From Fedora Project Wiki
(Change announced on Jul-07)
Line 97: Line 97:


== Scope ==
== Scope ==
* Proposal owners:  
* Proposal owners: Rebase RPM
<!-- What work do the feature owners have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
<!-- What work do the feature owners have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->



Revision as of 14:16, 7 July 2017


RPM 4.14

Summary

Update RPM to the upcoming 4.14 release.

Owner

Current status

  • Targeted release: Fedora 27
  • Last updated: 2017-07-07
  • Tracker bug: <will be assigned by the Wrangler>

Detailed Description

RPM 4.14 contains several improvements that needs to get released and integrated in Fedora:

  • Major macro engine bug fix + sanity work:
    • Macro scope simplification + enforcing
    • Macro arguments expanded
    • Nested lua macro scoping fixes
    • Improved error reporting
  • Major header/package/signature rewrite:
    • Unified code path for all header read/import
    • Major hardening work on header parsing
    • Unified code path for all header/package signature checking
    • Signature checking before header imports
    • Support for multiple signatures per package
    • Support for configurable signature policies
  • Major debuginfo rewrite (covered by two other changes and already applied in F27)
  • Signal handling rewrite:
    • Custom signal handlers while rpmdb open
    • Signals blocked throughout write transactions
  • SSD conservation mode
  • Improved support for reproducible builds
  • RPMCALLBACK_ELEM_PROGRESS now carries index of header
  • Support for OpenSSL as a one of crypto libraries used for digests/signatures (already part of F27)
  • Support for rich dependencies coming out from dependency generators
  • %include can contain paths with whitespaces
  • Dependency generator for pkg-config files doesn't check dependencies in .pc recursively, but rather print top-level ones (if pkgconf is used)
  • Header digests use SHA256 by default
  • Improvements in Python dependency generator
  • Improvements and stabilization of "ndb" (New RPM DB Format database format)
  • Support for "with" rich-operator:
    • Specifying version range dependencies
    • Specifying packages which provide special ability

Benefit to Fedora

The above plus closing the gap between RPM upstream and the Fedora version.

Scope

  • Proposal owners: Rebase RPM
  • Other developers: Test new release, report issues and bugs, fix bugs in packaging (if it is not bug in RPM, should be detected during Mass Rebuild)
  • Release engineering: #6875 (a check of an impact with Release Engineering is needed)
  • Policies and guidelines: FPC should look (and possibly approve) "with" rich dependency in Packaging Guidelines
  • Trademark approval: N/A (not needed for this Change)

Upgrade/compatibility impact

Using some of the new feature will break forward compatibility. Packages using these features will not be able be build or be installed on older Fedora versions. Backward compatibility is expected to be maintained.

How To Test

Testing is done in full operation.

User Experience

  • Packagers will see better error messages with broken macro
  • Packagers will be able to use unexpanded arguments for macro (like %autosetup %{?git:-n %{name}-%{commit}})
  • Release Engineers / Packagers will be able to use multiple keys for signing packages
  • Users will be able to install multiple versions of debuginfo packages at the same time
  • Packagers will be able to split debuginfo per (sub-)package and one debugsource for package
  • Release Engineers will be able to make reproducible builds easier
  • Packagers will be able to write dependency generators which returns rich dependencies
  • Packagers will be able to specify version range or "feature" dependencies (examples are below)
    • Requires: (foo >= 1.0 with foo < 2.0)
    • Requires: (kernel with flavor = desktop)
  • Packagers will stop missing autogenerated dependencies coming from pkg-config files if they don't have dependencies in buildroot
  • Users shouldn't see any regressions
  • Users will be able to test tech-preview version of ndb (by changing _db_backend to ndb and running rpmbuild --rebuild)

Dependencies

  • New (and old) kind of rich dependencies (in Requires / Recommends) could be used only when FPC approves them
  • Multiple keys per package might require some changes in DNF and/or Infrastructure
  • Better reporting of processing package (RPMCALLBACK_ELEM_PROGRESS) through DNF API (e.g. in Anaconda) requires support from DNF
  • Changing database from bdb to ndb requires patching of some programs who read/expect /var/lib/rpm/Packages and other files directly without using librpm

Nothing from above blocks implementing change.

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) Fix issues quickly / Go back to rpm-4.13. It is unlikely that this requires reverting some changes in other packages as the new features will probably not already be used in F27. In case something really bad happens it might be necessary to rebuild all packages built with the broken version
  • Contingency deadline: Alpha Release
  • Blocks release? Yes
  • Blocks product? -

Documentation

Release notes (will be ready once 4.14 releases): http://rpm.org/wiki/Releases/4.14.0

Release Notes