Kilauea; Mount Etna; Mount Yasur; Mount Nyiragongo and Nyamuragira; Piton de la Fournaise; Erta Ale. 2 the directory 'D: mysql lib' by copying the libmysql.dll file to the directory 'C: Qt Qt5.1.1.1.1 mingw48_32 bin', otherwise when connecting to the database will report 'QMYSQL driver not loaded' error. Four, the connection test. The 1 run as administrator of CMD, implementation of MySQL - uroot - P, input.

1) I assume that you already compiled your qsqlmysql dll. You should have the qmyssql.dll in the plugins/sqldrivers directory relative to your binary path of your executable. 2) You should also be careful not to mix release and debug dlls (the ones with the d at the end). 3) The static method addDatabase should be used this way: this->connection = QSqlDatabase::addDatabase(DRIVER, NAME); 4) Another point: The reason you get the error 'twice' (you actually just get two errors combined) is that connection.lastError().text() results a combined error message (appended) from the driver and from the connection attempt (see the API more more information about the differences).

5) When i took a closer look at your libs i could not see the non-debug version of libmysql.dll. If you run in release mode you must use the release library since the runtime will look for libmysql.dll and not libmysqld.dll. This will give you this error. I use msys2 with its qt5 package mingw64/mingw-w64-x86_64-qt5 (5.8.0-3) and looking at the plugins/sqldrivers/qsqlmysql.dll with the reveled dependency on the mariadb.dll, so I installed the mariadb client package: pacman -S mingw64/mingw-w64-x86_64-libmariadbclient and the dll appeared in /mingw64/bin/mariadb.dll, so I just copied the dll next to my app's exe file and it suddenly worked. Even if you don't use msys2, you should still look at your qsqlmysql.dll with Dependency Walker and provide the missing dlls to your app. You can install or and just copy the dlls from the installed path.

1 SUSE Linux Enterprise Server SUSE Linux Enterprise Server is a highly reliable, scalable, and secure server operating system, built to power mission-critical workloads in both physical and virtual environments. It is an affordable, interoperable, and manageable open source foundation. With it, enterprises can cost-effectively deliver core business services, enable secure networks, and simplify the management of their heterogeneous IT infrastructure, maximizing efficiency and value.

The only enterprise Linux recommended by Microsoft and SAP, SUSE Linux Enterprise Server is optimized to deliver high-performance mission-critical services, as well as edge of network, and web infrastructure workloads. Designed for interoperability, SUSE Linux Enterprise Server integrates into classical Unix as well as Windows environments, supports open standard interfaces for systems management, and has been certified for IPv6 compatibility. This modular, general purpose operating system runs on three processor architectures and is available with optional extensions that provide advanced capabilities for tasks such as real time computing and high availability clustering. SUSE Linux Enterprise Server is optimized to run as a high performing guest on leading hypervisors and supports an unlimited number of virtual machines per physical system with a single subscription, making it the perfect guest operating system for virtual computing. SUSE Linux Enterprise Server is backed by award-winning support from SUSE, an established technology leader with a proven history of delivering enterprise-quality support services. SUSE Linux Enterprise Server 12 has a 13 years life cycle, with 10 years of General Support and 3 years of Extended Support. The current version (GA) will be fully maintained and supported until 6 months after the release of SUSE Linux Enterprise Server 12 SP1.

If you need additional time to design, validate and test your upgrade plans, Long Term Service Pack Support can extend the support you get an additional 12 to 36 months in twelve month increments, giving you a total of 3 to 5 years of support on any given service pack. For more information, check our Support Policy page or the Long Term Service Pack Support Page. • Robustness on administrative errors and improved management capabilities with full system rollback based on btrfs as the default file system for the operating system partition and SUSE's snapper technology. • An overhaul of the installer introduces a new workflow that allows you to register your system and receive all available maintenance updates as part of the installation. • SUSE Linux Enterprise Server Modules offer a choice of supplemental packages, ranging from tools for Web Development and Scripting, through a Cloud Management module, all the way to a sneak preview of SUSE's upcoming management tooling called Advanced Systems Management. Modules are part of your SUSE Linux Enterprise Server subscription, are technically delivered as online repositories, and differ from the base of SUSE Linux Enterprise Server only by their lifecycle. • New core technologies like systemd (replacing the time honored System V based init process) and wicked (introducing a modern, dynamic network configuration infrastructure).

• The open source database system MariaDB is fully supported now. • Support for the open-vm-tools together with VMware for better integration into VMware based hypervisor environments. • Linux Containers are integrated into the virtualization management infrastructure (lib-virt). Docker is fully supported now. • Support for the 64 bit Little-Endian variant of IBM's POWER architecture, in addition to continued support for the Intel 64 / AMD64 and IBM System z architectures. • GNOME 3.10 (or just GNOME 3), giving users a modern desktop environment with a choice of several different look and feel options, including a special SUSE Linux Enterprise Classic mode for easier migration from earlier SUSE Linux Enterprise desktop environments • For users wishing to use the full range of productivity applications of a Desktop with their SUSE Linux Enterprise Server, we are now offering the SUSE Linux Enterprise Workstation Extension (needs a SUSE Linux Enterprise Desktop subscription).

• Integration with the new SUSE Customer Center, SUSE's central web portal to manage Subscriptions, Entitlements, and provide access to Support. For users upgrading from a previous SUSE Linux Enterprise Server release it is recommended to review.

Rpm --changelog -qp.rpm • Check the ChangeLog file in the top level of the media for a chronological log of all changes made to the updated packages. • Find more information in the docu directory of the media of SUSE Linux Enterprise Server 12. This directory includes PDF versions of the SUSE Linux Enterprise Server 12 Installation Quick Start and Deployment Guides. Documentation (if installed) is available below the /usr/share/doc/ directory of an installed system. • These Release Notes are identical across all architectures, and the most recent version is always available online. Some entries are listed twice, if they are important and belong to more than one section.

1.3 How to Obtain Source Code This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material.

The source code is available for download. Also, for up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Requests should be sent by e-mail to or as otherwise instructed. SUSE may charge a reasonable fee to recover distribution costs.

L1 Problem determination, which means technical support designed to provide compatibility information, usage support, on-going maintenance, information gathering and basic troubleshooting using available documentation. L2 Problem isolation, which means technical support designed to analyze data, duplicate customer problems, isolate problem area and provide resolution for problems not resolved by Level 1 or alternatively prepare for Level 3. L3 Problem resolution, which means technical support designed to resolve problems by engaging engineering to resolve product defects which have been identified by Level 2 Support. For contracted customers and partners, SUSE Linux Enterprise Server 12 and its Modules are delivered with L3 support for all packages, except the following. 1.4.2 Technology Previews Technology previews are packages, stacks, or features delivered by SUSE. These features are not supported.

They may be functionally incomplete, unstable or in other ways not suitable for production use. They are mainly included for customer convenience and give customers a chance to test new technologies within an enterprise environment. Whether a technical preview will be moved to a fully supported package later, depends on customer and market feedback. A technical preview does not automatically result in support at a later point in time. Technical previews could be dropped at any time and SUSE is not committed to provide a technical preview later in the product cycle. Please, give your SUSE representative feedback, including your experience and use case. • The guest must pass tpm_tis.force=1 on the guest kernel command line.

This may be done via the bootloader configuration, typically found in /boot/grub2/grub.cfg. Be aware that YaST autogenerates this configuration file. Thus better use the Kernel Parameter tab of the YaST Boot Loader dialog to append tpm_tis.force=1 to the kernel command line parameters, or edit /etc/default/grub and then run grub2-mkconfig -o /boot/grub2/grub.cfg. • The host administrator must chmod o+w /sys/class/misc/tpm0/device/cancel. As this permits host-wide access to cancel TPM commands by unprivileged users, no unprivileged users must be permitted to access the host when it is put into this configuration. It is anticipated that future versions of libvirt will perform the privileged access of /sys/class/misc/tpm0/device/cancel on QEMU's behalf such that permitting world write access to /sys/class/misc/tpm0/device/cancel will not be necessary.

1.4.2.7 Memory Compression with zswap Usually, when a system's physical memory is exceeded, the system moves some memory onto reserved space on a hard drive, called 'swap' space. This frees physical memory space for additional use. However, this process of 'swapping' memory onto (and back from) a hard drive is much, much slower than direct memory access, so it can slow down the entire system.

Starting with SLES 12, you can enable the zswap driver using the boot parameter zswap.enabled=1. The zswap driver inserts itself between the system and the swap hard drive, and instead of writing memory to a hard drive, it compresses memory. This speeds up both writing to swap and reading from swap, which results in better overall system performance while using swap. Compression Limits The effective compression ratio cannot exceed 50 percent, that is, it can at most store two uncompressed pages in one compressed page.If the workload's compression ratio exceeds 50% for all pages, zswap will not be able to save any memory. Setting zswap Memory Compressed memory still uses a certain amount of memory, so zswap has a limit to the amount of memory which will be stored compressed, which is controllable through the file /sys/module/zswap/parameters/max_pool_percent.

By default, this is set to 20, which indicates zswap will use 20 percent of the total system physical memory to store compressed memory. The zswap memory limit has to be carefully configured. Setting the limit too high can lead to premature out-of-memory situations that would not exist without zswap, if the memory is filled by non-swappable non-reclaimable pages. This includes mlocked memory and pages locked by drivers and other kernel users. For the same reason, performance can also be hurt by compression/decompression if the current workload's workset would fit in, for example, 90 percent of the available RAM, but 20 percent of RAM is already occupied by zswap.

This means that the missing 10 percent of uncompressed RAM would constantly be swapped out of/in to the memory area compressed by zswap, while the rest of the memory compressed by zswap would hold pages that were swapped out earlier which are currently unused. There is no mechanism that would result in gradual writeback of those unused pages to let the uncompressed memory grow. Freeing zswap Memory zswap will only free its pages in two situations. • The processes using the pages free the pages or exit • The configured memory limit for zswap is exceeded. In this case, the oldest zswap pages are written back to disk-based swap (that is, LRU). Memory Allocation Issues In theory, it can happen that zswap is not yet exceeding its memory limit, but already fails to allocate memory to store compressed pages.

In that case, it will refuse to compress any new pages and they will be swapped to disk immediately. For confirmation whether this issue is occurring, check the value of /sys/kernel/debug/zswap/reject_alloc_fail. 1.4.2.11 Linux Paging Improvements High swapping activity on Linux system, for example when triggering a file system backup, although the SAP applications are sized to completely fit into the system's main memory.

This results in bad response times on the application level. The pagecache_limit feature is only supported as part of SUSE Linux Enterprise Server for SAP Applications. You can limit the amount of page cache that the kernel uses if there is competition between application memory and page cache. Once the page cache is filled to the configured limit, application memory is more important and should not be paged out. Two new Linux kernel tunables have been introduced.

• vm.pagecache_limit_mb (/proc/sys/vm/pagecache_limit_mb) • vm.pagecache_limit_ignore_dirty (/proc/sys/vm/pagecache_limit_ignore_dirty) No pages will be paged out if the memory footprint of the workload plus the configured page cache limit do not exceed the amount of physical RAM in the system. If paging needs to occur, the Linux kernel will still favor to keep application memory over page cache unless we are below the page cache limit. If there is plenty of free memory, the kernel will continue to use it as page cache in order to speed up file system operations. 1.4.2.12.1 KVM on ppc64le Linux has managed to unify the Operating System layer nicely across different architectures.

This challenge still exists in the hypervisor space. KVM solves the universal hypervisor challenge. It is now available across all targets that SLES supports.

KVM allows the administrator to create virtual machines in the exact same fashion using the exact same set of tools on x86_64, s390x and ppc64le. This makes SLES the perfect platform for virtualization and cloud scenarios in heterogeneous environments. 1.4.2.13.2 KVM for s390x Using Linux and virtualization technologies on System z, with good Linux and KVM skills, but limited knowledge of System z and z/VM. KVM is included on the s390x platform as a technology preview. Running Linux with KVM in an LPAR allows x86 skilled administrators to explore the potential of Linux on the mainframe. KVM on Linux allows the administrator to create and manage virtual machines by himself, assign resources and benefit from the workload isolation and protection, as well as the flexibility of KVM based virtual machines, with the same tools and commands as know from a x86 based environment.

Over time, business requirements may increase the need and interest to explore the full potential of the underlying platform. This can be achieved by getting more and more insight into the unique hardware and performance characteristics of System z, as well as the option to operate other environments on the mainframe, also in collaboration with Linux. 1.4.2.13.5 Hot-patching Support for Linux on System z Binaries Hot-patch support in gcc implements support for online patching of multi-threaded code for Linux on System binaries. It is possible to select specific functions for hot-patching using a function attribute and to enable hot-patching for all functions ( -mhotpatch ) via command line option. Because enabling of hot-patching has negative impact on software size and performance it is recommended to use hot-patching for specific functions and not to enable hot-patch support in general. For online documentation, see. 2.1.1 Avoid Adding Packages When Activating a Module Repository When adding a module repository such as Public Cloud the graphical installer (YaST Qt UI) automatically selects recommended packages.

Often this is not expected by the user. Craigslist Auto Posting Software on this page. To work around this behavior, disable the installation of recommended packages in the installer (YaST Qt UI) or use the text-mode installer (YaST ncurses UI) that by default does not autoinstall recommended packages ('Install Recommended Packages for Already Installed Packages' is deactivated). • Use English or some other non-CJK language for installation then switch to the CJK language later on a running system using YaST+System+Language.

• Use your CJK language during installation, but do not choose Text Mode in the boot loader using F3 Video Mode. Select one of the other VGA modes instead. Select the CJK language of your choice using F2 Language, add textmode=1 to the boot loader command-line and start the installation. • Use graphical installation (or install remotely via SSH or VNC). • bootloader, kernel and kernel modules must be signed. • kexec and kdump are disabled. • Hibernation (suspend on disk) is disabled.

• Access to /dev/kmem and /dev/mem is not possible, not even as root user. • Access to I/O port is not possible, not even as root user.

All X11 graphical drivers must use a kernel driver. • PCI BAR access through sysfs is not possible.

• custom_method in ACPI is not available. • debugfs for asus-wmi module is not available. • The acpi_rsdp parameter does not have any effect on the kernel. When booting with Secure Boot mode disabled in the firmware, the following features apply. • Root filesystem needs to be btrfs • Root filesystem needs to be on one device, including /usr That is needed since snapshots need to be atomic, and that is not possible if the data is stored on different partitions, devices, or subvolumes. How to Do the Rollback During boot, you can select an old snapshot. This snapshot will then be booted in something like a read-only mode.

All the snapshot data is read-only, all other filesystems or btrfs subvolumes are in read-write mode and can be modified. To make this snapshot the default for the next reboot and switch it into a read-write mode, use 'snapper rollback'. What Will Not Be Rolled Back The following directories are excluded from rollback. This means that changes below this subdirectory will not be reverted when an old snapshot is booted, in order to not lose valuable data.

On the other hand, this may prevent some third-party services from starting correctly when booting from an old snapshot. • Add-ons and third party software installed in separate subvolumes or partitions, such as /opt, can be completely broken after a rollback of a Service Pack. • Newly created users will vanish from /etc/passwd during a rollback, but the data is still in /home, /var/spool, /var/log and similar directories. If a new user is created later, it may be given the same user id, making it the owner of these files. This can be a security and privacy problem. • If a package update changes permissions/ownership of files/directories inside of a subvolume (like /var/log, /srv.), the service may be broken after a rollback, because it is no longer able to write/access/read the files/data. • General: if there are subvolumes like /srv, containing a mix of code and data, rollback may lead to loss of data or broken/non-functional code.

• General: if an update to a service introduces a new data format, rolling back to an old snapshot may render the service non-functional, if the older version is unable to handle the new data format. • Rollback of the boot loader is not possible, since all 'stages' of the boot loader must match.

However, as there is only one MBR (Master Boot Record) per disk, there cannot be different snapshots of the other stages. 2.2.1 Updating Registration Status After Rollback When performing a service pack migration, it is necessary to change the configuration on the registration server to provide access to the new repositories. If the migration process is interrupted or reverted (via restoring from a backup or snapshot), the information on the registration server is inconsistent with the status of the system. This may lead to you being prevented from accessing update repositories or to wrong repositories being used on the client. When a rollback is done via Snapper, the system will notify the registration server to ensure access to the correct repositories is set up during the boot process.

If the system was restored any other way or the communication with the registration server failed for any reason (for example, because the server was not accessible due to network issues), trigger the rollback on the client manually by calling snapper rollback. We suggest always checking that the correct repositories are set up on the system, especially after refreshing the service using zypper ref -s. 2.2.5 /tmp Cleanup from sysconfig Automatically Migrated into systemd Configuration By default, systemd cleans tmp directories daily, and systemd does not honor sysconfig settings in /etc/sysconfig/cron such as TMP_DIRS_TO_CLEAR. Thus it is needed to transform sysconfig settings to avoid potential data loss or unwanted misbehavior. When updating to SLE 12, the variables in /etc/sysconfig/cron will be automatically migrated into an appropriate systemd configuration (see /etc/tmpfiles.d/tmp.conf ).

The following variable are affected. 3.1.1.1 Ext4: Experimental Features Ext4 has some features that are under development and still experimental. Thus, using these features poses a significant risk to data. To clearly indicate such features, the Ext4 driver in SUSE Linux Enterprise 12 refuses to mount (or mount read-write) file systems with such features.

To mount such file systems set the allow_unsupported module parameter (either when loading the module or via /sys/module/ext4/parameters/allow_unsupported ). However setting this option will render your kernel, and thus your system unsupported. Features which are treated this way are: bigalloc, metadata checksumming, and journal checksumming. 3.1.1.3 Enabling Full Heap Randomization [All architectures] CONFIG_COMPAT_BRK has been disabled to allow randomization of the start address of the userspace heap. This can break old binaries based on libc5. To revert to the old behavior, set the kernel.randomize_va_space sysctl to 2. [x86_64 only] CONFIG_COMPAT_VDSO has been disabled to enforce randomization of the VDSO address of 32bit binaries on x86_64.

This can break 32bit binaries using glibc older than 2.3.3. To revert to the old behavior, specify vdso=2 on the kernel command line.

3.1.1.5 Preparation for Non-linear Memory Mapping Deprecation Non-linear mappings are considered for deprecation in upstream as part of code cleanup. Of course, the existing syscall API (remap_file_pages) will stay and will be implemented as an emulation on top of regular mmap interface. To ensure a stable kernel application binary interface (kABI) during SLE 12 lifetime, SUSE is preparing this change. As a result, the first use of the syscall will trigger a warning and the module source code will not compile without modification.

If your software encounters this condition, get in touch with your SUSE contact to get support during migration. 3.1.1.6 Kernel Package Layout Changed The kernel-default package now contains the kernel image and all supported modules. The kernel-default-base package is thus not necessary in normal setups. Also, all the debugging symbols are packaged in the kernel-default-debuginfo package. Do not attempt to install the kernel-default-base package unless building a minimal system. When using utilities like crash or systemtap, you only need to install the kernel-default-debuginfo package. The kernel-default-devel-debuginfo package is no longer needed and does not exist.

3.1.3.1 Installing CA Certificates For legacy reasons, /etc/ssl/certs may only contain CA certificates in PEM format. Because this format does not transport usage information /etc/ssl/certs may only contain CA certificates that are intended for server authentication. OpenSSL understands a different format that transports the usage information, therefore OpenSSL internally uses a different location, which contains certificates of all kinds of usage type ( /var/lib/ca-certificates/openssl ). If you put a certificate in plain PEM format in /etc/pki/trust/anchors/ and call update-ca-certificates it should end up in both /var/lib/ca-certificates/pem (i.e., /etc/ssl/certs ) and /var/lib/ca-certificates/openssl [as well as other locations like the cert bundle or the Java keyring]. 3.1.3.4 Basic Linux-Integrity Enablement (IMA, IMA-Appraisal, EVM) IMA, IMA-appraisal, and EVM are configured in SLES-12, but not enabled by default as additional configuration is required (for example enabling TPM, labeling the filesystem). IMA can be used to attest a system's runtime integrity.

IMA measurements are enabled with the boot parameter 'ima_tcb'. This starts a builtin policy which measures all regular files that are executed or read by a process with root uid. The builtin policy can be replaced with a system customized policy, for more information, refer to. In order to enforce local file integrity, the filesystem is labeled with good measurements (for examplem hash, signature).

IMA-appraisal verifies the current measurement of a file matches the good value. If the values do not match, access is denied to the file. For more information on creating public/private keys used for signing files, loading the public key on the IMA keyring, and labeling the filesystem, refer to and. EVM protects integrity sensitive inode metadata against offline attack.

For more information on creating trusted/encrypted keys and loading the EVM keyring, refer to and. • /usr/share/pki/trust/anchors/ and /etc/pki/trust/anchors/ for the root CA certificates • /usr/share/pki/trist/blacklist/ and /etc/pki/trust/blacklist/ for blacklisted certificates A helper tool called 'update-ca-certificates' is used to propagate the content of those directories to the certificate stores used by openssl, gnutls, and openjdk. /etc/ssl/certs links to an implementation-specific location managed by p11-kit. It must not be used by the administrator anymore.

Administrators must put local CA certificates into /etc/pki/trust/anchors/ instead and run the update-ca-certificates tool to propagate the certificates to the various certificate stores. 3.1.3. Serial Number Netsupport School there. 10 Increased Key Lengths for the SSH Service Cryptographic advances and evaluations strongly suggest no longer to use key smaller than 2048 bit length. This is codified in various standards, for example NIST SP 800-131A or BSI TR-02102. SSH was updated to generate RSA keys with at least 2048 bits key length and Elliptic Curve DSA keys of at least 256 bit key length. The DSA keysize should also be incremented, but due to portability issues 1024 bit are still allowed. We recommend not to use or generate DSA keys, or try to use 2048 or larger keys, but watch for interoperability issues. • through the PF: This would typically be done on the virtualization host using a command such as ip link set p4p1 vf 0 mac d6:2f:a7:28:78:c2 • through the VF: This would typically be done on the virtualization guest using a command such as ip link set eth0 address d6:2f:a7:28:78:c2 Initially, either methods are permitted.

However, after the administrator has explicitly configured a MAC address for a VF through its PF, the ixgbe driver disallows further changes of the MAC address through the VF. For example, if an attempt is made to change the MAC address through the VF on a guest after the MAC address for this device has been set on the host, the host will log a warning of the following form. 3.1.4.2 Activating uuidd Socket The UUID generation daemon (uuidd) which generates universally unique identifiers (UUIDs).

As released with SLES 12 GA, the systemd preset has 'default off' for 'use socket activation for uuidd'. The post-GA update come with a changed systemd preset. This update fixes the use and behavior of uuidd. If you install the updated package on a system where the SLES 12 GA version is not installed, the new preset is in place, this means 'use socket activation for uuidd' is applied during the installation and the service works out of the box. If you update the package on a system where the SLES 12 GA version is installed, the new preset is not enforced. This means the old setting will stay in place. In this case it is recommended to switch to the proposed new default behavior by starting uuidd on first use.

Recommended commands. • GNOME 3 and gdm require a number of recent X Extensions as specified and implemented by X.Org in Xserver 1.12 or later. Among them are XFixes version 5 or later and XInput (Xi) version 2.2 or later. Also extensions to GLX such as GLX_EXT_texture_from_pixmap are required.

An X server used to remotely connect over XDMCP must support these extensions. • If these extensions are available from your X server (such as Xorg or Xephyr), the default settings for the display manager (gdm) and for the window manager (GNOME3/sle-classic) should be used. • If some extensions are missing from your X server (such as Xnest) which is used to connect to the XDMCP display manager, 'xdm' should be used as the display manager (set DISPLAYMANAGER='xdm' in /etc/sysconfig/displaymanager ) while 'icewm' should be set for the window manager ( DEFAULT_WM='icewm' in /etc/sysconfig/windowmanager ). • Note: The network traffic used with XDMCP is not encrypted. • As an alternative to XDMCP, VNC can be used to connect remotely to a graphical interface.

This does not impose any specific requirements on X extensions. For a nested Xserver, Xephyr is the preferred choice over Xnest. • through the PF: This would typically be done on the virtualization host using a command such as ip link set p4p1 vf 0 mac d6:2f:a7:28:78:c2 • through the VF: This would typically be done on the virtualization guest using a command such as ip link set eth0 address d6:2f:a7:28:78:c2 Initially, either methods are permitted. However, after the administrator has explicitly configured a MAC address for a VF through its PF, the ixgbe driver disallows further changes of the MAC address through the VF.

For example, if an attempt is made to change the MAC address through the VF on a guest after the MAC address for this device has been set on the host, the host will log a warning of the following form. 3.2.1 Importing PTF Key While fixing issues in the operating system, you might need to install a Problem Temporary Fix (PTF) into a production system. Those packages provided by SUSE are signed with a special PTF key.

In contrast to SUSE Linux Enterprise 11, this key is not imported by default on SLE 12 systems. To manually import the key, use the following command: rpm --import /usr/share/doc/packages/suse-build-key/suse_ptf_key.asc After importing the key, you can install PTF packages on SLE 12. (1/1) zypper-1.12.3-3.2.x86_64(myrepo)...[ ] zypper-1.12.3-3.2.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID f3ef3328: NOKEY V3 DSA/SHA1 Signature, key ID f3ef3328: NOKEY zypper-1.12.3-3.2.x86_64(myrepo): Signature verification failed [4-Signatures public key is not available] Abort, retry, ignore? [a/r/i] (a): Ignoring the error will install the package despite the failed signature verification. It's not recommended to chose this option unless it's known, that the gpgkey (with key ID ) which was used to sign the package is trusted (but it was not imported into the rpm database).

The message can be avoided by manually importing the missing trusted key into the rpm database (using 'rpmkeys --import' PUBKEY ). Other signature verification errors than [4-Signatures public key is not available] should not be ignored. Customers using only signed repositories should experience no difference. The default of checking either the repo metadata signature or the rpm packages signatures can be tuned globally (in /etc/zypp.conf ) or per repo (editing the corresponding.repo file in /etc/zypp/repos.d ).

Explicitly setting repo_gpgcheck or pkg_gpgcheck will overwrite the defaults. [zypp.conf] ## Signature checking (repodata and rpm packages) ## ## boolean gpgcheck (default: on) ## boolean repo_gpgcheck (default: unset ->according to gpgcheck) ## boolean pkg_gpgcheck (default: unset ->according to gpgcheck) ## ## If 'gpgcheck' is 'on' we will either check the signature of repo metadata ## (packages are secured via checksum in the metadata), or the signature of ## a rpm package to install if it's repo metadata are not signed or not ## checked. ## ## The default behavior can be altered by explicitly setting 'repo_gpgcheck' and/or ## 'pkg_gpgcheck' to perform those checks always (if 'on') or never (if 'off').

## ## Explicitly setting 'gpgcheck', 'repo_gpgcheck' 'pkg_gpgcheck' in a ## repositories.repo file will overwrite the defaults here. ## ## DISABLING GPG CHECKS IS NOT RECOMMENDED. ## Signing data enables the recipient to verify that no modifications ## occurred after the data were signed. Accepting data with no, wrong ## or unknown signature can lead to a corrupted system and in extreme ## cases even to a system compromise. ## # repo_gpgcheck = unset ->according to gpgcheck # pkg_gpgcheck = unset ->according to gpgcheck.

3.2.4 New XFS On-disk Format SUSE Linux Enterprise 12 supports the new on-disk format (v5) of the XFS file system. XFS file systems created by YaST will use this new format.

The main advantages of this format are automatic checksumming of all XFS metadata, file type support, and support for a larger number of access control lists for a file. Caveat: Pre SLE 12 kernels, xfsprogs before version 3.2.0, and the grub2 bootloader before the one released in SLE 12 do not understand the new file system format and thus refuse to work with it. This can be problematic if the file system should also be used from older or other distribution. If you require interoperability of the XFS file system with older or other distributions, format the filesystem manually using the mkfs.xfs command. That will create a filesystem in the old format unless you use the '-m crc=1' option. 3.2.6 Read-Only Root File System It is possible to run SUSE Linux Enterprise 12 on a shared read-only root file system.

A read-only root setup consists of the read-only root file system, a scratch and a state file system. The /etc/rwtab file defines, which files and directories on the read-only root file system are replaced with which files on the state and scratch file systems for each system instance. The readonlyroot kernel command line option enables read-only root mode; the state= and scratch= kernel command line options determine the devices, on which the state and scratch file systems are located. In order to set up a system with a read-only root file system, set up a scratch file system, set up a file system to use for storing persistent per-instance state, adjust /etc/rwtab as needed, add the appropriate kernel command line options to your boot loader configuration, replace /etc/mtab with a symlink to /proc/mounts as described below, and (re)boot the system. Replace /etc/mtab with the appropriate symbolic links. 3.2.8 Precision Time Protocol Version 2 Support Time synchronization with microsecond precision across a group of hosts in a data center is challenging to achieve without extra hardware. Support for Precision Time Protocol version 2 leveraging the new time synchronization feature of modern network interface cards has been included in SUSE Linux Enterprise Server 12.

For taking advantage of the precise time synchronization install the new linuxptp package and refer to the documentation in the /usr/share/doc/packages/linuxptp directory.