ProHoster > Blog > internet news > SUSE Linux Enterprise 15 SP4 distribution available

SUSE Linux Enterprise 15 SP4 distribution available

After a year of development, SUSE has released the SUSE Linux Enterprise 15 SP4 distribution. Products based on the SUSE Linux Enterprise platform include SUSE Linux Enterprise Server, SUSE Linux Enterprise Desktop, SUSE Manager, and SUSE Linux Enterprise High Performance Computing. The distribution is free to download and use, but access to updates and patches is limited to a 60-day trial period. The release is available in builds for the aarch64, ppc64le, s390x, and x86_64 architectures.

SUSE Linux Enterprise 15 SP4 maintains full binary package compatibility with the community-driven openSUSE Leap 15.4 distribution, which is scheduled for release tomorrow. A high level of compatibility was achieved by using the same set of binary packages in openSUSE with SUSE Linux Enterprise, instead of rebuilding src packages. Users are expected to be able to build and test a working solution first with openSUSE, and then seamlessly switch to a commercial version of SUSE Linux with full support, SLA, certification, long release times, and advanced mass deployment tools.

Major changes:

  • The Linux kernel has been updated to release 5.14.
  • Desktop environment updated to GNOME 41 and GTK4. Provided the ability to use a desktop session based on the Wayland protocol in environments with proprietary NVIDIA drivers.
  • Added Pipewire media server, which is currently only used for screen sharing in Wayland-based environments. For sound, PulseAudio continues to be used.
  • Removed Python 2 packages. Only python3 package remains.
  • Updated versions of PHP 8, OpenJDK 17, Python 3.10, MariaDB 10.6, PostgreSQL 14, Apparmor 3.0, Samba 4.15, OpenSSL 3.0.1, systemd 249, QEMU 6.2, Xen 4.16, libvirt 0.8.0, virt-manager 4.0.0.
  • Implemented the ability to apply live patches to update user-space components such as Glibc and OpenSSL on the fly. Patching is done without restarting processes by applying patches to in-memory libraries.
  • JeOS images (minimal builds of SUSE Linux Enterprise for virtualization systems) have been renamed to Minimal-VM.
  • Fulfilled SLSA level 4 requirements to protect against malicious changes during development. To verify applications and container images using digital signatures, the Sigstore service is used, which maintains a public log for authentication (transparency log).
  • Provided support for managing servers running SUSE Linux Enterprise using Salt, a centralized configuration management system.
  • Added experimental support for the schedutil (cpufreq governor) processor frequency control mechanism, which directly uses information from the task scheduler to make a decision on changing the frequency and can immediately contact the cpufreq drivers to quickly change the frequency, instantly adjusting the CPU operation parameters to the current load.
  • The wicked network configurator used in SLES added an experimental ability to decode the SMBIOS Management Controller Host Interface structure and configure the Host Network Interface in the BMC using the Redfish over IP protocol, which allows you to use the Redfish service for remote system management.
  • Support for the Intel Alderlake graphics platform has been moved to the i915 driver. For ARM systems, it includes the etnaviv driver for Vivante GPUs used in various ARM SoCs such as the NXP Layerscape LS1028A/LS1018A and NXP i.MX 8M, as well as the etnaviv_dri library for Mesa.
  • The ability to activate the Real-Time mode in the kernel for real-time systems is provided by setting the preempt=full parameter during the boot of the standard SUSE Linux kernel. The separate kernel-preempt package has been removed from the distribution.
  • By default, the kernel disables the ability to run eBPF programs by unprivileged users (the /proc/sys/kernel/unprivileged_bpf_disabled parameter is set) due to the risks of using eBPF to attack the system. Implemented support for the BTF (BPF Type Format) mechanism, which provides information for type checking in BPF pseudocode. Updated BPF toolkit (libbpf, bcc). Added support for the bpftrace tracing mechanism.
  • Allowed Btrfs to use 64K memory pages when working with a file system formatted with a block size smaller than the kernel memory page size (for example, FS with 4KB blocks can now be used not only in kernels with the same memory page size).
  • The kernel includes support for the SVA (Shared Virtual Addressing) mechanism for sharing virtual addresses between the CPU and peripherals, allowing hardware accelerators to access data structures in the main CPU.
  • Improved support for NVMe drives and added the ability to use advanced features such as CDC (Centralized Discovery Controller). The nvme-cli package has been updated to version 2.0. Added new packages libnvme 1.0 and nvme-stas 1.0.
  • Official support has been provided for placing swap in a zRAM block device, which provides compressed data storage in RAM.
  • Added support for NVIDIA vGPU 12 and 13.
  • Instead of the fbdev drivers used for output via Framebuffer, a universal simpledrm driver is proposed that uses the EFI-GOP or VESA framebuffer provided by the UEFI firmware or BIOS for output.
  • The composition includes the OpenSSL 3.0 cryptographic library, in addition to the OpenSSL 1.1.1 version used in system applications.
  • YaST has improved booting from network drives configured with the "_netdev" option.
  • The BlueZ Bluetooth stack has been updated to version 5.62. High quality audio codecs for Bluetooth have been added to the pulseaudio package.
  • Enabled automatic conversion of System V init.d scripts to systemd services using systemd-sysv-generator. In the next major branch of SUSE, support for init.d scripts will be dropped entirely and conversion disabled.
  • In builds for ARM, the range of supported ARM SoCs has been expanded.
  • Added support for AMD SEV technology, which provides transparent encryption of virtual machine memory at the hardware level (only the current guest system has access to the decrypted data, while other virtual machines and the hypervisor receive an encrypted data set when they try to access this memory).
  • The chrony NTP server includes support for time synchronization based on the NTS (Network Time Security) protocol, which uses public key infrastructure (PKI) elements and allows the use of TLS and authenticated encryption AEAD (Authenticated Encryption with Associated Data) for cryptographic protection of client interaction and server via NTP (Network Time Protocol).
  • The 389 Directory Server is used as the main LDAP server. Support for the OpenLDAP server has been discontinued.
  • Removed toolkit for working with LXC containers (libvirt-lxc and virt-sandbox).
  • A new minimal version of the BCI (Base Container Image) container has been proposed, which ships the busybox package instead of bash and coreutils. The image is designed to be used to run applications pre-built with all dependencies in a container. Added BCI containers for Rust and Ruby.

Source: opennet.ru

Add a comment