How do I know my software?

when I do a zypper -i, I get a list of 4000 packages, 90% of which are coming in through the distro itself, as supporting libraries and/or recommended/suggested packages.
Other than going through 4000 lines of output, how do I know which software really is installed on top of the basic distribution itself (stuff like Google Chrome, grub-customizer, kshutdown, pinta that I know I did install and would now find in the menu system)?

If you installed all using YaST > Software Management and/or zypper there is no real way of finding out. Even what is installed at system installation can be changed before the installation starts to include and/or exclude package at the will of the person that does the installation.

What you could do however is looking the installation date/time. Packages that are installed after the majority that is installed at installation date, but that could also be packages that are installed again later because they are update versions of installed software. so that date check is only suggesting things to you.

In fact the best thing to do is making notes when you install extra software. Something a serious system manager should do in any case IMHO: make notes, notes, notes.

Perhaps try:

zypper pa -i | grep '^i[+]'

Yes, I know that the man page says for i+

installed by user request

But I am very unsure what it means. Even if I interpret “user” as the system manager (and not the end-user) all that is on the system is “by user request”. Who else would have requested for a package install? The “user” requested either direct. or by implication (dependencies, patterns, …) , but what is technically the criterium that zypper thinks it is “by user request”? I really do not know.

I just did the

zypper pa -i | grep '^i[+]'

and it gave me ~ 270 packages. I saw amongst them e.g. firewalld. I am not aware that I installed that separate, the more because I do not use any firewall on my systems.

So this (I agree, much sorter) list again might be a starting point for the OP, but not the ultimate flawless information he is searching for.

Hi, /var/log/zypp/history[-yyyymmdd.xz] contains all packages installed from the initial install, packages added, removed etc…

less /var/log/zypp/history-20230323.xz
2021-12-25 19:27:45|command|root@install|'/usr/bin/ruby.ruby2.7' '--encoding=utf-8' '/usr/lib/YaST2/bin/y2start' 'installation' '--arg' 'initial' 'qt' '--noborder' '--auto-fonts' '--fullscreen'|

I am still unsure if you are genuinely interested in the answer or just ranting, but - this has nothing to do with “user” vs “admin”. Computers do not read your mind. “User installed” simply means that this package was installed explicitly, and packages are explicitly installed e.g. by YaST module when you enable firewall. Those packages will be marked as “user installed”.

I’m not sure, either. But here’s my best guess:

When you do a clean install, the system installs the package “openSUSE-release”. And that does show as a user install (with “i+”). Lots of other packages are then pulled in as dependencies or as recommends. Those that are pulled in are not shown as user installs. They get an “i” rather than “i+”. Additional package that you explicitly select do show as user installs, but anything else pulled in does not show as a user install.

At least this guess seems to describe what I am seeing.

Incidentally, I only show 92 packages as user installed. That’s probably because this system (Leap 15.5) was a fresh install. Your larger number of 270 is probably because you have been upgrading over the years, and seeing a great accumulation of user selected packages.


First, welcome to the openSUSE Forums.


First, list all the installed patterns:

> zypper patterns --installed-only

Then, for each pattern, output the information:

> zypper pattern-info base

Personally, I would use the list of installed patterns as the basis for a quick-and-dirty script which calls the “pattern-info” for each installed pattern to give the list of installed packages which have been installed as the result of openSUSE patterns.

I would then, take that list of installed packages, simplify it with “cut” and pass the simplified list through “sort” – I would then compare that alphabetically sorted list of packages to the alphabetically sorted simple list of all installed packages:

> rpm -qa | sort

Thank you for your answers.

For the background: I am thinking to NOT upgrade from 15.4 to 15.5 but instead, do a fresh install in order to get rid of some junk that has collected over time. But then, I obviously would like to come back to my current system as close as possible.

@malcolmlewis This sounded like a promising path, but my /var/log/zypp/ directory only contains a single file named history; furthermore this file only contains 1 line of entry and doesn’t tell me much.

Using the other’s suggestions, I will go ahead and see which sequence of commands (or script) would give me the best results. If I’m successful, I will post my findings.

I’m just surprised that there does not seem to be a standard answer to my question, knowing that I’m probably not the first one who wants to know, and that Windows (yuck) has a nice software center for this purpose.



@THN Hi, strange… my current history on one of my Leap machines shows the initial 15.3 install and upgrades to 15.4 and now 15.5…

This is why I normally do a clean install rather than an upgrade. It cleans out the junk.

Can you please, take a look at the timestamp of ‘/var/log/zypp/history’.

  • The entries in that journal are normally timestamped – like this: “2022-07-19 12:39:19” …

Can you please, also check some Zypp configuration settings?

## Location of history log file.
## The history log is described at
## Valid values: absolute path to a file
## Default value: /var/log/zypp/history
# history.logfile = /var/log/zypp/history

Possibly, with Leap 15.5, with the change from Firefox MP4/H.264 codecs in Packman to the Cisco solution, this method will be preferable for more than a few folks.

The timestamp ist from before yesterday.

The content is just one line:
2023-06-07 18:28:45|command|root@machine_name|'/usr/bin/ruby.ruby2.5' '--encoding=utf-8' '/usr/lib/YaST2/bin/y2start' 'online_update' 'ncurses' '-name' 'YaST2' '-icon' 'yast'|

and the location of the history log file is commented out (like in your case)

## Location of history log file.
## The history log is described at
## Valid values: absolute path to a file
## Default value: /var/log/zypp/history
# history.logfile = /var/log/zypp/history


That’s a bit weird – it’s the first entry resulting from a new installation – before any patches, updates or, additional packages have been installed …

I do not quite understand you. I am still wanting to understand what the vague expression “user installed” technically means for zypper. There were suggestions (but only suggestions) that that might be packages installed “after system installation” (but that still dos not quite define how zypper knows what is “during system installation” and what is “after installation”.

I then took one of the lines I saw in that I+ output that mentions firewalld as “user installed”. And I tried to explain that I have not installed that myself “after installation”, neither explicit, nor by something similar to your suggestion of “enabling the firewall”. I explicit said: “I do not use any firewall on my systems”. And I can add that I do that by switching the firewall off on the installation screen that offers such choices (the last one before installation starts).

My assumption is that firewalld is installed during system installation (if that is what you mean with “implicitly”) because I never did it. So why the +?

I am still wondering what the + in i+ means.

I don’t have an answer for that. But I’ll make a wild guess.

Previously, we were using SUSEFirewall2 (or similar name). I think the move to “firewalld” was with Leap 15.0. But if you upgraded Leap 42.3 to 15.0, then you kept the older firewall software unless you voluntarily chose to move to the new software. And if you voluntarily chose that, it would show as a user install.

Feel free to submit a patch to zypper with better explanation.

“User installed” means that package was explicitly used as “package to install” in zypper install or equivalent command. If the command zypper install foo is executed and zypper has to add libfoo as dependency for foo, then foo is “user installed” and libfoo is not. I intentionally avoided saying “if you run this command” because I wanted to avoid any implication that “user installed” has anything to do with human intention.

Because it was added as package to install by YaST during installation (as opposed of being pulled in as dependency of base pattern):

2020-07-05 08:43:19 <1> install(3764) [Ruby] modules/PackagesProposal.rb:124 Adding resolvables ["firewalld"] of type package for firewall

Which has nothing to do with package property of being explicitly installed vs. installed by dependency.

Which only disables firewalld service but does not delete firewalld package.

That is not what I try to bring over. I try to explain that I did nothing to further the installation of firewalld. I did never enable it, it was not even enabled from system installation on. So your statement that it could be user installed as a result of enabling the firewall is not applicable IMHO. Nevertheless it is mentioned as i+.

boven:~ # zypper pa -i | grep '^i[+]' | grep fire
i+ | Updates from SUSE Linux Enterprise 15 | firewall-macros                            | 0.9.3-150400.8.9.1                               | noarch
i+ | Updates from SUSE Linux Enterprise 15 | firewalld                                  | 0.9.3-150400.8.9.1                               | noarch
i+ | Updates from SUSE Linux Enterprise 15 | firewalld-lang                             | 0.9.3-150400.8.9.1                               | noarch
i+ | Updates from SUSE Linux Enterprise 15 | python3-firewall                           | 0.9.3-150400.8.9.1                               | noarch
boven:~ # 

And I assume that the others mentioned above are dependencies of firewalld and as such should not be i+. according to your example of foo vs. libfoo (if I understand that correct)

I am pretty sure that I did not use zypper in python3-firewall at any time in my life.