pyrox.dev
1<section xmlns="http://docbook.org/ns/docbook"
2 xmlns:xlink="http://www.w3.org/1999/xlink"
3 xmlns:xi="http://www.w3.org/2001/XInclude"
4 version="5.0"
5 xml:id="sec-release-15.09">
6
7<title>Release 15.09 (“Dingo”, 2015/09/30)</title>
8
9<para>In addition to numerous new and upgraded packages, this release
10has the following highlights:</para>
11
12<itemizedlist>
13
14 <listitem>
15 <para>The <link xlink:href="http://haskell.org/">Haskell</link>
16 packages infrastructure has been re-designed from the ground up
17 ("Haskell NG"). NixOS now distributes the latest version
18 of every single package registered on <link
19 xlink:href="http://hackage.haskell.org/">Hackage</link> -- well in
20 excess of 8,000 Haskell packages. Detailed instructions on how to
21 use that infrastructure can be found in the <link
22 xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
23 Guide to the Haskell Infrastructure</link>. Users migrating from an
24 earlier release may find helpful information below, in the list of
25 backwards-incompatible changes. Furthermore, we distribute 51(!)
26 additional Haskell package sets that provide every single <link
27 xlink:href="http://www.stackage.org/">LTS Haskell</link> release
28 since version 0.0 as well as the most recent <link
29 xlink:href="http://www.stackage.org/">Stackage Nightly</link>
30 snapshot. The announcement <link
31 xlink:href="http://lists.science.uu.nl/pipermail/nix-dev/2015-September/018138.html">"Full
32 Stackage Support in Nixpkgs"</link> gives additional
33 details.</para>
34 </listitem>
35
36 <listitem>
37 <para>Nix has been updated to version 1.10, which among other
38 improvements enables cryptographic signatures on binary caches for
39 improved security.</para>
40 </listitem>
41
42 <listitem>
43 <para>You can now keep your NixOS system up to date automatically
44 by setting
45
46<programlisting>
47system.autoUpgrade.enable = true;
48</programlisting>
49
50 This will cause the system to periodically check for updates in
51 your current channel and run <command>nixos-rebuild</command>.</para>
52 </listitem>
53
54 <listitem>
55 <para>This release is based on Glibc 2.21, GCC 4.9 and Linux
56 3.18.</para>
57 </listitem>
58
59 <listitem>
60 <para>GNOME has been upgraded to 3.16.
61 </para>
62 </listitem>
63
64 <listitem>
65 <para>Xfce has been upgraded to 4.12.
66 </para>
67 </listitem>
68
69 <listitem>
70 <para>KDE 5 has been upgraded to KDE Frameworks 5.10,
71 Plasma 5.3.2 and Applications 15.04.3.
72 KDE 4 has been updated to kdelibs-4.14.10.
73 </para>
74 </listitem>
75
76 <listitem>
77 <para>E19 has been upgraded to 0.16.8.15.
78 </para>
79 </listitem>
80
81</itemizedlist>
82
83
84<para>The following new services were added since the last release:
85
86 <itemizedlist>
87 <listitem><para><literal>services/mail/exim.nix</literal></para></listitem>
88 <listitem><para><literal>services/misc/apache-kafka.nix</literal></para></listitem>
89 <listitem><para><literal>services/misc/canto-daemon.nix</literal></para></listitem>
90 <listitem><para><literal>services/misc/confd.nix</literal></para></listitem>
91 <listitem><para><literal>services/misc/devmon.nix</literal></para></listitem>
92 <listitem><para><literal>services/misc/gitit.nix</literal></para></listitem>
93 <listitem><para><literal>services/misc/ihaskell.nix</literal></para></listitem>
94 <listitem><para><literal>services/misc/mbpfan.nix</literal></para></listitem>
95 <listitem><para><literal>services/misc/mediatomb.nix</literal></para></listitem>
96 <listitem><para><literal>services/misc/mwlib.nix</literal></para></listitem>
97 <listitem><para><literal>services/misc/parsoid.nix</literal></para></listitem>
98 <listitem><para><literal>services/misc/plex.nix</literal></para></listitem>
99 <listitem><para><literal>services/misc/ripple-rest.nix</literal></para></listitem>
100 <listitem><para><literal>services/misc/ripple-data-api.nix</literal></para></listitem>
101 <listitem><para><literal>services/misc/subsonic.nix</literal></para></listitem>
102 <listitem><para><literal>services/misc/sundtek.nix</literal></para></listitem>
103 <listitem><para><literal>services/monitoring/cadvisor.nix</literal></para></listitem>
104 <listitem><para><literal>services/monitoring/das_watchdog.nix</literal></para></listitem>
105 <listitem><para><literal>services/monitoring/grafana.nix</literal></para></listitem>
106 <listitem><para><literal>services/monitoring/riemann-tools.nix</literal></para></listitem>
107 <listitem><para><literal>services/monitoring/teamviewer.nix</literal></para></listitem>
108 <listitem><para><literal>services/network-filesystems/u9fs.nix</literal></para></listitem>
109 <listitem><para><literal>services/networking/aiccu.nix</literal></para></listitem>
110 <listitem><para><literal>services/networking/asterisk.nix</literal></para></listitem>
111 <listitem><para><literal>services/networking/bird.nix</literal></para></listitem>
112 <listitem><para><literal>services/networking/charybdis.nix</literal></para></listitem>
113 <listitem><para><literal>services/networking/docker-registry-server.nix</literal></para></listitem>
114 <listitem><para><literal>services/networking/fan.nix</literal></para></listitem>
115 <listitem><para><literal>services/networking/firefox/sync-server.nix</literal></para></listitem>
116 <listitem><para><literal>services/networking/gateone.nix</literal></para></listitem>
117 <listitem><para><literal>services/networking/heyefi.nix</literal></para></listitem>
118 <listitem><para><literal>services/networking/i2p.nix</literal></para></listitem>
119 <listitem><para><literal>services/networking/lambdabot.nix</literal></para></listitem>
120 <listitem><para><literal>services/networking/mstpd.nix</literal></para></listitem>
121 <listitem><para><literal>services/networking/nix-serve.nix</literal></para></listitem>
122 <listitem><para><literal>services/networking/nylon.nix</literal></para></listitem>
123 <listitem><para><literal>services/networking/racoon.nix</literal></para></listitem>
124 <listitem><para><literal>services/networking/skydns.nix</literal></para></listitem>
125 <listitem><para><literal>services/networking/shout.nix</literal></para></listitem>
126 <listitem><para><literal>services/networking/softether.nix</literal></para></listitem>
127 <listitem><para><literal>services/networking/sslh.nix</literal></para></listitem>
128 <listitem><para><literal>services/networking/tinc.nix</literal></para></listitem>
129 <listitem><para><literal>services/networking/tlsdated.nix</literal></para></listitem>
130 <listitem><para><literal>services/networking/tox-bootstrapd.nix</literal></para></listitem>
131 <listitem><para><literal>services/networking/tvheadend.nix</literal></para></listitem>
132 <listitem><para><literal>services/networking/zerotierone.nix</literal></para></listitem>
133 <listitem><para><literal>services/scheduling/marathon.nix</literal></para></listitem>
134 <listitem><para><literal>services/security/fprintd.nix</literal></para></listitem>
135 <listitem><para><literal>services/security/hologram.nix</literal></para></listitem>
136 <listitem><para><literal>services/security/munge.nix</literal></para></listitem>
137 <listitem><para><literal>services/system/cloud-init.nix</literal></para></listitem>
138 <listitem><para><literal>services/web-servers/shellinabox.nix</literal></para></listitem>
139 <listitem><para><literal>services/web-servers/uwsgi.nix</literal></para></listitem>
140 <listitem><para><literal>services/x11/unclutter.nix</literal></para></listitem>
141 <listitem><para><literal>services/x11/display-managers/sddm.nix</literal></para></listitem>
142 <listitem><para><literal>system/boot/coredump.nix</literal></para></listitem>
143 <listitem><para><literal>system/boot/loader/loader.nix</literal></para></listitem>
144 <listitem><para><literal>system/boot/loader/generic-extlinux-compatible</literal></para></listitem>
145 <listitem><para><literal>system/boot/networkd.nix</literal></para></listitem>
146 <listitem><para><literal>system/boot/resolved.nix</literal></para></listitem>
147 <listitem><para><literal>system/boot/timesyncd.nix</literal></para></listitem>
148 <listitem><para><literal>tasks/filesystems/exfat.nix</literal></para></listitem>
149 <listitem><para><literal>tasks/filesystems/ntfs.nix</literal></para></listitem>
150 <listitem><para><literal>tasks/filesystems/vboxsf.nix</literal></para></listitem>
151 <listitem><para><literal>virtualisation/virtualbox-host.nix</literal></para></listitem>
152 <listitem><para><literal>virtualisation/vmware-guest.nix</literal></para></listitem>
153 <listitem><para><literal>virtualisation/xen-dom0.nix</literal></para></listitem>
154 </itemizedlist>
155</para>
156
157
158<para>When upgrading from a previous release, please be aware of the
159following incompatible changes:
160
161<itemizedlist>
162
163<listitem><para><command>sshd</command> no longer supports DSA and ECDSA
164host keys by default. If you have existing systems with such host keys
165and want to continue to use them, please set
166
167<programlisting>
168system.stateVersion = "14.12";
169</programlisting>
170
171The new option <option>system.stateVersion</option> ensures that
172certain configuration changes that could break existing systems (such
173as the <command>sshd</command> host key setting) will maintain
174compatibility with the specified NixOS release. NixOps sets the state
175version of existing deployments automatically.</para></listitem>
176
177<listitem><para><command>cron</command> is no longer enabled by
178default, unless you have a non-empty
179<option>services.cron.systemCronJobs</option>. To force
180<command>cron</command> to be enabled, set
181<option>services.cron.enable = true</option>.</para></listitem>
182
183<listitem><para>Nix now requires binary caches to be cryptographically
184signed. If you have unsigned binary caches that you want to continue
185to use, you should set <option>nix.requireSignedBinaryCaches =
186false</option>.</para></listitem>
187
188<listitem><para>Steam now doesn't need root rights to work. Instead of using
189<literal>*-steam-chrootenv</literal>, you should now just run <literal>steam</literal>.
190<literal>steamChrootEnv</literal> package was renamed to <literal>steam</literal>,
191and old <literal>steam</literal> package -- to <literal>steamOriginal</literal>.
192</para></listitem>
193
194<listitem><para>CMPlayer has been renamed to bomi upstream. Package
195<literal>cmplayer</literal> was accordingly renamed to
196<literal>bomi</literal> </para></listitem>
197
198<listitem><para>Atom Shell has been renamed to Electron upstream. Package <literal>atom-shell</literal>
199was accordingly renamed to <literal>electron</literal>
200</para></listitem>
201
202<listitem><para>Elm is not released on Hackage anymore. You should now use <literal>elmPackages.elm</literal>
203which contains the latest Elm platform.</para></listitem>
204
205<listitem>
206 <para>The CUPS printing service has been updated to version
207 <literal>2.0.2</literal>. Furthermore its systemd service has been
208 renamed to <literal>cups.service</literal>.</para>
209
210 <para>Local printers are no longer shared or advertised by
211 default. This behavior can be changed by enabling
212 <option>services.printing.defaultShared</option> or
213 <option>services.printing.browsing</option> respectively.</para>
214</listitem>
215
216<listitem>
217 <para>
218 The VirtualBox host and guest options have been named more
219 consistently. They can now found in
220 <option>virtualisation.virtualbox.host.*</option> instead of
221 <option>services.virtualboxHost.*</option> and
222 <option>virtualisation.virtualbox.guest.*</option> instead of
223 <option>services.virtualboxGuest.*</option>.
224 </para>
225
226 <para>
227 Also, there now is support for the <literal>vboxsf</literal> file
228 system using the <option>fileSystems</option> configuration
229 attribute. An example of how this can be used in a configuration:
230
231<programlisting>
232fileSystems."/shiny" = {
233 device = "myshinysharedfolder";
234 fsType = "vboxsf";
235};
236</programlisting>
237
238 </para>
239</listitem>
240
241<listitem>
242 <para>
243 "<literal>nix-env -qa</literal>" no longer discovers
244 Haskell packages by name. The only packages visible in the global
245 scope are <literal>ghc</literal>, <literal>cabal-install</literal>,
246 and <literal>stack</literal>, but all other packages are hidden. The
247 reason for this inconvenience is the sheer size of the Haskell
248 package set. Name-based lookups are expensive, and most
249 <literal>nix-env -qa</literal> operations would become much slower
250 if we'd add the entire Hackage database into the top level attribute
251 set. Instead, the list of Haskell packages can be displayed by
252 running:
253 </para>
254 <programlisting>
255nix-env -f "<nixpkgs>" -qaP -A haskellPackages
256</programlisting>
257 <para>
258 Executable programs written in Haskell can be installed with:
259 </para>
260 <programlisting>
261nix-env -f "<nixpkgs>" -iA haskellPackages.pandoc
262</programlisting>
263 <para>
264 Installing Haskell <emphasis>libraries</emphasis> this way, however, is no
265 longer supported. See the next item for more details.
266 </para>
267</listitem>
268
269<listitem>
270 <para>
271 Previous versions of NixOS came with a feature called
272 <literal>ghc-wrapper</literal>, a small script that allowed GHC to
273 transparently pick up on libraries installed in the user's profile. This
274 feature has been deprecated; <literal>ghc-wrapper</literal> was removed
275 from the distribution. The proper way to register Haskell libraries with
276 the compiler now is the <literal>haskellPackages.ghcWithPackages</literal>
277 function. The <link
278 xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
279 Guide to the Haskell Infrastructure</link> provides more information about
280 this subject.
281 </para>
282</listitem>
283
284<listitem>
285 <para>
286 All Haskell builds that have been generated with version 1.x of
287 the <literal>cabal2nix</literal> utility are now invalid and need
288 to be re-generated with a current version of
289 <literal>cabal2nix</literal> to function. The most recent version
290 of this tool can be installed by running
291 <literal>nix-env -i cabal2nix</literal>.
292 </para>
293</listitem>
294
295<listitem>
296 <para>
297 The <literal>haskellPackages</literal> set in Nixpkgs used to have a
298 function attribute called <literal>extension</literal> that users
299 could override in their <literal>~/.nixpkgs/config.nix</literal>
300 files to configure additional attributes, etc. That function still
301 exists, but it's now called <literal>overrides</literal>.
302 </para>
303</listitem>
304
305<listitem>
306 <para>
307 The OpenBLAS library has been updated to version
308 <literal>0.2.14</literal>. Support for the
309 <literal>x86_64-darwin</literal> platform was added. Dynamic
310 architecture detection was enabled; OpenBLAS now selects
311 microarchitecture-optimized routines at runtime, so optimal
312 performance is achieved without the need to rebuild OpenBLAS
313 locally. OpenBLAS has replaced ATLAS in most packages which use an
314 optimized BLAS or LAPACK implementation.
315 </para>
316</listitem>
317
318<listitem>
319 <para>
320 The <literal>phpfpm</literal> is now using the default PHP version
321 (<literal>pkgs.php</literal>) instead of PHP 5.4 (<literal>pkgs.php54</literal>).
322 </para>
323</listitem>
324
325<listitem>
326 <para>
327 The <literal>locate</literal> service no longer indexes the Nix store
328 by default, preventing packages with potentially numerous versions from
329 cluttering the output. Indexing the store can be activated by setting
330 <option>services.locate.includeStore = true</option>.
331 </para>
332</listitem>
333
334<listitem>
335 <para>
336 The Nix expression search path (<envar>NIX_PATH</envar>) no longer
337 contains <filename>/etc/nixos/nixpkgs</filename> by default. You
338 can override <envar>NIX_PATH</envar> by setting
339 <option>nix.nixPath</option>.
340 </para>
341</listitem>
342
343<listitem>
344 <para>
345 Python 2.6 has been marked as broken (as it no longer recieves
346 security updates from upstream).
347 </para>
348</listitem>
349
350<listitem>
351 <para>
352 Any use of module arguments such as <varname>pkgs</varname> to access
353 library functions, or to define <literal>imports</literal> attributes
354 will now lead to an infinite loop at the time of the evaluation.
355 </para>
356
357 <para>
358 In case of an infinite loop, use the <command>--show-trace</command>
359 command line argument and read the line just above the error message.
360
361<screen>
362$ nixos-rebuild build --show-trace
363…
364while evaluating the module argument `pkgs' in "/etc/nixos/my-module.nix":
365infinite recursion encountered
366</screen>
367 </para>
368
369
370 <para>
371 Any use of <literal>pkgs.lib</literal>, should be replaced by
372 <varname>lib</varname>, after adding it as argument of the module. The
373 following module
374
375<programlisting>
376{ config, pkgs, ... }:
377
378with pkgs.lib;
379
380{
381 options = {
382 foo = mkOption { … };
383 };
384 config = mkIf config.foo { … };
385}
386</programlisting>
387
388 should be modified to look like:
389
390<programlisting>
391{ config, pkgs, lib, ... }:
392
393with lib;
394
395{
396 options = {
397 foo = mkOption { <replaceable>option declaration</replaceable> };
398 };
399 config = mkIf config.foo { <replaceable>option definition</replaceable> };
400}
401</programlisting>
402 </para>
403
404 <para>
405 When <varname>pkgs</varname> is used to download other projects to
406 import their modules, and only in such cases, it should be replaced by
407 <literal>(import <nixpkgs> {})</literal>. The following module
408
409<programlisting>
410{ config, pkgs, ... }:
411
412let
413 myProject = pkgs.fetchurl {
414 src = <replaceable>url</replaceable>;
415 sha256 = <replaceable>hash</replaceable>;
416 };
417in
418
419{
420 imports = [ "${myProject}/module.nix" ];
421}
422</programlisting>
423
424 should be modified to look like:
425
426<programlisting>
427{ config, pkgs, ... }:
428
429let
430 myProject = (import <nixpkgs> {}).fetchurl {
431 src = <replaceable>url</replaceable>;
432 sha256 = <replaceable>hash</replaceable>;
433 };
434in
435
436{
437 imports = [ "${myProject}/module.nix" ];
438}
439</programlisting>
440 </para>
441
442</listitem>
443
444</itemizedlist>
445</para>
446
447
448<para>Other notable improvements:
449
450<itemizedlist>
451
452 <listitem><para>The nixos and nixpkgs channels were unified,
453 so one <emphasis>can</emphasis> use <literal>nix-env -iA nixos.bash</literal>
454 instead of <literal>nix-env -iA nixos.pkgs.bash</literal>.
455 See <link xlink:href="https://github.com/NixOS/nixpkgs/commit/2cd7c1f198">the commit</link> for details.
456 </para></listitem>
457
458 <listitem>
459 <para>
460 Users running an SSH server who worry about the quality of their
461 <literal>/etc/ssh/moduli</literal> file with respect to the
462 <link
463 xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html">vulnerabilities
464 discovered in the Diffie-Hellman key exchange</link> can now
465 replace OpenSSH's default version with one they generated
466 themselves using the new
467 <option>services.openssh.moduliFile</option> option.
468 </para>
469 </listitem>
470
471 <listitem> <para>
472 A newly packaged TeX Live 2015 is provided in <literal>pkgs.texlive</literal>,
473 split into 6500 nix packages. For basic user documentation see
474 <link xlink:href="https://github.com/NixOS/nixpkgs/blob/release-15.09/pkgs/tools/typesetting/tex/texlive-new/default.nix#L1"
475 >the source</link>.
476 Beware of <link xlink:href="https://github.com/NixOS/nixpkgs/issues/9757"
477 >an issue</link> when installing a too large package set.
478
479 The plan is to deprecate and maybe delete the original TeX packages
480 until the next release.
481 </para> </listitem>
482
483 <listitem><para>
484 <option>buildEnv.env</option> on all Python interpreters
485 is now available for nix-shell interoperability.
486 </para> </listitem>
487</itemizedlist>
488
489</para>
490
491</section>