https://bugzilla.suse.com/show_bug.cgi?id=1223446 Bug ID: 1223446 Summary: zypper dup uninstalls > 100 base packages (guess: because of unknown repo signing key) Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: libzypp Assignee: zypp-maintainers@suse.de Reporter: suse-beta@cboltz.de QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Created attachment 874527 --> https://bugzilla.suse.com/attachment.cgi?id=874527&action=edit y2logs.tar.xz Environment: a s390x (zSystems) VM on the LinuxOne community cloud (https://linuxone.cloud.marist.edu), originally SLE 15 SP4, upgraded to Tumbleweed. To automate the Tumbleweed updates, I enabled os-update, which basically calls zypper dup -y --auto-agree-with-product-licenses This automated update worked on 2024-04-04. For some (so far unknown) reason, the automated zypper dup on 2024-04-26 uninstalled lots of packages, including quite some base packages (for example sudo, less, vim, file, shadow), and left the system in a half-broken state. At least ssh login and su still worked. After re-creating /etc/resolv.conf and reinstalling the removed packages, I could get some logs and fix the system. (I had a similar breakage on another VM some months ago, but back then, I didn't know the root password and therefore couldn't collect logs.) An interesting detail is that zypper asked me to trust a key today: # zypper ref Repository 'repo-openh264 (%{distver})' is up to date. New repository or package signing key received: Repository: repo-oss (%{distver}) Key Fingerprint: F00C 20EF 1E11 14C9 B5F6 9B22 76CA 4244 F6AB 3975 Key Name: openSUSE:Factory:zSystems OBS Project <openSUSE:Factory:zSystems@build.opensuse.org> Key Algorithm: RSA 2048 Key Created: Tue 02 Aug 2022 11:09:47 PM EDT Key Expires: Thu 10 Oct 2024 11:09:47 PM EDT Rpm Name: gpg-pubkey-f6ab3975-62e9e6fb That might already be a hint what caused the removal of the packages. If I zypper mr -d openSUSE:repo-oss zypper dup it proposes to delete 108 packages - and on a quick look, the list looks similar to what was removed automagically. My _guess_ is that the missing key had a similar result as disabling the repo. Still, even "zypper dup -y" should error out if a repo is signed with an unknown key, instead of silently disabling the repo and removing seemingly "orphaned" packages. I'll attach the y2logs so that you can check if my guess is correct ;-) -- You are receiving this mail because: You are on the CC list for the bug.