The first beta versions of SUSE Linux Enterprise Server 16 are almost around the corner and openSUSE Leap 16 is already at alpha phase. So the YaST Team (or should we already say the Agama Team?) has focused during the last couple of weeks on providing a better installation experience for both families of distributions. Agama 11 is the result, so let's see what's new on this release.

Bear in mind that some minor revisions of Agama 11 could be released in the following days to correct issues detected during the testing of SLES 16 Beta and openSUSE Leap 16 Alpha. We will update this blog post if any of those changes affect significantly any of the features listed below.

Agama can install Slowroll now​

Let's start welcoming a new member to the family of operating systems Agama can install. Thanks to WesFun now it is possible to select openSUSE Slowroll when using the Agama testing iso for openSUSE.

Keep the contributions coming!

Changes in the web interface​

Agama 11 also comes with a small reorganization of the workflow of the web interface. In previous versions, it was always necessary to visit the "Users" section to configure the root authentication and then go back to the "Overview" page in order to proceed with the installation. That happened because authentication is the only aspect of the system configuration for which Agama cannot infer any reasonable setup. You surely don't want Agama to choose a root password for you!

Starting with Agama 11, a screen to configure the root authentication is presented to the user right away after selecting the operating system to install.

After configuring the root password the user lands in the main Agama screen, where the general layout has been reorganized to ensure the "install" button is always accessible from all sections of the interface.

Additionally, the new install button can show a exclamation mark if there are issues preventing the installation and provides a summary of those issues pointing to the corresponding section that can be used to solve the situation.

The changes in the web interface go far beyond the new location of the install button. We encourage you to explore yourself to find all the small improvements!

Product registration​

As you all know, one of the main goals of Agama is to become the official installer for SUSE Linux Enterprise Server 16. The development of that operating system, and its sibling product SLES for SAP Application, is progressing nicely with some preliminary versions being already available to SUSE Partners.

Installing those systems requires the user to register in order to gain access to the repositories. Agama can detect whether registration is necessary and then offer a convenient user interface for the process, as seen below.

Of course, this feature is irrelevant for openSUSE users since the openSUSE repositories are fully public and they will always be.

License agreement​

Another difference between openSUSE and a corporate distribution like SLES is that users needs to explicitly accept a license agreement to use the latter. In the case of the Agama web interface, that means presenting the license as soon as possible in the process. Thus, the corresponding EULA must be accepted already when selecting any of the products that require to do so.

Of course, the screenshot above belongs to a SLES installation media and openSUSE users will not notice this new feature.

Allow remote usage of the command-line interface​

As convenient as an interactive installation with the web interface can be, you know that the command-line interface and the unattended installation process are also first-class citizen for Agama. Thus, they also received some love on this release.

Agama's CLI (command-line interface) offers an alternative way to control the installation process useful in various situations like installing in machines that cannot serve the web interface (eg. due to limited resources), using scripts and other automation techniques or simply when the user prefers good old terminal over graphical interfaces. Now Agama's CLI offers a new global parameter --api that allows to run the tool (and any script based on it) on a different machine from that being effectively installed. Bear in mind the new argument is still not honored by all Agama subcommands. Support for it will be extended on subsequent releases.

Scripting support in unattended installation​

Years of AutoYaST experience has taught us that, no matter how flexible an installer is, users of unattended installations always want to go further. And embedding scripting capabilities into the installer configuration has turned to be an awesome tool for that. So, similar to AutoYaST profiles, Agama configuration files now offer a "scripts" section. It makes possible to run scripts both before and after the installation process and also on the first boot of the new system.

Below you can see a Jsonnet configuration file for Agama including scripts. Note it would also work with plain JSON but, since that format does not support multi-line strings, each script would need to be provided as a long string with "\n" marking the end of each line (not so nice for a blog post 😉).

{
  scripts: {
    pre: [
      {
        name: "activate-multipath",
        body: |||
          #!/usr/bin/bash
          systemctl start multipathd.socket multipathd.service
        |||
      }
    ],
    post: [
      {
        name: "enable-sshd",
        chroot: true,
        body: |||
          #!/usr/bin/bash
          systemctl enable sshd.service
        |||
      }
    ],
    init: [
      {
        name: "run-ansible",
        url: "https://192.168.1.1/provisioning.sh"
      }
    ]
  }
}

For more details see the scripts section of the Agama documentation site.

Storage management for unattended installation​

The Agama configuration format offers a very convenient and powerful approach to configure the storage setup of the new system, way more consistent and concise that the corresponding <partitioning> section of the AutoYaST profile (which is still fully supported for migration purposes).

Agama 11 adds the possibility to define the physical volumes of an LVM volume group by simply specifying the disk (or disks) that will be used as a base for the LVM. Agama will take care of creating all the needed partitions, honoring any other aspect of the configuration in the process. Find a more detailed explanation with examples at the corresponding section of the Agama documentation.

On the other hand, now it is possible to specify TPM-based unlocking of the encrypted devices as part of the Agama storage configuration. Thus, users of unattended installation can also deploy fully encrypted systems based on TPMv2.

Automatic generation of documentation and shell completion​

A comprehensive and up-to-date documentation is key for a project like Agama, especially for users of the command-line interface and the HTTP API. And the best way to ensure the documentation is always in sync with the current version of Agama is to generate it automagically from the source code.

In the case of the CLI, the manual pages, its Markdown variant and also the files needed for shell completion are all generated from sources. You can see the always current result of the Markdown version at the corresponding section of the Agama web page.

The HTTP API is also automatically documented via an OpenAPI specification. This will help anyone interested in integrating Agama into any solution or infrastructure or even in creating its own client application for Agama, especially taking into account that the Agama HTTP is still not stable and changes on every release.

More changes under the hood​

As you can imagine, the above list of features is far for representing everything that has changed from Agama 10. As usual, the new version also includes many bug fixes and small improvements. And we took the opportunity to update to the latest version of the three programming languages used in Agama, including all used libraries.

We also gave some love to the Agama Live ISO. On the one hand, we revisited the list of included drivers, resulting in a smaller image that actually supports more hardware setups. On the other hand we tried to switch the graphical stack from X11 to Wayland. Although we didn't succeed due to technical problems related to Firefox's kiosk mode, we will keep trying (of course, any help is welcome).

Other Agama change that may not be obvious to all users is the introduction of some changes to ease the creation of automated integration test. That helps the openSUSE and SUSE QA teams in their invaluable effort to ensure a smoother experience to all users.

Just another step​

We are already working on the next version of Agama and your feedback may be useful to decide in which aspects we should focus. So do not hesitate to give Agama a try using our latest Live ISO images and to report bugs through Bugzilla. You can also contact us at the Agama project at GitHub. Of course, if you prefer to chat, you can find us as always at our #yast channel at Libera.chat.

And don't forget to have a lot of fun!

Dear Tumbleweed users and hackers,

This week was filled with snapshots – in just 7 days, we have published 8 snapshots; ok, there is just the co-incidence that the snapshot that was in QA from Thursday to Friday finished much quicker this week than last week – so we ended up having the latest one already on the mirrors at the time of my writing. We have not (yet) invented the time compression machine to publish more snapshots in a week. But honestly, I also don’t think anybody would care for more snapshots. Let alone: the numbering scheme does not support more than one snapshot ‘built’ per day (in rare cases, QA can be speedy and we had seen 2 snapshots syncing out on the same day).

Now, the curious one doesn’t care about the number of snapshots, but rather what changes those snapshots contained. Here are the changes delivered in the snapshot 0116…0123:

• Gimp 3.0 RC2: we are aware of the rc state, and the fact that some plugins are not ported to gimp 3. But that finally allows us to eliminate Python 2 and allows you to test it to make it as good as possible for future Leap versions.
• gpg 2.5.3
• GNOME 47.3
• Samba 4.21.3
• SQLite 3.48.0
• util-linux 2.40.4
• Mozilla Firefox 134.0.1
• LLVM 19.1.7
• PHP 8.3.16
• RSync 3.4.1
• Coreutils 9.6
• Linux kernel 6.12.10 & 6.13.0
• libxml 2.13.5

That’s quite an impressive list for just one week. Let’s look into the future and see what is planned to come:

• Removal of nscd
• Mesa 24.3.4
• Wine 10.0
• Systemd 257
• Timezone 2025a: breaks test suite of PostgreSQL
• Removal of Python 2 – It was nice as long as it lasted, but now it’s over (and we’re amazed at how many wrong dependencies we detected just the last few days)
• RPM 4.20
• KDE Plasma 6.3: beta 2 is currently staged, but that’s merely to detect errors early and allow shipping swiftly after the release
• Change of default LSM from AppArmor to SELinux is progressing, status is tracked at https://bugzilla.opensuse.org/show_bug.cgi?id=1230118.

Table of Contents

• 1) Introduction
• 2) Authentication Bypass Issue
• 3) Reproducers
  • D-Bus Method without Polkit
  • D-Bus method using Polkit
• 4) Affected D-Bus Interfaces
• 5) Suggested Bugfix
  • a) Dropping Privileges
  • b) Reimplementing Authentication Checks
  • c) Implementing Legacy Interfaces in the Affected Services
• 6) Upstream Bugfix
• 7) Possible Workarounds
• 8) CVE Assignment
• 9) Timeline
• 10) References

1) Introduction

We received a review request for the Deepin api-proxy D-Bus service which is part of the Deepin desktop environment. During the review we discovered a major authentication flaw in the design of this D-Bus service which allows local users to escalate privileges in various ways.

We reported this issue privately to Deepin security in December and did not receive a reply for a month. As we were preparing for publication, upstream became alive and quickly released a bugfix which is, sadly, still incomplete.

This report is based on dde-api-proxy version 1.0.17. The findings still apply to release 1.0.18. Upstream has attempted to fix these findings in release 1.0.19, but the bugfix is insufficient as outlined in section 6).

2) Authentication Bypass Issue

Dde-api-proxy runs as root and provides various D-Bus services on the D-Bus system bus. It sticks out since it ships a lot of D-Bus configuration files but only little code. The reason for this is that the service only forwards D-Bus requests between its clients and the actual Deepin D-Bus services. We believe this is for backward compatibility due to changes in Deepin D-Bus interface names, alas the component’s GitHub repository provides little insight into its purpose.

During startup the proxy service proactively registers the requested legacy D-Bus interface and creates a connection to the actual Deepin D-Bus service, to which messages will be forwarded to. When a client sends a message to one of the legacy service names, the proxy synchronously forwards the message (see handleMessage()) via its existing connection and returns the reply to the client.

This rather straightforward approach of proxying D-Bus messages has a major security flaw, however:

• the proxy runs as root.
• the proxy forwards messages from arbitrary local users to the actual D-Bus services without any authentication requirements.
• the actual D-Bus services don’t know about the proxy situation, they believe that root is asking them to perform operations.

Consequently with the help of dde-api-proxy, legacy D-Bus methods that normally wouldn’t be accessible to non-root users will become accessible without authentication.

3) Reproducers

D-Bus Method without Polkit

Following is a simple demonstration of the issue based on the Deepin Grub2 service. This service simply checks the UID of the D-Bus client for authentication of privileged operations. In the first command shown below the actual D-Bus service name is used, and the service rejects the operation, because the caller is not privileged:

user$ gdbus call -y -d org.deepin.dde.Grub2 \
    -o /org/deepin/dde/Grub2 -m org.deepin.dde.Grub2.SetTimeout 100
Error: GDBus.Error:org.deepin.dde.DBus.Error.Unnamed: not allow :1.167 call this method

In the next command the legacy D-Bus service name is used, and this time the target service performs the operation, because it believes the request originates from a privileged UID 0 client (dde-api-proxy):

user$ gdbus call -y  -d com.deepin.daemon.Grub2 \
    -o /com/deepin/daemon/Grub2 -m com.deepin.daemon.Grub2.SetTimeout 10
()

D-Bus method using Polkit

In the previous example Polkit authentication was not involved. When it is involved then the caller is treated as “admin”, resulting in a similar escalation of privileges. We found a suitable example using Polkit in the Deepin accounts service. This service offers a large range of system operations, among them the possibility to add users to groups. It checks the authorization of the “org.deepin.dde.accounts.user-administration” Polkit action, which is by default only allowed for users in a local session if they provide admin credentials.

The following gdbus call attempts to add the unprivileged user with UID 1000 to the root group. The call only works this way when it runs from within a (Deepin) graphical session. The actual accounts service interface is invoked here, thus the operation fails (it would require entering a root password).

user$ gdbus call -y -d org.deepin.dde.Accounts1 -o /org/deepin/dde/Accounts1/User1000 \
    -m org.deepin.dde.Accounts1.User.AddGroup root
Error: GDBus.Error:org.deepin.dde.DBus.Error.Unnamed: Policykit authentication failed

When switching to the legacy accounts service interface offered by dde-api-proxy, the operation succeeds without any authentication request, because the accounts service again believes root with UID 0 is the client asking for this:

user$ gdbus call -y -d com.deepin.daemon.Accounts -o /com/deepin/daemon/Accounts/User1000 \
    -m com.deepin.daemon.Accounts.User.AddGroup root
()

4) Affected D-Bus Interfaces

We did not look into all the privileged D-Bus methods that become available to unauthenticated local users via dde-api-proxy. On some of the proxied interfaces only a certain set of “filtered methods” is allowed to be invoked. The rest of the interfaces don’t put restrictions on the methods invoked, though. On first look, interesting attack surface seems to be found in the following D-Bus interfaces offered by dde-api-proxy:

• Accounts services (no method filter list)
• network proxy settings (no method filter list)
• PasswdConf1 WriteConfig method
• Lastore service (Apt backend, no method filter list)
• Lastore manager install package method

5) Suggested Bugfix

The authentication bypass is deeply rooted in the design of dde-api-proxy, thus fixing it is difficult. Possible approaches to addressing it are presented in the following sub-sections.

a) Dropping Privileges

The proxy could temporarily drop privileges to the unprivileged caller’s credentials, create a new D-Bus connection and forward the message to the proper service. This still won’t work properly if the D-Bus service in question is using Polkit for authentication, because Polkit differentiates whether the caller is in an active session or not. The D-Bus proxy service will never be in a session, though. This means that authentication requirements could be stronger than necessary. At least this approach would be safer than what currently happens.

b) Reimplementing Authentication Checks

The proxy could implement all necessary authentication checks on its own. This would result in the proper authentication being performed, but would lead to duplication of a lot of code. It would also add the danger that the authentication requirements of the proxy service and the actual service get out of sync.

c) Implementing Legacy Interfaces in the Affected Services

Finally dde-api-proxy could be dropped completely and the backward compatibility could be implemented in every one of the affected services. This is a less generic approach than what dde-api-proxy attempts to achieve, of course.

6) Upstream Bugfix

After a longer period of silence, upstream unexpectedly replied to our report and a short embargo period was established until a bugfix was published on January 17. The bugfix is found in upstream commit 95b50dd which made its way into release 1.0.19.

For the bugfix upstream went in the direction of our suggestion outlined in section 5.b), by implementing redundant Polkit authorization checks in the proxy service. A list of sensitive D-Bus methods offered by the proxy is now maintained in the source code. All of these methods are protected by a single, newly introduced Polkit action “org.deepin.dde.api.proxy” which requires admin authentication.

The bugfix introduces a new problem, though. The Polkit authorization check is implemented as follows:

bool checkAuthorization(const QString &actionId, const QString &service,const QDBusConnection &connection) const
{
    auto pid = connection.interface()->servicePid(service).value();
    auto authority = PolkitQt1::Authority::instance();
    auto result = authority->checkAuthorizationSync(actionId,
                                                    PolkitQt1::UnixProcessSubject(pid),
                                                    PolkitQt1::Authority::AllowUserInteraction);
    /* snip */
}

This code forwards the client’s process ID (PID) to the Polkit service for authentication. This way of using the Polkit UnixProcessSubject has been deprecated for a long time, because it is subject to a race condition that allows to bypass such authorization checks. This issue was discovered in 2013 by former SUSE security engineer Sebastian Krahmer, and was assigned CVE-2013-4288.

Upstream did not share the bugfix with us before publication, thus we were not able to prevent this incomplete bugfix. It should be possible to amend the incomplete bugfix by switching to the SystemBusName subject for authentication.

Even with an improved fix we believe this approach is not ideal, since it requires proper maintenance of all the proxied methods by upstream. If new methods are added at a later time, security issues could sneak in again. Also the newly introduced Polkit action makes the proxy service less transparent and could hamper the user experience. There is no more fine-grained control over the authentication requirements of individual D-Bus methods, and the authentication message for all of these proxied D-Bus methods is generic and unhelpful for end users.

7) Possible Workarounds

We don’t see any viable ways to work around this issue, except for removing dde-api-proxy from the system.

8) CVE Assignment

This finding is a bigger design issue in dde-api-proxy that allows for a local root (group) exploit and likely more similar attack vectors. We decided to request a CVE from Mitre to make the community aware of the issue. Mitre assigned CVE-2025-23222 to track this issue.

Formally another CVE would need to be assigned for the new security issue introduced by the incomplete bugfix described in section 6), but we refrained from doing so at this time.

9) Timeline

10) References

• Deepin Website
• dde-api-proxy GitHub repository
• Incomplete bugfix commit
• Release 1.0.19 containing incomplete bugfix

The call for papers for openSUSE Conference 2025 is open.

The conference is scheduled to take place June 26 to 28 in Nuremberg, Germany.

Until April 30, people can submit proposals for a talk or workshop to share insights and their expertise.

People have 97 days to submit a talk for the conference and are encouraged to submit talks based on the following length and topics:

Presentations can be submitted for the following length of time:

• Lightning Talk (10 mins)
• Short Talk (30 mins)
• Virtual Talk (30 mins)
• Long Talk (45 mins)
• Workshop (1 hour)

The following tracks are listed for the conference:

• Cloud and Containers
• Community
• Embedded Systems and Edge Computing
• New Technologies
• Open Source
• openSUSE
• Open Source for Business: Beyond Code into Sustainability Track

Volunteers who would like to help the with the organization of the conference are encouraged to email ddemaio@opensuse.org or attend a weekly community meetings.

Conferences need sponsors to support community driven events to keep events free and open to new contributing members. Companies can find sponsorship information or donate to the Geeko Foundation to assist with funds that will go toward the conference.

Members of the openSUSE Election Committee have informed the project that Board elections are underway.

Four candidates are running for three open seats.

The final candidate list is:

• Chuck Payne
• Ish Sookun
• Jeff Mahoney
• Rachel Schrader

Key Dates

• Jan. 19, 2025: Voting opens
• Feb. 2, 2025: Voting closes
• Feb. 3, 2025: Results announced

For more information about the candidates and the election, visit the project mailing list where candidates are answering questions and informing members of their platform.

Board members serve as guides for the community, handle key project functions, facilitate initiatives, organize meetings, and manage openSUSE domains and trademarks. They also uphold community standards, including overseeing complaints and ensuring compliance with the openSUSE Code of Conduct.

Per the Election Rules, only current members are eligible to run for board positions. New members joining during the membership drive can participate in voting but cannot stand as candidates.

The election is overseen by committee members Edwin Zakaria, and Ariez Vachha. Their responsibilities include finalizing the candidate list and ensuring a smooth election process.

Dear Tumbleweed users and hackers,

The year is in full swing, people mostly seem back from their deserved holiday break and submissions keep coming. Based on all the submit requests, we picked what we could and published 5 snapshots out of that (20250109, 0112, 0113, 0114, and 0115)

The most relevant changes delivered during the last week were:

• GStreamer 1.24.11
• Dracut 059+suse.672: rework timeout for devices added via –mount and –add-device (bsc#1231792)
• Mozilla Firefox 134.0
• KDE Gear 24.12.1
• KDE Frameworks 6.10.0
• fwupd 1.9.27
• Poppler 25.01.0
• sssd 2.10.1
• Linux kernel 6.12.9
• shadow 4.17.2
• All python 3.10 modules have been removed. The interpreter is (for now) still in the repository, but probably not for long.

The next snapshot is already in QA, and looks good to be released later today (no promise given though – we only know at the end of QA). This snapshot, and the next ones in planning, will likely bring these changes:

• GIMP 3 (RC2)
• GNOME 47.3
• gpg 2.5.3
• util-linux 2.40.4
• SQLite 3.48.0
• Systemd 257
• RPM 4.20
• KDE Plasma 6.3: Beta is currently staged to get preliminary QA results

The December syslog-ng newsletter is now on-line:

• A syslog-ng container image based on Alpine Linux

• Call for testing: syslog-ng in openSUSE Leap 16.0

• Experimental syslog-ng container image based on Alma Linux

It is available at https://www.syslog-ng.com/community/b/blog/posts/the-syslog-ng-insider-2025-01-alpine-linux-leap-16-0-alma-linux

Millions of gamers are facing a critical decision; upgrade their operating system, invest in new hardware or explore alternatives like Linux with the end of Windows 10 support in October next year.

The good news is that gaming on Linux has never been better, and openSUSE is a powerful and versatile platform for gamers to continue enjoying their favorite titles.

Linux gaming has evolved significantly over the past decade. Thanks to tools like Proton, Steam and Lutris, a large number of Windows-exclusive games are now playable on Linux. openSUSE is an excellent choice for gamers making the switch since it’s well known for its stability, flexibility and hardware support.

Why Choose openSUSE for Gaming? openSUSE brings a unique combination of features that make it a desired Linux distribution for gamers:

• Stability and Performance: openSUSE Leap provides a reliable environment for gaming, while Tumbleweed offers the latest software and drivers for cutting-edge performance.
• Wide Hardware Support: Whether you’re using NVIDIA or AMD GPUs, openSUSE has excellent driver support.
• Customizability: openSUSE allows you to easily tailor your system for gaming with access to tools and tweaks.

Distributions of openSUSE will breathe new life into your existing hardware, help you to avoid costly upgrades and keep gaming without interruption.

Setting Up Gaming on openSUSE

Step 1: Install Steam

Steam is the cornerstone of Linux gaming, providing access to thousands of native and Proton-supported games. Open the software center (Discover for KDE Plasma, GNOME Software for GNOME) or use the terminal.

Install Steam: sudo zypper install steam

Launch Steam, log in, and enable Steam Play:

• Go to Settings > Steam Play.
• Enable Steam Play for supported titles and Steam Play for all other titles.
• Select the latest version of Proton.

Steam Play allows you to run many Windows games seamlessly on Linux.

Step 2: Install Lutris

Lutris is a game manager that simplifies the installation and configuration of games from sources like GOG, Epic Games, and even emulators. Install Lutris via the terminal: sudo zypper install lutris

• Open Lutris and log in to your account. Use Lutris’s library to install and manage your games. It provides pre-configured setups for many popular titles, making the process effortless.

Step 3: Configure Your GPU Drivers

Proper GPU drivers are essential for gaming performance.

For NVIDIA GPUs:

Add the NVIDIA repository: sudo zypper addrepo --refresh https://download.nvidia.com/opensuse/tumbleweed NVIDIA

Install the NVIDIA drivers:

sudo zypper search nvidia (package) sudo zypper install (package)

For AMD GPUs:

AMD GPUs work out of the box with open-source Mesa drivers. To ensure optimal performance, update your system: sudo zypper dup

Check out the GPU Switching if you use multiple GPUs.

Step 4: Optimize Your System

Install MangoHud: Monitor FPS and system performance in games. sudo zypper install mangohud

Use GameMode: Optimize system resources for gaming performance. sudo zypper install gamemode

Popular Games on openSUSE

Many games have native Linux versions that run flawlessly on openSUSE:

• Counter-Strike: Global Offensive
• Dota 2
• Sid Meier’s Civilization VI
• Hades
• Valheim

Proton, Steam’s compatibility layer, allows you to play many Windows games on Linux:

• The Witcher 3: Wild Hunt
• Cyberpunk 2077
• Red Dead Redemption 2
• Elden Ring
• No Man’s Sky

Retro Gaming

For retro gaming enthusiasts, tools like RetroArch and Dolphin Emulator enable you to relive classic titles from consoles like the Nintendo 64, GameCube, and PlayStation.

Resources and Support

Need help? The Linux gaming community is active and ready to assist. Check out these resources:

• Proton – Find information about how well your favorite games run on Linux.
• Lutris – Guides and tips for setting up games.
• openSUSE Forums – Connect with the community for support.

Gaming on Linux, particularly with openSUSE, is no longer a compromise. Whether you’re playing AAA titles, indie games or retro classics, openSUSE offers the tools and performance you need to enjoy a seamless gaming experience.

Don’t wait until Windows 10 support ends; make the switch today and keep your gaming journey alive on openSUSE.

Upgrading to Windows 11 may require new hardware, which could add significant costs. Switching to openSUSE not only extends the life of your current hardware but also gives you access to a modern, secure gaming platform. By adopting openSUSE, you avoid contributing to e-waste caused by discarding perfectly functional machines and take advantage of a free, open-source operating system tailored for performance and reliability. This is part of a series on Upgrade to Freedom where we offer reasons to transition from Windows to Linux.

Millions of gamers are facing a critical decision; upgrade their operating system, invest in new hardware or explore alternatives like Linux with the end of Windows 10 support in October next year.

The good news is that gaming on Linux has never been better, and openSUSE is a powerful and versatile platform for gamers to continue enjoying their favorite titles.

Linux gaming has evolved significantly over the past decade. Thanks to tools like Proton, Steam and Lutris, a large number of Windows-exclusive games are now playable on Linux. openSUSE is an excellent choice for gamers making the switch since it’s well known for its stability, flexibility and hardware support.

Why Choose openSUSE for Gaming? openSUSE brings a unique combination of features that make it a desired Linux distribution for gamers:

• Stability and Performance: openSUSE Leap provides a reliable environment for gaming, while Tumbleweed offers the latest software and drivers for cutting-edge performance.
• Wide Hardware Support: Whether you’re using NVIDIA or AMD GPUs, openSUSE has excellent driver support.
• Customizability: openSUSE allows you to easily tailor your system for gaming with access to tools and tweaks.

Distributions of openSUSE will breathe new life into your existing hardware, help you to avoid costly upgrades and keep gaming without interruption.

Setting Up Gaming on openSUSE

Step 1: Install Steam Steam is the cornerstone of Linux gaming, providing access to thousands of native and Proton-supported games. Open the software center (Discover for KDE Plasma, GNOME Software for GNOME) or use the terminal. Install Steam: sudo zypper install steam Launch Steam, log in, and enable Steam Play:

• Go to Settings > Steam Play.
• Enable Steam Play for supported titles and Steam Play for all other titles.
• Select the latest version of Proton. Steam Play allows you to run many Windows games seamlessly on Linux. Step 2: Install Lutris Lutris is a game manager that simplifies the installation and configuration of games from sources like GOG, Epic Games, and even emulators. Install Lutris via the terminal: sudo zypper install lutris
• Open Lutris and log in to your account. Use Lutris’s library to install and manage your games. It provides pre-configured setups for many popular titles, making the process effortless.

Step 3: Configure Your GPU Drivers Proper GPU drivers are essential for gaming performance.

For NVIDIA GPUs: Add the NVIDIA repository: sudo zypper addrepo --refresh https://download.nvidia.com/opensuse/tumbleweed NVIDIA

Install the NVIDIA drivers: sudo zypper search nvidia (package) sudo zypper install (package)

For AMD GPUs: AMD GPUs work out of the box with open-source Mesa drivers. To ensure optimal performance, update your system: sudo zypper dup

Check out the GPU Switching if you use multiple GPUs.

Step 4: Optimize Your System Install MangoHud: Monitor FPS and system performance in games. sudo zypper install mangohud Use GameMode: Optimize system resources for gaming performance. sudo zypper install gamemode

Popular Games on openSUSE Native Linux Games Many games have native Linux versions that run flawlessly on openSUSE:

• Counter-Strike: Global Offensive
• Dota 2
• Sid Meier’s Civilization VI
• Hades
• Valheim

Windows Games with Proton Proton, Steam’s compatibility layer, allows you to play many Windows games on Linux:

• The Witcher 3: Wild Hunt
• Cyberpunk 2077
• Red Dead Redemption 2
• Elden Ring
• No Man’s Sky

Retro Gaming For retro gaming enthusiasts, tools like RetroArch and Dolphin Emulator enable you to relive classic titles from consoles like the Nintendo 64, GameCube, and PlayStation.

Resources and Support Need help? The Linux gaming community is active and ready to assist. Check out these resources: ProtonDB: protondb.com – Find information about how well your favorite games run on Linux. Lutris Wiki: lutris.net – Guides and tips for setting up games. openSUSE Forums: forums.opensuse.org – Connect with the community for support.

Gaming on Linux, particularly with openSUSE, is no longer a compromise. Whether you’re playing AAA titles, indie games or retro classics, openSUSE offers the tools and performance you need to enjoy a seamless gaming experience.

Don’t wait until Windows 10 support ends; make the switch today and keep your gaming journey alive on openSUSE.

Upgrading to Windows 11 may require new hardware, which could add significant costs. Switching to openSUSE not only extends the life of your current hardware but also gives you access to a modern, secure gaming platform. By adopting openSUSE, you avoid contributing to e-waste caused by discarding perfectly functional machines and take advantage of a free, open-source operating system tailored for performance and reliability.

This is part of a series on Upgrade to Freedom where we offer reasons to transition from Windows to Linux.