But, Rocky Linux 9 is not just another RHEL clone. True, like its rivals, such as AlmaLinux 9, it is based on CentOS Stream and duplicates RHEL 9's functionality. But, to me, the real killer difference is that the new Rocky Linux comes with an open-source build system called Peridot.
As Kurtzer, CEO of HPC company CIQ and founder of the Rocky Enterprise Software Foundation (RESF), Rocky Linux's parent organization, explained, "When we release any version of Rocky Linux, it is more than just a bunch of binaries, package repositories, and installers. But, with version 9, CIQ has created a completely cloud-native build stack called Peridot, which we have given to the RESF and released as open source."
That means with Peridot, as Kurtzer continued, "anyone can create, build, enhance and manage Rocky Linux as we do. Additionally, every Rocky Linux release is built 100% in the open, by the community, for the community. They ship with all of our infrastructure and secure material like keys and secure boot shims being managed by the RESF. This is our commitment to our users and community from day one, ensuring that Rocky Linux will always be freely available and community controlled."
Peridot works. It was used to build Rocky Linux 9 for the x86_64, aarch64, s390x, and ppc64le architectures. While in its first iteration Rocky Linux 9 wasn't available quickly. Looking ahead, RESF believes that new Rocky versions can be released within a week of each RHEL new version release. Peridot's source code is already available at It will soon be easily installable via Helm Charts for anyone to leverage.
In short, since Rocky Linux uses only open-source tools to deliver a completely reproducible operating system, there won't be a repeat of the CentOS 8 end-of-life problems. Looking ahead, you can use Rocky Linux without worrying about leaving your servers high and dry.
As for Rocky Linux 9 itself, its new features include:
SHA-1 message digest for cryptographic purposes has been deprecated, as the cryptographic hash functions produced by SHA-1 are no longer considered secure.
OpenSSL is now version 3.0.1 with many improvements, including a provider concept, a new versioning scheme, an improved HTTP(S) client, support for new protocols, formats, algorithms, and more.
OpenSSH is now version 8.7p1 with many improvements, most notably the replacement of the SCP/RCP protocol with the SFTP protocol, which offers more predictable filename handling.
SELinux performance, memory overhead, time to load, and more have been substantially improved.
Rocky Linux 9 supports automatic configuration of security compliance settings for PCI-DSS, HIPAA, DISA, and others directly through the Anaconda installer, saving time and effort to meet complicated requirements.
New Networking Features
mptcpd or MultiPath TCP Daemon can be used instead of iproute2 to configure MultiPath TCP endpoints.
NetworkManager now uses key files to store new connection profiles as a default but still supports the use of ifcfg.
iptables-nft and ipset are now deprecated, which included the utilities, iptables, ip6tables, ebtables, and arp tables. These are all replaced by the nftables framework.
Network-scripts package has been removed. Use NetworkManager to configure network connections.