installers. But, with version 9, CIQ has created a completely cloud-native build stack called Peridot, which we have given to the RESF and released as open source."

That means with Peridot, as Kurtzer continued, "anyone can create, build, enhance and manage Rocky Linux as we do. Additionally, every Rocky Linux release is built 100% in the open, by the community, for the community. They ship with all of our infrastructure and secure material like keys and secure boot shims being managed by the RESF. This is our commitment to our users and community from day one, ensuring that Rocky Linux will always be freely available and community controlled."

Peridot works. It was used to build Rocky Linux 9 for the x86_64, aarch64, s390x, and ppc64le architectures. While in its first iteration Rocky Linux 9 wasn't available quickly. Looking ahead, RESF believes that new Rocky versions can be released within a week of each RHEL new version release. Peridot's source code is already available at It will soon be easily installable via Helm Charts for anyone to leverage.

This is a big deal because after Red Hat closed the popular Linux distro CentOS down to create CentOS Stream, it wasn't easy to build a fresh RHEL clone. Even with Linux experts at the helm at AlmaLinux and Rocky Linux, it took months. Thanks to Peridot, Rocky Linux will always be available no matter what happens.   

In short, since Rocky Linux uses only open-source tools to deliver a completely reproducible operating system, there won't be a repeat of the CentOS 8 end-of-life problems. Looking ahead, you can use Rocky Linux without worrying about leaving your servers high and dry.

As for Rocky Linux 9 itself, its new features include:

Security Enhancements

   • SHA-1 message digest for cryptographic purposes has been deprecated, as the cryptographic hash
      functions produced by SHA-1 are no longer considered secure.

   • OpenSSL is now version 3.0.1 with many improvements, including a provider concept, a new
      versioning scheme, an improved HTTP(S) client, support for new protocols, formats, algorithms,
      and more.

   • OpenSSH is now version 8.7p1 with many improvements, most notably the replacement of the
      SCP/RCP protocol with the SFTP protocol, which offers more predictable filename handling.

   • SELinux performance, memory overhead, time to load, and more have been substantially improved.

   • Rocky Linux 9 supports automatic configuration of security compliance settings for PCI-DSS, HIPAA,
      DISA, and others directly through the Anaconda installer, saving time and effort to meet
      complicated requirements.

New Networking Features

   • mptcpd or MultiPath TCP Daemon can be used instead of iproute2 to configure MultiPath TCP
      endpoints.

   • NetworkManager now uses key files to store new connection profiles as a default but still supports
      the use of ifcfg.

   • iptables-nft and ipset are now deprecated, which included the utilities, iptables, ip6tables, ebtables,
      and arp tables. These are all replaced by the nftables framework.

   • Network-scripts package has been removed. Use NetworkManager to configure network
      connections.

source