diff options
Diffstat (limited to 'nixos/doc/manual/release-notes')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1404.xml | 2 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1509.xml | 4 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1603.xml | 2 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2003.xml | 14 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2009.xml | 213 |
5 files changed, 173 insertions, 62 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1404.xml b/nixos/doc/manual/release-notes/rl-1404.xml index 8d8cea4303a3..56dbb74a71d5 100644 --- a/nixos/doc/manual/release-notes/rl-1404.xml +++ b/nixos/doc/manual/release-notes/rl-1404.xml @@ -49,7 +49,7 @@ <para> Nix has been updated to 1.7 (<link - xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.7">details</link>). + xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-1.7">details</link>). </para> </listitem> <listitem> diff --git a/nixos/doc/manual/release-notes/rl-1509.xml b/nixos/doc/manual/release-notes/rl-1509.xml index 5c4d99701785..098c8c5095b2 100644 --- a/nixos/doc/manual/release-notes/rl-1509.xml +++ b/nixos/doc/manual/release-notes/rl-1509.xml @@ -22,7 +22,7 @@ in excess of 8,000 Haskell packages. Detailed instructions on how to use that infrastructure can be found in the <link - xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's + xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's Guide to the Haskell Infrastructure</link>. Users migrating from an earlier release may find helpful information below, in the list of backwards-incompatible changes. Furthermore, we distribute 51(!) additional @@ -555,7 +555,7 @@ nix-env -f "<nixpkgs>" -iA haskellPackages.pandoc the compiler now is the <literal>haskellPackages.ghcWithPackages</literal> function. The <link - xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's + xlink:href="https://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's Guide to the Haskell Infrastructure</link> provides more information about this subject. </para> diff --git a/nixos/doc/manual/release-notes/rl-1603.xml b/nixos/doc/manual/release-notes/rl-1603.xml index 9b512c4b1e58..6d4b28825fa9 100644 --- a/nixos/doc/manual/release-notes/rl-1603.xml +++ b/nixos/doc/manual/release-notes/rl-1603.xml @@ -54,7 +54,7 @@ xlink:href="https://reproducible-builds.org/specs/source-date-epoch/">SOURCE_DATE_EPOCH</envar> to a deterministic value, and Nix has <link - xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.11">gained + xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-1.11">gained an option</link> to repeat a build a number of times to test determinism. An ongoing project, the goal of exact reproducibility is to allow binaries to be verified independently (e.g., a user might only trust binaries that diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index 8f97de24ab12..393a9286ca4f 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -3,7 +3,7 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-20.03"> - <title>Release 20.03 (“Markhor”, 2020.03/??)</title> + <title>Release 20.03 (“Markhor”, 2020.04/20)</title> <section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" @@ -935,8 +935,8 @@ services.dnsmasq.servers = [ "127.0.0.1#43" ]; </listitem> <listitem> <para> - Haskell <varname>env</varname> and <varname>shellFor</varname> dev shell environments now organized dependencies the same way as regular builds. - In particular, rather than receiving all the different lists of dependencies master together as one big lists, and then partitioning into Haskell and non-Hakell dependencies, they work from the original many different dependency parameters and don't need to algorithmically partition anything. + Haskell <varname>env</varname> and <varname>shellFor</varname> dev shell environments now organize dependencies the same way as regular builds. + In particular, rather than receiving all the different lists of dependencies mashed together as one big list, and then partitioning into Haskell and non-Hakell dependencies, they work from the original many different dependency parameters and don't need to algorithmically partition anything. </para> <para> This means that if you incorrectly categorize a dependency, e.g. non-Haskell library dependency as a <varname>buildDepends</varname> or run-time Haskell dependency as a <varname>setupDepends</varname>, whereas things would have worked before they may not work now. @@ -1145,9 +1145,11 @@ systemd.services.nginx.serviceConfig.User = lib.mkForce "root"; As well as this, the options <literal>security.acme.acceptTerms</literal> and either <literal>security.acme.email</literal> or <literal>security.acme.certs.<name>.email</literal> must be set in order to use the ACME module. - Certificates will be regenerated anew on the next renewal date. The credentials for simp-le are - preserved and thus it is possible to roll back to previous versions without breaking certificate - generation. + Certificates will be regenerated on activation, no account or certificate will be migrated from simp-le. + In particular private keys will not be preserved. However, the credentials for simp-le are preserved and + thus it is possible to roll back to previous versions without breaking certificate generation. + Note also that in contrary to simp-le a new private key is recreated at each renewal by default, which can + have consequences if you embed your public key in apps. </para> </listitem> <listitem> diff --git a/nixos/doc/manual/release-notes/rl-2009.xml b/nixos/doc/manual/release-notes/rl-2009.xml index 0f22f4331f4d..5b1d04e4bc16 100644 --- a/nixos/doc/manual/release-notes/rl-2009.xml +++ b/nixos/doc/manual/release-notes/rl-2009.xml @@ -28,6 +28,11 @@ </listitem> <listitem> <para> + We now distribute a GNOME ISO. + </para> + </listitem> + <listitem> + <para> PHP now defaults to PHP 7.4, updated from 7.3. </para> </listitem> @@ -40,6 +45,22 @@ make use of these new options instead. </para> </listitem> + <listitem> + <para> + There is a new module for Podman(<varname>virtualisation.podman</varname>), a drop-in replacement for the Docker command line. + </para> + </listitem> + <listitem> + <para> + The new <varname>virtualisation.containers</varname> module manages configuration shared by the CRI-O and Podman modules. + </para> + </listitem> + <listitem> + <para> + Declarative Docker containers are renamed from <varname>docker-containers</varname> to <varname>virtualisation.oci-containers.containers</varname>. + This is to make it possible to use <literal>podman</literal> instead of <literal>docker</literal>. + </para> + </listitem> </itemizedlist> </section> @@ -56,7 +77,9 @@ <itemizedlist> <listitem> - <para /> + <para> + There is a new <xref linkend="opt-security.doas.enable"/> module that provides <command>doas</command>, a lighter alternative to <command>sudo</command> with many of the same features. + </para> </listitem> </itemizedlist> @@ -130,69 +153,69 @@ </listitem> <listitem> <para> - Since this release there's an easy way to customize your PHP install to get a much smaller - base PHP with only wanted extensions enabled. See the following snippet installing a smaller PHP - with the extensions <literal>imagick</literal>, <literal>opcache</literal> and + Since this release there's an easy way to customize your PHP + install to get a much smaller base PHP with only wanted + extensions enabled. See the following snippet installing a + smaller PHP with the extensions <literal>imagick</literal>, + <literal>opcache</literal>, <literal>pdo</literal> and <literal>pdo_mysql</literal> loaded: <programlisting> environment.systemPackages = [ -(pkgs.php.buildEnv { extensions = pp: with pp; [ - imagick - opcache - pdo_mysql - ]; }) + (pkgs.php.withExtensions + ({ all, ... }: with all; [ + imagick + opcache + pdo + pdo_mysql + ]) + ) ];</programlisting> - The default <literal>php</literal> attribute hasn't lost any extensions - - the <literal>opcache</literal> extension was added there. + The default <literal>php</literal> attribute hasn't lost any + extensions. The <literal>opcache</literal> extension has been + added. All upstream PHP extensions are available under <package><![CDATA[php.extensions.<name?>]]></package>. </para> <para> - The updated <literal>php</literal> attribute is now easily customizable to your liking - by using extensions instead of writing config files or changing configure flags. - - Therefore we have removed the following configure flags: + All PHP <literal>config</literal> flags have been removed for + the following reasons: <itemizedlist> - <title>PHP <literal>config</literal> flags that we don't read anymore:</title> - <listitem><para><literal>config.php.argon2</literal></para></listitem> - <listitem><para><literal>config.php.bcmath</literal></para></listitem> - <listitem><para><literal>config.php.bz2</literal></para></listitem> - <listitem><para><literal>config.php.calendar</literal></para></listitem> - <listitem><para><literal>config.php.curl</literal></para></listitem> - <listitem><para><literal>config.php.exif</literal></para></listitem> - <listitem><para><literal>config.php.ftp</literal></para></listitem> - <listitem><para><literal>config.php.gd</literal></para></listitem> - <listitem><para><literal>config.php.gettext</literal></para></listitem> - <listitem><para><literal>config.php.gmp</literal></para></listitem> - <listitem><para><literal>config.php.imap</literal></para></listitem> - <listitem><para><literal>config.php.intl</literal></para></listitem> - <listitem><para><literal>config.php.ldap</literal></para></listitem> - <listitem><para><literal>config.php.libxml2</literal></para></listitem> - <listitem><para><literal>config.php.libzip</literal></para></listitem> - <listitem><para><literal>config.php.mbstring</literal></para></listitem> - <listitem><para><literal>config.php.mysqli</literal></para></listitem> - <listitem><para><literal>config.php.mysqlnd</literal></para></listitem> - <listitem><para><literal>config.php.openssl</literal></para></listitem> - <listitem><para><literal>config.php.pcntl</literal></para></listitem> - <listitem><para><literal>config.php.pdo_mysql</literal></para></listitem> - <listitem><para><literal>config.php.pdo_odbc</literal></para></listitem> - <listitem><para><literal>config.php.pdo_pgsql</literal></para></listitem> - <listitem><para><literal>config.php.phpdbg</literal></para></listitem> - <listitem><para><literal>config.php.postgresql</literal></para></listitem> - <listitem><para><literal>config.php.readline</literal></para></listitem> - <listitem><para><literal>config.php.soap</literal></para></listitem> - <listitem><para><literal>config.php.sockets</literal></para></listitem> - <listitem><para><literal>config.php.sodium</literal></para></listitem> - <listitem><para><literal>config.php.sqlite</literal></para></listitem> - <listitem><para><literal>config.php.tidy</literal></para></listitem> - <listitem><para><literal>config.php.xmlrpc</literal></para></listitem> - <listitem><para><literal>config.php.xsl</literal></para></listitem> - <listitem><para><literal>config.php.zip</literal></para></listitem> - <listitem><para><literal>config.php.zlib</literal></para></listitem> + <listitem> + <para> + The updated <literal>php</literal> attribute is now easily + customizable to your liking by using + <literal>php.withExtensions</literal> or + <literal>php.buildEnv</literal> instead of writing config files + or changing configure flags. + </para> + </listitem> + <listitem> + <para> + The remaining configuration flags can now be set directly on + the <literal>php</literal> attribute. For example, instead of + + <programlisting> +php.override { + config.php.embed = true; + config.php.apxs2 = false; +} + </programlisting> + + you should now write + + <programlisting> +php.override { + embedSupport = true; + apxs2Support = false; +} + </programlisting> + </para> + </listitem> </itemizedlist> + </para> </listitem> <listitem> @@ -212,7 +235,16 @@ environment.systemPackages = [ Be aware that backwards state migrations are not supported by Deluge. </para> </listitem> - + <listitem> + <para> + Add option <literal>services.nginx.enableSandbox</literal> to starting Nginx web server with additional sandbox/hardening options. + By default, write access to <literal>services.nginx.stateDir</literal> is allowed. To allow writing to other folders, + use <literal>systemd.services.nginx.serviceConfig.ReadWritePaths</literal> + <programlisting> +systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www" ]; + </programlisting> + </para> + </listitem> <listitem> <para> The NixOS options <literal>nesting.clone</literal> and @@ -256,6 +288,71 @@ environment.systemPackages = [ </programlisting> </para> </listitem> + <listitem> + <para> + The Nginx log directory has been moved to <literal>/var/log/nginx</literal>, the cache directory + to <literal>/var/cache/nginx</literal>. The option <literal>services.nginx.stateDir</literal> has + been removed. + </para> + </listitem> + <listitem> + <para> + The httpd web server previously started its main process as root + privileged, then ran worker processes as a less privileged identity user. + This was changed to start all of httpd as a less privileged user (defined by + <xref linkend="opt-services.httpd.user"/> and + <xref linkend="opt-services.httpd.group"/>). As a consequence, all files that + are needed for httpd to run (included configuration fragments, SSL + certificates and keys, etc.) must now be readable by this less privileged + user/group. + </para> + <para> + The default value for <xref linkend="opt-services.httpd.mpm"/> + has been changed from <literal>prefork</literal> to <literal>event</literal>. Along with + this change the default value for + <link linkend="opt-services.httpd.virtualHosts">services.httpd.virtualHosts.<name>.http2</link> + has been set to <literal>true</literal>. + </para> + </listitem> + <listitem> + <para> + The <literal>systemd-networkd</literal> option + <literal>systemd.network.networks.<name>.dhcp.CriticalConnection</literal> + has been removed following upstream systemd's deprecation of the same. It is recommended to use + <literal>systemd.network.networks.<name>.networkConfig.KeepConfiguration</literal> instead. + See <citerefentry><refentrytitle>systemd.network</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details. + </para> + </listitem> + <listitem> + <para> + The <literal>systemd-networkd</literal> option + <literal>systemd.network.networks._name_.dhcpConfig</literal> + has been renamed to + <xref linkend="opt-systemd.network.networks._name_.dhcpV4Config"/> + following upstream systemd's documentation change. + See <citerefentry><refentrytitle>systemd.network</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> for details. + </para> + </listitem> + <listitem> + <para> + In the <literal>picom</literal> module, several options that accepted + floating point numbers encoded as strings (for example + <xref linkend="opt-services.picom.activeOpacity"/>) have been changed + to the (relatively) new native <literal>float</literal> type. To migrate + your configuration simply remove the quotes around the numbers. + </para> + </listitem> + <listitem> + <para> + When using <literal>buildBazelPackage</literal> from Nixpkgs, + <literal>flat</literal> hash mode is now used for dependencies + instead of <literal>recursive</literal>. This is to better allow + using hashed mirrors where needed. As a result, these hashes + will have changed. + </para> + </listitem> </itemizedlist> </section> @@ -269,6 +366,13 @@ environment.systemPackages = [ <itemizedlist> <listitem> <para> + <option>services.journald.rateLimitBurst</option> was updated from + <literal>1000</literal> to <literal>10000</literal> to follow the new + upstream systemd default. + </para> + </listitem> + <listitem> + <para> The <package>notmuch</package> package move its emacs-related binaries and emacs lisp files to a separate output. They're not part of the default <literal>out</literal> output anymore - if you relied on the @@ -276,6 +380,11 @@ environment.systemPackages = [ the <literal>notmuch.emacs</literal> output. </para> </listitem> + <listitem> + <para> + The default output of <literal>buildGoPackage</literal> is now <literal>$out</literal> instead of <literal>$bin</literal>. + </para> + </listitem> </itemizedlist> </section> </section> |