RPM 6.1.0 Release Notes (DRAFT)

Last change: 2026-05-11

This is a stable update that introduces a number of features and fixes for various bugs and regressions found in 6.0.1 and earlier.

This release is a work in progress and the page is continuously updated.

To obtain a development release for testing purposes, see the RC1 release notes.

Changes since 6.0.1

Overview

• Improved keystore locking mechanism
• Restored NSS-based user/group lookups by default
• Support for literal and one-shot macros through a new macro modifier syntax
• New %define options for expansion at definition and global context
• Improved and fixed build and verification error handling
• Improved usability of rpm-plugin-syslog(8) with systemd journal
• Fixed Clang compilation errors and warnings
• New release model, inspired by the Linux kernel
• New man pages

Transactions

• The keystore now uses a separate lock instead of the transaction lock. This fixes a regression in 6.0.0 where all rpmdb queries would be blocked during transactions. (#4110)

• User and group lookups are now done through Name Service Switch (NSS) again by default, after being somewhat eagerly disabled in 4.19.0. This can still be disabled manually by defining the %_passwd_path and %_group_path macros (both are now undefined in the stock configuration). NSS lookups remain disabled unconditionally in --root operations. (#3994) (#882)

• In addition to packages, users and groups can now also be provided by the system runtime environment (NSS). (#4057)

• File descriptors are now closed in a more efficient way on Linux 5.11+ with glibc 2.34+. This can reduce installation time by about 26% in some circumstances. (#4149)

Macro Processor

• Macro behavior can now be altered by supplying modifiers at definition time. This new syntax consists of a list of arguments enclosed in < and > that follows the macro name. Currently, two modifiers are supported: literal (l) and one-shot (o) expansion. See rpm-macros(7) for details. (#4145) (#1155)

• %define now accepts the new -e and -g options for expanding the macro body at the time of definition and placing the macro in the global context, respectively. Combining them together is equivalent to using %global. (#4163)

• rpm --undefine and Lua rpm.undefine() have been fixed to no longer bypass sanity checks. (#4133)

Building Packages

• The build script environment is now exported to the rpmbuild.env file in the %{builddir}. This shell-sourceable file makes it easier for other programs to mimic, and work with, the build script environment. (#3147)

• The rpmuncompress(1) utility now honors the rpm-common(8) options and has support for CAR files.

• Both rpmuncompress(1) and rpm-setup-autosign(1) have been moved to the standard $PATH to make them easier to use as standalone tools. Symlinks for both are now installed in /usr/lib/rpm for backwards compatiblity.

• When trying to package binaries that don’t match the package’s architecture (such as in a noarch package), the error message now includes the actual filenames and their type, for easier troubleshooting. (#3600)

• rpmbuild(1) can now short-circuit to the %check stage with the new k target stage argument. (#3015)

• Missing patch or source files now cause a build error and include the line number again (regression in 4.20.0). (#4079)

• Lua scripts no longer crash when run from a non-RPM generated package (regression in 4.20.1). (#4189)

• Prevent buffer overruns in findPreambleTag() for language string.

• Remove upper bound on locale filename length. (RhBug:2437509)

Signing & Verifying Packages

• rpmsign(1) can now sign files with PKCS11 tokens. (#4124)

• rpmkeys(8) has been fixed so that the exit code can no longer wrap around and thus potentially return 0 on failure. (#4176)

• The excessive, misleading and/or wrong output in various verification scenarios has been fixed. (#3303) (#4036)

Plugins

• rpm-plugin-syslog(8) has been fixed to no longer show misleading operation names or emit duplicate messages. Additionally, the program name shown in the messages has been changed from [RPM] to rpm for easier greppability. With these tweaks, the journalctl -t rpm command now serves as an easy way to look at the transaction history. (#4172) (#1254)

Manuals

• A number of new man pages have been added, some written from scratch while others based on the older (and often outdated) reference manual (#3612):
  • elfdeps(1)
  • rpm-dependency-generators(7)
  • rpm-design(7)
  • rpm-scriptlets(7)
  • rpm-sysusers(7)

• The rpmbuild(1) man page now has a section on the build process.

• The rpmkeys(8) man page now also covers the overall verification policy.

API

• Lua scriptlets now honor the rpmtsSetScriptFd() function call which makes it possible to redirect their standard output and error to a file descriptor. (#3328)

• The plugin hooks psm_pre and psm_post are now only executed for the main package operations (install, erase and restore). (#1254)

• New rpmKeyringVerifySig3() function that also returns lints. (#4069)

• New rpm.ds.Ti() Python binding for retrieving current trigger index.

• Tag extensions can now be used in rpmdb pattern matching. (#4077)

• rpmtxnImportPubkey() now reflects the error code from pgpPubKeyLint() in its own return code. (#4096)

• The IO engine specified in Fdopen() is now validated. (#3058)

• Various rpm.ds fixes in Python bindings. (#3943)

Building RPM

• All Clang compilation errors and warnings have been fixed. This achieves a clean build when using the Clang toolchain. (#4070) (#4105)

• A macOS build regression in 6.0.1 has been fixed. (#4139)

• Some handy CMake configuration presets have been added. (#4118)