Red Hat SummitCe contenu n'est pas disponible dans la langue sélectionnée.
Chapter 23. Software management
The following chapter contains the most notable changes to software management between RHEL 8 and RHEL 9.
23.1. Notable changes to DNF
Software management tools in Red Hat Enterprise Linux 9
In Red Hat Enterprise Linux 9, software installation is ensured by DNF. Red Hat continues to support the usage of the yum term for consistency with previous major versions of RHEL. If you type dnf instead of yum, the command works as expected because both are aliases for compatibility.
Although RHEL 8 and RHEL 9 are based on DNF, they are compatible with YUM used in RHEL 7.
For more information, see Managing software with the DNF tool.
Image mode for RHEL users can use dnf --transient to perform package transactions that reset on reboot
Previously, Image mode for RHEL users could transiently install, remove, and upgrade packages by running the bootc usr-overlay command to unlock the system and then make changes by running DNF commands. If you use bootc usr-overlay, when the system reboots, the /usr directory overlay disappears and all changes made to it will reset. Changes to other directories, including configuration in /etc and program state in /var, persist across reboots.
With RHEL 9.6, a new --transient flag and a new persistence configuration option are added to DNF to improve the user experience on bootc systems. You can skip the bootc usr-overlay step by using either of the following options:
-
Use the
dnf --transientcommand. -
Set the
persistenceoption totransientin thednf.conffile.
Unlike when using bootc usr-overlay, --transient and persistence=transient ensure that the /usr directory remains read-only to other processes before, during, and after the transaction.
For example, to transiently install the make package, enter:
dnf install --transient make
# dnf install --transient makeDNF can verify RPMv6 signatures on RPM packages
Quantum-safe cryptography guarantees integrity and origin of software. However, in quantum computing, standard asymmetric cryptography algorithms, such as RSA, are no longer relevant. Starting from RHEL 9.7, you can use the new multisig DNF plugin to verify RPMv6 signatures on RPM packages, in addition to standard RPMv4 signatures. RPMv6 signatures can be based on quantum-safe algorithms, such as ML-DSA.
To verify RPMv6 signatures, you can install the multisig plugin through the python3-dnf-plugin-multisig RPM package.
Successful verification is a prerequisite for installing, reinstalling, upgrading, or downgrading packages from a repository that has the gpgcheck option set to True.
23.2. Notable changes to RPM
Red Hat Enterprise Linux 9 is distributed with RPM version 4.16.
New SPEC features
In RHEL 9, RPM introduces multiple new SPEC features and enhancements over the previous version, most notably:
Fast macro-based dependency generators
It is now possible to define dependency generators as regular RPM macros. This is especially useful in combination with the embedded Lua interpreter (
%{lua:…}) because it enables writing sophisticated yet fast generators and avoiding redundant forking and executing a shell script.Example:
%__foo_provides() %{basename:%{1}}%__foo_provides() %{basename:%{1}}Copy to Clipboard Copied! Toggle word wrap Toggle overflow The
%generate_buildrequiressection that enables generating dynamic build dependenciesAdditional build dependencies can now be generated programmatically at RPM build time, using the newly available
%generate_buildrequiressection. This is useful when packaging software written in a language in which a specialized utility is commonly used to determine run-time or build-time dependencies, such as Rust, Golang, Node.js, Ruby, Python or Haskell.Meta (unordered) dependencies
A new dependency qualifier called
metaenables expressing dependencies that are not specifically install-time or run-time dependencies. This is useful for avoiding unnecessary dependency loops that could otherwise arise from the normal dependency ordering, such as when specifying the dependencies of a meta package.Example:
Requires(meta): <pkgname>
Requires(meta): <pkgname>Copy to Clipboard Copied! Toggle word wrap Toggle overflow Native version comparison in expressions
It is now possible to compare arbitrary version strings in expressions by using the newly supported
v"…"format.Example:
%if v"%{python_version}" < v"3.9"%if v"%{python_version}" < v"3.9"Copy to Clipboard Copied! Toggle word wrap Toggle overflow Caret version operator, opposite of tilde
The new caret (
^) operator can be used to express a version that is higher than the base version. It is a complement to the existing tilde (~) operator which has the opposite semantics.-
%elif,%elifosand%elifarchstatements Optional automatic patch and source numbering
Patch:andSource:tags without a number are now automatically numbered based on the order in which they are listed.%autopatchnow accepts patch rangesThe
%autopatchmacro now accepts the-mand-Mparameters to limit the minimum and maximum patch number to apply, respectively.%patchlistand%sourcelistsectionsIt is now possible to list patch and source files without preceding each item with the respective
Patch: andSource:tags by using the newly added%patchlistand%sourcelistsections.A more intuitive way to declare build conditionals
Starting from RHEL 9.2, you can use the new
%bcondmacro to build conditionals. The%bcondmacro takes a build conditional name and the default value as arguments. Compared to the old%bcond_withand%bcond_withoutmacros,%bcondis easier to understand and allows you to calculate the default value at build time. The default value can be any numeric expression.Example:
To create a
gnutlsbuild conditional, enabled by default:%bcond gnutls 1
%bcond gnutls 1Copy to Clipboard Copied! Toggle word wrap Toggle overflow To create a
bootstrapbuild conditional, disabled by default:%bcond bootstrap 0
%bcond bootstrap 0Copy to Clipboard Copied! Toggle word wrap Toggle overflow To create an
opensslbuild conditional, defaulting to opposite ofgnutls:%bcond openssl %{without gnutls}%bcond openssl %{without gnutls}Copy to Clipboard Copied! Toggle word wrap Toggle overflow
%patch Nno longer applies a patch number 0Previously, when you used the
%patch Nsyntax, whereNis the number of a patch, the syntax also applied the patch number 0 (Patch0) in addition to the patch specified byN.In RHEL 9.6, the
%patch Nsyntax has been fixed to only apply the patch numberN.ImportantIf you use the
%patchdirective without a patch number specified, as a shorthand for%patch 0,Patch0is applied. However, a warning is printed that suggests you use the explicit syntax, for example,%patch 0or%patch -P 0instead of%patchto apply thezero-thpatch.
RPM database based on sqlite
The RPM database is based on the sqlite library. Read-only support for BerkeleyDB databases has been retained for migration and query purposes.
New rpm-plugin-audit plugin
With this update, you can use a new rpm-plugin-audit plugin for issuing audit log events on transactions, previously built into RPM itself.
Increased parallelism in package builds
There have been numerous improvements to the way the package build process is parallelized. These improvements involve various buildroot policy scripts and sanity checks, file classification, and subpackage creation and ordering. As a result, package builds on multiprocessor systems, particularly for large packages, should now be faster and more efficient.
Enforced UTF-8 validation of header data at build-time
With this update, UTF-8 validation of header data is enforced at build-time.
RPM supports the Zstandard (zstd) compression algorithm
In RHEL 9, the default RPM compression algorithm has switched to Zstandard (zstd). As a result, packages now install faster, which can be especially noticeable during large transactions.
RPM records a checksum of the original package during installation
Starting from RHEL 9.7, RPM records the SHA256 and SHA512 digests of the entire .rpm package during its installation. You can then retrieve these digests from the RPM database to verify that the installed package corresponds to a specific .rpm file. As a result, you can improve the integrity of your RHEL system by retrospectively verifying that the installed package set matches, bit-by-bit, a known set of .rpm packages, such as the ones available in a DNF repository. To print the package digests of an installed package, use the following command:
rpm -q --qf "[%{packagedigestalgos:hashalgo} %{packagedigests}\n]" <package-name>
$ rpm -q --qf "[%{packagedigestalgos:hashalgo} %{packagedigests}\n]" <package-name>
You can also customize which digest types are recorded in the database by configuring the new %_pkgverify_digests macro, for example:
%_pkgverify_digests 8:10
%_pkgverify_digests 8:10RPM supports spec-local file attributes and dependency generators
File attributes and their dependency generators are usually shipped in separate packages that you must install prior to building a package that uses these attributes. However, you might need a file attribute to take effect during the build of the package that ships this attribute. You might also need the file attribute just for building the package, without shipping the attribute at all.
Starting from RHEL 9.7, you can register spec-local file attributes and generators by performing the following actions:
-
Define the
%_local_file_attrsmacro.%_local_file_attrsaccepts a colon-separated list of new attribute names to register directly in yourspecfile. -
Define one or more dependency generator macros for each attribute, such as
%__NAME_providesor%__NAME_path, whereNAMEis the name of the local file attribute.
RPM then uses the file attributes for dependency generation when the spec file is built. As a result, you can create build-time file attributes that are not necessarily meant for installation.
For example, the following spec file snippet generates the provides for each packaged file by using the foobar.sh script bundled with your package’s sources:
Source1: foobar.sh
[...]
%define _local_file_attrs foobar
%define foobar_provides %{SOURCE1} %define foobar_path .*
Source1: foobar.sh
[...]
%define _local_file_attrs foobar
%define foobar_provides %{SOURCE1} %define foobar_path .*
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}