Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Errors when refreshing repositories can lead to unintended vendor changes #446

Open
Martchus opened this issue Jun 24, 2022 · 4 comments
Open

Errors when refreshing repositories can lead to unintended vendor changes #446

Martchus opened this issue Jun 24, 2022 · 4 comments
Labels
bug feature

Comments

@Martchus
Copy link

When calling zypper dup repositories are refreshed before the actual update (depending on the configuration of course). If repositories can not be refreshed they are ignored and the update is continued anyways. That behavior is rather dangerous as it can lead to unintended vendor changes.

This ticket gives and example: https://progress.opensuse.org/issues/112595#Observation
Here we generally want vendor changes to happen (in case we add/remove packages in our custom repo) so we generally allow vendor changes and run and everything happens unattended for the sake of automation. That we might end up with a completely unintended vendor changes because one configured repository is not considered at all is quite dangerous. It woulds be much safer if zypper would abort when refreshing doesn't work.

One can easily reproduce this by e.g. breaking one repository URL (of a repository where auto-update is enabled) and calling zypper dup. E.g. here zypper just skipped the repo and continued instead of aborting due to the error leading zypper to propose an unwanted vendor change:

sudo -E LANG=en_US.utf8 zypper dup
Retrieving repository 'mkittler' metadata ...........................................................................................................................................................................................................................................................................[error]
Repository 'mkittler' is invalid.
[mkittler|http://download.opensuse.org/repositories/home:/mkittler/openSUSE_Tumbleweed2] Valid metadata not found at specified URL
History:
 - [mkittler|http://download.opensuse.org/repositories/home:/mkittler/openSUSE_Tumbleweed2] Repository type can't be determined.

Please check if the URIs defined for this repository are pointing to a valid repository.
Warning: Skipping repository 'mkittler' because of the above error.
Some of the repositories have not been refreshed because of an error.
Loading repository data...
Reading installed packages...
Warning: You are about to do a distribution upgrade with all enabled repositories. Make sure these repositories are compatible before you continue. See 'man zypper' for more information about this command.
Computing distribution upgrade...

Problem: problem with the installed rapidjson-devel-1.1.0-9.1.noarch
 Solution 1: install rapidjson-devel-1.1.0+git20211015.4d6cb081-1.3.x86_64 from vendor openSUSE
  replacing rapidjson-devel-1.1.0-9.1.noarch from vendor obs://build.opensuse.org/home:mkittler
 Solution 2: keep obsolete rapidjson-devel-1.1.0-9.1.noarch

Choose from above solutions by number or cancel [1/2/c/d/?] (c):
@Martchus
Copy link
Author

This limitation impacted us again: https://progress.opensuse.org/issues/150845

Here many important packages have been uninstalled completely and if would have helped if zypper had aborted after refreshing didn't work.

Martchus added a commit to Martchus/openQA that referenced this issue Nov 14, 2023
@Martchus
Avoid unintended vendor changes in openqa-auto-update
0b4094e 
* Same as eef44e1 but for
  openqa-auto-update
* Workaround openSUSE/zypper#446
* See https://progress.opensuse.org/issues/150845
@Martchus Martchus mentioned this issue Nov 14, 2023
Merged
Martchus added a commit to Martchus/openQA that referenced this issue Nov 14, 2023
@Martchus
Avoid unintended mass-removals in openqa-auto-update
f70d5f5 
* Same as eef44e1 but for
  openqa-auto-update
* Workaround openSUSE/zypper#446
* See https://progress.opensuse.org/issues/150845
@mlandres
Copy link
Member

Maybe we can change this legacy behavior for 15.6/TW.

@Martchus
Copy link
Author

So there's already a switch to change this behavior?

@mlandres
Copy link
Member

No, we need to create one to be strict/relaxed.

openqa-git-sync pushed a commit to os-autoinst/salt-states-openqa that referenced this issue Mar 26, 2024
@asdil12
Don't install all packages if ref fails in auto-upgrade.service
fc1b2e8 
Workaround for openSUSE/zypper#446
Ticket: https://progress.opensuse.org/issues/157861
openqa-git-sync pushed a commit to os-autoinst/salt-states-openqa that referenced this issue Mar 26, 2024
@asdil12
Don't install all packages if ref fails in auto-upgrade.service
9352ff5 
Workaround for openSUSE/zypper#446
Ticket: https://progress.opensuse.org/issues/157861
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mlandres @Martchus