Installation and Configuration of OpenSuSE Leap 15.6

OpenSuSE has a well deserved reputation for being “expert friendly” and Leap 15.6 doesn’t do a lot to fix that. Yes, I’ve written about OpenSuSE on this blog many times before. Despite copious quantities of documentation of the “baffle them with bullshit” variety, it is not warm and welcoming for a first time Linux user. If you manage to get it installed and configured properly it is a pretty stable distro. The install and configure is a trail of tears for many.

The Historical Bad Decision Leap 15.6 Still Hasn’t Gotten Rid of

YaST

Back when SuSE came with printed documentation and a box of floppy disks you could defend the decision to create YaST. A graphical desktop was new. Most users didn’t know all of the arcane and cryptic commands one needed to use to add a printer or even print. God forbid they needed to add a user or configure a firewall!

We didn’t have any standards back then. There was no commonality of software distros. That, however, was in the 1980s. YaST is still clinging to modules that should have been purged decades ago; most notably Printers. What really adds insult to injuries here is new users find the printer configuration modules of YaST and they almost never work. In fact, until you tweak the firewall, they never could.

All they have to do to replace Printers is to launch the default Web browser for a url of localhost:631. Do they? Noooo. Instead you have a dog’s breakfast causing new users days of frustration before they install a different distro.

Bad Decision Followed by Piss Poor Implementation

firewalld

This was really bad in Leap 15.5 and it is actually worse in Leap 15.6. At least in 15.5 they showed you all of the network interfaces. The bad decision was, by default, to put everything into the Public zone. This means you can get to the Internet but are mostly screwed when it comes to accessing the local network. Some people say it even manages to block USB printers but don’t quote me on that.

In Leap 15.5 you could see this:

You might not have known which device you were using, but you could at least guess. With Leap 15.6 the only device shown is docker0. Adding insult to injury the “home” zone doesn’t bother to open up these ports:

Is This the Piss Poor Implementation?

Only half of it. The “home zone” should have those ports open by default, but the installation program is where this decision really failed. There is no prompt asking “What kind of network are you on?”

When you choose the home network they assign the default ethernet device to the “home zone” and open the above 3 ports. This still doesn’t actually create print queues like most every other Linux distro, but it gets rid of 90% of the hassle. Everybody can find “localhost:631” as the browser address for the Cups server when they search the Internet. Finding out what you need to do in a human friendly manner is mind boggling when your first foray into the documentation is this baffle them with bullshit page and then you encounter the giant steaming pile.

From the Beginning

Boot your installation media. Navigate through the initial prompts. When you get to choice of desktop choose gnome. We will replace this because Gnome is the most hated desktop this side of Unity. You just don’t want to choose one of the others on this screen because it changes the packages.

When you get to “Settings for the Root Partion” be sure to check the last box, “Enlarge to RAM Size for Suspend.” You may never want to or use Suspend, but a big swap space allows the OS to save itself more when you open too many things.

When choose username and password be certain to check “Use this password for system administrator” and uncheck “Automatic login.”

Unless you live alone in the middle of nowhere and have no visitors, never set your computer to automatic login.

Fixing The Big Mistake

Eventually you will get to the summary screen. When it is shown, click on the green Software link.

Select MATE and Cinnamon then uncheck the three Gnome entries at the top.

Note that Deepin appears to have some issues. I have not yet tried Budgie for this release. MATE and Cinnamon are known working desktops for Leap 15.6.

After that let the installation proceed. Once rebooted, near the lower left corner of the login screen you will find a widget that lets you choose your desktop.

Mate is a solid functional choice.

Your First Login

First, use the menu for the Software application and launch it.

Do not use YaST Software, use Software. Search for Thunderbird, if installed, uninstall it. No need to be incessantly nagged for money. We will install BetterBird in just a bit. It is a fork of Thunderbird with many fixes and a biblical reduction of pleas for money.

Once you login open a terminal. Do not screen scrape this into one big paste or shell script file. zypper is not very friendly. It will choose to exit your script/paste without error or warning. Do these one at a time.

su -

# should be installed by default in 15.6 but doesn't hurt to make sure
# need this to get some good browsers and such
#
zypper install curl
# so we can get some editors later in this process
zypper addrepo https://download.opensuse.org/repositories/editors/15.6/editors.repo

# Most everything will eventually be a flatpak so let's enable it.
# Should already be installed with 15.6 but won't hurt to do this
#
zypper install flatpak
#
# see if any remotes are pre-configured.
#
flatpak remotes
#
#  Make certain we have flathub
#
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo

# Make certain we can get Brave browser from its repo
#
zypper addrepo https://brave-browser-rpm-release.s3.brave.com/brave-browser.repo
rpm --import https://brave-browser-rpm-release.s3.brave.com/brave-core.asc
zypper refresh
zypper install brave-browser

#
# If you are going to do any development you should install all of this as well
# clamtk is antivirus stuff we will configure later
# Why install a Linux distro that brags about being secure and not install antivirus?
#
zypper install emacs clamtk jed

zypper install -t pattern devel_basis

zypper install cpp11 gcc11 gcc11-c++

zypper install freetype-devel fontconfig-devel glib2-devel gstreamer-devel \
gstreamer-plugins-base-devel libICE-devel Mesa-devel Mesa-libGL-devel \
glibc-devel libtirpc-devel libnsl2 libSM-devel libXcursor-devel \
libXext-devel libXfixes-devel libXi-devel libXinerama-devel \
libXrandr-devel libXrender-devel libxkbcommon-devel libxkbcommon-x11-devel \
libX11-devel

zypper install libxcb-devel libX11-xcb1 xcb-util-wm-devel xcb-util-image-devel \
xcb-util-keysyms-devel xcb-util-renderutil-devel alsa-devel cups-devel \
libxkbfile-devel

zypper install fakeroot hashdeep dpkg-dev cmake ninja \
mercurial libcups2 libasound2 libxml++-devel libopenssl-devel libpulse-devel \
git astyle hunspell hunspell-devel libpqxx-devel  unixODBC-devel \
libmysqlcppconn-devel rpmdevtools rpm-build postgresql-devel

# By default OpenSuSE installs version 7 of C/C++ compilers. You need
# at least version 11 to work with newer libraries.
#
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 50
update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-7 20
update-alternatives --install /usr/bin/cpp cpp /usr/bin/cpp-11 50
update-alternatives --install /usr/bin/cpp cpp /usr/bin/cpp-7 20
update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-11 50
update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-7 20
update-alternatives --config g++
update-alternatives --config gcc
update-alternatives --config cpp

# Update your virus definitions
# If you did this all in one go without rebooting the daemon won't be running
# but lets be sure
#
/etc/init.d/clamav-freshclam stop
freshclam
# freshclam will take quite a while dependong on your Internet speed.
systemctl status clamd
systemctl enable clamd

# cups should already be installed by avahi probably isn't
#
zypper install avahi cups

# make sure both can start and will start with reboot
#
sudo systemctl enable avahi-daemon
sudo systemctl start avahi-daemon
sudo systemctl start cups-browsed
sudo systemctl enable cups-browsed

# see if you unfortunately have Intel video using i915
#
/usr/sbin/hwinfo --gfxcard


reboot

If you are unfortunate enough to have Intel graphics using i915 read this post. Been a problem for a long time. Most people just install NVIDIA card and get on with their life.

Second Boot

In a perfect world, OpenSuSE would “just work.” This ain’t that kind of movie. Navigate to the Yast-Firewall via whatever desktop menu system you installed.

Verify the “home” zone has the list of allowed applications on the right. If not change to match. Once it matches, click the Ports tab.

Enter the above ports. We are ASS-U-ME-ing you are on a home network and your router offers some level of protection. Most modern ones do, if by no other means blocking anything from the Internet from obtaining a 192.168.*.* IP address on the internal network.

Open a terminal and type

ip address

Find out what device your computer is using to attache to the network. It will be the one with a 192.168.*.* address if you are on a typical home network. It will not be 127.0.0.1 because that is your localhost loop back address. On most desktops with a wired network connection the device will be eth0. If you are wireless God only knows hence the check. Write down the device name.

Click on Interfaces.

In version 15.5 and prior your device would already be listed but would be in the Public or Default zone. If you see it listed click on the device then select the Change Zone button near the bottom center of this screen.

That will bring up the Change Zone dialog.

Use the combo box to select the home zone then click okay.

If your device is not shown, click the Custom button which will bring up the custom dialog.

Select “home” in the combo box below Zone then type in the device name and click OK. In the lower right corner of the firewall dialog click Accept.

Use the menu of your chosen desktop and launch YaST Printer. Make certain “Print via Network” looks like this, then click the OK button at the bottom of the dialog.

Reboot.

Don’t trust the firewall restarting and telling everything to re-scan the network. Reboot so it has no choice.

Printers

If you did not perform the firewall changes above, you don’t have a prayer of getting printing working.

After you have rebooted open the FireFox Web browser. This will not work with Brave as it is too secure and blocks the login prompt from appearing. In the url bar type: localhost:631

Click on Administration.

Click on “Add Printer”

Note that the username on OpenSuSE will be “root.” If you checked the box like I told you and the administrator password is the same as yours, then enter you password. If you didn’t do that, God help you!

Once logged in, Cups will chew a few moments, then you should see a list of discovered printers.

If this list is empty you either don’t have any network printers or pooched something when moving your device to the “home” zone . . . unless your network went down unexpectedly.

Note: Always choose the “driverless” option when setting up a print queue. If yo don’t have a driverless option for the printer you wish to use, then you will have to find and install a driver for it. Cups will give you some choices.

After choosing a printer and clicking Continue

Unless you have multiple printers of the same brand and model scattered around your place, you will probably leave location blank. In a corporate environment it helps to know where a printer is.

As previously stated Cups will give you some choices . . . if it has them. Otherwise you need to find the PPD file for your printer from someplace (hopefully the manufacturer Web site) on the Internet.

When you are all done you can choose “Manage” from the Administration page and see something like this.

Antivirus

Use the menu search for your installed desktop and search for “ClamTk”. Launch it.

Click the “Scheduler” icon in the Configuration block.

Do not click the big + until you have entered times for both signature updates and to run a scan. Make certain your updates happen at least half an hour before your actual scan. By default it scans your home directory.

Note: If you are mounting a NAS or some other device underneath your $HOME those will be scanned as well. A large NAS could take a while. With one machine probably not so bad. If you have three or four machines doing this, it’s a whole lot of needless scanning and network traffic.

Periodically you should launch ClamTk and check the Quarantine and History.

Summary

Now you should have a usable OpenSuSE Leap 15.6. You can print, have a virus scanner running, and can do C/C++ development. Launching BetterBird and configuring it is pretty straightforward and you can read more here.