CentOS-7 (1708) Release Notes

Last updated: October 25, 2017

1. Translations

Translations of these release notes are available for the following languages:

2. Introduction

The CentOS Project does not provide any verification, certification, or software assurance with respect to security for CentOS Linux. The Security Profiles provided in the CentOS Linux installers are a conversion of the ones included in RHEL Source Code. If certified / verified software that has guaranteed assurance is what you are looking for, then you likely do not want to use CentOS Linux. See this link if you plan to use Security Profiles.

Hello and welcome to the fifth CentOS-7 release. The CentOS Linux distribution is a stable, predictable, manageable and reproducible platform derived from the sources of Red Hat Enterprise Linux (RHEL)1. You can read our official product announcement for this release here.

CentOS conforms fully with Red Hat's redistribution policy and aims to have full functional compatibility with the upstream product. CentOS mainly changes packages to remove Red Hat's branding and artwork.

We have decided not to follow Red Hat's usage of Installation Roles. In CentOS Linux all content from every distribution 'channel' is made available to the user at time of installation.

The continuous release (CR) repository makes generally available packages that will appear in the next point release of CentOS, on a testing and hotfix basis until formally released. Please read through the other sections before trying an install or reporting an issue.

3. Install Media

Various installation images are available for installing CentOS. Which image you need to download depends on your installation environment. All of these images can either be burned on a DVD or dd’ed to an USB memory stick.

If you are unsure which image to use, pick the DVD image. It allows selecting which components you want to install and contains all packages that can be selected from the GUI installer. The 'Everything' DVD is almost twice the size of the ordinary DVD and is not required for most common installs - it is intended for use by sysadmins who want to run their own local mirror.

Live media images are also available, both for Gnome and KDE desktop environments. These allow you to test out CentOS by booting from the DVD or USB stick. You can also install CentOS to your hard disk from the live media images, but please note that what gets installed on your hard disk is exactly the same as you see when using the live media. For more flexibility in selecting which packages you want to have installed, please use the DVD image.

The netinstall image can be used for doing installs over network. After booting the computer with the netinstall image, the installer will ask from where it should fetch the packages to be installed.

The everything image contains all the packages that are available for CentOS-7, including those that are not directly installable from the installer. If you want to install those other packages, you must mount the install media on your installed system after the installation, and copy or install the packages from there. For most users installing from the DVD image and then installing the other packages with ”yum install <packagename>” instead is probably easier.

[Bug 8353]

Attention
At least 1024 MB RAM is required to install and use CentOS-7 (1708). When using the Live ISOs for install, 1024 MB RAM produces very slow results and even some install failures. At least 1536 MB RAM is recommended for LiveGNOME or LiveKDE installs.

4. Verifying Downloaded Installation Images

Before copying the image to your preferred installation media you should check the sha256sum of the downloaded installation images.

sha256sum x86_64:
ec7500d4b006702af6af023b1f8f1b890b6c7ee54400bb98cef968b883cd6546  CentOS-7-x86_64-DVD-1708.iso
8593f5a1631ebfb7581193a7b4ef96d44f500d3ceb49cc4cfbfd71d5698e4173  CentOS-7-x86_64-Everything-1708.iso
9941f5e1257d74e763652ceae5096ed73ddc94a9703ae116931d8713b801fec0  CentOS-7-x86_64-LiveGNOME-1708.iso
4ba63634a8430d134d8a9535c62ff1341c33c898fb1c768a0c6e54fbc92a9133  CentOS-7-x86_64-LiveKDE-1708.iso
bba314624956961a2ea31dd460cd860a77911c1e0a56e4820a12b9c5dad363f5  CentOS-7-x86_64-Minimal-1708.iso
fe3d960cce4d2c1c9f1b66817fe87cc0ee1a1c6c5dd126204cb5c33d51a45620  CentOS-7-x86_64-NetInstall-1708.iso

5. Major Changes

<!> Because of these rebases some 3rd party repositories (Like EPEL, nux!, etc.) may not have all their packages rebuilt to use the newer packages in this release. This may cause the inability to update to the new release until those repositories fix their dependencies. However, at this point in time, more than 1 month after the release of 7.4, all these issues should be sorted out.

More information can be found at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html.

6. Deprecated Features

This release - as already mentioned - features various changes to cryptographic abilities of various packages. Some insecure cryptographic algorithms and protocols are removed from the distro. For a complete list of all removed functions and deprecated packages please take a look at this page.

7. Known Issues

A list of known upstream issues can be found here. Given that we build from the same sources, many if not all of those issues will likely also apply to CentOS Linux. You can also find information on notable updates here.

The version of libgpod in EPEL is newer than the version release in RHEL-7.4, and therefore in CentOS-7 (1708). This will lead to an update error in CentOS-7 if you have libgpod from EPEL installed. You can use yum downgrade libgpod to bring in the proper libgpod, and after it completes, then continue with your upgrade with a yum update.

Updating a system without checking the packages being installed as deps pulls in various i686 packages. This is due to rdma. More on this behaviour can be found here. As a workaround you can use this command yum update rdma-core.x86_64 && yum update. If you see transaction check conflicts when trying to install rdma-core, try yum update rdma-core.x86_64 ibacm instead.

If you are running CentOS-7 as a Xen domU in ParaVirtualization (PV) mode, an upgrade to CentOS-7 (1708) will cause the VM to not be able to boot. You must use HVM (full emulation) or PV-on-HVM mode to run this version of CentOS with the Xen hypervisor. Please see this mailing list thread for more details.

If you use network bonding then there is an upstream bug report about the 7.4 kernel and using non-zero values for updelay= and downdelay=. If either are specified and are non zero then the bond will fail and your logs will be spammed with messages about being unable to bring one of the component interfaces up. The workaround is to use updelay=0 and/or downdelay=0 as part of the BONDING_OPTS= line. Redhat have now released a new kernel with the fix for this - yum update to at least kernel-3.10.0-693.5.2.el7 to get that.

samba may fail with "symbol krb5_get_init_creds_opt_set_pac_request, not defined". This is because of a missing dependency for a newer version of krb5-libs. The issue is resolved by installing krb5-libs-1.15.1-8.el7. See BZ 1480310 for more details.

keepalived users should note that the 7.4 keepalived 1.3.5 packages have an unspecified requirement for the 7.4 selinux-policy packages >= 3.13.1-166 or you may experience segfaults. You must update selinux-policy as well as the keepalived package.

samba share with sssd authentication is broken. This is being worked on upstream. A workaround is to downgrade the samba packages to an earlier version.

Users of the openldap-servers package who use the ppolicy overlay need to take action before the upgrade as per the link in https://bugs.centos.org/view.php?id=13750 to https://lists.ltb-project.org/pipermail/ltb-users/2015-December/000653.html - there are also instructions in the second link on how to recover if you did the update without taking action first.

The first vte291 package that was released to the CR repo was built against incorrect libraries. The package has since then been rebuilt. If, for example, your GNOME Terminal has colours that are too dark, a yum reinstall vte291 should help. This does not affect those users who had not used the pre-release packages from the CR repo.

VirtualBox (5.1.26 or older) is not fully compatible with CentOS-7 (1708). Use 5.1.28 or later.

In VMware, building the vmnet.ko kernel module fails. There is a patch to fix this. See their post for details.

The initramfs files are now significantly bigger than in CentOS-7 (1503). You may want to consider lowering installonly_limit in /etc/yum.conf to reduce the number of installed kernels if your /boot partition is smaller than 400MB. New installations should consider using 1GB, which is now the upstream recommended, as the size of the /boot partition.

Users connecting to a Cisco Meraki VPN server using libreswan may find that the connection will no longer establish after the update from libreswan 3.15 to 3.20. To allow these connections to complete you will need to add the algorithms used by the VPN server to the libreswan list. You can check the output from ipsec status from prior to the update like ipsec status | grep "algorithm newest" and add those to the list. If using a manual setup then you need to edit /etc/ipsec.d/$connection.conf and add ike= and esp= lines to the connection. If using NetworkManager you can use the GUI to add them in the "IPSec Settings.../Advanced" window in the "Phase1 Algorithms" (the ike=) and "Phase2 Algorithms" (the esp=). For the Meraki I use, that means adding 3DES-SHA1;MODP1024 to ike= and 3DES-HMAC_SHA1 to the esp= list. Be aware that this may not be as secure as it should be and the issue should probably be reported to Meraki support.

As part of the sudo rebase, it now uses /var/db/sudo/lectured for keeping track of who has seen the sudo "lecture". Due to this change you can expect to see the lecture again for all users using sudo for the first time after the update.

Rhythmbox cover art placeholder visible when viewing disabled BZ 1396775

The GNOME version rebase will lead to icons with an increased size on the desktop or in nautilus. Changing the icon zoom factor in nautilus will also affect the size on the desktop. You can do this in nautilus itself, or through cli: gsettings set org.gnome.nautilus.icon-view default-zoom-level 'small' (where value can be small, standard, large, larger). See also bug 13768

Many people have complained that Ethernet interfaces are not started with the new default NetworkManager tool/have to be explicitly enabled during installation. See CentOS-7 FAQ#2. This has been the case since the initial release of CentOS 6.0 so is not new.

At least 1024 MB RAM is required and 1536MB+ is recommended to install and use CentOS-7 (1708). When using the Live ISOs for install, 1024 MB RAM produces very slow results and even some install failures. At least 1536 MB RAM is recommended for LiveGNOME or LiveKDE installs.

If your screen resolution is 800x600 or lower, parts of the images shown at the bottom during install are clipped. This has been the case for all CentOS 7 versions.

Old VMware Workstation/VMware ESXi versions allow to install two different virtual SCSI adapters: BusLogic and LsiLogic. However the default kernel from CentOS-7 does not include the corresponding driver for any of them thus resulting in an unbootable system if you install on a SCSI disk using the defaults for CentOS Linux. If you select 'Red Hat Enterprise Linux' as OS, the paravirtualized SCSI adapter is used, which works. This does not seem to be an issue with newer VMWare versions which select a newer model of controller.

Commonly used utilities such as ifconfig/netstat have been marked as deprecated for some considerable time and the 'net-tools' package is no longer part of the @core group so will not be installed by default. Use nmcli c up ifname <interfacename> to get your network up and running and use yum to install the package if you really need it. Kickstart users can pull in the net-tools package as part of the install.

The AlpsPS/2 'ALPS DualPoint TouchPad' edge scrolling does not work by default on CentOS-7. See bug 7403 for the command to make this feature work.

There is an issue with using iptables and ip6tables where the iptables service fails to start and affects systems where firewalld is disabled and BOTH iptables AND ip6tables are enabled: BZ1477413 has more on this issue. There should be a released fix soon. Note: This issue was fixed for CentOS with iptables-1.4.21-18.0.1.el7 which was included in the CR release and is also on the newly created install media. There is no CentOS package with this problem. This issue is not yet fixed in RHEL.

8. Fixed Issues

9. Packages and Applications

9.1. Packages modified by CentOS

9.2. Packages removed from CentOS that are included upstream

9.3. Packages added by CentOS that are not included upstream

9.4. Packages released as 7.3.1611 updates with older packages on the 7.4.1708 install media

10. Sources

All CentOS-7 sources are hosted at git.centos.org. All code released into the distribution originated from git.centos.org.

Source RPMs will also be published once the release is done, in the usual location at http://vault.centos.org/centos/7/

From a CentOS machine you can easily retrieve sources using the yumdownloader --source <packagename> command.

11. How to help and get help

As a CentOS user there are various ways you can help out with the CentOS community. Take a look at our Contribute page for further information on how to get involved.

11.1. Special Interest Groups

CentOS consists of different Special Interest Groups (SIGs) that bring together people with similar interests. The following SIGs already exist (among others):

And we encourage people to join any of these SIGs or start up a new SIG, e.g.

11.2. Mailing Lists and Forums

Another way you can help others in the community is by actively helping and resolving problems that users come up against in the mailing lists and the forums.

11.3. Wiki and Website

Even as an inexperienced CentOS user we can use your help. Because we like to know what problems you encountered, if you had problems finding specific information, how you would improve documentation so it becomes more accessible. This kind of feedback is as valuable to others as it would have been to you so your involvement is required to make CentOS better.

So if you want to help out and improve our documentation and Wiki, register on the Wiki or subscribe to the centos-docs mailing list.

11.4. IRC Presence

The CentOS project maintains a presence on the freenode IRC network as an additional venue for community support and interaction. Please see our IRC wiki article for more information.

12. Further Reading

The following websites contain large amounts of information to help people with their CentOS systems:

13. Thanks

We thank everyone involved for helping us produce this product and would like to specifically acknowledge the extra effort made by the QA Team. Without them working lots and lots of hours in evenings, nights, weekends and holidays, we couldn't have released this Release in the time we did. A special thanks also goes to the CentOS-community. A more complete list of the contributors to this release can be found at /usr/share/doc/centos-release/Contributors of your new CentOS-7 installation.

Copyright (C) 2017 The CentOS Project


Manuals/ReleaseNotes/CentOS7 (last edited 2017-11-02 02:15:45 by InyongHwang)