I’d just like to check that I’m not doing anything that I shouldn’t - is this how I should update?
su -c 'zypper refresh && zypper dup --allow-vendor-change && flatpak update -y && flatpak remove --unused -y && snap refresh' && systemctl poweroff
No…
The biggest mistake is --allow-vendor-change, see:
The following 185 packages are going to change vendor:
akonadi-server obs://build.opensuse.org/KDE:Unstable -> openSUSE
akonadi-server-lang obs://build.opensuse.org/KDE:Unstable -> openSUSE
akonadi-server-sqlite obs://build.opensuse.org/KDE:Unstable -> openSUSE
bluez-qt-imports obs://build.opensuse.org/KDE:Unstable -> openSUSE
gwenview5 obs://build.opensuse.org/KDE:Unstable -> openSUSE
gwenview5-lang obs://build.opensuse.org/KDE:Unstable -> openSUSE
kconf_update5 obs://build.opensuse.org/KDE:Unstable -> openSUSE
kcoreaddons obs://build.opensuse.org/KDE:Unstable -> openSUSE
kcoreaddons-devel obs://build.opensuse.org/KDE:Unstable -> openSUSE
kcoreaddons-lang obs://build.opensuse.org/KDE:Unstable -> openSUSE
kdeclarative-components obs://build.opensuse.org/KDE:Unstable -> openSUSE
I want to clarify something for me.
zypper refresh && zypper dup
or just
zypper dup
Does zypper dup does a refresh also? Thank you.
All I’ve done for a very long time is
zypper dup
On two machines … and all is well 
And personally, I wouldn’t do that “automatic” poweroff … I’d rather read for any errors or warnings first.
zypper dup does a refresh as well. You can see it do it when you run it:
$ sudo zypper dup
Retrieving repository 'Main Repository (NON-OSS)' metadata ...............[done]
Building repository 'Main Repository (NON-OSS)' cache ....................[done]
Retrieving repository 'Main Repository (OSS)' metadata ...................[done]
Building repository 'Main Repository (OSS)' cache ........................[done]
Retrieving repository 'google-chrome' metadata ...........................[done]
Building repository 'google-chrome' cache ................................[done]
Retrieving repository 'microsoft-edge' metadata ..........................[done]
Building repository 'microsoft-edge' cache ...............................[done]
Retrieving repository 'Packman' metadata .................................[done]
Building repository 'Packman' cache ......................................[done]
Loading repository data...
Reading installed packages...
Warning: You are about to do a distribution upgrade with all enabled repositories. Make sure these repositories are compatible before you continue. See 'man zypper' for more information about this command.
Computing distribution upgrade...
The following item is locked and will not be changed by any action:
Available:
PackageKit
The following 176 packages are going to be upgraded:
avrdude bluez bluez-auto-enable-devices bluez-cups bouncycastle
branding-openSUSE brltty brltty-driver-at-spi2 brltty-driver-brlapi
brltty-driver-speech-dispatcher brltty-driver-xwindow cuda dialog
docker-compose dracut evince evince-plugin-pdfdocument evolution
gdk-pixbuf-loader-rsvg gjs gnome-shell-search-provider-nautilus
gnome-video-effects grub2-branding-openSUSE icewm icewm-config-upstream
icewm-default icewm-lang icu imlib2-loaders kmod kmod-bash-completion
libassuan0 libbluetooth3 libbluetooth3-32bit libbrlapi0_8 libdialog15
libdouble-conversion3 libell0 libevdev2 libevdocument3-4 libevview3-3 libgbm1
libgbm1-32bit libgjs0 libicu73 libicu73-ledata libicu-devel libIex-3_1-30
libIlmThread-3_1-30 libImlib2-1 libkmod2 libksba8 libldap2 libldap2-32bit
libldapcpp0 libldap-data libmd0 libnautilus-extension4 libncurses6
libncurses6-32bit libnghttp2-14 libnghttp2-14-32bit libOpenEXR-3_1-30
libpython3_10-1_0 libreoffice-branding-openSUSE librsvg-2-2 libsharpyuv0
libsharpyuv0-32bit libssh2-1 libsvn_auth_gnome_keyring-1-0 libsynctex2
libtiff6 libtiff6-32bit libtiff-devel libvdpau_nouveau libvlc5 libvlccore9
libwebp7 libwebp7-32bit libwebpdemux2 libwebpmux3 libwebpmux3-32bit
libwireshark16 libwiretap13 libwsutil14 libzbar0 libzypp Mesa Mesa-32bit
Mesa-dri Mesa-dri-32bit Mesa-gallium Mesa-gallium-32bit Mesa-KHR-devel
Mesa-libEGL1 Mesa-libEGL-devel Mesa-libGL1 Mesa-libGL1-32bit Mesa-libglapi0
Mesa-libglapi0-32bit Mesa-libGL-devel Mesa-libva microsoft-edge-stable
MozillaFirefox nautilus ncurses-devel ncurses-utils nodejs20 npm20
nvidia-compute-G06 nvidia-compute-G06-32bit nvidia-compute-utils-G06
nvidia-driver-G06-kmp-default nvidia-gl-G06 nvidia-gl-G06-32bit
nvidia-utils-G06 nvidia-video-G06 nvidia-video-G06-32bit openldap2-client
openldap2-devel openSUSE-release openSUSE-release-appliance-custom
plymouth-branding-openSUSE python310
python310-backports.entry_points_selectable python310-base python310-black
python310-botocore python310-curses python310-dbm python310-devel
python310-docutils python310-filelock python310-gobject
python310-gobject-cairo python310-gobject-Gdk python310-pyOpenSSL
python310-pytest python311-gobject python311-gobject-cairo
python311-gobject-Gdk python311-pyOpenSSL python3-brlapi rsvg-thumbnailer
subversion subversion-bash-completion subversion-perl
systemd-presets-common-SUSE system-user-brltty tack terminfo terminfo-base
terminfo-iterm terminfo-screen typelib-1_0-EvinceDocument-3_0
typelib-1_0-EvinceView-3_0 typelib-1_0-GjsPrivate-1_0 typelib-1_0-Rsvg-2_0
ucode-intel vlc vlc-codec-gstreamer vlc-codecs vlc-lang vlc-noX vlc-qt
vlc-vdpau wallpaper-branding-openSUSE wireshark wireshark-ui-qt xbrlapi
yast2-installation yast2-network yast2-qt-branding-openSUSE zypper zypper-log
zypper-needs-restarting
The following product is going to be upgraded:
openSUSE Tumbleweed 20230619-0 -> 20230622-0
The following 59 NEW packages are going to be installed:
cuda-12-1 cuda-cccl-12-1 cuda-command-line-tools-12-1 cuda-compiler-12-1
cuda-cudart-12-1 cuda-cudart-devel-12-1 cuda-cuobjdump-12-1 cuda-cupti-12-1
cuda-cuxxfilt-12-1 cuda-demo-suite-12-1 cuda-documentation-12-1
cuda-driver-devel-12-1 cuda-gdb-12-1 cuda-libraries-12-1
cuda-libraries-devel-12-1 cuda-nsight-12-1 cuda-nsight-compute-12-1
cuda-nsight-systems-12-1 cuda-nvcc-12-1 cuda-nvdisasm-12-1
cuda-nvml-devel-12-1 cuda-nvprof-12-1 cuda-nvprune-12-1 cuda-nvrtc-12-1
cuda-nvrtc-devel-12-1 cuda-nvtx-12-1 cuda-nvvp-12-1 cuda-opencl-12-1
cuda-opencl-devel-12-1 cuda-profiler-api-12-1 cuda-runtime-12-1
cuda-sanitizer-12-1 cuda-toolkit-12-1 cuda-toolkit-12-1-config-common
cuda-tools-12-1 cuda-visual-tools-12-1 gds-tools-12-1 libavrdude1
libcublas-12-1 libcublas-devel-12-1 libcufft-12-1 libcufft-devel-12-1
libcufile-12-1 libcufile-devel-12-1 libcurand-12-1 libcurand-devel-12-1
libcusolver-12-1 libcusolver-devel-12-1 libcusparse-12-1
libcusparse-devel-12-1 libnpp-12-1 libnpp-devel-12-1 libnvjitlink-12-1
libnvjitlink-devel-12-1 libnvjpeg-12-1 libnvjpeg-devel-12-1
libnvvm-samples-12-1 nsight-compute-2023.1.1 nsight-systems-2023.1.2
176 packages to upgrade, 59 new.
Overall download size: 4.58 GiB. Already cached: 0 B. After the operation,
additional 6.8 GiB will be used.
Continue? [y/n/v/...? shows all options] (y):
It doesn’t say that the repos are up to date, but if you run zypper ref afterwards a zypper dup that you’ve aborted, you’ll see this:
$ sudo zypper ref
Repository 'Libdvdcss Repository' is up to date.
Repository 'NVIDIA' is up to date.
Retrieving repository 'Server Monitoring Software (Tumbleweed)' metadata .[done]
Building repository 'Server Monitoring Software (Tumbleweed)' cache ......[done]
Repository 'cuda-opensuse15-x86_64' is up to date.
Repository 'Main Repository (NON-OSS)' is up to date.
Repository 'Main Repository (OSS)' is up to date.
Repository 'Main Update Repository' is up to date.
Repository 'google-chrome' is up to date.
Retrieving repository 'hendersj's Home Project (Tumbleweed)' metadata ....[done]
Building repository 'hendersj's Home Project (Tumbleweed)' cache .........[done]
Repository 'microsoft-edge' is up to date.
Repository 'Packman' is up to date.
Retrieving repository 'Security tools (openSUSE_Tumbleweed)' metadata ....[done]
Building repository 'Security tools (openSUSE_Tumbleweed)' cache .........[done]
Repository 'snappy' is up to date.
All repositories have been refreshed.
The repos in my list that show as refreshing are enabled but have refresh turned off, so those repos’ content is rebuilt each time it’s accessed, it seems.
For utmost ease and robustness of upgrading always run a service in the system slice:
3400g:~ # systemctl cat dup.service
# /etc/systemd/system/dup.service
[Unit]
Description=Dist Upgrade
[Service]
ExecStartPre=/usr/bin/nm-online
ExecStart=/usr/bin/zypper --non-interactive dist-upgrade
3400g:~ #
A dup a day keeps the trouble away:
3400g:~ # systemctl cat dup.timer
# /etc/systemd/system/dup.timer
[Unit]
Description=Daily dist-upgrade
[Timer]
OnCalendar=daily
AccuracySec=1h
Unit=dup.service
Persistent=true
[Install]
WantedBy=timers.target
3400g:~ #
Journal allows for easy monitoring:
3400g:~ # journalctl -q -u dup.service -g 'Started|conflict|Consumed'
Apr 19 04:12:26 3400G systemd[1]: Started Dist Upgrade.
Apr 19 04:15:06 3400G zypper[7012]: Checking for file conflicts: [...done]
Apr 19 04:15:12 3400G systemd[1]: dup.service: Consumed 18.542s CPU time.
...
Jun 20 05:50:25 3400g systemd[1]: dup.service: Consumed 8.941s CPU time.
Jun 20 18:53:20 3400g systemd[1]: Started Dist Upgrade.
Jun 20 18:54:33 3400g zypper[18598]: Checking for file conflicts: [......done]
Jun 20 18:54:40 3400g systemd[1]: dup.service: Consumed 15.665s CPU time.
Jun 21 04:51:05 3400g systemd[1]: Started Dist Upgrade.
Jun 21 04:52:04 3400g zypper[5669]: Checking for file conflicts: [.....done]
Jun 21 04:52:12 3400g systemd[1]: dup.service: Consumed 9.580s CPU time.
Jun 21 15:44:44 3400g systemd[1]: Started Dist Upgrade.
Jun 21 15:45:27 3400g zypper[28727]: Checking for file conflicts: [.....done]
Jun 21 15:45:41 3400g systemd[1]: dup.service: Consumed 13.287s CPU time.
Jun 22 04:59:42 3400g systemd[1]: Started Dist Upgrade.
Jun 22 04:59:57 3400g zypper[1764]: Checking for file conflicts: [..done]
Jun 22 05:00:00 3400g systemd[1]: dup.service: Consumed 5.295s CPU time.
Jun 22 18:28:22 3400g systemd[1]: Started Dist Upgrade.
Jun 22 18:37:42 3400g zypper[16384]: Checking for file conflicts: [.........done]
Jun 22 18:39:53 3400g systemd[1]: dup.service: Consumed 1min 57.783s CPU time.
Jun 23 05:27:42 3400g systemd[1]: Started Dist Upgrade.
Jun 23 05:27:53 3400g zypper[29412]: Checking for file conflicts: [..done]
Jun 23 05:27:57 3400g systemd[1]: dup.service: Consumed 5.428s CPU time.
Jun 24 05:03:41 3400g systemd[1]: Started Dist Upgrade.
Jun 24 05:05:37 3400g zypper[6417]: Checking for file conflicts: [...done]
Jun 24 05:05:49 3400g systemd[1]: dup.service: Consumed 20.196s CPU time.
3400g:~ #
Use priorities:
3400g:~ # repos
# | Alias | Enabled | GPG Check | Refresh | Priority | URI
---+--------------+---------+-----------+---------+----------+-------------------------------------------------------
5 | Packman | Yes | (r ) Yes | Yes | 90 | https://ftp.fau.de/packman/suse/openSUSE_Tumbleweed/
21 | repo-non-oss | Yes | (r ) Yes | Yes | 99 | https://download.opensuse.org/tumbleweed/repo/non-oss/
22 | repo-oss | Yes | (r ) Yes | Yes | 99 | https://download.opensuse.org/tumbleweed/repo/oss/
24 | repo-update | Yes | (r ) Yes | Yes | 99 | https://download.opensuse.org/update/tumbleweed/
15 | jalbum | Yes | ( ) No | Yes | 100 | https://jalbum.net/download/software/yumrepo/
3400g:~ #
Configure zypper to your needs:
3400g:~ # grep -v ^\# /etc/zypp/zypp.conf|grep -v ^\$
[main]
solver.onlyRequires = true
solver.dupAllowVendorChange = true
multiversion = provides:multiversion(kernel)
multiversion.kernels = latest,latest-1,running
3400g:~ #
3400g:~ # grep -v ^\# /etc/zypp/zypper.conf|grep -v ^\$
[main]
repoListColumns = auP
[solver]
[commit]
[search]
[color]
[obs]
[subcommand]
3400g:~ #
1 Like
zypper refresh will be done:
grep -B8 'refresh.delay' /etc/zypp/zypp.conf
##
## Amount of time in minutes that must pass before another refresh.
##
## Valid values: Integer
## Default value: 10
##
## If you have autorefresh enabled for a repository, it is checked for
## up-to-date metadata not more often than every <repo.refresh.delay>
## minutes. If an automatic request for refresh comes before <repo.refresh.delay>
## minutes passed since the last check, the request is ignored.
##
## A value of 0 means the repository will always be checked. To get the opposite
## effect, disable autorefresh for your repositories.
##
## This option has no effect for repositories with autorefresh disabled, nor for
## user-requested refresh.
##
repo.refresh.delay = 5
So if the time has passed a refresh will be done by any zypper command that needs a refresh…
Why is that problematic?
You have only quoted half of my post, I have written:
see:
the following after see is the important piece…
1 Like
I do not think any body is going to tell you how you should update.
That is up to you.
Nevertheless I will make a few remarks (some of them already thrown at you above).
- Always use
su - ........(or alternativesu -lor, when you love typingsu --login). Running as root it is much more secure using the root login environment, then still having parts of the environment of the user that commits thesucommand. - As already said above, you really do not need that
zypper refevery time you sneeze. It is done automatic when needed. There can be a reason to do an extra one, but in such cases it is very obvious and logical to do so. - As also said above, updating a Tumbleweed system only needs
zypper dup. Nothing less, nothing more. - I have no idea why you make such a huge statement with all sorts of actions without any possibility to interfere. This will roll on and you probably at one day will stare at a lot of lines scrolling before your eyes and you not knowing what program is telling what to you. Doing a ^C then will obviously be much too late to stop disaster.
- I am not sure which user is supposed to submit this command, but when he is not root already (in which case I do not understand the use of
su), then the finishing touch `systemctl poweroff’ will not work for that normal user. And of course, as said above, letting things scroll by and then, before you have any chance to assess what you see, shutting down the system, is not a good idea IMHO.
2 Likes
It will. By default local users (logged in on local console) are allowed to do it.
1 Like
Hm. for me a break of security 
In any case, the situation the user is in is not explained.
You personal opinion does not matter here. You said “will not work” and that was incorrect.
You are welcome to investigate whether it is default upstream configuration or downstream SUSE change and submit security bug report accordingly.
Could you explain why that’s problematic? I see that packages are changing repositories.
Yeah, it works for me.
If I didn’t do it, couldn’t I potentially update to the non-latest packages? I learnt this after testing a dup without a refresh and a dup with, to which I believe the result was a slightly different package choice.
That’s why I’m asking – why do you think so? Also, aren’t flatpak and snap rather excluded from that statement? (zypper isn’t going to touch them!)
This is meant to be entirely automatic. The script -a should allow me to investigate any problems, right? It’s not always easily readable, but I don’t know of a better logger (pwsh’s Start-Transcript screws stuff up by routing it through another Out-* instead of spawning a new shell).
Myself. This is for a personal machine.
This seems contradictory to me. If the user isn’t authenticated as the superuser, surely I do need to elevate permissions. With zypper and flatpak, I don’t get PolKit appearing if I don’t provide credentials beforehand like snap does, and since this needs to be automatic, that wouldn’t be ideal anyway.
Did you actually read Sauerlands and Hendersj responses in this thread? No?
Yes and on the next zypper dup --allow-vendor-change they will also switch and so on…
But normally you do not want to switch after switching first time to an Repo.
And you can get trouble…
Thats why zypper dup is switched for years to explizit using —allow-vendor-change
Are you sure?
By the way: I observed zypper dist-upgrade switching packages between repos. However eventually zypper got permission to decide everything on its own on all hosts maintained by me:
3400g:~ # grep Allow /etc/zypp/zypp.conf
# solver.dupAllowDowngrade = true
# solver.dupAllowNameChange = true
# solver.dupAllowArchChange = true
solver.dupAllowVendorChange = true
3400g:~ #
All hosts now use the above settings. zypper dist-upgrade runs unattended in the background. Selection of package versions is governed by repo priorities.
The above strategy is closely monitored on a dozen machines, half of them operated by Linux illiterate users. Their comments may be summarized as: “I don’t know what Linux does, but it always works”.
Host 3400g does a daily dup. Decisions made by zypper since May 12 are few and benign:
3400g:~ # journalctl -q -u dup -g change
Jun 16 13:56:33 3400g zypper[9257]: The following package is going to change architecture:
Jun 16 13:56:33 3400g zypper[9257]: 1358 packages to upgrade, 58 new, 12 to remove, 1 to change arch.
Jun 16 14:22:33 3400g zypper[9257]: usermod: no changes
3400g:~ #