• timezone --ntpservers

• timezone --nontp

• logging --level

• %packages --excludeWeakdeps

• %packages --instLangs

• %anaconda

• pwpolicy

• nvdimm

Even though specific options are listed as deprecated, the base command and the other options remain available and operative. If you use a deprecated command in kickstart files, warnings are generated in the logs. To change deprecated command warnings to errors, set the inst.ksstrict boot option.

The dump utility that's included in the dump package is deprecated.

You can alternatively use the tar or dd to achieve similar functionality.

Note that the restore utility, originally included in the dump package, remains available in Oracle Linux 9 and can be installed by using the restore package.

The use of a SQLite backend database for the Bacula backup utility is deprecated. Bacula can use a MySQL backend database and you can migrate existing deployments to MySQL. Avoid using SQLite for new deployments of the Bacula backup utility.

The SHA1 algorithm is deprecated in Oracle Linux 9. Digital signatures using SHA-1 hash algorithm are no longer considered secure and therefore not allowed on Oracle Linux 9 systems by default. Oracle Linux 9 has been updated to avoid using SHA-1 in security-related use cases.

However, the HMAC-SHA1 message authentication code and the Universal Unique Identifier (UUID) values can still be created by using SHA-1.

In cases where you need SHA-1 to verify existing or third party cryptographic signatures, you can enable SHA-1 as follows:

sudo update-crypto-policies --set DEFAULT:SHA1

As an alternative, you can switch the systemwide crypto policies to the LEGACY policy. However, this policy also enables other algorithms that are not secure, and therefore risks making the system vulnerable.

Furthermore, use of the SHA-1 algorithm at SECLEVEL=2 is deprecated in OpenSSL.

In the scp utility, secure copy protocol (SCP) is replaced by the SSH File Transfer Protocol (SFTP) by default. Likewise, SCP is deprecated in the libssh library.

Oracle Linux 9 doesn't use SCP in the OpenSSH suite.

• MD2

• MD4

• MDC2

• Whirlpool

• RIPEMD160

• Blowfish

• CAST

• DES

• IDEA

• RC2

• RC4

• RC5

• SEED

• PBKDF1

The implementations of these algorithms have been moved to the legacy provider in OpenSSL

For instructions on how to load the legacy provider and enable support for the deprecated algorithms, see the /etc/pki/tls/openssl.cnf configuration file.

The Digest-MD5 authentication mechanism in the Simple Authentication Security Layer (SASL) framework is deprecated.

The /etc/system-fips file was used to indicate the FIPS mode in the system. This file is removed in Oracle Linux 9.

To install Oracle Linux 9 in FIPS mode, add the fips=1 parameter to the kernel command line during the system installation. To check whether Oracle Linux 9 is operating in FIPS mode, use the fips-mode-setup --check command.

The libcrypt.so.1 cryptogarhic library is deprecated.

The /etc/fapolicyd/fapolicyd.rules file is deprecated. You can store policy rules for fapolicyd in the /etc/fapolicyd/rules.d/ directory. The fagenrules script merges all component rule files in this directory to the /etc/fapolicyd/compiled.rules file.

Rules in /etc/fapolicyd/fapolicyd.trust continue to be processed by fapolicyd for backward compatibility.

The teamd service, and the libteam library, and support for configuring network teams are deprecated in favor of network bonds. You should use network bonds instead, which have similar functions as teams, and which would receive enhancements and updates.

Network configurations profiles used to be in ifcfg format and stored in the /etc/sysconfig/network-scripts directory. This format is deprecated. In Oracle Linux 9, new network configurations are stored in /etc/NetworkManager/system-connections in keyfile format. This format works with all the connection settings provided by NetworkManager.

However, information in the /etc/sysconfig/network-scripts remain operative, and modifications to existing profiles continue to update the older files.

With the deprecation of the iptables framework, the iptables backend and the direct interface are also deprecated.

Therefore, the following packages are also deprecated:

• iptables-devel

• iptables-libs

• iptables-nft

• iptables-nft-services

• iptables-utils

As an alternative to using direct interface, use the native features in firewalld to configure the required rules.

Asynchronous Transfer Mode (ATM) encapsulation enables Layer-2 (Point-to-Point Protocol, Ethernet) or Layer-3 (IP) connectivity for the ATM Adaptation Layer 5 (AAL-5). Currently, these protocols are used only in chipsets that use ADSL technology, which are being phased out.

The kexec_load system call for kexec-tools is deprecated.

The kexec_file_load system call replaces kexec_load and is the default system call.

The lvm2-activation-generator program is deprecated, together with its generated services as follows:

• lvm2-activation

• lvm2-activation-early

• lvm2-activation-net

The lvm.conf event_activation that used to activate these services no longer works. The only method that is used for automatic activation of volume groups is event based activation.

Deprecation of the Berkely DB (libdb) package includes the removal of cryptographic algorithms and dependencies. Users of libdb should migrate to a different key-value database.

OpenSSL 3.0 has deprecated keys smaller than 2048 bits. Keys smaller than 2048 bits might not work in FIPS mode.

SomePKCS1 v1.5 modes aren't approved in FIPS-140-3 for encryption and are disabled.

The SSSD files provider, which retrieves user information from local files such as /etc/shadow and group information from /etc/groups, is deprecated and disabled by default in Oracle Linux 9.

To retrieve user and group information from local files with SSSD:

1. Configure SSSD. Choose one of the following options:

   1. Explicitly configure a local domain with the id_provider=files option in the sssd.conf configuration file.

      [domain/local]
      id_provider=files
      ...

   2. Enable the files provider by setting enable_files_domain=true in the sssd.conf configuration file.

      [sssd]
      enable_files_domain = true

2. Configure the name services switch.

   sudo authselect enable-feature with-files-provider

The OpenLDAP project has deprecated the -h and -p options in its utilities, and recommends using the -H option instead to specify the LDAP URI.

In Oracle Linux 9, the X.org display server is deprecated, and consequently, the xorg-x11-server-Xorg package.

The default desktop session is the Wayland session. However, the X11 protocol continues to be supported by using the XWayland backend. Therefore, applications that require X11 can run in Wayland sessions.

The legacy GTK 2 toolkit and the following, related packages are deprecated:

• adwaita-gtk2-theme

• gnome-common

• gtk2

• gtk2-immodules

• hexchat

If you maintain an application that uses GTK 2, port the application to GTK 4 as soon as possible.

The Motif widget tool is deprecated, including the following packages:

• motif

• openmotif

• openmotif21

• openmotif22

Likewise, the motif-static package has been removed. In place of Motif, use the GTK toolkit.

The use of SHA1-based signatures to perform SecureBoot image verification on UEFI (PE/COFF) executables is deprecated. Instead, use signatures that are based on SHA-2 or later.

In place of the deprecated Virtual Machine Manager (virt-manager), use the web console, otherwise known as Cockpit.

Support for creating snapshots of VMs is limited only to those that do not use UEFI firmware. However, the operation might cause the QEMU monitor to become blocked and affects hypervisor operations.

As an alternative, use external snapshots.

As a replacement of the deprecated libvirtd daemon, use the modular daemons in the libvirt library. For example, the virtqemud handles QEMU drivers.

The isa-fdc driver controls virtual floppy disk devices. To ensure compatibility with migrated virtual machines (VMs), you should not use floppy disk devices in virtual machines that you subsequently host on Oracle Linux 9.

For virtual disk images, use the qcow2-v3 format instead.

The following legacy CPU models are deprecated for use in VMs:

• For Intel® : models prior to Intel® Xeon 55xx and 75xx Processor families (also known as Nehalem)

• For AMD: models prior to AMD Opteron G4

To check whether a VM is using a deprecated CPU model, use the virsh dominfo command, and look for a line similar to the following in the Messages section:

tainted: use of deprecated configuration settings
deprecated configuration: CPU model 'i486'

Creating Oracle Linux 9 containers on an Oracle Linux 7 host is unsupported. Attempts to deploy this configuration might succeed, but is not guaranteed.

Support for using the SHA-11 algorithm to generate the filename of the rootless network namespace is removed in Podman. You should restart rootless containers that were configured by using Podman earlier than version 4.1.1. Restarting these containers rather than just using slirp4netns ensures that these containers and join the network and connect with containers that were created with upgraded Podman versions.

The Container Network Interface (CNI) network stack is deprecated. You can use the Netavark network stack with Podman and other Open Container Initiative (OCI) container management applications. The Netavark network stack for Podman is also compatible with advanced Docker functionalities.