Friendly Fork » Linux Magazine

0
16


When Red Hat discontinued CentOS and replaced it with CentOS Stream in late 2020, AlmaLinux stepped forward to build a community downstream version of Red Hat Enterprise Linux (RHEL). In a desire to fill this void in the Enterprise Linux ecosystem, CloudLinux collaborated with the community to develop AlmaLinux OS as a downstream build of RHEL. After the first stable release in March 2021, CloudLinux turned governance of AlmaLinux OS over to the nonprofit AlmaLinux OS Foundation. From there, AlmaLinux chugged along for over two years providing the Enterprise Linux community with a forever-free Linux distro while offering long-term stability and a production grade platform.

That all changed in June 2023 when Red Hat announced that RHEL-related source code would be restricted to Red Hat’s customer portal. CentOS Stream, an upstream version of RHEL that contains experimental packages, would now be the sole repository for public RHEL-related source code releases. Because Red Hat’s subscription agreement prohibits customers from redistributing code, this move appeared to put an end to downstream builds like AlmaLinux as well as other RHEL clones like Rocky Linux and Oracle Linux.

Some were quick to predict the demise of these RHEL clones, but AlmaLinux, Rocky Linux, and others quickly charted a path forward. While Rocky Linux and the newly formed OpenELA (founded by Oracle, SUSE, and CIQ) have promised to retain 1:1 compatibility with RHEL, citing their rights under the GPL, AlmaLinux is forging a different path forward.

AlmaLinux plans to maintain application binary interface (ABI) compatibility to continue to provide the community with a forever-free Enterprise Linux solution. (See the “New Path Forward” box for our interview with benny Vasquez, AlmaLinux OS Foundation Chair, to learn why they chose this route.)

We talked to benny Vasquez, chair of the AlmaLinux OS Foundation, about their decision to shift to ABI compatibility in the wake of the changes at Red Hat.

Linux Magazine (LM): What prompted AlmaLinux to choose ABI over 1:1 compatibility with RHEL?

benny Vasquez (bV): The short answer is our users. Overwhelmingly, our users made it clear that they chose AlmaLinux for its ease of use, the security and stability that it provides, and the backing of a diverse group of sponsors. All of that together meant that we didn’t need to lock ourselves into copying RHEL, and we could continue to provide what our users needed.

Moreover, we needed to consider what our sponsors would be able to help us provide, and how we could best serve the downstream projects that now rely on AlmaLinux. The rippling effects of any decision that we make are beyond measure at this point, so we consider all aspects of our impact and then move forward with confidence and intention.

LM: How did AlmaLinux’s mission of improving the Linux ecosystem for everyone influence this decision?

bV: We strongly believe that the soul of open source means working together, providing value where there is a gap, and helping each other solve problems. If we participate in an emotional reaction to a business’s change, we will then be distracted and potentially hurt users and the Enterprise Linux ecosystem overall. By remaining focused on what is best (though not easiest), and adapting to the ecosystem as it is today, we will provide a better and more stable operating system.

LM: What opportunities does the ABI route offer over 1:1 compatibility?

bV: By liberating ourselves from the 1:1 promise, we have been able to do a few small things that have proven to be a good testing ground for what will come in the future. Specifically, we shipped a couple of smallish, but extremely important, security patches ahead of Red Hat, offering quicker security to the users of AlmaLinux. We also announced two additional repositories. One for testing and one for new packages that aren’t available in our upstream or in EPEL.

This also opens the door for other features and improvements that we could add back in or change, as our users need. We have already seen greater community involvement, especially around these ideas.

LM: Does the ABI route pose any extra challenges?

bV: The obvious one is that building from CentOS Stream sources takes more effort, but I think the more important challenge (and the one that will only be solved with consistency over time) is the one of proving that we will be able to deliver on the promise. With a community like ours, rebuilding someone else’s code doesn’t take as much effort. Technically, building from Stream takes more time for sure, but the public perception is that it will lead to greater divergence from RHEL. I think folks will be seriously happy about what they find as we release the new versions, namely, the consistency, stability, and security that they’ve come to expect from us.

LM: Since you are no longer bound to conform to 1:1 compatibility, what do you see in AlmaLinux’s future?

bV: We will continue on our goal of becoming the home for all users that need Enterprise Linux for free, but in the next year I expect that we will see an expansion in the number of kernels we support and see some new and exciting SIGs spun up around other features or use cases, as the community continues to standardize on how to achieve their goals collectively.

LM: What do you think your relationship with Red Hat will look like moving forward?

bV: Ultimately our goal is to improve the Enterprise Linux ecosystem, and we’ll welcome anyone who is actively working toward that goal. We have loved seeing the positive infusion of energy that the AlmaLinux users have been able to build on and are excited to see that continue to expand through the entire ecosystem.

1:1 vs. ABI Compatibility

In 1:1 compatibility, a clone distribution provides an exact copy of RHEL’s functionality, behavior, and binary compatibility, including bug-to-bug compatibility. It is an exact replica of RHEL minus RHEL’s branding and trademarks.

With ABI compatibility, AlmaLinux guarantees that all apps developed for RHEL or its clones will run on AlmaLinux without any modifications or extra work on the part of the user. AlmaLinux will not be an exact copy, but it will include kernel and application compatibility. This also means that AlmaLinux will not guarantee bug-to-bug compatibility. While some users might find bugs not found in RHEL, AlmaLinux also has the opportunity to include bug fixes not yet addressed by Red Hat, as well as possibly offer new features not available in RHEL.

Adjustments

Prior to Red Hat moving RHEL source code behind a paywall, any security update or bug fix in RHEL resulted in Red Hat publishing the corresponding code to a public repository. AlmaLinux then integrated this updated code into their own build and test system, produced a new RPM package manager, and then published the code in the AlmaLinux repositories.

Instead of updates and patches coming from a single repository, AlmaLinux now must gather them from multiple sources and then compare, test, and build the new release from these sources. To achieve ABI compatibility, AlmaLinux will use CentOS Stream (the upstream version of RHEL still available to the public) and then get additional code from Red Hat Universal Base Images (UBIs) and upstream Linux code. In a recent talk at All Things Open [1], Vasquez noted that 99 percent of the packages would match RHEL source code. Of this 99 percent, 75 percent will be built from CentOS Stream or UBI images, while approximately 24 percent will require manual patching.

The remaining one percent that differs from RHEL lies in the kernel patches. These kernel updates pose the biggest challenge because AlmaLinux can no longer pull these updates from Red Hat without violating licensing agreements. Moving forward, AlmaLinux plans to pull kernel updates from various other sources, and, if all else fails, the Oracle releases (which are also based on RHEL).

On the upside, AlmaLinux can now include comments in their patches for greater transparency. Users will see where the patch comes from, which was not an option before.

Finally, AlmaLinux now asks users who find bugs in AlmaLinux to attempt to test and replicate the problem in CentOS Stream in order to let developers correct the issue in the right place.

New Additions

No longer bound to 1:1 compatibility, AlmaLinux can set its own priorities rather than following RHEL’s lead. AlmaLinux now has the opportunity to include features that meet the needs of its community, whether that is fixing bugs faster (like the AMD microcode exploits [2]) or adding new features.

In August 2023, AlmaLinux added two new repositories, Testing and Synergy [3]. Testing, currently available for AlmaLinux 8 and 9, offers security updates before they are approved and implemented upstream. AlmaLinux has invited community members to help test these updates. (As per usual, Testing is not recommended for production machines.)

Synergy contains packages requested by community members that currently aren’t available in RHEL or Extra Packages for Enterprise Linux (EPEL, a set of extra software packages maintained by the Fedora SIG that are not available in RHEL or CentOS Stream). Synergy is available for AlmaLinux 8 and 9 as well as all Enterprise Linux users (e.g., RHEL, Rocky Linux, Oracle Linux, CentOS Stream). Once accepted to EPEL, these packages will be removed from Synergy. At the time of writing, current packages include the Pantheon Desktop Environment and the Warpinator app. Community members can request packages via the AlmaLinux Packaging chat channel in Mattermost [4].



Source link