What happened to my list of repositories on December 7?

I can only repeat what @hui already tried to explain. Please read from the begin of the thread. openSUSE-repos-* packages are NOT installed on these systems at all (since at least shortly after they were released and forced on my system creating havoc in my repo list).

So there is still no explanation why these four repos were added 2025-12-16 (during my weekly maintenance session) and why then the mtime is set to 2025-12-07 12:47:59. That last action seems also to have happened to @kasi042 who uses the openSUSE-repo service.

When there is an explanation for e.g. the setting of the mtime, one could document that in the Wiki, but until now there isn’t.

Yes, I missed that openSUSE-repos-Leap is not installed.

Based in the output above my guess is they were introduced by:

2025-12-02 09:15:13|patch  |openSUSE-SLE-15.6-2025-30|1|noarch|sle-update|moderate|optional|not-needed|applied|
2025-12-02 09:15:13|patch  |openSUSE-SLE-15.6-2025-284|1|noarch|sle-update|important|security|not-needed|applied|
2025-12-02 09:15:13|patch  |openSUSE-SLE-15.6-2025-1878|1|noarch|sle-update|important|security|not-needed|applied|
2025-12-09 09:26:55|patch  |openSUSE-SLE-15.6-2025-4321|1|noarch|sle-update|moderate|recommended|needed|applied|
2025-12-09 09:26:55|patch  |openSUSE-SLE-15.6-2025-4323|1|noarch|sle-update|moderate|security|needed|applied|
2025-12-09 09:26:55|patch  |openSUSE-SLE-15.6-2025-4324|1|noarch|sle-update|important|security|needed|applied|
2025-12-09 09:26:55|patch  |openSUSE-SLE-15.6-2025-4319|1|noarch|sle-update|important|security|needed|applied|

Does anybody know how to check what is in these patches?

@marel with zypper eg zypper if -t patch openSUSE-SLE-15.6-2025-4319

I checked with this all the patches suggested by @marel , but non seems to be applicable

After installing packages with zypper up there are frequently running through some messages on “post-update scripts” run by zypper.

By any chance did such a script (for a short time, a limited amount of users?) result in the changes to the package list reported here?

Just trying to understand what’s going on here in the first place…

Well changing mtime is most probably done in a post-update script. What else? The question is which install has this script.

And why “for a short time, a limited amount of users”? Do you run Leap 15.6 and did you check the timestamp of these four repo files (if you have them)?

have some older VMs with 15.6, they don’t have these mods in repos. but I’m not sure about the update history in 12/2025.

busy times, all the times in December…

Hi Henk. That is good info.

The next thing to check is the product metadata, since libzypp derives managed repo-*.repo files from that.

What do you get for the following?
ls -l /etc/products.d
stat /etc/products.d/*.prod

Extra information.

I checked my backups. I backup every week after update. I keep 10 backups, thus I can go back ~10 weeks.

The unwanted repo files are not in the backup of 2025-12-09.
There are in the backup of 2025-12-16 (remind: directly after update) and are dated 2025-12-07, thus even before the 2025-12-09 backup.
Go figure.

boven:~ # ls -l /etc/products.d
total 12
-rw-r--r-- 1 root root 1877 Dec  7 12:47 Leap-Addon-NonOss.prod
-rw-r--r-- 1 root root 4226 Dec  7 12:47 Leap.prod
lrwxrwxrwx 1 root root    9 Dec  8  2021 baseproduct -> Leap.prod
boven:~ # 
boven:~ # stat /etc/products.d/*.prod
  File: /etc/products.d/Leap-Addon-NonOss.prod
  Size: 1877            Blocks: 8          IO Block: 4096   regular file
Device: 803h/2051d      Inode: 793120      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2026-01-06 08:47:42.017132412 +0100
Modify: 2025-12-07 12:47:52.000000000 +0100
Change: 2025-12-16 09:09:05.009658245 +0100
 Birth: 2025-12-16 09:09:05.009658245 +0100
  File: /etc/products.d/Leap.prod
  Size: 4226            Blocks: 16         IO Block: 4096   regular file
Device: 803h/2051d      Inode: 793132      Links: 1
Access: (0644/-rw-r--r--)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2026-01-06 08:47:04.304936184 +0100
Modify: 2025-12-07 12:47:59.000000000 +0100
Change: 2025-12-16 09:09:05.781662984 +0100
 Birth: 2025-12-16 09:09:05.781662984 +0100
boven:~ # 

I am not sure how to interpret this, but I assume you got something because I see the infamous date/time 2025-12-07 12:47:52.

That confirms the libzypp mechanism is the culprit. It used the product metadata to regenerate the managed repo-*.repo files on Dec 16, and the Dec 7 timestamp comes from the metadata itself. That’s why multiple systems show identical mtimes.

I have multiple 15.6 installations last updated prior to 2025-12-07. Is there anything I might do on one of those to garner additional evidence? If so, it might require advance adjustments, else it might look like this one:

# xz -dc /var/log/zypper.log-20251208.xz | grep update.repo | wc -l
340
# ls -gG /etc/zypp/repos.d/*update.repo
---------- 1 0 May 24  2024 /etc/zypp/repos.d/repo-backports-debug-update.repo
---------- 1 0 May 24  2024 /etc/zypp/repos.d/repo-backports-update.repo
---------- 1 0 May 24  2024 /etc/zypp/repos.d/repo-sle-debug-update.repo
---------- 1 0 May 24  2024 /etc/zypp/repos.d/repo-sle-update.repo
# lsattr /etc/zypp/repos.d/*update.repo
----i---------e------- /etc/zypp/repos.d/repo-backports-debug-update.repo
----i---------e------- /etc/zypp/repos.d/repo-backports-update.repo
----i---------e------- /etc/zypp/repos.d/repo-sle-debug-update.repo
----i---------e------- /etc/zypp/repos.d/repo-sle-update.repo

I never did determine why something kept wanting to create them, hence my use of immutable flags to keep the directory content minimalist for zypp use.

Read my above replies.

As they say: it is beyond y pay grade.
“product metadata” of what product? I ask, because I probably should file a bug report against something. But at this moment I do not feel that I can produce a consistent story about what happened and should not happen in what package or other component.

I do understand though that the Dec 7 date is only a byproduct of the real problem.

I started composing before last showed up, didn’t see before I finished.

BTW, I have of course removed those repos (just using rm) and this morning’s update did not bring them back.

PS, I still have them on one system for evidence of the case.

The “product metadata” is the Leap product itself, as your /etc/products.d output shows. Libzypp regenerated the managed repo-*.repo files from this metadata. Whether you think that calls for a bug report is up to you. The maintainers will argue it is part of the intended design.

I cited from the Wiki earlier. In short it says that you install the openSUSE-repos-* packages when you want them managed by it, or you don’t when you want to do it yourself.
Isn’t that the “intended design”?

Is it “intended design” that once a while (after more then a year) it starts littering the repos list when it is clear that you do not want that by not having any openSUSE-repos-* package installed?

And now please read the comment from kasi042 again…

It doesnt’t matter if you have the openSUSE-repos-* installed or not. The bug is, that 4 repos got added, independently if you have the service packages openSUSE-repos-* installed or not. The only thing for sure is, that the openSUSE-repos-* are not the culprit (besides the permanent bashing from some users regardles of the many advantages).

Have a look at rpm -qf /etc/products.d, and you’ll see the package in question is Leap-release....or similar (from install time).