Python 3.13 RC2 is now available in Tumbleweed. This new version of
the Python interpreter will be released in October 2024.
There is a lot of changes and new features in 3.13, but we’re also bringing exiting experimental features in Tumbleweed.
Experimental JIT compiler
The default (python313) build has the flag --enable-experimental-jit=yes-off. This means that if you want to use this experimental JIT you can enable with an environment variable:
$ PYTHON_JIT=1 python3.13
You can find more information about the JIT compiler and how it can improve performance in
PEP-744.
Free threaded CPython (no GIL)
With this new version of Python interpreter, there is an option to build without the famous Global Interpreter Lock, aka GIL. This is a really experimental feature, but why not have this on Tumbleweed? So we decided to build also this new version with a new package python313-nogil.
This new package is an isolated interpreter, so you can install without conflicts with python313. The package is building with the --disable-gil option and it provides the /usr/bin/python3.13t binary. It uses by default /usr/lib/python3.13t/site-packages for third-party libs so, with the default configuration, it won’t use any
python 3.13 module.
This means that now you can use threading.Thread in the Python interpreter, and it will be actual threads so, at the end using threads with python3.13t, interpreter should be a lot faster.
There’s no packages for this interpreter in Tumbleweed, at this moment. So if you want to use third party libraries you should use virtualenv and pip for that:
$ python3.13t -m venv free-threaded-env
$ source free-threaded-env/bin/activate
(free-threaded-env) $ pip install requests
(free-threaded-env) $ python3
Python 3.13.0rc2 experimental free-threading build (main, Sep 07 2024, 16:06:06) [GCC] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys; sys._is_gil_enabled()
False
As Slowroll continues its journey, the latest updates released on August 30 and two on Sept. 2 with snapshot 20240902T0137 and snapshot 20240902T2146 have brought a slew of maintenance packages that enhance systems. These updates are part of Slowroll’s ongoing effort to provide users with a balanced rolling release that prioritizes stability while keeping the software stack up-to-date.
Updates for the quarter were scheduled for July 9, August 9 and Sept. 9, so the updates are well with the the monthly cadence.
August 30 updates had 49 packages that focused primarily on existing tools. Key updates include:
Development Tools: Updates to llvm14, llvm15, and llvm17, alongside other essential packages like bash and python-Flask-Cors, ensure that developers working within the Slowroll environment have access to the latest tools and libraries for compiling and development.
System Utilities: The update includes improvements to NetworkManager-branding and ddcutil-service, which contribute to system performance and hardware compatibility.
Multimedia and Graphics: Applications like darktable, muPDF, and SDL_mixer received updates to provide smoother performance in graphic-related tasks.
Virtualization: The inclusion of an update for VirtualBox ensures that users relying on virtual environments continue to have a stable and secure platform for running other operating systems or isolated environments.
snapshot 20240902T0137 updates closely followed and delivered 44 packages. These updates include:
Network and Security: Updates include those for NetworkManager, bind and dkimproxy for reliable network operations.
Multimedia Improvements: The update provides enhancements to the gstreamer family of packages (gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, etc.) that are essential for media processing and playback.
System Utilities and Development: buildah, dracut and python-flake8 were among the tools updates for to both system administrators and developers.
Virtualization and Cloud: Updates to nextcloud and python-azure-agent focused on Slowroll’s cloud and virtual environments and technologies.
Graphics and Multimedia: Updates to Mesa and gstreamer-plugins-ugly provide improvements in handling 3D graphics and media playback tasks.
System Utilities: Essential updates to binutils, kernel-firmware, and lightdm enhance system stability and hardware compatibility.
Development Tools: The snapshot includes updates to gcc14 and several Python versions (python310, python311, python312, python313) and other libraries.
Security and Networking: Enhancements to openssl-3 and wireshark strengthen system security and improve network analysis capabilities.
Virtualization and Cloud: Updates to Xen and other virtualization tools aid in Slowroll systems to run virtual machines and manage cloud environments.
The development team is expected to release more updates in the future and people can subscribe to the Factory mailing list to get more information.
It’s crucial to understand that Slowroll is not intended to replace Leap. Instead, it provides an alternative for users who desire more up-to-date software at a slower cadence than Tumbleweed but faster than Leap.
If you try Slowroll, have a lot of fun - rolling… slowly!
Welcome to the monthly update for Tumbleweed for August 2024. This month has been a productive period with significant progress and updates. The rolling-release team is making headway on longer-term projects like dbus-broker showing promising progress and the transition to GNU Compiler Collection 14 as the default compiler is in its second phase as there are ongoing efforts to address the remaining build failures. Those efforts for GCC 14 becoming the default compiler are likely to arrive in the 20240827 snapshot. Go 1.22 became the default go compiler this month and ffmpeg switched from version 6 to 7. However, a critical issue emerged with the network stack in recent builds due to a race condition. Those using Wicked, which is a network configuration tool, were advised to delay updates or rollback using snapper while ongoing efforts focused on resolving the problem. A submit request for Wicked was made on August 28 for resolving the issue and will likely address the networking issue in a snapshot before August ends. Those not dependent on Wicked are encouraged to proceed with updates as usual.
Stay tuned and tumble on!
Should readers desire more frequent information about snapshot updates, they are encouraged to subscribe to the openSUSE Factory mailing list.
New Features and Enhancements
Linux Kernel 6.10.4: This update has some key changes including a fix to the klp_symbols macro in the kernel spec file, which addresses errors in the build process for openSUSE Tumbleweed. Networking improvements resolve issues in the bnxt_en driver and multiple fixes were made to the MPTCP protocol, which multiple path connection use while maximizing throughput and increasing redundancy. Updates to the DRM subsystem include fixes for memory leaks in Mesa’s V3D driver, handling issues in the AMD GPU driver and addressing black screen issues in the AST driver after resume. The update also includes critical bug fixes for the ALSA sound system, Btrfs file system and various other components.
GNOME 46.4: This update brings a series of enhancements and fixes across several core GNOME packages. While the gnome-bluetooth package updated to version 46.1, it addresses a bug that prevented some device icons from appearing correctly and includes updates for translations. The control center improves accessibility, resolves a memory leak in the default apps page and fixes issues related to network settings, Bolt visibility, and fingerprint enrollment. The gnome-software update corrects AppStream metadata formatting, includes translation updates and refreshes user docs and Help documentation.
php 8.3.10: This update brings a series of critical fixes and enhancements. In the core, it resolves several issues, including memory leaks, segmentation faults and support for systems with sysconf(_SC_GETPW_R_SIZE_MAX) == -1. Notable bug fixes include addressing a use-after-free in property coercion with __toString() and resolving crashes in DOMDocument::xinclude(). The updated package improves compatibility with libxml2 versions 2.13.0 and 2.13.2 and fixes issues in extensions like PDO. The update fixes buffer overflows, stream wrapper truncations and memory leaks.
KDE Plasma 6.1.4: This Konqi update brings a variety of fixes and improvements across several core components of the Plasma desktop environment. Discover addresses bugs related to license text parsing, icon caching and visibility calculations. The Crash handler Dr Konqi enhances reporting by integrating version information and improving metadata synthesis for crashes in kwin_x11. KPipeWire adds resilience to stream handling during PipeWire restarts and introduces a new encoder using libopenh264. KWin includes numerous fixes, such as improving window focus management, addressing crashes and enhancing rendering performance. Updates to the Plasma Desktop refine folder view behavior, applet layouts and visual configurations.
Frameworks 6.5.0: This update sees Attica add support for a new version field in DownloadDescription. Bluez Qt fixes connections related to the connectedDevices list property.
Breeze Icons introduces new category icons and resolves issues with symlinks for various applications. Extra CMake Modules adds MANPATH support and improves WaylandScanner handling.
KAuth enhances dbus backend functionality and KIO improves file handling, enhances logging and optimizes connection management. Additionally, Kirigami refines dialog behavior and accessibility features, while KTextEditor adds new actions for space and tab conversion along with improving drag behavior with wrapped lines. These updates collectively enhanced the functionality, stability and user experience across the KDE Plasma ecosystem.
systemd 256.5: The update restores the 32-bit version of libudev.so, which was inadvertently dropped during the merge of libudev-devel into systemd-devel. This restoration is essential for enabling plug-and-play support in Wine for 32-bit Windows applications. For a detailed list of changes, users can visit its GitHub changelog.
KDE Gear 24.08: Just in time for the upcoming Akademy 2024, KDE Gear 24.08 arrives with a fresh wave of updates across a broad range of applications. The release introduces new features for Dolphin like easier file management with administrative privileges and a streamlined Move to New Folder option. The disk visualizer Filelight has a friendlier interface and improves Windows version, which helps you visualize disk usage right from within Dolphin. Konsole makes navigating long outputs easier with a new bookmarking feature and video editor Kdenlive advances keyframe curve editing and refined effects handling. Travel apps like Itinerary and conference tracker Kongress are updated to assist you during Akademy, offering detailed travel plans and venue maps.
Key Package Updates
NetworkManager 1.48.8: The latest update resolves an issue with Open vSwitch (OVS) where stage3 activation could be triggered without an initialized DHCP client and improves configuration parsing by correctly handling the autoconnect-ports value to provide better control over automatic connections. Enhancements to IPv6 networking were made by preserving router preferences in neighbor discovery (NDISC).
pavucontrol 6.1: The major version of PulseAudio Volume Control package addresses issues such as translations not being correctly applied, a bug where unplugged audio cards would not disappear from the interface and a misalignment in Bluetooth codec selection. The application name in the desktop file has also been corrected to Volume Control. Version 6 introduces significant changes that including a migration from Gtk 3 to Gtk 4, embedded UI resources and improved support for 144 Hz monitors.
binutils 2.43: A new .base64 pseudo-op allows encoding data as base64 strings and Intel APX support is expanded with new instructions like CFCMOV and CCMP. The x86 Intel syntax now provides more warnings for mnemonic suffixes, and macros in assembly code can use \+ to track execution counts. Significant updates include support for armv9.5-a in AArch64 and new extensions in RISC-V, along with improved data handling in s390 and MIPS. The arm architecture drops support for outdated co-processors, while LoongArch gains finer control over assembly options. Enhancements in tools like readelf and objdump offer more detailed outputs, particularly for .eh_frame sections. The linker now includes options for segment handling and ISA level reporting. These updates enhance binutils’ functionality and adaptability across a wide range of platforms.
curl 8.9.1: This update addresses a critical regression fixing proper handling of sigpipe signals by initializing the struct correctly. Bug fixes include better detection of libssh and nettle in CMake providing better connection shutdown handling for event-based processing and more robust socket code for the --ip-tos option. Updates also improve compatibility and stability across different platforms, including fixes for 32-bit systems, OS400 builds and defensive coding for NULL inputs.
bash 5.2.32: Key fixes include correcting an inverted configure test for strtoimax(3) and resolving a problem where a DEBUG trap in an asynchronous process could mistakenly take control of the terminal, causing the calling shell to exit. The update corrects an issue where functions containing coprocesses were displayed with an erroneous COPROC command, making them unreadable as input.
CVE-2024-43167 was a null pointer flaw that may cause crashes, leading to a denial of service as well.
Mozilla Firefox 129.0: This release fixes 14 CVEs, which addresses multiple vulnerabilities, including fullscreen notification dialog obscuration with CVE-2024-7518, CVE-2024-7523, and CVE-2024-7529. There was an out-of-bounds memory access CVE-2024-7519 and CVE-2024-7522. There was type confusion and incomplete exception handling in WebAssembly with CVE-2024-7520 and CVE-2024-7521 along with some other CVEs affecting security and memory handling.
CVE-2024-6923 was a medium severity vulnerability in CPython’s email module that allows header injection due to improper quoting of newlines during email serialization.
Conclusion
August 2024 saw significant improvements for Tumbleweed users. Security fixes were made across multiple packages to ensure Tumbleweed remains stable and secure. Significant improvements were made in tools like pavucontrol, binutils and curl, with enhanced compatibility, performance and security. Noteworthy changes in packages such as php, systemd, and NetworkManager are crucial fixes. These updates collectively contribute to a more refined and stable rolling release environment.
Stay updated with the latest snapshots by subscribing to the openSUSE Factory mailing list.
For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.
Contributing to openSUSE Tumbleweed
Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.
NetworkManager is the default for all new installations since 2022 and desktop installations since 2018, so this mostly affects systems which have been installed before, or have been switched to Wicked manually.
Users are advised to postpone system updates for now if they use Wicked or are unsure. Users who have updated already can use Snapper to rollback to an earlier snapshot.
The root cause appears to be a race condition between Wicked and the D-Bus system, which results in the network stack failing to initialize properly. When Wicked is launched, it struggles to interact with D-Bus, leading to the failure of various dependent network services. This sequence of events will leave the rolling release’s network stack inoperative, often requiring a manual restart to restore network functionality.
To address this problem, initial efforts are focusing on modifying the service dependencies in the systemd service files.
In recent testing scenarios involving a build and NetworkManager, a significant issue has surfaced: the network stack becomes non-operational.
Users are advised to postpone system updates for now, but if users have already updated, use Snapper to rollback; it’s important to note that while the issue primarily affects GNOME setups with Wicked, it can also impact servers without these components.
This problem has been consistently reproducible since at least the 20240825 Tumbleweed build. Bind 9.20.1 received an update has changes to DNS query handling and system controls, which may have inadvertently contributed to the network stack issue.
The root cause appears to be a race condition between Wicked and the D-Bus system, which results in the network stack failing to initialize properly. When Wicked is launched, it struggles to interact with D-Bus, leading to the failure of various dependent network services.
System logs show that D-Bus is either not fully active or not recognized by Wicked at the time of initialization, triggering a series of failures across services like DHCP and AutoIPv4.
This sequence of events will leave the rolling release’s network stack inoperative, often requiring a manual restart to restore network functionality.
To address this problem, initial efforts are focusing on modifying the service dependencies in the systemd service files. One proposed solution may be adding After=dbus.service to the Wicked service configuration. However, this adjustment alone may prove insufficient in many cases.
Further investigation is leading to more proposed solutions. The issue also appears to extend beyond Wicked, potentially affecting other services and indicating broader implications for the system’s initialization processes.
The transition of NetworkManager and Wicked in some setups has uncovered the critical race condition affecting the network stack’s initialization. While recent adjustments to the systemd service configurations have significantly mitigated the issue, ongoing testing and further refinements are essential to achieve consistent network functionality. Users are advised to use snapper’s rollback to maintain proper network stack initialization.
The openSUSE Asia Summit Organization Committee would like to extend our heartfelt gratitude for invaluable contribution to the openSUSE.Asia Summit 2024 Logo Competition.
Choosing this year’s logo was tough because every submitted work was excellent, and the top three received equal votes.
We have finally decided to select Bayu Aji’s work from Indonesia as the logo of openSUSE.Asia Summit 2024.
Congratulations, Bayu! The winner will receive a special “Geeko Mystery Box”.
This year’s competition attracted 7 fantastic submissions from around the globe. The designs were all exceptional, and the votes were cast by the openSUSE.Asia Committee and Local Team. We sincerely thank everyone who participated in the voting process.
We would also like to express our appreciation to all the participants in the logo competition: Haruo Yoshino, Goofy Scalar, Kukuh Syafaat, Nikita Tripathi, and Daniel Galleguillos Cruz. We look forward to seeing you at the Summit!
Welcome to the monthly update for openSUSE Tumbleweed for July 2024. Last month was busy with events like the Community Summit in Berlin and the openSUSE Conference. Both events were productive and well-received. Despite the busy schedule and follow on discussion from the conference about the Rebranding of the Project, a number of snapshots continued to roll out to users this month.
Stay tuned and tumble on!
Should readers desire more frequent information about snapshot updates, they are encouraged to subscribe to the openSUSE Factory mailing list.
New Features and Enhancements
Linux Kernel 6.9.9: This kernel introduces several important fixes and enhancements across various subsystems. Key updates include the introduction of devm_mutex_init() for mutex initialization in multiple components, addressing issues in the Hisilicon debugfs uninit process, and resolving shared IRQ handling in DRM Lima drivers. Fixes in the PowerPC architecture avoid nmi_enter/nmi_exit in real mode interrupts, while networking improvements prevent unnecessary BUG() calls in net/dql. Enhancements in WiFi drivers such as RTW89 include improved handling for 6 GHz channels. Updates in DRM/AMD drivers address multiple issues, from uninitialized variable warnings to ensuring proper timestamp initialization and memory management. The RISC-V architecture receives a fix for initial sample period values, and several BPF selftests see adjustments for better error detection. These updates collectively enhance system stability, performance, and security. Snapshot 20240730 updated the Linux Kernel to version 6.10.2 after this blog was first published.
KDE Plasma 6.1.3: Discover now auto-handles Flatpak rebases from runtimes and properly uninstalls EOL refs without replacements. In Kglobalacceld, invalid keycodes are explicitly processed. Kpipewire introduces proper cleanup on deactivate and fixes thread handling for PipeWireSourceStream. KScreen now uses ContextualHelpButton from Kirigami, and Kscreenlocker adds a property to track past prompts. KWin sees numerous improvements: relaxed nightlight constraints, simplified Wayland popup handling, better input method windows, and enhanced screencast plugins. Plasma Mobile enhancements improve home screen interactions, translation issues, and swipe detection. Plasma Networkmanager and Plasma Workspace benefit from shared QQmlEngine and various bug fixes, including avatar image decoding and pointer warping on Wayland.
Frameworks 6.4.0: Attica updates its gitignore to include VS Code directories. Baloo reverts a QCoreApplication change and ports QML modules. Breeze Icons introduces a ColorScheme-Accent and fixes data-warning icons. KArchive now rejects tar files with negative sizes and fixes crashes with malformed files. KAuth and KBookmarks add VS Code directories to gitignore. KCalendarCore adds missing QtCore dependencies and QML bindings for calendar models. KIO improves systemd process handling and deprecates unused features. Kirigami enhances navigation and dialog components. KTextEditor adds a tool for testing JavaScript scripts and ensures even indent sizes, fixing multiple bugs.
KDE Gear 24.05.2: Akonadi-calendar adds missing change notifications. Dolphin updates Meta-Object Compiler generation. Filelight enables appx building and ensures hicolor icon presence while Itinerary fixes calendar permissions, corrupted notes, and the package introduces new extractors. Kdenlive addresses timeline, aspect ratio, and compilation issues. Okular fixes a crash with certain PDF actions.
Supermin 5.3.4: This update introduces several key enhancements, including support for OCaml 5 and kylinsecos. It improves package management by detecting dnf5 and omitting missing options. The update also refines OCaml compilation by using -output-complete-exe instead of -custom that fixes kernel filtering for the aarch64 architecture, and enables kernel uncompression on RISC-V. The update removes previously applied patches now included in the new tarball, helping to streamline the codebase and improve maintainability.
Checkpolicy 3.7: The latest update brings support for Classless Inter-Domain Routing notation in nodecon statements, enhancing SELinux policy definition capabilities. Error messages are now more descriptive, and error handling has been improved. Key bug fixes include handling unprintable tokens, avoiding garbage value assignments, freeing temporary bounds types and performing contiguous checks in host byte order.
Key Package Updates
NetworkManager 1.48.4: This update introduces support for matching Open vSwitch (OVS) system interfaces by MAC address, enhancing network interface management. Additionally, NetworkManager now considers the contents of /etc/hosts when determining the system hostname from reverse DNS lookups of configured interface addresses, improving hostname resolution accuracy. Subpackages updated include NetworkManager-bluetooth, NetworkManager-lang, NetworkManager-tui, NetworkManager-wwan, libnm0, and typelib-1_0-NM-1_0. These enhancements contribute to more robust and precise network configuration handling in Linux environments.
libguestfs 1.53.5: This update includes significant enhancements and fixes. The --chown parameter is now correctly split on the ‘:’ character, and a new checksum command is supported. Detection for Circle Linux and support for the LoongArch architecture have been added, including file architecture translation fixes. The update allows nbd+unix:// URIs and reimplements GPT partition functions using sfdisk. DHCP configuration improvements and a new virt-customize --inject-blnsvr operation enhance usability. Deprecated features include the removal of gluster, sheepdog, and tftp drive support. New APIs such as findfs_partuuid and findfs_partlabel improve functionality, while inspection tools now resolve PARTUUID and PARTLABEL in /etc/fstab. These updates enhance compatibility, performance, and functionality across various environments.
glib2 2.80.4: The latest update backports key patches: mapping EADDRNOTAVAIL to G_IO_ERROR_CONNECTION_REFUSED, handling files larger than 4GB in g_file_load_contents(), and correcting GIR install locations and build race conditions. Additionally, improvements in gthreadedresolver ensure returned records are properly reference-counted in lookup_records().
ruby3.3 3.3.4: This release addresses a regression where dependencies were missing in the gemspec for some bundled gems such as net-pop, net-ftp, net-imap, and prime. Other fixes include preventing Warning.warn calls for disabled warnings, correcting memory allocation sizes in String.new(:capacity) and resolving string corruption issues.
libgcrypt 1.11.0: The latest update introduces several new interfaces and performance enhancements. New features include an API for Key Encapsulation Mechanism (KEM), support for algorithms like Streamlined NTRU Prime sntrup761, Kyber, and Classic McEliece, and various Key Derivation Functions (KDFs) including HKDF and X963KDF. Performance improvements feature optimized implementations for SM3, SM4, and other cryptographic operations on ARMv8/AArch64, PowerPC, and AVX2/AVX512 architectures. Other changes include various enhancements for constant time operations and deprecates the GCRYCTL_ENABLE_M_GUARD control code.
CVE-2024-21147 was the same, but for more critical data.
ovmf 202402 had three months of CVE patches in its quarterly update.
Mozilla Firefox 128.0: This release fixes 16 CVEs. The most severe was CVE-2024-6604; this was a memory safety bug in Firefox 128, Firefox ESR 115.13, Thunderbird 128 and Thunderbird 115.13. These bugs showed evidence of memory corruption that potentially allowed arbitrary code execution.
CVE-2024-38526: doc, which provides API documentation for Python projects, had a vulnerability where pdoc –math linked to malicious JavaScript files from polyfill.io.
Conclusion
The month of July 2024 was marked by significant updates, security fixes and enhancements. The Linux Kernel 6.9.9 update introduced several key fixes and improvements across various subsystems, enhancing overall stability and performance. KDE Plasma 6.1.3 brought numerous UI improvements and better handling of Flatpak rebases. The updates to Frameworks 6.4.0 and KDE Gear 24.05.2 provided additional enhancements and bug fixes, improving user experience and system reliability. Critical security vulnerabilities were addressed in various packages, including Firefox, ghostscript, and xwayland, ensuring Tumbleweed remains secure, efficient, and feature-rich for all users. Additionally, the Aeon team announced the release of Aeon Desktop to Release Candidate 3 status that came from the release of a Tumbleweed snapshot last week.
For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.
Contributing to openSUSE Tumbleweed
Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.
The biggest change with this release is the introduction of Full Disk Encryption by default, configured automatically as part of the installation.
Depending on your hardware, Aeon will automatically configure Full Disk Encryption in one of two modes:
Default Mode with strong verification of bootloader via the Trusted Platform Module version 2.0 (TPM2 for short), initrd and kernel before automatically decrypting your system
Fallback Mode with no verification of boot components and requiring a Passphrase on boot to decrypt your system
Existing users who want the RC3s Encryption feature, people will need to re-install their system.
Pro tip: it’s recommended to use “a large” USB stick for the automatic backup/restore feature of the existing users data & configuration. Ensure it provides enough space to complete this transition.
#RC3 is expected to be the last RC that will require a reinstallation.
Users who install RC3 can expect to be automatically upgraded to any future RC versions and the official Aeon Release automatically while RC4 doesn’t appear to be nececcary at this point in testing.
Behind the Scenes
RC3 has also brought some nice technical and community improvements preparing for Aeon’s official release:
tik (Aeon’s installer) now uses systemd-repart instead of dd for deploying images. This is what enabled Full Disk Encryption. to be offered as you now see it in RC3
Aeon now has an official Brand Guide covering logos, colours, and advice toward how to use these when spreading the word about Aeon.
Aeon now has an official Subreddit for announcements like this, development blogs, and can be used by the community for discussions, technical help or anything else related to Aeon.
What’s Coming Next
RC3 may be the final Release Candidate before Aeon’s official release. There are no major structural changes planned to the core Aeon OS, just regular improvements as upstream versions develop and our community contributes to new features and packages.
The main difference between RC3 and the official release will be the writing of openQA, which is a noteworthy for CrowdStrike to consider, to test Aeon’s installation and basic functionality.
We would appreciate help in this area, which can now begin in earnest using RC3 as a reference.
There is a possibility of an RC4, which is currently being investigated.
If it occurs, RC4 will use tik’s new systemd-repart functionality to act as a ‘Self Installer’.
Users will see no practical difference between RC3, except for a significantly smaller download size as the Installer will not need a separate embedded Aeon image to deploy.
For that approach to work however, we will depend on features we haven’t tested yet from systemd v256. This was only submitted to openSUSE Factory recently, so it’s very cutting edge.
If RC4 does not occur, users can expect smaller more efficient images to come sometime after the release.
Our hope is everyone has a lot of fun with Aeon RC3, and would like to thank everyone who helped to get Aeon toward its release schedule.
An experimental “Pre-RC3” image for the Aeon Desktop has been published and testers are encouraged to try out the final prototype before it becomes the official Release Candidate 3 (RC3). The new image can be downloaded from the openSUSE development repository.
This prototype, which has been submitted to openSUSE Factory, introduces some significant changes and improvements. Notably, the dd backend in the tik installer has been replaced with a new systemd-repart backend. This change allows for the installation of Aeon with Full Disk Encryption that enhances the security features of the operating system.
Existing users of Aeon RC2 and earlier versions will need to perform a reinstall to take advantage of the new features destined for RC3. Due to the fundamental changes in partition layout necessary for the new encryption features, an in-place upgrade from RC2 is not feasible without risking data integrity, according to a post on the new Aeon Desktop subreddit. Users can utilize Aeon’s reinstall feature, which facilitates the backup and restoration of user data as long as a sufficiently large USB stick is used.
Users installing the prototype image may encounter some packages from the OBS devel project. These can be removed by running transactional-update --interactive dup and selecting solutions that replace devel:microos packages with official ones.
Testers are encouraged to provide feedback and report any issues encountered during the testing phase on the Aeon Desktop bug report page.
Next Steps
If the prototype is accepted into Factory and becomes RC3, the development of Aeon will be in its final stages before an official release. RC3 will serve as the basis for writing openQA tests for Aeon, which are crucial for ensuring the desktop’s stability and functionality.
There is a possibility of an RC4, which aims to streamline the installer process by embedding the full Aeon install within the installer image, potentially reducing the download size by 50 percent. If this approach is not feasible in the short term, it may be revisited post-release.
The openSUSE.Asia Summit 2024 is fast approaching, and we’re excited to invite participants from all over the world to join us Nov. 2 and 3 in Tokyo, Japan.
This year promises a diverse range of sessions and activities, with an inclusive Cross-Distro Track featuring collaborations with community members from AlmaLinux, Debian and Ubuntu .
Those who want to provide a talk need to submit either long talk or short talk presentations by August 4. Those speakers needing financial assistance can use the Travel Support Program (TSP), which is aided through donations to the Geeko Foundation. The TSP helps covering travel expenses. Here’s a detailed look at important deadlines for TSP applications and speaker proposals to ensure you don’t miss out on this incredible opportunity.
Travel Support Program (TSP) Schedule
The Travel Support Program is designed to help you join us at the summit. Here’s the timeline you need to follow:
TSP Application Open: As soon as possible. Don’t wait to apply for travel support.
Call for Speakers Deadline: August 4. If you’re interested in sharing your knowledge and experience, submit your proposal by this date.
TSP Application Deadline: August 20. Ensure your application for travel support is completed and submitted by this date. Visit the wiki for more information
Call for Speakers Notification: Speakers will be notified if their proposal has been accepted toward the end of August.
TSP Confirmation: Final confirmation of travel support will follow shortly after the speakers’ notifications. Around August 26.
Submitting Your Proposal
The openSUSE.Asia committee is looking for speakers who can bring diverse perspectives and insights related to openSUSE and other Linux distributions. Here are some guidelines and tips to help you submit a strong proposal:
Topics: We’re interested in a wide range of topics, including but not limited to openSUSE Projects (Leap, Tumbleweed, MicroOS), desktop environments (GNOME, KDE, XFCE), office and graphic applications (LibreOffice, GIMP), cloud and virtualization (Kubernetes, Rancher), and package supply-chain security.
Non-Technical Topics: Overviews of Open Source technologies, community management, education, and personal experience stories are also welcome.
Session Types: You can propose long talks (30 minutes plus Q&A) or short talks (15 minutes plus Q&A). Lighting talk sessions will be announced later.
How to Submit: Proposals should be submitted through events.opensuse.org. Make sure your submission is in English, is between 130 to 250 words, and adheres to the openSUSE Conference Code of Conduct. For guidance on writing a strong proposal, refer to our proposal writing guide.
Presentation Requirements: You can present in English or Japanese, but all slides and documents must be in English. Note that pre-recorded videos or video calls are not permitted; you must be present at the venue.
For more details, visit events.opensuse.org.
Full Disk Encryption is planned to be introduced in the forthcoming release candidate of the Aeon Desktop to enhance data security for its users.
The feature is expected to be included in the upcoming Release Candidate 3 (RC3).
Full Disk Encryption is designed to protect data in cases of device loss, theft or unauthorized booting into an alternative operating system.
Depending on the hardware configuration of a system, Aeon’s encryption will be set up in one of two modes: Default or Fallback.
Default Mode
The Default Mode is the preferred method of encryption provided the system has the required hardware. This mode utilizes the Trusted Platform Module(TPM) 2.0 chipset with PolicyAuthorizeNV support (TPM 2.0 version 1.38 or newer). In this mode, Aeon Desktop measures several aspects of the system’s integrity. These including:
Kernel and initrd (including kernel command line parameters)
These measurements are stored in the system’s TPM. During startup, the current state is compared with the stored measurements. If these match, the system boots normally. If discrepancies are found, users are prompted to enter a Recovery Key provided during installation. This safeguard ensures that unauthorized changes or tampering attempts are flagged.
Fallback Mode
The Fallback Mode is employed when the necessary hardware for Default Mode is not detected. This mode requires users to enter a passphrase each time the system starts. While it does not check system integrity as comprehensively as Default Mode, Secure Boot is strongly recommended to ensure some level of security, confirming that the bootloader and kernel have not been tampered with.
Contrary to initial concerns, Default Mode is not less secure than Fallback Mode despite not requiring a passphrase at startup. The strong integrity checks in Default Mode protect against attacks that could bypass normal authentication methods. For example, it can detect changes to the kernel command line that could otherwise allow unauthorized access. Furthermore, it safeguards against modifications to initrd thereby preventing potential passphrase capture in Fallback Mode.
Secure Boot, while optional in Default Mode due to the comprehensive integrity checks, is critical in Fallback Mode to maintain system security. Disabling Secure Boot in Fallback Mode increases vulnerability to tampering and attacks aimed at capturing the passphrase.
Aeon’s implementation of Full Disk Encryption provides robust security options tailored to the capabilities of users’ hardware. By offering both Default and Fallback modes, Aeon ensures that all users can benefit from enhanced data protection.
The inclusion of this feature in RC3 marks a significant step forward in safeguarding user data against potential threats.
Many thanks to all who participated in the Leap 16 branding workshop at the openSUSE Conference 2024. The enthusiasm and creativity is moving us forward to take the next steps with Leap 16 branding. Let’s develop some of these fantastic ideas further!
Below is a list of Leap 16 branding initiatives we aim to achieve:
1) Abstract Distribution Agnostic Wallpaper
We are looking for wallpaper designs that can be shared across any distribution. This could be a gradient, fractal or any other abstract design, which ideally incorporates the new logo. The goal is to create something visually appealing and universally adaptable as chameleons do.
2) Abstract Distribution Specific Wallpaper for Leap 16 and Tumbleweed
In addition to the agnostic wallpaper, we need specific designs for Leap 16 and Tumbleweed. These wallpapers should reflect the unique identity of each distribution while maintaining a cohesive visual theme. An adjustable design for other flavors like Slowroll, Kalpa, Aeon and others can be considered and proposed to those projects.
3) Day and Night Variant with Chameleon
We’re also seeking designs for a day and night variant featuring a beloved chameleon. These wallpapers should complement each other while representing the different times of the day in a creative and engaging way. Additionally, day/night variants for abstract designs could also be an option. While not necessary, if participants have good ideas, these will be consider further.
4) Photo Submissions of Our Mascot
We invite you to submit two photos related to our mascot, the chameleon, or anything that resembles to it. The photographer of the photo must also be the submitter; the creator of a photograph with a camera. This is a great opportunity to showcase your photography skills and contribute to our branding efforts. Please note that AI-generated images are not eligible for submission; we want to see your original photographic work.
Call for Photo Competition!
We are thrilled to announce a photo competition. Please submit your pictures for a chance to be featured in branding materials. You can submit your photos through our GitHub issue tracker. We will use a thumbs up/down mechanism to select the best entries.
The deadline for submissions is Nov. 1, 2024. Please ensure your entries meet the following requirements:
Must be brand-related (chameleons, chameleon-like objects, etc.)
High-resolution photographs only (4k or preferrably 5k)
Original work - submitted by the author of the photograph or with approval from the actual author
Landscape orientation only
Please add a copy of your photos, including a description (where it was taken and what is in the picture), as comments into the issue. Include a link to a high-resolution variant.
We can’t wait to see your creative contributions and make Leap 16 an even more visually stunning experience for everyone in the openSUSE community!
Welcome to the monthly update for openSUSE Tumbleweed for June 2024. This month was busy with events like the Community Summit in Berlin and the openSUSE Conference, but a number of snapshots continued to roll out to users. Developers, system administrators and users receive updates designed to enhance your experience and ensure high levels of security and performance.
Should readers desire a more frequent amount of information about snapshot updates, readers are encouraged to subscribe to the openSUSE Factory mailing list.
Let’s go!
New Features and Enhancements
Linux Kernel 6.9.7: This kernel introduces several important fixes and enhancements across various subsystems. Key updates include addressing undefined references in netfilter when CONFIG_SYSCTL is disabled, correcting TCP Fast Open handling, and resolving a conflicting quirk in Advanced Linux Sound Architecture for Realtek devices. Improvements in file system writeback operations, multi-threaded path handling and memory management for Hisilicon crypto drivers enhance stability. Networking updates include fixes for race conditions in netpoll, enhancements for specific SFP modules, and improvements in WiFi drivers such as RTW89, Ath9k, Ath12k, and MT76. Additional platform-specific updates address issues in ACPI, ARM64 configurations, HID device handling, and Bluetooth driver fixes.
PipeWire 1.2.0 and WirePlumber 0.5.4: PipeWire 1.2.0 introduces asynchronous processing, node.sync-group for synchronized scheduling, and improved config parsing error reporting. It also adds mandatory metadata support for buffer parameters, multiple data-loops with CPU affinity, and dynamic log level adjustments. Key fixes include RTP-SAP module enhancements, ROC 0.3 support, and improved Bluetooth BAP broadcast code parsing. WirePlumber 0.5.4 refines the role-based linking policy, allowing role-based sinks alongside standard audio operations and enabling regular filters to act as best targets. It addresses startup crashes due to empty config files, improves Bluetooth profile auto-switching, and fixes issues with DSP filters and infinite loop scenarios in autoswitching scripts. Together, these updates enhance the flexibility, reliability, and overall performance of audio management in Linux environments. Both also received updates in snapshot 20240627
Mesa and Mesa-drivers 24.1.2: Both packages underwent a specfile cleanup, involving the relocation of Rust crate sources into subprojects folders and updates to baselibs.conf. Due to the maintenance burden associated with Rust crates as system dependencies, these crates are now downloaded as vendored dependencies, as detailed in the README-suse-maintenance.md. The update adds support for building libvulkan_nouveau, including necessary Rust crates such as paste-1.0.14, proc-macro2-1.0.70, quote-1.0.33, syn-2.0.39, and unicode-ident-1.0.12. However, building libvulkan_nouveau on Leap is not possible due to the requirement for rust-cbindgen >= 0.25. For more details, refer to the release notes at https://docs.mesa3d.org/relnotes/24.1.2.
KDE Plasma 6.1.1: Discover improves UI elements and Packagekit support, while Dr Konqi corrects the Sentry dbus interface usage. Plasma Addons addresses reference issues in Effects/cube, and krdp ensures version compatibility and resolves session controller bugs. Kscreenlocker improves greeter functionality, and KWin introduces multiple fixes for shaders, tiling, and input panels. Libkscreen and libplasma update protocol versions and fix plugin loading issues. Plasma Desktop enhances task icon sizing, panel opacity and file dragging across screens. Plasma Audio Volume Control removes unnecessary symlinks, and Plasma Systemmonitor correctly positions loading overlays. Powerdevil improves battery protection UI and limits backlighthelper calls.
Python-setuptools 70.0: Key features in this new major version include emitting warnings for ignored [tools.setuptools] entries in pyproject.toml, improved error messaging for pkg_resources.EntryPoint.require and handling None location distributions more gracefully. The update also refreshes unpinned vendored dependencies, supports PEP 625 by standardizing package name and version in filenames and ensures encoding consistency for .pth files. Obsolete Python < 3.8 code has been removed, and pkg_resources now uses stdlibimportlib.machinery. Bug fixes address race conditions in the install command, improve handling of nested namespaces with package_dir and correct various pkg_resources method behaviors. The patch for reproducibility has also been refreshed.
Xen 4.18.2_06: This version resolves intermittent system hangs when Power Control Mode is set to Minimum Power. Patches also improve CPU mask handling and interrupt movement in various scenarios. Upstream bug fixes include improvements in scheduler resource data management and include fixes for building with GNU Compiler Collection 14.
Key Package Updates
NetworkManager 1.48.2: This package updates support for matching OVS system interfaces by MAC address and fixes port reactivation and VPN secrets handling for 2-factor authentication. It saves connection timestamps during shutdown for proper autoactivation after restart. Key changes in 1.48.0 deprecate autotools building, add support for changing OpenSSL ciphers for 802.1X authentication, and set unmanaged device reasons in the StateReason property visible in nmcli. Additionally, it replaces the mac-address-blacklist property with mac-address-denylist, improves WiFi 6 GHz band detection and optimizes performance to avoid high CPU usage during route updates. Previous version 1.46 adds brought dynamic SSID-based stable IDs, randomized MAC addresses and several enhancements for handling IPv6, D-Bus and cloud setup.
ibus-table 1.17.6: This update drops Python2 support, transitioning all scripts to Python3 using pyupgrade. It now allows the use of keys with Unicode keysyms in keybindings, enhancing customization and flexibility. Additionally, the frames_per_buffer=chunk_size option is now utilized in self._paudio.open() for improved audio handling. The update also includes translation enhancements from Weblate, with Czech translations reaching 36.6 percent, Japanese at 45.3 percent, and Chinese (Simplified) at 92.0 percent.
btrfsprogs 6.9: The mkfs utility now halts if the mount status cannot be determined when using the --force option and corrects the minimum size calculation for zoned devices. The check command removes the --clear-ino-cache option, shifting its functionality to the rescue command group, and adds detection and repair for incorrect file extent item ram_bytes values. The qgroup commands now sync the filesystem before searching for stale entries, handle uncleaned subvolumes and squota enabled scenarios, and display the cleaning status of subvolumes. The receive command fixes stream parsing for strict alignment hosts, and tune change-csum and dump-tree commands include updates for handling dev-replace status items. The convert command improves extent iteration for preallocated/unwritten extents. The build process now ensures compatibility with e2fsprogs 1.47.1 and improves header file dependency tracking. Documentation was also updated.
GNU’s Emacs 29.4: An emergency bugfix took place in this release. In this update, arbitrary shell commands are no longer executed when enabling Org mode, significantly enhancing security by preventing the execution of potentially malicious commands.
Bug Fixes
Python-dnspython 2.6.1:
CVE-2023-29483 - Eventlet before 0.35.2 in dnspython allows remote “TuDoor” DNS attack interference.
CVE-2012-1823 involved a vulnerability where attackers could inject arguments into PHP-CGI, leading to potential security issues. The new vulnerability, CVE-2024-4577, was discovered to bypass this original fix, allowing the same or similar types of argument injection attacks. The update ensures that this bypass is no longer possible, reinforcing the security measures originally put in place for CVE-2012-1823.
CVE-2024-0090 was a vulnerability where a user can cause an out-of-bounds write.
CVE-2024-0091 was a vulnerability where a user can cause an untrusted pointer dereference. A successful exploit of this vulnerability might lead to denial of service.
CVE-2024-0092 was an improper check or improper handling of exception conditions might lead to denial of service.
XZ 5.6.2:
CVE-2024-3094 Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library. More details in snapshot 20240605
cJSON v1.7.17:
CVE-2024-31755 - A segmentation violation, which can trigger through the second parameter.
Conclusion
The month of June 2024 saw a range of significant updates, security fixes and enhancements. The Linux Kernel 6.9.7 update improved stability and performance. Mesa and Mesa-drivers 24.1.2 introduced Rust crate dependencies and improved Vulkan support. KDE Plasma 6.1.1 brought UI improvements and a major version of Python-setuptools 70.0 arrived for rolling release users. A few critical security vulnerabilities were taken care of and fixes related to the XZ backdoor continued, so that Tumbleweed remains secure, efficient and feature-rich for all users.
For those Tumbleweed users who want to contribute or want to engage with detailed technological discussions, subscribe to the openSUSE Factory mailing list . The openSUSE team encourages users to continue participating through bug reports, feature suggestions and discussions.
Contributing to openSUSE Tumbleweed
Your contributions and feedback make openSUSE Tumbleweed better with every update. Whether reporting bugs, suggesting features, or participating in community discussions, your involvement is highly valued.
Slowroll, which has a more modest update cadence than Tumbleweed, is gaining acceptance as a balance between the rapid updates of Tumbleweed’s rolling releases and the traditional Leap release.
Slowroll is nearly ready for full deployment and the development team has been working diligently to prepare the next version bump, with planned updates scheduled for July 9, August 9 and Sept. 9. These updates are expected to maintain a consistent monthly cadence to ensure users have timely and stable updates.
One of the critical updates pulled in will include the latest OpenSSH CVE fixes, which have already been made available in Tumbleweed. This fix enhances the security of Slowroll & ensure that it remains a robust and reliable distribution for users.
Highlighted Features of Slowroll
Balanced Update Cadence: Slowroll offers a monthly rolling update cycle that provides users with the latest features and security updates while ensuring stability through extensive testing and validation.
Beta Phase: Slowroll is now in the Beta phase, indicating its near readiness for full deployment. Users can expect a reliable experience with continuous improvements.
Continuous Improvement: The distribution integrates big updates approximately every month, alongside continuous bug fixes and security patches, ensuring a secure and up-to-date system.
Tumbleweed had 2813 updated packages since the last version bump
Slowroll received 1316 updates from 871 different packages and only 339 updated rpms are Slowroll-specific builds
Origins and Purpose
Slowroll, introduced in 2023, was designed as an experimental distribution. Its primary goal is to offer a slower rolling release compared to Tumbleweed, thus enhancing stability without compromising on access to new features. The distribution continuously evolves with big updates integrated approximately every month, supported by regular bug fixes and security updates.
It’s crucial to understand that Slowroll is not intended to replace Leap. Instead, it provides an alternative for users who desire more up-to-date software at a slower pace than Tumbleweed but faster than Leap.
If you try Slowroll, have a lot of fun - rolling… slowly!
The openSUSE.Asia Summit is an annual openSUSE conference in Asia and a great opportunity for contributors and enthusiasts from Asia to come together and meet face-to-face. The event focuses primarily on the openSUSE distribution, its applications for personal and enterprise use, and open source culture.
In its quest to spread openSUSE throughout Asia, openSUSE.Asia Summit Organization Committee seeks out local communities to rise to the challenge of organizing an excellent openSUSE event in 2025. The committee stands ready to assist you throughout the process.
Here is the date you need to take notes:
Oct. 1: Deadline for application
Nov. 3: Presentation at openSUSE.Asia Summit 2024
Dec. 23: Announcement of the following host
We will invite you to our regular online meetings so that you can experience and learn how to organize the event. Furthermore, we will ask you to present your proposals at the next summit in Tokyo, Japan.
The submitted proposals are to be reviewed by the organization committee. During the review, the committee might have additional questions and requests.
A new major version of Leap Micro is now available! Leap Micro 6.0 images can be found at get.opensuse.org.
Leap Micro 6.0 uses a brand-new codebase, comes with plenty of new appliances and, for the first time, enters images for public cloud.
About Leap Micro
Leap Micro 6.0 is a rebranded SUSE Linux Enterprise Micro 6.0 which is an ultra-reliable container and Virtual Machine host by SUSE. Leap Micro is released twice a year and has support over two releases.
Leap Micro 5.4 is now EOL
With the release of Leap Micro 6.0, Leap Micro 5.4 reaches End Of Life; users will no longer receive maintenance updates and are advised to upgrade.
More conservative users can stay on Leap Micro 5.5, which will receive updates until the release of Leap Micro 6.1.
Understanding Image variants
All of Leap and SLE Micro generally come in two variants either Base or Default.
Both Base and Default have a container stack, but only the Default variant has the Virtual Machine stack.
If you do not plan to use VMs and you care for space, then the Base might be a variant just for you.
All of our images offered at get-o-o are the Default ones (VMs+containers) as we expect they’re suitable for most users.
A general recommendation for everyone use is the self-install image. It’s a bootable image with a quick wizard that writes the preconfigured image to your drive and grows the root partition. This process from boot takes about 5 minutes.
The preconfigured image is a raw bootable image you can manually write/dd to the disk or SD card. Images can be configured via Ignition/Combustion or will default to the jeos-firsboot wizard.
We have a Real-time image with kernel-rt, qcow image for KVM, VMWare image, and a brand new raw image with Full Disk Encryption.
Users who want to try our FDE image within a VM will need to make sure that they’re using emulated tpm-2 chip and UEFI. This can be achieved easily with virt-manager.
SLE Micro 6.0 dropped the traditional installer in favor of self-install media, therefore Leap Micro 6.0 doesn’t have it either.
The new Packages image is not a bootable media. This is just an image with an offline repository in case you need it.
Leap 15.6 install media were refreshed to address an issue with old secure boot signing key for ppc64le and s390x.
Refreshed images from Leap 15.6 Build 710.3 are already available for download at get.opensuse.org. So now you can enjoy installation with secure boot on more exotic architectures.
Here is a little gift for the weekend. openSUSE Leap Micro 6.0 RC is now available!
Images can be found at get.opensuse.org.
The main difference from Beta is a working upgrade path from 5.5 and slightly smoother upgrade support to commercial products. So let’s test it out.
Upgrade instructions
I’d personally recommend a clean install, especially in between major versions on a system that can be redeployed with self-install within 2 minutes. At the same time, the online upgrade takes longer.
Another aspect to consider is that we don’t have a developed migration test suite for online migration, unlike for Leap 15.X.
The easiest way to test the upgrade would be in a VM. Get Leap micro 5.5 images from get.opensuse.org and ensure you have all updates applied via transactional-update.
I’d recommend upgrading to 6.0 via SSH or console instead of cockpit, as the service might stop responding.
Upgrade instructions and known issues are captured in the SDB:System_upgrade_to_LeapMicro_6.0 wiki page.
Make sure to check known issues before proceeding.
openSUSE Leap Micro 6.0 Beta is now available! We expect that it will very quickly transition to RC and GA as the infra readiness advances. Leap Micro 6.0 Beta images can be found at get.opensuse.org or directly at download.opensuse.org.
About Leap Micro
Leap Micro 6.0 is a rebranded SUSE Linux Enterprise Micro 6.0 which is an ultrareliable container and VM host by SUSE. This is the first publicly released product based on the fresh code base “SUSE Linux Framework One” (previously known as ALP).
Leap Micro 6.X is available for x86_64 and aarch64, released every 6 months, and supported until the next-next release is out. That means that Leap Micro 6.0 will become EOL once Leap Micro 6.2 gets released.
All pieces related to Rancher and Elemental are purposely excluded from Leap Micro 6.X as SLE Micro for Rancher is free for use without any subscription within Rancher deployments.
No more traditional installer
Leap Micro 6.X is deployed via self-install image which writes a preconfigured image to the disk and enlarges root partition. Users can use combustion, ignition or default to the jeos-firstboot wizard to do the initial setup of the system.
Do not get mistaken by the availability of openSUSE-Leap-Micro-6.0-*.iso is not installable. We refer to the image as a Packages image, which is basically an offline repository on a DVD.
New FDE, VMWare, and Cloud images
Aside from the self-install image Micro 6.0 comes with qcow, Full Disk Encryption, and RealTime images. All images can be found at download.opensuse.org
For the first time Leap Micro 6.X has also cloud-init therefore shortly after the release we will also have cloud images available on GCP, Azure, and AWS.
Changes to the product building
Leap Micro 6.X is using the new product composer instead of the old product builder. This allowed us to consume update-info from the newly designed maintenance workflow of SLE Micro 6.0 and was preferred by the openSUSE maintenance team.
Changes to the repositories and maintenance workflow
Leap Micro 5.X users receive all updates released for relevant SLE Micro version via a repository named repo-sle-update. This particular repository no longer exists in Leap Micro 6.X.
Instead, the repo-main repository will contain all released updates for the relevant version of SUSE Linux Micro to date.
Please note that the repository path slightly changed too, we’ll ensure that migration via transactional-update shell followed by zypper dup –releaser 6.0 works via compatibility symlinks on download server.
New way of managing repository definitions
openSUSE-repos is not new to our users, however, for the first time, openSUSE Leap Micro 6.0 deployments come with openSUSE-repos preinstalled. openSUSE repos uses a local RIS service that easily lets us maintain repository definitions with a package update.
Users migrating from 5.5/5.4 releases are advised to install zypper in openSUSE-repos to ensure they have up-to-date repository paths.
Missing maintenance setup was a long-term blocker for the transition out from Alpha, otherwise, the distribution itself is stable and feature-full. Now that we have it, we need to polish some remaining infrastructure issues and users can expect a release within the next few days. Ideally before oSC2024 next week.
NUREMBERG, Germany – The release of Leap 15.6 is official and paves the way for professionals and organizations to transition to SUSE’s enterprise distribution with extended support or prepare for the next major release, which will be Leap 16.
Demands for robust, secure and stable operating systems in the digital infrastructure sector are more critical than ever. The combination of the community-driven Leap 15.6 and SUSE Linux Enterprise 15 Service Pack 6, which integrates new features and enhancements, offers an optimal solution for managing critical infrastructure. Notably, SUSE’s general support and extended support versions; these Product Support Lifecycles last well beyond Leap 15’s lifespan, ensuring longer and reliable service for users.
SLE 15 SP 6 is a feature release, so users can expect several more features in the Leap 15.6 release.
This alignment ensures businesses and professionals using Leap for operational needs can enjoy a clear, supported transition to an enterprise environment, which is crucial in a move for systems that require long-term stability and enhanced security. As organizations strategize their upgrade paths, adopting an enterprise-grade solution like SUSE becomes a strategic decision, especially for those managing extensive networks and critical data across various sectors.
Since being released on May 25, 2018, Leap has added several additions like container technologies, immutable systems, virtualization, embedded development, along with other high-tech advances. A rise in usage from each minor release shows that entrepreneurs, hobbyists, professionals and developers are consistently choosing Leap as a preferred Linux distribution.
Leap 15.6 is projected to receive maintenance and security updates until the end of 2025 to ensure sufficient overlap with the next release. This will provide users with plenty of time to upgrade to the release’s successor, which is Leap 16, or switch to SUSE’s extended service support version. Users interested in commercial support can use a migration tool to move to SUSE’s commercial support version.
The inclusion of the Cockpit[1] package in openSUSE Leap 15.6 represents a significant enhancement in system and container management capabilities for users. This integration into Leap 15.6 improves usability and access as well as providing a link between advanced system administration and user-friendly operations from the web browser. The addition underscores openSUSE’s commitment to providing powerful tools that cater to both professionals and hobbyists. Leap does not come with a SELinux policy, so SELinux capablities for Cockpit are not functioning.
Container technologies receive a boost with Podman 4.8, which includes tailored support for Nextcloud through quadlets, alongside the latest releases of Distrobox, Docker, python-podman, Skopeo, containerd, libcontainers-common, ensuring a robust container management system. Virtualization technologies are also enhanced, featuring updates to Xen 4.18, KVM 8.2.2, libvirt 10.0, and virt-manager 4.1.
The Leap 15.6 release incorporates several key software upgrades enhancing performance and security. It integrates Linux Kernel 6.4, which provides backports for some of latest hardware drivers, which offer performance enhancements. OpenSSL 3.1 becomes the new default and provides robust security features and updated cryptographic algorithms. Database management systems receive significant updates with MariaDB 10.11.6 and PostgreSQL 16. Redis 7.2 offers advanced data handling capabilities and the software stack is rounded out with PHP 8.2 and Node.js 20; both received updates for better performance and security in web development. Leap will also have OpenJDK 21 providing improvements for enhanced performance and security in Java-based applications.
Updates in telecommunications software are seen with DPDK 22.11 and Open vSwitch versions 3.1 and OVN 23.03.
The KDE environment advances with the introduction of KDE Plasma 5.27.11, which is the latest Long Term Support version, Qt 5.15.12+kde151, and KDE Frameworks 5.115.0, as well as Qt6 version 6.6.3, facilitating smooth application operations with updated Python bindings for PyQt5 and PyQt6 aligning with Python 3.11.
Many unmaintatined Python packages were removed as part of a transition to Python 3.11; more details can be found in the release notes.
GNOME 45 brings enhancements to the desktop environment, adding features that elevate the user experience. Audio technologies see major upgrades with the release of PulseAudio 17.0 and PipeWire 1.0.4, which improve hardware compatibility and Bluetooth functionality, including device battery level indicators.
These updates collectively enhance the system’s stability and user experience and make Leap 15.6 a compelling choice for professionals, companies and organizations.
Leap 15.5 will have its End of Life (EOL) six months from today’s release. Users should update to Leap 15.6 within six months of today to continue to receive security and maintenance updates.
The openSUSE Project is a worldwide community that promotes the use of Linux everywhere. It creates two of the world’s best Linux distributions, the Tumbleweed rolling-release, and Leap, the hybrid enterprise-community distribution. openSUSE is continuously working together in an open, transparent and friendly manner as part of the worldwide Free and Open Source Software community. The project is controlled by its community and relies on the contributions of individuals, working as testers, writers, translators, usability experts, artists and ambassadors or developers. The project embraces a wide variety of technology, people with different levels of expertise, speaking different languages and having different cultural backgrounds. Learn more about it on opensuse.org
Login
