RPM 4.17.0 Release Notes

Download information

  • Source: rpm-4.17.0.tar.bz2
  • SHA256SUM: 2e0d220b24749b17810ed181ac1ed005a56bbb6bc8ac429c21f314068dc65e6a

Summary of changes from RPM 4.16.x

General bugfixes and enhancements

  • Fix regression reading rpm v3 and other rare packages (#1635)
  • Add beginnings of RPM reference manual
  • Many improved and new translations
  • Documentation converted to Markdown

Command line

  • Fix cli-defined parametric macro arguments getting munged
  • Fix missing error code on –eval if stdout write fails (#1444)
  • Fix local file name when passing URL to rpm2archive (#1091)
  • Fix error handling when rpm2archive write fails (#1091)
  • Add query formats for displaying tag numbers (:tagnum) and names (:tagname)
  • Add –nocompression option to rpm2archive (#1530)


  • Fix unpack failure leaving garbage on disk and system in inconsistent state (#967, RhBug:…)
  • Fix permissions on partial hardlink set install
  • Fix scriptlets executed with blocked signals (RhBug:1913765)
  • Fix regression from 2018 on checking of installed rich dependencies


  • Remove Berkeley DB database backend (%db_backend bdb)
  • Add support for hash v8 databases from BDB < 4.6
  • Fix API-requested file permissions not honored
  • Fix unnecessary db cache invalidation
  • Add support for Darwin OS
  • Increase lock resolution timeout (RhBug:1946046)

Package building


  • Fix %patch asking interactive questions in some cases (#978)
  • Add support for multi-threaded zstd compression
  • Add thread number autodetection (with T or T0) to xz and zstd compression
  • Add GNOME documentation to default docdir path
  • Add support for long QT language names in %find_lang (#1642)


  • Fix macro names missing in macro tracebacks (#545)
  • Fix deadlock on rpm -vv --eval '%trace' (#1428)
  • Fix %apply_patch internal helper macro naming (#1357)
  • Fix unparseable macro expansion (%{} expands to %{})
  • Fix comment line contents affecting macro file parsing (#1659)
  • Fix qualifiers getting stripped from OrderWithRequires dependencies (#1703)
  • Add support for individual patch application in %autopatch
  • Add support for failing the build on duplicate files (#1158)
  • Add %{exist:...} builtin macro for testing file existence
  • Unify built-in and user-define macro syntax and calling conventions
    • %foo arg, %{foo arg} and %{foo:arg} are generally now equivalent (minor exceptions/bugs exist).
    • Built-in macros now honor the same conditional and negation syntax (notably %{verbose} now returns 0/1 value instead of special expansion)

Buildroot policies

  • Fix ELF files not getting stripped when debuginfo is disabled (RhBug:988812, RhBug:1634084)
  • Fix SecureBoot signatures getting stripped from kernel modules (RhBug:1967291)
  • Add parallel execution to brp-check-rpaths, optimize
  • Add checks for DT_RUNPATH when looking for RPATH issues
  • Add policy for removing executable bits from shared libraries
  • Add policy for removing .la files from buildroot by default
  • Remove unused and unmaintained brp-strip-shared buildroot and brp-java-bytecompile scripts


  • Fix ELF libraries having to be executable for dependency generation
  • Add support for OrderWithRequires dependency generation
  • Split Python generators (and other Python packaging helpers) to a separately maintained repository at https://github.com/rpm-software-management/python-rpm-packaging
  • Remove unused and unmaintained php and libtool dependency generators


  • Debuginfo extraction has been split to a separate upstream project at https://sourceware.org/debugedit/

Signatures and keys

  • Fix harmless double error on lazy database open via keyring
  • Fix ambiguous keyring behavior between in-db and on-disk rings, this is now macro configurable (%_keyring)
  • Add support for EdDSA signatures
  • Add support for fs-verity signatures


  • Add fapolicyd plugin
  • Add fs-verity plugin
  • Add dbus-announce plugin for announcing rpm transactions on the DBUS

Python bindings

  • Fix error handling in rpm.pubkey constructor
  • Add cbStyle property to rpm.ts class for manipulating callback style

Lua interface

  • Add native access to rpm via a global macros table in the environment
    • macros.foo and macros['foo'] are equivalent
    • assigning to a value defines, assigning to nil undefines macros
    • undefined macros in the table return nil
    • parametric macros can be natively called via the table, either with a single string argument (expanded) macros.with('foo') or a table, in which case multiple (not expanded) arguments can be passed natively: macros.example({'one', 'two', 'three'})
  • Add rpm.isdefined() binding for testing whether macro is defined and/or parametric.
  • Add bindings for rpm IO streams (file-like objects from rpm.open(...))
  • Add bindings for rpm version objects (rpm.ver(...))
  • Add native access to scriptlet and macro options and arguments (via local opt and arg tables) (#1092)
  • Remove global arg table from the environment

Removed features

  • Remove Berkeley DB database backend (%db_backend bdb)
  • Remove beecrypt and NSS crypto backends
  • Remove redundant %_filter_GLIBC_PRIVATE filtering mechanism

API changes

Added APIs

  • Add argvAddN() API for adding partial strings to argv arrays
  • Add rpmExpandThisMacro() macro expansion function
  • Add rpmtsSetNotifyStyle() and rpmtsGetNotifyStyle() APIs to manipulate transaction callback style
  • Add rpmtsSetChangeCallback() for setting an optional transaction change callback function
  • Add rpmteSetUserdata() and rpmteUserdata() for associating and retrieving application private user data to transaction elements

Changed APIs

  • Fix rpmtsInitDB() argument confusion

Removed APIs

  • N/A

Internal improvements and cleanups

  • Fix various minor resource leaks
  • Fix some “undesired language” in the codebase
  • Fix out of bounds read when parsing XZ and zstd thread number (Tn)
  • Fix potential segfault in rpmInitMacros()
  • Fix uses of various deprecated interfaces in and outside rpm
  • Fix a use-after-free in macro expansion
  • Fix various bounds-checking bugs in the PGP parser
  • Fix various RFC-compliance issues in the PGP parser
  • Add further hardening on header read/import path
  • Add missing diagnostics to various fsm operations
  • Remove internal Lua variable API wrapper
  • Refactor fsm code for further improvements
  • Refactor macro code for further improvements (eg Lua integration)

Build process

  • Fix test cases failing on systems with tape drives (RhBug:1902844)
  • Fix OpenMP test on cross-compilation
  • Fix bunch of warnings from Doxygen
  • Fix missing include on musl build
  • Add support for building on aarch64 OSX
  • Add hard requirement on Lua (>= 5.3)
  • Add requirement for popt >= 1.16 (#939)
  • Change default database to sqlite (but not required)
  • Remove BDB dependencies

Compatibility notes

  • Some built-in macros previously had special undocumented behaviors in conditional and/or negated forms. Anything relying on such behaviors will be broken by this release as all macros adhere to the same syntax now.