nixos/doc/manual/release-notes/rl-1609.xml at 16.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / doc / manual / release-notes / rl-1609.xml
at 16.09-beta 4.3 kB view raw
  1<section xmlns="http://docbook.org/ns/docbook"
  2         xmlns:xlink="http://www.w3.org/1999/xlink"
  3         xmlns:xi="http://www.w3.org/2001/XInclude"
  4         version="5.0"
  5         xml:id="sec-release-16.09">
  6
  7<title>Release 16.09 (“Flounder”, 2016/09/??)</title>
  8
  9<para>In addition to numerous new and upgraded packages, this release
 10has the following highlights: </para>
 11
 12<itemizedlist>
 13
 14  <listitem>
 15    <para>PXE "netboot" media has landed in <link xlink:href="https://github.com/NixOS/nixpkgs/pull/14740" />.
 16    See <xref linkend="sec-booting-from-pxe" /> for documentation.</para>
 17  </listitem>
 18
 19  <listitem>
 20    <para>Xorg-server-1.18.*. If you choose <literal>"ati_unfree"</literal> driver,
 21    1.17.* is still used due to ABI incompatibility.</para>
 22  </listitem>
 23</itemizedlist>
 24
 25<para>The following new services were added since the last release:</para>
 26
 27  <itemizedlist>
 28    <listitem><para><literal>(this will get automatically generated at release time)</literal></para></listitem>
 29  </itemizedlist>
 30
 31
 32<para>When upgrading from a previous release, please be aware of the
 33following incompatible changes:</para>
 34
 35<itemizedlist>
 36
 37  <listitem>
 38    <para>A large number of packages have been converted to use the multiple outputs feature
 39      of Nix to greatly reduce the amount of required disk space. This may require changes
 40      to any custom packages to make them build again; see the relevant chapter in the
 41      Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions
 42      related to multiple-output packages
 43      <link xlink:href="https://github.com/NixOS/nixpkgs/pull/14766">were changed</link>
 44      late (August 2016) in the release cycle and differ from the initial introduction of multiple outputs.)
 45    </para>
 46  </listitem>
 47
 48  <listitem>
 49    <para>Shell aliases for systemd sub-commands
 50    <link xlink:href="https://github.com/NixOS/nixpkgs/pull/15598">were dropped</link>:
 51    <command>start</command>, <command>stop</command>,
 52    <command>restart</command>, <command>status</command>.</para>
 53  </listitem>
 54
 55  <listitem>
 56    <para>Redis now binds to 127.0.0.1 only instead of listening to all network interfaces. This is the default
 57    behavior of Redis 3.2</para>
 58  </listitem>
 59
 60  <listitem>
 61    <para>/var/setuid-wrappers/
 62      <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18124">is now a symlink so
 63      it can be atomically updated</link>
 64      and it's not mounted as tmpfs anymore since setuid binaries are located on /run/ as tmpfs.
 65    </para>
 66  </listitem>
 67
 68  <listitem>
 69    <para>Gitlab's maintainence script gitlab-runner was removed and split up into the more clearer
 70      gitlab-run and gitlab-rake scripts because gitlab-runner is a component of Gitlab CI.</para>
 71  </listitem>
 72
 73  <listitem>
 74    <para><literal>services.xserver.libinput.accelProfile</literal> default
 75    changed from <literal>flat</literal> to <literal>adaptive</literal>,
 76    as per <link xlink:href="https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79">
 77    official documentation</link>.</para>
 78  </listitem>
 79
 80  <listitem>
 81    <para><literal>fonts.fontconfig.ultimate.rendering</literal> was removed
 82    because our presets were obsolete for some time. New presets are hardcoded
 83    into freetype; one selects a preset via <literal>fonts.fontconfig.ultimate.preset</literal>.
 84    You can customize those presets via ordinary environment variables, using
 85    <literal>environment.variables</literal>.</para>
 86  </listitem>
 87
 88  <listitem>
 89    <para>The <literal>audit</literal> service is no longer enabled by default.
 90    Use <literal>security.audit.enable = true;</literal> to explicitly enable it.</para>
 91  </listitem>
 92
 93</itemizedlist>
 94
 95
 96<para>Other notable improvements:</para>
 97
 98<itemizedlist>
 99
100  <listitem><para>Revamped grsecurity/PaX support.  There is now only a single
101  general-purpose distribution kernel and the configuration interface has been
102  streamlined.  Desktop users should be able to simply set
103  <programlisting>security.grsecurity.enable = true</programlisting> to get
104  a reasonably secure system without having to sacrifice too much
105  functionality.  See <xref linkend="sec-grsecurity" /> for documentation
106  </para></listitem>
107
108</itemizedlist>
109
110
111</section>