RPM 4.14.0 ALPHA Draft Release Notes

Download information

Summary of changes from RPM 4.13.0

General bugfixes and enhancements

  • Numerous documentation enhancements
  • Add support for RISCV-64
  • Optional coloring of error messages and warnings

Command line

  • Don’t accept dash (‘-‘) in manifest files
  • Make use of option -p for querying package files optional (trac:28)
  • Add alias -P for –provides for symmetry with -R/–requires
  • Add –changes option to show changelog with full timestamps
  • Add –builtrpms query option to rpmspec (RhBug:961833)
  • Fix –noplugins to work with -V/–verify
  • Fix –noghost query/verify filter option (RhBug:1306438, RhBug:1395818))
  • Add –noconfig query/verify filter option (RhBug:1373022)
  • Don’t write archive data to a terminal from rpm2cpio and rpm2archive
  • Add –trace option to enable macro %trace from the command line
  • Add –nocaps option to allow disabling file capabilities (RhBug:648654)
  • Add –target as a global option
  • Simplify/clarify signature checking output in non-verbose mode


  • Backup and overwrite files when they stop being %config (RhBug:1263859)
  • Improve rename() failure message and handling (RhBug:1177479)
  • Do not permit excluding %license files via install policies (RhBug:1333509)
  • Normalize dubiously large fs blocksizes to 4096 (SuseBug:894610, SuseBug:829717, SuseBug:965322, RhBug:847960, RhBug:1397569, …)
  • Order by weak and reverse dependencies also (RhBug:1330668)
  • Block signals during write-transactions (RhBug:???, …)
  • Fix support for old packages with missing digest for empty files (RhBug:1352222)
  • Add a configurable mode to minimize writes (at expense of more reads) to conserve SSD’s (RhBug:783480)
  • Automatically minimize writes for %config files


  • Fix segfault on incorrect data type to shell escape formatting
  • Fix expand query format to work with all string types
  • Fix date formatting buffer too small for some locales (RhBug:1425231)
  • Restore 4.12 behaviour of –qf wrt single value tags in [ ] loops

Package building


  • Support for with/without rich dependencies
  • Support Ruby Gems in %setup
  • Support -o option in %patch
  • Fix %autosetup quilt backend to honor quiet/verbose
  • Add “gendiff” backend for %autosetup
  • Fix %setup -q to be position independent
  • Fix %setup logic in presence of ‘-[cbaT]’ options
  • Better error messages (RhBug:1374138, …)
  • Add back support for %_noPayloadPrefix (trac:900)
  • Add separate macros for main package definitions, fixing debuginfo etc where sub-packages have different version/release (RhBug:1051407)
  • Log a warning on possible unexpanded macros in NVR
  • Require whitespace around trigger – separators (RhBug:1352828)
  • Require triggers to have a condition
  • Require file trigger conditions to be paths
  • Support section end markers (%end) (RhBug:564613)
  • Support more QT translations in %find_lang (RhBug:729336)
  • Support KF5 in %find_lang –with-kde
  • Support date-style full timestamps in %changelog (trac:903)
  • Support whitespaces in %include filename (#125)
  • Preserve timestamps by default in %make_install (RhBug:959872)
  • Detect and error out on multiple BuildArch lines per package (RhBug:1385257)
  • Copy all all possible special %doc/%license files before checking errors
  • Some support for reproducible builds via SOURCE_DATE_EPOCH standard (https://reproducible-builds.org/specs/source-date-epoch):
    • Support setting build time from SOURCE_DATE_EPOCH:
    • Support setting file mtime from SOURCE_DATE_EPOCH
    • Support setting buildhost via %_buildhost macro (RhBug:1309367)
    • Option to set SOURCE_DATE_EPOCH from %changelog

Buildroot policies

  • Handle Python 3.5’s *.opt-[12].pyc in brp-python-hardlink
  • Fix brp-python-hardlink causing build failure if .pyo/.pyc files are missing
  • Fix brp-python-bytecompile behavior when /usr/bin/python missing (RhBug:1411588)


  • Log a deprecation warning on use of external dependency generator
  • Filter out provides and requires from %_docdir (RhBug:964126)
  • New Python distutils based dependency generator
  • Fixes to perl generator (RhBug:1268021, RhBug:1275551)
  • Generate dependencies for AppStream metainfo files
  • Support generating rich dependencies from generators


  • TODO: documentation for macros etc
  • Add support for build-id links in main package(s) (TODO: better description)
  • Add support for unique build-ids across build versions/releases
  • Add support for unique debug file names
  • Add support for minimal debuginfo (RhBug:834073, RhBug:1382394, RhBug:1052415)
  • Add support for DWZ debuginfo compression (RhBug:833311, RhBug:971119)
  • Add support for parallel processing (find-debuginfo.sh)
  • Make adding GDB index configurable
  • Add provides for build-ids
  • Add support for string/line table rewriting (RhBug:???, …)
  • Add support for unique debug source directories
  • Fix non-standard inherented modes of directories in debuginfo (RhBug:641022)

Package format

  • Extend maximum header size to 256MB
  • Add a digest on the compressed payload content, verify on –checksig (#163)
  • Add a SHA256 digest on the header, verify similar to SHA1
  • File digests now default to SHA256
  • Support for zstd compression in package payload and sources


  • Make gpg command configurable
  • Numerous fixes (memleaks, sanity, zero-length files, default hash algo, config files, correct hook…) to file signing (TODO: better description)

Removed features

  • %GNUconfigure macro

API changes

Added APIs

  • rpmfiVerify() and rpmfilesVerify()
  • rpmsqPoll(), rpmsqActivate(), rpmsqSetAction(), rpmsqBlock()
  • rpmDigestBundleAddID()
  • RPMTRANS_FLAG_NOCAPS flag to disable file capabilities
  • pgpPubkeyKeyID()
  • rpmPushMacro() and rpmPopMacro() (to replace addMacro() and delMacro())

Changed APIs

  • RPMCALLBACK_ELEM_PROGRESS moved later to make header available in the callback
  • headerCopy() no longer reloads to legacy image
  • pgpPubkeyFingerprint() now returns actual fingerprint instead of key id
  • rpmPkgDelSign() now takes signing args struct as a second argument

Removed APIs

  • Internal helpers: headerVerifyInfo(), headerSort() and headerUnsort(), rpmfiDecideFate(), rpmfiConfigConflict(), rpmsqAction(), rpmsqEnable(), rpmdbCheckSignals(), rpmdsNotify()
  • Deprecated: headerNVR(), headerNEVRA(), headerGetNEVR(), headerGetNEVRA(), headerGetEVR(), headerGetColor(), rpmfiMD5(), expandMacros(), addMacro(), delMacro()
  • rpm 4.4.x API compatiblity (_RPM_4_4_COMPAT define): headerRemoveEntry(), headerFreeData(), headerFreeTag(), headerGetEntry(), headerGetEntryMinMemory(), headerGetRawEntry(), headerNextIterator(), headerModifyEntry(), headerAddOrAppendEntry(), headerAppendEntry(), headerAddEntry()
  • Symbols RPMVSF_NOMD5HEADER and RPMVSF_NOSHA1 for unimplemented and unplanned features

Internal improvements and cleanups

  • Support multithreaded XZ compression
  • Make static buffers thread local where beneficial
  • Numerous fixes to the new experimental database format
  • Numerous fixes to harden against malformed headers
    • Unify all header/package reading paths to a new low-level API for operating with pre-imported header blobs
    • Always sanity-check entire header before importing
    • Validate string-lengths during sanity-checking
    • Enable data overlap changes for signature headers too
    • Disallow tags outside regions in package files
    • Perform signature and digest checks prior to importing headers
  • Simplify rpmdb cleanup by using standard atexit() mechanism
  • Optimize RemovePathPostfixes processing
  • Make ASCII digest comparison case insensitive (trac:905)
  • Reduce external dependencies of rpm2cpio.sh script
  • Handle format extension type checking centrally
  • Numerous dead code removals
  • Make rpmlead structure opaque within rpm itself
  • Fix off-by-one stack write in rpmGlob() (RhBug:1371914)
  • Add support for OpenSSL as the crypto backend
  • New FA_TOUCH mode to only update file metadata


  • Log errors on plugin hook failures (RhBug:1262424)
  • Better diagnostics for systemd inhibition problems (RhBug:1372925)
  • New prioreset plugin to handle scriptlet priority reset on legacy systems (functionality moved into plugin)
  • Fix memleak in systemd_inhibit


  • Change macro scoping to be global / local to parametric macros (RhBug:552944, RhBug:551971, …)
  • Enforce visibility scoping for automatic macros
  • Expand parametric macro arguments before processing (#127, RhBug:1397209)
  • Fix macro scoping level on re-entry from Lua
  • Raise actual errors on illegal macro names and unknown options, improved error messages
  • Parametric macro arguments can be quoted with single or double quotes
  • Don’t ellipsize %trace output
  • New macro %{shrink:…} to trim out excess white-space
  • Fix invalid memory access in %trace mode
  • Fix ancient off-by-one in macro scoping level

Python bindings

  • Add RPMTRANS_FLAG_DEPLOOPS transaction flag symbol
  • Add RPMVERIFY_* symbols
  • Add .verify() method to rpm.files objects
  • Documentation updates
  • Fix signing extension build via setup.py
  • Fix file descriptor leak on hdrFromFdno() fail
  • Fix header memory leak (RhBug:1358467)
  • Raise an exception on macro expansion errors
  • Fix spec object refcounting (#114)
  • Support for legacyHeader argument to header .unload() method removed
  • New .parsed getter for spec to retrieve parsed spec
  • Dependency set .Notify() method removed

Lua interface

  • Force FD_CLOEXEC on open files before posix.exec() (RhBug:919801)
  • Raise Lua errors on rpm.define() and rpm.expand() errors
  • Add rpm.undefine() function

Build process

  • Support building with μClibc and musl
  • Portability fixes (BSD, OS X, fstat64, Darwin archs…)
  • Proper support for beecrypt in the build system
  • Use pkgconfig to locate NSS/NSPR if present
  • Fall back to –with-external-db if internal db is not present
  • Support building with libdw/libelf (TODO: better description)
  • Check if make supports -O
  • Several fixes to gcc flags tests
  • Don’t mess with CFLAGS from configure
  • Fix dist and dist-check targets to work out of the box again
  • Support detecting gpg2 and prefer it over gpg
  • Crypto backend is now selected by –with-crypto=<beecrypt/nss/openssl>
  • Many new cases in test-suite
  • Use system FTS if possible

Compatibility notes

  • The maximum supported header size was significantly raised in this release. This cannot be tracked with rpmlib() dependencies as that requires accessing the header, so attempting to access packages with larger than 32MB header will just abruptly fail with ALL older rpm versions.
  • File digest algorithm was changed to SHA256 from the legacy MD5. This is compatible with rpm >= 4.6.0 but to build packages compatible with older versions than that, %_source_filedigest_algorithm and %_binary_filedigest_algorithm need to be set to 1 for MD5.
  • Due to the changes and fixes to the macro subsystem, some macros will require adjusting to the new behavior.

Known issues in the 4.14.0 alpha release

  • –xml query is formatting is broken wrt arrays
  • macro argument single/double quoting breaks many many macros, it has been reverted since and will not be present in this form in 4.14.0 final