During the testing of Rocky Linux 9.2 for Power (Little Endian) AKA ppc64le, the Rocky Release Engineering and Testing teams identified a serious issue with the version of python3.9 bundled with release 9.2 of RHEL and Rocky Linux that is considered a Release Blocker per our policies.
Due to the nature of this bug and the potential it has to break existing installations of Rocky Linux on Power, we have made the decision as a community to hold back only the ppc64le architecture for Rocky Linux 9.2 and release the other three architectures as they have passed our testing procedures and met criteria. Notably, we have not been able to reproduce the python3.9 bug on any other architecture (x86_64, aarch64, or s390x), and believe that the bug is architecture specific.
rhbz#2203919 has been opened to track this bug that exists in CentOS Stream 9 and RHEL 9, in addition to Rocky 9.
Running DNF from a ppc64le Rocky 9 system that is configured to use the mirrorlist and/or is configured with the dnf variable releasever set to 9 will result in failed DNF metadata transactions as our mirrorlist is unable to hold back a single architecture. To work around this, please set the releasever variable to 9.1. This can be done by using the --releasever 9.1 argument to your DNF command, or by editing or creating the file /etc/dnf/vars/releasever with the content 9.1. Once Rocky 9.2 for Power is released, you will need to undo this change and setting releasever will no longer be necessary.
You can upgrade from Rocky Linux 9.x to Rocky Linux 9.2 by doing sudo dnf -y upgrade
Note
Rocky Linux does not offer an upgrade path from any version of Rocky Linux 8. We recommend doing a fresh OS install to move to Rocky Linux 9.2.
Upgrading with LVM devices may result in boot failure
Due to changes in the lvm2 package between Rocky 9.0, 9.1, and 9.2, upon rebooting after upgrading your system may drop into recovery mode due to one or more LVM partitions not being found. We have opened rhbz#2208039 to track this regression.
While this bug affects both physical and virtual systems, problems with Libvirt(KVM), VMWare, as well as some other guests have yet to be reported.
To see if you may be impacted by this bug, inspect the contents of /etc/lvm/devices/system.devices. If this file exists and contains a "sys_wwid"-type device which are followed by multiple repeated underscores, you are likely impacted. See the following for an example:
# Created by LVM command lvmdevices pid 3668 at Wed May 17 12:15:53 2023
VERSION=1.1.2
IDTYPE=sys_wwid IDNAME=t10.ATA_____Colorful_SL500_256GB____________________A157DB6A12200152343_ DEVNAME=/dev/sda3 PVID=LHWedIRTsSv3aXFpM2w4vyJc3cygYyh9 PART=3
If you are impacted by this bug, then until the bug fix is released by RHEL and Rocky, please review and follow one of the following options before upgrading and rebooting your system:
After upgrading the lvm2 package, but prior to rebooting, regenerate /etc/lvm/devices/system.devices by running lvmdevices --update. Confirm that the contents of /etc/lvm/devices/system.devices is changed to match the new format before rebooting the system.
Prior to rebooting after upgrading, rename the /etc/lvm/devices/system.devices file (e.g., mv /etc/lvm/devices/system.devices{,.bak}) and, once the system has rebooted, run vgimportdevices --all to regenerate the file in the new format.
A correctly formatted system.devices file for Rocky Linux 9.2 will not have repeated underscores in the device's IDNAME field.
In the case of a system which has already been upgraded and is in recovery mode, you may simply move the /etc/lvm/devices/system.devices file out of the way from recovery mode and reboot the system. Once the system has rebooted, regenerate the file in the new format. See option 2 above for more information.
As well as the normal install images, there are several images available for many cloud and container platforms.
Images for Oracle Cloud Platform (OCP), GenericCloud, Amazon AWS (EC2), Container RootFS/OCI, Google Cloud Platform, Microsoft Azure, and other CSP-maintained images are available. The GenericCloud, EC2, and Microsoft Azure images have a variant that uses an LVM partition for the root filesystem, allowing systems administrators additional flexibility and options for configuring their systems, and the GenericCloud image is also available for s390x.
Vagrant images are available for x86_64 and aarch64, and container images for all 4 arches. Since the last release there has also been added the rockylinux/rockylinux:9-ubi-init variant for usage of systemd in a container, and the rockylinux/rockylinux:9-ubi-micro variant, which is the most bare minimum image possible to put in self-contained applications without the use of a package manager. As well more toolbox images for more arches got added.
More information on the artifacts produced by the Cloud Special Interest Group, as well as information on how to get involved can be found on the SIG/Cloud Wiki page.
To the already available Workstation/Workstation Lite/KDE/XFCE/MATE live images, the Cinnamon Live image has been added in both x86_64 and aarch64.
centos-release-nfv now provides content built on RHEL 9 buildroots instead of CentOS Stream 9, for compatibility reasons
The Container Universal Base Imagerockylinux/rockylinux:9-ubi is changed to be more similar to the RHEL UBI images. This means the following changes were made:
Microsoft Azure images are now published in the Shared Image Gallery as well as in the Marketplace. The Shared Image Gallery option provides a direct way to consume Rocky Images on Microsoft Azure without jumping through the hoops of subscribing to the image via the Marketplace. In addition, this Shared Image Gallery will allow us to publish more frequently-updated images to the Marketplace.
LVM cloud image variants for all types now remove /etc/lvm/devices/system.devices to resolve issues with PV/VG/LVs upon installation of the images due to being hardcoded to a specific device.
Security-related highlights in the latest Rocky Linux 9.2 release are listed below. For a complete list of security related changes, see the upstream link here.
The OpenSSL secure communications library was rebased to version 3.0.7.
SELinux user-space packages were updated to version 3.5.
Keylime was rebased to version 6.5.2
OpenSCAP was rebased to version 1.3.7.
SCAP Security Guide was rebased to version 0.1.66.
A new rule for idle session termination was added to the SCAP Security Guide.
Clevis now accepts external tokens.
Rsyslog TLS-encrypted logging now supports multiple CA files.
Rsyslog privileges are limited to minimize security exposure. (this will affect anyone with a custom rsyslog configuration!)
The fapolicyd framework now provides filtering of the RPM database.
Dynamic programming languages, web and database servers¶
For a detailed list of the changes in this category see the upstream link here.
Later versions of the following Application Streams are now available:
nginx 1.22
PostgreSQL 15
Swig 4.1 (part of CRB)
The following applications got added:
Python 3.11
Tomcat 9
The following components have been added or upgraded:
Git to version 2.39.1:
Commit signing with SSH keys supported is supported now