as current Leap 15.3 repos are now available I tested an online update
of a fully up to date Leap 15.2 to the current Leap 15.3 Alpha.
Basically it worked quite smooth.
Here are my observations, if something of this should become a bugzilla
please let me know.
Basically I just updated the repo urls to point to 15.3 and did
zypper ref; zypper dup
The test system was originally installed as openSUSE 12.2 and updated
to the releases ever since.
1) zypper asks about vendor change for as it seemed each package,
so I created an /etc/zypp/vendors.d/suse.conf
$ cat /etc/zypp/vendors.d/suse.conf
vendors = suse,opensuse,obs://build.suse.de
2) After the update zypper was complaining about a missing file
/etc/products.d/baseproduct which was a link to an non existing
I updated the link to point to /etc/products.d/Leap.prod
After this manual change of the link zypper no longer
complained. Maybe this should happen automatically?
Leap 15.3 after manual change:
$ ll /etc/products.d/
lrwxrwxrwx 1 root root 9 6. Feb 09:53 baseproduct -> Leap.prod
-rw-r--r-- 1 root root 4302 31. Jan 08:55 Leap.prod
$ rpm -qf /etc/products.d/Leap.prod
in 15.2 this was:
$ ll /etc/products.d/
lrwxrwxrwx 1 root root 13 25. Feb 2018 baseproduct -> openSUSE.prod
-rw-r--r-- 1 root root 3491 24. Jun 2020 openSUSE.prod
$ rpm -qf /etc/products.d/openSUSE.prod.
3) for most (3510 out of 3607) packages rpm generates a warning that
the package signature is not checked due to a missing key.
Before and after the update following signature keys are installed:
$ rpm -q --last gpg-pubkey
gpg-pubkey-3dbdc284-53674dd4 Mi 10 Sep 2014 19:36:22 CEST
gpg-pubkey-55d9d78b-4ec28924 Mi 29 Aug 2012 20:32:40 CEST
gpg-pubkey-9c800aca-4be01999 Do 05 Apr 2012 06:17:17 CEST
gpg-pubkey-56b4177a-4be18cab Do 05 Apr 2012 06:17:17 CEST
gpg-pubkey-307e3d54-4be01a65 Do 05 Apr 2012 06:17:16 CEST
The warnings are about the keys with the IDs 65176565 and 39db7c82,
Header V3 RSA/SHA256 Signature, key ID 65176565: NOKEY
Header V3 RSA/SHA256 Signature, key ID 39db7c82: NOKEY
Actually if the signature can not be checked I would expect that a
package is not installed without user confirmation.
I noticed afterwards that gpg-pubkey files with these IDs are actually
available in the repo
Should these not be imported automatically prior to the upgrade?