nixos/doc/manual/release-notes/rl-1603.xml at 18.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / doc / manual / release-notes / rl-1603.xml
at 18.09-beta 20 kB view raw
  1<section xmlns="http://docbook.org/ns/docbook"
  2         xmlns:xlink="http://www.w3.org/1999/xlink"
  3         xmlns:xi="http://www.w3.org/2001/XInclude"
  4         version="5.0"
  5         xml:id="sec-release-16.03">
  6 <title>Release 16.03 (“Emu”, 2016/03/31)</title>
  7
  8 <para>
  9  In addition to numerous new and upgraded packages, this release has the
 10  following highlights:
 11 </para>
 12
 13 <itemizedlist>
 14  <listitem>
 15   <para>
 16    Systemd 229, bringing
 17    <link
 18    xlink:href="https://github.com/systemd/systemd/blob/v229/NEWS">numerous
 19    improvements</link> over 217.
 20   </para>
 21  </listitem>
 22  <listitem>
 23   <para>
 24    Linux 4.4 (was 3.18).
 25   </para>
 26  </listitem>
 27  <listitem>
 28   <para>
 29    GCC 5.3 (was 4.9). Note that GCC 5
 30    <link
 31    xlink:href="https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html">changes
 32    the C++ ABI in an incompatible way</link>; this may cause problems if you
 33    try to link objects compiled with different versions of GCC.
 34   </para>
 35  </listitem>
 36  <listitem>
 37   <para>
 38    Glibc 2.23 (was 2.21).
 39   </para>
 40  </listitem>
 41  <listitem>
 42   <para>
 43    Binutils 2.26 (was 2.23.1). See #909
 44   </para>
 45  </listitem>
 46  <listitem>
 47   <para>
 48    Improved support for ensuring
 49    <link
 50    xlink:href="https://reproducible-builds.org/">bitwise
 51    reproducible builds</link>. For example, <literal>stdenv</literal> now sets
 52    the environment variable
 53    <envar
 54    xlink:href="https://reproducible-builds.org/specs/source-date-epoch/">SOURCE_DATE_EPOCH</envar>
 55    to a deterministic value, and Nix has
 56    <link
 57    xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.11">gained
 58    an option</link> to repeat a build a number of times to test determinism.
 59    An ongoing project, the goal of exact reproducibility is to allow binaries
 60    to be verified independently (e.g., a user might only trust binaries that
 61    appear in three independent binary caches).
 62   </para>
 63  </listitem>
 64  <listitem>
 65   <para>
 66    Perl 5.22.
 67   </para>
 68  </listitem>
 69 </itemizedlist>
 70
 71 <para>
 72  The following new services were added since the last release:
 73  <itemizedlist>
 74   <listitem>
 75    <para>
 76     <literal>services/monitoring/longview.nix</literal>
 77    </para>
 78   </listitem>
 79   <listitem>
 80    <para>
 81     <literal>hardware/video/webcam/facetimehd.nix</literal>
 82    </para>
 83   </listitem>
 84   <listitem>
 85    <para>
 86     <literal>i18n/input-method/default.nix</literal>
 87    </para>
 88   </listitem>
 89   <listitem>
 90    <para>
 91     <literal>i18n/input-method/fcitx.nix</literal>
 92    </para>
 93   </listitem>
 94   <listitem>
 95    <para>
 96     <literal>i18n/input-method/ibus.nix</literal>
 97    </para>
 98   </listitem>
 99   <listitem>
100    <para>
101     <literal>i18n/input-method/nabi.nix</literal>
102    </para>
103   </listitem>
104   <listitem>
105    <para>
106     <literal>i18n/input-method/uim.nix</literal>
107    </para>
108   </listitem>
109   <listitem>
110    <para>
111     <literal>programs/fish.nix</literal>
112    </para>
113   </listitem>
114   <listitem>
115    <para>
116     <literal>security/acme.nix</literal>
117    </para>
118   </listitem>
119   <listitem>
120    <para>
121     <literal>security/audit.nix</literal>
122    </para>
123   </listitem>
124   <listitem>
125    <para>
126     <literal>security/oath.nix</literal>
127    </para>
128   </listitem>
129   <listitem>
130    <para>
131     <literal>services/hardware/irqbalance.nix</literal>
132    </para>
133   </listitem>
134   <listitem>
135    <para>
136     <literal>services/mail/dspam.nix</literal>
137    </para>
138   </listitem>
139   <listitem>
140    <para>
141     <literal>services/mail/opendkim.nix</literal>
142    </para>
143   </listitem>
144   <listitem>
145    <para>
146     <literal>services/mail/postsrsd.nix</literal>
147    </para>
148   </listitem>
149   <listitem>
150    <para>
151     <literal>services/mail/rspamd.nix</literal>
152    </para>
153   </listitem>
154   <listitem>
155    <para>
156     <literal>services/mail/rmilter.nix</literal>
157    </para>
158   </listitem>
159   <listitem>
160    <para>
161     <literal>services/misc/autofs.nix</literal>
162    </para>
163   </listitem>
164   <listitem>
165    <para>
166     <literal>services/misc/bepasty.nix</literal>
167    </para>
168   </listitem>
169   <listitem>
170    <para>
171     <literal>services/misc/calibre-server.nix</literal>
172    </para>
173   </listitem>
174   <listitem>
175    <para>
176     <literal>services/misc/cfdyndns.nix</literal>
177    </para>
178   </listitem>
179   <listitem>
180    <para>
181     <literal>services/misc/gammu-smsd.nix</literal>
182    </para>
183   </listitem>
184   <listitem>
185    <para>
186     <literal>services/misc/mathics.nix</literal>
187    </para>
188   </listitem>
189   <listitem>
190    <para>
191     <literal>services/misc/matrix-synapse.nix</literal>
192    </para>
193   </listitem>
194   <listitem>
195    <para>
196     <literal>services/misc/octoprint.nix</literal>
197    </para>
198   </listitem>
199   <listitem>
200    <para>
201     <literal>services/monitoring/hdaps.nix</literal>
202    </para>
203   </listitem>
204   <listitem>
205    <para>
206     <literal>services/monitoring/heapster.nix</literal>
207    </para>
208   </listitem>
209   <listitem>
210    <para>
211     <literal>services/monitoring/longview.nix</literal>
212    </para>
213   </listitem>
214   <listitem>
215    <para>
216     <literal>services/network-filesystems/netatalk.nix</literal>
217    </para>
218   </listitem>
219   <listitem>
220    <para>
221     <literal>services/network-filesystems/xtreemfs.nix</literal>
222    </para>
223   </listitem>
224   <listitem>
225    <para>
226     <literal>services/networking/autossh.nix</literal>
227    </para>
228   </listitem>
229   <listitem>
230    <para>
231     <literal>services/networking/dnschain.nix</literal>
232    </para>
233   </listitem>
234   <listitem>
235    <para>
236     <literal>services/networking/gale.nix</literal>
237    </para>
238   </listitem>
239   <listitem>
240    <para>
241     <literal>services/networking/miniupnpd.nix</literal>
242    </para>
243   </listitem>
244   <listitem>
245    <para>
246     <literal>services/networking/namecoind.nix</literal>
247    </para>
248   </listitem>
249   <listitem>
250    <para>
251     <literal>services/networking/ostinato.nix</literal>
252    </para>
253   </listitem>
254   <listitem>
255    <para>
256     <literal>services/networking/pdnsd.nix</literal>
257    </para>
258   </listitem>
259   <listitem>
260    <para>
261     <literal>services/networking/shairport-sync.nix</literal>
262    </para>
263   </listitem>
264   <listitem>
265    <para>
266     <literal>services/networking/supplicant.nix</literal>
267    </para>
268   </listitem>
269   <listitem>
270    <para>
271     <literal>services/search/kibana.nix</literal>
272    </para>
273   </listitem>
274   <listitem>
275    <para>
276     <literal>services/security/haka.nix</literal>
277    </para>
278   </listitem>
279   <listitem>
280    <para>
281     <literal>services/security/physlock.nix</literal>
282    </para>
283   </listitem>
284   <listitem>
285    <para>
286     <literal>services/web-apps/pump.io.nix</literal>
287    </para>
288   </listitem>
289   <listitem>
290    <para>
291     <literal>services/x11/hardware/libinput.nix</literal>
292    </para>
293   </listitem>
294   <listitem>
295    <para>
296     <literal>services/x11/window-managers/windowlab.nix</literal>
297    </para>
298   </listitem>
299   <listitem>
300    <para>
301     <literal>system/boot/initrd-network.nix</literal>
302    </para>
303   </listitem>
304   <listitem>
305    <para>
306     <literal>system/boot/initrd-ssh.nix</literal>
307    </para>
308   </listitem>
309   <listitem>
310    <para>
311     <literal>system/boot/loader/loader.nix</literal>
312    </para>
313   </listitem>
314   <listitem>
315    <para>
316     <literal>system/boot/networkd.nix</literal>
317    </para>
318   </listitem>
319   <listitem>
320    <para>
321     <literal>system/boot/resolved.nix</literal>
322    </para>
323   </listitem>
324   <listitem>
325    <para>
326     <literal>virtualisation/lxd.nix</literal>
327    </para>
328   </listitem>
329   <listitem>
330    <para>
331     <literal>virtualisation/rkt.nix</literal>
332    </para>
333   </listitem>
334  </itemizedlist>
335 </para>
336
337 <para>
338  When upgrading from a previous release, please be aware of the following
339  incompatible changes:
340 </para>
341
342 <itemizedlist>
343  <listitem>
344   <para>
345    We no longer produce graphical ISO images and VirtualBox images for
346    <literal>i686-linux</literal>. A minimal ISO image is still provided.
347   </para>
348  </listitem>
349  <listitem>
350   <para>
351    Firefox and similar browsers are now <emphasis>wrapped by
352    default</emphasis>. The package and attribute names are plain
353    <literal>firefox</literal> or <literal>midori</literal>, etc.
354    Backward-compatibility attributes were set up, but note that
355    <command>nix-env -u</command> will <emphasis>not</emphasis> update your
356    current <literal>firefox-with-plugins</literal>; you have to uninstall it
357    and install <literal>firefox</literal> instead.
358   </para>
359  </listitem>
360  <listitem>
361   <para>
362    <command>wmiiSnap</command> has been replaced with
363    <command>wmii_hg</command>, but
364    <command>services.xserver.windowManager.wmii.enable</command> has been
365    updated respectively so this only affects you if you have explicitly
366    installed <command>wmiiSnap</command>.
367   </para>
368  </listitem>
369  <listitem>
370   <para>
371    <literal>jobs</literal> NixOS option has been removed. It served as
372    compatibility layer between Upstart jobs and SystemD services. All services
373    have been rewritten to use <literal>systemd.services</literal>
374   </para>
375  </listitem>
376  <listitem>
377   <para>
378    <command>wmiimenu</command> is removed, as it has been removed by the
379    developers upstream. Use <command>wimenu</command> from the
380    <command>wmii-hg</command> package.
381   </para>
382  </listitem>
383  <listitem>
384   <para>
385    Gitit is no longer automatically added to the module list in NixOS and as
386    such there will not be any manual entries for it. You will need to add an
387    import statement to your NixOS configuration in order to use it, e.g.
388<programlisting><![CDATA[
389{
390  imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ];
391}
392]]></programlisting>
393    will include the Gitit service configuration options.
394   </para>
395  </listitem>
396  <listitem>
397   <para>
398    <command>nginx</command> does not accept flags for enabling and disabling
399    modules anymore. Instead it accepts <literal>modules</literal> argument,
400    which is a list of modules to be built in. All modules now reside in
401    <literal>nginxModules</literal> set. Example configuration:
402<programlisting><![CDATA[
403nginx.override {
404  modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
405}
406]]></programlisting>
407   </para>
408  </listitem>
409  <listitem>
410   <para>
411    <command>s3sync</command> is removed, as it hasn't been developed by
412    upstream for 4 years and only runs with ruby 1.8. For an actively-developer
413    alternative look at <command>tarsnap</command> and others.
414   </para>
415  </listitem>
416  <listitem>
417   <para>
418    <command>ruby_1_8</command> has been removed as it's not supported from
419    upstream anymore and probably contains security issues.
420   </para>
421  </listitem>
422  <listitem>
423   <para>
424    <literal>tidy-html5</literal> package is removed. Upstream only provided
425    <literal>(lib)tidy5</literal> during development, and now they went back to
426    <literal>(lib)tidy</literal> to work as a drop-in replacement of the
427    original package that has been unmaintained for years. You can (still) use
428    the <literal>html-tidy</literal> package, which got updated to a stable
429    release from this new upstream.
430   </para>
431  </listitem>
432  <listitem>
433   <para>
434    <literal>extraDeviceOptions</literal> argument is removed from
435    <literal>bumblebee</literal> package. Instead there are now two separate
436    arguments: <literal>extraNvidiaDeviceOptions</literal> and
437    <literal>extraNouveauDeviceOptions</literal> for setting extra X11 options
438    for nvidia and nouveau drivers, respectively.
439   </para>
440  </listitem>
441  <listitem>
442   <para>
443    The <literal>Ctrl+Alt+Backspace</literal> key combination no longer kills
444    the X server by default. There's a new option
445    <option>services.xserver.enableCtrlAltBackspace</option> allowing to enable
446    the combination again.
447   </para>
448  </listitem>
449  <listitem>
450   <para>
451    <literal>emacsPackagesNg</literal> now contains all packages from the ELPA,
452    MELPA, and MELPA Stable repositories.
453   </para>
454  </listitem>
455  <listitem>
456   <para>
457    Data directory for Postfix MTA server is moved from
458    <filename>/var/postfix</filename> to <filename>/var/lib/postfix</filename>.
459    Old configurations are migrated automatically.
460    <literal>service.postfix</literal> module has also received many
461    improvements, such as correct directories' access rights, new
462    <literal>aliasFiles</literal> and <literal>mapFiles</literal> options and
463    more.
464   </para>
465  </listitem>
466  <listitem>
467   <para>
468    Filesystem options should now be configured as a list of strings, not a
469    comma-separated string. The old style will continue to work, but print a
470    warning, until the 16.09 release. An example of the new style:
471<programlisting>
472fileSystems."/example" = {
473  device = "/dev/sdc";
474  fsType = "btrfs";
475  options = [ "noatime" "compress=lzo" "space_cache" "autodefrag" ];
476};
477</programlisting>
478   </para>
479  </listitem>
480  <listitem>
481   <para>
482    CUPS, installed by <literal>services.printing</literal> module, now has its
483    data directory in <filename>/var/lib/cups</filename>. Old configurations
484    from <filename>/etc/cups</filename> are moved there automatically, but
485    there might be problems. Also configuration options
486    <literal>services.printing.cupsdConf</literal> and
487    <literal>services.printing.cupsdFilesConf</literal> were removed because
488    they had been allowing one to override configuration variables required for
489    CUPS to work at all on NixOS. For most use cases,
490    <literal>services.printing.extraConf</literal> and new option
491    <literal>services.printing.extraFilesConf</literal> should be enough; if
492    you encounter a situation when they are not, please file a bug.
493   </para>
494   <para>
495    There are also Gutenprint improvements; in particular, a new option
496    <literal>services.printing.gutenprint</literal> is added to enable
497    automatic updating of Gutenprint PPMs; it's greatly recommended to enable
498    it instead of adding <literal>gutenprint</literal> to the
499    <literal>drivers</literal> list.
500   </para>
501  </listitem>
502  <listitem>
503   <para>
504    <literal>services.xserver.vaapiDrivers</literal> has been removed. Use
505    <literal>hardware.opengl.extraPackages{,32}</literal> instead. You can also
506    specify VDPAU drivers there.
507   </para>
508  </listitem>
509  <listitem>
510   <para>
511    <literal>programs.ibus</literal> moved to
512    <literal>i18n.inputMethod.ibus</literal>. The option
513    <literal>programs.ibus.plugins</literal> changed to
514    <literal>i18n.inputMethod.ibus.engines</literal> and the option to enable
515    ibus changed from <literal>programs.ibus.enable</literal> to
516    <literal>i18n.inputMethod.enabled</literal>.
517    <literal>i18n.inputMethod.enabled</literal> should be set to the used input
518    method name, <literal>"ibus"</literal> for ibus. An example of the new
519    style:
520<programlisting>
521i18n.inputMethod.enabled = "ibus";
522i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ];
523</programlisting>
524    That is equivalent to the old version:
525<programlisting>
526programs.ibus.enable = true;
527programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ];
528</programlisting>
529   </para>
530  </listitem>
531  <listitem>
532   <para>
533    <literal>services.udev.extraRules</literal> option now writes rules to
534    <filename>99-local.rules</filename> instead of
535    <filename>10-local.rules</filename>. This makes all the user rules apply
536    after others, so their results wouldn't be overriden by anything else.
537   </para>
538  </listitem>
539  <listitem>
540   <para>
541    Large parts of the <literal>services.gitlab</literal> module has been been
542    rewritten. There are new configuration options available. The
543    <literal>stateDir</literal> option was renamned to
544    <literal>statePath</literal> and the <literal>satellitesDir</literal>
545    option was removed. Please review the currently available options.
546   </para>
547  </listitem>
548  <listitem>
549   <para>
550    The option <option>services.nsd.zones.&lt;name&gt;.data</option> no longer
551    interpret the dollar sign ($) as a shell variable, as such it should not be
552    escaped anymore. Thus the following zone data:
553   </para>
554<programlisting>
555\$ORIGIN example.com.
556\$TTL 1800
557@       IN      SOA     ns1.vpn.nbp.name.      admin.example.com. (
558    </programlisting>
559   <para>
560    Should modified to look like the actual file expected by nsd:
561   </para>
562<programlisting>
563$ORIGIN example.com.
564$TTL 1800
565@       IN      SOA     ns1.vpn.nbp.name.      admin.example.com. (
566    </programlisting>
567  </listitem>
568  <listitem>
569   <para>
570    <literal>service.syncthing.dataDir</literal> options now has to point to
571    exact folder where syncthing is writing to. Example configuration should
572    look something like:
573   </para>
574<programlisting>
575services.syncthing = {
576    enable = true;
577    dataDir = "/home/somebody/.syncthing";
578    user = "somebody";
579};
580    </programlisting>
581  </listitem>
582  <listitem>
583   <para>
584    <literal>networking.firewall.allowPing</literal> is now enabled by default.
585    Users are encouraged to configure an appropriate rate limit for their
586    machines using the Kernel interface at
587    <filename>/proc/sys/net/ipv4/icmp_ratelimit</filename> and
588    <filename>/proc/sys/net/ipv6/icmp/ratelimit</filename> or using the
589    firewall itself, i.e. by setting the NixOS option
590    <literal>networking.firewall.pingLimit</literal>.
591   </para>
592  </listitem>
593  <listitem>
594   <para>
595    Systems with some broadcom cards used to result into a generated config
596    that is no longer accepted. If you get errors like
597<screen>error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created</screen>
598    you should either re-run <command>nixos-generate-config</command> or
599    manually replace
600    <literal>"${config.boot.kernelPackages.broadcom_sta}"</literal> by
601    <literal>config.boot.kernelPackages.broadcom_sta</literal> in your
602    <filename>/etc/nixos/hardware-configuration.nix</filename>. More discussion
603    is on <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12595"> the
604    github issue</link>.
605   </para>
606  </listitem>
607  <listitem>
608   <para>
609    The <literal>services.xserver.startGnuPGAgent</literal> option has been
610    removed. GnuPG 2.1.x changed the way the gpg-agent works, and that new
611    approach no longer requires (or even supports) the "start everything as a
612    child of the agent" scheme we've implemented in NixOS for older versions.
613    To configure the gpg-agent for your X session, add the following code to
614    <filename>~/.bashrc</filename> or some file that’s sourced when your
615    shell is started:
616<programlisting>
617GPG_TTY=$(tty)
618export GPG_TTY
619    </programlisting>
620    If you want to use gpg-agent for SSH, too, add the following to your
621    session initialization (e.g.
622    <literal>displayManager.sessionCommands</literal>)
623<programlisting>
624gpg-connect-agent /bye
625unset SSH_AGENT_PID
626export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh"
627    </programlisting>
628    and make sure that
629<programlisting>
630enable-ssh-support
631    </programlisting>
632    is included in your <filename>~/.gnupg/gpg-agent.conf</filename>. You will
633    need to use <command>ssh-add</command> to re-add your ssh keys. If gpg’s
634    automatic transformation of the private keys to the new format fails, you
635    will need to re-import your private keyring as well:
636<programlisting>
637gpg --import ~/.gnupg/secring.gpg
638    </programlisting>
639    The <command>gpg-agent(1)</command> man page has more details about this
640    subject, i.e. in the "EXAMPLES" section.
641   </para>
642  </listitem>
643 </itemizedlist>
644
645 <para>
646  Other notable improvements:
647  <itemizedlist>
648<!--
649  <listitem>
650    <para>The <command>command-not-found</command> hook was extended.
651    Apart from <literal>$NIX_AUTO_INSTALL</literal> variable,
652    it newly also checks for <literal>$NIX_AUTO_RUN</literal>
653    which causes it to directly run the missing commands via
654    <command>nix-shell</command> (without installing anything).</para>
655  </listitem>
656  -->
657   <listitem>
658    <para>
659     <literal>ejabberd</literal> module is brought back and now works on NixOS.
660    </para>
661   </listitem>
662   <listitem>
663    <para>
664     Input method support was improved. New NixOS modules (fcitx, nabi and
665     uim), fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus
666     engines (hangul and m17n) have been added.
667    </para>
668   </listitem>
669  </itemizedlist>
670 </para>
671</section>