for dup from 15.2, adding even those special 15.3 repos before? backports and SLE15updates repo?
Hello list, for a dup from 15.2 to 15.3, would it make sense or is it possible to even add those special 15.3 repos before? backports and SLE15updates repo? wondered when I dup an online connected 15.2 to 15.3, it misses all those many update/packages coming from those two special repos. when I look into what comes from via those repos, I notice such stuff as openssh, openssl and many more. meaning: an updated 15.2 to 15.3, initial reboot, such a system is highly attackable and insecure as it initially is missing all those many updates from those two very important repos. only from the then online 15.3 system can one use those two additional repos (which have then been added by the dup process) and show up in the rebooted online 15.3 system. then another round of zypper up is needed to make the system safe. am I missing something important here or is this an accepted situation and by design? ty.
On Wed, Sep 8, 2021 at 3:25 PM cagsm <cumandgets0mem00f@gmail.com> wrote:
Hello list,
for a dup from 15.2 to 15.3, would it make sense or is it possible to even add those special 15.3 repos before? backports and SLE15updates repo?
Yes, it is of course possible.
wondered when I dup an online connected 15.2 to 15.3, it misses all those many update/packages coming from those two special repos.
Yes, that is an unfortunate consequence of missing them on GA. Those repositories are added by the openSUSE-release updated package. Better would be zypper service URL that automatically provides repositories. But that is something openSUSE release managers need to decide and push.
when I look into what comes from via those repos, I notice such stuff as openssh, openssl and many more.
meaning: an updated 15.2 to 15.3, initial reboot, such a system is highly attackable and insecure
Basically you claim that openSUSE Leap 15.3 GA is highly attackable and insecure. Do you have any proof for such a claim? If this is true it should have never been released in the first place.
as it initially is missing all those many updates from those two very important repos.
It will be missing updates since GA. Just as you will be missing updates for the time you are on vacations. Does your system suddenly become highly attackable and insecure when you come back?
only from the then online 15.3 system can one use those two additional repos (which have then been added by the dup process) and show up in the rebooted online 15.3 system.
then another round of zypper up is needed to make the system safe.
am I missing something important here or is this an accepted situation and by design?
It is by mistake. It is just another small detail of the openSUSE release process that was overlooked.
On Wed, Sep 8, 2021 at 2:40 PM Andrei Borzenkov <arvidjaar@gmail.com> wrote:
Yes, it is of course possible.
I just tested. normal 15.2 zypper dup via releasever variable --download-in-advance ina screen terminal application. it only uses the 4 default repos from 15.2 bumped up to 15.3 string / url. when i try to add repo those backport and sle15updates with their full 15.3 path names from a yast (specify url) there are conflicts being shown by zypper dup, then i canceled because I couldnt decide what to answer.
Yes, that is an unfortunate consequence of missing them on GA. Those repositories are added by the openSUSE-release updated package. Better would be zypper service URL that automatically provides repositories. But that is something openSUSE release managers need to decide and push.
when I look into what comes from via those repos, I notice such stuff as openssh, openssl and many more. meaning: an updated 15.2 to 15.3, initial reboot, such a system is highly attackable and insecure
seriously am I the one getting the concept of a zypper dup wrong here? when I only use the default 15.2 repos and zypper dup with the releasever variable it upgrades like 3000+ packages here. and downgrades many packages. read: 15.3 release timestamp some months ago, but the 15.2 being current from today. giving me a lot of downgrades of packages which only come from 15.3 backports and 15.3/sle15updates area with todays current level of security fixes. so I am downgrading and jeopardizing the perfectly fine 15.2 to a security desaster 15.3 intermediate, am I not?
Basically you claim that openSUSE Leap 15.3 GA is highly attackable and insecure. Do you have any proof for such a claim? If this is true it should have never been released in the first place.
what I figured here, the zypper dup finished, and still inside the screen terminal muxing window, i can then zypper lr at the very end, showing me then the already added and usable backports and sle15updates repo. I can still before rebooting, zypper dup once more, giving me another round of 912packages/updates right as I am writing these lines with a helluva lot of updates. I guess this is the actual way every user should upgrade/dup their system if possible. zypper dup just once leaves the machine with possibly 912 (here) unpatched unhandled missing packages and security fixes. wrong? ty.
On 08/09/2021 15.08, cagsm wrote:
On Wed, Sep 8, 2021 at 2:40 PM Andrei Borzenkov <arvidjaar@gmail.com> wrote:
Yes, it is of course possible.
I just tested. normal 15.2 zypper dup via releasever variable --download-in-advance ina screen terminal application.
it only uses the 4 default repos from 15.2 bumped up to 15.3 string / url.
This has to be wrong, the URLs specific to 15.3 should be added manually before starting. But I have no idea which they are. The upgrade wiki page should tell - does it?
when i try to add repo those backport and sle15updates with their full 15.3 path names from a yast (specify url) there are conflicts being shown by zypper dup, then i canceled because I couldnt decide what to answer.
Yes, that is an unfortunate consequence of missing them on GA. Those repositories are added by the openSUSE-release updated package. Better would be zypper service URL that automatically provides repositories. But that is something openSUSE release managers need to decide and push.
when I look into what comes from via those repos, I notice such stuff as openssh, openssl and many more. meaning: an updated 15.2 to 15.3, initial reboot, such a system is highly attackable and insecure
seriously am I the one getting the concept of a zypper dup wrong here? when I only use the default 15.2 repos and zypper dup with the releasever variable it upgrades like 3000+ packages here. and downgrades many packages.
read: 15.3 release timestamp some months ago, but the 15.2 being current from today. giving me a lot of downgrades of packages which only come from 15.3 backports and 15.3/sle15updates area with todays current level of security fixes.
so I am downgrading and jeopardizing the perfectly fine 15.2 to a security desaster 15.3 intermediate, am I not?
I don't know about security, but functionality for sure.
Basically you claim that openSUSE Leap 15.3 GA is highly attackable and insecure. Do you have any proof for such a claim? If this is true it should have never been released in the first place.
what I figured here, the zypper dup finished, and still inside the screen terminal muxing window, i can then zypper lr at the very end, showing me then the already added and usable backports and sle15updates repo.
I can still before rebooting, zypper dup once more, giving me another round of 912packages/updates right as I am writing these lines with a helluva lot of updates.
Could you please paste here the output of zypper lr --details so that we can know which repos should be finally active?
I guess this is the actual way every user should upgrade/dup their system if possible.
zypper dup just once leaves the machine with possibly 912 (here) unpatched unhandled missing packages and security fixes.
wrong? ty.
Yep. -- Cheers / Saludos, Carlos E. R. (from oS Leap 15.2 x86_64 (Minas Tirith))
On 08.09.2021 16:08, cagsm wrote:
On Wed, Sep 8, 2021 at 2:40 PM Andrei Borzenkov <arvidjaar@gmail.com> wrote:
Yes, it is of course possible.
I just tested. normal 15.2 zypper dup via releasever variable --download-in-advance ina screen terminal application.
it only uses the 4 default repos from 15.2 bumped up to 15.3 string / url. when i try to add repo those backport and sle15updates with their full 15.3 path names from a yast (specify url) there are conflicts being shown by zypper dup, then i canceled because I couldnt decide what to answer.
As you do not provide any details it is impossible to comment. I do not see any difference whether I use default repositories or add two additional update repositories nor do I see any conflicts. On up-to-date 15.2 using 6 repositories (OSS, OSS Update, Non-OSS, Non-OSS Update, Backports update, SLE updates): 10:/etc/zypp/repos.d # zypper --releasever 15.3 dup --download-only Warning: Enforced setting: $releasever=15.3 Retrieving repository 'Update repository of openSUSE Backports' metadata .[done] Building repository 'Update repository of openSUSE Backports' cache ......[done] Retrieving repository 'Update repository with updates from SUSE Linux Ente[done] Building repository 'Update repository with updates from SUSE Linux Enterp[done] Loading repository data... Reading installed packages... Warning: You are about to do a distribution upgrade with all enabled repositories. Make sure these repositories are compatible before you continue. See 'man zypper' for more information about this command. Computing distribution upgrade... ... zypper-log openSUSE -> SUSE LLC <https://www.suse.com/> zypper-needs-restarting openSUSE -> SUSE LLC <https://www.suse.com/> The following 2 patterns are going to change vendor: imaging_opt openSUSE -> SUSE LLC <https://www.suse.com/> multimedia_opt openSUSE -> SUSE LLC <https://www.suse.com/> The following package requires a system reboot: kernel-default-5.3.18-59.19.1 1865 packages to upgrade, 136 to downgrade, 124 new, 27 to remove, 1712 to change vendor. Overall download size: 1.46 GiB. Already cached: 0 B. Download only. Note: System reboot required.
On 2021-09-08 6:25 a.m., cagsm wrote:
Hello list,
for a dup from 15.2 to 15.3, would it make sense or is it possible to even add those special 15.3 repos before? backports and SLE15updates repo?
wondered when I dup an online connected 15.2 to 15.3, it misses all those many update/packages coming from those two special repos.
Boot from the 15.3 USB installation, and choose Update from the menu. That will install the necessary repos automatically, and you will also be given a chance to keep additional repos like Packman (of course you will have to change the release number in the URL to do this).
On 08/09/2021 15.11, Darryl Gregorash wrote:
On 2021-09-08 6:25 a.m., cagsm wrote:
Hello list,
for a dup from 15.2 to 15.3, would it make sense or is it possible to even add those special 15.3 repos before? backports and SLE15updates repo?
wondered when I dup an online connected 15.2 to 15.3, it misses all those many update/packages coming from those two special repos.
Boot from the 15.3 USB installation, and choose Update from the menu. That will install the necessary repos automatically, and you will also be given a chance to keep additional repos like Packman (of course you will have to change the release number in the URL to do this).
Sometimes this procedure is not usable. For example, some versions back it refused to run if there was a reiserfs partition listed in fstab, and I was thus forced to use zypper dup instead. Dunno if it still insists on no reiserfs. -- Cheers / Saludos, Carlos E. R. (from oS Leap 15.2 x86_64 (Minas Tirith))
On 2021-09-08 7:22 a.m., Carlos E. R. wrote:
On 08/09/2021 15.11, Darryl Gregorash wrote:
Boot from the 15.3 USB installation, and choose Update from the menu. That will install the necessary repos automatically...<snip>
Sometimes this procedure is not usable.
For example, some versions back it refused to run if there was a reiserfs partition listed in fstab, and I was thus forced to use zypper dup instead. Dunno if it still insists on no reiserfs.
Not ever having used Reiserfs, I have no idea. But for the 99% of us who do not, it works.
On 08/09/2021 15.56, Darryl Gregorash wrote:
On 2021-09-08 7:22 a.m., Carlos E. R. wrote:
On 08/09/2021 15.11, Darryl Gregorash wrote:
Boot from the 15.3 USB installation, and choose Update from the menu. That will install the necessary repos automatically...<snip>
Sometimes this procedure is not usable.
For example, some versions back it refused to run if there was a reiserfs partition listed in fstab, and I was thus forced to use zypper dup instead. Dunno if it still insists on no reiserfs.
Not ever having used Reiserfs, I have no idea. But for the 99% of us who do not, it works.
I have used it a lot. Remember, I wrote the wiki page on this procedure ;-) -- Cheers / Saludos, Carlos E. R. (from oS Leap 15.2 x86_64 (Minas Tirith))
On 2021-09-08 7:59 a.m., Carlos E. R. wrote:
On 08/09/2021 15.56, Darryl Gregorash wrote:
On 2021-09-08 7:22 a.m., Carlos E. R. wrote:
On 08/09/2021 15.11, Darryl Gregorash wrote:
Boot from the 15.3 USB installation, and choose Update from the menu. That will install the necessary repos automatically...<snip>
Sometimes this procedure is not usable.
For example, some versions back it refused to run if there was a reiserfs partition listed in fstab, and I was thus forced to use zypper dup instead. Dunno if it still insists on no reiserfs.
Not ever having used Reiserfs, I have no idea. But for the 99% of us who do not, it works.
I have used it a lot. Remember, I wrote the wiki page on this procedure ;-)
Great. If OP suggests he is using Reiser, he can use your procedure. If he is not, he is best off using the one I just posted.
On 08/09/2021 16.49, Darryl Gregorash wrote:
On 2021-09-08 7:59 a.m., Carlos E. R. wrote:
On 08/09/2021 15.56, Darryl Gregorash wrote:
On 2021-09-08 7:22 a.m., Carlos E. R. wrote:
On 08/09/2021 15.11, Darryl Gregorash wrote:
Boot from the 15.3 USB installation, and choose Update from the menu. That will install the necessary repos automatically...<snip>
Sometimes this procedure is not usable.
For example, some versions back it refused to run if there was a reiserfs partition listed in fstab, and I was thus forced to use zypper dup instead. Dunno if it still insists on no reiserfs.
Not ever having used Reiserfs, I have no idea. But for the 99% of us who do not, it works.
I have used it a lot. Remember, I wrote the wiki page on this procedure ;-)
Great. If OP suggests he is using Reiser, he can use your procedure. If he is not, he is best off using the one I just posted.
I was thinking of myself, I have two machines with at least one reiserfs partition. I want to use the USB, but I fear it may not want to work. -- Cheers / Saludos, Carlos E. R. (from oS Leap 15.2 x86_64 (Minas Tirith))
On Wed, 8 Sep 2021 07:56:33 -0600 Darryl Gregorash <raven@accesscomm.ca> wrote:
On 2021-09-08 7:22 a.m., Carlos E. R. wrote:
On 08/09/2021 15.11, Darryl Gregorash wrote:
Boot from the 15.3 USB installation, and choose Update from the menu. That will install the necessary repos automatically...<snip>
Sometimes this procedure is not usable.
For example, some versions back it refused to run if there was a reiserfs partition listed in fstab, and I was thus forced to use zypper dup instead. Dunno if it still insists on no reiserfs.
Not ever having used Reiserfs, I have no idea. But for the 99% of us who do not, it works.
I think 99% is probably overoptimistic. I use reiserfs and I know several other people on here who do.
cagsm composed on 2021-09-08 14:25 (UTC+0200):
for a dup from 15.2 to 15.3, would it make sense or is it possible to even add those special 15.3 repos before? backports and SLE15updates repo?
I've been doing it, so yes, of course. -- Evolution as taught in public schools is, like religion, based on faith, not based on science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata
On 08/09/2021 17.46, Felix Miata wrote:
cagsm composed on 2021-09-08 14:25 (UTC+0200):
for a dup from 15.2 to 15.3, would it make sense or is it possible to even add those special 15.3 repos before? backports and SLE15updates repo?
I've been doing it, so yes, of course.
Can then someone please specify the full URL of those extra repositories? (apparently 3). This information is not given in <https://en.opensuse.org/SDB:System_upgrade>. Rather it seems to recommend adding them later in an automatic update. A "zypper lr --details" would do. -- Cheers / Saludos, Carlos E. R. (from oS Leap 15.2 x86_64 (Minas Tirith))
Carlos E. R. composed on 2021-09-08 19:14 (UTC+0200):
Felix Miata wrote:
cagsm composed on 2021-09-08 14:25 (UTC+0200):
for a dup from 15.2 to 15.3, would it make sense or is it possible to even add those special 15.3 repos before? backports and SLE15updates repo?
I've been doing it, so yes, of course.
Can then someone please specify the full URL of those extra repositories? (apparently 3). This information is not given in <https://en.opensuse.org/SDB:System_upgrade>. Rather it seems to recommend adding them later in an automatic update.
A "zypper lr --details" would do.
[UpdateBP] autorefresh=1 baseurl=http://download.opensuse.org/update/leap/15.3/backports/ enabled=1 gpgcheck=1 gpgkey=https://download.opensuse.org/update/leap/15.3/backports/repodata/repomd.xml... keeppackages=0 name=UpdateBP type=rpm-md [UpdateSLE] autorefresh=1 baseurl=http://download.opensuse.org/update/leap/15.3/sle/ enabled=1 keeppackages=0 name=UpdateSLE type=NONE -- Evolution as taught in public schools is, like religion, based on faith, not based on science. Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata
On 08/09/2021 20.08, Felix Miata wrote:
Carlos E. R. composed on 2021-09-08 19:14 (UTC+0200):
Felix Miata wrote:
cagsm composed on 2021-09-08 14:25 (UTC+0200):
for a dup from 15.2 to 15.3, would it make sense or is it possible to even add those special 15.3 repos before? backports and SLE15updates repo?
I've been doing it, so yes, of course.
Can then someone please specify the full URL of those extra repositories? (apparently 3). This information is not given in <https://en.opensuse.org/SDB:System_upgrade>. Rather it seems to recommend adding them later in an automatic update.
A "zypper lr --details" would do.
[UpdateBP] autorefresh=1 baseurl=http://download.opensuse.org/update/leap/15.3/backports/ enabled=1 gpgcheck=1 gpgkey=https://download.opensuse.org/update/leap/15.3/backports/repodata/repomd.xml... keeppackages=0 name=UpdateBP type=rpm-md
[UpdateSLE] autorefresh=1 baseurl=http://download.opensuse.org/update/leap/15.3/sle/ enabled=1 keeppackages=0 name=UpdateSLE type=NONE
Thanks. The wiki says: https://en.opensuse.org/SDB:System_upgrade <https://en.opensuse.org/SDB:System_upgrade> The openSUSE Leap 15.3 adds two additional update repositories one for openSUSE Backports and one for SUSE Linux Enterprise, these additional repositories are used during online installation and delivered to Leap 15.3 system via a maintenance update of openSUSE-release with Leap 15.3 GA. This is covered in depth in the Release notes. But does not say which they are. -- Saludos/Cheers Carlos E. R.
participants (7)
-
Andrei Borzenkov -
cagsm -
Carlos E. R. -
Carlos E.R. -
Darryl Gregorash -
Dave Howorth -
Felix Miata