RPM 6.0.0 ALPHA

What's Changed

Overview

• RPM defaults to enforcing signature checking (#1573)
• RPM uses the full key ID or fingerprint to identify OpenPGP keys everywhere (#2403)
• Support for multiple OpenPGP signatures per package (#3385)
• Support for updating previously imported keys (#2577)
• Support for both RPM v4 and v6 packages
• Support for installing RPM v3 packages has been removed (#1107)
• By default, RPM no longer verifies obsolete crypto (MD5, SHA1, DSA) (#1292)
• Man page overhaul (work in progress as of 6.0 alpha)
• Pristine and verifiable release tarballs (#3565) (#2702)

General Use

• Several enhancements to rpmkeys(8):
  • rpmkeys --import can now be used to update keys (#2577). This also updates the key handle from a short ambiguous key id to full fingerprint.
  • rpmkeys --export added for exporting keys
  • rpmkeys --checksig, --list, --delete use and expect full fingerprint of the keys (#3360)
  • rpmkeys works identically with all keystore backends
  • rpmkeys --rebuild can be used to rebuild the keystore contents and move between different keystore backends (#3347)
• Several enhancements to rpmsign(1):
  • rpmsign can use either GnuPG or Sequoia-sq for signing (controlled by %_openpgp_sign macro (gpg or sq))
  • rpmsign --addsign always adds a new signature (arbitrary number of signatures supported now)
  • rpmsign --resign replaces all existing signatures with a new one
• New query tag extensions (e.g. with --qf <format>):
  • rpmformat for determining package format version (3/4/6)
  • openpgp for managing all supported OpenPGP signature types
• New --filemime query alias for querying per-file MIME info
• Consistent terminology and case usage in signature and key messages
  • OpenPGP signatures are called OpenPGP in output
  • RPM v3 header+payload signatures are called "legacy" in output
• Man page overhaul (WIP):
  • Update all manual pages to a new consistent style (#3669)
  • Add man pages for all major components and file formats (#3612)
  • Move end-user commands to section 1
  • Many previously undocumented things covered, many errors fixed

Packaging

• rpmbuild(1) now supports generating two different package formats (controlled by %_rpmformat macro):
  • RPM v6
    • All file sizes and related limits are 64bit
    • Crypto modernization
    • MIME file info
    • Widely compatible with RPM >= 4.14
  • RPM v4
    • Bit-per-bit compatible with packages produced by RPM 4.x
• rpmbuild(1) can now automatically sign packages if %_openpgp_autosign_id macro is defined (#2678)
• New command rpm-setup-autosign(1) added for easy auto-signing configuration (#3522)
• New %{span:...} macro to make defining multi-line macros nicer
• New %{xdg:...} macro for evaluating XDG base directories
• Fix architecture checking accidentally moved after build (#3569)
• Fix buildsys specific %prep section not accepted (#3635)
• Fix check-rpaths brp script when both RPATH and RUNPATH exist (#3667)
• brp-elfperms buildroot policy script was removed (#3195)

API Changes

• New functions related to rpmKeyring:
  • rpmKeyringInitIterator(), rpmKeyringIteratorNext(), rpmKeyringIteratorFree() for iterating over keyring contents
  • rpmKeyringVerifySig2()
  • rpmKeyringLookupKey() for finding a key in a keyring
  • rpmKeyringModify()
• New functions related to rpmPubkey:
  • rpmPubkeyFingperint(), rpmPubkeyFingerprintAsHex(), rpmPubkeyKeyIDAsHex() and rpmPubkeyArmorWrap() accessors
  • rpmPubkeyMerge() for merging two pubkeys describing the same key
• New functions for managing transaction permanent keystore:
  • rpmtxnImportPubkey() for importing keys
  • rpmtxnDeletePubkey() for deleting pubkey's from transaction keystore
  • rpmtxnRebuildKeystore() for rebuilding transaction keystore
• New flags to control rpmSign() operation added: RPMSIGN_FLAG_RESIGN, RPMSIGN_FLAG_RPMV4, RPMSIGN_FLAG_RPMV6
• New identifiers related to multiple signature support added:
  • RPMTAG_OPENPGP rpm tag
  • RPMSIGTAG_OPENPGP signature header tag (alias to RPMTAG_OPENPGP)
  • RPMVSF_NOOPENPGP verification flag
• New rpm tags: RPMTAG_PAYLOADSIZE, RPMTAG_PAYLOADSIZEALT, RPMTAG_RPMFORMAT, RPMTAG_FILEMIMEINDEX, RPMTAG_MIMEDICT, RPMTAG_FILEMIMES
• New identifiers related to SHA-3 added: RPM_HASH_SHA3_256, RPM_HASH_SHA3_512
• New symbols related to MIME types in v6 packages:
  • rpmfilesFMime(), rpmfiFMime() for retrieving per-file MIME info
  • RPMFI_NOFILEMIME flag to control behavior
• New OpenPGP identifiers related to RFC-9580 added
• rpmtsAddInstallElement() returns 3 on unsupported package format

Internal Improvements

• RPM is now built as C++20 code (except for plugins and Python bindings)
  • More background available in the initial announcement
  • All relevant sources have been renamed to .cc or .hh extension
  • Many dynamic data structures moved to STL and other similar refactorings
• Numerous improvements to the test-suite
  • Simplify test creation
• Add an actual keystore abstraction
• New openpgp.cert.d based keystore (experimental) (#3341)
• New make site build target for easy local rendering of documentation
• Make reference counting atomic throughout the codebase
• Fix keystore reads lacking transaction lock
• Fix a race condition in rpmioMkpath() (#3508)
• Fix recursion depth for macro error message (#3197)
• Fix empty password field in passwd/group causing entry to be ignored (#3594)
• Fix built-in macros not usable before loading macro files (#3638)
• Drop gpg(keyid) provides from gpg-pubkey headers (#3360)
• Eliminate various internal symbols accidentally leaking to the ABI
• Optimize rpmlog() locking

Building RPM

• A C++20 compiler is now required in addition to a C99 compiler, but C++20 modules support is not required.
• scdoc man page generator is now required for building RPM
• Pre-built API documentation is no longer shipped in the release tarballs. Building it is optional, but Doxygen is required for doing so. Pre-built API documentation for all releases can be found in https://ftp.rpm.org/api/

Compatibility Notes

Package format

• Support for installing RPM v3 packages has been removed. (#1107) They can still be queried and also unpacked with rpm2cpio(1).
• RPM v4 packages remain fully supported, but:
  • In the default configuration, packages built with RPM < 4.14.0 cannot be verified due to their use of weak, obsolete MD5 and SHA1 digests. For strongly signed packages, this can be worked around by changing %_pkgverify_level to signature so the weak digests are simply ignored. If verifying the weak digests is necessary, the RPM 4.x behavior can be restored by setting %_pkgverify_flags to 0.
• RPM v6 packages
  • Can be queried with RPM >= 4.6
  • Can be unpacked with RPM >= 4.12
  • Can be verified and installed with RPM >= 4.14 (with caveats/limitations)
• Lua posix.fork() family of calls, deprecated in 4.20, is disabled in packages built with RPM >= 6.0. They continue to function in packages built by RPM <= 4.20 however.

Other

• Package signing key configuration differs from the past. To support other implementations besides GnuPG, the signer ID is now set via %_openpgp_sign_id macro, which defaults to %{?_gpg_name} for backwards compatibility.
• The low-level package signing macros are now parametric, any custom %__gpg_sign_cmd overrides will simply not work as such. Users are encouraged to look into dropping such overrides rather than just updating, most such overrides haven't been necessary in a long time.
• %_passwd_path and %_group_path are now treated as colon separated paths to allow using multiple files as the source of NSS information (e.g. with nss-altfiles)
• --pkgid and --hdrid query sources CLI-switches have been dropped (#2633)

The tarball is available at https://rpm.org/releases/6.0.0 and is also attached below as a convenience.