RPM 4.15.0 Release Notes

Download information

  • rpm-4.15.0.tar.bz2
  • SHA256SUM: 1e06723b13591e57c99ebe2006fb8daddc4cf72efb366a64a34673ba5f61c201

Summary of changes from RPM 4.14.x

General bugfixes and enhancements

  • Add support for rootless chroot-operations on Linux (experimental)
  • Add dummy database backend to better support systems without rpmdb (Debian)
  • Improve ARM detection, add armv8 support
  • Add architecture compatibility mapping between aarch64 and arm64
  • Documentation updates

Command line

  • Fix –setcaps on files with no capabilities not removing them
  • Fix rpm2archive returning invalid names on source rpms
  • Fix rpm2archive silently ignoring arguments after the first one
  • Fix rpmsign exit code to be consistent with other tools
  • Fix –dbpath argument not validated (RhBug:1696408)
  • Fix rpm2pcio to cleanly error out on files over 4GB (RhBug:1662481)


  • Add filesystem sync at the end of transactions (RhBug:1461765)
  • Fix false positive dependency matches from rpmdb in ranged dependencies
  • Fix inconsistent behavior on unsupported digests (RhBug:1652529)
  • Fix %verify scriptlet dependencies affecting install order
  • Fix %_minimize_writes mode stripping SUID, SGID and capabilities from files
  • Fix an obscure segfault on fingerprinting symlink round (RhBug:1660232)
  • Fix packages getting erased on failed update with dnf (RhBug:1620275)
  • Fix –reinstall –replacepkgs failing on the erase element (RhBug:1662622)

Queries and verification

  • Add DistTag to -qi output if present in package
  • Fix rpm -ql exit value when optional -p is omitted (RhBug:1680610)
  • Fix rpm -ql outputing several copies of file lists on multiple arguments
  • Fix no capabilities treated same as empty capabilities (#585)
  • Remove Relocations: line on non-relocatable packages in -qi output

Package building

  • Optimize several operations via parallelization up to %_smp_build_ncpus
    • buildroot consistency sanity checking (RhBug:1704353)
    • brp-strip-static-archive buildroot policy script (RhBug:1691822)
  • Optimize several operations via thread parallelization up to %_smp_build_nthreads (but limited to maximum of 4 on 32bit platforms)
    • file classification
    • binary sub-package creation (#211)


  • Add support for dynamic build dependencies with %generate_buildrequires section in the spec (#104)
  • Add support for %elif, %elifos and %elifarch statements (#311)
  • Add %patchlist and %sourcelist sections to spec, useful for declaring patches and sources with minimal boilerplate
  • Add $RPM_BUILD_NCPUS variable to all build script environments
  • Add support for automatic patch and source numbering
  • Add support for sorting caret (‘^’) higher than base version
  • Add support for %patch -Z option
  • Add –scm cli option for %autosetup SCM selection
  • Add ModularityLabel: tag and corresponding macro
  • Add warning on text following %else or %endif directives
  • Add warning on absolute symlinks in packages
  • Add %use_source_date_epoch_as_buildtime tunable for setting RPMTAG_BUILDTIME from SOURCE_DATE_EPOCH (SuseBug:1087065)
  • Fix tilde dependency tracing on rich dependencies
  • Fix whitespace in uncompressed tar archive names in %setup
  • Fix inconsistent %setup unpack exit code across variants
  • Fix invalid dependency qualifiers not always detected
  • Fix build scriptlets potentially leaving background jobs around (#134)
  • Fix wrong verify flags on %doc and %license directories (#655)
  • Fix macros created for many tags where it doesn’t make any sense (#689, RhBug:555926)
  • Fix some invalid %if-%else-%endif combinations not raising error
  • Fix SOURCE_DATE_EPOCH not always being in the past
  • Fix silent error on file read (#776)
  • Fix multiline conditional and %include parsing (#775)
  • Fix inconsistent macro expansion behavior of patches/sources
  • Enforce utf-8 encoding in header string data by default
  • Improve expression parsing errors
  • Ban unprintable ASCII codes in file names


  • Add built-in %dnl (discard to next line) macro primitive for macro-level commenting (#158)
  • Add built-in %{expr:…} for evaluating expressions
  • Add built-in %getncpus macro primitive to return number of CPUs available to the process
  • Add global language-specific build flag macros %build_cflags, %build_cxxflags, %build_fflags and %build_ldflags for linker options
  • Add %set_build_flags macro which can be used to set environment variables for compiler flags (CFLAGS etc)
  • Add %_smp_build_ncpus macro to determine number of CPUs used for build
  • Add -m(in) and M(ax) parameters to %autopatch to apply range of patches
  • Add %_make_verbose macro for controlling make verbosity flags
  • Track and log failures when loading macro files
  • Fix %_smp_mflags and %_lto_cflags not being affinity-aware (RhBug:891588)
  • Fix error on pre-existing git repo in %autosetup (#239)
  • Fix a macro end detection when line begins with ‘}’ (#401)
  • Fix redefinition of built-in macros falsely succeeding
  • Fix %make_build macro to provide verbose output by default
  • Fix %{uncompress:…} failures to raise an actual error
  • Fix buffer over-read of an unfinished macro “%{!” expansion
  • Fix missing file name and line number for macro warnings and errors (#491)
  • Remove script language helper macros and associated scripts
  • Remove leftover auto-tools related macros

Buildroot policies

  • Take %_prefix into account when compressing man pages etc (#538)


  • Add %{name}, %{epoch}, %{version} and %{release} available to generators
  • Fix Python dist generator running when no egg-info or dist-info is present
  • Fix elfdeps not returning error code on errors
  • Remove outdated and unmaintained Mono generators (#673)


  • Add flag to use strip -g instead of full strip on DSOs (RhBug:1663264)
  • Add dwz statistics output
  • Add support for build-id generation from compressed ELF files (RhBug:1650072,1650074)
  • Add support for gcc -g3 debug level (.debug_macro section, RhBug:1630766)
  • Add support for annobin notes compression (RhBug:1720700)
  • Fix kernel module detection to use a more reliable heuristic
  • Fix custom %{_smp_mflags} breaking debuginfo generation (#630)
  • Fix position-independent executables being misidentified
  • Fix inconsistent order of hardlinked files (RhBug:1421272)

Package format

Signatures and keys

  • Add SHA256 digest to gpg-pubkey headers too
  • Add gpg(foo) provides for the full keyid of pubkeys too
  • Make gpg-pubkey summary more meaningful
  • Fix IMA file signing changing package hashes and breaking signatures
  • Fix pubkeys without EOL considered invalid (#800, RhBug:1733971)
  • Fix 4.14.x regression in verifying large packages (RhBug:1722921)
  • Verify packages before signing (RhBug:1646388)


  • Add Linux audit plugin for package operations as per OSPP v4.2
  • Fix log level of errors from SELinux plugin
  • Fix DBUS memory leak in systemd_inhibit cleanup (RhBug:1714657)

Python bindings

  • Add bindings for rpmdsIsWeak(), rpmdsIsRich() and rpmdsIsReverse() (ds.IsWeak(), ds.IsRich() and ds.IsReverse())
  • Add bindings for rpmteVerified() (te.verified()) + related RPMSIG* symbols
  • Add bindings for rpmdbCookie() (ts.dbCookie())
  • Fix Python 3 to return string data as surrogate-escaped utf-8 strings instead of bytes which nothing else in the API accepts
  • Merge the three sub-modules back into one

Lua interface

  • Add rpm.execute() helper for executing commands without shell
  • Add patch_nums and source_nums global variables in spec context
  • Move redirect2null() from posix to rpm extension (but posix still works for compatibility)

Removed features

API changes

Added APIs

  • rpmdsIsWeak() and rpmdsIsReverse() to determine dependency types
  • rpmteVerified() to retrieve verify status of transaction elements
  • rpmdbCookie() to retrieve a cookie for database change tracking, useful for eg cache validity checks (#388)
  • rpmExprBool() and rpmExprStr() for parsing and evaluating expressions

Changed APIs

  • Fix headerCheck() return code mismatch & regression in 4.14.x
  • Fix rpmVerifySignatures() verify flags regression in rpm >= 4.14
  • Remove file size return value from rpmDoDigest() parameters
  • Remove partial support for unused MD2 and RIPEMD160 digests

Removed APIs

  • QVA structure: split filtering into separate bitfields
  • Redundant VERIFY_FOO file symbols removed, RPMVERIFY_FOO should be used instead
  • Remove deprecated and unused rpmVerifyFile()
  • Remove rpmvf.h header, relevant contents moved to rpmfiles.h and rpmcli.h

Internal improvements and cleanups

  • Cleanups to IMA file signing, query/verify filtering, ordering, macro engine, spec parsing, build script running, signature generation, main rpm executable
  • Consolidate dependency knowledge into a struct/table
  • Add thread protection to the string pool
  • Optimize built-in macro primitive execution
  • Optimize and refactor dependency generator for the future
  • Fix wrong string size on headers coming from rpmdb (#398)
  • Fix various minor memory leaks
  • Fix rpmlog() potentially changing errno
  • Fix missing debug output on capability setting
  • Fix regression reading some old v4.0 era packages (#610)
  • Fix excessive use of thread local storage (RhBug:1722181)
  • Fix use of ambgiuous logical operators in various script conditionals
  • Remove support for prelink undo in digest calculation

Build process

  • Add numerous testcases
  • Add switch to disable systemd-inhibit plugin (#361)
  • Add support for building rpm without Berkeley DB (–disable-bdb)
  • Add colors to test-suite output where supported
  • Fix BDB build when automatically selecting internal BDB
  • Fix Lua and Python tests failing if not enabled in configure
  • Fix rpm forcing -fPIC -DPIC build flags on itself
  • Fix test-suite depending on functional DNS
  • Fix test-suite race around gpg-agent during distcheck
  • Python bindings default to Python 3, Python 2 is deprecated (minimum version is Python 2.7)
  • Support Lua 5.2 - 5.3 without compatibility hacks, drop support for 5.1
  • Remove –with-external-db configure switch, simplify logic

Compatibility notes

  • File trigger second argument eliminated (aka $2)
  • Spec files mixing numberless patch/source syntax with patch/source number 0 will not work anymore
  • Source and Patch lines are now expanded just once when encountered in the spec, any macros used in them need to be already defined. This will also affect setups where spec defined macros are used in build tree macros such as %_sourcedir (a practise that was always discouraged)