About the Unbreakable Linux Network

1 About the Unbreakable Linux Network

WARNING:

Oracle Linux 7 is now in Extended Support. See Oracle Linux Extended Support and Oracle Open Source Support Policies for more information.

Migrate applications and data to Oracle Linux 8 or Oracle Linux 9 as soon as possible.

Note:

This documentation is specific to Oracle Linux 6 and Oracle Linux 7. If you're using Oracle Linux 8 or Oracle Linux 9, see Oracle Linux: Managing Software on Oracle Linux.

This chapter describes what the Unbreakable Linux Network (ULN) is and how it works. It includes a description of the packages required for a system to connect to ULN and also describes how channels are named and how software errata are released to the different channels.

If you have a subscription to Oracle Linux Support, you can use the comprehensive resources of the Unbreakable Linux Network (ULN). ULN offers software patches, updates, and fixes for Oracle Linux and Oracle VM, as well as information on yum, Ksplice, and support policies. You can also download useful packages that are not included in the original distribution. The ULN Alert Notification Tool periodically checks with ULN and alerts you when updates are available. You can access ULN at https://linux.oracle.com/, where you will also find instructions for registering with ULN, for creating local yum repositories, and for switching from the Red Hat Network (RHN) to ULN.

If you want to use yum with ULN to manage your systems, you must register the systems with ULN and subscribe each system to one or more ULN channels. When you register a system with ULN, the channel that contains the latest version is chosen automatically, according to the architecture and operating system revision of the system. See ULN Registration for more information.

When you run the yum command, it connects to the ULN server repository and downloads the latest software packages in RPM format onto your system. yum then presents you with a list of the available packages so that you can choose which packages you want to install.

ULN Access for Oracle Cloud Infrastructure

Compute nodes running Oracle Linux on Oracle Cloud Infrastructure and that are connected to a service gateway automatically have access to ULN content via the regional yum servers available on the Oracle Services Network. These yum servers differ from the publicly available Oracle Linux yum server in that they also mirror content available on restricted ULN channels.

Access to ULN content is provided by virtue of the support contract that you have for your Oracle Cloud Infrastructure account. You are able to access content on ULN without any requirement to register or use alternate tools to manage channel access, simplifying any software management that you need to perform on a compute node.

To enable access to restricted content via the regional yum servers, ensure that you have installed the appropriate release-elx packages and enabled the repositories that you require access to. For example, on Oracle Linux 7, you can run the following commands to access the ol7_oci_included repository, where tools like Oracle InstantClient, the Oracle Java Development Kit and Oracle Java Runtime Environment are located:

# yum install oci-included-release-el7
# yum-config-manager --enablerepo ol7_oci_included

Other ULN channels are also available directly via the Oracle Cloud Infrastructure regional yum servers. For instance, to access the Ksplice channels on an Oracle Linux 7 compute instance, you can do:

# yum install ksplice-release-el7
# yum-config-manager --enablerepo ol7_ksplice ol7_x86_64_userspace_ksplice

About the rhn-setup Package

The tools to register with ULN from an Oracle Linux or Oracle VM system are provided in the rhn-setup package. This package is available on the ol6_latest and ol7_latest yum repositories that are available on the Oracle Linux yum server. This package is usually also installed by default on a new installation of an Oracle Linux system.

You can also manually download the RPMs from ULN, directly, by browsing the appropriate channel and architecture for your system.

If you intend to migrate from the RedHat Network (RHN) to ULN, you should replace the matching package with the version provided by Oracle, to obtain access to the additional tools that make this possible. See Migrating from RHN to ULN for more information.

About ULN Channels

ULN provides more than 100 unique channels, which support the i386, x86_64, IA64, and the 64-bit Arm architectures, for releases of Oracle Linux 4 update 6 and later and Oracle VM 2.1 and later.

You can choose that your system remain at a specific OS revision, or you can allow the system to be updated with packages from later revisions.

You should subscribe to the channel that corresponds to the architecture of your system and the update level at which you want to maintain it. Patches and errata are available for specific revisions of Oracle Linux, but you do not need to upgrade from a given revision level to install these fixes. ULN channels also exist for MySQL, Oracle VM, Oracle Ksplice, OCFS2, RDS, and productivity applications.

The following table describes the main channels that are available.

Channel	Description
`_latest`	Provides all the latest versions of the packages in a distribution, including any errata that are also provided in the patch channel. If no vulnerabilities have been found in a package, the package version might be the same as that included in the original distribution. For other packages, the version is the same as that provided in the patch channel for the highest update level. For example, the `ol7_` arch `_latest` channel for Oracle Linux 7.9 contains a combination of the `ol7_u9_` arch `_base` and `ol7_u9_` arch `_patch` channels.
`_archive`	Provides older versions of packages that are added to a parent channel. The `_archive` suffix is usually added to the channel that it hosts archive packages for. For example, the `_latest` channels have equivalent `_latest_archive` channels to host older versions of packages that have been updated in the `_latest` channels. Packages are moved to an archive channel when newer versions of the same packages are added to the parent channel. This helps to keep the metadata for the parent channel manageable and also keeps the overall size of the channel down to a minimum. If you require an earlier version of a package, you can subscribe to the equivalent `_archive` channel to obtain it. When performing an installation or downgrade, you must specify the version of the package that you wish to install. Installing packages from an `_archive` channel may result in your system running software that has since been patched for security related issues. This could open your system up to vulnerabilities that could be exploited for malicious purposes.
`_base`	Provides the packages for each major version and minor update of Oracle Linux and Oracle VM. This channel corresponds to the released ISO media image. For example, there is a base channel for each of the update level of an Oracle Linux release . Oracle does not publish security errata and bug fixes on these channels.
`_patch`	Provides only those packages that have changed since the initial release of a major or minor version of Oracle Linux or Oracle VM. The patch channel always provides the most recent version of a package, including all fixes that have been provided since the initial version was released.
`_addons`	Provides packages that are not included in the base distribution, such as the package that you can use to create a local yum repository on Oracle Linux.
`_oracle`	Provides freely downloadable RPMs from Oracle that you can install on Oracle Linux, such as ASMLib and Oracle Instant Client.
`_optional`	Provides optional packages for Oracle Linux 7 that have been sourced from upstream. This channel includes most development packages (`*-devel`). Support for the optional packages is limited to package installation assistance only.
`_developer`	Provides packages that can be used to set up test and development environments for Oracle Linux. Packages released in this channel include tools that can be useful for developers and test engineers when setting up an environment. Support for the preview packages is limited to package installation assistance only.
`_preview`	Provides packages that are still under development at Oracle and are made available as technical previews for developer and test engineer usage. Support for the preview packages is limited to package installation assistance only.
`_developer_EPEL`	Provides a mirror of the selected packages that are available on the EPEL (Extra Packages for Enterprise Linux) repository. Support for the EPEL packages is limited to package installation assistance only.

Other channels may also be available, such as _beta channels for the beta versions of packages.

As each new, major version or minor update of Oracle Linux becomes available, Oracle creates new base and patch channels for each supported architecture to distribute new packages. The existing base and patch channels for the previous versions or updates remain available and do not include the new packages. The _latest channel distributes the latest possible version of any package, and tracks the top of the development tree independently of the update level.

Caution:

You can choose to maintain your system at a specific update level of Oracle Linux and selectively apply errata to that level by subscribing the system to the _base and _patch channels and unsubscribing it from the _latest channel. However, patches are not added to the _patch channel for previous updates of Oracle Linux after a new update has been released. For example, after the release of Oracle Linux 7.1, no further errata will be released on the ol7_x86_64_u0_patch channel.

Oracle recommends that you keep you system subscribed to the _latest channel. If you unsubscribe from the _latest channel, your system will become vulnerable to security-related issues when a new update is released.

For more information about the channels available for any system that you have registered with ULN, see ULN Channel Subscription Management.

About Software Errata

Oracle releases important changes to the Oracle Linux and Oracle VM software as individual package updates, known as errata. These package updates are made available for download on ULN before they are gathered into a release or distributed through the _patch channel.

Errata packages can contain the following:

Security advisories, which have names prefixed by ELSA-* (for Oracle Linux) and OVMSA-* (for Oracle VM).
Bug fix advisories, which have names prefixed by ELBA-* and OVMBA-*.
Feature enhancement advisories, which have names prefixed by ELEA-* and OVMEA-*.

To be notified when new errata packages are released, you can subscribe to the Oracle Linux and Oracle VM errata mailing lists at https://oss.oracle.com/mailman/listinfo/el-errata and https://oss.oracle.com/mailman/listinfo/oraclevm-errata.

If you are logged into ULN, you can also subscribe to these mailing lists by following the Subscribe to Enterprise Linux Errata mailing list and Subscribe to Oracle VM Errata mailing list links that are provided on the Errata tab.

Oracle publishes a complete list of errata made available on ULN at https://linux.oracle.com/errata. You can also see a published listing of Common Vulnerabilities and Exposures (CVEs) and explore their details and status at https://linux.oracle.com/cve.

Access Requirements For Restrictive Outbound Firewall Policies

For ULN to function correctly, the host system must have outbound access to linux-update.oracle.com via port 443.

If the outbound firewall you have configured does not support adding exceptions for hostnames, you can use the following IP addresses:

138.1.51.46: ULN IP address from 30 October 2020 at 10pm PT onwards
137.254.56.42: ULN IP address until 30 October 2020 at 10pm PT

For More Information About ULN

You can find out more information about ULN at https://linux.oracle.com/.