Updates without request

Hi,

is there an issue with the PackageKit update feature? I have an old version of OpenVPN installed, 2.3.8, and this is becuase a limitation in some old firewall a client is using, it seems it is not compatible with openvpn 2.4.x. Still, I noticed that about once a week OpenSuse will upgrade it to 2.4.x without asking. For example, I see a few packages to update, I uncheck openvpn from the list, and the tool upgrades it anyways.

Here is an except from journalctl. You see two packages, needing update, a security update fro mozilla-nss and an update for openvpn.


Jan 14 11:45:13 rohan PackageKit[7331]: get-updates transaction /3_eeddceac from uid 1000 finished with success after 14166ms
Jan 14 11:45:13 rohan plasmashell[2035]: plasma-pk-updates: Got update package: “openSUSE-2020-8;1;noarch;http-download.opensuse.org-0da90d63” , summary: “Security update for mozilla-nspr, mozilla-nss” , type: “security”
Jan 14 11:45:13 rohan plasmashell[2035]: plasma-pk-updates: Got update package: “openvpn;2.4.3-lp151.4.3;x86_64;repo-oss” , summary: “Full-featured SSL VPN solution using a TUN/TAP Interface” , type: “enhancement”
Jan 14 11:45:13 rohan plasmashell[2035]: plasma-pk-updates: Transaction “/3_eeddceac” finished with status “success” in 14 seconds
Jan 14 11:45:13 rohan plasmashell[2035]: plasma-pk-updates: Check updates transaction finished successfully
Jan 14 11:45:13 rohan plasmashell[2035]: plasma-pk-updates: Total number of updates: 2
Jan 14 11:45:13 rohan plasmashell[2035]: plasma-pk-updates: Is net online: true

I uncheck openvpn from the menu and tell it to update.


Jan 14 11:45:24 rohan plasmashell[2035]: qml: Package openSUSE-2020-8;1;noarch;http-download.opensuse.org-0da90d63 selected for update
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Installing updates (“openSUSE-2020-8;1;noarch;http-download.opensuse.org-0da90d63”) , simulate: true , untrusted: false
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Is net online: true
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Is net online: true
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Is net online: true
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Is net online: true
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Is net online: true
Jan 14 11:45:24 rohan PackageKit[7331]: new update-packages transaction /4_accbacac scheduled from uid 1000
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Transaction status changed: “setup” “(101%)”
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Transaction status changed: “setup” “(101%)”
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Transaction status changed: “dep-resolve” “(100%)”
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Package updating: “libfreebl3;3.47.1-lp151.2.9.1;x86_64;http-download.opensuse.org-0da90d63” , info: “installing”
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Package updating: “libfreebl3-hmac;3.47.1-lp151.2.9.1;x86_64;http-download.opensuse.org-0da90d63” , info: “installing”
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Package updating: “libsoftokn3;3.47.1-lp151.2.9.1;x86_64;http-download.opensuse.org-0da90d63” , info: “installing”
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Package updating: “libsoftokn3-hmac;3.47.1-lp151.2.9.1;x86_64;http-download.opensuse.org-0da90d63” , info: “installing”
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Package updating: “mozilla-nspr;4.23-lp151.2.6.1;x86_64;http-download.opensuse.org-0da90d63” , info: “installing”
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Package updating: “mozilla-nss;3.47.1-lp151.2.9.1;x86_64;http-download.opensuse.org-0da90d63” , info: “installing”
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Package updating: “mozilla-nss-certs;3.47.1-lp151.2.9.1;x86_64;http-download.opensuse.org-0da90d63” , info: “installing”
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Package updating: “openSUSE-2020-8;1;noarch;http-download.opensuse.org-0da90d63” , info: “installing”
Jan 14 11:45:24 rohan plasmashell[2035]: plasma-pk-updates: Package updating: “openvpn;2.4.3-lp151.4.3;x86_64;repo-oss” , info: “installing”
Jan 14 11:45:24 rohan PackageKit[7331]: in /4_accbacac for update-packages package libfreebl3;3.47.1-lp151.2.9.1;x86_64;http-download.opensuse.org-0da90d63 was installing for uid 1000

And there is openvpn showing up in the list to be installed although it was unchecked in the list of packages to update. Usually then I use zypper to remove openvpn and rpm to install the older version. A few days later PackageKit will do it again. It does not do it at every update, just occasionally, about once a week.

One note perhaps unrelated, the update that it did without request that it did on this Friday there was also a new version of mozilla to update. I cannot tell though if every time it updated openvpn if there was some mozilla related package also being updated. I do not think so.

Any ideas? I did not want to have to download and install openvpn manually but perhaps I have to to keep PackageKit from killing my openvpn connection to the client like it does every week.

Hi and welcome to the Forum :slight_smile:
Just add a package lock with zypper (zypper al <package_to_lock> of via YaST software taboo the package.

Be aware that another serious flaw in the Diffie-Hellman algorithm was discovered recently and has been in the news… particularly affecting VPNS.
I’m sure every VPN technology is being updated and pushing packages to address the problem.
Might be better to try to address whatever the client-side problem is…

TSU