RPM 6.0.0 ALPHA Release Notes (DRAFT)

Download

  • Source: rpm-5.99.90.tar.bz2
  • SHA256SUM: e2ec9e2da4b162999e0e8cba198f79fbefe75f200cf71594ff83882e83ec89f5

Changes since RPM 4.20.1:

Overview

  • RPM defaults to enforcing signature checking (#1573)
  • RPM uses the full key ID or fingerprint to identify OpenPGP keys everywhere (#2403)
  • Support for multiple OpenPGP signatures per package (#3385)
  • Support for updating previously imported keys (#2577)
  • Support for both RPM v4 and v6 packages
  • Support for installing RPM v3 packages has been removed (#1107)
  • By default, RPM no longer verifies obsolete crypto (MD5, SHA1, DSA) (#1292)
  • Man page overhaul (work in progress as of 6.0 alpha)
  • Pristine and verifiable release tarballs (#3565) (#2702)

General Use

  • Several enhancements to rpmkeys(8):
    • rpmkeys --import can now be used to update keys. (#2577) This also updates the key handle from a short ambiguous key id to full fingerprint.
    • rpmkeys --export added for exporting keys
    • rpmkeys --checksig, --list, --delete use and expect full fingerprint of the keys (#3360)
    • rpmkeys works identically with all keystore backends
    • rpmkeys --rebuild can be used to rebuild the keystore contents and move between different keystore backends (#3347)
  • Several enhancements to rpmsign(1):
    • rpmsign can use either GnuPG or Sequoia-sq for signing (controlled by %_openpgp_sign macro (gpg or sq))
    • rpmsign --addsign always adds a new signature (arbitrary number of signatures supported now)
    • rpmsign --resign replaces all existing signatures with a new one
  • New query tag extensions (e.g. with --qf <format>):
    • rpmformat for determining package format version (3/4/6)
    • openpgp for managing all supported OpenPGP signature types
  • New --filemime query alias for querying per-file MIME info
  • Consistent terminology and case usage in signature and key messages
    • OpenPGP signatures are called OpenPGP in output
    • RPM v3 header+payload signatures are called “legacy” in output
  • Man page overhaul (WIP):
    • Update all manual pages to a new consistent style (#3669)
    • Add man pages for all major components and file formats (#3612)
    • Move end-user commands to section 1
    • Many previously undocumented things covered, many errors fixed

Packaging

  • rpmbuild(1) now supports generating two different package formats (controlled by %_rpmformat macro):
    • RPM v6
      • All file sizes and related limits are 64bit
      • Crypto modernization
      • MIME file info
      • Widely compatible with RPM >= 4.14
    • RPM v4
      • Bit-per-bit compatible with packages produced by RPM 4.x
  • rpmbuild(1) can now automatically sign packages if %_openpgp_autosign_id macro is defined (#2678)
  • New command rpm-setup-autosign(1) added for easy auto-signing configuration (#3522)
  • New %{span:...} macro to make defining multi-line macros nicer
  • New %{xdg:...} macro for evaluating XDG base directories
  • Fix architecture checking accidentally moved after build (#3569)
  • Fix buildsys specific %prep section not accepted (#3635)
  • Fix check-rpaths brp script when both RPATH and RUNPATH exist (#3667)
  • brp-elfperms buildroot policy script was removed (#3195)

API Changes

  • New functions related to rpmKeyring:
    • rpmKeyringInitIterator(), rpmKeyringIteratorNext(), rpmKeyringIteratorFree() for iterating over keyring contents
    • rpmKeyringVerifySig2()
    • rpmKeyringLookupKey() for finding a key in a keyring
    • rpmKeyringModify()
  • New functions related to rpmPubkey:
    • rpmPubkeyFingperint(), rpmPubkeyFingerprintAsHex(), rpmPubkeyKeyIDAsHex() and rpmPubkeyArmorWrap() accessors
    • rpmPubkeyMerge() for merging two pubkeys describing the same key
  • New functions for managing transaction permanent keystore:
    • rpmtxnImportPubkey() for importing keys
    • rpmtxnDeletePubkey() for deleting pubkey’s from transaction keystore
    • rpmtxnRebuildKeystore() for rebuilding transaction keystore
  • New flags to control rpmSign() operation added: RPMSIGN_FLAG_RESIGN, RPMSIGN_FLAG_RPMV4, RPMSIGN_FLAG_RPMV6
  • New identifiers related to multiple signature support added:
    • RPMTAG_OPENPGP rpm tag
    • RPMSIGTAG_OPENPGP signature header tag (alias to RPMTAG_OPENPGP)
    • RPMVSF_NOOPENPGP verification flag
  • New rpm tags: RPMTAG_PAYLOADSIZE, RPMTAG_PAYLOADSIZEALT, RPMTAG_RPMFORMAT, RPMTAG_FILEMIMEINDEX, RPMTAG_MIMEDICT, RPMTAG_FILEMIMES
  • New identifiers related to SHA-3 added: RPM_HASH_SHA3_256, RPM_HASH_SHA3_512
  • New symbols related to MIME types in v6 packages:
    • rpmfilesFMime(), rpmfiFMime() for retrieving per-file MIME info
    • RPMFI_NOFILEMIME flag to control behavior
  • New OpenPGP identifiers related to RFC-9580 added
  • rpmtsAddInstallElement() returns 3 on unsupported package format

Internal Improvements

  • RPM is now built as C++20 code (except for plugins and Python bindings)
    • More background available in the initial announcement
    • All relevant sources have been renamed to .cc or .hh extension
    • Many dynamic data structures moved to STL and other similar refactorings
  • Numerous improvements to the test-suite
    • Simplify test creation
  • Add an actual keystore abstraction
  • New openpgp.cert.d based keystore (experimental) (#3341)
  • New make site build target for easy local rendering of documentation
  • Make reference counting atomic throughout the codebase
  • Fix keystore reads lacking transaction lock
  • Fix a race condition in rpmioMkpath() (#3508)
  • Fix recursion depth for macro error message (#3197)
  • Fix empty password field in passwd/group causing entry to be ignored (#3594)
  • Fix built-in macros not usable before loading macro files (#3638)
  • Drop gpg(keyid) provides from gpg-pubkey headers (#3360)
  • Eliminate various internal symbols accidentally leaking to the ABI
  • Optimize rpmlog() locking

Building RPM

  • A C++20 compiler is now required in addition to a C99 compiler, but C++20 modules support is not required.
  • scdoc man page generator is now required for building RPM
  • Pre-built API documentation is no longer shipped in the release tarballs. Building it is optional, but Doxygen is required for doing so. Pre-built API documentation for all releases can be found in https://ftp.rpm.org/api/

Compatibility Notes

Package format

  • Support for installing RPM v3 packages has been removed. (#1107) They can still be queried and also unpacked with rpm2cpio(1).
  • RPM v4 packages remain fully supported, but:
    • In the default configuration, packages built with RPM < 4.14.0 cannot be verified due to their use of weak, obsolete MD5 and SHA1 digests. For strongly signed packages, this can be worked around by changing %_pkgverify_level to signature so the weak digests are simply ignored. If verifying the weak digests is necessary, the RPM 4.x behavior can be restored by setting %_pkgverify_flags to 0.
  • RPM v6 packages
    • Can be queried with RPM >= 4.6
    • Can be unpacked with RPM >= 4.12
    • Can be verified and installed with RPM >= 4.14 (with caveats/limitations)
  • Lua posix.fork() family of calls, deprecated in 4.20, is disabled in packages built with RPM >= 6.0. They continue to function in packages built by RPM <= 4.20 however.

Other

  • Package signing key configuration differs from the past. To support other implementations besides GnuPG, the signer ID is now set via %_openpgp_sign_id macro, which defaults to %{?_gpg_name} for backwards compatibility.
  • The low-level package signing macros are now parametric, any custom %__gpg_sign_cmd overrides will simply not work as such. Users are encouraged to look into dropping such overrides rather than just updating, most such overrides haven’t been necessary in a long time.
  • %_passwd_path and %_group_path are now treated as colon separated paths to allow using multiple files as the source of NSS information (e.g. with nss-altfiles)
  • --pkgid and --hdrid query sources CLI-switches have been dropped (#2633)