release-notes.xml

<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet href="urn:x-suse:xslt:profiling:docbook50-profile.xsl"
                 type="text/xml"
                 title="Profiling step"?>
<!DOCTYPE article
[
 <!ENTITY % myents SYSTEM "release-notes.ent" >
 %myents;
]>
<article xml:lang="en" xml:id="rnotes"
  xmlns="http://docbook.org/ns/docbook"
  xmlns:xi="http://www.w3.org/2001/XInclude"
  xmlns:xlink="http://www.w3.org/1999/xlink">
 <title>&rnotes;</title>
 <info>
  <releaseinfo>&rversion;</releaseinfo>
  <productname>&thisflavor;</productname>
  <productnumber>&version;</productnumber>
  <date><?dbtimestamp format="Y-m-d"?></date>
  <abstract>
   <para>
    &thisflavor; is a free and Linux-based operating system for your PC, Laptop
    or Server. You can surf the Web, manage your e-mails and photos, do office
    work, play videos or music and have a lot of fun!
   </para>
  </abstract>
  <dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager">
   <dm:bugtracker>
    <dm:url>https://bugzilla.opensuse.org/enter_bug.cgi</dm:url>
    <dm:product>openSUSE Distribution</dm:product>
    <dm:component>Release Notes</dm:component>
    <dm:assignee>lukas.kucharczyk@suse.com</dm:assignee>
   </dm:bugtracker>
  </dm:docmanager>
 </info>

 <para condition="beta">
  This is the initial version of the release notes for the forthcoming
  &thisversion;.
 </para>
 <para condition="pre;maintained">
  The release notes are under constant development.
  To find out about the latest updates, see the online version at
  <link xlink:href="https://doc.opensuse.org/release-notes"/>.
  The English release notes are updated whenever need arises. Translated
  language versions can temporarily be incomplete.
 </para>
 <para condition="unmaintained">
  The end of the maintenance period for &thisversion; is now reached. To keep
  your systems up-to-date and secure, upgrade to a current &opensuse; version.
  Before starting the upgrade, make sure that all maintenance updates for
  &thisversion; are applied.
 </para>
 <para condition="unmaintained">
  For more information about upgrading to a current &opensuse; version, see
  <link xlink:href="https://en.opensuse.org/SDB:System_upgrade"/>.
 </para>
 <!-- Previous Release Notes -->
 <para>
  If you upgrade from an older version to this &thisflavor; release, see
  previous release notes listed here:
  <link xlink:href="https://en.opensuse.org/openSUSE:Release_Notes"/>.
 </para>
 <para>
  <phrase condition="beta">This public beta test is part of the &opensuse;
  project.</phrase> Information about the project is available at
  <link xlink:href="https://www.opensuse.org"/>.
 </para>
 <para condition="beta;pre">
  Report all bugs you encounter using this prerelease of &thisflavor; &version;
  in the &opensuse; Bugzilla. For more information, see
  <link xlink:href="https://en.opensuse.org/Submitting_Bug_Reports"/>. If you
  would like to see anything added to the release notes, file a bug
  report against the component <quote>Release Notes</quote>.
 </para>
 <para condition="maintained">
  To report bugs against this release, use the &opensuse; Bugzilla. For more
  information, see
  <link xlink:href="https://en.opensuse.org/Submitting_Bug_Reports"/>.
 </para>
 <para condition="pre;maintained">
  Major new features of &thisversion; are also listed at
  <link xlink:href="https://en.opensuse.org/Features_&version;"/>.
 </para>

 <sect1 xml:id="installation">
  <title>Installation</title>

  <para>
   This section contains installation-related notes. For detailed installation
   instructions, see the documentation at
   <link xlink:href="https://doc.opensuse.org/documentation/leap/startup/html/book.opensuse.startup/part-basics.html"/>.
  </para>
  <!-- <para>
   Make sure to also review <xref linkend="sec.driver"/>.
  </para> -->

  <sect2 xml:id="installation-transactional-server-role">
   <title>Using Atomic Updates With the System Role <emphasis>Transactional Server</emphasis></title>
   <!-- boo#1092953, boo#1093098 -->
   <para>
    The installer supports the system role <emphasis>Transactional
    Server</emphasis>. This system role features an update system that
    applies updates atomically (as a single operation) and makes them easy to
    revert should that become necessary.
    These features are based on the package management tools that all
    other &suse; and &osuse; distributions also rely on. This means that the
    vast majority of RPM
    packages that work with other system roles of &thisversion; also work
    with the system role <emphasis>Transactional Server</emphasis>.
   </para>
   <note>
    <title>Incompatible Packages</title>
    <para>
     Some packages modify the contents of <filename>/var</filename> or
     <filename>/srv</filename> in their RPM <literal>%post</literal> scripts.
     These packages are incompatible. If you find such a package, file a
     bug report.
    </para>
   </note>
   <para>
    To provide these features, this update system relies on:
   </para>
   <itemizedlist>
    <listitem>
     <formalpara>
      <title>Btrfs snapshots</title>
      <para>
       Before a system update is started, a new Btrfs snapshot of the root
       file system is created. Then, all the changes from the update are
       installed into that Btrfs snapshot. To complete the update, you can
       then restart the system into the new snapshot.
      </para>
     </formalpara>
     <para>
      To revert the update, simply boot from the previous snapshot instead.
     </para>
    </listitem>
    <listitem>
     <formalpara>
      <title>A read-only root file system</title>
      <para>
       To avoid issues with and data loss because of updates, the root file
       system must not be written to otherwise. Therefore, the root file
       system is mounted read-only during normal operation.
      </para>
     </formalpara>
     <para>
      To make this setup work, two additional changes to the file system
      needed to be made: To allow writing user configuration in
      <filename>/etc</filename>, this directory is automatically configured
      to use OverlayFS. <filename>/var</filename> is now a separate subvolume
      which can be written to by processes.
     </para>
    </listitem>
   </itemizedlist>
   <important>
    <title><emphasis>Transactional Server</emphasis> Needs At Least 12 GB of Disk Space</title>
    <para>
     The system role <emphasis>Transactional Server</emphasis> needs a disk
     size of at least 12 GB to accommodate Btrfs snapshots.
    </para>
   </important>
   <important>
    <!-- bsc#1134997 -->
    <title>
     &yast; Does Not Work Transactional Mode
    </title>
    <para>
     Currently, &yast; does not work with transactional updates.
     This is because &yast; performs things immediately and because it cannot edit a read-only filesystem.
    </para>
   </important>
   <para>
    To work with transactional updates, always use the command
    <command>transactional-update</command> instead of &yast; and Zypper for
    all software management:
   </para>
   <itemizedlist>
    <listitem>
     <para>
      Update the system:
      <command>transactional-update up</command>
     </para>
    </listitem>
    <listitem>
     <para>
      Install a package:
      <command>transactional-update pkg in <replaceable>PACKAGE_NAME</replaceable></command>
     </para>
    </listitem>
    <listitem>
     <para>
      Remove a package:
      <command>transactional-update pkg rm <replaceable>PACKAGE_NAME</replaceable></command>
     </para>
    </listitem>
    <listitem>
     <para>
      To revert the last snapshot, that is the last set of changes to the
      root file system, make sure your system is booted into the next to last
      snapshot and run:
      <command>transactional-update rollback</command>
     </para>
     <para>
      Optionally, add a snapshot ID to the end of the command to rollback to
      a specific ID.
     </para>
    </listitem>
   </itemizedlist>
   <para>
    When using this system role, by default, the system will perform a daily
    update and reboot between 03:30 am and 05:00 am. Both of these actions
    are systemd-based and if necessary can be disabled using
    <command>systemctl</command>:
   </para>
   <screen>systemctl disable --now transactional-update.timer rebootmgr.service</screen>
   <para>
    For more information about transactional updates, see the &kubic; blog posts
    <link xlink:href="https://kubic.opensuse.org/blog/2018-04-04-transactionalupdates/"/>
    and
    <link xlink:href="https://kubic.opensuse.org/blog/2018-04-20-transactionalupdates2/"/>.
   </para>
  </sect2>

  <sect2 xml:id="installation-small-disk">
   <title>Installing on Hard Disks With Less Than 12 GB of Capacity</title>
   <!-- boo#1093098 -->
   <para>
    The installer will only propose a partitioning scheme if the available
    hard disk size is larger than 12 GB. If you want to set up, for example,
    very small virtual machines images, use the guided partitioner to tune
    partitioning parameters manually.
   </para>
  </sect2>

  <sect2 xml:id="installation-uefi">
   <title>UEFI&mdash;Unified Extensible Firmware Interface</title>
   <para>
    Prior to installing &opensuse; on a system that boots using UEFI (Unified
    Extensible Firmware Interface), you are urgently advised to check for any
    firmware updates the hardware vendor recommends and, if available, to
    install such an update. A pre-installation of Windows 8 or later is a
    strong indication that your system boots using UEFI.
   </para>
   <para>
    <emphasis>Background:</emphasis> Some UEFI firmware has bugs that cause it
    to break if too much data gets written to the UEFI storage area. However,
    there is no clear data of how much is <quote>too much</quote>.
   </para>
   <para>
    &opensuse; minimizes the risk by not writing more than the bare minimum
    required to boot the OS. The minimum means telling the UEFI firmware about
    the location of the &opensuse; boot loader. Upstream Linux kernel features
    that use the UEFI storage area for storing boot and crash information
    (<literal>pstore</literal>) have been disabled by default. Nevertheless, it
    is recommended to install any firmware updates the hardware vendor
    recommends.
   </para>
  </sect2>

  <sect2 xml:id="installation-uefi-part">
  <!-- bnc#850056 -->
   <title>UEFI, GPT, and MS-DOS Partitions</title>
   <para>
    Together with the EFI/UEFI specification, a new style of partitioning
    arrived: GPT (GUID Partition Table). This new schema uses globally unique
    identifiers (128-bit values displayed in 32 hexadecimal digits) to identify
    devices and partition types.
   </para>
   <para>
    Additionally, the UEFI specification also allows legacy MBR (MS-DOS)
    partitions. The Linux boot loaders (ELILO or GRUB 2) try to automatically
    generate a GUID for those legacy partitions, and write them to the
    firmware. Such a GUID can change frequently, causing a rewrite in the
    firmware. A rewrite consists of two different operations: Removing the old
    entry and creating a new entry that replaces the first one.
   </para>
   <para>
    Modern firmware has a garbage collector that collects deleted entries and
    frees the memory reserved for old entries. A problem arises when faulty
    firmware does not collect and free those entries. This can result in a
    non-bootable system.
   </para>
   <para>
    To work around this problem, convert the legacy MBR partition to GPT.
   </para>
  </sect2>
 </sect1>

 <sect1 xml:id="upgrade">
  <title>System Upgrade</title>

  <para>
   This section lists notes related to upgrading the system. For supported
   scenarios and detailed upgrade instructions, see the documentation at:
  </para>
  <itemizedlist>
   <listitem>
    <para>
     <link xlink:href="https://en.opensuse.org/SDB:System_upgrade"/>
    </para>
   </listitem>
   <listitem>
    <para>
     <link xlink:href="https://doc.opensuse.org/documentation/leap/startup/html/book-startup/cha-update-osuse.html"/>
    </para>
   </listitem>
  </itemizedlist>

  <!-- <para>
   Make sure to also review <xref linkend="sec.driver"/>.
  </para> -->
  <para>
   Additionally, check <xref linkend="packages"/>.
  </para>

  <!-- <sect2 xml:id="sec.upgrade.150">
   <title>Upgrading from &opensuseleap; 15.0</title>
   <para/>

  </sect2> -->

  <sect2 xml:id="repository-path-updates">
   <title>Repository Path Updates</title>
   <orderedlist>
     <listitem>
       <para>
         <emphasis role="strong">Repository Location Changes:</emphasis>
         Starting with Leap 15.5, the ppc64le and aarch64 versions are no longer
         stored under <literal>ports</literal> (see below). The amv7hl
         architecture remains unchanged.
       </para>
     </listitem>
     <listitem>
       <para>
         <emphasis role="strong">For Upgrading Users:</emphasis>
         If you're moving from Leap 15.3 or earlier, switch to the new repository locations. Old paths are obsolete. New path details are available
         <link xlink:href="https://en.opensuse.org/SDB:System_upgrade#Note_about_ports_(non_intel_architectures)">here</link>.
       </para>
     </listitem>
     <listitem>
       <para>
         <emphasis role="strong">Easy Upgrade Tip:</emphasis>
         Download and install the <literal>openSUSE-repos-Leap</literal> package
         for automatic path updates. Get it
         <link xlink:href="https://software.opensuse.org/package/openSUSE-repos-Leap">here</link>.
       </para>
     </listitem>
   </orderedlist>
 </sect2>


 </sect1>

 <sect1 xml:id="packages">
  <title>Packaging Changes</title>

  <sect2 xml:id="packages-deprecated">
   <title>Deprecated Packages</title>
   <para>
    Deprecated packages are still shipped as part of the distribution but are
    scheduled to be removed the next version of &thisflavor;. These packages
    exist to aid migration, but their use is discouraged and they may not
    receive updates.
   </para>

   <!-- <itemizedlist>
    <listitem>
     <para>
     </para>
    </listitem>
    <listitem>
     <para>
     </para>
    </listitem>
   </itemizedlist> -->

   <para>
    To check whether installed packages are no longer maintained, make sure that
    the <package>lifecycle-data-openSUSE</package> package is installed, then
    use the command:
   </para>
   <screen>zypper lifecycle</screen>
  </sect2>

  <sect2 xml:id="packages-removed">
   <title>Removed Packages</title>
   <para>
    Removed packages are not shipped as part of the distribution anymore.
   </para>

   <itemizedlist>
    <listitem>
     <para>
     <package>python2</package>: Python 2 reached EOL and will no longer be part of distribution.
      For more information, see <link xlink:href="https://code.opensuse.org/leap/features/issue/15"/>.
     </para>
    </listitem>
    <listitem>
     <para>
      <package>cloud-init-vmware-guestinfo</package>: Package does not work with
      <literal>cloud-init</literal>
      version 21.2 and later versions. In
      <literal>cloud-init</literal>
      21.4 there is a new data source that replaces it.
     </para>
    </listitem>
    <listitem>
     <para>
     <package>digikam</package>: Digikam is no longer available on ppc64le as libqt5-qtwebkit was dropped. Package will be provided only for x86_64, aarch64, and armv7 architectures.
     </para>
     </listitem>
     <listitem>
      <para>
     <package>chessx</package>: Removed because of a startup issue and problems with upstream.
      For more information, see <link xlink:href="https://bugzilla.opensuse.org/show_bug.cgi?id=1192907"/>.
     </para>
    </listitem>
    <listitem>
     <para>
     <package>gap</package>: Removed because the package is not FHS-compliant.
      For more information, see <link xlink:href="https://code.opensuse.org/leap/features/issue/24"/>.
     </para>
    </listitem>
    <listitem>
     <para>
     <package>tensorflow</package>: Removed because the package Tensorflow 1.x is deprecated, package tensorflow2 should be used instead.
     </para>
    </listitem>
   </itemizedlist>

  </sect2>

 </sect1>

 <sect1 xml:id="drivers-hardware">
  <title>Drivers and Hardware</title>
  <para/>

  <sect2 xml:id="drivers-hardware-signatures">
   <!-- bsc#173158 -->
   <title>Secure Boot: Third-Party Drivers Need to Be Properly Signed</title>
   <para>
    Starting with &thisflavor; 15.2, kernel
    module signature check for third-party drivers
    (<literal>CONFIG_MODULE_SIG=y</literal>) is now enabled. This is an important
    security measure to avoid untrusted code running in the kernel.
   </para>
   <para>
    This may prevent third-party
    kernel modules from being loaded if UEFI Secure Boot is enabled.
    Kernel Module Packages (KMPs) from the official &osuse; repositories
    are not affected, because the modules they contain are signed with
    the openSUSE key. The signature check has the following behavior:
   </para>
   <itemizedlist>
    <listitem>
     <para>
      Kernel modules that are unsigned or signed with a key that is either
      known as untrusted or cannot be verified against the system's trusted
      key data base will be blocked.
     </para>
    </listitem>
   </itemizedlist>
   <para>
     It is possible to generate a custom certificate, enroll it
     into the system's Machine Owner Key (MOK) data base,
     and sign locally compiled kernel modules with this certificate's key.
     Modules signed in this manner will neither be blocked nor cause warnings.
     See <link xlink:href="https://en.opensuse.org/openSUSE:UEFI"/>.
   </para>
   <para>
    Since this also affects NVIDIA graphics drivers, we addressed this in our
    official packages for openSUSE. However, you need to manually enroll a new
    MOK key after installation to make the new packages work.
    For instructions how to install the drivers and enroll the MOK key, see
    <link xlink:href="https://en.opensuse.org/SDB:NVIDIA_drivers#Secureboot"/>.
   </para>
  </sect2>

 <sect2 xml:id="drivers-hardware-rpiusbboot">
   <!-- bsc#1198992 -->
   <title>Network install image hangs on boot on Raspberry Pi 4</title>
   <para>
     Booting the network install image from USB stick on Raspberry Pi 4 hangs on
     boot. To resolve this issue, add the <literal>console=tty</literal> boot
     parameter. See details in the known issues section of our <link
     xlink:href="https://en.opensuse.org/HCL:Raspberry_Pi4#Boot_from_USB_in_Net_install_image_of_Leap_15.4_hangs_on_boot">Raspberry
     Pi 4 Hardware Compatibility List</link>.
   </para>
  </sect2>

 </sect1>

  <sect1 xml:id="desktop">
  <title>Desktop</title>
   <para>
    This section lists desktop issues and changes in &thisversion;.
   </para>
   <sect2 xml:id="desktop-kde">
    <title>KDE 4 and Qt 4 removal</title>
    <para>
     KDE 4 packages will not be part of &opensuseleap; 15.4.
     Please update your system to Plasma 5 and Qt 5.
     Some of Qt 4 packages might still remain for compatability reasons.
     <link xlink:href="https://bugzilla.opensuse.org/show_bug.cgi?id=1179613"/>.
    </para>
   </sect2>

<!--
  <sect2 xml:id="desktop-ypbind">
   <!-/- boo#1129587 -/->
   <title>NIS/ypbind and NetworkManager</title>
   <para>
     If you use NIS for authentication on your workstation, we recommend
     using <package>wicked</package> instead of
     <package>NetworkManager</package> for managing network
     interfaces, as <package>ypbind</package> does not integrate well
     with NetworkManager.
   </para>
  </sect2>
  -->

  </sect1>

  <sect1 xml:id="general">
   <title>General</title>

   <sect2 xml:id="general-iotop">
    <!-- boo#1200669 -->
    <title><command>iotop</command> support</title>
    <para>
     <command>iotop</command> does not display values for SWAPIN and IO %.
    </para>
    <para>
     Since Linux kernel 5.14, either kernel boot parameter
     <literal>delayacct</literal> needs to be specified or
     <literal>kernel.task_delayacct</literal> sysctl needs to be
     enabled.
    </para>
   </sect2>

  </sect1>

 <!-- <sect1 xml:id="server">
  <title>Server Software</title>

  <para>
   This section lists changes to server software features in &thisversion;.
  </para>

 </sect1> -->


<!-- <sect1 xml:id="security">
  <title>Security</title>

  <para>
   This section lists changes to security features in &thisversion;.
  </para> -->

<!--
  <sect2 xml:id="security-amanda">
   <!-/- boo#1116922 -/->
   <title>Users and Groups Associated with AMANDA Backup Utility</title>
   <para>
    AMANDA (<emphasis>Advanced Maryland Automatic Network Disk
    Archiver</emphasis>) is a backup solution that allows setting up a master
    backup server to back up multiple hosts over network to tape
    drives/changers or disks or optical media. This tool is shipped in
    &osuse; within the package <package>amanda</package>.
   </para>
   <para>
    The execution of the binaries in this package is restricted to the group
    <systemitem class="groupname">amanda</systemitem>. However, some of those
    binaries use the attribute <literal>setuid</literal> to gain
    <systemitem class="username">root</systemitem> rights. As the
    implementation of at least some of these binaries is problematic, the user
    <systemitem class="username">amanda</systemitem> and members of the group
    <systemitem class="groupname">amanda</systemitem> are effectively
    privileged users whose rights are equivalent to those of
    <systemitem class="username">root</systemitem>.
   </para>
   <para>
    Hence, carefully consider who you allow access to either the user account
    or the group.
   </para>
  </sect2>
-->
<!-- </sect1> -->


 <!-- <sect1 xml:id="technical">
  <title>Technical</title>
  <para/>

 </sect1> -->

 <!-- <sect1 xml:id="misc">
  <title>Miscellaneous</title>
  <para/>
 </sect1> -->

 <sect1 xml:id="feedback">
  <title>More Information and Feedback</title>
  <itemizedlist>
   <listitem>
    <para>
     Read the <filename>README</filename> documents on the medium.
    </para>
   </listitem>
   <listitem>
    <para>
     View a detailed changelog information about a particular package from its
     RPM:
    </para>
    <screen>rpm --changelog -qp <replaceable>FILENAME</replaceable>.rpm</screen>
    <para>
     Replace <replaceable>FILENAME</replaceable> with the name of the RPM.
    </para>
   </listitem>
   <listitem>
    <para>
     Check the <filename>ChangeLog</filename> file in the top level of the
     medium for a chronological log of all changes made to the updated packages.
    </para>
   </listitem>
   <listitem>
    <para>
     Find more information in the <filename>docu</filename> directory on the
     medium.
    </para>
   </listitem>
   <listitem>
    <para>
     For additional or updated documentation, see
     <link xlink:href="https://doc.opensuse.org/"/>.
    </para>
   </listitem>
   <listitem>
    <para>
     For the latest product news, from &opensuse;, visit
     <link xlink:href="https://www.opensuse.org"/>.
    </para>
   </listitem>
  </itemizedlist>

  <para>
   Copyright © <?dbtimestamp format="Y" ?> SUSE LLC
  </para>

 </sect1>
</article>