Enterprise Linux Distributions

Linux

Published

December 3, 2014

Modified

February 9, 2024

Enterprise Linux

Enterprise Linux (EL) broadly references to all Linux distributions compatible to Red Hat Enterprise Linux (RHEL)

Widely used by commercial and public institutions
Many hardware and software vendors support RPM based Linux distributions

Life cycle for the major releases ¹:

Release	EOL
7.0 … 7.9	…2024/06
8.0 … 8.10	2019 … 2029
9.0 … 9.10	2022 … 2032

Upstream

Fedora ELN

CentOS Stream is bootstrapped from Fedora ELN (Enterprise Linux Next)

..Fedora rawhide rebuild…
- …curated sub-set of packages (~2500 in CentOS Stream vs ~20000 in Fedora).
- ..with RHEL RPM macros and compiler build flags
…trimmed dependency tree (according to business requirements)
Several mass re-builds during bootstrap phase (synchronously bootstraps RHEL).

Building blocks ²…

Content Resolver…
- https://tiny.distro.builders/
- …determine build-time dependencies
DistroBuildSync…
- https://gitlab.com/redhat/centos-stream/ci-cd/distrosync/distrobuildsync
- …rebuild packages based on Content Resolver
Pungi…
- https://docs.pagure.org/pungi
- …compose RPM repositories, install media, container images…

References…

Fedora ELN Documentation
- https://docs.fedoraproject.org/en-US/eln
CentOS Stream: stable and continuous, FOSDEM’22 2022/02
- https://fosdem.org/2022/schedule/event/centos_stream_stable_and_continuous
Fedora Council update: ELN SIG, 2022/03
- https://www.youtube.com/watch?v=lKoDPb66H8I

CentOS Stream

CentOS Stream…

Description	Link
Documentation	https://docs.centos.org
…wiki	https://wiki.centos.org
…blog	https://blog.centos.org
…mailing list	https://lists.centos.org
…Youtube	https://www.youtube.com/@TheCentOSProject
Images	…
…Quay	https://quay.io/repository/centos/centos
…Docker	https://hub.docker.com/_/centos
…Vagrant	https://app.vagrantup.com/centos
Mirrors	https://www.centos.org/download/mirrors
Bug tracking	https://bugs.centos.org
Communication	…
…Connect Conference	https://connect.centos.org
…Mastedon	https://fosstodon.org/@centos

…bootstrapped from Fedora ELN
Continuously delivered distro (rolling release)…
- …tracks just ahead of Red Hat Enterprise Linux (RHEL) development…
- …positioned as a midstream between Fedora Linux and RHEL

Timeline for CentOS Linux and CentOS Stream sponsorship by Red Hat:

Updates for the CentOS Linux 7 distribution continue as before until June 30, 2024.
There will not be a CentOS Linux 9.
Updates for the CentOS Stream 8 distribution continue through the full RHEL support phase.
CentOS Stream 9 available since Q4 2021 as part of the RHEL 9 development process.
Reference…FAQ: CentOS Stream Updates
https://www.redhat.com/en/blog/faq-centos-stream-updates

Why was CentOS Stream created?

Shortening the feedback loop for ecosystem developers - including OEMs, ISVs, and Application Developers - to contribute their changes. By working in CentOS Stream between Fedora and RHEL, ecosystem developers will be working on a rolling preview of what’s coming in the next RHEL release. This will allow them to make changes much faster than they can today.
Developing in the open. Currently, much of RHEL development is done with many of our ecosystem partners working behind Red Hat’s firewall. CentOS Stream enables Red Hat and the larger community to do as much transparent development as possible in what will become the next release of RHEL.
Enabling access to innovation faster. Beginning with the release of RHEL 8, Red Hat committed to releasing major versions of RHEL every three years and minor releases every six months. Adhering to this faster and more predictable cadence means that we need a midstream development environment that anyone can contribute to. That environment is CentOS Stream.
Providing a clear method for the broader community to contribute to RHEL releases. When Fedora was RHEL’s only upstream project, most developers were limited to contributing only to the next major release of RHEL. With CentOS Stream, all developers will be able to contribute new features and bug fixes into minor RHEL releases as well.

OpenELA

OpenELA ³ …provides open/free Enterprise Linux (EL) source code:

…non-profit trade association …founded by CIQ, Oracle, and SUSE
…source code for all packages required to build an EL distribution
…consistent and secure upstream location EL source code
…encourage development/collaboration of distributions
…used to develop/maintain 1:1 downstream derivatives of EL
…exists to enable the binary-producing Linux distributions

Package source code (aka SPEC files) hosted at:

https://github.com/orgs/openela-main/repositories

Downstream

Replacement projects for the original CentOS…enterprise-grade, production-ready Linux in the form of a (100% binary compatible) downstream release of RHEL. The AlmaLinux project provides an comparison over the available Enterprise Linux (EL) distributions:

https://wiki.almalinux.org/Comparison.html

CloudLinux commits an annual $1 million endowment and leads the development & maintenance of AlmaLinux. CloudLinux has more than a decade of experience with RHEL fork, as owner of the CloudLinux OS. AlmaLinux’s prominent partners include AWS, Equinix, cPanel and Plesk, essentially leaders of the hosting community…Gregory Kurtzer, the original founder of CentOS heads the development of Rocky Linux. Rocky Linux is community-driven and does not have commercial developers the way AlmaLinux does. The prominent sponsors of Rocky Linux include AWS and Google Cloud

CentOS Replacement: AlmaLinux vs Rocky Linux
https://www.expertvm.com/centos-replacement-almalinux-rocky-linux/

Governing Organizations

Comparison…

The AlmaLinux Foundation (Delaware Reg. 5561017) was created as a 501(c)(6) non-profit (the same as the Linux Foundation) in order to put OWNERSHIP of the OS, the Intellectual Property and the direction of the project into the hands of the community. By joining as a member (100% free for community members) you have the right and the ability to vote on board members and the direction of the project and other decisions as they will come up in the future. [^alof]
The Rocky Enterprise Software Foundation (RESF) is a Public Benefit Corporation (PBC) formed in Delaware (file number 4429978). The RESF was founded and is owned by Gregory Kurtzer and is backed by an advisory board of trusted individuals and team leads from the Rocky Linux community. [^resf]

The chief difference between a non-profit corporation and a benefit corporation…

…- sometimes called a B Corporation - is the ownership factor. There are no owners or shareholders in a non-profit company. A benefit corporation, however, does have shareholders who own the company…A traditional non-profit (or not-for-profit) company aims to serve a public benefit without making a profit…If a non-profit company decides to stop doing business and dissolve, it must distribute its assets among other non-profits…The shareholders of a benefit corporation actually own the company as well as its assets…If a benefit corporation decides to stop doing business and dissolves, the shareholders receive the proceeds of the sales of assets, after liabilities are paid. [^npbp]

References:

[^alof] The AlmaLinux OS Foundation
https://wiki.almalinux.org/Transparency.html
https://almalinux.org/p/foundation-bylaws/
https://almalinux.org/blog/what-almalinux-foundation-membership-means-for-you/

[^resf] Rocky Enterprise Software Foundation (RESF)
https://rockylinux.org/organizational-structure

[^npbp] Non-Profit Corporation vs Public Benefit Corporation
https://www.delawareinc.com/blog/non-profit-corporation-vs-public-benefit-corporation/

Why is Rocky Linux a PBC?

Kurtzer talked at length about the governance of Rocky Linux and the fact that he created a B (public benefit) Corporation rather than a 501(c) (non-profit) for the Rocky Enterprise Software Foundation,…“What I’ve learned along the way is that a 501(c) anything is not a guarantee of integrity and honesty and good behavior… and I said to myself, if I’m going to do this, I don’t want to put myself in that environment again.” [^trgg]
Based on the experience from the CentOS project G. Kurtzer decided against a non-profit [^gkfc]: The process was started by Greg to create a 501c3 non-profit entity - the Caos Foundation - which would host the CentOS Project. There was a framework being created to cover governance, funding, and organizing volunteer effort. Unfortunately, the individual who came up with the name ‘CentOS’ also owned the domain name, and declined to release it to the foundation as promised… Multiple accounts of the original struggle on the CentOS project in the middle of 2009 are documented [^rhpd] [^wucp]: …developers accuse project co-founder Lance Davis of putting the entire project at risk by disappearing from everyday involvement without ceding control to others.
From the Rocky Linux Community Update - June 2021 [^rlcu]: RESF is a Public Benefit Corporation (PBC) formed in Delaware (file number 4429978), backed by a board of advisors with access control policies that utilize the principle of least privilege and separation of duty to ensure that no action can be taken unilaterally (not even by the legal owner, Gregory Kurtzer). For more information, see our Organizational Structure.
From the RESF Community Charter [^rlcc]: The Rocky Enterprise Software Foundation is responsible and accountable only to the community that consumes its projects. RESF shall be structured and governed in a way that ensures that no single entity, organization, corporation, association, etc. will be permitted to have a controlling influence over the RESF or its projects….the work generated by the RESF and its community will be released under an existing OSI permissive open source license (non-copyleft).

References…

[^trgg] Interview with Greg Kurtzer, The Register (2021/07/09)
https://www.theregister.com/2021/07/09/centos_stream_greg_kurtzer/

[^rhpd] Red Hat Enterprise clone poised to ‘die’ (2009/07/30)
https://www.theregister.com/2009/07/30/centos_open_letter/

[^wucp] What is up with the CentOS project (2009/07/30)
https://misterd77.blogspot.com/2009/07/what-is-up-with-centos-project.html
https://lists.centos.org/pipermail/centos/2009-July/079767.html

[^rlcu] Rocky Linux Community Update - June 2021
https://forums.rockylinux.org/t/community-update-june-2021/3260

[^rlcc] Rocky Enterprise Software Foundation - Community Charter
https://forums.rockylinux.org/t/community-charter

RockyLinux

RockyLinux… release policy

Description	Link
Media	…
…CIQ blog	https://ciq.co/blog
Download	https://rockylinux.org/download
Container images	https://quay.io/repository/rockylinux/rockylinux https://hub.docker.com/u/rockylinux
Vagrant box	https://app.vagrantup.com/rockylinux
Mirrors	https://mirrors.rockylinux.org
RPM repository	https://download.rockylinux.org/pub/rocky
…old releases	https://download.rockylinux.org/vault/rocky/
…source repositories	https://github.com/rocky-linux
…public repositories	https://git.rockylinux.org
Build Services	https://distrobuildstg.rockylinux.org
…incoming	https://incoming.releng.rockylinux.org
Koji	https://koji.rockylinux.org
Mail lists	https://lists.resf.org/
Bug tracker	https://bugs.rockylinux.org

AlmaLinux

AlmaLinux
https://almalinux.org

Description	Link
Public repositories	https://github.com/AlmaLinux
Download	https://mirrors.almalinux.org/isos.html
Container images	https://quay.io/repository/almalinux/almalinux https://hub.docker.com/_/almalinux
Vagrant box	https://app.vagrantup.com/almalinux
RPM repository	https://repo.almalinux.org/ https://mirrors.almalinux.org/
…old releases	https://repo.almalinux.org/vault/
Mail lists	https://lists.almalinux.org
Bug tracker	https://bugs.almalinux.org

CentOS

Original CentOS it supported until EOL of CentOS 7 an has been replaced by CentOS Stream

Major release	EOL
CentOS 6	2020/11
CentOS 7	2024/06
CentOS 8	2021/12

Built from publicly available open-source source code provided by Red Hat
Aims to be functionally compatible with Red Hat Enterprise Linux
Support EOL (end of live) according to the CentOS FAQ:
Cf. Wikipedia, CentOS Releases
Upgrade between major releases not supported nor recommended by CentOS.

Expected delays after upstream publishes updates, and new releases:

Update	Time
Package	<72 hours
Point release	4-8 weeks
Major release	month

Version conventions:

Major branch, i.e. CentOS-7
Minor (point in time) versions of major branch
- Date code included in minor versions, i.e. CentOS-7 (1406) means June 2014
- Updates only for the latest (minor) version of each major branch
- Minor version are snapshots of previous updates rolled into a new repo

Repo	Description
base	Packages that form CentOS (minor) point releases
updates	Security, bugfix or enhancement updates, issued between the regular update sets for point releases
addons	Packages not provided by upstream, used to build the CentOS distribution

Kernel

ABI

Kernel Application Binary Interface (kABI)…

…set of in-kernel symbols used by drivers and other kernel modules
kernel-abi-stablelists packages…
- …lists stable interfaces provided by the kernel
- …safe for long-term use by third-party loadable drivers
…recommended to recompile kernel modules against every minor release

rpm -ql kernel-abi-stablelists /lib/modules/kabi-current

kABI breakage possible if required to resolve a critical security issue

ABI policy across the versions…

…EL 8 …valid across all minor releases
…EL 9 …unique to each minor release (…change from previous version)

Versions

Identify the current release version and kernel version:

>>> date ; cat /etc/redhat-release ; uname -r
Thu May  5 12:07:32 CEST 2022
AlmaLinux release 8.5 (Arctic Sphynx)
4.18.0-348.20.1.el8_5.x86_64

Anatomy of a kernel package versions:

kernel-0:4.18.0-348.12.2.el8_5.x86_64
         |      |   |
         |      |   `------------------ Red Hat Patch level
         |      `---------------------- Red Hat kernel version
         `----------------------------- Upstream kernel version

References…

Red Hat Enterprise Linux Release Dates
- https://access.redhat.com/articles/3078?extIdCarryOver=true&sc_cid=701f2000001OH7EAAW

An individual minor release gets security updates:

# example if updates to the kernel package of the 8.5 release
>>> dnf repoquery kernel 
Last metadata expiration check: 0:24:33 ago on Thu May  5 11:31:10 2022.
kernel-0:4.18.0-348.12.2.el8_5.x86_64
kernel-0:4.18.0-348.2.1.el8_5.x86_64
kernel-0:4.18.0-348.20.1.el8_5.x86_64
kernel-0:4.18.0-348.23.1.el8_5.x86_64
kernel-0:4.18.0-348.7.1.el8_5.x86_64
kernel-0:4.18.0-348.el8.x86_64
# .. from the RPM repository
>>> curl http://mirror.test.gsi.de/alma/8.5/BaseOS/x86_64/os/Packages/. -s \
      | sed 's/<[^>]*>/ /g ; /^$/d' \
      | tr -s ' ' | cut -d' ' -f2 | grep ^kernel-4.18
kernel-4.18.0-348.2.1.el8_5.x86_64.rpm
kernel-4.18.0-348.7.1.el8_5.x86_64.rpm
kernel-4.18.0-348.12.2.el8_5.x86_64.rpm
kernel-4.18.0-348.20.1.el8_5.x86_64.rpm
kernel-4.18.0-348.23.1.el8_5.x86_64.rpm
kernel-4.18.0-348.el8.x86_64.rpm

Enterprise Linux 8

Based on upstream Linux kernel 4.18:

Release	General Availability Date	Kernel Version
8.8	2023-05-16	4.18.0-477.10
8.7	2022-11-09	4.18.0-425
8.6	2022-05-10	4.18.0-372.9.1
8.5	2021-11-09	4.18.0-348
8.4	2021-05-18	4.18.0-305
8.3	2020-11-03	4.18.0-240
8.2	2020-04-28	4.18.0-193
8.1	2019-11-05	4.18.0-147
8	2019-05-07	4.18.0-80

Enterprise Linux 9

Based on upstream Linux kernel 5.14:

Release	General Availability Date	Kernel Version
9.2	2023-05-10	5.14.0-284.11.1
9.1	2022-11-15	5.14.0-162
9.0	2022-05-17	5.14.0-70.13.1

Package Errata

Package errata are listings from the package manager (upstream) with updates for when CVE’s and vulnerabilities are found.

Red Hat

Red Hat Security Advisories (RHSA) inform customers about security flaws for all Red Hat products:

https://access.redhat.com/security/security-updates/#/security-advisories

RHSA are continuously published to a announcement mailing list:

https://www.redhat.com/archives/rhsa-announce/

Security issues receiving special attention by Red Hat are documented by Vulnerability Responses:

https://access.redhat.com/security/vulnerabilities

Data related to security is programmatically available with the Red Hat Security Data API. Red Hat customers may have access to Extended Update Support (EUS) which provides update channels to stay with a minor version of the base OS. The support time frames are explained at Red Hat Enterprise Linux Life Cycle.

Information is kept in the UPDATEINFO.XML file for each repository upstream.

Use the yum-plugin-security plugin, to list all vulnerable packages yum list-sec cves
Update any package that has listed errata with yum update --security

CentOS

CentOS Security Advisories (CESA) are continuously published to the announcement mailing list:

https://lists.centos.org/pipermail/centos-announce/

CESA follows RHSA on its respective mailing-lists closely keeping the same naming convention.

Packages distributed by the CentOS repositories do not provide security errata information!

CentOS does not have official errata: the CentOS upstream repos do not have an UPDATEINFO.XML

CentOS Errata for Spacewalk (CEFS) imports security errata information from the CentOS announce mailing list and provides it to a Spacewalk server:

http://cefs.steve-meier.de/

Following scripts are bases on the security errata XML file published by CEFS.

The script generate_updateinfo creates an updateinfo.xml file to be published on a CentOS package repository mirror.
The Centos-Package-Cron reports advisories by mail related to packages installed on a specific node.

Appstream

AppStream (Application Stream) allows to install multiple versions of a user space component.

Each AppStream component has a given life cycle
Packaged as RPM modules or individual RPM packages

Modules are collections of packages representing a logical unit.

Module streams represent versions of the AppStream components.
Each of the streams receives updates independently.
Active streams give the system access to the RPM packages within the particular module stream
Only one stream of a particular module can be active at a given point in time
Module may have a default stream which usually provides the latest or recommended version of the component. [d] flag marks a default stream.
Not all modules are compatible with all other modules.
Modular dependencies are an additional layer on top of regular RPM dependencies.
System will always retain the module and stream choices, unless explicitly instructed to change them.

Select a module with a module specification:

<name>:<stream>:<version>:<context>:<arch>/<profile>

# using ruby as example module
dnf module list                   # list all available modules
dnf module list ruby*             # list specific modules by name
dnf module info ruby              # details, package list
dnf module install ruby:2.6
dnf install @ruby:2.6             # install a specific modules in a specific version
# or
dnf  module enable ruby:2.6        # make a module default, and active
dnf  install ruby

Switch to a later stream:

# i.e. ruby 2.5 is installed
dnf  distro-sync
dnf  module reset ruby
dnf  module enable ruby:2.6
# update to the ruby 2.6 stream
dnf disto-sync

Fedora Project

Description	Link
Project	https://start.fedoraproject.org
Documentation	https://docs.fedoraproject.org
…wiki	https://fedoraproject.org/wiki
Install…	https://getfedora.org
…Quay	https://quay.io/repository/fedora/fedora
…Docker	https://hub.docker.com/_/fedora
…Vagrant	https://app.vagrantup.com/fedora
Community	…
…magazine	https://fedoramagazine.org
…planet	http://fedoraplanet.org
…Youtube	https://www.youtube.com/fedoraproject
…Mastodon	https://fosstodon.org/@fedora
Packages	…
…search	https://packages.fedoraproject.org
…source	https://src.fedoraproject.org
…Bodhi	https://bodhi.fedoraproject.org
…Koji	https://koji.fedoraproject.org
Infrastructure	…
…issues	https://pagure.io/fedora-infrastructure/issues
…Copr	https://copr.fedorainfracloud.org

EPEL

Extra Packages for Enterprise Linux (or EPEL)…

…Fedora Special Interest Group (SIG)
…high quality set of additional packages for Enterprise Linux

# CentOS 7
yum install -y epel-release
# EL 8
dnf insyall -y epel-release

Maintained in similar ways to the Enterprise packages…

…updates must spend at least 1 weeks in the testing repository…
- …avoid situations that require manual intervention
- …keep the package functioning after update
…kernel modules not allowed (can disturb the base kernel)
EPEL 8 or later…
- …permits to have module streams…
- …packages with alternate versions to those provided in RHEL

References…

Fedora EPEL Documentation
- https://docs.fedoraproject.org/en-US/epel
- https://docs.fedoraproject.org/en-US/epel/epel-faq
Fedora EPEL RPM Repository
- <https://admin.fedoraproject.org/mirrormanager/mirrors/EPEL
Fedora EPEL Package Maintenance and Update Policy

PowerTools

The PowerTools repository is not enabled by default…

# ...install DNF plugins package and the EPEL repository
dnf install -y dnf-plugins-core epel-release
# ...enable the PowerTools Repository
dnf config-manager --set-enabled powertools

Contains a number of packages required as dependencies…

…when installing other applications
…mostly building applications from source code

CoreOS

Automatically updating, minimal, monolithic, container-focused operating system, designed for clusters. Its goal is to provide the best container host to run containerized workloads securely and at scale. [feddoc]

Rolling release with two week release cycles
Provides minimal OS optimized to run containers
- Pre-installed Container runtimes like runc and podman
Immutable host with read only /usr (changes should be considered ephemeral (disposable))
Atomic update and rollback with ostree and rpm-ostree [rpmost]
Perform initial system configuration with Ignition [ign]…
- …utility used to manipulate disks during the initramfs…
- …partitioning disks, formatting partitions, writing files (regular files, systemd units, etc.), and configuring users
- Translates human readable Butane Configs [butane] into machine readable Ignition Configs

References…

Fedora CoreOS Documentation
- https://docs.fedoraproject.org/en-US/fedora-coreos/
- https://getfedora.org/coreos?stream=stable
Fedora CoreOS Design Document
- https://github.com/coreos/fedora-coreos-tracker/blob/main/Design.md
rpm-ostree Documentation
- https://coreos.github.io/rpm-ostree
Ignition Project
Butane Project
- https://github.com/coreos/butane

Third-Party Repositories

All EL distributions use RPM packages. List of related package repositories:

Name	Description
EPEL	https://fedoraproject.org/wiki/EPEL
ELRepo	http://elrepo.org
Software Collections	https://www.softwarecollections.org
RPM Fusion	https://rpmfusion.org
RPM Sphere	https://rpmsphere.github.io

Footnotes

Red Hat Enterprise Linux Life Cycle
https://access.redhat.com/support/policy/updates/errata ↩︎
Fedora ELN: Putting the RHELish on the Beefy Miracle, 2022/10
https://www.youtube.com/watch?v=yVtwKlsqMAI
https://sgallagh.fedorapeople.org/eln_nest_2022.pdf ↩︎
OpenELA, Open Enterprise Linux Association
https://openela.org
https://github.com/openela
https://github.com/openela-main ↩︎

--- title: Enterprise Linux Distributions categories: - Linux date: 2014/12/03 date-modified: 2024/02/09 toc-expand: 3 --- # Enterprise Linux Enterprise Linux (EL) broadly references to all Linux distributions compatible to Red Hat Enterprise Linux (RHEL) - Widely used by commercial and public institutions - Many hardware and software vendors support RPM based Linux distributions Life cycle for the major releases [^YF0bN]: [^YF0bN]: Red Hat Enterprise Linux Life Cycle <https://access.redhat.com/support/policy/updates/errata> Release | EOL -----------------|----------------- 7.0 ... 7.9 | ...2024/06 8.0 ... 8.10 | 2019 ... 2029 9.0 ... 9.10 | 2022 ... 2032 ## Upstream ### Fedora ELN CentOS Stream is bootstrapped from **Fedora ELN** (Enterprise Linux Next) - ..Fedora rawhide rebuild... - ...curated sub-set of packages (~2500 in CentOS Stream vs ~20000 in Fedora). - ..with RHEL RPM macros and compiler build flags - ...trimmed dependency tree (according to business requirements) - Several mass re-builds during bootstrap phase (synchronously bootstraps RHEL). Building blocks [^felnpr]... - Content Resolver... - <https://tiny.distro.builders/> - ...determine build-time dependencies - DistroBuildSync... - <https://gitlab.com/redhat/centos-stream/ci-cd/distrosync/distrobuildsync> - ...rebuild packages based on Content Resolver - Pungi... - <https://docs.pagure.org/pungi> - ...compose RPM repositories, install media, container images... [^felnpr]: Fedora ELN: Putting the RHELish on the Beefy Miracle, 2022/10 <https://www.youtube.com/watch?v=yVtwKlsqMAI> <https://sgallagh.fedorapeople.org/eln_nest_2022.pdf> References... - Fedora ELN Documentation - <https://docs.fedoraproject.org/en-US/eln> - CentOS Stream: stable and continuous, FOSDEM'22 2022/02 - <https://fosdem.org/2022/schedule/event/centos_stream_stable_and_continuous> - Fedora Council update: ELN SIG, 2022/03 - <https://www.youtube.com/watch?v=lKoDPb66H8I> ### CentOS Stream [CentOS Stream](https://www.centos.org)... Description | Link -----------------------|--------------------- Documentation | <https://docs.centos.org> ...wiki | <https://wiki.centos.org> ...blog | <https://blog.centos.org> ...mailing list | <https://lists.centos.org> ...Youtube | <https://www.youtube.com/@TheCentOSProject> Images | ... ...Quay | <https://quay.io/repository/centos/centos> ...Docker | <https://hub.docker.com/_/centos> ...Vagrant | <https://app.vagrantup.com/centos> Mirrors | <https://www.centos.org/download/mirrors> Bug tracking | <https://bugs.centos.org> Communication | ... ...Connect Conference | <https://connect.centos.org> ...Mastedon | <https://fosstodon.org/@centos> - ...bootstrapped from **Fedora ELN** - Continuously delivered distro (rolling release)... - ...tracks just ahead of Red Hat Enterprise Linux (RHEL) development... - ...positioned as a midstream between Fedora Linux and RHEL Timeline for CentOS Linux and CentOS Stream sponsorship by Red Hat: * Updates for the CentOS Linux 7 distribution continue as before until June 30, 2024. * There will not be a CentOS Linux 9. * Updates for the CentOS Stream 8 distribution continue through the full RHEL support phase. * CentOS Stream 9 available since Q4 2021 as part of the RHEL 9 development process. * Reference...FAQ: CentOS Stream Updates <https://www.redhat.com/en/blog/faq-centos-stream-updates> **Why was CentOS Stream created?** * Shortening the feedback loop for ecosystem developers - including OEMs, ISVs, and Application Developers - to contribute their changes. By working in CentOS Stream between Fedora and RHEL, ecosystem developers will be working on a **rolling preview of what’s coming in the next RHEL release**. This will allow them to make changes much faster than they can today. * Developing in the open. Currently, much of RHEL development is done with many of our ecosystem partners working behind Red Hat’s firewall. CentOS Stream enables Red Hat and the larger community to do **as much transparent development as possible** in what will become the next release of RHEL. * Enabling access to innovation faster. Beginning with the release of RHEL 8, Red Hat committed to releasing major versions of RHEL every three years and minor releases every six months. Adhering to this faster and more predictable cadence means that we need a midstream development environment that anyone can contribute to. That environment is CentOS Stream. * Providing a **clear method for the broader community to contribute to RHEL releases**. When Fedora was RHEL's only upstream project, most developers were limited to contributing only to the next major release of RHEL. With CentOS Stream, all developers will be able to contribute new features and bug fixes into minor RHEL releases as well. ### OpenELA OpenELA [^yFYNy] …provides open/free Enterprise Linux (EL) source code: - …non-profit trade association …founded by CIQ, Oracle, and SUSE - …source code for all packages required to build an EL distribution - …consistent and secure upstream location EL source code - …encourage development/collaboration of distributions - …used to develop/maintain 1:1 downstream derivatives of EL - …exists to enable the binary-producing Linux distributions Package source code (aka SPEC files) hosted at: <https://github.com/orgs/openela-main/repositories> [^yFYNy]: OpenELA, Open Enterprise Linux Association <https://openela.org> <https://github.com/openela> <https://github.com/openela-main> ## Downstream Replacement projects for the original CentOS...enterprise-grade, production-ready Linux in the form of a (100% binary compatible) downstream release of RHEL. The AlmaLinux project provides an comparison over the available Enterprise Linux (EL) distributions: <https://wiki.almalinux.org/Comparison.html> > CloudLinux commits an annual $1 million endowment and leads the development & > maintenance of AlmaLinux. CloudLinux has more than a decade of experience > with RHEL fork, as owner of the CloudLinux OS. AlmaLinux’s prominent partners > include AWS, Equinix, cPanel and Plesk, essentially leaders of the hosting > community...Gregory Kurtzer, the original founder of CentOS heads the > development of Rocky Linux. Rocky Linux is community-driven and does not have > commercial developers the way AlmaLinux does. The prominent sponsors of Rocky > Linux include AWS and Google Cloud CentOS Replacement: AlmaLinux vs Rocky Linux <https://www.expertvm.com/centos-replacement-almalinux-rocky-linux/> ### Governing Organizations Comparison... * The **AlmaLinux Foundation** (Delaware Reg. 5561017) was created as a **501(c)(6) non-profit** (the same as the Linux Foundation) in order to put OWNERSHIP of the OS, the Intellectual Property and the direction of the project into the hands of the community. By joining as a member (100% free for community members) you have the right and the ability to vote on board members and the direction of the project and other decisions as they will come up in the future. [^alof] * The **Rocky Enterprise Software Foundation** (RESF) is a **Public Benefit Corporation** (PBC) formed in Delaware (file number 4429978). The RESF was founded and is owned by Gregory Kurtzer and is backed by an advisory board of trusted individuals and team leads from the Rocky Linux community. [^resf] The chief difference between a non-profit corporation and a benefit corporation... > ...- sometimes called a B Corporation - is the ownership factor. **There > are no owners or shareholders in a non-profit company. A benefit corporation, > however, does have shareholders who own the company**...A traditional > non-profit (or not-for-profit) company aims to serve a public benefit without > making a profit...If a non-profit company decides to stop doing business and > dissolve, it must distribute its assets among other non-profits...The > shareholders of a benefit corporation actually own the company as well as its > assets...If a benefit corporation decides to stop doing business and > dissolves, the shareholders receive the proceeds of the sales of assets, > after liabilities are paid. [^npbp] References: [^alof] The AlmaLinux OS Foundation <https://wiki.almalinux.org/Transparency.html> <https://almalinux.org/p/foundation-bylaws/> <https://almalinux.org/blog/what-almalinux-foundation-membership-means-for-you/> [^resf] Rocky Enterprise Software Foundation (RESF) <https://rockylinux.org/organizational-structure> [^npbp] Non-Profit Corporation vs Public Benefit Corporation <https://www.delawareinc.com/blog/non-profit-corporation-vs-public-benefit-corporation/> **Why is Rocky Linux a PBC?** * _Kurtzer talked at length about the governance of Rocky Linux and the fact that he created a B (public benefit) Corporation rather than a 501(c) (non-profit) for the Rocky Enterprise Software Foundation,..."What I've learned along the way is that **a 501(c) anything is not a guarantee of integrity and honesty and good behavior**... and I said to myself, if I'm going to do this, I don't want to put myself in that environment again."_ [^trgg] * Based on the experience from the CentOS project G. Kurtzer decided against a non-profit [^gkfc]: _The process was started by Greg to create a 501c3 non-profit entity - the Caos Foundation - which would host the CentOS Project. There was a framework being created to cover governance, funding, and organizing volunteer effort. Unfortunately, the individual who came up with the name ‘CentOS’ also owned the domain name, and declined to release it to the foundation as promised..._ Multiple accounts of the original struggle on the CentOS project in the middle of 2009 are documented [^rhpd] [^wucp]: _...developers accuse project co-founder Lance Davis of putting the entire project at risk by disappearing from everyday involvement without ceding control to others._ * From the Rocky Linux Community Update - June 2021 [^rlcu]: RESF _is a Public Benefit Corporation (PBC) formed in Delaware (file number 4429978), backed by a **board of advisors with access control policies that utilize the principle of least privilege and separation of duty to ensure that no action can be taken unilaterally** (not even by the legal owner, Gregory Kurtzer). For more information, see our [Organizational Structure](https://rockylinux.org/organizational-structure/)._ * From the RESF Community Charter [^rlcc]: _The Rocky Enterprise Software Foundation is responsible and accountable only to the community that consumes its projects. RESF shall be structured and governed in a way that ensures that no single entity, organization, corporation, association, etc. will be permitted to have a controlling influence over the RESF or its projects....the work generated by the RESF and its community will be released under an existing **OSI permissive open source license (non-copyleft)**._ References... [^trgg] Interview with Greg Kurtzer, The Register (2021/07/09) <https://www.theregister.com/2021/07/09/centos_stream_greg_kurtzer/> [^rhpd] Red Hat Enterprise clone poised to 'die' (2009/07/30) <https://www.theregister.com/2009/07/30/centos_open_letter/> [^wucp] What is up with the CentOS project (2009/07/30) <https://misterd77.blogspot.com/2009/07/what-is-up-with-centos-project.html> <https://lists.centos.org/pipermail/centos/2009-July/079767.html> [^rlcu] Rocky Linux Community Update - June 2021 <https://forums.rockylinux.org/t/community-update-june-2021/3260> [^rlcc] Rocky Enterprise Software Foundation - Community Charter <https://forums.rockylinux.org/t/community-charter> ### RockyLinux [RockyLinux](https://rockylinux.org)... [release policy](https://wiki.rockylinux.org/rocky/version/#timeline) Description | Link -----------------------|-------------------------- Media | ... ...CIQ blog | <https://ciq.co/blog> Download | <https://rockylinux.org/download> Container images | <https://quay.io/repository/rockylinux/rockylinux><br/><https://hub.docker.com/u/rockylinux> Vagrant box | <https://app.vagrantup.com/rockylinux> Mirrors | <https://mirrors.rockylinux.org> RPM repository | <https://download.rockylinux.org/pub/rocky> ...old releases | <https://download.rockylinux.org/vault/rocky/> ...source repositories | <https://github.com/rocky-linux> ...public repositories | <https://git.rockylinux.org> Build Services | <https://distrobuildstg.rockylinux.org> ...incoming | <https://incoming.releng.rockylinux.org> Koji | <https://koji.rockylinux.org> Mail lists | <https://lists.resf.org/> Bug tracker | <https://bugs.rockylinux.org> ### AlmaLinux AlmaLinux <https://almalinux.org> Description | Link -----------------------|-------------------------- Public repositories | <https://github.com/AlmaLinux> Download | <https://mirrors.almalinux.org/isos.html> Container images | <https://quay.io/repository/almalinux/almalinux><br/><https://hub.docker.com/_/almalinux> Vagrant box | <https://app.vagrantup.com/almalinux> RPM repository | <https://repo.almalinux.org/><br/><https://mirrors.almalinux.org/> ...old releases | <https://repo.almalinux.org/vault/> Mail lists | <https://lists.almalinux.org> Bug tracker | <https://bugs.almalinux.org> ### CentOS Original CentOS it supported until EOL of CentOS 7 an has been **replaced by CentOS Stream** Major release | EOL --------------|---------------------- CentOS 6 | 2020/11 CentOS 7 | 2024/06 CentOS 8 | 2021/12 * Built from publicly available open-source source code provided by Red Hat * Aims to be functionally compatible with Red Hat Enterprise Linux * Support EOL (end of live) according to the CentOS FAQ: * Cf. [Wikipedia, CentOS Releases](https://en.wikipedia.org/wiki/CentOS#CentOS_releases) * Upgrade between major releases not supported nor recommended by CentOS. Expected delays after upstream publishes updates, and new releases: Update | Time --------------|-------- Package | <72 hours Point release | 4-8 weeks Major release | month Version conventions: * Major branch, i.e. CentOS-7 * Minor (point in time) versions of major branch - Date code included in minor versions, i.e. CentOS-7 (1406) means June 2014 - Updates only for the latest (minor) version of each major branch - Minor version are snapshots of previous updates rolled into a new repo Repo | Description ----------|------------------------ base | Packages that form CentOS (minor) point releases updates | Security, bugfix or enhancement updates, issued between the regular update sets for point releases addons | Packages not provided by upstream, used to build the CentOS distribution ## Kernel ### ABI Kernel Application Binary Interface (kABI)... - ...set of in-kernel symbols used by drivers and other kernel modules - `kernel-abi-stablelists` packages... - ...lists stable interfaces provided by the kernel - ...safe for long-term use by third-party loadable drivers - ...recommended to recompile kernel modules against every minor release ```sh rpm -ql kernel-abi-stablelists /lib/modules/kabi-current ``` kABI breakage possible if required to resolve a critical security issue ABI policy across the versions... - ...EL 8 ...valid across all minor releases - ...EL 9 ...unique to each minor release (...change from previous version) ### Versions Identify the current release version and kernel version: ```sh >>> date ; cat /etc/redhat-release ; uname -r Thu May 5 12:07:32 CEST 2022 AlmaLinux release 8.5 (Arctic Sphynx) 4.18.0-348.20.1.el8_5.x86_64 ``` Anatomy of a kernel package versions: ``` kernel-0:4.18.0-348.12.2.el8_5.x86_64 | | | | | `------------------ Red Hat Patch level | `---------------------- Red Hat kernel version `----------------------------- Upstream kernel version ``` References... - Red Hat Enterprise Linux Release Dates - <https://access.redhat.com/articles/3078?extIdCarryOver=true&sc_cid=701f2000001OH7EAAW> An individual minor release gets security updates: ```sh # example if updates to the kernel package of the 8.5 release >>> dnf repoquery kernel Last metadata expiration check: 0:24:33 ago on Thu May 5 11:31:10 2022. kernel-0:4.18.0-348.12.2.el8_5.x86_64 kernel-0:4.18.0-348.2.1.el8_5.x86_64 kernel-0:4.18.0-348.20.1.el8_5.x86_64 kernel-0:4.18.0-348.23.1.el8_5.x86_64 kernel-0:4.18.0-348.7.1.el8_5.x86_64 kernel-0:4.18.0-348.el8.x86_64 # .. from the RPM repository >>> curl http://mirror.test.gsi.de/alma/8.5/BaseOS/x86_64/os/Packages/. -s \ | sed 's/<[^>]*>/ /g ; /^$/d' \ | tr -s ' ' | cut -d' ' -f2 | grep ^kernel-4.18 kernel-4.18.0-348.2.1.el8_5.x86_64.rpm kernel-4.18.0-348.7.1.el8_5.x86_64.rpm kernel-4.18.0-348.12.2.el8_5.x86_64.rpm kernel-4.18.0-348.20.1.el8_5.x86_64.rpm kernel-4.18.0-348.23.1.el8_5.x86_64.rpm kernel-4.18.0-348.el8.x86_64.rpm ``` #### Enterprise Linux 8 Based on upstream Linux kernel 4.18: Release | General Availability Date | Kernel Version ----------|----------------------------|--------------- 8.8 | 2023-05-16 | 4.18.0-477.10 8.7 | 2022-11-09 | 4.18.0-425 8.6 | 2022-05-10 | 4.18.0-372.9.1 8.5 | 2021-11-09 | 4.18.0-348 8.4 | 2021-05-18 | 4.18.0-305 8.3 | 2020-11-03 | 4.18.0-240 8.2 | 2020-04-28 | 4.18.0-193 8.1 | 2019-11-05 | 4.18.0-147 8 | 2019-05-07 | 4.18.0-80 #### Enterprise Linux 9 Based on upstream Linux kernel 5.14: Release | General Availability Date | Kernel Version ----------|----------------------------|--------------- 9.2 | 2023-05-10 | 5.14.0-284.11.1 9.1 | 2022-11-15 | 5.14.0-162 9.0 | 2022-05-17 | 5.14.0-70.13.1 ## Package Errata Package errata are listings from the package manager (upstream) with updates for when CVE’s and vulnerabilities are found. ### Red Hat Red Hat **Security Advisories** (RHSA) inform customers about security flaws for all Red Hat products: <https://access.redhat.com/security/security-updates/#/security-advisories> RHSA are continuously published to a **announcement mailing list**: <https://www.redhat.com/archives/rhsa-announce/> Security issues receiving special attention by Red Hat are documented by **Vulnerability Responses**: <https://access.redhat.com/security/vulnerabilities> Data related to security is programmatically available with the Red Hat [Security Data API][rhsda]. Red Hat customers may have access to [Extended Update Support][rheus] (EUS) which provides update channels to stay with a minor version of the base OS. The support time frames are explained at Red Hat [Enterprise Linux Life Cycle][rhellc]. Information is kept in the `UPDATEINFO.XML` file for each repository upstream. * Use the yum-plugin-security plugin, to list all vulnerable packages `yum list-sec cves` * Update any package that has listed errata with `yum update --security` ### CentOS CentOS Security Advisories (CESA) are continuously published to the **announcement mailing list**: <https://lists.centos.org/pipermail/centos-announce/> CESA follows RHSA on its respective mailing-lists closely keeping the same naming convention. **_Packages distributed by the CentOS repositories do not provide security errata information!_** CentOS does not have official errata: the CentOS upstream repos do not have an `UPDATEINFO.XML` **CentOS Errata for Spacewalk** (CEFS) imports security errata information from the CentOS announce mailing list and provides it to a [Spacewalk](http://spacewalk.redhat.com/) server: <http://cefs.steve-meier.de/> Following scripts are bases on the security [errata XML file][cefsxml] published by CEFS. 1. The script [generate_updateinfo][cefsgu] creates an `updateinfo.xml` file to be published on a CentOS package repository mirror. 2. The [Centos-Package-Cron][cefscpc] reports advisories by mail related to packages installed on a specific node. [rhsda]: https://access.redhat.com/documentation/en-us/red_hat_security_data_api/0.1/html-single/red_hat_security_data_api/ [rheus]: https://lists.centos.org/pipermail/centos-announce/ [rhellc]: https://access.redhat.com/support/policy/updates/errata/ [cefsxml]: http://cefs.steve-meier.de/errata.latest.xml [cefsgu]: https://github.com/vmfarms/generate_updateinfo [cefscpc]: https://github.com/wied03/centos-package-cron ## Appstream AppStream (Application Stream) allows to install **multiple versions of a user space component**. * Each AppStream component has a given life cycle * Packaged as RPM modules or individual RPM packages **Modules are collections of packages** representing a logical unit. * Module streams represent versions of the AppStream components. * Each of the streams receives updates independently. * **Active streams** give the system access to the RPM packages within the particular module stream * Only one stream of a particular module can be active at a given point in time * Module may have a **default stream** which usually provides the latest or recommended version of the component. `[d]` flag marks a default stream. * Not all modules are compatible with all other modules. * Modular dependencies are an additional layer on top of regular RPM dependencies. * System will always retain the module and stream choices, unless explicitly instructed to change them. Select a module with a module specification: ``` <name>:<stream>:<version>:<context>:<arch>/<profile> ``` ```bash # using ruby as example module dnf module list # list all available modules dnf module list ruby* # list specific modules by name dnf module info ruby # details, package list dnf module install ruby:2.6 dnf install @ruby:2.6 # install a specific modules in a specific version # or dnf module enable ruby:2.6 # make a module default, and active dnf install ruby ``` Switch to a later stream: ```bash # i.e. ruby 2.5 is installed dnf distro-sync dnf module reset ruby dnf module enable ruby:2.6 # update to the ruby 2.6 stream dnf disto-sync ``` # Fedora Project Description | Link ---------------|--------------------- Project | <https://start.fedoraproject.org> Documentation | <https://docs.fedoraproject.org> ...wiki | <https://fedoraproject.org/wiki> Install... | <https://getfedora.org> ...Quay | <https://quay.io/repository/fedora/fedora> ...Docker | <https://hub.docker.com/_/fedora> ...Vagrant | <https://app.vagrantup.com/fedora> Community | ... ...magazine | <https://fedoramagazine.org> ...planet | <http://fedoraplanet.org> ...Youtube | <https://www.youtube.com/fedoraproject> ...Mastodon | <https://fosstodon.org/@fedora> Packages | ... ...search | <https://packages.fedoraproject.org> ...source | <https://src.fedoraproject.org> ...Bodhi | <https://bodhi.fedoraproject.org> ...Koji | <https://koji.fedoraproject.org> Infrastructure | ... ...issues | <https://pagure.io/fedora-infrastructure/issues> ...Copr | <https://copr.fedorainfracloud.org> ## EPEL Extra Packages for Enterprise Linux (or EPEL)... - ...Fedora Special Interest Group (SIG) - ...high quality set of additional packages for Enterprise Linux ```sh # CentOS 7 yum install -y epel-release # EL 8 dnf insyall -y epel-release ``` Maintained in similar ways to the Enterprise packages... - ...updates must spend at least 1 weeks in the testing repository... - ...avoid situations that require manual intervention - ...keep the package functioning after update - ...kernel modules not allowed (can disturb the base kernel) - EPEL 8 or later... - ...permits to have module streams... - ...packages with alternate versions to those provided in RHEL References... - Fedora EPEL Documentation - <https://docs.fedoraproject.org/en-US/epel> - <https://docs.fedoraproject.org/en-US/epel/epel-faq> - Fedora EPEL RPM Repository - <<https://admin.fedoraproject.org/mirrormanager/mirrors/EPEL> - Fedora EPEL Package Maintenance and Update Policy - <https://docs.fedoraproject.org/en-US/epel/epel-policy> - <https://docs.fedoraproject.org/en-US/epel/epel-policy-updates> - <https://docs.fedoraproject.org/en-US/epel/epel-policy-incompatible-upgrades> ## PowerTools The PowerTools repository is not enabled by default... ```sh # ...install DNF plugins package and the EPEL repository dnf install -y dnf-plugins-core epel-release # ...enable the PowerTools Repository dnf config-manager --set-enabled powertools ``` Contains a number of packages required as dependencies... * ...when installing other applications * ...mostly building applications from source code ## CoreOS > Automatically updating, minimal, monolithic, container-focused operating > system, designed for clusters. Its goal is to provide the best container host > to run containerized workloads securely and at scale. [feddoc] * Rolling release with two week release cycles * Provides minimal OS optimized to run containers - Pre-installed Container runtimes like `runc` and `podman` * Immutable host with read only `/usr` (changes should be considered ephemeral (disposable)) * Atomic update and rollback with `ostree` and `rpm-ostree` [rpmost] * Perform initial system configuration with Ignition [ign]... - ...utility used to manipulate disks during the initramfs... - ...partitioning disks, formatting partitions, writing files (regular files, systemd units, etc.), and configuring users - Translates human readable Butane Configs [butane] into machine readable Ignition Configs References... - Fedora CoreOS Documentation - <https://docs.fedoraproject.org/en-US/fedora-coreos/> - <https://getfedora.org/coreos?stream=stable> - Fedora CoreOS Design Document - <https://github.com/coreos/fedora-coreos-tracker/blob/main/Design.md> - rpm-ostree Documentation - <https://coreos.github.io/rpm-ostree> - Ignition Project - <https://github.com/coreos/ignition> - <https://coreos.github.io/ignition> - <https://media.ccc.de/v/froscon2022-2776-an_overview_of_ignition_-_a_one-time_provisioning_software> - Butane Project - <https://github.com/coreos/butane> # Third-Party Repositories All EL distributions use RPM packages. List of related package repositories: Name | Description ----------------------|------------------------ EPEL | <https://fedoraproject.org/wiki/EPEL> ELRepo | <http://elrepo.org> Software Collections | <https://www.softwarecollections.org> RPM Fusion | <https://rpmfusion.org> RPM Sphere | <https://rpmsphere.github.io>