Zypper dup question

trece_verde · July 25, 2018, 12:40am

We had a VM configured with an older version of Leap with a requirement to harden it due to security requirements for a client. This meant that all of the desktops and GUI-related applications had to be removed/uninstalled. When zypper dup was run on it, it would not attempt to reinstall large numbers of extraneous (to us) applications.

I built a new version of this with Leap 42.3 from a full load and attempted to trim down the application load to meet the same security requirements. However, zypper dup now is insistent that it wants to reinstall the uninstalled applications unless I manually make them taboo - I realize that this is expected behaviour, but it’s still a pain to have to do this with a large number of applications. Has anyone else had a similar requirement in the past, and if so, how did you accomplish it? Is there a way to use the zypper configuration files to do this globally? Is there any way to automate the process?

Thanks in advance,

Trece Verde

gogalthorp · July 25, 2018, 1:25am

Install JeOS Why install things you don’t want.

There are packages that define the recommended configurations this is what puls the normal packages in

andyprough · July 25, 2018, 1:38am

gogalthorp is right - what you are probably looking for is JeOS - “SUSE Linux Enterprise Server JeOS (pronounced /jo͞os/, just like “juice”) is a slimmed down form factor of SUSE Linux Enterprise Server that is ready to run in virtualization environment and cloud. With SUSE Linux Enterprise Server JeOS, you can choose the right sized SUSE Linux Enterprise Server option to fit your needs. JeOS provides ready to deploy server images for KVM/Xen Fully Virtualized, Xen Paravirtualized, Microsoft Hyper-V, VMware, and OpenStack Cloud.”

eng-int · July 25, 2018, 3:01am

zypper dup --no-recommends

But you only need “dup” (or dist-upgrade) to change distribution versions or repair a system that has been broken with software from alien repositories. Once you have a working Leap-42.3 only “zypper patch” or “zypper update” are required for maintenance.

mrmazda · July 25, 2018, 3:13am

You can reduce the so-called “required” packages count by applying

--no-recommends

when using zypper, or by its equivalent configuration option. From the zypper man page:

Do not install recommended packages, but only required ones. The default behavior is determined by [zypp.conf:solver.onlyRequires].

hcvv · July 25, 2018, 9:16am

eng-int:

zypper dup --no-recommends
But you only need “dup” (or dist-upgrade) to change distribution versions or repair a system that has been broken with software from alien repositories. Once you have a working Leap-42.3 only “zypper patch” or “zypper update” are required for maintenance.

I support this. Why do you do zypper dup at all on a functioning system? You shouldn’t. And that nullifies your thread from the very title of it.

Please explain.

trece_verde · July 30, 2018, 7:57pm

Thanks all for the feedback. We will investigate JeOS for this purpose and see if it meets the security requirements.

Why are we running zypper dup? I should have mentioned that it was part of mandated testing to see how the system would behave when it was faced with an upgrade. I don’t want to see a broken production box any more than anyone else does.

hcvv · July 30, 2018, 9:01pm

Well, you might think it is useful testing, but I doubt that a zypper dup on an already up-to-date Leap version will switch some packages from e.g. Packman to OSS at the most. And that is exactly what you (I assume) do not want. Only my opinion, not quite undestanding what your testing goal is.

enziosavio · July 30, 2018, 11:13pm

I invite you to try setting repository priorities(repo oss 90 , repo packman 85 , all the others 99 , repo /home 100) , edit the /etc/zypp/zypp.conf file, enable the change of provider, and then try
zypper up
zypper dup
yast software manager> all in this list> update if a new version is available.

This with any version of openSuse, just to get an idea