Bug 1212826 - SLES 15 upgrade documentation instructs to use a concerning command post-upgrade that can remove system critical packages
Summary: SLES 15 upgrade documentation instructs to use a concerning command post-upgr...
Status: RESOLVED FIXED
Alias: None
Product: Documentation
Classification: Non-product-specific documentation
Component: SLE Family (show other bugs)
Version: unspecified
Hardware: All SLES 15
: P5 - None : Normal
Target Milestone: ---
Assignee: Christoph Wickert
QA Contact: Tanja Roth
URL:
Whiteboard: https://jira.suse.com/browse/DOCTEAM-...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-06-28 20:09 UTC by Blake Rutledge
Modified: 2023-12-15 16:20 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
output of zypper packages --orphaned --unneeded (39.80 KB, text/plain)
2023-06-28 20:09 UTC, Blake Rutledge 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Blake Rutledge 2023-06-28 20:09:01 UTC 
Created attachment 867866 [details]
output of zypper packages --orphaned --unneeded

In section 6.1.1 of https://documentation.suse.com/sles/15-SP4/html/SLES-all/cha-upgrade-finish.html the documentation suggests to run:

sudo zypper rm $(zypper --no-refresh packages --orphaned --unneeded | gawk '{print $5}' | tail -n +5)

to clean up orphaned and "unneeded" packages. The issue that I have seen in testing this is that, if run blindly, this command can remove important packages such as sudo. I worked with a customer who did this. This is typically an issue when upgrading to a new version or multiple service packs ahead of the system you are upgrading. 

To be fair, the documentation does state to use 

zypper packages --orphaned --unneeded

to determine what packages are still needed and which can be safely removed however, there is not a clear warning that certain packages flagged as "unneeded" can still be critical to the system's general functionality. 

The documentation does state here https://documentation.suse.com/sles/15-SP4/html/SLES-all/cha-update-preparation.html in section 3.5 that not all installed packages or used repositories are available in newer releases of SUSE Linux Enterprise. Some may have been renamed and others replaced. Which explains why some packages get flagged as orphaned or unneeded. The issue usually arises from packages flagged as "unneeded". I assume zypper flags packages as unneeded as the result of a dependency the package was relying on previously no longer being installed. I'm asking for clarification on how zypper's logic works for unneeded. 

Ultimately, I am asking if there should be a larger warning about the dangers of running this cleanup command blindly and directions on how to determine if a packages repository has been either removed or if the packages repository has changed. 

I have attached an example of what can be removed if upgrading from SLES12SP5 to SLES15SP4 as a result of this command. You'll notice that many of the packages that can be removed are coming from the basesystem repository which is concerning.
Comment 1 Blake Rutledge 2023-06-28 20:25:52 UTC 
I will add that there are more precise ways to employ this command

To excludea single package or pattern from being uninstalled

sudo zypper rm $(zypper --no-refresh packages --orphaned --unneeded | gawk '{print $5}' | tail -n +5 | grep -v <package to exclude>)

To exclude multiple packages defined in a text file, separated by a newline

sudo zypper rm $(zypper --no-refresh packages --orphaned --unneeded | gawk '{print $5}' | tail -n +5 | grep -v -f packages_to_keep.txt)

<Credit to engineer Samuel Snow for these>
Comment 2 Tanja Roth 2023-07-21 15:59:14 UTC 
Thank you for filing this bug report, Blake! It is being tracked and processed as part of our queue. I have reassigned it our maintainer of the Upgrade Guide, he will take a look after he is back from vacation.
Comment 3 Christoph Wickert 2023-12-15 14:57:03 UTC 
(In reply to Blake Rutledge from comment #0)
> I assume zypper flags packages as unneeded as the
> result of a dependency the package was relying on previously no longer being
> installed. I'm asking for clarification on how zypper's logic works for
> unneeded.

zyppers logic basically is
1. Packages are either installed explicitly by the user or implicitly as dependency.
2. explicitly: installed by the user or as part of a pattern or product.
3. implicitly: dependency (required, recommended, or suggested) of an explicitly installed package.

To keep track of of the installed dependencies, zypper writes /var/lib/zypp/AutoInstalled.

Problems occur when
1. This file is removed: everything is considered installed implicitly (?)
2. Patterns change: A package was part of a pattern in one release but is no longer in the next. The package will no longer be considered installed implicitly and might get removed when cleaning up without care.

For further details, refer to https://github.com/openSUSE/libsolv/blob/master/src/cleandeps.c
Comment 4 Christoph Wickert 2023-12-15 16:20:05 UTC 
Fixed in
main: https://github.com/SUSE/doc-sle/commit/2834485a
maintenance/SLE15SP5: https://github.com/SUSE/doc-sle/commit/5cf0b58c
maintenance/SLE15SP4: https://github.com/SUSE/doc-sle/commit/dde24d4c

Will go live next Thursday. Feedback welcome in the meantime!