Anyone in the DevOps community seeking a rock-solid Red Hat Enterprise Linux (RHEL) clone may want to consider the Rocky Linux community’s latest release, Rocky Linux 9.4. This latest version brings improved security features, significant cloud image updates and updated developer tools. For DevOps pros, that means a useful addition to your Linux distro toolkit whether you work on local or cloud containers.
Rocky Linux has several security improvements, to start with For example, SELinux userspace release 3.6 has enhanced policy customization capabilities. Since SELinux is infamously difficult to customize and manage, this is all to the good.
The Keylime server, which enables users to monitor remote nodes using a hardware-based cryptographic root of trust components, now has enhanced Trusted Platform Module (TPM)-based security. This Cloud Native Computing Foundation (CNCF) project provides an end-to-end solution for bootstrapping hardware-rooted cryptographic trust for remote machines, the provisioning of encrypted payloads and run-time system integrity monitoring. In this latest version, Keylime’s verifier and registrar server components are now available as containers. That means it’s a lot easier to secure your containers.
That’s not the only security-related enhancement. The OpenSSL Transport Layer Security (TLS) toolkit now supports a drop-in directory for provider-specific configuration files. On a related note, the Rsyslog remote logging tool now has customizable TLS/SSL encryption settings. Finally, with stunnel 5.7.1, the TLS/SSL tunneling service now supports modern PostgreSQL clients. These features improve the process of securing your containers’ networking.
Improved Rocky Cloud images
Rocky Linux 9.4 now boasts a revamped image-building process for cloud and container images. Most of its images were rebuilt using the openSUSE KIWI image builder. For the Rocky Linux maintainers, that means it’s easier and faster to get new releases out as security patches are made. For you, it means getting safer updates up faster. As Gregory Kurtzer, Rocky Linux founder, explained, “The new KIWI-based workflow will enable us to provide more frequent updates across all major cloud providers.”
Rocky is now available for free on the Azure Community Gallery, making it easier to spin up Rocky instances on Microsoft’s cloud. Kurtzer explained, “Our Azure integration has been streamlined and simplified. Users can now access Rocky Linux with just a few clicks in the Community Gallery.”
Finally, there’s a bug fix for people who want to run Rocky on IPv6-only networks on AWS. Before this patch, running Rocky Linux on dedicated IPv6 was a pain.
Updates for the Developer in DevOps
DevOps whose role includes writing code will be glad to know that the new Rocky Linux version has updated several language runtimes and frameworks. This includes Python 3.12, Ruby 3.3, PHP 8.2, and nginx 1.24 as module streams. The Git version control system has been rebased to 2.43.0, while Git LFS jumps to 3.4.1.
Compiler toolchains have also seen significant upgrades, with LLVM rebased to 17.0, Rust to 1.75.0, and Go to 1.21.0. GCC has been updated to version 13, while Clang’s resource directory was relocated.
The new version makes setting up and maintaining Rocky Linux images easier. You can specify custom mount points and select from different partitioning modes such as auto-lvm, lvm, and raw.
In addition, you can use Podman modules to load a predetermined set of container configurations. The updated Container Tools RPM meta-package, which comes with the Podman, Buildah, Skopeo, crun, and runc tools, is also bundled in. Notably, with Podman 4.9, the SQLite database backend, previously available in a Technology Preview, is now fully supported. This provides better stability, performance, and consistency when working with container metadata. The BoltDB database backend is now deprecated.
Put it all together, and you get what appears to be an excellent business Linux. If you’re already a Centos user – and Centos is disappearing for good, real soon now—or an RHEL user who wants to try a clone, the latest Rocky Linux demands a look.