Errors when refreshing repositories can lead to unintended vendor changes

[Martchus]

When calling zypper dup repositories are refreshed before the actual update (depending on the configuration of course). If repositories can not be refreshed they are ignored and the update is continued anyways. That behavior is rather dangerous as it can lead to unintended vendor changes.

This ticket gives and example: https://progress.opensuse.org/issues/112595#Observation Here we generally want vendor changes to happen (in case we add/remove packages in our custom repo) so we generally allow vendor changes and run and everything happens unattended for the sake of automation. That we might end up with a completely unintended vendor changes because one configured repository is not considered at all is quite dangerous. It woulds be much safer if zypper would abort when refreshing doesn't work.

One can easily reproduce this by e.g. breaking one repository URL (of a repository where auto-update is enabled) and calling zypper dup. E.g. here zypper just skipped the repo and continued instead of aborting due to the error leading zypper to propose an unwanted vendor change:

sudo -E LANG=en_US.utf8 zypper dup
Retrieving repository 'mkittler' metadata ...........................................................................................................................................................................................................................................................................[error]
Repository 'mkittler' is invalid.
[mkittler|http://download.opensuse.org/repositories/home:/mkittler/openSUSE_Tumbleweed2] Valid metadata not found at specified URL
History:
 - [mkittler|http://download.opensuse.org/repositories/home:/mkittler/openSUSE_Tumbleweed2] Repository type can't be determined.

Please check if the URIs defined for this repository are pointing to a valid repository.
Warning: Skipping repository 'mkittler' because of the above error.
Some of the repositories have not been refreshed because of an error.
Loading repository data...
Reading installed packages...
Warning: You are about to do a distribution upgrade with all enabled repositories. Make sure these repositories are compatible before you continue. See 'man zypper' for more information about this command.
Computing distribution upgrade...

Problem: problem with the installed rapidjson-devel-1.1.0-9.1.noarch
 Solution 1: install rapidjson-devel-1.1.0+git20211015.4d6cb081-1.3.x86_64 from vendor openSUSE
  replacing rapidjson-devel-1.1.0-9.1.noarch from vendor obs://build.opensuse.org/home:mkittler
 Solution 2: keep obsolete rapidjson-devel-1.1.0-9.1.noarch

Choose from above solutions by number or cancel [1/2/c/d/?] (c):

[Martchus]

This limitation impacted us again: https://progress.opensuse.org/issues/150845

Here many important packages have been uninstalled completely and if would have helped if zypper had aborted after refreshing didn't work.

[mlandres]

Maybe we can change this legacy behavior for 15.6/TW.

[Martchus]

So there's already a switch to change this behavior?

[mlandres]

No, we need to create one to be strict/relaxed.