|
Bugzilla – Full Text Bug Listing |
| Summary: | Leap 15.3 is missing Backports update and SLE Update repo definitions | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE Distribution | Reporter: | Lubos Kocman <lubos.kocman> |
| Component: | Maintenance | Assignee: | Lubos Kocman <lubos.kocman> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Critical | ||
| Priority: | P1 - Urgent | CC: | adrian.schroeter, aloisio, doerges, frerk.meyer, kl, lslezak, martin, matwey.kornilov, meissner, mlin, ngompa13, noga.dany, nwr10cst-oslnx |
| Version: | Leap 15.3 | Flags: | lubos.kocman:
SHIP_STOPPER-
|
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | No | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1186642 | ||
| Attachments: |
The same output of repos, but as a file
Repos are availalbe during install install progress including SLE updates update has older NVR than our openSUSE-release-package Screenlog running "zypper patch" under "screen" First part of split test case output Second part split of testcase output |
||
|
Description
Lubos Kocman
2021-05-28 12:08:38 UTC
http://download.opensuse.org/update/leap/15.3/backports/ and http://download.opensuse.org/update/leap/15.3/sle/ Are missing and they debug-info equivalents Created attachment 849774 [details]
The same output of repos, but as a file
It's easier to read as a file than in Bugzilla as a comment
As agreed on an ad-hoc meeting with Adrian, Max, Marcus (for a limited time) and Yast team we could replace a main oss repo definition with a service that enables all required repositories in https://github.com/openSUSE/download.o.o/tree/master/YaST/Repos It would be an interesting usage of cool technology. Hopefully I got it right. We still need to keep the definitions of repos on the system in mind including the debug ones. This will probably have to be handled with maint-update of release package that contains these files. Unless we could just stick with the service itself. Yes, the idea is to replace one of those defined repositories with a service. YaST checks whether the URL is a service when adding a repository, if it is a service it adds it as a libzypp service. A service is defined by an repo/repoindex.xml file. See https://doc.opensuse.org/projects/libzypp/HEAD/zypp-services.html for more details and examples. There are even an example for openSUSE repositories, see the "Usecase #4" section. Note: This is a completely untested hack, we need to check whether it will actually work.... For testing you can manually tweak the control.xml file: - Boot with "startshell=1" boot option - Run "vim /control.xml", edit the "extra_urls" section - add a new "repository" (a srvice actually) - Run "yast" to start the installation as usually I'll try testing some locally created service.. I get the following when trying to update after adding the service: Refreshing service 'leap-service-update'. Problem retrieving the repository index file for service 'leap-service-update': File './repo/repoindex.xml' not found on medium 'http://download.opensuse.org/update/leap/15.3/oss/?cookies=0' Check if the URI is valid and accessible. I tested also without trailing / and with trailing /repoindex.xml any hint? I added it via # zypper as http://download.opensuse.org/update/leap/15.3/oss leap-service-update on my system. another question, what happens when the directory contains rpm-md metadata and the repoindex.xml? Will it be added as service or repo? the service works now for me. The question is what happens during installation? And if I can keep repo-md data in that directory because existing beta installations still have it registered as rpm-md repo. Bad news, that will NOT work. :-( For adding the "extra_urls" we just call Pkg.RepositoryAdd(), that adds a REPOSITORY (surprisingly): https://github.com/yast/yast-installation/blob/c8e1333eb175a37965b4bcebe83497ddecefa47c/src/lib/installation/clients/inst_extrasources.rb#L330 That service check I mentioned we use at another place: https://github.com/yast/yast-packager/blob/master/src/include/packager/repositories_include.rb#L92 That is called in the YaST repository manager in the installed system, so the service detection works there. So this workaround won't help during installation :-( Update: we found alternative solution: https://github.com/openSUSE/download.o.o/pull/34 will allow us to install updates from SLE and Backports during instalation Max is working on openSUSE-release maint update that will supply these repos to installed system during the update Lubos will write a Release note for anyone who'll do some repository magic, or would decide to disable these repos during install. (Repos will be still added to the system on first update from oss-update, which works) This was agreed to work and will be the solution to avoid respining GM media. Maint update will be flagged as software-management stack update, therefore zypper treats it differently so we avoid double update to get updates in. (In reply to Lubos Kocman from comment #11) > Update: > > we found alternative solution: > > https://github.com/openSUSE/download.o.o/pull/34 will allow us to install > updates from SLE and Backports during instalation > > Max is working on openSUSE-release maint update that will supply these repos > to installed system during the update https://build.opensuse.org/request/show/896008 testupdate is here: http://download.opensuse.org/repositories/openSUSE:/Maintenance:/16391/openSUSE_Leap_15.3_Update/ Created attachment 849790 [details]
Repos are availalbe during install
Installer was able to fetch repodata for all auto-selected repos.
Created attachment 849791 [details]
install progress including SLE updates
Verification that we've got to install phase, SLE updates are scheduled for install
Created attachment 849798 [details]
update has older NVR than our openSUSE-release-package
Marcus seems like the NVR (version) of update is lower than the openSUSE-release from installed system see screenshot:
Even better copy paste from xterm lkocman@localhost:/etc/zypp/repos.d> sudo zypper up --allow-vendor-change openSUSE-release openSUSE-release-ftp Loading repository data... Warning: Repository 'Update Repository (Non-Oss)' appears to be outdated. Consider using a different mirror or server. Reading installed packages... The selected package 'openSUSE-release-15.3-lp153.3.1.x86_64' from repository 'openSUSE:Maintenance:16391 (openSUSE_Leap_15.3_Update)' has lower version than the installed one. Use 'zypper install --oldpackage openSUSE-release-15.3-lp153.3.1.x86_64' to force installation of the package. The selected package 'openSUSE-release-ftp-15.3-lp153.3.1.x86_64' from repository 'openSUSE:Maintenance:16391 (openSUSE_Leap_15.3_Update)' has lower version than the installed one. Use 'zypper install --oldpackage openSUSE-release-ftp-15.3-lp153.3.1.x86_64' to force installation of the package. Do we have the correct dist-tag in release or is the version counter set correctly? Thank you i refreshed it with higher NVR now, please retest. i see in openmqa that the repo selection is not selecting the repos by default though https://openqa.opensuse.org/tests/1759870# currently it seems only the oss-update repo and the main repo get selected by default, even though the d.o.o pull request enabled more. (In reply to Marcus Meissner from comment #20) > i refreshed it with higher NVR now, please retest. > > > i see in openmqa that the repo selection is not selecting the repos by > default though > > https://openqa.opensuse.org/tests/1759870# > > currently it seems only the oss-update repo and the main repo get selected > by default, even though the d.o.o pull request enabled more. Not really, it's a openqa thing, at the first place the needed repos are enabled see https://openqa.opensuse.org/tests/1759870#step/setup_online_repos/1 , in the next steps, openqa unselecting *unneed* repos if it hasn't be defined to be needed in the settings or code line#72 https://openqa.opensuse.org/tests/1759870/modules/setup_online_repos/steps/1/src Confirming that it works as expected https://paste.opensuse.org/98630942 (In reply to Max Lin from comment #21) > (In reply to Marcus Meissner from comment #20) > > i refreshed it with higher NVR now, please retest. > > > > > > i see in openmqa that the repo selection is not selecting the repos by > > default though > > > > https://openqa.opensuse.org/tests/1759870# > > > > currently it seems only the oss-update repo and the main repo get selected > > by default, even though the d.o.o pull request enabled more. > > Not really, it's a openqa thing, at the first place the needed repos are > enabled see > https://openqa.opensuse.org/tests/1759870#step/setup_online_repos/1 , in the > next steps, openqa unselecting *unneed* repos if it hasn't be defined to be > needed in the settings or code line#72 > https://openqa.opensuse.org/tests/1759870/modules/setup_online_repos/steps/1/ > src I've created a PR https://github.com/os-autoinst/os-autoinst-distri-opensuse/pull/12624 to fix that issue, the verification run: https://openqa.opensuse.org/tests/1760586#step/setup_online_repos/14 , the needed repos are enabled before installing packages. *however* the verification run ends at 'zypper patch' with some conflicting problem from sle-update repo. see https://openqa.opensuse.org/tests/1760586#step/zypper_up/8 Thank you Max! We'll have to be okay with manual verification in this case. Interestingly I have google-poppins-fonts installed on my leap 15.3, with all of the update repos enabled and I have no conflict. lubos, are you using zypper patch? please only use zypper patch during maintenance. google-poppins-fonts-4.003-5.3.1 is from SLES 15 SP2 Update google-poppins-fonts-4.003-1.14 is from SLES 15 SP3 GA the 4.003-1.14 version is on 15.3 /oss/repo/ he SP3 GA version should have been dropped, is also lower versioned (perhaps a TODO for me/maintenance to fix) patch SUSE-2021-205 is the google-poppins-update for SLES 15 SP2: https://lists.suse.com/pipermail/sle-updates/2021-January/017769.html I am not sure why zypper patch would have problems with it though, it should just update it. the only reason zypper patch would have issues, if there is a non-approved vendor change... if you can test it manually, can you try: zypper in google-poppins-fonts-4.003-5.3.1 and see if zypper has a problem dialog? libngomesu similar. 15-sp2 update is libgnomesu0-2.0.6-3.3.1 15-sp3 ga is libgnomesu0-2.0.6-1.1 leap 15.3 has libngomesu-2.0.6-1.1 (from sp3 ga) (In reply to Marcus Meissner from comment #26) > the only reason zypper patch would have issues, if there is a non-approved > vendor change... > > if you can test it manually, can you try: > > zypper in google-poppins-fonts-4.003-5.3.1 > > and see if zypper has a problem dialog? that can be a wrong question because google-poppins-fonts-4.003-5.3.1 doesn't appeared on the sle-update repo so zypper in just don't work. neither libgnomesu0-2.0.6-3.3.1. Marcus, I tested kde and gnome also since they're both in the opensuse incident's openqa testgroup, the result shows it has some more similar error with zypper patch. kde: https://openqa.opensuse.org/tests/1760934#step/zypper_up/6 gnome: https://openqa.opensuse.org/tests/1760933#step/zypper_up/6 ok... i opened a seperate bug for tracking already. bug 1186642 Something seems to have gone wrong. I just updated Leap 15.3, which applied the patch to add these repos. So far, so good. But then I ran Yast online update again. And it found many conflicts and want to insist on uninstalling LibreOffice. To me, this looks horribly wrong. It appears to be wanting to install patches intended for SLE but never intended for Leap 15.3. Neil, can you PLS run `zypper patch`? We need to know if this produces the same output. If that is the case, solver testcase could help a lot. See https://en.opensuse.org/openSUSE:Report_a_YaST_bug#I_want_to_report_a_bug_related_to_package_dependencies_and_libzypp_solver_and_now_I_am_asked_to_.22attach_a_solver_testcase.22._Which_logs_to_attach.3F Created attachment 849860 [details]
Screenlog running "zypper patch" under "screen"
Created attachment 849861 [details]
First part of split test case output
Created attachment 849862 [details]
Second part split of testcase output
I have attached the "zypper patch" output and the testcase output as requested.
I did not make any changes with patch (I replied "n" to making the changes).
(In reply to Neil Rickert from comment #33) > Created attachment 849860 [details] > Screenlog running "zypper patch" under "screen" It looks exactly the same issue we found on openqa(see comment#29) , there is a separate bug for tracking https://bugzilla.opensuse.org/show_bug.cgi?id=1186642 Yes, as Max says .. known issue, we need to fix it. I just found out about this bug. I guess I need to adapt rpm-repos-openSUSE as well. :( >It looks exactly the same issue we found on openqa(see comment#29)
Unfortunately, I do not have access to read that bug report.
(In reply to Neil Rickert from comment #31) > Something seems to have gone wrong. > > I just updated Leap 15.3, which applied the patch to add these repos. So > far, so good. > > But then I ran Yast online update again. And it found many conflicts and > want to insist on uninstalling LibreOffice. To me, this looks horribly > wrong. It appears to be wanting to install patches intended for SLE but > never intended for Leap 15.3. Yes. Here too. Updated from 15.2 to 15.3. Now Yast Online Update wants to install 2 patches which conflict with libreoffice, and it is suggesting to deinstall it. I did it 2 times, but afterwards I installed it again because I needed it and the patches popup again: >SUSE-2021-1200 - Recommended update for libreoffice > >This update for libreoffice fixes the following issues: >- Updated libreoffice to version 7.1.2.2 >SUSE-2021-1569 - Recommended update for libreoffice > >This update for libreoffice fixes the following issues: >Update from version 7.1.2.2 to version 7.1.3.2 OH. I disabled 11 | repo-sle-update | Update repository with updates from SUSE Linux Enterprise 15 | No | ---- | ---- and now the patches disappeared. Perhaps the SLE update repo should not be added and activated? >Perhaps the SLE update repo should not be added and activated?
I'm just a user, so that's for somebody else to decide.
It looks to me as if we need the packages in the SLE update repo, but we do not need the SLE patch definition files. For now, I will be deselecting all patches that appear to be for SLE rather than for openSUSE. I'm guessing that implementing such a change at the repo level would probably require adding a separate repo for SLE only, with just the patch definition files.
Not sure this is the right place to mention this. If not, I'd appreciate a hint where to put this. I just set up a 15.3 test machine from scratch. Yesterday installing updates via 'zypper up' gave me a new repo key to accept and new repos: New repository or package signing key received: Repository: Update repository of openSUSE Backports Key Name: openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org> Key Fingerprint: 637B32FF 3D83F07A 7AE1C40A 9C214D40 65176565 Key Created: Wed Oct 2 15:17:53 2019 Key Expires: Fri Dec 10 14:17:53 2021 Rpm Name: gpg-pubkey-65176565-5d94a381 The release notes (https://doc.opensuse.org/release-notes/x86_64/openSUSE/Leap/15.3/) don't say anything about the key gpg-pubkey-65176565-5d94a381. The release notes mention gpg-pubkey-39db7c82-* (SuSE Package Signing Key <build@suse.de>), but *not* gpg-pubkey-65176565-* download.opensuse.org offers gpg-pubkey-65176565-59787af5 (https://download.opensuse.org/distribution/leap/15.3/repo/oss/gpg-pubkey-65176565-59787af5.asc) which seems close but also is not what I'm looking for. Dropping an unknown key/certificate on your users and then expecting them to just trust it is something you can't really do. Ideally you introduce this new trust anchor through an established and already trusted channel. If that (for whatever reason) doesn't work, then your users need at least some independent means to verify the new trust anchor, like a mention in the release notes. And while I'm at it, there seems to be another problem (or inconsistency?). When using 'yast online_update_configuration' to automatically install updates only some of the available updates (shown by zypper lu) get installed. Before the automatic online update: leap153:~ # zypper lu | wc -l 68 After: leap153:~ # zypper lu | wc -l 22 leap153:~ # zypper lu Loading repository data... Reading installed packages... S | Repository | Name | Current Version | Available Version | Arch --+--------------------------------------------------------------+---------------------------+-------------------+-------------------+------- v | Update repository with updates from SUSE Linux Enterprise 15 | bind-utils | 9.16.6-20.39 | 9.16.6-22.7.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | kglobalaccel5 | 5.76.0-bp153.1.15 | 5.76.0-3.3.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | libKF5GlobalAccel5 | 5.76.0-bp153.1.15 | 5.76.0-3.3.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | libKF5GlobalAccel5-lang | 5.76.0-bp153.1.15 | 5.76.0-3.3.1 | noarch v | Update repository with updates from SUSE Linux Enterprise 15 | libKF5GlobalAccelPrivate5 | 5.76.0-bp153.1.15 | 5.76.0-3.3.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | libbind9-1600 | 9.16.6-20.39 | 9.16.6-22.7.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | libdns1605 | 9.16.6-20.39 | 9.16.6-22.7.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | libirs1601 | 9.16.6-20.39 | 9.16.6-22.7.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | libisc1606 | 9.16.6-20.39 | 9.16.6-22.7.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | libisccc1600 | 9.16.6-20.39 | 9.16.6-22.7.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | libisccfg1600 | 9.16.6-20.39 | 9.16.6-22.7.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | liblz4-1 | 1.9.2-1.40 | 1.9.2-3.3.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | liblz4-1-32bit | 1.9.2-1.40 | 1.9.2-3.3.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | libns1604 | 9.16.6-20.39 | 9.16.6-22.7.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | mdadm | 4.1-22.1 | 4.1-24.3.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | nfs-client | 2.1.1-10.12.1 | 2.1.1-10.15.1 | x86_64 v | Update repository with updates from SUSE Linux Enterprise 15 | python3-bind | 9.16.6-20.39 | 9.16.6-22.7.1 | noarch v | Update repository with updates from SUSE Linux Enterprise 15 | shim | 15.4-2.1 | 15.4-3.23.1 | x86_64 As the Automatic Online Update ignores these, can they really be ignored? Fixes for rpm-repos-openSUSE: * SR to Factory: https://build.opensuse.org/request/show/897685 * MR to Leap 15.3: https://build.opensuse.org/request/show/897686 Fixes for openSUSE-build-key: * SR to Base:System: https://build.opensuse.org/request/show/897680 Err, updated SR/MR for rpm-repos-openSUSE: * SR to Factory: https://build.opensuse.org/request/show/897697 * MR to Leap 15.3: https://build.opensuse.org/request/show/897698 Blech, messed up the Leap 15.3 MR, this is the right now: https://build.opensuse.org/request/show/897699 Sigh, this is what happens when I work on things early in the morning... Factory SR: https://build.opensuse.org/request/show/897704 Leap 15.3 MR: https://build.opensuse.org/request/show/897705 This is an autogenerated message for OBS integration: This bug (1186593) was mentioned in https://build.opensuse.org/request/show/897863 Factory / openSUSE-build-key I am not sure, if am I mentioning correct bug, but Libreoffice, bash, webkit patches works now, but patch for "open-vm-tools" is incorrect. open-vm-tools is queued for QA, but covered by the other bug 1186642. openSUSE-RU-2021:1022-1: An update that has one recommended fix can now be installed. Category: recommended (moderate) Bug References: 1186593 CVE References: JIRA References: Sources used: openSUSE Leap 15.3 (src): rpm-repos-openSUSE-0-lp153.2.3.1 This is an autogenerated message for OBS integration: This bug (1186593) was mentioned in https://build.opensuse.org/request/show/923736 15.3 / skelcd-control-openSUSE openSUSE-RU-2021:1340-1: An update that has two recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1186593,1188689 CVE References: JIRA References: Sources used: openSUSE Leap 15.3 (src): skelcd-control-openSUSE-15.3.6-lp153.2.5.1, skelcd-control-openSUSE-promo-15.3.6-lp153.2.5.1 After update to openSUSE-release-15.3-lp1532.19.4.x86_64.rpm from Nov, the 4th the mentioned repositories are missing again. The definitions in /etc/zypp/repos.d are renamed to *.rpmsave. Another zypper dup tries to downgrade a lot of packages. There are no infos regarding this in the relase-notes or the package-description. This is not good. A clear information in the relase notes, which repositories are used and with what priority would be very welcomed. In the meantime I have renamed the rpmsave files back to *.repo. Please tell me, what is the right thing to do? (In reply to Kai Lappalainen from comment #54) > After update to openSUSE-release-15.3-lp1532.19.4.x86_64.rpm from Nov, the > 4th the mentioned repositories are missing again. The definitions in > /etc/zypp/repos.d are renamed to *.rpmsave. We should probably keep this bug closed. Please see bug 1192385. I'd say that bug 1192385 is a regression of bug 1186593. Let's move to https://bugzilla.opensuse.org/show_bug.cgi?id=1192385 please |