Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zypper search --installed-only includes packages which aren't installed #498

Open
bwoodsend opened this issue Aug 21, 2023 · 3 comments
Open

zypper search --installed-only includes packages which aren't installed #498

bwoodsend opened this issue Aug 21, 2023 · 3 comments
Labels
bug

Comments

@bwoodsend
Copy link

In a fresh Tumbleweed Docker container, if I run zypper info fips it correctly tells me that fips is not installed. If I ask zypper to list all installed packages (zypper search --installed-only), it includes the line:

i  | fips                              | FIPS 140-2 specific packages

That line should not be there because fips is not an installed package.

Full console output: 
> docker images opensuse/tumbleweed 
REPOSITORY            TAG       IMAGE ID       CREATED       SIZE
opensuse/tumbleweed   latest    a81f47dc7384   2 weeks ago   107MB

> docker run --rm --platform=linux/x86_64 -it opensuse/tumbleweed:latest
manjaro-2212:/ # zypper info fips
Retrieving repository 'openSUSE-Tumbleweed-Non-Oss' metadata ...........................................................................................................................................................................[done]
Building repository 'openSUSE-Tumbleweed-Non-Oss' cache ................................................................................................................................................................................[done]
Retrieving repository 'Open H.264 Codec (openSUSE Tumbleweed)' metadata ................................................................................................................................................................[done]
Building repository 'Open H.264 Codec (openSUSE Tumbleweed)' cache .....................................................................................................................................................................[done]
Retrieving repository 'openSUSE-Tumbleweed-Oss' metadata ...............................................................................................................................................................................[done]
Building repository 'openSUSE-Tumbleweed-Oss' cache ....................................................................................................................................................................................[done]
Retrieving repository 'openSUSE-Tumbleweed-Update' metadata ............................................................................................................................................................................[done]
Building repository 'openSUSE-Tumbleweed-Update' cache .................................................................................................................................................................................[done]
Loading repository data...
Reading installed packages...


Information for package fips:
-----------------------------
Repository     : openSUSE-Tumbleweed-Oss
Name           : fips
Version        : 3.4.0-1.19
Arch           : x86_64
Vendor         : openSUSE
Installed Size : 555.4 KiB
Installed      : No
Status         : not installed
Source package : fips-3.4.0-1.19.src
Upstream URL   : https://github.com/matwey/fips3
Summary        : OpenGL-based FITS image viewer
Description    : 
    FIPS is a cross-platform FITS viewer with responsive user interface. Unlike
    other FITS viewers FIPS uses GPU hardware via OpenGL to provide usual
    functionality such as zooming, panning and level adjustments. OpenGL 2.1 and
    later is supported.

    FIPS supports all 2D image formats except of 64-bit floating point numbers
    (BITPIX=-64). FITS image extension has basic limited support.

manjaro-2212:/ # zypper search --installed-only
Loading repository data...
Reading installed packages...

S  | Name                              | Summary                                                                  | Type
---+-----------------------------------+--------------------------------------------------------------------------+--------
i+ | aaa_base                          | openSUSE Base Package                                                    | package
i+ | bash                              | The GNU Bourne-Again Shell                                               | package
i  | bash-sh                           | Handle behaviour of /bin/sh                                              | package
i  | boost-license1_82_0               | Boost License                                                            | package
i+ | ca-certificates                   | Utilities for system wide CA certificate installation                    | package
i+ | ca-certificates-mozilla           | CA certificates for OpenSSL                                              | package
i  | compat-usrmerge-tools             | UsrMerge tools                                                           | package
i+ | coreutils                         | GNU Core Utilities                                                       | package
i+ | cracklib-dict-small               | Small dictionary for cracklib, a password checking library               | package
i  | crypto-policies                   | System-wide crypto policies                                              | package
i+ | curl                              | A Tool for Transferring Data from URLs                                   | package
i+ | filesystem                        | Basic Directory Layout                                                   | package
i  | fillup                            | Tool for Merging Config Files                                            | package
i  | findutils                         | The GNU versions of find utilities (find and xargs)                      | package
i  | fips                              | FIPS 140-2 specific packages                                             | pattern
i  | gawk                              | Domain-specific language for text processing                             | package
i+ | glibc                             | Standard Shared Libraries (from the GNU C Library)                       | package
i+ | glibc-locale-base                 | en_US Locale Data for Localized Programs                                 | package
i  | gpg2                              | File encryption, decryption, signature creation and verification utility | package
i  | grep                              | Print lines matching a pattern                                           | package
i+ | gzip                              | GNU Zip Compression Utilities                                            | package
i  | krb5                              | MIT Kerberos5 implementation                                             | package
i  | libabsl2301_0_0                   | C++11 libraries which augment the C++ stdlib                             | package
i  | libacl1                           | A dynamic library for accessing POSIX Access Control Lists               | package
i  | libassuan0                        | IPC library used by GnuPG version 2                                      | package
i  | libattr1                          | A dynamic library for filesystem extended attribute support              | package
i  | libaugeas0                        | A library for changing configuration files                               | package
i  | libboost_thread1_82_0             | Boost.Thread runtime libraries                                           | package
i  | libbrotlicommon1                  | Common Library for Brotli Compression                                    | package
i  | libbrotlidec1                     | Library for Brotli Decompression                                         | package
i  | libbz2-1                          | The bzip2 runtime library                                                | package
i  | libcap2                           | Library for Capabilities (linux-privs) Support                           | package
i  | libcom_err2                       | E2fsprogs error reporting library                                        | package
i  | libcurl4                          | Library for transferring data from URLs                                  | package
i  | libfa1                            | Finite automaton library for Augeas                                      | package
i  | libffi8                           | Foreign Function Interface Library                                       | package
i  | libgcc_s1                         | C compiler runtime library                                               | package
i  | libgcrypt20                       | The GNU Crypto Library                                                   | package
i  | libglib-2_0-0                     | General-Purpose Utility Library                                          | package
i  | libgmp10                          | A library for calculating huge numbers                                   | package
i  | libgpg-error0                     | Library That Defines Common Error Values for All GnuPG Components        | package
i  | libgpgme11                        | Programmatic library interface to GnuPG                                  | package
i  | libidn2-0                         | Support for Internationalized Domain Names (IDN)                         | package
i  | libkeyutils1                      | Key utilities library                                                    | package
i  | libksba8                          | A X.509 Library                                                          | package
i  | libldap2                          | OpenLDAP Client Libraries                                                | package
i  | liblua5_4-5                       | The Lua integration library                                              | package
i  | liblz4-1                          | Hash-based predictive Lempel-Ziv compressor                              | package
i  | liblzma5                          | Lempel–Ziv–Markov chain algorithm compression library                    | package
i  | libmpfr6                          | The GNU multiple-precision floating-point shared library                 | package
i  | libncurses6                       | Terminal control library                                                 | package
i  | libnghttp2-14                     | Shared library for nghttp2                                               | package
i  | libnpth0                          | GNU Portable Threads library                                             | package
i  | libnss_usrfiles2                  | NSS usrfiles plugin for glibc                                            | package
i  | libopenssl3                       | Secure Sockets and Transport Layer Security                              | package
i  | libp11-kit0                       | Library to work with PKCS#11 modules                                     | package
i  | libpcre2-8-0                      | A library for Perl-compatible regular expressions                        | package
i  | libpopt0                          | A C library for parsing command line parameters                          | package
i  | libprocps8                        | The procps library                                                       | package
i  | libprotobuf-lite23_4_0            | Protocol Buffers - Google's data interchange format                      | package
i  | libproxy1                         | Automatic proxy configuration management for applications                | package
i  | libpsl5                           | C library for the Publix Suffix List                                     | package
i  | libreadline8                      | The Readline Library                                                     | package
i  | libsasl2-3                        | Simple Authentication and Security Layer (SASL) library                  | package
i  | libselinux1                       | SELinux runtime library                                                  | package
i  | libsigc-2_0-0                     | Typesafe Signal Framework for C++                                        | package
i  | libsolv-tools                     | Utilities to work with .solv files                                       | package
i  | libsqlite3-0                      | Shared libraries for the Embeddable SQL Database Engine                  | package
i  | libssh-config                     | SSH library configuration files                                          | package
i  | libssh4                           | SSH library                                                              | package
i  | libstdc++6                        | The standard C++ shared library                                          | package
i  | libsystemd0                       | Component library for systemd                                            | package
i  | libtasn1-6                        | ASN.1 parsing library                                                    | package
i  | libudev1                          | Dynamic library to access udev device information                        | package
i  | libunistring5                     | GNU Unicode string library                                               | package
i  | libusb-1_0-0                      | USB Library                                                              | package
i  | libverto1                         | Runtime libraries for libverto                                           | package
i  | libxml2-2                         | A Library to Manipulate XML Files                                        | package
i  | libyaml-cpp0_7                    | YAML parser and emitter in C++                                           | package
i  | libz1                             | Library implementing the DEFLATE compression algorithm                   | package
i  | libzck1                           | Zchunk library                                                           | package
i  | libzstd1                          | Zstd compression library                                                 | package
i  | libzypp                           | Library for package, patch, pattern and product management               | package
i+ | lsb-release                       | Linux Standard Base Release Tools                                        | package
i  | ncurses-utils                     | Tools using the new curses libraries                                     | package
i+ | netcfg                            | Network Configuration Files in /etc                                      | package
i+ | openssl                           | Secure Sockets and Transport Layer Security                              | package
i  | openssl-3                         | Secure Sockets and Transport Layer Security                              | package
i+ | openSUSE                          | openSUSE Tumbleweed                                                      | product
i+ | openSUSE-build-key                | The public gpg keys for rpm package signature verification               | package
i+ | openSUSE-release                  | openSUSE Tumbleweed                                                      | package
i+ | openSUSE-release-appliance-docker | openSUSE Tumbleweed                                                      | package
i  | p11-kit                           | Library to work with PKCS#11 modules                                     | package
i  | p11-kit-tools                     | Library to work with PKCS#11 modules -- Tools                            | package
i+ | patterns-base-fips                | FIPS 140-2 specific packages                                             | package
i  | pinentry                          | Collection of Simple PIN or Passphrase Entry Dialogs                     | package
i  | procps                            | The ps utilities for /proc                                               | package
i  | rpm                               | The RPM Package Manager                                                  | package
i  | rpm-config-SUSE                   | SUSE specific RPM configuration files                                    | package
i  | sed                               | A Stream-Oriented Non-Interactive Text Editor                            | package
i  | system-user-root                  | System user and group root                                               | package
i+ | tar                               | GNU implementation of ((t)ape (ar)chiver)                                | package
i  | terminfo-base                     | A terminal descriptions database                                         | package
i+ | timezone                          | Time Zone Descriptions                                                   | package
i  | xz                                | A Program for Compressing Files with the Lempel–Ziv–Markov algorithm     | package
i+ | zypper                            | Command line software manager using libzypp                              | package
@mlandres mlandres added the bug label Aug 25, 2023
@mlandres
Copy link
Member

mlandres commented Aug 25, 2023
edited 

 i  | fips   | FIPS 140-2 specific packages    pattern

The type column says it's the pattern fips, which is indeed installed, not the package.

bee0de10134d:/ # zypper info pattern:fips
Loading repository data...
Reading installed packages...


Information for pattern fips:
-----------------------------
Repository      : openSUSE-Tumbleweed-Oss
Name            : fips
Version         : 20200505-42.1
Arch            : x86_64
Vendor          : openSUSE
Installed       : Yes (automatically)
Visible to User : Yes
Summary         : FIPS 140-2 specific packages
Description     : 
    This pattern installs the FIPS 140-2 specific packages that complete the various
    cryptographic modules in use. It is required if you want to run the
    machine with "fips=1".

    Please note that this pattern only enables FIPS 140-2 compliant operation, it does
    not directly make the system FIPS 140-2 certified nor validated.

    Please refer to SUSE official statements on the state of FIPS 140-2 certification.
Contents        : 
    S  | Name                  | Type    | Dependency
    ---+-----------------------+---------+-----------
       | dracut-fips           | package | Required
       | libcryptsetup12       | package | Required
       | libcryptsetup12-32bit | package | Required
       | libfreebl3            | package | Required
       | libfreebl3-32bit      | package | Required
    i  | libgcrypt20           | package | Required
       | libgnutls30           | package | Required
       | libgnutls30-32bit     | package | Required
       | libopenssl1_0_0       | package | Required
       | libopenssl1_0_0-32bit | package | Required
       | libopenssl1_1         | package | Required
       | libopenssl1_1-32bit   | package | Required
       | libsoftokn3           | package | Required
       | libsoftokn3-32bit     | package | Required
       | openssh-fips          | package | Required
    i+ | patterns-base-fips    | package | Required
       | strongswan-hmac       | package | Required

But the Contents: list is indeed something we should review. pattern:fips requires patterns-base-fips. The remaining packages are expanded requirements of patterns-base-fips, which is intended.
But the required dracut-fips e.g. is indeed a conditional dependency (dracut-fips if dracut). Because dracut is not installed, the requirement is fulfilled without dracut-fips being installed. The truncated form shown in the table is pretty missleading.

@bwoodsend
Copy link
Author

Ahh, I see. zypper search is juggling more than just packages. A --type=package flag gives me what I was really looking for.

It's slightly unfortunate that all 3 of the different types listed are 7 characters and start with p. I might have figured this out for myself if glancing at that Type column didn't have me thinking it just package everywhere and ignoring it.

@luc14n0
Copy link

luc14n0 commented Aug 25, 2023

Yeah, if someone doesn't know about Patterns beforehand, looking at Zypper's output without squinting our eyes will get us fooled, almost certainly 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mlandres @bwoodsend @luc14n0