EuroLinux 9 – a new era is coming

EuroLinux 9

The operating systems from the Enterprise Linux family (derived from the Red Hat® Enterprise Linux® source code) are the foundation for sectors where security, stability and support from skilled engineers are essential. They also perform well on developers' workstations and personal computers, providing tools to support their work, as well as long-term support and updates. One such system is EuroLinux. Today we will show the new features and advantages of EuroLinux 9 over its previous release, number 8.

The development of version 9 of EuroLinux is well advanced. It is about time to give more information about it. It is based, like its predecessor, on the Red Hat® Enterprise Linux® source code and is 1:1 compatible with it. The new version provides a number of improvements and new features over release 8, while the changes to the frontend and backend components are not as large as between release 8 and 7. This is good news for users and IT administrators, who will not have to spend much time adapting to the new environment. There are also newer releases of the creativity and development tools and GUI.

We invite you to take a tour of the internally used Alpha version of EuroLinux 9.

EuroLinux 9

The most significant changes

  • A new 5.14 kernel that supports modern hardware
  • security and compliance improvements, including updated cryptographic policies, OpenSSL enhancements and improved SELinux performance
  • native availability of the WireGuard communications protocol
  • updated development toolkits, databases, servers and dynamic programming languages
  • virtualization and containerization enhancements, such as secure short names in Podman and SafeStack for virtual machines.

Toolkits

The packages with the assets listed below have already been prepared for internal use by EuroLinux and will be made available with the final release of EuroLinux 9.0.

Development Tools

Some of the latest technology stacks with proven high quality for developers are available in the repositories. These include:

  • Ant 1.10
  • GCC 11.2
  • Git 2.31
  • Go 1.17.5
  • LLVM 13
  • Maven 3.6.3
  • NodeJS 16
  • OpenJDK 17.0.1
  • PHP 8.0
  • Perl 5.32
  • Python 3.9
  • Ruby 3.0
  • Rust 1.56
  • SVN 1.14

The EuroLinux 9 platform ships with glibc 2.34, which will provide 10 years of business-class stability support and the same amount of software binary interface compatibility time. As a result, programs written today will work the same way 10 years from now.

Open x86_64 buildroot

In line with our developer-first idea and community-oriented approach, an open buildroot for the above version will be published with the production release of EuroLinux 9. Since the first release, we have also implemented this for EuroLinux 8. As a result, EuroLinux will once again be the only Enterprise OS vendor to make full build trees available to the community. These contain all produced packages for the packages contained in the various repositories. In particular, the -devel packages containing, among other things, the headers necessary to build your own software for Enterprise Linux platforms.

Below is a sample .repo file which contains addresses to repositories with the mentioned buildroot for EuroLinux 8. With the 9th release, analogous repositories will be provided.

Please note: these repositories should be used for building packages - they should not be used as main system repositories.

[certify-baseos-x86_64-all]
name = EuroLinux certify BaseOS x86_64 ALL REPO (NOT SUPPORTED)
baseurl=https://fbi.cdn.euro-linux.com/dist/eurolinux/server/8/x86_64/certify-BaseOS/all
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-eurolinux8

[certify-appstream-x86_64-all]
name = EuroLinux certify AppStream x86_64 ALL REPO (NOT SUPPORTED)
baseurl=https://fbi.cdn.euro-linux.com/dist/eurolinux/server/8/x86_64/certify-AppStream/all
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-eurolinux8

[certify-powertools-x86_64-all]
name = EuroLinux certify PowerTools x86_64 ALL REPO (NOT SUPPORTED)
baseurl=https://fbi.cdn.euro-linux.com/dist/eurolinux/server/8/x86_64/certify-PowerTools/all
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-eurolinux8
Open i686 buildroot

We realize that it's not always possible to migrate from older, enterprise-essential software that requires a runtime stack for 32-bit applications. Moreover, due to the growing popularity of Linux, de facto it is impossible to fully abandon it – if only because of the support for full version of WineHQ and computer games. Thus, there may be a need to build applications for the i686 architecture because of compatibility with an enterprise's existing work environment. Also in this area, EuroLinux 9 takes care to provide its build roots for the aforementioned architecture, as it currently does for EuroLinux 8.

Below is an analogous to the previously mentioned sample .repo file, which contains addresses to repositories with the mentioned buildroot for EuroLinux 8. With the 9th release, analogous repositories for the i686 architecture will be provided.

Please note: these repositories should be used for building packages - they should not be used as main system repositories.

[certify-baseos-i686-all]
name = EuroLinux certify BaseOS i686 ALL REPO (NOT SUPPORTED)
baseurl=https://fbi.cdn.euro-linux.com/dist/eurolinux/server/8/i686/certify-BaseOS/all
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-eurolinux8

[certify-appstream-i686-all]
name = EuroLinux certify AppStream i686 ALL REPO (NOT SUPPORTED)
baseurl=https://fbi.cdn.euro-linux.com/dist/eurolinux/server/8/i686/certify-AppStream/all
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-eurolinux8

[certify-powertools-i686-all]
name = EuroLinux certify PowerTools i686 ALL REPO (NOT SUPPORTED)
baseurl=https://fbi.cdn.euro-linux.com/dist/eurolinux/server/8/i686/certify-PowerTools/all
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-eurolinux8
EuroAP – Java application server

One of the most important components of the EuroLinux operating system is JVM. By installing any of the certified Java™ virtual machines, e.g. the standard EuroLinux OpenJDK, the user gets a properly working JBoss® or EuroAP platform on our operating system. As EuroLinux is compatible with Red Hat® Enterprise Linux®, the same OpenJDK versions are included in the EuroLinux repositories as in the RHEL® repositories.

EuroAP is an application server built on the Red Hat® JBoss® Enterprise Application Platform source code. It contains more than 500 components, combining complex environments into one coherent whole. It provides clustering and high availability mechanisms, load balancing and dispersion functions. Furthermore, it offers the highest Enterprise-class quality and stability available on the market, making it suitable for complex and demanding environments.

With the release of EuroLinux 9, the ability to provide EuroAP for this version of the system will appear as well.

Servers and databases

EuroLinux 9 offers the following products:

HTTP servers:

  • Apache HTTPD 2.4
  • nginx 1.20.

Proxy servers:

  • Squid 5.1
  • Varnish Cache 6.5.

Database engines:

  • MariaDB 10.5.12
  • MySQL 8.0
  • PostgreSQL 13
  • Redis 6.2.6.

At this point, in reference to PostgreSQL mentioned above, we should mention our database platform EuroDB. It is a solution based on PostgreSQL engine, containing tools extending its basic capabilities. EuroDB will be successfully run also on production version of EuroLinux 9.

Virtualization, containerization, cloud environments

One of the main advantages of using pre-built system images provided by commercial Open Source vendors is their regular updates. EuroLinux provides monthly updates to published vagrant images, container images: Docker, Quay.io and cloud. The timing is a compromise between too frequent updates and increased security.

Links to the products mentioned and ISO images of EuroLinux can be found at this link. With the production release of EuroLinux 9, it will be available in the same formats on our site.

QEMU

As part of ensuring the highest security standards, the QEMU emulator, running on EuroLinux 9 on x86_64 architecture, can take advantage of SafeStack, an enhanced compiler-based stack protection feature. As a result, the possibility of exploiting stack-based buffer overflows as part of changing return pointers in the stack and creating Return-Oriented Programming (ROP) attacks has been reduced. Virtual machines running EuroLinux 9 are therefore much better protected against security vulnerabilities.

Cloud

EuroLinux 9 in the context of the cloud will especially please Microsoft Azure users. Release 9 has support for Microsoft Azure Network Adapter and Windows Azure Linux Agent updated to version 2.3.0.2, which translates to:

  • support for the RequiredFeatures API and GoalStateAggregateStatus
  • fallback locations for extension manifests
  • additional calls to str.format() when creating exceptions.
Containerization

There have been improvements to the Quality of Life category for Podman - it now supports safe short names. These are aliases for images, which can be configured in the registries.conf file in the [aliases] table.

Consider the following example:

unqualified-search-registries=["quay.io"]

[aliases]

"el8"="quay.io/eurolinux/eurolinux-8"

As a performance improvement for containerized applications, Linux cgroups version 2 is available. The previous version of cgroups version 1 may not have provided maximum performance for some applications. The latest release of cgroups version 2 allows system administrators to restrict resources for any application without causing performance problems.

The new version of control groups – cgroups v2 – is enabled by default in EuroLinux 9.

Security enhancements

OpenSSL

EuroLinux 9 provides OpenSSL version 3.0.0. Among other things, the concept of providers has been added, which means that different programs can use different security algorithms depending on their needs. We can imagine a situation where we have implemented solutions where one has to use FIPS mode, while others have to keep in line with less secure policies.

By setting the kernel to FIPS mode, OpenSSL will only use the FIPS provider and its approved algorithms.

Support for new algorithms has been implemented, including SINGLE STEP, SSH, GMAC, KMAC, RSASVE, AES-SIV; for Linux Kernel TLS; support for Certificate Management Protocol (CMP, RFC 4210), Certificate Request Message Format (CRMF), and HTTP transfer (RFC 6712).

SELinux

SELinux policy includes new features that are also part of the Linux 5.14 kernel. SELinux grants privileges more precisely, which translates into security. It also makes it possible to run systems with the MLS SELinux policy.

Security Policies – SCAP Security Guide

The SCAP Security Guide has been updated to version 0.1.57 and made a number of changes from the counterpart we provide in EuroLinux 8:

  • removed deprecated SCAP 1.2 source data streams
  • removed Bash profile remediation scripts to encourage more secure practices
  • although references for EuroLinux 8 have been left in, the current package is designed for EuroLinux 9 - please, kindly use packages for older releases if you need to check them for security policies.

Graphical Desktop Environment

GNOME has been updated to GNOME 40, a major upgrade over GNOME 3.32.2 as shipped with EuroLinux 8, bringing many new features to the desktop.

GNOME 40 includes a new and improved look and feel, including the user interface, icons and desktop. The Activities look and feel provides a better experience when working, launching applications and arranging your personal workspace – workspaces are now arranged horizontally and the window overview and application grid are now available vertically.

EuroLinux 9

Many Quality of Life improvements have also been added, including:

  • running software using a separate graphics card by right-clicking and selecting the appropriate option
  • The ability to mute notifications by selecting Do not disturb, which will appear as a separate button in the notification
  • Each screen can use different refresh rate
  • Activities allow drag-and-drop grouping of application icons into folders
  • the possibility of fractional display scaling.

Summary

As you can see, EuroLinux 9 includes many quality and security updates and improvements, while maintaining compatibility with the previous release. Therefore, EuroLinux users can feel at ease after upgrading from the previous release. They can use our product for 10 years with full security updates and optional direct contact engineer support.