openSUSE

Python 3.13 RC2 is now available in Tumbleweed. This new version of the Python interpreter will be released in October 2024.

There is a lot of changes and new features in 3.13, but we're also bringing exiting experimental features in Tumbleweed.

Experimental JIT compiler

The default (python313) build has the flag --enable-experimental-jit=yes-off. This means that if you want to use this experimental JIT you can enable with an environment variable:

$ PYTHON_JIT=1 python3.13

You can find more information about the JIT compiler and how it can improve performance in PEP-744.

Free threaded CPython (no GIL)

With this new version of Python interpreter, there is an option to build without the famous Global Interpreter Lock, aka GIL. This is a really experimental feature, but why not have this on Tumbleweed? So we decided to build also this new version with a new package python313-nogil.

This new package is an isolated interpreter, so you can install without conflicts with python313. The package is building with the --disable-gil option and it provides the /usr/bin/python3.13t binary. It uses by default /usr/lib/python3.13t/site-packages for third-party libs so, with the default configuration, it won't use any python 3.13 module.

This means that now you can use threading.Thread in the Python interpreter, and it will be actual threads so, at the end using threads with python3.13t, interpreter should be a lot faster.

There's no packages for this interpreter in Tumbleweed, at this moment. So if you want to use third party libraries you should use virtualenv and pip for that:

$ python3.13t -m venv free-threaded-env
$ source free-threaded-env/bin/activate
(free-threaded-env) $ pip install requests
(free-threaded-env) $ python3
Python 3.13.0rc2 experimental free-threading build (main, Sep 07 2024, 16:06:06) [GCC] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys; sys._is_gil_enabled()
False

cross-posted from: https://lemmy.ml/post/19629878

In recent testing scenarios involving a build and NetworkManager, a significant issue has surfaced: the network stack becomes non-operational.

Users are advised to postpone system updates for now, but if users have already updated, use Snapper to rollback; it’s important to note that while the issue primarily affects GNOME setups with Wicked, it can also impact servers without these components.

This problem has been consistently reproducible since at least the 20240825 Tumbleweed build. Bind 9.20.1 received an update has changes to DNS query handling and system controls, which may have inadvertently contributed to the network stack issue.

The first packages of the new COSMIC desktop has landed in openSUSE.

List of packages:

• https://download.opensuse.org/tumbleweed/repo/oss/x86_64/?P=*cosmic*

Development branch of COSMIC (stable)

• https://build.opensuse.org/project/show/X11:COSMIC:Factory

More Information about openSUSE:

Official

• openSUSE News
• openSUSE Mailing List
• openSUSE Wiki

Fediverse

• https://discuss.tchncs.de/c/[email protected]

An experimental "Pre-RC3" image for the Aeon Desktop has been published and testers are encouraged to try out the final prototype before it becomes the official Release Candidate 3 (RC3). The new image can be downloaded from the openSUSE development repository.

This prototype, which has been submitted to openSUSE Factory, introduces some significant changes and improvements. Notably, the dd backend in the tik installer has been replaced with a new systemd-repart backend. This change allows for the installation of Aeon with Full Disk Encryption that enhances the security features of the operating system.

Existing users of Aeon RC2 and earlier versions will need to perform a reinstall to take advantage of the new features destined for RC3. Due to the fundamental changes in partition layout necessary for the new encryption features, an in-place upgrade from RC2 is not feasible without risking data integrity, according to a post on the new Aeon Desktop subreddit. Users can utilize Aeon's reinstall feature, which facilitates the backup and restoration of user data as long as a sufficiently large USB stick is used.

Users installing the prototype image may encounter some packages from the OBS devel project. These can be removed by running transactional-update --interactive dup and selecting solutions that replace devel:microos packages with official ones.

Testers are encouraged to provide feedback and report any issues encountered during the testing phase on the Aeon Desktop bug report page.

Next Steps

If the prototype is accepted into Factory and becomes RC3, the development of Aeon will be in its final stages before an official release. RC3 will serve as the basis for writing openQA tests for Aeon, which are crucial for ensuring the desktop's stability and functionality.

There is a possibility of an RC4, which aims to streamline the installer process by embedding the full Aeon install within the installer image, potentially reducing the download size by 50 percent. If this approach is not feasible in the short term, it may be revisited post-release.

Full Disk Encryption is set up in one of two modes: Default or Fallback. Get more info about that in the Aeon Desktop Introduces Comprehensive Full Disk Encryption article.

More Information about openSUSE:

Official

• openSUSE News
• openSUSE Mailing List
• openSUSE Wiki

Fediverse

• https://discuss.tchncs.de/c/[email protected]

Full Disk Encryption is planned to be introduced in the forthcoming release candidate of the Aeon Desktop to enhance data security for its users.
The feature is expected to be included in the upcoming Release Candidate 3 (RC3).

Full Disk Encryption is designed to protect data in cases of device loss, theft or unauthorized booting into an alternative operating system.
Depending on the hardware configuration of a system, Aeon's encryption will be set up in one of two modes: Default or Fallback.

Default Mode

The Default Mode is the preferred method of encryption provided the system has the required hardware. This mode utilizes the Trusted Platform Module(TPM) 2.0 chipset with PolicyAuthorizeNV support (TPM 2.0 version 1.38 or newer). In this mode, Aeon Desktop measures several aspects of the system's integrity. These including:

• UEFI Firmware
• Secure Boot state (enabled or disabled)
• Partition Table
• Boot loader and drivers
• Kernel and initrd (including kernel command line parameters)

These measurements are stored in the system's TPM. During startup, the current state is compared with the stored measurements. If these match, the system boots normally. If discrepancies are found, users are prompted to enter a Recovery Key provided during installation. This safeguard ensures that unauthorized changes or tampering attempts are flagged.

Fallback Mode

The Fallback Mode is employed when the necessary hardware for Default Mode is not detected. This mode requires users to enter a passphrase each time the system starts. While it does not check system integrity as comprehensively as Default Mode, Secure Boot is strongly recommended to ensure some level of security, confirming that the bootloader and kernel have not been tampered with.

Contrary to initial concerns, Default Mode is not less secure than Fallback Mode despite not requiring a passphrase at startup. The strong integrity checks in Default Mode protect against attacks that could bypass normal authentication methods. For example, it can detect changes to the kernel command line that could otherwise allow unauthorized access. Furthermore, it safeguards against modifications to initrd thereby preventing potential passphrase capture in Fallback Mode.

Secure Boot, while optional in Default Mode due to the comprehensive integrity checks, is critical in Fallback Mode to maintain system security. Disabling Secure Boot in Fallback Mode increases vulnerability to tampering and attacks aimed at capturing the passphrase.

Aeon's implementation of Full Disk Encryption provides robust security options tailored to the capabilities of users' hardware. By offering both Default and Fallback modes, Aeon ensures that all users can benefit from enhanced data protection.

The inclusion of this feature in RC3 marks a significant step forward in safeguarding user data against potential threats.
Aeon users are encouraged to read and bookmark the Aeon Encryption Guide.

More Information about openSUSE:

Official

• openSUSE News
• openSUSE Mailing List
• openSUSE Wiki

Fediverse

• https://discuss.tchncs.de/c/[email protected]

(Image made with DALL-E)

Slowroll, which has a more modest update cadence than Tumbleweed, is gaining acceptance as a balance between the rapid updates of Tumbleweed's rolling releases and the traditional Leap release.

Slowroll is nearly ready for full deployment and the development team has been working diligently to prepare the next version bump, with planned updates scheduled for July 9, August 9 and Sept. 9. These updates are expected to maintain a consistent monthly cadence to ensure users have timely and stable updates.

One of the critical updates pulled in will include the latest OpenSSH CVE fixes, which have already been made available in Tumbleweed. This fix enhances the security of Slowroll & ensure that it remains a robust and reliable distribution for users.

Highlighted Features of Slowroll

Balanced Update Cadence: Slowroll offers a monthly rolling update cycle that provides users with the latest features and security updates while ensuring stability through extensive testing and validation.

Beta Phase: Slowroll is now in the Beta phase, indicating its near readiness for full deployment. Users can expect a reliable experience with continuous improvements.

Continuous Improvement: The distribution integrates big updates approximately every month, alongside continuous bug fixes and security patches, ensuring a secure and up-to-date system.

Statistics and Status

According to the latest statistics available on the Slowroll Stats page:

• Tumbleweed had 2813 updated packages since the last version bump
• Slowroll received 1316 updates from 871 different packages and only 339 updated rpms are Slowroll-specific builds

Origins and Purpose

Slowroll, introduced in 2023, was designed as an experimental distribution. Its primary goal is to offer a slower rolling release compared to Tumbleweed, thus enhancing stability without compromising on access to new features. The distribution continuously evolves with big updates integrated approximately every month, supported by regular bug fixes and security updates.

It's crucial to understand that Slowroll is not intended to replace Leap. Instead, it provides an alternative for users who desire more up-to-date software at a slower pace than Tumbleweed but faster than Leap.

If you try Slowroll, have a lot of fun - rolling... slowly!

More Information about openSUSE:

Official

• openSUSE News
• openSUSE Mailing List
• openSUSE Wiki

Fediverse

• https://discuss.tchncs.de/c/[email protected]

(Image made with DALL-E)

A new major version of Leap Micro is now available! Leap Micro 6.0 images can be found at get.opensuse.org.

Leap Micro 6.0 uses a brand-new codebase, comes with plenty of new appliances and, for the first time, enters images for public cloud.

About Leap Micro

Leap Micro 6.0 is a rebranded SUSE Linux Enterprise Micro 6.0 which is an ultra-reliable container and Virtual Machine host by SUSE. Leap Micro is released twice a year and has support over two releases.

Leap Micro 5.4 is now EOL

With the release of Leap Micro 6.0, Leap Micro 5.4 reaches End Of Life; users will no longer receive maintenance updates and are advised to upgrade.

More conservative users can stay on Leap Micro 5.5, which will receive updates until the release of Leap Micro 6.1.

Understanding Image variants

All of Leap and SLE Micro generally come in two variants either Base or Default.

Both Base and Default have a container stack, but only the Default variant has the Virtual Machine stack.

If you do not plan to use VMs and you care for space, then the Base might be a variant just for you. 

All of our images offered at get-o-o are the Default ones (VMs+containers) as we expect they're suitable for most users.

All appliances including Base variants (without virtualization stack) can be downloaded directly from https://download.opensuse.org/distribution/leap-micro/6.0/appliances/

Explaining individual appliances

A general recommendation for everyone use is the self-install image. It's a bootable image with a quick wizard that writes the preconfigured image to your drive and grows the root partition. This process from boot takes about 5 minutes.

The preconfigured image is a raw bootable image you can manually write/dd to the disk or SD card. Images can be configured via Ignition/Combustion or will default to the jeos-firsboot wizard.

We have a Real-time image with kernel-rt, qcow image for KVM, VMWare image, and a brand new raw image with Full Disk Encryption.

Users who want to try our FDE image within a VM will need to make sure that they're using emulated tpm-2 chip and UEFI. This can be achieved easily with virt-manager.

SLE Micro 6.0 dropped the traditional installer in favor of self-install media, therefore Leap Micro 6.0 doesn't have it either.

The new Packages image is not a bootable media. This is just an image with an offline repository in case you need it.

Leap Micro 6.0 comes for the first time also with Public Cloud Images.

Images will soon be available with all major public cloud providers. 

Upgrading from 5.X

A recommendation is to make a clean install since this is a brand-new major version.

For those who'd like to try migration, please follow the upgrade guide.

Release Notes

Users can refer to SLE Micro 6.0 Release notes.

Leap Micro 6.0 uses openSUSE-repos for repository management. It is highly recommended to pay attention to this detail, especially for those who migrate. Here is an article explaining how openSUSE repos work.

Leap Micro 6.0 has no longer a dedicated SLE update repo. This has been merged into the main repository.

More Information about openSUSE:

Official

• openSUSE News
• openSUSE Mailing List
• openSUSE Wiki

Fediverse

• https://discuss.tchncs.de/c/[email protected]

Leap 15.6 install media were refreshed to address an issue with old secure boot signing key for ppc64le and s390x.

Refreshed images from Leap 15.6 Build 710.3 are already available for download at get.opensuse.org. So now you can enjoy installation with secure boot on more exotic architectures.

Happy Hacking!

So I often have to install and test different programs. I do not want programs to access the Internet immediately. After a while I might want to allow it, so it should be easy to allow or disallow internet access at the application level.

Basically I wonder if there is an easy way to do this. It seems that OpenSnitch can do this, but it doesn't seem to work on OpenSuse. I might be able to get it to work eventually, but before I spend hours tinkering with it, do you know of a better solution? Might this even be possible with the built-in firewall or AppArmor?

openSUSE Leap Micro 6.0 Beta is now available! We expect that it will very quickly transition to RC and GA as the infra readiness advances. Leap Micro 6.0 Beta images can be found at get.opensuse.org or directly at download.opensuse.org.

About Leap Micro

Leap Micro 6.0 is a rebranded SUSE Linux Enterprise Micro 6.0 which is an ultrareliable container and VM host by SUSE. This is the first publicly released product based on the fresh code base "SUSE Linux Framework One" (previously known as ALP).

Leap Micro 6.X is available for x86_64 and aarch64, released every 6 months, and supported until the next-next release is out. That means that Leap Micro 6.0 will become EOL once Leap Micro 6.2 gets released.

All pieces related to Rancher and Elemental are purposely excluded from Leap Micro 6.X as SLE Micro for Rancher is free for use without any subscription within Rancher deployments.

No more traditional installer

Leap Micro 6.X is deployed via self-install image which writes a preconfigured image to the disk and enlarges root partition. Users can use combustion, ignition or default to the jeos-firstboot wizard to do the initial setup of the system.

Do not get mistaken by the availability of openSUSE-Leap-Micro-6.0-*.iso is not installable. We refer to the image as a Packages image, which is basically an offline repository on a DVD.

New FDE, VMWare, and Cloud images

Aside from the self-install image Micro 6.0 comes with qcow, Full Disk Encryption, and RealTime images. All images can be found at download.opensuse.org

For the first time Leap Micro 6.X has also cloud-init therefore shortly after the release we will also have cloud images available on GCP, Azure, and AWS.

Changes to the product building

Leap Micro 6.X is using the new product composer instead of the old product builder. This allowed us to consume update-info from the newly designed maintenance workflow of SLE Micro 6.0 and was preferred by the openSUSE maintenance team.

Changes to the repositories and maintenance workflow

Leap Micro 5.X users receive all updates released for relevant SLE Micro version via a repository named repo-sle-update. This particular repository no longer exists in Leap Micro 6.X.

Instead, the repo-main repository will contain all released updates for the relevant version of SUSE Linux Micro to date.

Please note that the repository path slightly changed too, we'll ensure that migration via transactional-update shell followed by zypper dup --releaser 6.0 works via compatibility symlinks on download server.

New way of managing repository definitions

openSUSE-repos is not new to our users, however, for the first time, openSUSE Leap Micro 6.0 deployments come with openSUSE-repos preinstalled. openSUSE repos uses a local RIS service that easily lets us maintain repository definitions with a package update.

Users migrating from 5.5/5.4 releases are advised to install zypper in openSUSE-repos to ensure they have up-to-date repository paths.

Documentation

Please refer to SLE Micro 6.0 documentation including Release notes.

Reporting Issues

Please refer to the Leap Micro section in our Submitting bug reports page.

Next steps

Missing maintenance setup was a long-term blocker for the transition out from Alpha, otherwise, the distribution itself is stable and feature-full. Now that we have it, we need to polish some remaining infrastructure issues and users can expect a release within the next few days. Ideally before oSC2024 next week.

Members of openSUSE Project are excited about the launch of Leap 15.6 on June 12 and encourages people to host a Release Party.

If you don’t know how to do this, there is a list of steps below on how to have a successful release party.

If you’re interested in hosting your own Release Party, there’s a handy checklist to help you plan a successful event:

• Find a Date: A weekend date is usually best, but flexibility is key. Find a common date that works for most people.
• Find a Place: A café, bar, or Linux group meetup location works great. Whether you opt for a coffee and cake party or a beer and pizza gathering, the key is to have fun.
• Cake: While not essential, a cake adds to the celebration. You can also bake openSUSE cookies.
• Pictures: Capture the moment with photos or videos and share them on social media. Tag openSUSE on X, Facebook, Mastodon, BlueSky or more.

There is already a plan to have people to meet virtually in the openSUSE Bar for the launch June 12. The virtual release party will feature members of the release team and community members. Join sometime on June 12 as participants from various countries are encouraged to join and interact with the openSUSE community.

Some will celebration the event in Nuremberg. Certainly people at the openSUSE Conference will highlight the release during the BBQ/Release Party.

These launch parties provide a chance for the community to connect with the people behind the project and to show an appreciation for contributors who make the release of Leap 15.6 possible. It's an excellent opportunity for the community to gather, celebrate and discuss the new release after months of development.

Schedule your release party today on the wiki and have a lot of fun!

More Information about openSUSE:

Official

• openSUSE News
• openSUSE Mailing List
• openSUSE Wiki

Fediverse

• https://discuss.tchncs.de/c/[email protected]

(Image made with DALL-E)

Looks like most of the improvements have nothing to do with GNOME, so they should also probably impact Kalpa (the KDE MicroOS distro).

I'm particularly interested in these developments because I'm going to upgrade the CPU on my NAS (old Phenom II -> Ryzen 1700), and I'm considering reinstalling w/ MicroOS. It's currently running on an old SATA SSD, but NVMe drives are getting so cheap that it's probably worth an upgrade.

The openSUSE Project has an official space on Hugging Face, which is a popular platform offering a range of open-source Artificial Intelligence models, tools and resources.

The new namespace can be found at huggingface.co/openSUSE.

Hugging Face is known for facilitating developers and researchers in working with advanced AI applications that include natural language processing (NLP) and computer vision.

Having the openSUSE namespace provides community-driven development toward creating, sharing and improving AI models and datasets.

One dataset has already been added. The first dataset is openSUSE Cavil, which is a tool designed for license compliance, identification and legal reviews. By leveraging the rich AI models and datasets available through the Hugging Face platform, openSUSE Cavil can offer a more advanced and accurate detection of license issues and compliance.

To get involved with the openSUSE Project on Hugging Face, individuals can sign up for an account. The registration process is straightforward and requires only basic information.

Once registered, users can explore the openSUSE and view a collection of AI models and datasets created and shared by the community.

Contributors are encouraged to share their AI models and datasets. Hugging Face offers tools and tutorials to assist with uploading and managing these contributions. Community members can work together on improving existing models or developing new ones.

High-quality documentation and tutorials are vital for the success of the project. Community members can contribute by writing guides, creating video tutorials, or translating existing resources to broaden their accessibility.

Users gain access to cutting-edge AI models and a collaborative environment where they can learn and expand their skills. Contributions to the project support the advancement of AI research and development within the open-source ecosystem.

For more information and to participate, visit huggingface.co/openSUSE.

More Information about openSUSE:

Official

• openSUSE News
• openSUSE Mailing List
• openSUSE Wiki

Fediverse

• https://discuss.tchncs.de/c/[email protected]
• https://discuss.tchncs.de/c/[email protected]

From the website:

OpenVINO is an open-source toolkit for optimizing and deploying deep learning models from cloud to edge. It accelerates deep learning inference across various use cases, such as generative AI, video, audio, and language with models from popular frameworks like PyTorch, TensorFlow, ONNX, and more. Convert and optimize models, and deploy across a mix of Intel® hardware and environments, on-premises and on-device, in the browser or in the cloud.

Important dates:

• expected summit date is Nov. 2 and 3 soon after Open Source Summit Japan
• call for speakers is going to end around the end of July

There will be another announcement in a couple weeks.

Looks like Leap 15.6 will ship with Cockpit, which looks pretty cool.

I just set up a new VPS w/ Leap 15.5, so I'm thinking about giving this a try. I'm not a fan of YaST on the CLI, and I'm not going to install a GUI on my VPS, so being able to just SSH tunnel to the admin panel sounds really nice.

Has anyone tried Cockpit (project link for the lazy)? It seems like it can manage most popular distros, so that's a pretty big value prop over YaST, which is pretty much only for SUSE. It looks like it's a RedHat project, but it's cool that openSUSE is pulling it in for 15.6.

Slowroll just bumped its Tumbleweed snapshot version a few hours ago.
This update contains everything since the previous snapshot 2024-02-13, including the Plasma and Gnome updates.

by Douglas DeMaio

So, I updated Tumbleweed, and the updates to KDE caused my Plasma/Wayland session to restart, breaking the updates part way through. I wasn't watching at the time so took some while to debug!

Spent some time learning how to use nm-cli, because new half-upgraded KDE wouldn't load the network widget. It looks like something else may have changed and mucked up in the half-update (and of course I rebooted like a wise-man/dummy/i-dont-know-but-at-least-it-didnt-make-it-work) but iterations of trying things in nmcli eventually worked!

Finally tried zypper dup again and saw the session restart, so finished the job from the virtual terminal! At last, I seem to have a working computer again, and I might just brave updating my main laptop. (I cancelled the update while it was still downloading packages, after seeing the breakage on the other laptop!)

Any idea when this will hit tumbleweed? I'm really looking forward to this release!

It's a bit quiet here so for now I'll start linking the latest openSUSE news here.