Deprecated Features

Installation

The following installation related features and functionalities are deprecated in Oracle Linux 9.

Kickstart Commands

timezone --ntpservers
timezone --nontp
logging --level
%packages --excludeWeakdeps
%packages --instLangs
%anaconda
pwpolicy

Even though specific options are listed as deprecated, the base command and the other options remain available and operative. If you use a deprecated command in kickstart files, warnings are generated in the logs. To change deprecated command warnings to errors, set the inst.ksstrict boot option.

Shell and Command Line

The following shell and command line related features and functionalities are deprecated in Oracle Linux 9.

`dump` Utility

The dump utility that's included in the dump package is deprecated.

You can alternatively use the tar or dd to achieve similar functionality.

Note that the restore utility, originally included in the dump package, remains available in Oracle Linux 9 and can be installed by using the restore package.

Bacula Sqlite Backend Database

The use of a SQLite backend database for the Bacula backup utility is deprecated and might be removed in a future release of Oracle Linux 9. Bacula can use a MySQL backend database and you can migrate existing deployments to MySQL. Avoid using SQLite for new deployments of the Bacula backup utility.

Security

The following security related features and functionalities are deprecated in Oracle Linux 9.

SHA-1 Algorithm

The SHA1 algorithm is deprecated in Oracle Linux 9. Digital signatures using SHA-1 hash algorithm are no longer considered secure and therefore not allowed on Oracle Linux 9 systems by default. Oracle Linux 9 has been updated to avoid using SHA-1 in security-related use cases.

However, the HMAC-SHA1 message authentication code and the Universal Unique Identifier (UUID) values can still be created by using SHA-1.

In cases where you need SHA-1 to verify existing or third party cryptographic signatures, you can enable SHA-1 as follows:

sudo update-crypto-policies --set DEFAULT:SHA1

As an alternative, you can switch the systemwide crypto policies to the LEGACY policy. However, this policy also enables other algorithms that are not secure, and therefore risks making the system vulnerable.

SCP Protocol

In the scp utility, secure copy protocol (SCP) is replaced by the SSH File Transfer Protocol (SFTP) by default. Likewise, SCP is deprecated in the libssh library.

Oracle Linux 9 doesn't use SCP in the OpenSSH suite.

OpenSSL Cryptographic Algorithms

MD2
MD4
MDC2
Whirlpool
RIPEMD160
Blowfish
CAST
DES
IDEA
RC2
RC4
RC5
SEED
PBKDF1

The implementations of these algorithms have been moved to the legacy provider in OpenSSL

For instructions on how to load the legacy provider and enable support for the deprecated algorithms, see the /etc/pki/tls/openssl.cnf configuration file.

Digest-MD5

The Digest-MD5 authentication mechanism in the Simple Authentication Security Layer (SASL) framework is deprecated. The mechanism might be from the cyrus-sasl packages in a future major release.

`/etc/system-fips` File

The /etc/system-fips file was used to indicate the FIPS mode in the system. This file is removed in Oracle Linux 9.

To install Oracle Linux 9 in FIPS mode, add the fips=1 parameter to the kernel command line during the system installation. To check whether Oracle Linux 9 is operating in FIPS mode, use the fips-mode-setup --check command.

`libcrypt.so.1`

The libcrypt.so.1 cryptogarhic library is deprecated and might be removed in a future Oracle Linux version.

`fapolicyd.rules` File

The /etc/fapolicyd/fapolicyd.rules file is deprecated. You can store policy rules for fapolicyd in the /etc/fapolicyd/rules.d/ directory. The fagenrules script merges all component rule files in this directory to the /etc/fapolicyd/compiled.rules file.

Rules in /etc/fapolicyd/fapolicyd.trust continue to be processed by fapolicyd for backward compatibility.

Networking

The following network related features and functionalities are deprecated in Oracle Linux 9.

Network Teams

The teamd service, and the libteam library, and support for configuring network teams are deprecated in favor of network bonds. You should use network bonds instead, which have similar functions as teams, and which would receive enhancements and updates.

`/etc/sysconfig/network-scripts` File

Network configurations profiles used to be in ifcfg format and stored in the /etc/sysconfig/network-scripts directory. This format is deprecated. In Oracle Linux 9, new network configurations are stored in /etc/NetworkManager/system-connections in keyfile format. This format works with all the connection settings provided by NetworkManager.

However, information in the /etc/sysconfig/network-scripts remain operative, and modifications to existing profiles continue to update the older files.

`iptables` Framework

With the deprecation of the iptables framework, the iptables backend and the direct interface are also deprecated.

Therefore, the following packages are also deprecated:

iptables-devel
iptables-libs
iptables-nft
iptables-nft-services
iptables-utils

As an alternative to using direct interface, use the native features in firewalld to configure the required rules.

Kernel

The following kernel related features and functionalities are deprecated in Oracle Linux 9.

Asynchronous Transfer Mode

Asynchronous Transfer Mode (ATM) encapsulation enables Layer-2 (Point-to-Point Protocol, Ethernet) or Layer-3 (IP) connectivity for the ATM Adaptation Layer 5 (AAL-5). Currently, these protocols are used only in chipsets that use ADSL technology, which are being phased out.

`kexec_load` in `kexec_tools`

The kexec_load system call for kexec-tools is deprecated.

The kexec_file_load system call replaces kexec_load and is the default system call.

File Systems and Storage

The following features and functionalities related to file systems and storage are deprecated in Oracle Linux 9.

`lvm2-activation-generator`

The lvm2-activation-generator program is deprecated, together with its generated services as follows:

lvm2-activation
lvm2-activation-early
lvm2-activation-net

The lvm.conf event_activation that used to activate these services no longer works. The only method that is used for automatic activation of volume groups is event based activation.

Dynamic Programming Languages, Web and Database Servers

The following features and functionalities that are related to dynamic programming, web, and database servers are deprecated in Oracle Linux 9.

Berkeley DB (`libdb`)

Deprecation of the Berkely DB (libdb) package includes the removal of cryptographic algorithms and dependencies. Users of libdb should migrate to a different key-value database.

Compilers and Development

The following compiler and development related features and functionalities are deprecated in Oracle Linux 9.

Keys Smaller Than 2048-bits in OpenSSL

OpenSSL 3.0 has deprecated keys smaller than 2048 bits. Keys smaller than 2048 bits might not work in FIPS mode.

Some PKCS1 v1.5 modes

SomePKCS1 v1.5 modes aren't approved in FIPS-140-3 for encryption and are disabled.

Identity Management and Authentication

The following identity management and authentication features and functionalities are deprecated in Oracle Linux 9.

SSSD Files Provider

The SSSD files provider, which retrieves user information from local files such as /etc/shadow and group information from /etc/groups, is deprecated and disabled by default in Oracle Linux 9.

To retrieve user and group information from local files with SSSD:

Configure SSSD. Choose one of the following options:
1. Explicitly configure a local domain with the id_provider=files option in the sssd.conf configuration file.
```
[domain/local]
id_provider=files
...
```
2. Enable the files provider by setting enable_files_domain=true in the sssd.conf configuration file.
```
[sssd]
enable_files_domain = true
```

Configure the name services switch.

sudo authselect enable-feature with-files-provider

Note that the files provider might be removed from a future release of Oracle Linux.

OpenLDAP Utility Options

The OpenLDAP project has deprecated the -h and -p options in its utilities, and recommends using the -H option instead to specify the LDAP URI. The -h and -p options will be removed from Oracle Linux products that use OpenLDAP in future releases.

Desktop

The following desktop related features and functionalities are deprecated in Oracle Linux 9.

X.org Server

In Oracle Linux 9, the X.org display server is deprecated, and consequently, the xorg-x11-server-Xorg package.

The default desktop session is the Wayland session. However, the X11 protocol continues to be supported by using the XWayland backend. Therefore, applications that require X11 can run in Wayland sessions.

GTK 2

The legacy GTK 2 toolkit and the following, related packages are deprecated:

adwaita-gtk2-theme
gnome-common
gtk2
gtk2-immodules
hexchat

If you maintain an application that uses GTK 2, port the application to GTK 4 as soon as possible.

Motif Toolkit

The Motif widget tool is deprecated, including the following packages:

motif
openmotif
openmotif21
openmotif22

Likewise, the motif-static package has been removed. In place of Motif, use the GTK toolkit.

Virtualization

The following virtualization related features and functionalities are deprecated in Oracle Linux 9.

Signatures Using SHA-1

The use of SHA1-based signatures to perform SecureBoot image verification on UEFI (PE/COFF) executables is deprecated. Instead, use signatures that are based on SHA-2 or later.

Virtual Machine Manager

In place of the deprecated Virtual Machine Manager (virt-manager), use the web console, otherwise known as Cockpit.

Virtual Machine Snapshots

Support for creating snapshots of VMs is limited only to those that do not use UEFI firmware. However, the operation might cause the QEMU monitor to become blocked and affects hypervisor operations.

As an alternative, use external snapshots.

`libvirtd` Daemon

As a replacement of the deprecated libvirtd daemon, use the modular daemons in the libvirt library. For example, the virtqemud handles QEMU drivers.

Virtual Floppy Driver

The isa-fdc driver controls virtual floppy disk devices. To ensure compatibility with migrated virtual machines (VMs), you should not use floppy disk devices in virtual machines that you subsequently host on Oracle Linux 9.

`qcow2-v2` Format

For virtual disk images, use the qcow2-v3 format instead.

Legacy CPU Models

The following legacy CPU models are deprecated for use in VMs:

For Intel® : models prior to Intel® Xeon 55xx and 75xx Processor families (also known as Nehalem)
For AMD: models prior to AMD Opteron G4

To check whether a VM is using a deprecated CPU model, use the virsh dominfo command, and look for a line similar to the following in the Messages section:

tainted: use of deprecated configuration settings
deprecated configuration: CPU model 'i486'

Containers

The following features and functionalities that are related to containers are deprecated in Oracle Linux 9.

Oracle Linux 9 Containers on Oracle Linux 7 Hosts

Creating Oracle Linux 9 containers on an Oracle Linux 7 host is unsupported. Attempts to deploy this configuration might succeed, but is not guaranteed.

SHA-1 Algorithm Within Podman

Support for using the SHA-11 algorithm to generate the filename of the rootless network namespace is removed in Podman. You should restart rootless containers that were configured by using Podman earlier than version 4.1.1. Restarting these containers rather than just using slirp4netns ensures that these containers and join the network and connect with containers that were created with upgraded Podman versions.

CNI Network Stack

The Container Network Interface (CNI) network stack is deprecated. You can use the Netavark network stack with Podman and other Open Container Initiative (OCI) container management applications. The Netavark network stack for Podman is also compatible with advanced Docker functionalities.