Bug 1121611

Summary: Repositories added from .repo file are not set to auto-refresh but `zypper ar --help` and the man page tells otherwise
Product: [openSUSE] openSUSE Tumbleweed Reporter: Oliver Kurz <okurz>
Component: libzyppAssignee: E-mail List <zypp-maintainers>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: bzeller, dheidler
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Oliver Kurz 2019-01-11 13:25:00 UTC 
## Observation

Repositories added from .repo files are not set to auto-refresh but the help and man page tells otherwise.

Simple test to try out yourself:

```
docker run -it --rm opensuse/tumbleweed sh -c 'zypper ar https://download.opensuse.org/repositories/devel:/tools:/scm/openSUSE_Tumbleweed/devel:tools:scm.repo ; zypper lr' | grep -B 2 'devel_tools_scm'
```

showing

```
# | Alias           | Name                                                    | Enabled | GPG Check | Refresh
--+-----------------+---------------------------------------------------------+---------+-----------+--------
1 | devel_tools_scm | Software configuration management (openSUSE_Tumbleweed) | Yes     | ( p) Yes  | No     
```

whereas `zypper ar --help` says "-f, --refresh               Enable auto-refresh of the repository. Default: true" and the man page (on openSUSE Leap 15.0) says:

```
Newly added repositories have auto-refresh disabled by default (except for repositories imported from a .repo, having the auto-refresh enabled)
```

## Problem

Documentation and implementation inconsistency
Comment 1 Michael Andres 2019-01-17 13:42:31 UTC 
Good catch. Looks like `help ar` shows the wrong default (true). 
Same for `keep-packages`. 

Both defaults are `false`, the implementation is right.
Comment 2 Benjamin Zeller 2019-01-17 14:47:06 UTC 
https://github.com/openSUSE/zypper/pull/235
Comment 3 Benjamin Zeller 2019-01-17 15:23:51 UTC 
Will be fixed in zypper >= 1.14.21
Comment 4 Swamp Workflow Management 2019-02-05 11:10:37 UTC 
This is an autogenerated message for OBS integration:
This bug (1121611) was mentioned in
https://build.opensuse.org/request/show/671817 Factory / zypper
Comment 7 Swamp Workflow Management 2019-07-31 22:13:52 UTC 
SUSE-SU-2019:2030-1: An update that solves three vulnerabilities and has 41 fixes is now available.

Category: security (moderate)
Bug References: 1047962,1049826,1053177,1065022,1099019,1102261,1110542,1111319,1112911,1113296,1114908,1115341,1116840,1118758,1119373,1119820,1119873,1120263,1120463,1120629,1120630,1120631,1121611,1122062,1122471,1123137,1123681,1123843,1123865,1123967,1124897,1125415,1127026,1127155,1127220,1130161,1131823,1135749,1137977,663358,764147,965786,978193,993025
CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    PackageKit-1.1.10-4.10.4
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    libsolv-0.7.5-3.12.2, libyui-ncurses-pkg-2.48.5.2-3.5.2, libyui-qt-pkg-2.45.15.2-3.5.3, libzypp-17.12.0-3.23.6, zypper-1.14.28-3.18.6
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    PackageKit-1.1.10-4.10.4, libsolv-0.7.5-3.12.2, libzypp-17.12.0-3.23.6, yast2-pkg-bindings-devel-doc-4.0.13-3.7.2, zypper-1.14.28-3.18.6
SUSE Linux Enterprise Module for Development Tools 15 (src):    libsolv-0.7.5-3.12.2
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    PackageKit-1.1.10-4.10.4, libyui-qt-pkg-2.45.15.2-3.5.3
SUSE Linux Enterprise Module for Basesystem 15 (src):    libsolv-0.7.5-3.12.2, libyui-ncurses-pkg-2.48.5.2-3.5.2, libyui-ncurses-pkg-doc-2.48.5.2-3.5.3, libyui-qt-pkg-2.45.15.2-3.5.3, libyui-qt-pkg-doc-2.45.15.2-3.5.3, libzypp-17.12.0-3.23.6, yast2-pkg-bindings-4.0.13-3.7.2, zypper-1.14.28-3.18.6
SUSE Linux Enterprise Installer 15 (src):    libsolv-0.7.5-3.12.2, libyui-ncurses-pkg-2.48.5.2-3.5.2, libyui-qt-pkg-2.45.15.2-3.5.3, libzypp-17.12.0-3.23.6, yast2-pkg-bindings-4.0.13-3.7.2, zypper-1.14.28-3.18.6

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2019-08-18 13:15:02 UTC 
openSUSE-SU-2019:1927-1: An update that solves three vulnerabilities and has 41 fixes is now available.

Category: security (moderate)
Bug References: 1047962,1049826,1053177,1065022,1099019,1102261,1110542,1111319,1112911,1113296,1114908,1115341,1116840,1118758,1119373,1119820,1119873,1120263,1120463,1120629,1120630,1120631,1121611,1122062,1122471,1123137,1123681,1123843,1123865,1123967,1124897,1125415,1127026,1127155,1127220,1130161,1131823,1135749,1137977,663358,764147,965786,978193,993025
CVE References: CVE-2018-20532,CVE-2018-20533,CVE-2018-20534
Sources used:
openSUSE Leap 15.0 (src):    PackageKit-1.1.10-lp150.11.1, libsolv-0.7.5-lp150.7.1, libyui-ncurses-pkg-2.48.5.2-lp150.7.1, libyui-qt-pkg-2.45.15.2-lp150.7.1, libzypp-17.12.0-lp150.2.13.1, yast2-pkg-bindings-4.0.13-lp150.2.13.1, zypper-1.14.28-lp150.2.13.1