pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / doc / manual / release-notes / rl-1703.xml
at 17.09-beta 21 kB view raw
1<section xmlns="http://docbook.org/ns/docbook" 2 xmlns:xlink="http://www.w3.org/1999/xlink" 3 xmlns:xi="http://www.w3.org/2001/XInclude" 4 version="5.0" 5 xml:id="sec-release-17.03"> 6 7<title>Release 17.03 (“Gorilla”, 2017/03/31)</title> 8 9<section xmlns="http://docbook.org/ns/docbook" 10 xmlns:xlink="http://www.w3.org/1999/xlink" 11 xmlns:xi="http://www.w3.org/2001/XInclude" 12 version="5.0" 13 xml:id="sec-release-17.03-highlights"> 14 15<title>Highlights</title> 16 17<para>In addition to numerous new and upgraded packages, this release 18has the following highlights: </para> 19 20<itemizedlist> 21 <listitem> 22 <para>Nixpkgs is now extensible through overlays. See the <link 23 xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">Nixpkgs 24 manual</link> for more information.</para> 25 </listitem> 26 27 <listitem> 28 <para>This release is based on Glibc 2.25, GCC 5.4.0 and systemd 29 232. The default Linux kernel is 4.9 and Nix is at 1.11.8.</para> 30 </listitem> 31 32 <listitem> 33 <para>The default desktop environment now is KDE's Plasma 5. KDE 4 has been removed</para> 34 </listitem> 35 36 <listitem> 37 <para>The setuid wrapper functionality now supports setting 38 capabilities.</para> 39 </listitem> 40 41 <listitem> 42 <para>X.org server uses branch 1.19. Due to ABI incompatibilities, 43 <literal>ati_unfree</literal> keeps forcing 1.17 44 and <literal>amdgpu-pro</literal> starts forcing 1.18.</para> 45 </listitem> 46 47 <listitem> 48 <para> 49 Cross compilation has been rewritten. See the nixpkgs manual for 50 details. The most obvious breaking change is that in derivations there is no 51 <literal>.nativeDrv</literal> nor <literal>.crossDrv</literal> are now 52 cross by default, not native. 53 </para> 54 </listitem> 55 56 <listitem> 57 <para>The <literal>overridePackages</literal> function has been rewritten 58 to be replaced by <link 59 xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install"> 60 overlays</link></para> 61 </listitem> 62 63 <listitem> 64 <para>Packages in nixpkgs can be marked as insecure through listed 65 vulnerabilities. See the <link 66 xlink:href="https://nixos.org/nixpkgs/manual/#sec-allow-insecure">Nixpkgs 67 manual</link> for more information.</para> 68 </listitem> 69 70 <listitem> 71 <para>PHP now defaults to PHP 7.1</para> 72 </listitem> 73 74</itemizedlist> 75 76</section> 77<section xmlns="http://docbook.org/ns/docbook" 78 xmlns:xlink="http://www.w3.org/1999/xlink" 79 xmlns:xi="http://www.w3.org/2001/XInclude" 80 version="5.0" 81 xml:id="sec-release-17.03-new-services"> 82 83<title>New Services</title> 84 85<para>The following new services were added since the last release:</para> 86 87<itemizedlist> 88 <listitem><para><literal>hardware/ckb.nix</literal></para></listitem> 89 <listitem><para><literal>hardware/mcelog.nix</literal></para></listitem> 90 <listitem><para><literal>hardware/usb-wwan.nix</literal></para></listitem> 91 <listitem><para><literal>hardware/video/capture/mwprocapture.nix</literal></para></listitem> 92 <listitem><para><literal>programs/adb.nix</literal></para></listitem> 93 <listitem><para><literal>programs/chromium.nix</literal></para></listitem> 94 <listitem><para><literal>programs/gphoto2.nix</literal></para></listitem> 95 <listitem><para><literal>programs/java.nix</literal></para></listitem> 96 <listitem><para><literal>programs/mtr.nix</literal></para></listitem> 97 <listitem><para><literal>programs/oblogout.nix</literal></para></listitem> 98 <listitem><para><literal>programs/vim.nix</literal></para></listitem> 99 <listitem><para><literal>programs/wireshark.nix</literal></para></listitem> 100 <listitem><para><literal>security/dhparams.nix</literal></para></listitem> 101 <listitem><para><literal>services/audio/ympd.nix</literal></para></listitem> 102 <listitem><para><literal>services/computing/boinc/client.nix</literal></para></listitem> 103 <listitem><para><literal>services/continuous-integration/buildbot/master.nix</literal></para></listitem> 104 <listitem><para><literal>services/continuous-integration/buildbot/worker.nix</literal></para></listitem> 105 <listitem><para><literal>services/continuous-integration/gitlab-runner.nix</literal></para></listitem> 106 <listitem><para><literal>services/databases/riak-cs.nix</literal></para></listitem> 107 <listitem><para><literal>services/databases/stanchion.nix</literal></para></listitem> 108 <listitem><para><literal>services/desktops/gnome3/gnome-terminal-server.nix</literal></para></listitem> 109 <listitem><para><literal>services/editors/infinoted.nix</literal></para></listitem> 110 <listitem><para><literal>services/hardware/illum.nix</literal></para></listitem> 111 <listitem><para><literal>services/hardware/trezord.nix</literal></para></listitem> 112 <listitem><para><literal>services/logging/journalbeat.nix</literal></para></listitem> 113 <listitem><para><literal>services/mail/offlineimap.nix</literal></para></listitem> 114 <listitem><para><literal>services/mail/postgrey.nix</literal></para></listitem> 115 <listitem><para><literal>services/misc/couchpotato.nix</literal></para></listitem> 116 <listitem><para><literal>services/misc/docker-registry.nix</literal></para></listitem> 117 <listitem><para><literal>services/misc/errbot.nix</literal></para></listitem> 118 <listitem><para><literal>services/misc/geoip-updater.nix</literal></para></listitem> 119 <listitem><para><literal>services/misc/gogs.nix</literal></para></listitem> 120 <listitem><para><literal>services/misc/leaps.nix</literal></para></listitem> 121 <listitem><para><literal>services/misc/nix-optimise.nix</literal></para></listitem> 122 <listitem><para><literal>services/misc/ssm-agent.nix</literal></para></listitem> 123 <listitem><para><literal>services/misc/sssd.nix</literal></para></listitem> 124 <listitem><para><literal>services/monitoring/arbtt.nix</literal></para></listitem> 125 <listitem><para><literal>services/monitoring/netdata.nix</literal></para></listitem> 126 <listitem><para><literal>services/monitoring/prometheus/default.nix</literal></para></listitem> 127 <listitem><para><literal>services/monitoring/prometheus/alertmanager.nix</literal></para></listitem> 128 <listitem><para><literal>services/monitoring/prometheus/blackbox-exporter.nix</literal></para></listitem> 129 <listitem><para><literal>services/monitoring/prometheus/json-exporter.nix</literal></para></listitem> 130 <listitem><para><literal>services/monitoring/prometheus/nginx-exporter.nix</literal></para></listitem> 131 <listitem><para><literal>services/monitoring/prometheus/node-exporter.nix</literal></para></listitem> 132 <listitem><para><literal>services/monitoring/prometheus/snmp-exporter.nix</literal></para></listitem> 133 <listitem><para><literal>services/monitoring/prometheus/unifi-exporter.nix</literal></para></listitem> 134 <listitem><para><literal>services/monitoring/prometheus/varnish-exporter.nix</literal></para></listitem> 135 <listitem><para><literal>services/monitoring/sysstat.nix</literal></para></listitem> 136 <listitem><para><literal>services/monitoring/telegraf.nix</literal></para></listitem> 137 <listitem><para><literal>services/monitoring/vnstat.nix</literal></para></listitem> 138 <listitem><para><literal>services/network-filesystems/cachefilesd.nix</literal></para></listitem> 139 <listitem><para><literal>services/network-filesystems/glusterfs.nix</literal></para></listitem> 140 <listitem><para><literal>services/network-filesystems/ipfs.nix</literal></para></listitem> 141 <listitem><para><literal>services/networking/dante.nix</literal></para></listitem> 142 <listitem><para><literal>services/networking/dnscrypt-wrapper.nix</literal></para></listitem> 143 <listitem><para><literal>services/networking/fakeroute.nix</literal></para></listitem> 144 <listitem><para><literal>services/networking/flannel.nix</literal></para></listitem> 145 <listitem><para><literal>services/networking/htpdate.nix</literal></para></listitem> 146 <listitem><para><literal>services/networking/miredo.nix</literal></para></listitem> 147 <listitem><para><literal>services/networking/nftables.nix</literal></para></listitem> 148 <listitem><para><literal>services/networking/powerdns.nix</literal></para></listitem> 149 <listitem><para><literal>services/networking/pdns-recursor.nix</literal></para></listitem> 150 <listitem><para><literal>services/networking/quagga.nix</literal></para></listitem> 151 <listitem><para><literal>services/networking/redsocks.nix</literal></para></listitem> 152 <listitem><para><literal>services/networking/wireguard.nix</literal></para></listitem> 153 <listitem><para><literal>services/system/cgmanager.nix</literal></para></listitem> 154 <listitem><para><literal>services/torrent/opentracker.nix</literal></para></listitem> 155 <listitem><para><literal>services/web-apps/atlassian/confluence.nix</literal></para></listitem> 156 <listitem><para><literal>services/web-apps/atlassian/crowd.nix</literal></para></listitem> 157 <listitem><para><literal>services/web-apps/atlassian/jira.nix</literal></para></listitem> 158 <listitem><para><literal>services/web-apps/frab.nix</literal></para></listitem> 159 <listitem><para><literal>services/web-apps/nixbot.nix</literal></para></listitem> 160 <listitem><para><literal>services/web-apps/selfoss.nix</literal></para></listitem> 161 <listitem><para><literal>services/web-apps/quassel-webserver.nix</literal></para></listitem> 162 <listitem><para><literal>services/x11/unclutter-xfixes.nix</literal></para></listitem> 163 <listitem><para><literal>services/x11/urxvtd.nix</literal></para></listitem> 164 <listitem><para><literal>system/boot/systemd-nspawn.nix</literal></para></listitem> 165 <listitem><para><literal>virtualisation/ecs-agent.nix</literal></para></listitem> 166 <listitem><para><literal>virtualisation/lxcfs.nix</literal></para></listitem> 167 <listitem><para><literal>virtualisation/openstack/keystone.nix</literal></para></listitem> 168 <listitem><para><literal>virtualisation/openstack/glance.nix</literal></para></listitem> 169</itemizedlist> 170 171</section> 172<section xmlns="http://docbook.org/ns/docbook" 173 xmlns:xlink="http://www.w3.org/1999/xlink" 174 xmlns:xi="http://www.w3.org/2001/XInclude" 175 version="5.0" 176 xml:id="sec-release-17.03-incompatibilities"> 177 178<title>Backward Incompatibilities</title> 179 180<para>When upgrading from a previous release, please be aware of the 181following incompatible changes:</para> 182 183<itemizedlist> 184 <listitem> 185 <para> 186 Derivations have no <literal>.nativeDrv</literal> nor <literal>.crossDrv</literal> 187 and are now cross by default, not native. 188 </para> 189 </listitem> 190 191 <listitem> 192 <para> 193 <literal>stdenv.overrides</literal> is now expected to take <literal>self</literal> 194 and <literal>super</literal> arguments. See <literal>lib.trivial.extends</literal> 195 for what those parameters represent. 196 </para> 197 </listitem> 198 199 <listitem> 200 <para> 201 <literal>ansible</literal> now defaults to ansible version 2 as version 1 202 has been removed due to a serious <link 203 xlink:href="https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt"> 204 vulnerability</link> unpatched by upstream. 205 </para> 206 </listitem> 207 208 <listitem> 209 <para> 210 <literal>gnome</literal> alias has been removed along with 211 <literal>gtk</literal>, <literal>gtkmm</literal> and several others. 212 Now you need to use versioned attributes, like <literal>gnome3</literal>. 213 </para> 214 </listitem> 215 216 <listitem> 217 <para> 218 The attribute name of the Radicale daemon has been changed from 219 <literal>pythonPackages.radicale</literal> to 220 <literal>radicale</literal>. 221 </para> 222 </listitem> 223 224 <listitem> 225 <para> 226 The <literal>stripHash</literal> bash function in <literal>stdenv</literal> 227 changed according to its documentation; it now outputs the stripped name to 228 <literal>stdout</literal> instead of putting it in the variable 229 <literal>strippedName</literal>. 230 </para> 231 </listitem> 232 233 <listitem> 234 <para>PHP now scans for extra configuration .ini files in /etc/php.d 235 instead of /etc. This prevents accidentally loading non-PHP .ini files 236 that may be in /etc. 237 </para> 238 </listitem> 239 240 <listitem> 241 <para> 242 Two lone top-level dict dbs moved into <literal>dictdDBs</literal>. This 243 affects: <literal>dictdWordnet</literal> which is now at 244 <literal>dictdDBs.wordnet</literal> and <literal>dictdWiktionary</literal> 245 which is now at <literal>dictdDBs.wiktionary</literal> 246 </para> 247 </listitem> 248 249 <listitem> 250 <para> 251 Parsoid service now uses YAML configuration format. 252 <literal>service.parsoid.interwikis</literal> is now called 253 <literal>service.parsoid.wikis</literal> and is a list of either API URLs 254 or attribute sets as specified in parsoid's documentation. 255 </para> 256 </listitem> 257 258 <listitem> 259 <para> 260 <literal>Ntpd</literal> was replaced by 261 <literal>systemd-timesyncd</literal> as the default service to synchronize 262 system time with a remote NTP server. The old behavior can be restored by 263 setting <literal>services.ntp.enable</literal> to <literal>true</literal>. 264 Upstream time servers for all NTP implementations are now configured using 265 <literal>networking.timeServers</literal>. 266 </para> 267 </listitem> 268 269 <listitem> 270 <para> 271 <literal>service.nylon</literal> is now declared using named instances. 272 As an example: 273 274<programlisting> 275 services.nylon = { 276 enable = true; 277 acceptInterface = "br0"; 278 bindInterface = "tun1"; 279 port = 5912; 280 }; 281</programlisting> 282 283 should be replaced with: 284 285<programlisting> 286 services.nylon.myvpn = { 287 enable = true; 288 acceptInterface = "br0"; 289 bindInterface = "tun1"; 290 port = 5912; 291 }; 292</programlisting> 293 294 this enables you to declare a SOCKS proxy for each uplink. 295 296 </para> 297 </listitem> 298 299 <listitem> 300 <para><literal>overridePackages</literal> function no longer exists. 301 It is replaced by <link 302 xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install"> 303 overlays</link>. For example, the following code: 304 305<programlisting> 306 let 307 pkgs = import &lt;nixpkgs&gt; {}; 308 in 309 pkgs.overridePackages (self: super: ...) 310</programlisting> 311 312 should be replaced by: 313 314<programlisting> 315 let 316 pkgs = import &lt;nixpkgs&gt; {}; 317 in 318 import pkgs.path { overlays = [(self: super: ...)]; } 319</programlisting> 320 321 </para> 322 </listitem> 323 324 <listitem> 325 <para> 326 Autoloading connection tracking helpers is now disabled by default. 327 This default was also changed in the Linux kernel and is considered 328 insecure if not configured properly in your firewall. If you need 329 connection tracking helpers (i.e. for active FTP) please enable 330 <literal>networking.firewall.autoLoadConntrackHelpers</literal> and 331 tune <literal>networking.firewall.connectionTrackingModules</literal> 332 to suit your needs. 333 </para> 334 </listitem> 335 336 <listitem> 337 <para> 338 <literal>local_recipient_maps</literal> is not set to empty value by 339 Postfix service. It's an insecure default as stated by Postfix 340 documentation. Those who want to retain this setting need to set it via 341 <literal>services.postfix.extraConfig</literal>. 342 </para> 343 </listitem> 344 345 <listitem> 346 <para> 347 Iputils no longer provide ping6 and traceroute6. The functionality of 348 these tools has been integrated into ping and traceroute respectively. To 349 enforce an address family the new flags <literal>-4</literal> and 350 <literal>-6</literal> have been added. One notable incompatibility is that 351 specifying an interface (for link-local IPv6 for instance) is no longer done 352 with the <literal>-I</literal> flag, but by encoding the interface into the 353 address (<literal>ping fe80::1%eth0</literal>). 354 </para> 355 </listitem> 356 357 <listitem> 358 <para> 359 The socket handling of the <literal>services.rmilter</literal> module 360 has been fixed and refactored. As rmilter doesn't support binding to 361 more than one socket, the options <literal>bindUnixSockets</literal> 362 and <literal>bindInetSockets</literal> have been replaced by 363 <literal>services.rmilter.bindSocket.*</literal>. The default is still 364 a unix socket in <literal>/run/rmilter/rmilter.sock</literal>. Refer to 365 the options documentation for more information. 366 </para> 367 </listitem> 368 369 <listitem> 370 <para> 371 The <literal>fetch*</literal> functions no longer support md5, 372 please use sha256 instead. 373 </para> 374 </listitem> 375 376 <listitem> 377 <para> 378 The dnscrypt-proxy module interface has been streamlined around the 379 <option>extraArgs</option> option. Where possible, legacy option 380 declarations are mapped to <option>extraArgs</option> but will emit 381 warnings. The <option>resolverList</option> has been outright 382 removed: to use an unlisted resolver, use the 383 <option>customResolver</option> option. 384 </para> 385 </listitem> 386 387 <listitem> 388 <para> 389 torbrowser now stores local state under 390 <filename>~/.local/share/tor-browser</filename> by default. Any 391 browser profile data from the old location, 392 <filename>~/.torbrowser4</filename>, must be migrated manually. 393 </para> 394 </listitem> 395 396 <listitem> 397 <para> 398 The ihaskell, monetdb, offlineimap and sitecopy services have been removed. 399 </para> 400 </listitem> 401</itemizedlist> 402 403</section> 404<section xmlns="http://docbook.org/ns/docbook" 405 xmlns:xlink="http://www.w3.org/1999/xlink" 406 xmlns:xi="http://www.w3.org/2001/XInclude" 407 version="5.0" 408 xml:id="sec-release-17.03-notable-changes"> 409 410<title>Other Notable Changes</title> 411 412<itemizedlist> 413 414 <listitem> 415 <para>Module type system have a new extensible option types feature that 416 allow to extend certain types, such as enum, through multiple option 417 declarations of the same option across multiple modules. 418 </para> 419 </listitem> 420 421 <listitem> 422 <para> 423 <literal>jre</literal> now defaults to GTK+ UI by default. This 424 improves visual consistency and makes Java follow system font style, 425 improving the situation on HighDPI displays. This has a cost of increased 426 closure size; for server and other headless workloads it's recommended to 427 use <literal>jre_headless</literal>. 428 </para> 429 </listitem> 430 431 <listitem> 432 <para>Python 2.6 interpreter and package set have been removed.</para> 433 </listitem> 434 435 <listitem> 436 <para> 437 The Python 2.7 interpreter does not use modules anymore. Instead, all 438 CPython interpreters now include the whole standard library except for `tkinter`, 439 which is available in the Python package set. 440 </para> 441 </listitem> 442 443 <listitem> 444 <para> 445 Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly. 446 Minor modifications had to be made to the interpreters in order to generate 447 deterministic bytecode. This has security implications and is relevant for 448 those using Python in a <literal>nix-shell</literal>. See the Nixpkgs manual 449 for details. 450 </para> 451 </listitem> 452 453 <listitem> 454 <para> 455 The Python package sets now use a fixed-point combinator and the sets are 456 available as attributes of the interpreters. 457 </para> 458 </listitem> 459 460 <listitem> 461 <para> 462 The Python function <literal>buildPythonPackage</literal> has been improved and can be 463 used to build from Setuptools source, Flit source, and precompiled Wheels. 464 </para> 465 </listitem> 466 467 <listitem> 468 <para> 469 When adding new or updating current Python libraries, the expressions should be put 470 in separate files in <literal>pkgs/development/python-modules</literal> and 471 called from <literal>python-packages.nix</literal>. 472 </para> 473 </listitem> 474 475 <listitem> 476 <para> 477 The dnscrypt-proxy service supports synchronizing the list of public 478 resolvers without working DNS resolution. This fixes issues caused by the 479 resolver list becoming outdated. It also improves the viability of 480 DNSCrypt only configurations. 481 </para> 482 </listitem> 483 484 <listitem> 485 <para> 486 Containers using bridged networking no longer lose their connection after 487 changes to the host networking. 488 </para> 489 </listitem> 490 491 <listitem> 492 <para> 493 ZFS supports pool auto scrubbing. 494 </para> 495 </listitem> 496 497 <listitem> 498 <para> 499 The bind DNS utilities (e.g. dig) have been split into their own output and 500 are now also available in <literal>pkgs.dnsutils</literal> and it is no longer 501 necessary to pull in all of <literal>bind</literal> to use them. 502 </para> 503 </listitem> 504 505 <listitem> 506 <para> 507 Per-user configuration was moved from <filename>~/.nixpkgs</filename> to 508 <filename>~/.config/nixpkgs</filename>. The former is still valid for 509 <filename>config.nix</filename> for backwards compatibility. 510 </para> 511 </listitem> 512</itemizedlist> 513</section> 514</section>