4 Deprecated Features
This chapter lists features and functionalities that are deprecated in Oracle Linux 9. While these features might be included and operative in the release, support isn't guaranteed in future major releases. Thus, these features must not be used in new Oracle Linux 9 deployments.
Installation
The following installation related features and functionalities are deprecated in Oracle Linux 9.
Kickstart Commands
-
timezone --ntpservers
-
timezone --nontp
-
logging --level
-
%packages --excludeWeakdeps
-
%packages --instLangs
-
%anaconda
-
pwpolicy
Even though specific options are listed as deprecated, the base command and the other
options remain available and operative. If you use a deprecated command in kickstart
files, warnings are generated in the logs. To change deprecated command warnings to
errors, set the inst.ksstrict
boot option.
Dynamic Programming Languages, Web and Database Servers
The following features and functionalities that are related to dynamic programming, web, and database servers are deprecated in Oracle Linux 9.
Networking
The following network related features and functionalities are deprecated in Oracle Linux 9.
Network Teams
The teamd
service, and the libteam
library, and support
for configuring network teams are deprecated in favor of network bonds. You should use
network bonds instead, which have similar functions as teams, and which would receive
enhancements and updates.
/etc/sysconfig/network-scripts
File
Network configurations are previously stored in
/etc/sysconfig/network-scripts
in ifcfg
format. In
Oracle Linux 9, new network configurations are stored in
/etc/NetworkManager/system-connections
in key file format.
However, information in the /etc/sysconfig/network-scripts
remain
operative, and modifications to existing profiles continue to update the older
files.
iptables
Framework
With the deprecation of the iptables
framework, the
iptables
backend and the direct interface
are
consequently also deprecated.
Accordingly, the following packages are also deprecated:
-
iptables-devel
-
iptables-libs
-
iptables-nft
-
iptables-nft-services
-
iptables-utils
As an alternative to using direct interface
, use the native features in
firewalld
to configure the required rules.
Security
The following security related features and functionalities are deprecated in Oracle Linux 9.
SHA-1 Algorithm
The SHA1 algorithm is deprecated in Oracle Linux 9. Digital signatures using SHA-1 hash algorithm are no longer considered secure and therefore not allowed on Oracle Linux 9 systems by default. Oracle Linux 9 has been updated to avoid using SHA-1 in security-related use cases.
However, the HMAC-SHA1 message authentication code and the Universal Unique Identifier (UUID) values can still be created by using SHA-1.
In cases where you need SHA-1 to verify existing or third party cryptographic signatures, you can enable SHA-1 as follows:
sudo update-crypto-policies --set DEFAULT:SHA1
As an alternative, you can switch the systemwide crypto policies to the
LEGACY
policy. However, this policy also enables other algorithms
that are not secure, and therefore risks making the system vulnerable.
SCP Protocol
In the scp
utility, secure copy protocol (SCP) is replaced by the SSH
File Transfer Protocol (SFTP) by default. Likewise, SCP is deprecated in the
libssh
library.
Oracle Linux 9 does not use SCP in the OpenSSH suite.
OpenSSL Cryptographic Algorithms
-
MD2
-
MD4
-
MDC2
-
Whirlpool
-
RIPEMD160
-
Blowfish
-
CAST
-
DES
-
IDEA
-
RC2
-
RC4
-
RC5
-
SEED
-
PBKDF1
The implementations of these algorithms have been moved to the legacy provider in OpenSSL
For instructions on how to load the legacy provider and enable support for the deprecated
algorithms, see the /etc/pki/tls/openssl.cnf
configuration file.
libcrypt.so.1
The libcrypt.so.1
cryptogarhic library is deprecated and might be
removed in a future Oracle Linux version.
/etc/system-fips
File
The /etc/system-fips
file was used to indicate the FIPS mode in the
system. This file is removed in Oracle Linux 9.
To install Oracle Linux 9 in FIPS mode, add the fips=1
parameter to the
kernel command line during the system installation. To check whether Oracle Linux 9 is
operating in FIPS mode, use the fips-mode-setup --check
command.
fapolicyd.rules
File
The /etc/fapolicyd/fapolicyd.rules
file is deprecated. You can store policy
rules for fapolicyd in the /etc/fapolicyd/rules.d/
directory. The fagenrules script merges all component rule files in
this directory to the /etc/fapolicyd/compiled.rules
file.
Rules in /etc/fapolicyd/fapolicyd.trust
continue to be processed by
fapolicyd for backward compatibility.
File Systems and Storage
The following features and functionalities related to file systems and storage are deprecated in Oracle Linux 9.
lvm2-activation-generator
The lvm2-activation-generator
program is deprecated, together with its
generated services as follows:
-
lvm2-activation
-
lvm2-activation-early
-
lvm2-activation-net
The lvm.conf event_activation
that used to activate these services no
longer works. The only method that is used for automatic activation of volume groups is
event based activation.
Desktop
The following desktop related features and functionalities are deprecated in Oracle Linux 9.
X.org Server
In Oracle Linux 9, the X.org
display server is deprecated, and
consequently, the xorg-x11-server-Xorg
package.
The default desktop session is the Wayland session. However, the X11 protocol continues
to be supported by using the XWayland
backend. Therefore, applications
that require X11 can run in Wayland sessions.
Virtualization
The following virtualization related features and functionalities are deprecated in Oracle Linux 9.
Signatures Using SHA-1
The use of SHA1-based signatures to perform SecureBoot image verification on UEFI (PE/COFF) executables is deprecated. Instead, use signatures that are based on SHA-2 or later.
Virtual Machine Snapshots
Support for creating snapshots of VMs is limited only to those that do not use UEFI firmware. However, the operation might cause the QEMU monitor to become blocked and affects hypervisor operations.
As an alternative, use external snapshots.
Virtual Machine Snapshots
Support for creating snapshots of VMs is limited only to those that do not use UEFI firmware. However, the operation might cause the QEMU monitor to become blocked and affects hypervisor operations.
As an alternative, use external snapshots.
libvirtd
Daemon
As a replacement of the deprecated libvirtd
daemon, use the modular daemons
in the libvirt
library. For example, the virtqemud
handles
QEMU drivers.