Enterprise Linux Distributions
Enterprise Linux
Enterprise Linux (EL) broadly references to all Linux distributions compatible to Red Hat Enterprise Linux (RHEL)
- Widely used by commercial and public institutions
- Many hardware and software vendors support RPM based Linux distributions
Life cycle for the major releases 1:
Release | EOL |
---|---|
7.0 … 7.9 | …2024/06 |
8.0 … 8.10 | 2019 … 2029 |
9.0 … 9.10 | 2022 … 2032 |
Upstream
Fedora ELN
CentOS Stream is bootstrapped from Fedora ELN (Enterprise Linux Next)
- ..Fedora rawhide rebuild…
- …curated sub-set of packages (~2500 in CentOS Stream vs ~20000 in Fedora).
- ..with RHEL RPM macros and compiler build flags
- …trimmed dependency tree (according to business requirements)
- Several mass re-builds during bootstrap phase (synchronously bootstraps RHEL).
Building blocks 2…
- Content Resolver…
- https://tiny.distro.builders/
- …determine build-time dependencies
- DistroBuildSync…
- https://gitlab.com/redhat/centos-stream/ci-cd/distrosync/distrobuildsync
- …rebuild packages based on Content Resolver
- Pungi…
- https://docs.pagure.org/pungi
- …compose RPM repositories, install media, container images…
References…
- Fedora ELN Documentation
- CentOS Stream: stable and continuous, FOSDEM’22 2022/02
- Fedora Council update: ELN SIG, 2022/03
CentOS Stream
Description | Link |
---|---|
Documentation | https://docs.centos.org |
…wiki | https://wiki.centos.org |
…blog | https://blog.centos.org |
…mailing list | https://lists.centos.org |
…Youtube | https://www.youtube.com/@TheCentOSProject |
Images | … |
…Quay | https://quay.io/repository/centos/centos |
…Docker | https://hub.docker.com/_/centos |
…Vagrant | https://app.vagrantup.com/centos |
Mirrors | https://www.centos.org/download/mirrors |
Bug tracking | https://bugs.centos.org |
Communication | … |
…Connect Conference | https://connect.centos.org |
…Mastedon | https://fosstodon.org/@centos |
- …bootstrapped from Fedora ELN
- Continuously delivered distro (rolling release)…
- …tracks just ahead of Red Hat Enterprise Linux (RHEL) development…
- …positioned as a midstream between Fedora Linux and RHEL
Timeline for CentOS Linux and CentOS Stream sponsorship by Red Hat:
- Updates for the CentOS Linux 7 distribution continue as before until June 30, 2024.
- There will not be a CentOS Linux 9.
- Updates for the CentOS Stream 8 distribution continue through the full RHEL support phase.
- CentOS Stream 9 available since Q4 2021 as part of the RHEL 9 development process.
- Reference…FAQ: CentOS Stream Updates
https://www.redhat.com/en/blog/faq-centos-stream-updates
Why was CentOS Stream created?
- Shortening the feedback loop for ecosystem developers - including OEMs, ISVs, and Application Developers - to contribute their changes. By working in CentOS Stream between Fedora and RHEL, ecosystem developers will be working on a rolling preview of what’s coming in the next RHEL release. This will allow them to make changes much faster than they can today.
- Developing in the open. Currently, much of RHEL development is done with many of our ecosystem partners working behind Red Hat’s firewall. CentOS Stream enables Red Hat and the larger community to do as much transparent development as possible in what will become the next release of RHEL.
- Enabling access to innovation faster. Beginning with the release of RHEL 8, Red Hat committed to releasing major versions of RHEL every three years and minor releases every six months. Adhering to this faster and more predictable cadence means that we need a midstream development environment that anyone can contribute to. That environment is CentOS Stream.
- Providing a clear method for the broader community to contribute to RHEL releases. When Fedora was RHEL’s only upstream project, most developers were limited to contributing only to the next major release of RHEL. With CentOS Stream, all developers will be able to contribute new features and bug fixes into minor RHEL releases as well.
OpenELA
OpenELA 3 …provides open/free Enterprise Linux (EL) source code:
- …non-profit trade association …founded by CIQ, Oracle, and SUSE
- …source code for all packages required to build an EL distribution
- …consistent and secure upstream location EL source code
- …encourage development/collaboration of distributions
- …used to develop/maintain 1:1 downstream derivatives of EL
- …exists to enable the binary-producing Linux distributions
Package source code (aka SPEC files) hosted at:
Downstream
Replacement projects for the original CentOS…enterprise-grade, production-ready Linux in the form of a (100% binary compatible) downstream release of RHEL. The AlmaLinux project provides an comparison over the available Enterprise Linux (EL) distributions:
https://wiki.almalinux.org/Comparison.html
CloudLinux commits an annual $1 million endowment and leads the development & maintenance of AlmaLinux. CloudLinux has more than a decade of experience with RHEL fork, as owner of the CloudLinux OS. AlmaLinux’s prominent partners include AWS, Equinix, cPanel and Plesk, essentially leaders of the hosting community…Gregory Kurtzer, the original founder of CentOS heads the development of Rocky Linux. Rocky Linux is community-driven and does not have commercial developers the way AlmaLinux does. The prominent sponsors of Rocky Linux include AWS and Google Cloud
CentOS Replacement: AlmaLinux vs Rocky Linux
https://www.expertvm.com/centos-replacement-almalinux-rocky-linux/
Governing Organizations
Comparison…
- The AlmaLinux Foundation (Delaware Reg. 5561017) was created as a 501(c)(6) non-profit (the same as the Linux Foundation) in order to put OWNERSHIP of the OS, the Intellectual Property and the direction of the project into the hands of the community. By joining as a member (100% free for community members) you have the right and the ability to vote on board members and the direction of the project and other decisions as they will come up in the future. [^alof]
- The Rocky Enterprise Software Foundation (RESF) is a Public Benefit Corporation (PBC) formed in Delaware (file number 4429978). The RESF was founded and is owned by Gregory Kurtzer and is backed by an advisory board of trusted individuals and team leads from the Rocky Linux community. [^resf]
The chief difference between a non-profit corporation and a benefit corporation…
…- sometimes called a B Corporation - is the ownership factor. There are no owners or shareholders in a non-profit company. A benefit corporation, however, does have shareholders who own the company…A traditional non-profit (or not-for-profit) company aims to serve a public benefit without making a profit…If a non-profit company decides to stop doing business and dissolve, it must distribute its assets among other non-profits…The shareholders of a benefit corporation actually own the company as well as its assets…If a benefit corporation decides to stop doing business and dissolves, the shareholders receive the proceeds of the sales of assets, after liabilities are paid. [^npbp]
References:
[^alof] The AlmaLinux OS Foundation
https://wiki.almalinux.org/Transparency.html
https://almalinux.org/p/foundation-bylaws/
https://almalinux.org/blog/what-almalinux-foundation-membership-means-for-you/
[^resf] Rocky Enterprise Software Foundation (RESF)
https://rockylinux.org/organizational-structure
[^npbp] Non-Profit Corporation vs Public Benefit Corporation
https://www.delawareinc.com/blog/non-profit-corporation-vs-public-benefit-corporation/
Why is Rocky Linux a PBC?
- Kurtzer talked at length about the governance of Rocky Linux and the fact that he created a B (public benefit) Corporation rather than a 501(c) (non-profit) for the Rocky Enterprise Software Foundation,…“What I’ve learned along the way is that a 501(c) anything is not a guarantee of integrity and honesty and good behavior… and I said to myself, if I’m going to do this, I don’t want to put myself in that environment again.” [^trgg]
- Based on the experience from the CentOS project G. Kurtzer decided against a non-profit [^gkfc]: The process was started by Greg to create a 501c3 non-profit entity - the Caos Foundation - which would host the CentOS Project. There was a framework being created to cover governance, funding, and organizing volunteer effort. Unfortunately, the individual who came up with the name ‘CentOS’ also owned the domain name, and declined to release it to the foundation as promised… Multiple accounts of the original struggle on the CentOS project in the middle of 2009 are documented [^rhpd] [^wucp]: …developers accuse project co-founder Lance Davis of putting the entire project at risk by disappearing from everyday involvement without ceding control to others.
- From the Rocky Linux Community Update - June 2021 [^rlcu]: RESF is a Public Benefit Corporation (PBC) formed in Delaware (file number 4429978), backed by a board of advisors with access control policies that utilize the principle of least privilege and separation of duty to ensure that no action can be taken unilaterally (not even by the legal owner, Gregory Kurtzer). For more information, see our Organizational Structure.
- From the RESF Community Charter [^rlcc]: The Rocky Enterprise Software Foundation is responsible and accountable only to the community that consumes its projects. RESF shall be structured and governed in a way that ensures that no single entity, organization, corporation, association, etc. will be permitted to have a controlling influence over the RESF or its projects….the work generated by the RESF and its community will be released under an existing OSI permissive open source license (non-copyleft).
References…
[^trgg] Interview with Greg Kurtzer, The Register (2021/07/09)
https://www.theregister.com/2021/07/09/centos_stream_greg_kurtzer/
[^rhpd] Red Hat Enterprise clone poised to ‘die’ (2009/07/30)
https://www.theregister.com/2009/07/30/centos_open_letter/
[^wucp] What is up with the CentOS project (2009/07/30)
https://misterd77.blogspot.com/2009/07/what-is-up-with-centos-project.html
https://lists.centos.org/pipermail/centos/2009-July/079767.html
[^rlcu] Rocky Linux Community Update - June 2021
https://forums.rockylinux.org/t/community-update-june-2021/3260
[^rlcc] Rocky Enterprise Software Foundation - Community Charter
https://forums.rockylinux.org/t/community-charter
RockyLinux
Description | Link |
---|---|
Media | … |
…CIQ blog | https://ciq.co/blog |
Download | https://rockylinux.org/download |
Container images | https://quay.io/repository/rockylinux/rockylinux https://hub.docker.com/u/rockylinux |
Vagrant box | https://app.vagrantup.com/rockylinux |
Mirrors | https://mirrors.rockylinux.org |
RPM repository | https://download.rockylinux.org/pub/rocky |
…old releases | https://download.rockylinux.org/vault/rocky/ |
…source repositories | https://github.com/rocky-linux |
…public repositories | https://git.rockylinux.org |
Build Services | https://distrobuildstg.rockylinux.org |
…incoming | https://incoming.releng.rockylinux.org |
Koji | https://koji.rockylinux.org |
Mail lists | https://lists.resf.org/ |
Bug tracker | https://bugs.rockylinux.org |
AlmaLinux
AlmaLinux
https://almalinux.org
Description | Link |
---|---|
Public repositories | https://github.com/AlmaLinux |
Download | https://mirrors.almalinux.org/isos.html |
Container images | https://quay.io/repository/almalinux/almalinux https://hub.docker.com/_/almalinux |
Vagrant box | https://app.vagrantup.com/almalinux |
RPM repository | https://repo.almalinux.org/ https://mirrors.almalinux.org/ |
…old releases | https://repo.almalinux.org/vault/ |
Mail lists | https://lists.almalinux.org |
Bug tracker | https://bugs.almalinux.org |
CentOS
Original CentOS it supported until EOL of CentOS 7 an has been replaced by CentOS Stream
Major release | EOL |
---|---|
CentOS 6 | 2020/11 |
CentOS 7 | 2024/06 |
CentOS 8 | 2021/12 |
- Built from publicly available open-source source code provided by Red Hat
- Aims to be functionally compatible with Red Hat Enterprise Linux
- Support EOL (end of live) according to the CentOS FAQ:
- Cf. Wikipedia, CentOS Releases
- Upgrade between major releases not supported nor recommended by CentOS.
Expected delays after upstream publishes updates, and new releases:
Update | Time |
---|---|
Package | <72 hours |
Point release | 4-8 weeks |
Major release | month |
Version conventions:
- Major branch, i.e. CentOS-7
- Minor (point in time) versions of major branch
- Date code included in minor versions, i.e. CentOS-7 (1406) means June 2014
- Updates only for the latest (minor) version of each major branch
- Minor version are snapshots of previous updates rolled into a new repo
Repo | Description |
---|---|
base | Packages that form CentOS (minor) point releases |
updates | Security, bugfix or enhancement updates, issued between the regular update sets for point releases |
addons | Packages not provided by upstream, used to build the CentOS distribution |
Kernel
ABI
Kernel Application Binary Interface (kABI)…
- …set of in-kernel symbols used by drivers and other kernel modules
kernel-abi-stablelists
packages…- …lists stable interfaces provided by the kernel
- …safe for long-term use by third-party loadable drivers
- …recommended to recompile kernel modules against every minor release
rpm -ql kernel-abi-stablelists /lib/modules/kabi-current
kABI breakage possible if required to resolve a critical security issue
ABI policy across the versions…
- …EL 8 …valid across all minor releases
- …EL 9 …unique to each minor release (…change from previous version)
Versions
Identify the current release version and kernel version:
>>> date ; cat /etc/redhat-release ; uname -r
Thu May 5 12:07:32 CEST 2022
AlmaLinux release 8.5 (Arctic Sphynx)
4.18.0-348.20.1.el8_5.x86_64
Anatomy of a kernel package versions:
kernel-0:4.18.0-348.12.2.el8_5.x86_64
| | |
| | `------------------ Red Hat Patch level
| `---------------------- Red Hat kernel version
`----------------------------- Upstream kernel version
References…
- Red Hat Enterprise Linux Release Dates
An individual minor release gets security updates:
# example if updates to the kernel package of the 8.5 release
>>> dnf repoquery kernel
Last metadata expiration check: 0:24:33 ago on Thu May 5 11:31:10 2022.
kernel-0:4.18.0-348.12.2.el8_5.x86_64
kernel-0:4.18.0-348.2.1.el8_5.x86_64
kernel-0:4.18.0-348.20.1.el8_5.x86_64
kernel-0:4.18.0-348.23.1.el8_5.x86_64
kernel-0:4.18.0-348.7.1.el8_5.x86_64
kernel-0:4.18.0-348.el8.x86_64
# .. from the RPM repository
>>> curl http://mirror.test.gsi.de/alma/8.5/BaseOS/x86_64/os/Packages/. -s \
| sed 's/<[^>]*>/ /g ; /^$/d' \
| tr -s ' ' | cut -d' ' -f2 | grep ^kernel-4.18
kernel-4.18.0-348.2.1.el8_5.x86_64.rpm
kernel-4.18.0-348.7.1.el8_5.x86_64.rpm
kernel-4.18.0-348.12.2.el8_5.x86_64.rpm
kernel-4.18.0-348.20.1.el8_5.x86_64.rpm
kernel-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-4.18.0-348.el8.x86_64.rpm
Enterprise Linux 8
Based on upstream Linux kernel 4.18:
Release | General Availability Date | Kernel Version |
---|---|---|
8.8 | 2023-05-16 | 4.18.0-477.10 |
8.7 | 2022-11-09 | 4.18.0-425 |
8.6 | 2022-05-10 | 4.18.0-372.9.1 |
8.5 | 2021-11-09 | 4.18.0-348 |
8.4 | 2021-05-18 | 4.18.0-305 |
8.3 | 2020-11-03 | 4.18.0-240 |
8.2 | 2020-04-28 | 4.18.0-193 |
8.1 | 2019-11-05 | 4.18.0-147 |
8 | 2019-05-07 | 4.18.0-80 |
Enterprise Linux 9
Based on upstream Linux kernel 5.14:
Release | General Availability Date | Kernel Version |
---|---|---|
9.2 | 2023-05-10 | 5.14.0-284.11.1 |
9.1 | 2022-11-15 | 5.14.0-162 |
9.0 | 2022-05-17 | 5.14.0-70.13.1 |
Package Errata
Package errata are listings from the package manager (upstream) with updates for when CVE’s and vulnerabilities are found.
Red Hat
Red Hat Security Advisories (RHSA) inform customers about security flaws for all Red Hat products:
https://access.redhat.com/security/security-updates/#/security-advisories
RHSA are continuously published to a announcement mailing list:
https://www.redhat.com/archives/rhsa-announce/
Security issues receiving special attention by Red Hat are documented by Vulnerability Responses:
https://access.redhat.com/security/vulnerabilities
Data related to security is programmatically available with the Red Hat Security Data API. Red Hat customers may have access to Extended Update Support (EUS) which provides update channels to stay with a minor version of the base OS. The support time frames are explained at Red Hat Enterprise Linux Life Cycle.
Information is kept in the UPDATEINFO.XML
file for each repository upstream.
- Use the yum-plugin-security plugin, to list all vulnerable packages
yum list-sec cves
- Update any package that has listed errata with
yum update --security
CentOS
CentOS Security Advisories (CESA) are continuously published to the announcement mailing list:
https://lists.centos.org/pipermail/centos-announce/
CESA follows RHSA on its respective mailing-lists closely keeping the same naming convention.
Packages distributed by the CentOS repositories do not provide security errata information!
CentOS does not have official errata: the CentOS upstream repos do not have an UPDATEINFO.XML
CentOS Errata for Spacewalk (CEFS) imports security errata information from the CentOS announce mailing list and provides it to a Spacewalk server:
Following scripts are bases on the security errata XML file published by CEFS.
- The script generate_updateinfo creates an
updateinfo.xml
file to be published on a CentOS package repository mirror. - The Centos-Package-Cron reports advisories by mail related to packages installed on a specific node.
Appstream
AppStream (Application Stream) allows to install multiple versions of a user space component.
- Each AppStream component has a given life cycle
- Packaged as RPM modules or individual RPM packages
Modules are collections of packages representing a logical unit.
- Module streams represent versions of the AppStream components.
- Each of the streams receives updates independently.
- Active streams give the system access to the RPM packages within the particular module stream
- Only one stream of a particular module can be active at a given point in time
- Module may have a default stream which usually provides the latest or recommended version of the component.
[d]
flag marks a default stream. - Not all modules are compatible with all other modules.
- Modular dependencies are an additional layer on top of regular RPM dependencies.
- System will always retain the module and stream choices, unless explicitly instructed to change them.
Select a module with a module specification:
<name>:<stream>:<version>:<context>:<arch>/<profile>
# using ruby as example module
dnf module list # list all available modules
dnf module list ruby* # list specific modules by name
dnf module info ruby # details, package list
dnf module install ruby:2.6
dnf install @ruby:2.6 # install a specific modules in a specific version
# or
dnf module enable ruby:2.6 # make a module default, and active
dnf install ruby
Switch to a later stream:
# i.e. ruby 2.5 is installed
dnf distro-sync
dnf module reset ruby
dnf module enable ruby:2.6
# update to the ruby 2.6 stream
dnf disto-sync
Fedora Project
Description | Link |
---|---|
Project | https://start.fedoraproject.org |
Documentation | https://docs.fedoraproject.org |
…wiki | https://fedoraproject.org/wiki |
Install… | https://getfedora.org |
…Quay | https://quay.io/repository/fedora/fedora |
…Docker | https://hub.docker.com/_/fedora |
…Vagrant | https://app.vagrantup.com/fedora |
Community | … |
…magazine | https://fedoramagazine.org |
…planet | http://fedoraplanet.org |
…Youtube | https://www.youtube.com/fedoraproject |
…Mastodon | https://fosstodon.org/@fedora |
Packages | … |
…search | https://packages.fedoraproject.org |
…source | https://src.fedoraproject.org |
…Bodhi | https://bodhi.fedoraproject.org |
…Koji | https://koji.fedoraproject.org |
Infrastructure | … |
…issues | https://pagure.io/fedora-infrastructure/issues |
…Copr | https://copr.fedorainfracloud.org |
EPEL
Extra Packages for Enterprise Linux (or EPEL)…
- …Fedora Special Interest Group (SIG)
- …high quality set of additional packages for Enterprise Linux
# CentOS 7
yum install -y epel-release
# EL 8
dnf insyall -y epel-release
Maintained in similar ways to the Enterprise packages…
- …updates must spend at least 1 weeks in the testing repository…
- …avoid situations that require manual intervention
- …keep the package functioning after update
- …kernel modules not allowed (can disturb the base kernel)
- EPEL 8 or later…
- …permits to have module streams…
- …packages with alternate versions to those provided in RHEL
References…
- Fedora EPEL Documentation
- Fedora EPEL RPM Repository
- Fedora EPEL Package Maintenance and Update Policy
PowerTools
The PowerTools repository is not enabled by default…
# ...install DNF plugins package and the EPEL repository
dnf install -y dnf-plugins-core epel-release
# ...enable the PowerTools Repository
dnf config-manager --set-enabled powertools
Contains a number of packages required as dependencies…
- …when installing other applications
- …mostly building applications from source code
CoreOS
Automatically updating, minimal, monolithic, container-focused operating system, designed for clusters. Its goal is to provide the best container host to run containerized workloads securely and at scale. [feddoc]
- Rolling release with two week release cycles
- Provides minimal OS optimized to run containers
- Pre-installed Container runtimes like
runc
andpodman
- Pre-installed Container runtimes like
- Immutable host with read only
/usr
(changes should be considered ephemeral (disposable)) - Atomic update and rollback with
ostree
andrpm-ostree
[rpmost] - Perform initial system configuration with Ignition [ign]…
- …utility used to manipulate disks during the initramfs…
- …partitioning disks, formatting partitions, writing files (regular files, systemd units, etc.), and configuring users
- Translates human readable Butane Configs [butane] into machine readable Ignition Configs
References…
- Fedora CoreOS Documentation
- Fedora CoreOS Design Document
- rpm-ostree Documentation
- Ignition Project
- Butane Project
Third-Party Repositories
All EL distributions use RPM packages. List of related package repositories:
Name | Description |
---|---|
EPEL | https://fedoraproject.org/wiki/EPEL |
ELRepo | http://elrepo.org |
Software Collections | https://www.softwarecollections.org |
RPM Fusion | https://rpmfusion.org |
RPM Sphere | https://rpmsphere.github.io |
Footnotes
Red Hat Enterprise Linux Life Cycle
https://access.redhat.com/support/policy/updates/errata↩︎Fedora ELN: Putting the RHELish on the Beefy Miracle, 2022/10
https://www.youtube.com/watch?v=yVtwKlsqMAI
https://sgallagh.fedorapeople.org/eln_nest_2022.pdf↩︎OpenELA, Open Enterprise Linux Association
https://openela.org
https://github.com/openela
https://github.com/openela-main↩︎