Bug 7608 - RPM v3 packages are deprecated
Summary: RPM v3 packages are deprecated
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Build system (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.14.0
Assignee: Linn
URL:
Keywords: prosaic, samuel_tester
Depends on:
Blocks:
 
Reported: 2020-12-10 16:42 CET by Samuel Mannehed
Modified: 2021-10-11 15:46 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:
* rpms built with repo/rebuild should no longer give deprecation warnings when installed with RPM 4.16 or newer * rpms built with repo/rebuild should still be installable with older versions of RPM

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Samuel Mannehed cendio 2020-12-10 16:42:22 CET 
On my Fedora 33 with RPM 4.16.0 I get warnings when running repo/rebuild:

> warning: RPM v3 packages are deprecated: cendio-build-filesystem-armhf-1-3.noarch
> warning: RPM v3 packages are deprecated: cendio-build-kernel-headers-native-armhf-2.6.34.1-1.noarch
> warning: RPM v3 packages are deprecated: cendio-build-glibc-native-armhf-2.12.2-4.noarch
> warning: RPM v3 packages are deprecated: cendio-build-tar-armhf-1.20-1.noarch
> warning: RPM v3 packages are deprecated: cendio-build-findutils-armhf-4.4.0-3.noarch
> warning: RPM v3 packages are deprecated: cendio-build-gawk-armhf-3.1.6-1.noarch
> warning: RPM v3 packages are deprecated: cendio-build-m4-armhf-1.4.16-1.noarch
> warning: RPM v3 packages are deprecated: cendio-build-sed-armhf-4.5.0-1.noarch
> warning: RPM v3 packages are deprecated: cendio-build-zlib-native-armhf-1.2.11-2.noarch
> warning: RPM v3 packages are deprecated: cendio-build-binutils-native-armhf-2.25-1.noarch
> ....

I found this:

https://github.com/rpm-software-management/rpm/blob/master/lib/package.c

This seems like the trigger:

    /*
     * Convert legacy headers on the fly. Not having immutable region
     * equals a truly ancient package, do full retrofit. OTOH newer
     * packages might have been built with --nodirtokens, test and handle
     * the non-compressed filelist case separately.
     */
    if (!headerIsEntry(h, RPMTAG_HEADERIMMUTABLE)) {
	v3 = 1;
	headerConvert(h, HEADERCONV_RETROFIT_V3);
    } else if (headerIsEntry(h, RPMTAG_OLDFILENAMES)) {
	headerConvert(h, HEADERCONV_COMPRESSFILELIST);
	v3 = 1;
    }
    if (v3) {
	char *s = headerGetAsString(h, RPMTAG_NEVRA);
	rpmlog(RPMLOG_WARNING, _("RPM v3 packages are deprecated: %s\n"), s);
	free(s);
    }
Comment 1 Samuel Mannehed cendio 2020-12-17 14:36:02 CET 
The RPM Groups tag is also deprecated:

https://fedoraproject.org/wiki/RPMGroups
Comment 2 Pierre Ossman cendio 2020-12-17 14:47:27 CET 
That note is only for Fedora's packaging guidelines, not RPM itself.

Still, we might look at Fedora for best-practices.
Comment 3 Pierre Ossman cendio 2021-08-30 14:27:58 CEST 
Upstream details on this deprecation:

https://github.com/rpm-software-management/rpm/issues/1107
Comment 4 Linn cendio 2021-10-04 17:00:09 CEST 
This warning was introduced in RPM v. 4.16 [1], through this merged pull request:
https://github.com/rpm-software-management/rpm/pull/1109


Ran repo/rebuild on Fedora 33 with RPM v. 4.16.1, which gave the same warning as in comment 0:
> 08:59:06 [linma@localhost cendio-build]$ repo/rebuild
> ...
> warning: RPM v3 packages are deprecated: cendio-build-filesystem-i386-1-3.noarch
> warning: RPM v3 packages are deprecated: cendio-build-kernel-headers-i386-2.6.34.1-1.noarch
> warning: RPM v3 packages are deprecated: cendio-build-glibc-i386-2.12.2-4.noarch
> ...

Also ran repo/rebuild on RHEL 8 with RPM v. 4.14.3, which instead gave this warning message:
> ...
>  warning: /home/cendio/cenbuild/repo/cache/cendio-build-filesystem-x86_64-1-3.noarch.rpm: Header V4 RSA/SHA256 Signature, key ID 7b1eb1aa: NOKEY
> Downloading cendio-build-kernel-headers-x86_64 (2.6.34.1-1)
> Installing cendio-build-kernel-headers-x86_64 (2.6.34.1-1)
> warning: /home/cendio/cenbuild/repo/cache/cendio-build-kernel-headers-x86_64-2.6.34.1-1.noarch.rpm: Header V4 RSA/SHA1 Signature, key ID 7b1eb1aa: NOKEY
> ...

[1]: https://rpm.org/wiki/Releases/4.16.0
Comment 5 Linn cendio 2021-10-04 17:01:59 CEST 
As a guide line for the acceptance criteria to still work on older dists, repo/rebuild should at least work on RHEL 8, which has RPM v. 4.14.
Comment 7 Linn cendio 2021-10-08 14:04:38 CEST 
Tested running repo/rebuild on Fedora 33 and RHEL 8, and packages that have been rebuilt this way no longer give deprecation warnings when installed. 

However, note that packages that have not yet been rebuilt still will give warnings when installed.
Comment 8 Linn cendio 2021-10-11 13:28:08 CEST 
Updated acceptance criteria to emphasise that it is the rpm built with repo/rebuild that no longer will give any warnings
Comment 9 Samuel Mannehed cendio 2021-10-11 15:46:04 CEST 
Looks good.

Using Fedora 34 with RPM 4.16.1.3 I have verified the issue when building 'cendio-build-openssl' and 'cendio-build-filesystem' with a cenbuild checkout before the fix in r37464, the v3 warning is printed by repo/rebuild. Checking the RPM contents using 'rpmfile' also prints the same v3 warning prior to the fix.

When building packages with an updated repo/rebuild I did not see any warnings for the new packages. The 'rpmfile' command didn't report any warnings. The new packages installed without issues on Fedora 34.

When comparing the difference in rpmfile output between cendio-build-openssl before and after the change, the only thing that changed was the libcrypto.so file (because I bumped the release number).

Using SLES 12 with RPM 4.11 I could also verify that 'cendio-build-filesystem' and it's dependency 'cendio-build-utils', built both before and after the change, could be installed successfully.

As noted in comment #7, we will continue to receive warnings for cendio-build packages when using repo/rebuild until all packages has been rebuilt and pushed to our repo.
Note You need to log in before you can comment on or make changes to this bug.