OpenSUSE Leap 15.6 Release Notes
openSUSE Leap is a free and Linux-based operating system for your PC, Laptop or Server. You can surf the Web, manage your e-mails and photos, do office work, play videos or music and have a lot of fun!
Publication Date: 2024-06-10, Version: 15.6.20240610.a9f19f4
This is the initial version of the release notes for the forthcoming openSUSE Leap 15.6.
If you upgrade from an older version to this openSUSE Leap release, see previous release notes listed here: https://en.opensuse.org/openSUSE:Release_Notes.
This public beta test is part of the openSUSE project. Information about the project is available at https://www.opensuse.org.
Report all bugs you encounter using this prerelease of openSUSE Leap 15.6 in the openSUSE Bugzilla. For more information, see https://en.opensuse.org/Submitting_Bug_Reports. If you would like to see anything added to the release notes, file a bug report against the component “Release Notes”.
Installation
This section contains installation-related notes. For detailed installation instructions, see the documentation at https://doc.opensuse.org/documentation/leap/startup/html/book-startup/part-basics.html.
Using Atomic Updates With the System Role Transactional Server
The installer supports the system role Transactional Server. This system role features an update system that applies updates atomically (as a single operation) and makes them easy to revert should that become necessary. These features are based on the package management tools that all other SUSE and openSUSE distributions also rely on. This means that the vast majority of RPM packages that work with other system roles of openSUSE Leap 15.6 also work with the system role Transactional Server.
Note: Incompatible packages
Some packages modify the contents of /var
or /srv
in their RPM %post
scripts. These packages are incompatible. If you find such a package, file a bug report.
To provide these features, this update system relies on:
- Btrfs snapshots. Before a system update is started, a new Btrfs snapshot of the root file system is created. Then, all the changes from the update are installed into that Btrfs snapshot. To complete the update, you can then restart the system into the new snapshot.
To revert the update, simply boot from the previous snapshot instead.
- A read-only root file system. To avoid issues with and data loss because of updates, the root file system must not be written to otherwise. Therefore, the root file system is mounted read-only during normal operation.
To make this setup work, two additional changes to the file system needed to be made: To allow writing user configuration in/etc
, this directory is automatically configured to use OverlayFS./var
is now a separate subvolume which can be written to by processes.
Important: Transactional Server Needs At Least 12 GB of Disk Space
The system role Transactional Server needs a disk size of at least 12 GB to accommodate Btrfs snapshots.
Important: YaST Does Not Work Transactional Mode
Currently, YaST does not work with transactional updates. This is because YaST performs things immediately and because it cannot edit a read-only filesystem.
To work with transactional updates, always use the command transactional-update
instead of YaST and Zypper for all software management:
- Update the system:
transactional-update up
- Install a package:
transactional-update pkg in PACKAGE_NAME
- Remove a package:
transactional-update pkg rm PACKAGE_NAME
- To revert the last snapshot, that is the last set of changes to the root file system, make sure your system is booted into the next to last snapshot and run:
transactional-update rollback
Optionally, add a snapshot ID to the end of the command to rollback to a specific ID.
When using this system role, by default, the system will perform a daily update and reboot between 03:30 am and 05:00 am. Both of these actions are systemd-based and if necessary can be disabled using systemctl:
systemctl disable --now transactional-update.timer rebootmgr.service
For more information about transactional updates, see the openSUSE Kubic blog posts https://kubic.opensuse.org/blog/2018-04-04-transactionalupdates/ and https://kubic.opensuse.org/blog/2018-04-20-transactionalupdates2/.
Installing on Hard Disks With Less Than 12 GB of Capacity
The installer will only propose a partitioning scheme if the available hard disk size is larger than 12 GB. If you want to set up, for example, very small virtual machines images, use the guided partitioner to tune partitioning parameters manually.
UEFI - Unified Extensible Firmware Interface
Prior to installing openSUSE on a system that boots using UEFI (Unified Extensible Firmware Interface), you are urgently advised to check for any firmware updates the hardware vendor recommends and, if available, to install such an update. A pre-installation of Windows 8 or later is a strong indication that your system boots using UEFI.
Background: Some UEFI firmware has bugs that cause it to break if too much data gets written to the UEFI storage area. However, there is no clear data of how much is "too much".
openSUSE minimizes the risk by not writing more than the bare minimum required to boot the OS. The minimum means telling the UEFI firmware about the location of the openSUSE boot loader. Upstream Linux kernel features that use the UEFI storage area for storing boot and crash information (pstore
) have been disabled by default. Nevertheless, it is recommended to install any firmware updates the hardware vendor recommends.
UEFI, GPT and MS-DOS Parititions
Together with the EFI/UEFI specification, a new style of partitioning arrived: GPT (GUID Partition Table). This new schema uses globally unique identifiers (128-bit values displayed in 32 hexadecimal digits) to identify devices and partition types.
Additionally, the UEFI specification also allows legacy MBR (MS-DOS) partitions. The Linux boot loaders (ELILO or GRUB 2) try to automatically generate a GUID for those legacy partitions, and write them to the firmware. Such a GUID can change frequently, causing a rewrite in the firmware. A rewrite consists of two different operations: Removing the old entry and creating a new entry that replaces the first one.
Modern firmware has a garbage collector that collects deleted entries and frees the memory reserved for old entries. A problem arises when faulty firmware does not collect and free those entries. This can result in a non-bootable system.
To work around this problem, convert the legacy MBR partition to GPT.
System Upgrade
This section lists notes related to upgrading the system. For supported scenarios and detailed upgrade instructions, see the documentation at:
- https://en.opensuse.org/SDB:System_upgrade
- https://doc.opensuse.org/documentation/leap/startup/html/book-startup/cha-update-osuse.html
Make sure to also review the following sections of this documentation:
- Section 3, "Packaging Changes"
- Section 7.1, "Usage of 4096 bit RSA RPM and repository signing key"
Packaging Changes
Important changes in updated packages
Package python-podman is now based on the project podman-py was python-podman.
Deprecated Packages
Deprecated packages are still shipped as part of the distribution but are scheduled to be removed the next version of openSUSE Leap. These packages exist to aid migration, but their use is discouraged and they may not receive updates.
To check whether installed packages are no longer maintained, make sure that the lifecycle-data-openSUSE
package is installed, then use the command:
zypper lifecycle
Removed Packages
Removed packages are not shipped as part of the distribution anymore.
The following packages were all superseded by NVIDIA SUSE Prime. Also see Section "#Removal of Bumblebee packages"
bbswitch
bumblebee
bumblebee-status
primus
The following python packages were all removed from openSUSE Leap 15.6 as they are unmaintained and no longer part of openSUSE Factory.
python-pytest-faulthandler
python-pytest-flake8dir
python-pytest-ordering
python-pytest-
pythonpath
python-pytest-random-order
python-pytest-repeat
python-pytest-reqs
python-pytest-travis-fold
python-IMDbPY
python-Keras-Applications
python-Ming
python-PasteScript
python-PyPrint
python-Pykka
python-Qt.py
python-Quandl
python-Theano
python-abclient
python-jupyter-nbutils
python-jupyter_calysto
python-jupyter_contrib_core
python-jupyter_full_width
python-jupyter_highlight_selected_word
python-jupyter_imatlab_kernel
python-jupyter_jgraph
python-jupyter_jupyterlab_launcher
python-jupyter_latex_envs
python-jupyter_nbpresent
python-jupyter_nbsmoke
python-jupyter_sphinx
python-jupyter_themer
python-jupyter_vega
python-jupyter_watermark
python-nbindex-jupyter
python-dephell-archive
python-dephell-argparse
python-dephell-discover
python-dephell-licenses
python-dephell-links
python-dephell-setuptools
python-dephell-shells
python-demjson
python-discover
python-django-babel
python-djvulibre
python-dnsdiag
python-efilter
python-enum-compat
python-featureflow
python-flake8-future-import
python-flask-peewee
python-flask-restplus
python-pep517
python-piston-mini-client
python-pomegranate
python-proboscis
python-pyIOSXR
python-pyblake2
python-pyfg
python-pygeos
python-pympv
python-python-fileinspector
python-python-jsonrpc-server
python-socketIO-client-nexus
python-sphinxcontrib-actdiag
python-spyder-line-profiler
python-spyder-memory-profiler
python-spyder-unittest
python-sqlsoup
python-test-server
python-img2pdf
python-jenkins-job-builder
python-jgraph
python-jsonextended
python-jsonlib-python3
python-jsonpath-rw-ext
python-jupytext
python-keepalive
python-keyczar
python-language-check
python-logilab-astng
python-lws
python-lzmaffi
python-missingno
python-mockldap
python-moksha-common
python-moviepy
python-murano-pkg-check
python-uncompyle6
python-whois_similarity_distance
python-nose-cover3
python-nose-random
python-openstack.nose_plugin
python-nagiosplugin
python-nbsphinx-link
python-os-api-ref
python-oslo.db
python-pampy
python-pass_
python_keyring
python-pdfkit
python-qgrid
python-raet
python-ravello-sdk
python-requests-html
python-ruamel.yaml.cmd
python-rustcfg
python-serpy
python-shouldbe
python-sigal
python-slumber
python-torch
python-tox-travis
python-trello
python-twodict
Drivers and Hardware
Removal of Bumblebee packages
Packages maintained as part of X11:Bumblebee project were succeeded by NVIDIA SUSE Prime. Bumblebee packages will no longer be part of the standard distribution. See details in the drop feature request tracker.
Secure Boot: Third-Party Drivers Need to Be Properly Signed
Starting with openSUSE Leap 15.2, kernel module signature check for third-party drivers (CONFIG_MODULE_SIG=y
) is now enabled. This is an important security measure to avoid untrusted code running in the kernel.
This may prevent third-party kernel modules from being loaded if UEFI Secure Boot is enabled. Kernel Module Packages (KMPs) from the official openSUSE repositories are not affected, because the modules they contain are signed with the openSUSE key. The signature check has the following behaviour:
- Kernel modules that are unsigned or signed with a key that is either known as untrusted or cannot be verified against the system's trusted key data base will be blocked.
It is possible to generate a custom certificate, enroll it into the system's Machine Owner Key (MOK) data base, and sign locally compiled kernel modules with this certificate's key. Modules signed in this manner will neither be blocked nor cause warnings. See https://en.opensuse.org/openSUSE:UEFI.
Since this also affects NVIDIA graphics drivers, we addressed this in our official packages for openSUSE. However, you need to manually enroll a new MOK key after installation to make the new packages work. For instructions how to install the drivers and enroll the MOK key, see https://en.opensuse.org/SDB:NVIDIA_drivers#Secureboot.
Network install image hangs on boot on Raspberry Pi
Booting the network install image from USB stick on Raspberry Pi 4 hangs on boot. To resolve this issue, add the console=tty
boot parameter. See details in the known issues section of our Raspberry Pi 4 Hardware Compatibility List.
Desktop
This section lists desktop issues and changes in openSUSE Leap 15.6.
KDE 4 and Qt 4 removal
KDE 4 packages will not be part of openSUSE Leap 15.4. Please update your system to Plasma 5 and Qt 5. Some of Qt 4 packages might still remain for compatibility reasons. https://bugzilla.opensuse.org/show_bug.cgi?id=1179613.
noveau
disabled for NVIDIA Turing and Ampere GPUs/openGPU recommendation
The nouveau
driver is still considered experimental for Nvidia Turing and Ampere GPUs. Therefore it has been disabled by default on systems with these GPUs.
Instead of using the nouveau driver we recommend using Nvidia's new openGPU driver. Install this driver by installing these following packages:
- nvidia-open-driver-G06-signed-kmp-default
- kernel-firmware-nvidia-gsp-G06
Then uncomment the options nvidia
line in the /etc/modprobe.d/50-nvidia-default.conf
file so that it looks like the following afterwards:
### Enable support on *all* Turing/Ampere GPUs: Alpha Quality! options nvidia NVreg_OpenRmEnableUnsupportedGpus=1
If you prefer using nouveau
driver anyway, add nouveau.force_probe=1
to your kernel boot parameters, and do not install the above openGPU package.
Starting ibus
automatically under KDE Plasma
ibus
does not start automatically under KDE Plasma. This can be fixed by adding the appropriate command to the autostart section. To do that, go to System Settings, Startup and Shutdown, Autostart and there click on the Add… button, and then click on Add Application…. In the opened dialog window type ibus-daemon -x
into the text box and click OK. For more information see https://bugzilla.suse.com/show_bug.cgi?id=1211977.
General
iotop
support
iotop
does not display values for SWAPIN and IO %.
Since Linux kernel 5.14, either kernel boot parameter delayacct
needs to be specified or kernel.task_delayacct
sysctl needs to be enabled.
Security
This section lists changes to security features in openSUSE Leap 15.6
Usage of 4096 bit RSA RPM and repository signing key
We switched the RPM and repository signing key of openSUSE Leap 15.5 from 2048 bit RSA to a 4096 bit RSA key. This key was previously introduced to openSUSE Leap 15.4 users in a maintenance update. Users upgrading from older releases will need to import the new key manually as described in https://en.opensuse.org/SDB:System_upgrade#0._New_4096_bit_RSA_signing_key.
Cockpit root login is disabled by default
Cockpit is newly part of openSUSE Leap 15.6. However, similarly to sshd, the password-based login for root is disabled by default. Users need to manually edit /etc/cockpit/disallowed-users
and restart cockpit.socket
as described in https://news.opensuse.org/2024/04/29/try-cockpit-in-leap-rc/ to allow root login.
More Information and Feedback
- Read the
README
documents on the medium. - View a detailed changelog information about a particular package from its RPM:
rpm --changelog -qp FILENAME.rpm
- Replace
FILENAME
with the name of the RPM. - Check the
ChangeLog
file in the top level of the medium for a chronological log of all changes made to the updated packages. - Find more information in the
docu
directory on the medium. - For additional or updated documentation, see https://doc.opensuse.org/ .
- For the latest product news, from openSUSE, visit https://www.opensuse.org.
Copyright © 2024 SUSE LLC