diff options
Diffstat (limited to 'nixpkgs/nixos/doc/manual/release-notes/rl-1609.xml')
| -rw-r--r-- | nixpkgs/nixos/doc/manual/release-notes/rl-1609.xml | 277 |
1 files changed, 277 insertions, 0 deletions
diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-1609.xml b/nixpkgs/nixos/doc/manual/release-notes/rl-1609.xml new file mode 100644 index 000000000000..4a2343edc970 --- /dev/null +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-1609.xml @@ -0,0 +1,277 @@ +<section xmlns="http://docbook.org/ns/docbook" + xmlns:xlink="http://www.w3.org/1999/xlink" + xmlns:xi="http://www.w3.org/2001/XInclude" + version="5.0" + xml:id="sec-release-16.09"> + <title>Release 16.09 (“Flounder”, 2016/09/30)</title> + + <para> + In addition to numerous new and upgraded packages, this release has the + following highlights: + </para> + + <itemizedlist> + <listitem> + <para> + Many NixOS configurations and Nix packages now use significantly less disk + space, thanks to the + <link + xlink:href="https://github.com/NixOS/nixpkgs/issues/7117">extensive + work on closure size reduction</link>. For example, the closure size of a + minimal NixOS container went down from ~424 MiB in 16.03 to ~212 MiB in + 16.09, while the closure size of Firefox went from ~651 MiB to ~259 MiB. + </para> + </listitem> + <listitem> + <para> + To improve security, packages are now + <link + xlink:href="https://github.com/NixOS/nixpkgs/pull/12895">built + using various hardening features</link>. See the Nixpkgs manual for more + information. + </para> + </listitem> + <listitem> + <para> + Support for PXE netboot. See <xref + linkend="sec-booting-from-pxe" /> + for documentation. + </para> + </listitem> + <listitem> + <para> + X.org server 1.18. If you use the <literal>ati_unfree</literal> driver, + 1.17 is still used due to an ABI incompatibility. + </para> + </listitem> + <listitem> + <para> + This release is based on Glibc 2.24, GCC 5.4.0 and systemd 231. The default + Linux kernel remains 4.4. + </para> + </listitem> + </itemizedlist> + + <para> + The following new services were added since the last release: + </para> + + <itemizedlist> + <listitem> + <para> + <literal>(this will get automatically generated at release time)</literal> + </para> + </listitem> + </itemizedlist> + + <para> + When upgrading from a previous release, please be aware of the following + incompatible changes: + </para> + + <itemizedlist> + <listitem> + <para> + A large number of packages have been converted to use the multiple outputs + feature of Nix to greatly reduce the amount of required disk space, as + mentioned above. This may require changes to any custom packages to make + them build again; see the relevant chapter in the Nixpkgs manual for more + information. (Additional caveat to packagers: some packaging conventions + related to multiple-output packages + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/14766">were + changed</link> late (August 2016) in the release cycle and differ from the + initial introduction of multiple outputs.) + </para> + </listitem> + <listitem> + <para> + Previous versions of Nixpkgs had support for all versions of the LTS + Haskell package set. That support has been dropped. The previously provided + <literal>haskell.packages.lts-x_y</literal> package sets still exist in + name to aviod breaking user code, but these package sets don't actually + contain the versions mandated by the corresponding LTS release. Instead, + our package set it loosely based on the latest available LTS release, i.e. + LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will + drop those old names entirely. + <link + xlink:href="https://nixos.org/nix-dev/2016-June/020585.html">The + motivation for this change</link> has been discussed at length on the + <literal>nix-dev</literal> mailing list and in + <link + xlink:href="https://github.com/NixOS/nixpkgs/issues/14897">Github + issue #14897</link>. Development strategies for Haskell hackers who want to + rely on Nix and NixOS have been described in + <link + xlink:href="https://nixos.org/nix-dev/2016-June/020642.html">another + nix-dev article</link>. + </para> + </listitem> + <listitem> + <para> + Shell aliases for systemd sub-commands + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/15598">were + dropped</link>: <command>start</command>, <command>stop</command>, + <command>restart</command>, <command>status</command>. + </para> + </listitem> + <listitem> + <para> + Redis now binds to 127.0.0.1 only instead of listening to all network + interfaces. This is the default behavior of Redis 3.2 + </para> + </listitem> + <listitem> + <para> + <literal>/var/empty</literal> is now immutable. Activation script runs + <command>chattr +i</command> to forbid any modifications inside the folder. + See <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18365"> the + pull request</link> for what bugs this caused. + </para> + </listitem> + <listitem> + <para> + Gitlab's maintainance script <command>gitlab-runner</command> was removed + and split up into the more clearer <command>gitlab-run</command> and + <command>gitlab-rake</command> scripts, because + <command>gitlab-runner</command> is a component of Gitlab CI. + </para> + </listitem> + <listitem> + <para> + <literal>services.xserver.libinput.accelProfile</literal> default changed + from <literal>flat</literal> to <literal>adaptive</literal>, as per + <link xlink:href="https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79"> + official documentation</link>. + </para> + </listitem> + <listitem> + <para> + <literal>fonts.fontconfig.ultimate.rendering</literal> was removed because + our presets were obsolete for some time. New presets are hardcoded into + FreeType; you can select a preset via + <literal>fonts.fontconfig.ultimate.preset</literal>. You can customize + those presets via ordinary environment variables, using + <literal>environment.variables</literal>. + </para> + </listitem> + <listitem> + <para> + The <literal>audit</literal> service is no longer enabled by default. Use + <literal>security.audit.enable = true</literal> to explicitly enable it. + </para> + </listitem> + <listitem> + <para> + <literal>pkgs.linuxPackages.virtualbox</literal> now contains only the + kernel modules instead of the VirtualBox user space binaries. If you want + to reference the user space binaries, you have to use the new + <literal>pkgs.virtualbox</literal> instead. + </para> + </listitem> + <listitem> + <para> + <literal>goPackages</literal> was replaced with separated Go applications + in appropriate <literal>nixpkgs</literal> categories. Each Go package uses + its own dependency set. There's also a new <literal>go2nix</literal> tool + introduced to generate a Go package definition from its Go source + automatically. + </para> + </listitem> + <listitem> + <para> + <literal>services.mongodb.extraConfig</literal> configuration format was + changed to YAML. + </para> + </listitem> + <listitem> + <para> + PHP has been upgraded to 7.0 + </para> + </listitem> + </itemizedlist> + + <para> + Other notable improvements: + </para> + + <itemizedlist> + <listitem> + <para> + Revamped grsecurity/PaX support. There is now only a single general-purpose + distribution kernel and the configuration interface has been streamlined. + Desktop users should be able to simply set +<programlisting>security.grsecurity.enable = true</programlisting> + to get a reasonably secure system without having to sacrifice too much + functionality. + </para> + </listitem> + <listitem> + <para> + Special filesystems, like <literal>/proc</literal>, <literal>/run</literal> + and others, now have the same mount options as recommended by systemd and + are unified across different places in NixOS. Mount options are updated + during <command>nixos-rebuild switch</command> if possible. One benefit + from this is improved security — most such filesystems are now mounted + with <literal>noexec</literal>, <literal>nodev</literal> and/or + <literal>nosuid</literal> options. + </para> + </listitem> + <listitem> + <para> + The reverse path filter was interfering with DHCPv4 server operation in the + past. An exception for DHCPv4 and a new option to log packets that were + dropped due to the reverse path filter was added + (<literal>networking.firewall.logReversePathDrops</literal>) for easier + debugging. + </para> + </listitem> + <listitem> + <para> + Containers configuration within + <literal>containers.<name>.config</literal> is + <link + xlink:href="https://github.com/NixOS/nixpkgs/pull/17365">now + properly typed and checked</link>. In particular, partial configurations + are merged correctly. + </para> + </listitem> + <listitem> + <para> + The directory container setuid wrapper programs, + <filename>/var/setuid-wrappers</filename>, + <link + xlink:href="https://github.com/NixOS/nixpkgs/pull/18124">is now + updated atomically to prevent failures if the switch to a new configuration + is interrupted.</link> + </para> + </listitem> + <listitem> + <para> + <literal>services.xserver.startGnuPGAgent</literal> has been removed due to + GnuPG 2.1.x bump. See + <link + xlink:href="https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c"> + how to achieve similar behavior</link>. You might need to <literal>pkill + gpg-agent</literal> after the upgrade to prevent a stale agent being in the + way. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/NixOS/nixpkgs/commit/e561edc322d275c3687fec431935095cfc717147"> + Declarative users could share the uid due to the bug in the script handling + conflict resolution. </link> + </para> + </listitem> + <listitem> + <para> + Gummi boot has been replaced using systemd-boot. + </para> + </listitem> + <listitem> + <para> + Hydra package and NixOS module were added for convenience. + </para> + </listitem> + </itemizedlist> +</section> |