pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / doc / manual / release-notes / rl-1603.xml
at 16.09-beta 19 kB view raw
1<section xmlns="http://docbook.org/ns/docbook" 2 xmlns:xlink="http://www.w3.org/1999/xlink" 3 xmlns:xi="http://www.w3.org/2001/XInclude" 4 version="5.0" 5 xml:id="sec-release-16.03"> 6 7<title>Release 16.03 (“Emu”, 2016/03/31)</title> 8 9<para>In addition to numerous new and upgraded packages, this release 10has the following highlights:</para> 11 12<itemizedlist> 13 14 <listitem> 15 <para>Systemd 229, bringing <link 16 xlink:href="https://github.com/systemd/systemd/blob/v229/NEWS">numerous 17 improvements</link> over 217.</para> 18 </listitem> 19 20 <listitem> 21 <para>Linux 4.4 (was 3.18).</para> 22 </listitem> 23 24 <listitem> 25 <para>GCC 5.3 (was 4.9). Note that GCC 5 <link 26 xlink:href="https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html">changes 27 the C++ ABI in an incompatible way</link>; this may cause problems 28 if you try to link objects compiled with different versions of 29 GCC.</para> 30 </listitem> 31 32 <listitem> 33 <para>Glibc 2.23 (was 2.21).</para> 34 </listitem> 35 36 <listitem> 37 <para>Binutils 2.26 (was 2.23.1). See #909</para> 38 </listitem> 39 40 <listitem> 41 <para>Improved support for ensuring <link 42 xlink:href="https://reproducible-builds.org/">bitwise reproducible 43 builds</link>. For example, <literal>stdenv</literal> now sets the 44 environment variable <envar 45 xlink:href="https://reproducible-builds.org/specs/source-date-epoch/">SOURCE_DATE_EPOCH</envar> 46 to a deterministic value, and Nix has <link 47 xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.11">gained 48 an option</link> to repeat a build a number of times to test 49 determinism. An ongoing project, the goal of exact reproducibility 50 is to allow binaries to be verified independently (e.g., a user 51 might only trust binaries that appear in three independent binary 52 caches).</para> 53 </listitem> 54 55 <listitem> 56 <para>Perl 5.22.</para> 57 </listitem> 58 59</itemizedlist> 60 61<para>The following new services were added since the last release: 62 63 <itemizedlist> 64 <listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem> 65 <listitem><para><literal>hardware/video/webcam/facetimehd.nix</literal></para></listitem> 66 <listitem><para><literal>i18n/input-method/default.nix</literal></para></listitem> 67 <listitem><para><literal>i18n/input-method/fcitx.nix</literal></para></listitem> 68 <listitem><para><literal>i18n/input-method/ibus.nix</literal></para></listitem> 69 <listitem><para><literal>i18n/input-method/nabi.nix</literal></para></listitem> 70 <listitem><para><literal>i18n/input-method/uim.nix</literal></para></listitem> 71 <listitem><para><literal>programs/fish.nix</literal></para></listitem> 72 <listitem><para><literal>security/acme.nix</literal></para></listitem> 73 <listitem><para><literal>security/audit.nix</literal></para></listitem> 74 <listitem><para><literal>security/oath.nix</literal></para></listitem> 75 <listitem><para><literal>services/hardware/irqbalance.nix</literal></para></listitem> 76 <listitem><para><literal>services/mail/dspam.nix</literal></para></listitem> 77 <listitem><para><literal>services/mail/opendkim.nix</literal></para></listitem> 78 <listitem><para><literal>services/mail/postsrsd.nix</literal></para></listitem> 79 <listitem><para><literal>services/mail/rspamd.nix</literal></para></listitem> 80 <listitem><para><literal>services/mail/rmilter.nix</literal></para></listitem> 81 <listitem><para><literal>services/misc/autofs.nix</literal></para></listitem> 82 <listitem><para><literal>services/misc/bepasty.nix</literal></para></listitem> 83 <listitem><para><literal>services/misc/calibre-server.nix</literal></para></listitem> 84 <listitem><para><literal>services/misc/cfdyndns.nix</literal></para></listitem> 85 <listitem><para><literal>services/misc/gammu-smsd.nix</literal></para></listitem> 86 <listitem><para><literal>services/misc/mathics.nix</literal></para></listitem> 87 <listitem><para><literal>services/misc/matrix-synapse.nix</literal></para></listitem> 88 <listitem><para><literal>services/misc/octoprint.nix</literal></para></listitem> 89 <listitem><para><literal>services/monitoring/hdaps.nix</literal></para></listitem> 90 <listitem><para><literal>services/monitoring/heapster.nix</literal></para></listitem> 91 <listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem> 92 <listitem><para><literal>services/network-filesystems/netatalk.nix</literal></para></listitem> 93 <listitem><para><literal>services/network-filesystems/xtreemfs.nix</literal></para></listitem> 94 <listitem><para><literal>services/networking/autossh.nix</literal></para></listitem> 95 <listitem><para><literal>services/networking/dnschain.nix</literal></para></listitem> 96 <listitem><para><literal>services/networking/gale.nix</literal></para></listitem> 97 <listitem><para><literal>services/networking/miniupnpd.nix</literal></para></listitem> 98 <listitem><para><literal>services/networking/namecoind.nix</literal></para></listitem> 99 <listitem><para><literal>services/networking/ostinato.nix</literal></para></listitem> 100 <listitem><para><literal>services/networking/pdnsd.nix</literal></para></listitem> 101 <listitem><para><literal>services/networking/shairport-sync.nix</literal></para></listitem> 102 <listitem><para><literal>services/networking/supplicant.nix</literal></para></listitem> 103 <listitem><para><literal>services/search/kibana.nix</literal></para></listitem> 104 <listitem><para><literal>services/security/haka.nix</literal></para></listitem> 105 <listitem><para><literal>services/security/physlock.nix</literal></para></listitem> 106 <listitem><para><literal>services/web-apps/pump.io.nix</literal></para></listitem> 107 <listitem><para><literal>services/x11/hardware/libinput.nix</literal></para></listitem> 108 <listitem><para><literal>services/x11/window-managers/windowlab.nix</literal></para></listitem> 109 <listitem><para><literal>system/boot/initrd-network.nix</literal></para></listitem> 110 <listitem><para><literal>system/boot/initrd-ssh.nix</literal></para></listitem> 111 <listitem><para><literal>system/boot/loader/loader.nix</literal></para></listitem> 112 <listitem><para><literal>system/boot/networkd.nix</literal></para></listitem> 113 <listitem><para><literal>system/boot/resolved.nix</literal></para></listitem> 114 <listitem><para><literal>virtualisation/lxd.nix</literal></para></listitem> 115 <listitem><para><literal>virtualisation/rkt.nix</literal></para></listitem> 116 </itemizedlist> 117</para> 118 119<para>When upgrading from a previous release, please be aware of the 120following incompatible changes:</para> 121 122<itemizedlist> 123 124 <listitem> 125 <para>We no longer produce graphical ISO images and VirtualBox 126 images for <literal>i686-linux</literal>. A minimal ISO image is 127 still provided.</para> 128 </listitem> 129 130 <listitem> 131 <para>Firefox and similar browsers are now <emphasis>wrapped by default</emphasis>. 132 The package and attribute names are plain <literal>firefox</literal> 133 or <literal>midori</literal>, etc. Backward-compatibility attributes were set up, 134 but note that <command>nix-env -u</command> will <emphasis>not</emphasis> update 135 your current <literal>firefox-with-plugins</literal>; 136 you have to uninstall it and install <literal>firefox</literal> instead.</para> 137 </listitem> 138 139 <listitem> 140 <para><command>wmiiSnap</command> has been replaced with 141 <command>wmii_hg</command>, but 142 <command>services.xserver.windowManager.wmii.enable</command> has 143 been updated respectively so this only affects you if you have 144 explicitly installed <command>wmiiSnap</command>. 145 </para> 146 </listitem> 147 148 <listitem> 149 <para><literal>jobs</literal> NixOS option has been removed. It served as 150 compatibility layer between Upstart jobs and SystemD services. All services 151 have been rewritten to use <literal>systemd.services</literal></para> 152 </listitem> 153 154 <listitem> 155 <para><command>wmiimenu</command> is removed, as it has been 156 removed by the developers upstream. Use <command>wimenu</command> 157 from the <command>wmii-hg</command> package.</para> 158 </listitem> 159 160 <listitem> 161 <para>Gitit is no longer automatically added to the module list in 162 NixOS and as such there will not be any manual entries for it. You 163 will need to add an import statement to your NixOS configuration 164 in order to use it, e.g. 165 166<programlisting><![CDATA[ 167{ 168 imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ]; 169} 170]]></programlisting> 171 172 will include the Gitit service configuration options.</para> 173 </listitem> 174 175 <listitem> 176 <para><command>nginx</command> does not accept flags for enabling and 177 disabling modules anymore. Instead it accepts <literal>modules</literal> 178 argument, which is a list of modules to be built in. All modules now 179 reside in <literal>nginxModules</literal> set. Example configuration: 180 181<programlisting><![CDATA[ 182nginx.override { 183 modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ]; 184} 185]]></programlisting> 186 </para> 187 </listitem> 188 189 <listitem> 190 <para><command>s3sync</command> is removed, as it hasn't been 191 developed by upstream for 4 years and only runs with ruby 1.8. 192 For an actively-developer alternative look at 193 <command>tarsnap</command> and others. 194 </para> 195 </listitem> 196 197 <listitem> 198 <para><command>ruby_1_8</command> has been removed as it's not 199 supported from upstream anymore and probably contains security 200 issues. 201 </para> 202 </listitem> 203 204 <listitem> 205 <para><literal>tidy-html5</literal> package is removed. 206 Upstream only provided <literal>(lib)tidy5</literal> during development, 207 and now they went back to <literal>(lib)tidy</literal> to work as a drop-in 208 replacement of the original package that has been unmaintained for years. 209 You can (still) use the <literal>html-tidy</literal> package, which got updated 210 to a stable release from this new upstream.</para> 211 </listitem> 212 213 <listitem> 214 <para><literal>extraDeviceOptions</literal> argument is removed 215 from <literal>bumblebee</literal> package. Instead there are 216 now two separate arguments: <literal>extraNvidiaDeviceOptions</literal> 217 and <literal>extraNouveauDeviceOptions</literal> for setting 218 extra X11 options for nvidia and nouveau drivers, respectively. 219 </para> 220 </listitem> 221 222 <listitem> 223 <para>The <literal>Ctrl+Alt+Backspace</literal> key combination 224 no longer kills the X server by default. 225 There's a new option <option>services.xserver.enableCtrlAltBackspace</option> 226 allowing to enable the combination again. 227 </para> 228 </listitem> 229 230 <listitem> 231 <para><literal>emacsPackagesNg</literal> now contains all packages 232 from the ELPA, MELPA, and MELPA Stable repositories. 233 </para> 234 </listitem> 235 236 <listitem> 237 <para>Data directory for Postfix MTA server is moved from 238 <filename>/var/postfix</filename> to <filename>/var/lib/postfix</filename>. 239 Old configurations are migrated automatically. <literal>service.postfix</literal> 240 module has also received many improvements, such as correct directories' access 241 rights, new <literal>aliasFiles</literal> and <literal>mapFiles</literal> 242 options and more.</para> 243 </listitem> 244 245 <listitem> 246 <para>Filesystem options should now be configured as a list of strings, not 247 a comma-separated string. The old style will continue to work, but print a 248 warning, until the 16.09 release. An example of the new style: 249 250<programlisting> 251fileSystems."/example" = { 252 device = "/dev/sdc"; 253 fsType = "btrfs"; 254 options = [ "noatime" "compress=lzo" "space_cache" "autodefrag" ]; 255}; 256</programlisting> 257 </para> 258 </listitem> 259 260 <listitem> 261 <para>CUPS, installed by <literal>services.printing</literal> module, now 262 has its data directory in <filename>/var/lib/cups</filename>. Old 263 configurations from <filename>/etc/cups</filename> are moved there 264 automatically, but there might be problems. Also configuration options 265 <literal>services.printing.cupsdConf</literal> and 266 <literal>services.printing.cupsdFilesConf</literal> were removed 267 because they had been allowing one to override configuration variables 268 required for CUPS to work at all on NixOS. For most use cases, 269 <literal>services.printing.extraConf</literal> and new option 270 <literal>services.printing.extraFilesConf</literal> should be enough; 271 if you encounter a situation when they are not, please file a bug.</para> 272 273 <para>There are also Gutenprint improvements; in particular, a new option 274 <literal>services.printing.gutenprint</literal> is added to enable automatic 275 updating of Gutenprint PPMs; it's greatly recommended to enable it instead 276 of adding <literal>gutenprint</literal> to the <literal>drivers</literal> list. 277 </para> 278 </listitem> 279 280 <listitem> 281 <para><literal>services.xserver.vaapiDrivers</literal> has been removed. Use 282 <literal>hardware.opengl.extraPackages{,32}</literal> instead. You can 283 also specify VDPAU drivers there.</para> 284 </listitem> 285 286 <listitem> 287 <para> 288 <literal>programs.ibus</literal> moved to <literal>i18n.inputMethod.ibus</literal>. 289 The option <literal>programs.ibus.plugins</literal> changed to <literal>i18n.inputMethod.ibus.engines</literal> 290 and the option to enable ibus changed from <literal>programs.ibus.enable</literal> to 291 <literal>i18n.inputMethod.enabled</literal>. 292 <literal>i18n.inputMethod.enabled</literal> should be set to the used input method name, 293 <literal>"ibus"</literal> for ibus. 294 An example of the new style: 295 296<programlisting> 297i18n.inputMethod.enabled = "ibus"; 298i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ]; 299</programlisting> 300 301That is equivalent to the old version: 302 303<programlisting> 304programs.ibus.enable = true; 305programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ]; 306</programlisting> 307 308 </para> 309 </listitem> 310 311 <listitem> 312 <para><literal>services.udev.extraRules</literal> option now writes rules 313 to <filename>99-local.rules</filename> instead of <filename>10-local.rules</filename>. 314 This makes all the user rules apply after others, so their results wouldn't be 315 overriden by anything else.</para> 316 </listitem> 317 318 <listitem> 319 <para>Large parts of the <literal>services.gitlab</literal> module has been 320 been rewritten. There are new configuration options available. The 321 <literal>stateDir</literal> option was renamned to 322 <literal>statePath</literal> and the <literal>satellitesDir</literal> option 323 was removed. Please review the currently available options.</para> 324 </listitem> 325 326 <listitem> 327 <para> 328 The option <option>services.nsd.zones.&lt;name&gt;.data</option> no 329 longer interpret the dollar sign ($) as a shell variable, as such it 330 should not be escaped anymore. Thus the following zone data: 331 </para> 332 <programlisting> 333\$ORIGIN example.com. 334\$TTL 1800 335@ IN SOA ns1.vpn.nbp.name. admin.example.com. ( 336 </programlisting> 337 <para> 338 Should modified to look like the actual file expected by nsd: 339 </para> 340 <programlisting> 341$ORIGIN example.com. 342$TTL 1800 343@ IN SOA ns1.vpn.nbp.name. admin.example.com. ( 344 </programlisting> 345 </listitem> 346 347 <listitem> 348 <para> 349 <literal>service.syncthing.dataDir</literal> options now has to point 350 to exact folder where syncthing is writing to. Example configuration should 351 look something like: 352 </para> 353 <programlisting> 354services.syncthing = { 355 enable = true; 356 dataDir = "/home/somebody/.syncthing"; 357 user = "somebody"; 358}; 359 </programlisting> 360 </listitem> 361 362 <listitem> 363 <para> 364 <literal>networking.firewall.allowPing</literal> is now enabled by 365 default. Users are encourarged to configure an approiate rate limit for 366 their machines using the Kernel interface at 367 <filename>/proc/sys/net/ipv4/icmp_ratelimit</filename> and 368 <filename>/proc/sys/net/ipv6/icmp/ratelimit</filename> or using the 369 firewall itself, i.e. by setting the NixOS option 370 <literal>networking.firewall.pingLimit</literal>. 371 </para> 372 </listitem> 373 374 <listitem> 375 <para> 376 Systems with some broadcom cards used to result into a generated config 377 that is no longer accepted. If you get errors like 378 <screen>error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created</screen> 379 you should either re-run <command>nixos-generate-config</command> or manually replace 380 <literal>"${config.boot.kernelPackages.broadcom_sta}"</literal> 381 by 382 <literal>config.boot.kernelPackages.broadcom_sta</literal> 383 in your <filename>/etc/nixos/hardware-configuration.nix</filename>. 384 More discussion is on <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12595"> 385 the github issue</link>. 386 </para> 387 </listitem> 388 389 <listitem> 390 <para> 391 The <literal>services.xserver.startGnuPGAgent</literal> option has been removed. 392 GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no 393 longer requires (or even supports) the "start everything as a child of the 394 agent" scheme we've implemented in NixOS for older versions. 395 To configure the gpg-agent for your X session, add the following code to 396 <filename>~/.bashrc</filename> or some file that’s sourced when your shell is started: 397 <programlisting> 398GPG_TTY=$(tty) 399export GPG_TTY 400 </programlisting> 401 If you want to use gpg-agent for SSH, too, add the following to your session 402 initialization (e.g. <literal>displayManager.sessionCommands</literal>) 403 <programlisting> 404gpg-connect-agent /bye 405unset SSH_AGENT_PID 406export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh" 407 </programlisting> 408 and make sure that 409 <programlisting> 410enable-ssh-support 411 </programlisting> 412 is included in your <filename>~/.gnupg/gpg-agent.conf</filename>. 413 You will need to use <command>ssh-add</command> to re-add your ssh keys. 414 If gpg’s automatic transformation of the private keys to the new format fails, 415 you will need to re-import your private keyring as well: 416 <programlisting> 417gpg --import ~/.gnupg/secring.gpg 418 </programlisting> 419 The <command>gpg-agent(1)</command> man page has more details about this subject, 420 i.e. in the "EXAMPLES" section. 421 </para> 422 </listitem> 423</itemizedlist> 424 425 426<para>Other notable improvements: 427 428<itemizedlist> 429 430 <!-- 431 <listitem> 432 <para>The <command>command-not-found</command> hook was extended. 433 Apart from <literal>$NIX_AUTO_INSTALL</literal> variable, 434 it newly also checks for <literal>$NIX_AUTO_RUN</literal> 435 which causes it to directly run the missing commands via 436 <command>nix-shell</command> (without installing anything).</para> 437 </listitem> 438 --> 439 440 <listitem> 441 <para><literal>ejabberd</literal> module is brought back and now works on 442 NixOS.</para> 443 </listitem> 444 445 <listitem> 446 <para>Input method support was improved. New NixOS modules (fcitx, nabi and uim), 447 fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus engines (hangul and m17n) 448 have been added.</para> 449 </listitem> 450 451</itemizedlist></para> 452 453</section>