1. Release Notes for Oracle Linux 9
  2. Deprecated Features

4 Deprecated Features

This chapter lists features and functionalities that are deprecated in Oracle Linux 9. While these features might be included and operative in the release, support isn't guaranteed in future major releases. Thus, these features must not be used in new Oracle Linux 9 deployments.

Installation

The following installation related features and functionalities are deprecated in Oracle Linux 9.

Kickstart Commands

  • timezone --ntpservers

  • timezone --nontp

  • logging --level

  • %packages --excludeWeakdeps

  • %packages --instLangs

  • %anaconda

  • pwpolicy

Even though specific options are listed as deprecated, the base command and the other options remain available and operative. If you use a deprecated command in kickstart files, warnings are generated in the logs. To change deprecated command warnings to errors, set the inst.ksstrict boot option.

Dynamic Programming Languages, Web and Database Servers

The following features and functionalities that are related to dynamic programming, web, and database servers are deprecated in Oracle Linux 9.

Berkeley DB (libdb)

Deprecation of the Berkely DB (libdb) package includes the removal of cryptographic algorithms and dependencies. Users of libdb should migrate to a different key-value database.

Python Packages

python3-pytz and mcpp packages are removed from Oracle Linux 9.

Networking

The following network related features and functionalities are deprecated in Oracle Linux 9.

Network Teams

The teamd service, and the libteam library, and support for configuring network teams are deprecated in favor of network bonds. You should use network bonds instead, which have similar functions as teams, and which would receive enhancements and updates.

/etc/sysconfig/network-scripts File

Network configurations are previously stored in /etc/sysconfig/network-scripts in ifcfg format. In Oracle Linux 9, new network configurations are stored in /etc/NetworkManager/system-connections in key file format.

However, information in the /etc/sysconfig/network-scripts remain operative, and modifications to existing profiles continue to update the older files.

iptables Framework

With the deprecation of the iptables framework, the iptables backend and the direct interface are consequently also deprecated.

Accordingly, the following packages are also deprecated:

  • iptables-devel

  • iptables-libs

  • iptables-nft

  • iptables-nft-services

  • iptables-utils

As an alternative to using direct interface, use the native features in firewalld to configure the required rules.

Security

The following security related features and functionalities are deprecated in Oracle Linux 9.

SHA-1 Algorithm

The SHA1 algorithm is deprecated in Oracle Linux 9. Digital signatures using SHA-1 hash algorithm are no longer considered secure and therefore not allowed on Oracle Linux 9 systems by default. Oracle Linux 9 has been updated to avoid using SHA-1 in security-related use cases.

However, the HMAC-SHA1 message authentication code and the Universal Unique Identifier (UUID) values can still be created by using SHA-1.

In cases where you need SHA-1 to verify existing or third party cryptographic signatures, you can enable SHA-1 as follows: 

sudo update-crypto-policies --set DEFAULT:SHA1

As an alternative, you can switch the systemwide crypto policies to the LEGACY policy. However, this policy also enables other algorithms that are not secure, and therefore risks making the system vulnerable.

SCP Protocol

In the scp utility, secure copy protocol (SCP) is replaced by the SSH File Transfer Protocol (SFTP) by default. Likewise, SCP is deprecated in the libssh library.

Oracle Linux 9 does not use SCP in the OpenSSH suite.

OpenSSL Cryptographic Algorithms

  • MD2

  • MD4

  • MDC2

  • Whirlpool

  • RIPEMD160

  • Blowfish

  • CAST

  • DES

  • IDEA

  • RC2

  • RC4

  • RC5

  • SEED

  • PBKDF1

The implementations of these algorithms have been moved to the legacy provider in OpenSSL

For instructions on how to load the legacy provider and enable support for the deprecated algorithms, see the /etc/pki/tls/openssl.cnf configuration file.

libcrypt.so.1

The libcrypt.so.1 cryptogarhic library is deprecated and might be removed in a future Oracle Linux version.

/etc/system-fips File

The /etc/system-fips file was used to indicate the FIPS mode in the system. This file is removed in Oracle Linux 9.

To install Oracle Linux 9 in FIPS mode, add the fips=1 parameter to the kernel command line during the system installation. To check whether Oracle Linux 9 is operating in FIPS mode, use the fips-mode-setup --check command.

fapolicyd.rules File

The /etc/fapolicyd/fapolicyd.rules file is deprecated. You can store policy rules for fapolicyd in the /etc/fapolicyd/rules.d/ directory. The fagenrules script merges all component rule files in this directory to the /etc/fapolicyd/compiled.rules file.

Rules in /etc/fapolicyd/fapolicyd.trust continue to be processed by fapolicyd for backward compatibility.

Kernel

The following kernel related features and functionalities are deprecated in Oracle Linux 9.

Asynchronous Transfer Mode

Asynchronous Transfer Mode (ATM) encapsulation enables Layer-2 (Point-to-Point Protocol, Ethernet) or Layer-3 (IP) connectivity for the ATM Adaptation Layer 5 (AAL-5). Currently, these protocols are used only in chipsets that ADSL technology, which are being phased out.

File Systems and Storage

The following features and functionalities related to file systems and storage are deprecated in Oracle Linux 9.

lvm2-activation-generator

The lvm2-activation-generator program is deprecated, together with its generated services as follows:

  • lvm2-activation

  • lvm2-activation-early

  • lvm2-activation-net

The lvm.conf event_activation that used to activate these services no longer works. The only method that is used for automatic activation of volume groups is event based activation.

Desktop

The following desktop related features and functionalities are deprecated in Oracle Linux 9.

X.org Server

In Oracle Linux 9, the X.org display server is deprecated, and consequently, the xorg-x11-server-Xorg package.

The default desktop session is the Wayland session. However, the X11 protocol continues to be supported by using the XWayland backend. Therefore, applications that require X11 can run in Wayland sessions.

Motif Toolkit

The Motif widget tool is deprecated, including the following packages:

  • motif
  • openmotif
  • openmotif21
  • openmotif22

Likewise, the motif-static package has been removed. In place of Motif, use the GTK toolkit.

Virtualization

The following virtualization related features and functionalities are deprecated in Oracle Linux 9.

Signatures Using SHA-1

The use of SHA1-based signatures to perform SecureBoot image verification on UEFI (PE/COFF) executables is deprecated. Instead, use signatures that are based on SHA-2 or later.

Virtual Machine Snapshots

Support for creating snapshots of VMs is limited only to those that do not use UEFI firmware. However, the operation might cause the QEMU monitor to become blocked and affects hypervisor operations.

As an alternative, use external snapshots.

Virtual Machine Snapshots

Support for creating snapshots of VMs is limited only to those that do not use UEFI firmware. However, the operation might cause the QEMU monitor to become blocked and affects hypervisor operations.

As an alternative, use external snapshots.

libvirtd Daemon

As a replacement of the deprecated libvirtd daemon, use the modular daemons in the libvirt library. For example, the virtqemud handles QEMU drivers.

Virtual Floppy Driver

The isa-fdc driver controls virtual floppy disk devices. To ensure compatibility with migrated virtual machines (VMs), you should not use floppy disk devices in virtual machines that you subsequently host on Oracle Linux 9.

qcow2-v2 Format

For virtual disk images, use the qcow2-v3 format instead.