RPM and DNF features and enhancements in Red Hat Enterprise Linux 10.1

Red Hat Enterprise Linux 10.1 (RHEL) features some significant updates to RPM and DNF, two technologies designed to help you manage software installs and updates. The RPM package manager (RPM) creates installation files used to install and uninstall an application, and that can be queried for information about what libraries and binaries the application contains. The dnf command is the tool used on RHEL to search for available applications, and then to install, update, or uninstall them. These are important components of a computer system, so we've worked hard to improve them.

RPM signature improvements

As we prepare for the next generation of security threats and adapt to the new and evolving post-quantum computing world, we've made a number of enhancements to RPM's signature capabilities. RPM signatures are a security feature used with RPM packages to verify the package's authenticity and integrity, ensuring it came from a trusted source and hasn't been tampered with since it was signed. These changes include improvements to support differing formats and algorithms, and adding options that give customers greater control over managing signatures. It offers select signature algorithms of your choice like ML-DSA, which can be used for post-quantum signing.

The introduction of RPMv6 signatures enables multiple signatures per package and adds support for the new, stronger OpenPGP v6 standard. OpenPGP v6 is the latest version of the OpenPGP cryptographic standard, finalized as RFC 9580, which updates the standard with modern cryptographic practices. Customers will also have the freedom to select signature algorithms of their choice.

These new features ultimately enable us to ship packages with a set of signatures utilizing different algorithms currently thought to be post-quantum safe. Should an algorithm get compromised at any point, it can be disabled through a system-wide policy while still ensuring the cryptographic integrity of the software with other signatures, thus providing a smooth user experience to a critical and complex area.

Modularity and DNF

Modularity was a packaging system for managing multiple software versions of applications, and it has been deprecated in favour of simpler and versioned RPMs. DNF now issues deprecation warnings so that you may prepare for modularity's eventual sunsetting.

Better software management

To manage a system well, it's vital for you to be able to analyze and understand what's installed, what's running, and what needs updating. RPM and DNF are two foundational technologies used to create a RHEL release, and to keep it current. The better those tools are, the better you can stay informed about your RHEL machines. The latest updates to them ensures that you've got a powerful and user-friendly software management solution for your most important systems.

For more information about these new enhancements, please review the RHEL documentation.