1. Release Notes for Oracle Linux 8.8
  2. Deprecated Features

4 Deprecated Features

This chapter lists features and functionalities that are deprecated in Oracle Linux 8. While these features might be currently included and operative in the release, support is not guaranteed in future major releases. Thus, they should not be used in new Oracle Linux 8 deployments.

Installation

The following installation related features and functionalities are deprecated in Oracle Linux 8.

Kickstart Commands

  • auth or authconfig

  • device

  • deviceprobe

  • dmraid

  • install

  • lilo

  • lilocheck

  • mouse

  • multipath

  • bootloader --upgrade

  • ignoredisk --interactive

    Using the --interactive option causes a fatal installation error. You must remove this option from any kickstart files.

  • partition --active

  • reboot --kexec

  • autostep

Even though specific options are listed as deprecated, the base command and the other options remain available and operative.

Software Management

The following features and functionalities related to software management are deprecated in Oracle Linux 8.

rpmbuild --sign

Using rpmbuild --sign can cause a fatal error in the system. Use the rpmsign command instead.

Shells and Command Lines

The following shell and command line components are deprecated in Oracle Linux 8.

OpenEXR

As a consequence of the OpenEXR deprecation, the EXR image format is no longer supported in the imagecodex module.

Dump Utility

With this removal of support for the dump utility, use other commands to back up file systems, for example, tar, dd, or bacula.

The restore component of the dump package remains supported and available as a separate restore package.

hidepid=n Mount Option

As a mount option, hidepid=n controls access to /proc/[pip]. The option is incompatible with the systemd infrastructure and might cause certain systemd services to generate SELinux AVC denial messages, which would inhibit completion of other operations.

ABRT Tool

The Automatic Bug Reporting Tool (ABRT) is used to detect and report application crashes. Instead of this tool, use the systemd-coredump tool for logging and storing core dumps that are generated when program crash.

ReaR Crontab

The /etc/cron.d/rear crontab is deprecated in the rear package. The crontab utility monitors for any changes in the disk layout and runs rear mkrescue if changes are detected. If you require the rear functionality, configure the ReaR utility to run periodically.

SQLite in Bacula

Support is deprecated for SQLite as a database backend of the Bacula backup system. You should migrate to one of the backends that Bacula supports, such as PostgreSQL or MySQL.

raw Command

Use of the deprecated /usr/bin/raw command in future Oracle Linux releases might generate errors.

Security

The following security related features and functionalities are deprecated in Oracle Linux 8.

NSS SEED Ciphers

Support for TLS cipher suites that use a SEED cipher is deprecated in the Network Security Services (NSS) library from Mozilla. If your setup relies on SEED ciphers, you should enable support for other cipher suites in preparation for the complete removal of SEED ciphers from NSS.

TLS 1.0 and TLS 1.1

These two protocols are disabled in the DEFAULT system-wide cryptographic policy level. If you require these protocols, switch the policy to the LEGACY level as follows: 

sudo update-crypto-policies --set LEGACY

DSA

Authentication mechanisms that are based on the deprecated Digital Signature Algorithm (DSA) keys no longer work in the default configuration. OpenSSH clients do not accept DSA host keys even when the system-wide cryptographic policy level is set to LEGACY.

fapolicyd.rules

Policies for allowing and denying execution rules used to be specified in the /etc/fapolicyd/fapolicyd.rules file. This file is being replaced by files inside the /etc/fapolicyd/rules.d directory.

The fagenrules script now merges all component rule files in this directory to the /etc/fapolicyd/compiled.rules file. Rules in /etc/fapolicyd/fapolicyd.trust are still processed by the fapolicyd framework but only for ensuring backward compatibility.

SSL2 Client Hello

Secure Socket Layer 2's Client Hello message used to be supported by earlier versions of the Transport Layer Security (TLS) protocol. Being deprecated in the NSS library, this feature is now disabled by default.

If your application requires support for Client Hello, enable the feature by using the SSL_ENABLE_V2_COMPATIBLE_HELLO API.

Runtime Disabling of SELinux

Setting the SELINUX=disabled option in /etc/selinux/config to disable SELinux at runtime has deprecated support. If you use only this option to disable SELinux, then SELinux remains enabled but with no loaded policy.

To completely disable SELinux, add the selinux=0 parameter to the kernel command line.

ipa SELinux Module

This module is no longer maintained and hence removed from the selinux-policy package. The functionality is now included in the ipa-selinux package.

TPM 1.2

The Trusted Platform Module (TPM) is updated to 2.0 with multiple improvements. However, the updated version is not backward compatible with earlier versions. Consequently, version 1.2 is deprecated.

crypto-policies

The introduction of scopes for crypto-policies directives in custom policies has resulted in the deprecation of the following derived properties of crypto-policies:

  • tls_cipher

  • ssh_cipher

  • ssh_group

  • ike_protocol

  • sha1_in_dnssec

Use of the protocol property now requires a scope. For more information, see the crypto-policies(7) manual page.

Networking

The following network related features and functionalities are deprecated in Oracle Linux 8.

Network Scripts

Network scripts are no longer available by default. New versions of ifup and ifdown scripts call the NetworkManager service through the nmcli tools. Therefore, to run these scripts in Oracle Linux 8, the NetworkManager service must be running.

Other commands in /sbin/ifup-local, ifdown-pre-local, and ifdown-local scripts are ignored. If you manually install the legacy network-scripts package and use the scripts, a warning is displayed about their deprecated state.

dropwatch Tool

Instead of the dropwatch tool, use the replacement perf command line tool in future Oracle Linux deployments, which provides the same functionality.

xinetd Service

The xinetd service is replaced by systemd.

cgdcbxd Package

The deprecated control group data center bridging exchange daemon (cgdcbxd) monitors data center bridging (DCB) netlink events and manages the net_prio control group subsystem. Support for this feature might be removed.

WEP Wi-Fi Connection

Instead of using this connection method, use the Wi-Fi Protected Access 3 (WPA3) or WPA2 connection methods.

xt_u32 Module

The xt_32 module enables users to match arbitrary 32 bits in the packet header or payload for their iptables. Because this module is unsupported, migrate to the nftables packet filtering framework.

First, change the firewall to use iptables with native matches to incrementally replace individual rules. Then, use the iptables-translate command and accompanying utilities to migrate to nftables. If the iptables rules have no native match in nftables, use the raw payload matching feature of nftables instead.

For more information, see the raw payload expression section in the nft(8) manual page.

Kernel

The following kernel related features and functionalities are deprecated in Oracle Linux 8.

rdma-rxe Driver

Software Remote Direct Memory Access over Converged Ethernet (Soft-RoCE), or RXE, emulates RDMA. Because of instability issues, this driver is now deprecated.

Linux firewire Subsystems and Associated User Space Components

The firewire subsystem provides interfaces to use and maintain any resources on the IEEE 1394 bus. This subsystem is deprecated in the kernel package and likewise, associated user space components that are provided by the libavc1394, libdc1394, and libram1394 packages.

Using Diskless Boot for installing Oracle Linux for Real Time 8

Diskless boot can risk introducing network latency in real-time workloads. Therefore, this feature for installing Oracle Linux for Real Time 8 is deprecated.

crash-ptdump-command Package

The crash-ptdump-command package is a ptdump extension module for the crash utility. The package isn't maintained upstream and is deprecated in this Oracle Linux 8 release.

Bootloader

The following features and functionalities that are related to the bootloader are deprecated in Oracle Linux 8.

File Systems and Storage

The following features and functionalities related to file systems and storage are deprecated in Oracle Linux 8.

elevator Kernel Command

The elevator kernel command line parameter sets the disk scheduler for all devices. If you require a different scheduler than what the kernel automatically selects, use udev rule or the TuneD service to configure the preferred scheduler.

NFSv3 Over UDP

The NFS server no longer opens or listens on a User Datagram Protocol (UDP) socket by default. Therefore, NFSv3 over UDP is disabled and no longer supported.

peripety Package

The peripety package is deprecated. The Peripety storage event notification daemon parses system storage logs into structured storage events to enable you investigate storage issues.

VDO Write Modes

  • sync
  • async-unsafe
  • auto

In place of these modes, async is the recommended write mode to use.

VDO Manager

The VDO Manager is deprecated and is replaced by the LVM-VDO integration. To create VDO volumes, preferably use the lvcreate command instead.

You can use the /usr/sbin/lvm_import_vdo script in the lvm2 package to convert existing volumes that were created with the VDO Manager. In this manner, these volumes can be managed through the LVM-VDO integration.

cramfs Kernel Module

In place of the deprecated cramfs kernel module, use squashfs, which is the recommended replacement.

High Availability and Clusters

The following features and functionalities that related to high availability and clusters are deprecated in Oracle Linux 8.

pcs Commands Support for clufter Tool

The clufter tool is used for analyzing cluster configuration formats. The pcs commands that support the clufter tool are deprecated. Using these commands generate a warning about their deprecations. Sections that are related to these commands are removed from the pcs help display and the pcs(8) manual page.

Specifically, the following commands are deprecated:

  • pcs config import-cman

  • pcs config export

Compilers and Development Tools

The following compilers and development tools are deprecated in Oracle Linux 8.

libdwarf Library

In place of the deprecated libdwarf library, use the elfutils and libdw libraries for applications that need to process ELF/DWARF files.

As an alternative to the libdwarf-tools dwarfdump program, you can use the binutils readelf program or the elfutils eu-readelf program. Both programs can be used by passing the --debug-dump flag.

gdb.i686 Packages

These packages were distributed in earlier Oracle Linux releases to support 32-bit versions of the GNU Debugger (GDB). With the removal of support for 32-bit hardware, these packages are no longer supported or available. The 64-bit version of GDB in gdb.x86_64 packages can debug 32-bit applications.

Desktop

The following desktop related features and functionalities are deprecated in Oracle Linux 8.

libgnome-keyring Library

The libgnome-keyring library is deprecated in favor of the libsecret library, which is more compliant with security standards.

Motif Toolkit

The Motif widget tool is deprecated, including the following packages:

  • motif
  • openmotif
  • openmotif21
  • openmotif22

Likewise, the motif-static package has been removed. In place of Motif, use the GTK toolkit.

Virtualization

The following virtualization related features and functionalities are deprecated in Oracle Linux 8.

Web Console Translation Support

The web console no longer performs translations for languages whose available translations are less than 50% of the console's translatable strings. For these languages, the user interface will be in English.

virsh iface-* Commands

virsh iface-* commands such as virsh iface-start, virsh iface-destroy, and so on are deprecated. To configure and manage host network connections, use instead the NetworkManager tool and its related management applications, for example nmcli.

Virtual Machine Manager

In place of the deprecated Virtual Machine Manager (virt-manager), use the web console, otherwise known as Cockpit.

Virtual Machine Snapshots

Support for creating snapshots of VMs is limited only to those that don't use UEFI firmware. However, the operation might cause the QEMU monitor to become blocked and affects hypervisor operations.

As an alternative, use external snapshots.

Cirrus VGA Virtual GPU Type

The Cirrus VGA GPU device is deprecated and support for it might be removed in KVM virtual machines. In its place, use stdvga, virtio-vga, or qxi devices.

Signatures Using SHA-1

The use of SHA1-based signatures to perform SecureBoot image verification on UEFI (PE/COFF) executable files is deprecated. Instead, use signatures that are based on SHA-2 or later.

SPICE Remote Display Protocol

With the deprecation of the SPICE remote display protocol, the functionality of attaching smart card readers to virtual machines (VMs) will be provided by third party remote virtualization solutions.

Also, the deprecation of this protocol has the following consequences:

  • For remote console access, use the VNC protocol.
  • For advanced remote display functions, use third-party tools such as RDP, HP RGS, or Mechdyne TGX.

Containers

The following features and functionalities that are related to containers are deprecated in Oracle Linux 8.

container-tools Modules

The container-tools:1.0, container-tools:2.0, and container-tools:3.0 modules are deprecated and no longer support security updates.

Use newer supported stable module streams, such as container-tools:4.0 instead.