Bug 1145554

Summary: Same license (e.g. NVidia) has to be confirmed multiple times for update
Product: [openSUSE] openSUSE Distribution Reporter: Ulrich Windl <Ulrich.Windl>
Component: libzyppAssignee: E-mail List <zypp-maintainers>
Status: VERIFIED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: sndirsch
Version: Leap 15.1   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: susedata.xml.gz

Description Ulrich Windl 2019-08-14 07:20:41 UTC 
When updating some Nvidia components today, I had to accept the same license five times! I think this case should be optimized. At the very least the default for subsequent questions should be "Yes" instead of "no"

Example:
# zypper update
Loading repository data...
Reading installed packages...

The following 32 package updates will NOT be installed:
  ffmpeg-3 gstreamer-plugins-bad gstreamer-plugins-bad-lang
  gstreamer-plugins-libav gstreamer-plugins-ugly gstreamer-plugins-ugly-lang
  libavcodec57 libavcodec58 libavdevice57 libavfilter6 libavformat57
  libavresample3 libavutil55 libavutil56 libgstadaptivedemux-1_0-0
  libgstbadaudio-1_0-0 libgstbadbase-1_0-0 libgstbadvideo-1_0-0
  libgstbasecamerabinsrc-1_0-0 libgstcodecparsers-1_0-0 libgstgl-1_0-0
  libgstmpegts-1_0-0 libgstphotography-1_0-0 libgsturidownloader-1_0-0
  libgstwayland-1_0-0 libpostproc54 libquicktime0 libsox3 libswresample2
  libswresample3 libswscale4 sox

The following 6 packages are going to be upgraded:
  libx265-176 nvidia-computeG03 nvidia-gfxG03-kmp-default nvidia-glG03
  nvidia-uvm-gfxG03-kmp-default x11-video-nvidiaG03

6 packages to upgrade.
Overall download size: 71.4 MiB. Already cached: 0 B. No additional space will
be used or freed after the operation.
Continue? [y/n/v/...? shows all options] (y): 
Do you agree with the terms of the license? [yes/no] (no): yes
Do you agree with the terms of the license? [yes/no] (no): yes
Do you agree with the terms of the license? [yes/no] (no): yes
Do you agree with the terms of the license? [yes/no] (no): yes
Do you agree with the terms of the license? [yes/no] (no): yes
Retrieving package
nvidia-gfxG03-kmp-default-340.107_k4.12.14_lp151.27-lp151.16.1.x86_64
                                           (1/6),   3.5 MiB ( 28.1 MiB unpacked)
Retrieving: nvidia-gfxG03-kmp-default-340.107_k4.12.14_lp151.2[done (3.0 MiB/s)]
Retrieving package
nvidia-uvm-gfxG03-kmp-default-340.107_k4.12.14_lp151.27-lp151.16.1.x86_64
                                           (2/6),   3.6 MiB ( 14.7 MiB unpacked)
Retrieving: nvidia-uvm-gfxG03-kmp-default-340.107_k4.12.14_lp151.27-lp151.[done]
Retrieving package nvidia-glG03-340.107-lp151.16.1.x86_64
                                           (3/6),  27.6 MiB (173.4 MiB unpacked)
Retrieving: nvidia-glG03-340.107-lp151.16.1.x86_64.rpm .......[done (8.3 MiB/s)]
Retrieving package nvidia-computeG03-340.107-lp151.16.1.x86_64
                                           (4/6),  17.4 MiB ( 55.7 MiB unpacked)
Retrieving: nvidia-computeG03-340.107-lp151.16.1.x86_64.rpm ..[done (9.2 MiB/s)]
Retrieving package x11-video-nvidiaG03-340.107-lp151.16.1.x86_64
                                           (5/6),  18.3 MiB ( 72.0 MiB unpacked)
Retrieving: x11-video-nvidiaG03-340.107-lp151.16.1.x86_64.rpm [done (6.3 MiB/s)]
Retrieving package libx265-176-3.1.2-lp151.1.1.x86_64
                                           (6/6),   1.0 MiB ( 15.4 MiB unpacked)
Retrieving: libx265-176-3.1.2-lp151.1.1.x86_64.rpm .......................[done]
Checking for file conflicts: .............................................[done]
(1/6) Installing: nvidia-gfxG03-kmp-default-340.107_k4.12.14_lp151.27-lp151.1[/]
Comment 1 Michael Andres 2019-08-14 07:48:52 UTC 
We could make zypp unify identical license texts.

@Stefan: Do the nvidia packages usually use a common license text, or are there slight differences?
Comment 2 Stefan Dirsch 2019-08-19 15:01:10 UTC 
They all share the same license. But I'm not sure if this of any help here, since the license(s) are generated into the repository meta files via createrepo/instsource-susedata/perl-XML-Structured by NVIDIA when they create the repo on their server.
Comment 3 Stefan Dirsch 2019-09-24 12:49:45 UTC 
(In reply to Stefan Dirsch from comment #2)
> They all share the same license. But I'm not sure if this of any help here,
> since the license(s) are generated into the repository meta files via
> createrepo/instsource-susedata/perl-XML-Structured by NVIDIA when they
> create the repo on their server.

It's generated into susedata.xml.gz. I'm attaching an example. It's generated by

# create license files needed by instsource-susedata
rm -rf eula
mkdir eula
for i in */*.rpm; do 
  name=$(rpm -qp --queryformat %{NAME} $i)
  ln -snf ../NVIDIA-LICENSE eula/$name
done

# create repodata/susedata.xml with EULAs
# needs instsource-susedata package
add_product_susedata -d . -e eula/

Hope this helps.
Comment 4 Stefan Dirsch 2019-09-24 12:50:36 UTC 
Created attachment 819325 [details]
susedata.xml.gz
Comment 5 Michael Andres 2019-09-24 14:53:38 UTC 
All zypp can do is to ask once for all packages that share the same license string. So if they are all generated out of the same file, we should be able to ask just once...
Comment 6 Stefan Dirsch 2019-09-24 16:25:23 UTC 
(In reply to Michael Andres from comment #5)
> All zypp can do is to ask once for all packages that share the same license
> string. So if they are all generated out of the same file, we should be able
> to ask just once...

They are all generated from the same license file, yes! What do I need to change during generation of the repo here? Can we talk
face-to-face about this tomorrow? I'm sitting 2 rooms further. I believe it will make things easier. ;-)
Comment 7 Michael Andres 2019-09-25 10:37:25 UTC 
There's nothing more you can do. The rest needs to be fixed in zypper.
Comment 8 Stefan Dirsch 2019-09-25 14:51:33 UTC 
I see. Thanks for taking care! :-)
Comment 9 Michael Andres 2019-10-04 10:39:54 UTC 
Fixed in zypper-1.14.31 (TW, code15*)
Comment 10 Ulrich Windl 2019-10-07 12:22:21 UTC 
(In reply to Michael Andres from comment #9)
> Fixed in zypper-1.14.31 (TW, code15*)

Out of curiosity: Do "identical" licenses have to originate from the _same_ file, or are _equal_ file contents enough?
Comment 11 Michael Andres 2019-10-07 12:35:38 UTC 
Same "string" i.e. same file content.
Comment 13 Stefan Dirsch 2019-11-08 15:08:04 UTC 
Thanks. Indeed this works. Just tested with nvidia repo.
Comment 14 Swamp Workflow Management 2019-11-13 00:39:13 UTC 
SUSE-RU-2019:2945-1: An update that has 6 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1145554,1146415,1146947,1149511,1153351,1153557
CVE References: 
Sources used:
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    libsolv-0.7.7-3.19.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    libsolv-0.7.7-3.19.1, libzypp-17.15.0-3.31.2, zypper-1.14.32-3.26.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    libsolv-0.7.7-3.19.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    libsolv-0.7.7-3.19.1, libzypp-17.15.0-3.31.2, zypper-1.14.32-3.26.1
SUSE Linux Enterprise Installer 15 (src):    libsolv-0.7.7-3.19.1, libzypp-17.15.0-3.31.2, zypper-1.14.32-3.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2019-11-14 11:13:32 UTC 
openSUSE-RU-2019:2511-1: An update that has 6 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1145554,1146415,1146947,1149511,1153351,1153557
CVE References: 
Sources used:
openSUSE Leap 15.0 (src):    libsolv-0.7.7-lp150.13.1, libzypp-17.15.0-lp150.2.19.1, zypper-1.14.32-lp150.2.19.1
Comment 16 Swamp Workflow Management 2019-11-19 20:13:44 UTC 
SUSE-RU-2019:3010-1: An update that has four recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1145554,1146415,1149511,1153351
CVE References: 
Sources used:
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src):    libsolv-0.7.7-3.10.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    libsolv-0.7.7-3.10.1, libzypp-17.15.0-3.11.1, zypper-1.14.32-3.10.2
SUSE Linux Enterprise Module for Development Tools 15-SP1 (src):    libsolv-0.7.7-3.10.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    libsolv-0.7.7-3.10.1, libzypp-17.15.0-3.11.1, zypper-1.14.32-3.10.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 17 Swamp Workflow Management 2019-11-25 17:14:10 UTC 
openSUSE-RU-2019:2566-1: An update that has four recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1145554,1146415,1149511,1153351
CVE References: 
Sources used:
openSUSE Leap 15.1 (src):    libsolv-0.7.7-lp151.2.7.1, libzypp-17.15.0-lp151.2.7.1, zypper-1.14.32-lp151.2.7.1