Red Hat recently released the second beta version of the package manager rpm 6.0, which is set to be utilized in the upcoming autumn release of the Fedora Linux 43 distribution. The project is widely used in various distributions such as Rhel, Fedora, Suse, Opensuse, Alt Linux, Rosa Linux, OpenMandriva, Mageia, Pclinuxos, and Tizen. RPM is distributed under the licenses of GPLV2 and LGPLV2 to ensure its availability and accessibility for developers and users alike. It is important to note that RPM 5 versions were skipped to prevent any confusion with the unrelated rpm5 project developed by independent developers and not affiliated with Red Hat.
The second beta release of RPM 6.0 brings several improvements, including support for digital signatures of the OpenPGP V6 format. Additionally, enhancements have been made to package verification processes related to digital signatures. The key changes in the RPM 6.0 branch are as follows:
- Support for the new RPM 6 package format, allowing the creation of packages larger than 4 GB. This format includes 64-bit fields for sizes, modernized cryptography-related structures, and the addition of MIME-based files.
- The discontinuation of the RPM 3 format, while retaining support for RPIO format in full for distributions to choose to stay with RPM 4.
- Default inclusion of package authenticity through digital signatures.
- Addition of support for automatic local signature generation during package assembly in the RPMBuild utility, with the option to install packages without signature verification using the “–Nosignature” option in the RPM utility.
- Permission to use the C++ (C++ 20) language for development.
- Ability to include multiple OpenPGP signatures for each package.
- Support for Hashi MD5, Sha1, and DSA.
- Implementation of rpmkeys for managing keys for updating OpenPGP keys.
- Integration of support for isolating Python module states to run them in multiple subinterpreters.