RPM 4.15.0 Release Notes

Download information

  • rpm-4.15.0.tar.bz2
  • SHA256SUM: 1e06723b13591e57c99ebe2006fb8daddc4cf72efb366a64a34673ba5f61c201

Summary of changes from RPM 4.14.x

General bugfixes and enhancements

  • Add support for rootless chroot-operations on Linux (experimental)
  • Add dummy database backend to better support systems without rpmdb (Debian)
  • Improve ARM detection, add armv8 support
  • Add architecture compatibility mapping between aarch64 and arm64
  • Documentation updates

Command line

  • Fix –setcaps on files with no capabilities not removing them
  • Fix rpm2archive returning invalid names on source rpms
  • Fix rpm2archive silently ignoring arguments after the first one
  • Fix rpmsign exit code to be consistent with other tools
  • Fix –dbpath argument not validated (RhBug:1696408)
  • Fix rpm2pcio to cleanly error out on files over 4GB (RhBug:1662481)


  • Add filesystem sync at the end of transactions (RhBug:1461765)
  • Fix false positive dependency matches from rpmdb in ranged dependencies
  • Fix inconsistent behavior on unsupported digests (RhBug:1652529)
  • Fix %verify scriptlet dependencies affecting install order
  • Fix %_minimize_writes mode stripping SUID, SGID and capabilities from files
  • Fix an obscure segfault on fingerprinting symlink round (RhBug:1660232)
  • Fix packages getting erased on failed update with dnf (RhBug:1620275)
  • Fix –reinstall –replacepkgs failing on the erase element (RhBug:1662622)

Queries and verification

  • Add DistTag to -qi output if present in package
  • Fix rpm -ql exit value when optional -p is omitted (RhBug:1680610)
  • Fix rpm -ql outputing several copies of file lists on multiple arguments
  • Fix no capabilities treated same as empty capabilities (#585)
  • Remove Relocations: line on non-relocatable packages in -qi output

Package building

  • Optimize several operations via parallelization up to %_smp_build_ncpus
    • buildroot consistency sanity checking (RhBug:1704353)
    • brp-strip-static-archive buildroot policy script (RhBug:1691822)
  • Optimize several operations via thread parallelization up to %_smp_build_nthreads (but limited to maximum of 4 on 32bit platforms)
    • file classification
    • binary sub-package creation (#211)


  • Add support for dynamic build dependencies with %generate_buildrequires section in the spec (#104)
  • Add support for %elif, %elifos and %elifarch statements (#311)
  • Add %patchlist and %sourcelist sections to spec, useful for declaring patches and sources with minimal boilerplate
  • Add $RPM_BUILD_NCPUS variable to all build script environments
  • Add support for automatic patch and source numbering
  • Add support for sorting caret (‘^’) higher than base version
  • Add support for %patch -Z option
  • Add –scm cli option for %autosetup SCM selection
  • Add ModularityLabel: tag and corresponding macro
  • Add warning on text following %else or %endif directives
  • Add warning on absolute symlinks in packages
  • Add %use_source_date_epoch_as_buildtime tunable for setting RPMTAG_BUILDTIME from SOURCE_DATE_EPOCH (SuseBug:1087065)
  • Fix tilde dependency tracing on rich dependencies
  • Fix whitespace in uncompressed tar archive names in %setup
  • Fix inconsistent %setup unpack exit code across variants
  • Fix invalid dependency qualifiers not always detected
  • Fix build scriptlets potentially leaving background jobs around (#134)
  • Fix wrong verify flags on %doc and %license directories (#655)
  • Fix macros created for many tags where it doesn’t make any sense (#689, RhBug:555926)
  • Fix some invalid %if-%else-%endif combinations not raising error
  • Fix SOURCE_DATE_EPOCH not always being in the past
  • Fix silent error on file read (#776)
  • Fix multiline conditional and %include parsing (#775)
  • Enforce utf-8 encoding in header string data by default
  • Improve expression parsing errors
  • Ban unprintable ASCII codes in file names


  • Add built-in %dnl (discard to next line) macro primitive for macro-level commenting (#158)
  • Add built-in %{expr:…} for evaluating expressions
  • Add built-in %getncpus macro primitive to return number of CPUs available to the process
  • Add global language-specific build flag macros %build_cflags, %build_cxxflags, %build_fflags and %build_ldflags for linker options
  • Add %set_build_flags macro which can be used to set environment variables for compiler flags (CFLAGS etc)
  • Add %_smp_build_ncpus macro to determine number of CPUs used for build
  • Add -m(in) and M(ax) parameters to %autopatch to apply range of patches
  • Add %_make_verbose macro for controlling make verbosity flags
  • Track and log failures when loading macro files
  • Fix %_smp_mflags and %_lto_cflags not being affinity-aware (RhBug:891588)
  • Fix error on pre-existing git repo in %autosetup (#239)
  • Fix a macro end detection when line begins with ‘}’ (#401)
  • Fix redefinition of built-in macros falsely succeeding
  • Fix %make_build macro to provide verbose output by default
  • Fix %{uncompress:…} failures to raise an actual error
  • Fix buffer over-read of an unfinished macro “%{!” expansion
  • Fix missing file name and line number for macro warnings and errors (#491)
  • Remove script language helper macros and associated scripts
  • Remove leftover auto-tools related macros

Buildroot policies

  • Take %_prefix into account when compressing man pages etc (#538)


  • Add %{name}, %{epoch}, %{version} and %{release} available to generators
  • Fix Python dist generator running when no egg-info or dist-info is present
  • Fix elfdeps not returning error code on errors
  • Remove outdated and unmaintained Mono generators (#673)


  • Add flag to use strip -g instead of full strip on DSOs (RhBug:1663264)
  • Add dwz statistics output
  • Add support for build-id generation from compressed ELF files (RhBug:1650072,1650074)
  • Add support for gcc -g3 debug level (.debug_macro section, RhBug:1630766)
  • Add support for annobin notes compression (RhBug:1720700)
  • Fix kernel module detection to use a more reliable heuristic
  • Fix custom %{_smp_mflags} breaking debuginfo generation (#630)
  • Fix position-independent executables being misidentified
  • Fix inconsistent order of hardlinked files (RhBug:1421272)

Package format

Signatures and keys

  • Add SHA256 digest to gpg-pubkey headers too
  • Add gpg(foo) provides for the full keyid of pubkeys too
  • Make gpg-pubkey summary more meaningful
  • Fix IMA file signing changing package hashes and breaking signatures
  • Fix pubkeys without EOL considered invalid (#800, RhBug:1733971)
  • Fix 4.14.x regression in verifying large packages (RhBug:1722921)
  • Verify packages before signing (RhBug:1646388)


  • Add Linux audit plugin for package operations as per OSPP v4.2
  • Fix log level of errors from SELinux plugin
  • Fix DBUS memory leak in systemd_inhibit cleanup (RhBug:1714657)

Python bindings

  • Add bindings for rpmdsIsWeak(), rpmdsIsRich() and rpmdsIsReverse() (ds.IsWeak(), ds.IsRich() and ds.IsReverse())
  • Add bindings for rpmteVerified() (te.verified()) + related RPMSIG* symbols
  • Add bindings for rpmdbCookie() (ts.dbCookie())
  • Fix Python 3 to return string data as surrogate-escaped utf-8 strings instead of bytes which nothing else in the API accepts
  • Merge the three sub-modules back into one

Lua interface

  • Add rpm.execute() helper for executing commands without shell
  • Add patch_nums and source_nums global variables in spec context
  • Move redirect2null() from posix to rpm extension (but posix still works for compatibility)

Removed features

API changes

Added APIs

  • rpmdsIsWeak() and rpmdsIsReverse() to determine dependency types
  • rpmteVerified() to retrieve verify status of transaction elements
  • rpmdbCookie() to retrieve a cookie for database change tracking, useful for eg cache validity checks (#388)
  • rpmExprBool() and rpmExprStr() for parsing and evaluating expressions

Changed APIs

  • Fix headerCheck() return code mismatch & regression in 4.14.x
  • Fix rpmVerifySignatures() verify flags regression in rpm >= 4.14
  • Remove file size return value from rpmDoDigest() parameters
  • Remove partial support for unused MD2 and RIPEMD160 digests

Removed APIs

  • QVA structure: split filtering into separate bitfields
  • Redundant VERIFY_FOO file symbols removed, RPMVERIFY_FOO should be used instead
  • Remove deprecated and unused rpmVerifyFile()
  • Remove rpmvf.h header, relevant contents moved to rpmfiles.h and rpmcli.h

Internal improvements and cleanups

  • Cleanups to IMA file signing, query/verify filtering, ordering, macro engine, spec parsing, build script running, signature generation, main rpm executable
  • Consolidate dependency knowledge into a struct/table
  • Add thread protection to the string pool
  • Optimize built-in macro primitive execution
  • Optimize and refactor dependency generator for the future
  • Fix wrong string size on headers coming from rpmdb (#398)
  • Fix various minor memory leaks
  • Fix rpmlog() potentially changing errno
  • Fix missing debug output on capability setting
  • Fix regression reading some old v4.0 era packages (#610)
  • Fix excessive use of thread local storage (RhBug:1722181)
  • Fix use of ambgiuous logical operators in various script conditionals
  • Remove support for prelink undo in digest calculation

Build process

  • Add numerous testcases
  • Add switch to disable systemd-inhibit plugin (#361)
  • Add support for building rpm without Berkeley DB (–disable-bdb)
  • Add colors to test-suite output where supported
  • Fix BDB build when automatically selecting internal BDB
  • Fix Lua and Python tests failing if not enabled in configure
  • Fix rpm forcing -fPIC -DPIC build flags on itself
  • Fix test-suite depending on functional DNS
  • Fix test-suite race around gpg-agent during distcheck
  • Python bindings default to Python 3, Python 2 is deprecated (minimum version is Python 2.7)
  • Support Lua 5.2 - 5.3 without compatibility hacks, drop support for 5.1
  • Remove –with-external-db configure switch, simplify logic

Compatibility notes

  • File trigger second argument eliminated (aka $2)
  • Spec files mixing numberless patch/source syntax with patch/source number 0 will not work anymore

Known issues in the 4.15.0 alpha release