Skill

rhel-knowledge-patch

Updates on RHEL 10+ breaking changes like Valkey replacing Redis, Podman v5 with pasta networking, ISC Kea DHCP, stricter TLS/FIPS policies, and software versions. Load before RHEL tasks.

Linux

Redis

Install

npx claudepluginhub nevaberry/nevaberry-plugins --plugin rhel-knowledge-patch

Tool Access

This skill uses the workspace's default tool permissions.

Supporting Assets

references/podman-v5.mdreferences/removed-features.mdreferences/security-changes.md

SKILL.md

Similar Skills

agent-harness-construction

Designs and optimizes AI agent action spaces, tool definitions, observation formats, error recovery, and context for higher task completion rates.

ecc

150.0k

agent-introspection-debugging

Implements structured self-debugging workflow for AI agent failures: capture errors, diagnose patterns like loops or context overflow, apply contained recoveries, and generate introspection reports.

ecc

150.0k

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

ecc

150.0k

Stats

Parent Repo Stars14

Parent Repo Forks0

Last CommitApr 6, 2026

Actions

View Source View Plugin View on GitHub View README

RHEL 10+ Knowledge Patch

Claude's baseline knowledge covers RHEL through 9.3. This skill provides changes from RHEL 10.0 (2025-06-10) onwards.

Breaking Changes Quick Reference

What Changed	Old (RHEL 9)	New (RHEL 10+)
Redis	`redis` package	Removed — use `valkey` 7.2
Sendmail	`sendmail` package	Removed — use `postfix`
DHCP server	`dhcp`/`dhclient`	Removed — use `dhcpcd` or ISC Kea
Network teaming	`teamd`/`libteam`	Removed — use bonding
FIPS setup	`fips-mode-setup`	Removed — enable at install with `fips=1` kernel arg
FIPS check	`/etc/system-fips`	Removed — read `/proc/sys/crypto/fips_enabled`
TLS crypto policy	RSA key exchange allowed	RSA key exchange rejected in DEFAULT policy
SHA-1 in TLS	Allowed in LEGACY	Disallowed even in LEGACY policy
OpenSSL Engines	ENGINE API available	Removed — use providers (e.g. `pkcs11-provider`)
CA trust bundle	`/etc/pki/tls/certs/ca-bundle.crt`	`/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem`
Installer remote	VNC (`inst.vnc`)	RDP (`inst.rdp`, `inst.rdp.password`)
Default user privs	Non-admin	Admin by default
GFS2	Supported	Removed
Container cgroups	v1 default	v2 default
Rootless networking	`slirp4netns`	`pasta`

Software Versions (RHEL 10.0)

Python 3.12, Ruby 3.3, Node.js 22, Perl 5.40, PHP 8.3, GCC 14.2, glibc 2.39, LLVM 19.1.7, Rust 1.84.1, Go 1.23, MariaDB 10.11, MySQL 8.4, PostgreSQL 16, Valkey 7.2, Apache 2.4.62, nginx 1.26, Git 2.45, OpenSSH 9.9, GnuTLS 3.8.9.

RHEL 10.1 adds: GCC Toolset 15, Python 3.13 (alternate AppStream).

Podman v5 Changes

Podman v5 is the default in RHEL 10. Key differences from v4:

pasta is default rootless network (not slirp4netns)
cgroups v2 only (v1 no longer default)
podman farm build fully supported for multi-arch images
Quadlets support pods (.pod files)
podman update changes are persistent (SQLite and BoltDB backends)
containers.conf is read-only for connections/farms — use podman.connections.json
--compat-volumes option for builds (VOLUME instruction handling)
zstd:chunked compression for push/pull
sigstore signatures replace GPG for image verification

See references/podman-v5.md for Quadlet keys and CLI option details.

Security and Crypto Policy

RHEL 10 makes significant crypto policy changes:

DEFAULT policy rejects TLS ciphers with RSA key exchange (use LEGACY to re-enable)
LEGACY policy disallows SHA-1 signatures in TLS
DSA and SEED algorithms removed from NSS
RSA PKCS#1 v1.5 encryption deprecated in GnuTLS
Post-quantum algorithms (PQ) available as Technology Preview via crypto-policies
Sequoia PGP tools sq and sqv complement GnuPG
OpenSSL ENGINE API removed — migrate to pkcs11-provider
HeartBeat and SRP removed from TLS

See references/security-changes.md for details.

OpenSSH 9.9

Ed25519 keys generated by default (except FIPS mode — defaults to RSA)
ChannelTimeout keyword in sshd_config for inactive channel closure
EnableEscapeCommandline option in ssh_config
Agent key restriction and forwarding controls

Removed Infrastructure

# These packages no longer exist in RHEL 10:
# sendmail → postfix
# redis → valkey
# dhcp/dhclient → dhcpcd or ISC Kea
# teamd/libteam → use bonding
# fips-mode-setup → fips=1 kernel arg at install
# scap-workbench → oscap CLI
# oscap-anaconda-addon → RHEL image builder OpenSCAP integration

See references/removed-features.md for the full list.

Installer Changes

RDP replaces VNC: inst.rdp, inst.rdp.password, inst.rdp.username
Wayland compositor replaces Xorg in installer (inst.xdriver removed)
No separate /boot partition on disk images
New users get admin privileges by default
Kickstart: --teamslaves/--teamconfig removed (use --bondslaves/--bondopts)
Kickstart: auth/authconfig removed (use authselect)
Kickstart: timezone --ntpservers removed (use timesource --ntp-server)