RPM 6.0.0

Download

• Source: rpm-6.0.0.tar.bz2
• SHA256SUM: 14abb1b944476788d90005d8d61d5d30fce80d9f0de11eb657b14e5c9ef27441

Changes since 4.20.1

Overview

• Support for both RPM v4 and v6 packages (see Compatibility Notes)
• Support for multiple OpenPGP signatures per package (#3385)
• Support for OpenPGP v6 and PQC keys and signatures (#3363)
• Support for updating previously imported keys (#2577)
• Support for installing RPM v3 packages has been removed (#1107)
• RPM defaults to enforcing signature checking (#1573)
• RPM uses the full key ID or fingerprint to identify OpenPGP keys everywhere (#2403)
• Man page and other documentation overhaul (#3612, #3669, #3751)
• Pristine and verifiable release tarballs (#3565) (#2702)

General Use

• Several enhancements to rpmkeys(8):
  • rpmkeys --import can now be used to update keys (#2577). This also updates the key handle from a short ambiguous key id to full fingerprint.
  • rpmkeys --import now also works from a pipe
  • rpmkeys --export added for exporting keys
  • rpmkeys --checksig, --list, --delete use and expect full fingerprint of the keys (#3360)
  • rpmkeys works identically with all keystore backends
  • rpmkeys --rebuild can be used to rebuild the keystore contents and move between different keystore backends (#3347)
  • rpmkeys key lookup is now case-insensitive
• Several enhancements to rpmsign(1):
  • rpmsign can use either GnuPG or Sequoia-sq for signing (controlled by %_openpgp_sign macro (gpg or sq))
  • rpmsign --addsign no longer replaces existing signatures. Arbitrary number of signatures can be added on v6 packages by default and on v4 packages, with --rpmv6
  • rpmsign --resign replaces all existing signatures with a new one
• New query tag extensions (e.g. with --qf <format>):
  • rpmformat for determining package format version (3/4/6)
  • openpgp for managing all supported OpenPGP signature types
• New query formatter :hashalgo for displaying hash algorithm names
• New --filemime query alias for querying per-file MIME info
• Consistent terminology and case usage in signature and key messages
  • OpenPGP signatures are called OpenPGP in output
  • RPM v3 header+payload signatures are called “legacy” in output
• New feature to calculate a set of configurable digests on verification and safe them in the rpmdb. This can help identifying the originating package file. (RHEL-35619)
• Fix scriptlet errors not reflected in transaction result code (#2581)
• Fix %triggerprein and %triggerun not failing the associated install/erase operation (#3815)
• Fix --hash, --percent and --test not working with --restore (#3917)
• Fix a segfault and memory leaks in rpmgraph(1) (#3925)
• Fix rpm2archive(1) using the same suffix for tar and cpio (#3922)
• Man page overhaul (WIP):
  • Update all manual pages to a new consistent style with examples (#3669)
  • Add man pages for all major components and file formats (#3612)
    • rpm-config(5)
    • rpm-rpmrc(5)
    • rpm-macrofile(5)
    • rpm-manifest(5)
    • rpm-lua(7)
    • rpm-macros(7)
    • rpm-payloadflags(7)
    • rpm-queryformat(7)
    • rpm-version(7)
    • rpmuncompress(1)
  • Move end-user commands to section 1
  • Many previously undocumented things covered, many errors fixed
• Versioned documentation on https://rpm.org/docs/
  • Man pages
  • Reference manual
  • API docs

Packaging

• rpmbuild(1) now supports generating two different package formats, controlled by %_rpmformat macro value 6/4:
  • RPM v6
  • RPM v4
• rpmbuild(1) can now automatically sign packages if %_openpgp_autosign_id macro is defined (#2678)
• New command rpm-setup-autosign(1) added for easy auto-signing configuration (#3522)
• New %{span:...} macro to make defining multi-line macros nicer
• New %{xdg:...} macro for evaluating XDG base directories
• Add support for E2K architecture
• Fix sources and patches stored in reverse order in the header (#3014)
• Fix Lua rpm.glob() not honoring the c argument (#3794)
• Fix architecture checking accidentally moved after build (#3569)
• Fix buildsys specific %prep section not accepted (#3635)
• Fix check-rpaths brp script when both RPATH and RUNPATH exist (#3667)
• Fix a memory leak in rpmspec --shell
• Fix 4.20 regression on rpmbuild -rs failing on non-existent directory (#3682)
• Fix an extra newline printed on rpm --eval
• Fix a segfault on invalid dependency generator output in multi mode (#3821)
• Fix brp-strip-comment-note failure due to a race condition
• brp-elfperms buildroot policy script was removed (#3195)
• Drop support for obsolete --nodirtokens rpmbuild(1) switch (#3927)

API Changes

• New functions related to rpmKeyring:
  • rpmKeyringInitIterator(), rpmKeyringIteratorNext(), rpmKeyringIteratorFree() for iterating over keyring contents
  • rpmKeyringVerifySig2()
  • rpmKeyringLookupKey() for finding a key in a keyring
  • rpmKeyringModify()
• New functions related to rpmPubkey:
  • rpmPubkeyFingperint(), rpmPubkeyFingerprintAsHex(), rpmPubkeyKeyIDAsHex() and rpmPubkeyArmorWrap() accessors
  • rpmPubkeyMerge() for merging two pubkeys describing the same key
• New functions for managing transaction permanent keystore:
  • rpmtxnImportPubkey() for importing keys
  • rpmtxnDeletePubkey() for deleting pubkey’s from transaction keystore
  • rpmtxnRebuildKeystore() for rebuilding transaction keystore
• New flags to control rpmSign() operation added: RPMSIGN_FLAG_RESIGN, RPMSIGN_FLAG_RPMV4, RPMSIGN_FLAG_RPMV6
• New functions for controlling per-package verification level:
  • rpmteVfyLevel() and rpmteSetVfyLevel()
  • te.VfyLevel() and te.SetVfyLevel() in the Python bindings
• New identifiers related to multiple signature support added:
  • RPMTAG_OPENPGP rpm tag
  • RPMSIGTAG_OPENPGP signature header tag (alias to RPMTAG_OPENPGP)
  • RPMVSF_NOOPENPGP verification flag
• New rpm tags: RPMTAG_PAYLOADSIZE, RPMTAG_PAYLOADSIZEALT, RPMTAG_RPMFORMAT, RPMTAG_FILEMIMEINDEX, RPMTAG_MIMEDICT, RPMTAG_FILEMIMES, RPMTAG_SOURCENEVR, RPMTAG_PAYLOADSHA512, RPMTAG_PAYLOADSHA512ALT, RPMTAG_PAYLOADSHA3_256, RPMTAG_PAYLOADSHA3_256ALT, RPMTAG_SHA3_256HEADER
• Renamed rpm tags:
  • RPMTAG_PAYLOADDIGEST to RPMTAG_PAYLOADSHA256
  • RPMTAG_PAYLOADDIGESTALT to RPMTAG_PAYLOADSHA256ALT
  • RPMTAG_PAYLOADDIGESTALGO to RPMTAG_PAYLOADSHA256ALGO (obsolete)
• New identifiers related to SHA-3 added: RPM_HASH_SHA3_256, RPM_HASH_SHA3_512
• New symbols related to MIME types in v6 packages:
  • rpmfilesFMime(), rpmfiFMime() for retrieving per-file MIME info
  • RPMFI_NOFILEMIME flag to control behavior
• New OpenPGP identifiers related to RFC-9580 added
• New pgpDigParamsSalt() function retrieving OpenPGP v6 signature pre-salt (#3846)
• New rpmDigestBundleUpdateID() function for updating individual ID’s in a digest bundle (#3845)
• rpmtsAddInstallElement() returns 3 on unsupported package format
• fdSize() returns an error on non-regular files

Internal Improvements

• RPM is now built as C++20 code (except for plugins and Python bindings)
  • More background available in the initial announcement
  • All relevant sources have been renamed to .cc or .hh extension
  • Many dynamic data structures moved to STL and other similar refactorings
• Numerous improvements to the test-suite
  • Simplify test creation
• Add an actual keystore abstraction
• New openpgp.cert.d based keystore (experimental) (#3341)
• New make site build target for easy local rendering of documentation
• Make reference counting atomic throughout the codebase
• Make the test-suite image toolbox(1) ready
• Support underscores in RPMTAG names
• Fix 4.20 regression signature size reservation not being used (#3768)
• Fix alternatives mechanism unintentionally kicking in for signatures (#3872)
• Fix keystore reads lacking transaction lock
• Fix a race condition in rpmioMkpath() (#3508)
• Fix recursion depth for macro error message (#3197)
• Fix empty password field in passwd/group causing entry to be ignored (#3594)
• Fix built-in macros not usable before loading macro files (#3638)
• Fix fdSize() failure handling in rpmSign()
• Fix pseudo-tags without an associated type showing up in –querytags
• Fix rpm install prefix not honored in the legacy find-provides and find-requires dependency generator scripts
• Fix Python reference leaks related to archive handling
• Fix non-deterministic storage of dependency information in packages (#1056)
• Fix sysusers script escaping chroot for u! entires
• Fix RPM 4.19 regression on failed update return code (#3718)
• Issue a warning on macrofiles entry in an rpmrc (#3901)
• Recreate the transaction lock file after --rebuilddb (#3886)
• Drop gpg(keyid) provides from gpg-pubkey headers (#3360)
• Eliminate various internal symbols accidentally leaking to the ABI
• Eliminate uses of non-portable signal(2) API (#3688)
• Optimize rpmlog() locking
• Python bindings:
  • Support Python module isolation (RhBug:2327289)
  • Fix some resource leaks, run tests with ASAN

Building RPM

• A C++20 compiler is now required in addition to a C99 compiler, but C++20 modules support is not required.
• rpm-sequoia >= 1.9.0 is now required for building with Sequoia (default)
• Python >= 3.10 is now required for building the Python bindings
• scdoc man page generator is now required for building RPM
• Pre-built API documentation is no longer shipped in the release tarballs. Building it is optional, but Doxygen is required for doing so. Pre-built API documentation for all releases can be found in https://ftp.rpm.org/api/

Compatibility Notes

Package format

• New RPM v6 package format
  • All file sizes and related limits are 64bit
  • Crypto modernization
    • Obsolete crypto (MD5 and SHA1) dropped
    • SHA3-256 header digest added (#3797)
    • SHA512 and SHA3-256 payload digests added (#3642, #3894)
  • Per-file MIME info
  • Widely compatible with RPM >= 4.14
  • The “external” dependency generator mode no longer supported with v6 packages (#2373)
  • rpmlib() dependencies for pre-4.6 features removed to reduce clutter (#3854)
  • Can be queried with RPM >= 4.6
  • Can be unpacked with RPM >= 4.12
  • Can be verified and installed with RPM >= 4.14 (with caveats/limitations)
• RPM v4 packages:
  • Built packages are identical to those generated by RPM 4.x versions
  • Remain fully supported
  • In the default configuration, packages built with RPM < 4.14.0 cannot be verified due to their use of weak, obsolete MD5 and SHA1 digests. For strongly signed packages, this can be worked around by changing %_pkgverify_level to signature so the weak digests are simply ignored. If verifying the weak digests is necessary, the RPM 4.x behavior can be restored by setting %_pkgverify_flags to 0.
• Support for installing RPM v3 packages has been removed. (#1107) They can still be queried and also unpacked with rpm2cpio(1).
• RPM defaults to building v6 packages, this can be changed with the %_rpmformat macro.
• Lua posix.fork() family of calls, deprecated in 4.20, is disabled in packages built with RPM >= 6.0. They continue to function in packages built by RPM <= 4.20 however.

Other

• Package signing key configuration differs from the past. To support other implementations besides GnuPG, the signer ID is now set via %_openpgp_sign_id macro, which defaults to %{?_gpg_name} for backwards compatibility.
• The low-level package signing macros are now parametric, any custom %__gpg_sign_cmd overrides will simply not work as such. Users are encouraged to look into dropping such overrides rather than just updating, most such overrides haven’t been necessary in a long time.
• %_passwd_path and %_group_path are now treated as colon separated paths to allow using multiple files as the source of NSS information (e.g. with nss-altfiles)
• --pkgid and --hdrid query CLI-switches have been dropped (#2633)