RPM 6.0.0 ALPHA Release Notes (DRAFT)

Download

  • Source:
  • SHA256SUM:

Changes since RPM 4.20.1:

General

  • RPM defaults to enforcing signature checking (#1573)
  • RPM uses the full key ID or fingerprint to identify OpenPGP keys everywhere (#2403, …)
  • Support for multiple OpenPGP signatures per package (#3385)
  • Support for both RPM v4 and v6 packages
  • Support for installing RPM v3 packages has been removed (#1107)
  • By default, RPM no longer verifies obsolete crypto (MD5, SHA1, DSA) (#1292)
  • Many documentation updates

User Interface

  • rpmkeys --import can now be used to update keys. This also updates the key handle from a short ambiguous key id to full fingerprint.
  • rpmkeys --export added for exporting keys
  • rpmkeys --checksig, --list, --delete use and expect full fingerprint of the keys (#3360)
  • rpmkeys works identically with all keystore backends
  • rpmsign can use either GnuPG or Sequoia-sq for signing (controlled by %_openpgp_sign macro (gpg or sq)
  • rpmsign --addsign always adds a new signature (arbitrary number of signatures supported now)
  • rpmsign --resign replaces all existing signatures with a new one
  • --pkgid and --hdrid query sources cli-switches have been dropped (#2633)
  • New query tag extensions (eg with --qf <format>):
    • rpmformat for determining package format version (3/4/6)
    • openpgp for managing all supported OpenPGP signature types
  • New --filemime query alias for querying per-file MIME info
  • Consistent terminology and case usage in signature and key messages
    • OpenPGP signatures are called OpenPGP in output
    • RPM v3 header+payload signatures are called “legacy” in output

Spec & Package Building

  • rpmbuild now supports generating two different package formats (controlled by %_rpmformat macro):
    • RPM v6
      • All file sizes and related limits are 64bit
      • Crypto modernization
      • MIME file info
      • Widely compatible with rpm >= 4.14
    • RPM v4
      • Bit-per-bit compatible with packages produced by rpm 4.x
  • rpmbuild can now automatically sign packages if %_openpgp_autosign_id macro is defined (#2678)
  • brp-elfperms buildroot policy script was removed (#3195)

Development & Build System

API Changes

  • Several additions to rpmKeyring:
    • rpmKeyringInitIterator(), rpmKeyringIteratorNext(), rpmKeyringIteratorFree() for iterating over keyring contents
    • rpmKeyringVerifySig2()
    • rpmKeyringModify() for … XXX we don’t need it anymore in the API?
  • Several additions to rpmPubkey:
    • rpmPubkeyFingperint(), rpmPubkeyFingerprintAsHex(), rpmPubkeyKeyIDAsHex() and rpmPubkeyArmorWrap() accessors
  • rpmtxnDeletePubkey() for deleting pubkey’s from transaction keystore

Internal Improvements

  • RPM is now built as C++20 code (except for plugins and Python bindings)
    • All relevant sources have been renamed to .cc or .hh extension
    • Many dynamic data structures moved to STL and other similar refactorings
  • Numerous improvements to the test-suite
    • Simplify test creation
  • Add an actual keystore abstraction
  • New openpgp.cert.d based keystore (experimental) (#3341)
  • Make reference counting atomic throughout the codebase
  • Fix keystore reads lacking transaction lock
  • Fix a race condition in rpmioMkpath() (#3508)
  • Fix recursion depth for macro error message (#3197)
  • Drop gpg(keyid) provides from gpg-pubkey headers (#3360)
  • Optimize rpmlog() locking

Compatibility Notes

Package format

  • Support for RPM v3 packages has been removed. They can still be queried and also unpacked with rpm2cpio.
  • RPM v4 packages remain fully supported (but see below for crypto limitations)
  • RPM v6 packages
    • Can be queried with rpm >= 4.6
    • Can be unpacked with rpm >= 4.12
    • Can be verified and installed with rpm >= 4.14 (with caveats/limitations)
  • In the default configuration, packages built with rpm < 4.14.0 cannot be verified due to their use of weak, obsolete MD5 and SHA1 digests. For strongly signed packages, this can be worked around by changing %_pkgverify_level to signature so the weak digests are simply ignored. If verifying the weak digests is necessary, the rpm 4.x behavior can be restored by setting %_pkgverify_flags to 0.

Other

  • Package signing key configuration differs from the past. To support other implementations besides GnuPG, the signer ID is now set via %_openpgp_sign_id macro, which defaults to %{?_gpg_name} for backwards compatibility.
  • The low-level package signing macros are now parametric, any custom %__gpg_sign_cmd overrides will simply not work as such. Users are encouraged to look into dropping such overrides rather than just updating, most such overrides haven’t been necessary in a long time.