OpenSUSE Leap 15.3 Release Notes: Difference between revisions

openSUSE Leap is a free and Linux-based operating system for your PC, Laptop or Server. You can surf the Web, manage your e-mails and photos, do office work, play videos or music and have a lot of fun!

The release notes are under constant development. To find out about the latest updates, see the online version at https://doc.opensuse.org/release-notes. The English release notes are updated whenever need arises. Translated language versions can temporarily be incomplete.

Major new features of openSUSE Leap 15.3 are also listed at https://en.opensuse.org/Features_15.3.

This section contains installation-related notes. For detailed upgrade instructions, see the documentation at https://doc.opensuse.org/documentation/leap/startup/html/book-startup/part-basics.html.

The openSUSE Leap 15.3 maintenance setup consists of three main update repositories. These are: <code>repo-update</code>, <code>repo-backports-update</code>, and <code>repo-sle-update</code>. The latter two are new and are a result of re-using binaries from SUSE Linux Enterprise. These repositories are available and checked during the online installation of openSUSE Leap. We recommend you to use them. New update repository definitions for openSUSE Leap 15.3 will be additionally supplied via a 0day maintenance update of the <code>openSUSE-release</code> package. The update will be delivered via the traditional <code>repo-update</code> maintenance channel. It will carry a special update flag that means it touches the software management area which is then specially handled by zypper. You should double-check using the '''<code>zypper up</code>''' command whether all updates were processed. For more information, see https://bugzilla.opensuse.org/show_bug.cgi?id=1186593.

The third repository, named <code>repo-sle-update</code>, is an update repository that contains combined updates from all active SUSE Linux Enterprise update streams. This repository is without the <code>debug-info</code> variant.

The installer supports the system role ''Transactional Server''. This system role features an update system that applies updates atomically (as a single operation) and makes them easy to revert should that become necessary. These features are based on the package management tools that all other SUSE and openSUSE distributions also rely on. This means that the vast majority of RPM packages that work with other system roles of openSUSE Leap 15.3 also work with the system role ''Transactional Server''.

<div style="background:#C0C0C0;border:1px solid #666666;padding-left:5px;padding-right:5px;padding-bottom:5px;padding-top:5px;">

Some packages modify the contents of <code>/var</code> or <code>/srv</code> in their RPM <code>%post</code> scripts. These packages are incompatible. If you find such a package, file a bug report.

* To revert the last snapshot, that is the last set of changes to the root file system, make sure your system is booted into the next to last snapshot and run: '''<code>transactional-update rollback</code>'''

When using this system role, by default, the system will perform a daily update and reboot between 03:30 am and 05:00 am. Both of these actions are systemd-based and if necessary can be disabled using '''<code>systemctl</code>''':

For more information about transactional updates, see the openSUSE Kubic blog posts https://kubic.opensuse.org/blog/2018-04-04-transactionalupdates/ and https://kubic.opensuse.org/blog/2018-04-20-transactionalupdates2/.

The installer will only propose a partitioning scheme if the available hard disk size is larger than 12 GB. If you want to set up, for example, very small virtual machines images, use the guided partitioner to tune partitioning parameters manually.

Prior to installing openSUSE on a system that boots using UEFI (Unified Extensible Firmware Interface), you are urgently advised to check for any firmware updates the hardware vendor recommends and, if available, to install such an update. A pre-installation of Windows 8 or later is a strong indication that your system boots using UEFI.

openSUSE minimizes the risk by not writing more than the bare minimum required to boot the OS. The minimum means telling the UEFI firmware about the location of the openSUSE boot loader. Upstream Linux kernel features that use the UEFI storage area for storing boot and crash information (<code>pstore</code>) have been disabled by default. Nevertheless, it is recommended to install any firmware updates the hardware vendor recommends.

Together with the EFI/UEFI specification, a new style of partitioning arrived: GPT (GUID Partition Table). This new schema uses globally unique identifiers (128-bit values displayed in 32 hexadecimal digits) to identify devices and partition types.

To work around this problem, convert the legacy MBR partition to GPT.

This section lists notes related to upgrading the system. For supported scenarios and detailed upgrade instructions, see the documentation at:

Additionally, check Section 3, "Removed and deprecated packages and features".

openSUSE Leap 15.3 is newly built on top of binary rpms from SUSE Linux Enterprise Server. This change was introduced as part of the Closing The Leap Gap (CtLG) effort to bring openSUSE Leap and SUSE Linux Enterprise Server closer together.

* Run the <code>zypper dup</code> command. You will be asked to import the missing key. This will happen even if the key is in the directory mentioned above. If the file contains multiple keys, zypper will import only the required key.

On openSUSE Leap, the default kernel has been split into three subpackages: <code>kernel-default</code>, <code>kernel-default-extra</code>, and <code>kernel-default-optional</code>. Similarly, <code>kernel-preempt</code> has also been split into <code>kernel-preempt</code>, <code>kernel-preempt-extra</code>, and <code>kernel-preempt-optional</code>. The <code>-optional</code> package contains optional modules only for openSUSE Leap. The <code>-extra</code> package contains unsupported modules. The kernel preemption mode can be controlled by setting the <code>preempt=voluntary</code> kernel parameter on the command line. This parameter works with <code>kernel-default</code>.

If you use this kernel variant, make sure that all RPMs required for your use case are installed.

Deprecated packages are still shipped as part of the distribution but are scheduled to be removed the next version of openSUSE Leap. These packages exist to aid migration, but their use is discouraged and they may not receive updates.

* <code>midori</code>, a lightweight web browser based on WebKit and GTK+, is no longer suppored and is scheduled for removal in next release.

To check whether installed packages are no longer maintained: Make sure that <code>lifecycle-data-openSUSE</code> is installed, then use the command:

  zypper lifecycle

Removed packages are not shipped as part of the distribution anymore.

Berkeley DB, used as a database in certain packages, is dual-licensed under GNU AGPLv3/Sleepycat licenses. Because service vendors that redistribute our packages could find packages with these licenses potentially detrimental to their solutions, we have decided to remove Berkeley DB as a dependency from these packages. In the long term, SUSE aims to provide a solution without Berkeley DB.

* <code>rpm</code>

The newly introduced <code>openSUSE-signkey-cert</code> package is required for openSUSE KMPs like <code>virtualbox</code>, but only in Secure Boot mode. The package includes the certificate of openSUSE signing key for signing kernel module file (<code>.ko</code>) in openSUSE KMP and calls <code>mokutil</code> to help user enroll the certificate to MOK. This way, the openSUSE KMP can be verified by the kernel.

If you do not have the base pattern installed and are using any of these KMPs, we recommend installing the <code>openSUSE-signkey-cert</code> package manually. A system reboot is required. More information about this process and manual enrollment can be found at https://en.opensuse.org/SDB:NVIDIA_drivers#Secureboot.

openSUSE Leap 15.2 and later enable a kernel module signature check for third-party drivers (<code>CONFIG_MODULE_SIG=y</code>). This is an important security measure to avoid untrusted code running in the kernel.

* Kernel modules that are unsigned or signed with a key that is either known as untrusted or cannot be verified against the system's trusted key data base will be blocked.

Since this also affects NVIDIA graphics drivers, we addressed this in our official packages for openSUSE. However, you need to manually enroll a new MOK key after installation to make the new packages work. For instructions how to install the drivers and enroll the MOK key, see https://en.opensuse.org/SDB:NVIDIA_drivers#Secureboot.

This section lists desktop issues and changes in openSUSE Leap 15.3.

KDE 4 packages are no longer part of openSUSE Leap 15.3. Update your system to Plasma 5 and Qt 5. Some Qt 4 packages may still remain for compatibility reasons. For more information, see https://bugzilla.opensuse.org/show_bug.cgi?id=1179613.

Since <code>IBus</code> version 1.5.23 renamed some keyboard layouts, it cannot load configuration containing these renamed layouts after upgrading. Thereby, it might reset the layout to US. Layouts of the following languages are affected: Belgian, German, Greek, Romanian, and Slovak. See https://bugzilla.opensuse.org/show_bug.cgi?id=1177545 for more information.

* Read the <code>README</code> documents on the medium.