RPM 4.14
Summary
Update RPM to the upcoming 4.14 release.
Owner
- Name: Igor Gnatenko, Florian Festi, Panu Matilainen
- Email: ignatenkobrain@fedoraproject.org, ffesti@redhat.com, pmatilai@redhat.com
- Release notes owner:
Current status
- Targeted release: Fedora 27
- Last updated: 2017-07-07
- Tracker bug: <will be assigned by the Wrangler>
Detailed Description
RPM 4.14 contains several improvements that needs to get released and integrated in Fedora:
- Major macro engine bug fix + sanity work:
- Macro scope simplification + enforcing
- Macro arguments expanded
- Nested lua macro scoping fixes
- Improved error reporting
- Major header/package/signature rewrite:
- Unified code path for all header read/import
- Major hardening work on header parsing
- Unified code path for all header/package signature checking
- Signature checking before header imports
- Support for multiple signatures per package
- Support for configurable signature policies
- Major debuginfo rewrite (covered by two other changes and already applied in F27)
- Signal handling rewrite:
- Custom signal handlers while rpmdb open
- Signals blocked throughout write transactions
- SSD conservation mode
- Improved support for reproducible builds
- RPMCALLBACK_ELEM_PROGRESS now carries index of header
- Support for OpenSSL as a one of crypto libraries used for digests/signatures (already part of F27)
- Support for rich dependencies coming out from dependency generators
- %include can contain paths with whitespaces
- Dependency generator for pkg-config files doesn't check dependencies in .pc recursively, but rather print top-level ones (if pkgconf is used)
- Header digests use SHA256 by default
- Improvements in Python dependency generator
- Improvements and stabilization of "ndb" (New RPM DB Format database format)
- Support for "with" rich-operator:
- Specifying version range dependencies
- Specifying packages which provide special ability
Benefit to Fedora
The above plus closing the gap between RPM upstream and the Fedora version.
Scope
- Proposal owners:
- Other developers: Test new release, report issues and bugs, fix bugs in packaging (if it is not bug in RPM, should be detected during Mass Rebuild)
- Release engineering: #6875 (a check of an impact with Release Engineering is needed)
- List of deliverables: Change affects whole distribution rather than deliverables
- Policies and guidelines: FPC should look (and possibly approve) "with" rich dependency in Packaging Guidelines
- Trademark approval: N/A (not needed for this Change)
Upgrade/compatibility impact
Using some of the new feature will break forward compatibility. Packages using these features will not be able be build or be installed on older Fedora versions. Backward compatibility is expected to be maintained.
How To Test
Testing is done in full operation.
User Experience
- Packagers will see better error messages with broken macro
- Packagers will be able to use unexpanded arguments for macro (like
%autosetup %{?git:-n %{name}-%{commit}}
) - Release Engineers / Packagers will be able to use multiple keys for signing packages
- Users will be able to install multiple versions of debuginfo packages at the same time
- Packagers will be able to split debuginfo per (sub-)package and one debugsource for package
- Release Engineers will be able to make reproducible builds easier
- Packagers will be able to write dependency generators which returns rich dependencies
- Packagers will be able to specify version range or "feature" dependencies (examples are below)
Requires: (foo >= 1.0 with foo < 2.0)
Requires: (kernel with flavor = desktop)
- Packagers will stop missing autogenerated dependencies coming from pkg-config files if they don't have dependencies in buildroot
- Users shouldn't see any regressions
- Users will be able to test tech-preview version of ndb (by changing
_db_backend
tondb
and runningrpmbuild --rebuild
)
Dependencies
- New (and old) kind of rich dependencies (in Requires / Recommends) could be used only when FPC approves them
- Multiple keys per package might require some changes in DNF and/or Infrastructure
- Better reporting of processing package (RPMCALLBACK_ELEM_PROGRESS) through DNF API (e.g. in Anaconda) requires support from DNF
- Changing database from bdb to ndb requires patching of some programs who read/expect /var/lib/rpm/Packages and other files directly without using librpm
Nothing from above blocks implementing change.
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) Fix issues quickly / Go back to rpm-4.13. It is unlikely that this requires reverting some changes in other packages as the new features will probably not already be used in F27. In case something really bad happens it might be necessary to rebuild all packages built with the broken version
- Contingency deadline: Alpha Release
- Blocks release? Yes
- Blocks product? -
Documentation
Release notes (will be ready once 4.14 releases): http://rpm.org/wiki/Releases/4.14.0