SUSE Linux Enterprise Desktop 15 GA

Release Notes

This document provides guidance and an overview to high level general features and updates for SUSE Linux Enterprise Desktop 15 GA. Besides product-specific information, it also describes the capabilities and limitations of SUSE Linux Enterprise Desktop 15 GA.

These release notes are updated periodically. The latest version of these release notes is always available at https://www.suse.com/releasenotes. General documentation can be found at https://www.suse.com/documentation/sled-15.

Publication Date: 2018-06-05, Version: 15.0.20180605

1 About the Release Notes

The most recent version of these Release Notes is always available online at https://www.suse.com/releasenotes.

Some entries may be listed twice, if they are important and belong to more than one section.

Release notes usually only list changes that happened between two subsequent releases. Always review all release notes documents that apply in your upgrade scenario.

2 SUSE Linux Enterprise Desktop

SUSE Linux Enterprise Desktop is the market's only enterprise-quality Linux desktop ready for routine business use. Developed and backed by SUSE, SUSE Linux Enterprise Desktop provides market-leading usability, seamless interoperability with existing IT systems, and dozens of essential applications—all at a fraction of the price of proprietary operating systems.

2.1 Interoperability and Hardware Support

It comes bundled with the latest versions of leading applications such as LibreOffice office productivity suite, Mozilla Firefox Web browser, and Evolution e-mail and calendar suite. In addition, it integrates with Microsoft SharePoint for group collaboration and supports a wide range of multimedia file formats, wireless and networking standards, and plug-and-play devices.

Through the latest enhancements in power management and security, SUSE Linux Enterprise Desktop also provides an environmentally friendly IT experience (Green IT) and an error-proof desktop. Finally, SUSE Linux Enterprise Desktop offers unparalleled flexibility. You can deploy it on a wide range of thick client devices (including desktops, notebooks, netbooks, and workstations), on thin client devices, or as a virtual desktop. By leveraging the power of SUSE Linux Enterprise Desktop, your business can dramatically reduce costs, improve end user security and increase workforce productivity.

2.2 Support and Life Cycle

SUSE Linux Enterprise Desktop 15 has a 10 year life cycle. The current version (GA) will be fully maintained and supported until 6 months after the release of SUSE Linux Enterprise 15 SP1.

SUSE does not support skipping Service Packs of SUSE Linux Enterprise Desktop when upgrading.

2.3 What Is New?

SUSE Linux Enterprise Desktop 15 introduces many innovative changes compared to SUSE Linux Enterprise Desktop 12.

2.3.1 System Roles for SUSE Linux Enterprise Desktop

With SLED 15, it is possible to choose specific roles for the system based on modules selected during the installation process. There are four roles available:

  • GNOME Desktop (Wayland): available when Desktop Productivity (on SLED) or Workstation Extension are selected.

  • GNOME Desktop (X11): available when Desktop Productivity (on SLED) or Workstation Extension are selected.

  • GNOME Desktop (Basic): available when the Desktop Application module is selected.

  • IceWM Desktop (Minimal): available when Basesystem module is selected.

2.4 Documentation and Other Information

2.4.1 Available on the Product Media

  • Read the READMEs on the media.

  • Get the detailed changelog information about a particular package from the RPM (FILENAME is the name of the RPM):

    rpm --changelog -qp FILENAME.rpm
  • Check the ChangeLog file in the top level of the media for a chronological log of all changes made to the updated packages.

  • Find more information in the docu directory of the media of SUSE Linux Enterprise Desktop 15 GA.

2.4.2 Additional or Updated Documentation

For the most up-to-date version of the documentation for SUSE Linux Enterprise Desktop 15 GA, see https://www.suse.com/documentation/sled-15.

2.5 Support Statement for SUSE Linux Enterprise Desktop

To receive support, you need an appropriate subscription with SUSE. For more information, see https://www.suse.com/support/programs/subscriptions/?id=SUSE_Linux_Enterprise_Server.

2.6 General Support Statement

2.6.1 Reflink Feature of XFS Is Not Supported

XFS reflink support is currently considered experimental in current upstream Linux and is also not supported in SUSE Linux Enterprise.

2.7 Technology Previews

Technology previews are packages, stacks, or features delivered by SUSE. These features are not supported. They may be functionally incomplete, unstable or in other ways not suitable for production use. They are mainly included for customer convenience and give customers a chance to test new technologies within an enterprise environment.

Technology previews can be dropped at any time and SUSE does not commit to providing a supported version of such technologies in the future.

Give your SUSE representative feedback, including your experience and use case.

2.7.1 Support for AMD Secure Encrypted Virtualization

As a technology preview, SLE 15 now support AMD Secure Encrypted Virtualization (SEV). SEV integrates main memory encryption capabilities (SME) with the existing AMD-V virtualization architecture to support encrypted virtual machines. Encrypting virtual machines helps protect them from physical threats and other virtual machines or even the hypervisor itself. SEV represents a new approach to security that is particularly suited to cloud computing where virtual machines need not fully trust the hypervisor and administrator of their host system. As with SME, no application software modifications are required to support SEV.

2.8 Related Products

This section lists related products. Usually, these products have own release notes documents that are available from https://www.suse.com/releasenotes.

Additionally, there is the following extension which is not covered by SUSE support agreements, available at no additional cost and without an extra registration key:

3 Installation and Upgrade

This section includes information related to the initial installation of SUSE Linux Enterprise Desktop 15 GA. For installation documentation, see Deployment Guide at https://www.suse.com/documentation/sled-15/singlehtml/book_sle_deployment/book_sle_deployment.html.

3.1 Installation

This section includes information related to the initial installation of SUSE Linux Enterprise Desktop 15 GA.

Important
Important: Installation Documentation

The following release notes contain additional notes regarding the installation of SUSE Linux Enterprise Desktop. However, they do not document the installation procedure itself.

For installation documentation, see Deployment Guide at https://www.suse.com/documentation/sled-15/singlehtml/book_sle_deployment/book_sle_deployment.html.

3.1.1 Parted Supports Linux-Specific GPT GUID for Partitions

When Parted 3.1, the version shipped with earlier versions of SLE, was released, there was no Linux-specific GPT GUID. Therefore, it used the Microsoft Basic Data partition type for all new partitions.

With SLE 15, Parted 3.2 is shipped. This version uses the new Linux GPT GUID by default. If an old Linux GPT partition that uses the Microsoft Basic Data type is found, Parted will set the flag msftdata on it.

In partition editors and other GPT-enabled disk tools, such partitions may be mislabeled as Windows Data Partitions or similar. This affects the YaST Expert Partitioner, as well as fdisk, gdisk, etc.

The partition can be converted and the flag be cleared like this:

parted [DEVICE] set [PARTITION_NUMBER] msftdata off

3.1.2 Drivers for Nvidia GPUs

On SLED 15, users of Nvidia graphical chipsets can choose between two different drivers:

  • The proprietary Nvidia driver, which is available after registering at the SUSE Customer Center from the repository SUSE_Linux_Enterprise_Desktop_15_x86_64:SLE-15-GA-Desktop-nVidia-Driver. This driver is fully supported by Nvidia.

  • The Nouveau driver (available in the kernel-default-extra and xf86-video-nouveau packages), which is provided as-is and not supported by SUSE.

Installing the proprietary Nvidia driver will disable the nouveau driver.

3.2 Update-Related Notes

This section includes upgrade-related information for SUSE Linux Enterprise Desktop 15 GA.

Important
Important: Upgrade Documentation

The following release notes contain additional notes regarding the upgrade of SUSE Linux Enterprise Desktop. However, they do not document the upgrade procedure itself.

For upgrade documentation, see https://www.suse.com/documentation/sled-15/singlehtml/book_sle_deployment/book_sle_deployment.html#cha.update.sle.

3.2.1 ReiserFS Support Removed

ReiserFS support for new installations was removed from YaST in SUSE Linux Enterprise 12 but upgrades were still supported.

With SUSE Linux Enterprise 15, support for ReiserFS will be completely removed from YaST and the installer will block the upgrade when it detects a ReiserFS file system.

For existing data partitions formatted with ReiserFS, we suggest converting them to Btrfs before migrating your system to SUSE Linux Enterprise 15.

3.2.2 System-wide Locale/Keymap/Font Settings are not read from /etc/sysconfig/ anymore

Previously, there were different places for configuring a given setting.

For example, to set the system-wide locale, you could either:

  • write the settings in /etc/locale.conf

  • use localectl

  • write ROOT_USES_LANG in /etc/sysconfig/language if LANG was not already configured in /etc/locale.conf.

This could be confusing, especially since settings in /etc/sysconfig/language usually override the locale settings used by users's shells only and therefore should not influence the system-wide locale.

Similar situations and similar problems could also be seen for the keymap/font settings:

  • The keyboard layout could be configured in both /etc/vconsole.conf and /etc/sysconfig/keyboard, the former having a higher priority.

  • the font used by virtual consoles could be read from both /etc/vconsole.conf and /etc/sysconfig/console.conf, the former having a higher priority.

With SLE 15, systemd does not read certain settings from the following files anymore:

  • /etc/sysconfig/language for the system-wide locale settings (ROOT_USES_LANG)

  • /etc/sysconfig/keyboard for the keyboard layout used by the virtual consoles (CONSOLE_FONT, CONSOLE_SCREENMAP, CONSOLE_UNICODEMAP)

  • /etc/sysconfig/console for the font used by the virtual consoles (KEYTABLE)

All variables defined in /etc/sysconfig/language will still be used to override the system-wide locale and to define a different locale settings for users's shells as it is currently described in the official documentation.

To keep backward compatibility with the old systems, during the update of the systemd package, all variables mentioned will be migrated from sysconfig to their final destinations if they are not already defined there.

Replacement settings:

Locale:

  • The system-wide locale can be changed via localectl(1) or YaST.

  • The settings are stored in /etc/locale.conf, see man 5 locale.conf.

Virtual Consoles: The settings can instead be written directly in /etc/vconsole.conf. Also see man 5 vconsole.conf.

Keyboard:

  • The system-wide locale can be changed via localect(1).

  • The settings are stored in /etc/vconsole.conf, see man vconsole.conf(5).

4 Kernel

4.1 Support for Scalable Machine Check Architecture (Scalable MCA)

Scalable MCA improves hardware error reporting to better diagnose issues in AMD Zen processors. It provides a clearer, easier to use rules for the kinds of information supplied by the hardware when reporting errors.

This clearer separation of architectural and implementation-specific functions allows operating systems to better take advantage of architectural features.

In addition, it expands information logged in MCA banks to allow for improved error handling, better diagnosability, and future scalability.

4.2 Support for AMD Memory Encryption

To provide protection against physical attacks on a system, AMD SME can provide full or partial memory encryption depending on the use case, on AMD family 17h CPU processors. Full memory encryption means all DRAM contents are encrypted using random keys. This provides strong protection against cold boot, DRAM interface snooping and similar types of attacks. This technology is especially prominent for systems equipped with NVDIMMs whose contents remain intact after powering down the system.

Memory encryption support is present in SLE 15 kernels but not enabled by default. To enable it on compatible hardware (AMD family 17h CPU, with proper BIOS/UEFI support), supply the boot option mem_encrypt=on.

5 Security

5.1 GnuPG Uses SHA-2 Family of Digests by Default

Research was published that showed weakesses in the SHA-1 family of hashes for some applications. The use of stronger digests is advised for most applications.

The default behavior for GnuPG (gpg2) has been changed to use SHA-2 family digests for key certificates, default preferences stored in keys, and signature generation in the absense of a configuration file. GnuPG no longer generates a new configuration when called in an empty home. Existing GnuPG configurations are not altered. GnuPG continues to support SHA-1 digest generation and verification as mandated by OpenPGP standards.

5.2 All SLE 15 Packages Are Enabled for Address Space Layout Randomization

Security consists of layers of defense. One of those layers of defense is randomizing address for programs, so offsets and functions and similar are at randomized addresses on every start.

All SUSE Linux Enterprise 15 binaries are built with support for PIE (Position-Independent Executables) which will randomize all code layout in memory on every startup of the binary.

5.3 firewalld Replaces SuSEfirewall2 as Default Software Firewall

SuSEfirewall2 was originally tailored towards running a router with forwarding and/or NAT rules. This use case is rarely required anymore. Furthermore, the static nature of SuSEfirewall2 made it difficult to react to today's dynamic networking events like hotplugged network interfaces or virtual networking.

To allow greater flexibility in SLE 15, the default firewall has been switched to the firewalld upstream solution. It provides a resident daemon process which can dynamically adjust firewall rules on behalf of the user or other programs. SuSEfirewall2 is no longer available.

There is no automatic migration from SuSEfirewall2 to firewalld. To migrate an existing SuSEfirewall2 configuration to firewalld, you can use the script from the package susefirewall2-to-firewalld. However, after running the script, you still need to manually adjust and verify the resulting firewalld rules.

More technical information about firewalld could be found in the Security Guide at https://www.suse.com/documentation/sles-15/singlehtml/book_security/book_security.html#sec.security.firewall.firewalld.

6 Networking

6.1 Mozilla Thunderbird Provided as a Cross-Platform E-Mail Client

Mozilla Thunderbird is provided as a cross-platform graphical e-mail client with calendaring capabilities. It supports the S/MIME (RFC 2633) e-mail encryption standard. Support for OpenPGP (RFC 2440) can be added by installing the extension Enigmail (package enigmail).

6.2 Enigmail Extension Provided for OpenPGP Support in Mozilla Thunderbird

Mozilla Thunderbird provides support for the S/MIME (RFC 2633) e-mail encryption standard, but needs and additional plugin-in to support OpenPGP (RFC 2440).

The Enigmail plugin for Mozilla Thunderbird is provided to add support for OpenPGP (RFC 2440) e-mail encryption. It uses the local GnuPG installation, configuration and keys.

Additionally, the plugin adds support for the following protocols, enabled by default:

  • Protected e-mail headers: Encrypts e-mail subjects and replaces them with a dummy text.

  • Autocrypt: Automatically generates and exchanges encryption keys to seamlessly switch to encrypted communication without user configuration.

  • Web Key Discovery: Discovers and downloads unavailable keys during message composition.

  • Pretty Easy Privacy: Scheme for end-to-end e-mail encryption.

7 Virtualization

7.1 Support for Nested Virtualization Performance Features in Newer AMD Processors

In nested virtualization, the hypervisor has to intercept and emulate most virtualization instructions in KVM guests in software. This slows down nested virtualization.

Newer AMD processors have support for hardware virtualization of common virtualization instructions, making software emulation unnecessary. These features in newer AMD processors are now supported, making nested virtualization faster.

8 Miscellaneous

8.1 Plymouth/GDM May Hang If No Display Is Connected

When you are using the graphical boot target (with GDM) but there is no display connected, Plymouth may be unable to quit. This affects the start of systemd services that are normally started subsequent to Plymouth.

To diagnose whether a system is in the problematic status, remotely log in to it and run the command systemctl list-jobs. The system is affected if the plymouth-quit-wait.service is shown as running.

Any of the following methods can be used as a workaround:

  • Connect the machine to a monitor.

  • Add plymouth.enable=0 in kernel boot options.

  • Run command plymouth quit when the system is running to the status.

8.2 Graphics Chipset Compatibility under Wayland

The drivers for the following graphics chipsets do not yet support Wayland sessions:

  • Nvidia GPUs running under the proprietary driver from Nvidia

  • Cirrus Logic chipsets in QEMU virtual machines

  • Matrox mgag20 chipset

  • Aspeed graphics chipsets

In all of these cases, even if the Wayland stack is fully installed, GNOME will automatically fall back to starting an X session.

8.3 No Default Compose Key Combination

In previous versions of SLE, the compose key combination allowed typing characters that were not part of the regular keyboard layout. For example, to produce "å", you could press and release Shift-Right Ctrl and then press a twice.

Starting with SLE 15, there is no longer a predefined compose key combination because Shift-Right Ctrl does not work as expected anymore.

  • To define a system-wide custom compose key combination, use the file /etc/X11/Xmodmap and look for the following lines:

    [...]
    !! Third example: Change right Control key to Compose key.
    !! To do Compose Character, press this key and afterwards two
    !! characters (e.g. `a' and `^' to get 342).
    !remove  Control  = Control_R
    !keysym Control_R = Multi_key
    !add     Control  = Control_R
    [...]

    To uncomment the example code, remove the ! characters at the beginning of lines. However, note that the setup from Xmodmap will be overwritten if you are using setxkbmap.

  • To define a user-specific compose key combination, use your desktop's keyboard configuration tool or the command-line tool setxkbmap:

    setxkbmap [...] -option compose:COMPOSE_KEY

    For the variable COMPOSE_KEY, use your preferred character, for example ralt, lwin, rwin, menu, rctl, or caps.

  • Alternatively, use an IBus input method that allows typing the characters you need without a Compose key.

8.4 Wayland Cannot Be Used on Machines with Hybrid GPUs

On SLED 15, hybrid GPUs are not fully supported on Wayland. This affects, for example, laptops that have an integrated Intel GPU and a discrete Nvidia or AMD GPU connected to the HDMI ports. When the BIOS of a machine is set to use discrete graphics, GNOME will automatically fall back to starting an X session (which better supports the discrete GPU).

There is an unsupported workaround to use Wayland when a discrete graphic card is enabled. This workaround brings up GNOME on Wayland under SLED 15. However, external monitors with discrete graphic cards are not allowed in this configuration and it can lead to additional display-related issues.

To enable the unsupported workaround, do:

  1. Append the following line to the file /etc/environment:

    MUTTER_ALLOW_HYBRID_GPUS=1

9 Packages and Functionality Changes

9.1 New Packages

9.1.1 wodim Has Been Replaced by cdrtools

wodim was created as fork of cdrtools. Unfortunately, the wodim project stagnated over the years.

SLE 15 migrates back to using cdrtools. This means that some tools have been renamed. The following package names have changed:

  • genisoimage has been renamed to mkisofs

  • wodim has been renamed to cdrecord

  • icedax has been renamed to cdda2wav

cdrkit-cdrtools-compat is no longer supplied. It only provided symbolic links for compatibility between cdrtools and wodim. If you were using it, no changes are necessary. If you were using the replaced packages above, executable binaries were renamed accordingly.

9.1.2 UnRAR Has Been Replaced by unar

UnRAR is freeware command-line application for extracting RAR archives. Unfortunately, it is non-free.

In SLE 15, The Unarchiver command-line tool, which is LGPL-licensed (package unar, binaries unar and lsar), has replaced UnRAR.

Unarchiver supports the same archive formats (including RAR5), except for UUE, JAR, and limited support for ARJ (no multi-part) and ACE (no support for Ace 2.0).

UnRAR and Unarchiver are not completely CLI-compatible, as they have a different set of options. Because of this, a simple wrapper script was added within the unrar_wrapper package (with a symbolic link to /usr/bin/unrar). This script transforms a subset of unrar commands to unar and lsar to provide a backwards compatibility:

  • Supported commands: l[t[a],b], t, v[t[a],b], x.

  • Supported options: -o+, -o-, -or, -p

  • Other: files, @listfiles and path_to_extract/ (only for extracting)

  • Return codes: 0 (success), 1 (error), 2 (invalid argument)

For more information about functionality supported by the wrapper, see https://github.com/openSUSE/unrar_wrapper.

9.1.3 ntpd Has Been Replaced With Chrony

The time server synchronization daemon ntpd has been replaced with the more modern daemon Chrony.

This change means that AutoYaST files with an ntp_client section need to be updated to a new format for this section. For more information about the new AutoYaST ntp_client format, see AutoYaST Guide, section NTP Client (a draft version of the document is available at https://www.suse.com/documentation/sles-15/singlehtml/book_autoyast/book_autoyast.html#Configuration.Network.Ntp).

To sync time in intervals, YaST sets up a cron configuration file. From SLE 15 on, the configuration file used for this is owned by the package yast2-ntp-client (previously no package owned it). The configuration file has been renamed from novell.ntp-synchronization to suse-ntp_synchronization to be consistent with other cron configuration files. Upgrade from previous versions of SLE is performed automatically: If a file with the old name is found, it will be renamed and references to ntpd in it will be replaced by chrony.

ntpd has been moved to the Legacy module. For more information, see Section 9.4.1, “Legacy Module: ntpd is now part of the Legacy Module”.

9.2 Updated Packages

9.2.1 Wireshark Qt UI Replaces Deprecated GTK+ UI

The GTK+ user interface of the Wireshark network protocol analyzer has been deprecated by the upstream project.

The Wireshark Qt interface is now shipped in the package wireshark-ui-qt.

9.2.2 Kernel and Toolchain

  • GCC 6.4 and GCC 7.1

  • glibc 2.25

  • Linux kernel 4.12

9.2.3 Desktop

  • GNOME 3.26

  • X.org 7.6

9.2.4 Other Software Updates

  • Samba 4.6

  • UEFI Enablement on AMD64/Intel 64

  • SWAP over NFS

  • Python 2.7 and Python 3.6

  • Perl 5.24

  • Ruby 2.4

9.3 Removed Packages and Features

The following packages have been removed in this release.

9.3.1 x11vnc Has Been Removed

In SLE 15, the package x11vnc is not available anymore. Instead, use x0vncserver. The command x11vnc is now a compatibility wrapper that internally starts x0vncserver. It does not have all features that x11vnc had, but it is faster, more secure, and built from better tested and maintained code.

9.4 Modules

This section contains information about important changes to modules.

9.4.1 Legacy Module: ntpd is now part of the Legacy Module

With SLE 15, the network time daemon ntpd has been replaced by chrony. ntpd has been moved to the Legacy module instead.

9.4.2 Legacy Module: OpenSSL 1.0.x Has Been Moved to the Legacy Module

The lifetime of OpenSSL versions 1.0.x does not cover the full lifetime of the product. Additionally, OpenSSL will not support TLS 1.3. However, some applications may require this older version for a transitional period.

OpenSSL libraries version 1.0.x were moved to the Legacy Module. The module has a different lifecycle from SUSE Linux Enterprise Server itself. This version is not expected to receive feature updates or security certifications. For new development, make sure to use the default OpenSSL version 1.1.x.

10 Obtaining Source Code

This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at http://www.suse.com/download-linux/source-code.html. Also, for up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Requests should be sent by e-mail to mailto:sle_source_request@suse.com or as otherwise instructed at http://www.suse.com/download-linux/source-code.html. SUSE may charge a reasonable fee to recover distribution costs.

Print this page