Functionality deprecated in AL2 and removed in AL2023
This section describes functionality that is available in AL2, and no longer available in AL2023.
Topics
- 32-bit x86 (i686) Packages
- aws-apitools-* replaced by Amazon CLI
- awslogs deprecated in favor of unified Amazon CloudWatch Logs agent
- bzr revision control system
- cgroup v1
- log4j hotpatch (log4j-cve-2021-44228-hotpatch)
- lsb_release and the system-lsb-core package
- mcrypt
- OpenJDK 7 (java-1.7.0-openjdk)
- Python 2.7
- rsyslog-openssl replaces rsyslog-gnutls
- Network Information Service (NIS) / yp
- Multiple domain names in Amazon VPC create-dhcp-options
- OpenSSH key fingerprint in audit log
32-bit x86 (i686) Packages
As part of the 2014.09 release of AL1
If you need to run 32-bit binaries on AL2023, it is possible to use the 32-bit userspace from AL2 inside an AL2 container running on top of AL2023.
aws-apitools-*
replaced by Amazon CLI
Prior to release of the Amazon CLI in September 2013, Amazon made a set of command line
utilities available, implemented in Java, which allowed customers to make Amazon EC2
API calls. These tools were deprecated in 2015, with the Amazon CLI becoming the preferred way to
interact with Amazon EC2 APIs from the command line. This includes the following aws-apitools-*
packages.
-
aws-apitools-as
-
aws-apitools-cfn
-
aws-apitools-common
-
aws-apitools-ec2
-
aws-apitools-elb
-
aws-apitools-mon
Upstream support for the
aws-apitools-*
packages ended in March of 2017. Despite the
lack of upstream support, Amazon Linux continued to ship some of these command
line utilities (such as aws-apitools-ec2
) in order to provide
backwards compatibility for customers. The Amazon CLI is a more robust and
complete tool than the aws-apitools-*
packages as it is
actively maintained and provides a means of using all Amazon APIs.
The aws-apitools-*
packages were deprecated in March 2017 and will not be receiving further updates. All users of any of these packages should migrate to the Amazon CLI as soon as possible.
These packages are not present in AL2023.
awslogs
deprecated in favor of unified Amazon CloudWatch Logs agent
The awslogs
package is deprecated in AL2 and is no longer present in AL2023.
It is replaced by the unified CloudWatch Logs agent, available in the amazon-cloudwatch-agent
package.
For more information, see the Amazon CloudWatch Logs User Guide.
bzr
revision control system
The GNU
Bazaarbzr
) revision control system is discontinued in AL2
and no longer present in AL2023.
Users of bzr
are advised to migrate their repositories to git
.
cgroup v1
AL2023 moves to Unified Control Group hierarchy (cgroup v2), whereas AL2 uses cgroup v1. As AL2 doesn't support cgroup v2, this migration needs to be completed as part of moving to AL2023.
log4j hotpatch (log4j-cve-2021-44228-hotpatch
)
Note
The log4j-cve-2021-44228-hotpatch
package is deprecated in AL2 and removed in AL2023.
In response to CVE-2021-44228
The hotpatch was a mitigation to allow time to patch log4j
. The first
general availability release of AL2023 was 15 months after CVE-2021-44228
Customers running their own log4j
versions on Amazon Linux are
advised to ensure they have updated to versions not affected by
CVE-2021-44228
lsb_release
and the system-lsb-core
package
Historically, some software invoked the lsb_release
command
(provided in AL2 by the system-lsb-core
package)
to get information about the Linux distribution that it was being run on.
The Linux Standards Base (LSB) introduced this command and Linux
distributions adopted it. Linux distributions have evolved to use the simpler
standard of holding this information in /etc/os-release
and other related files.
The os-release
standard comes out of systemd
.
For more information, see
systemd os-release documentation
AL2023 doesn't ship with the lsb_release
command, and
doesn't include the system-lsb-core
package. Software
should complete the transition to the os-release
standard to maintain compatibility with Amazon Linux and other major Linux
distributions.
mcrypt
The mcrypt
library and associated PHP extension was deprecated in AL2,
and is no longer present in AL2023.
Upstream PHP
deprecated the mcrypt
extension in PHP 7.1
The upstream mcrypt
library last made a release in 2007cvs
revision control that SourceForge required for new commits in 2017
Any remaining users of mcrypt
are advised to port their code to OpenSSL, as mcrypt
will not be added to AL2023.
OpenJDK 7 (java-1.7.0-openjdk
)
Note
AL2023 provides several versions of
Amazon Corretto
For more information about Java on Amazon Linux, see Java in AL2.
Python 2.7
Note
AL2023 removed Python 2.7, so any OS components requiring Python are written to work with Python 3. To continue to use a version of Python provided by and supported by Amazon Linux, convert Python 2 code to Python 3.
For more information about Python on Amazon Linux, see Python in AL2.
rsyslog-openssl
replaces rsyslog-gnutls
The rsyslog-gnutls
package is deprecated in AL2, and no longer present in AL2023.
The rsyslog-openssl
package should be a drop-in replacement for any usage of the
rsyslog-gnutls
package.
Network Information Service (NIS) / yp
The Network Information Service (NIS), originally called Yellow Pages or
YP is deprecated in AL2, and no longer present in AL2023.
This includes the following packages: ypbind
,
ypserv
, and yp-tools
. Other packages that
integrate with NIS have this functionality removed in AL2023.
Multiple domain names in Amazon VPC create-dhcp-options
In Amazon Linux 2, it was possible to pass multiple domain names in the
domain-name
parameter to
create-dhcp-options
/etc/resolv.conf
containing something like search foo.example.com bar.example.com
.
The Amazon VPC DHCP server sends the list of provided domain names using DHCP option 15, which only supports a single
domain name (see RFC 2132 section 3.17systemd-networkd
for network configuration, which follows the RFC, this accidental feature in AL2 is
not present on AL2023
The Amazon CLI
On these systems, such as AL2023, specifying two domains using DHCP option 15 (which only allows one),
and since the space character is invalid in domain names032
, resulting in /etc/resolv.conf
containing search foo.exmple.com032bar.example.com
.
In order to support multiple domain names, a DHCP server should use
DHCP Option 119 (see
RFC 3397, section 2
OpenSSH key fingerprint in audit
log
Later in the lifecyle of AL2, a patch was added to the OpenSSH package to emit the key fingerprint used to authenticate. This functionality is not present in AL2023.