LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

Rocky Linux is Back in the RHEL Clone Business Due to a Clever Legal Hack

Rocky Linux vs. IBM

Well that was fast.

No sooner did IBM try to kneecap RHEL clones than one of them found an elegant hack – only six days later.  Bravo, Rocky Linux.

If you didn’t read the previous article, the short of it is that IBM doesn’t like RHEL clones.  RedHat Linux Enterprise Edition is under the Gnu Public License (GPL), which obligates IBM to provide the source code to the software, when is what RHEL clones like Alma Linux and Rocky Linux have been using to clone it.

However, the GPL only obligates them to provide it to end users that they provided the binaries to – an important distinction.  IBM decided to put the binaries behind a customer portal.  So you can still get binaries and source code, but only if you’re a paying customer.  And the customer agreements prohibits cloning it.  You can still sign up, download the source, and clone – but then IBM will cut off your contract.

This looked like a death kneel for Alma and Rocky, the chief clones.  Sure, they can still build a distro that has everything RHEL has, but it won’t be byte-for-byte bug-compatible, which is a major, er, selling point.

But Rocky has found a way forward.

The Cloud Loophole

Turns out that if you spin up a RHEL instance in the cloud, you are by virtue of that a RedHat Customer, and can download the SRPMS.  Fire up a spot instance, download, shut it down, and wait for the next release.

Per Rocky Linux’s commentary:

One option is through the usage of UBI container images which are based on RHEL and available from multiple online sources (including Docker Hub). Using the UBI image, it is easily possible to obtain Red Hat sources reliably and unencumbered. We have validated this through OCI (Open Container Initiative) containers and it works exactly as expected.

Another method that we will leverage is pay-per-use public cloud instances. With this, anyone can spin up RHEL images in the cloud and thus obtain the source code for all packages and errata. This is the easiest for us to scale as we can do all of this through CI pipelines, spinning up cloud images to obtain the sources via DNF, and post to our Git repositories automatically.



No Comments

    Leave a Reply

    Some notes on commenting on LowEndBox:

    • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
    • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
    • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

    Your email address will not be published. Required fields are marked *