pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / doc / manual / release-notes / rl-1609.xml
at 18.09-beta 9.8 kB view raw
1<section xmlns="http://docbook.org/ns/docbook" 2 xmlns:xlink="http://www.w3.org/1999/xlink" 3 xmlns:xi="http://www.w3.org/2001/XInclude" 4 version="5.0" 5 xml:id="sec-release-16.09"> 6 <title>Release 16.09 (“Flounder”, 2016/09/30)</title> 7 8 <para> 9 In addition to numerous new and upgraded packages, this release has the 10 following highlights: 11 </para> 12 13 <itemizedlist> 14 <listitem> 15 <para> 16 Many NixOS configurations and Nix packages now use significantly less disk 17 space, thanks to the 18 <link 19 xlink:href="https://github.com/NixOS/nixpkgs/issues/7117">extensive 20 work on closure size reduction</link>. For example, the closure size of a 21 minimal NixOS container went down from ~424 MiB in 16.03 to ~212 MiB in 22 16.09, while the closure size of Firefox went from ~651 MiB to ~259 MiB. 23 </para> 24 </listitem> 25 <listitem> 26 <para> 27 To improve security, packages are now 28 <link 29 xlink:href="https://github.com/NixOS/nixpkgs/pull/12895">built 30 using various hardening features</link>. See the Nixpkgs manual for more 31 information. 32 </para> 33 </listitem> 34 <listitem> 35 <para> 36 Support for PXE netboot. See <xref 37 linkend="sec-booting-from-pxe" /> 38 for documentation. 39 </para> 40 </listitem> 41 <listitem> 42 <para> 43 X.org server 1.18. If you use the <literal>ati_unfree</literal> driver, 44 1.17 is still used due to an ABI incompatibility. 45 </para> 46 </listitem> 47 <listitem> 48 <para> 49 This release is based on Glibc 2.24, GCC 5.4.0 and systemd 231. The default 50 Linux kernel remains 4.4. 51 </para> 52 </listitem> 53 </itemizedlist> 54 55 <para> 56 The following new services were added since the last release: 57 </para> 58 59 <itemizedlist> 60 <listitem> 61 <para> 62 <literal>(this will get automatically generated at release time)</literal> 63 </para> 64 </listitem> 65 </itemizedlist> 66 67 <para> 68 When upgrading from a previous release, please be aware of the following 69 incompatible changes: 70 </para> 71 72 <itemizedlist> 73 <listitem> 74 <para> 75 A large number of packages have been converted to use the multiple outputs 76 feature of Nix to greatly reduce the amount of required disk space, as 77 mentioned above. This may require changes to any custom packages to make 78 them build again; see the relevant chapter in the Nixpkgs manual for more 79 information. (Additional caveat to packagers: some packaging conventions 80 related to multiple-output packages 81 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/14766">were 82 changed</link> late (August 2016) in the release cycle and differ from the 83 initial introduction of multiple outputs.) 84 </para> 85 </listitem> 86 <listitem> 87 <para> 88 Previous versions of Nixpkgs had support for all versions of the LTS 89 Haskell package set. That support has been dropped. The previously provided 90 <literal>haskell.packages.lts-x_y</literal> package sets still exist in 91 name to aviod breaking user code, but these package sets don't actually 92 contain the versions mandated by the corresponding LTS release. Instead, 93 our package set it loosely based on the latest available LTS release, i.e. 94 LTS 7.x at the time of this writing. New releases of NixOS and Nixpkgs will 95 drop those old names entirely. 96 <link 97 xlink:href="https://nixos.org/nix-dev/2016-June/020585.html">The 98 motivation for this change</link> has been discussed at length on the 99 <literal>nix-dev</literal> mailing list and in 100 <link 101 xlink:href="https://github.com/NixOS/nixpkgs/issues/14897">Github 102 issue #14897</link>. Development strategies for Haskell hackers who want to 103 rely on Nix and NixOS have been described in 104 <link 105 xlink:href="https://nixos.org/nix-dev/2016-June/020642.html">another 106 nix-dev article</link>. 107 </para> 108 </listitem> 109 <listitem> 110 <para> 111 Shell aliases for systemd sub-commands 112 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/15598">were 113 dropped</link>: <command>start</command>, <command>stop</command>, 114 <command>restart</command>, <command>status</command>. 115 </para> 116 </listitem> 117 <listitem> 118 <para> 119 Redis now binds to 127.0.0.1 only instead of listening to all network 120 interfaces. This is the default behavior of Redis 3.2 121 </para> 122 </listitem> 123 <listitem> 124 <para> 125 <literal>/var/empty</literal> is now immutable. Activation script runs 126 <command>chattr +i</command> to forbid any modifications inside the folder. 127 See <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18365"> the 128 pull request</link> for what bugs this caused. 129 </para> 130 </listitem> 131 <listitem> 132 <para> 133 Gitlab's maintainance script <command>gitlab-runner</command> was removed 134 and split up into the more clearer <command>gitlab-run</command> and 135 <command>gitlab-rake</command> scripts, because 136 <command>gitlab-runner</command> is a component of Gitlab CI. 137 </para> 138 </listitem> 139 <listitem> 140 <para> 141 <literal>services.xserver.libinput.accelProfile</literal> default changed 142 from <literal>flat</literal> to <literal>adaptive</literal>, as per 143 <link xlink:href="https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79"> 144 official documentation</link>. 145 </para> 146 </listitem> 147 <listitem> 148 <para> 149 <literal>fonts.fontconfig.ultimate.rendering</literal> was removed because 150 our presets were obsolete for some time. New presets are hardcoded into 151 FreeType; you can select a preset via 152 <literal>fonts.fontconfig.ultimate.preset</literal>. You can customize 153 those presets via ordinary environment variables, using 154 <literal>environment.variables</literal>. 155 </para> 156 </listitem> 157 <listitem> 158 <para> 159 The <literal>audit</literal> service is no longer enabled by default. Use 160 <literal>security.audit.enable = true</literal> to explicitly enable it. 161 </para> 162 </listitem> 163 <listitem> 164 <para> 165 <literal>pkgs.linuxPackages.virtualbox</literal> now contains only the 166 kernel modules instead of the VirtualBox user space binaries. If you want 167 to reference the user space binaries, you have to use the new 168 <literal>pkgs.virtualbox</literal> instead. 169 </para> 170 </listitem> 171 <listitem> 172 <para> 173 <literal>goPackages</literal> was replaced with separated Go applications 174 in appropriate <literal>nixpkgs</literal> categories. Each Go package uses 175 its own dependency set. There's also a new <literal>go2nix</literal> tool 176 introduced to generate a Go package definition from its Go source 177 automatically. 178 </para> 179 </listitem> 180 <listitem> 181 <para> 182 <literal>services.mongodb.extraConfig</literal> configuration format was 183 changed to YAML. 184 </para> 185 </listitem> 186 <listitem> 187 <para> 188 PHP has been upgraded to 7.0 189 </para> 190 </listitem> 191 </itemizedlist> 192 193 <para> 194 Other notable improvements: 195 </para> 196 197 <itemizedlist> 198 <listitem> 199 <para> 200 Revamped grsecurity/PaX support. There is now only a single general-purpose 201 distribution kernel and the configuration interface has been streamlined. 202 Desktop users should be able to simply set 203<programlisting>security.grsecurity.enable = true</programlisting> 204 to get a reasonably secure system without having to sacrifice too much 205 functionality. 206 </para> 207 </listitem> 208 <listitem> 209 <para> 210 Special filesystems, like <literal>/proc</literal>, <literal>/run</literal> 211 and others, now have the same mount options as recommended by systemd and 212 are unified across different places in NixOS. Mount options are updated 213 during <command>nixos-rebuild switch</command> if possible. One benefit 214 from this is improved security — most such filesystems are now mounted 215 with <literal>noexec</literal>, <literal>nodev</literal> and/or 216 <literal>nosuid</literal> options. 217 </para> 218 </listitem> 219 <listitem> 220 <para> 221 The reverse path filter was interfering with DHCPv4 server operation in the 222 past. An exception for DHCPv4 and a new option to log packets that were 223 dropped due to the reverse path filter was added 224 (<literal>networking.firewall.logReversePathDrops</literal>) for easier 225 debugging. 226 </para> 227 </listitem> 228 <listitem> 229 <para> 230 Containers configuration within 231 <literal>containers.&lt;name&gt;.config</literal> is 232 <link 233 xlink:href="https://github.com/NixOS/nixpkgs/pull/17365">now 234 properly typed and checked</link>. In particular, partial configurations 235 are merged correctly. 236 </para> 237 </listitem> 238 <listitem> 239 <para> 240 The directory container setuid wrapper programs, 241 <filename>/var/setuid-wrappers</filename>, 242 <link 243 xlink:href="https://github.com/NixOS/nixpkgs/pull/18124">is now 244 updated atomically to prevent failures if the switch to a new configuration 245 is interrupted.</link> 246 </para> 247 </listitem> 248 <listitem> 249 <para> 250 <literal>services.xserver.startGnuPGAgent</literal> has been removed due to 251 GnuPG 2.1.x bump. See 252 <link 253 xlink:href="https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c"> 254 how to achieve similar behavior</link>. You might need to <literal>pkill 255 gpg-agent</literal> after the upgrade to prevent a stale agent being in the 256 way. 257 </para> 258 </listitem> 259 <listitem> 260 <para> 261 <link xlink:href="https://github.com/NixOS/nixpkgs/commit/e561edc322d275c3687fec431935095cfc717147"> 262 Declarative users could share the uid due to the bug in the script handling 263 conflict resolution. </link> 264 </para> 265 </listitem> 266 <listitem> 267 <para> 268 Gummi boot has been replaced using systemd-boot. 269 </para> 270 </listitem> 271 <listitem> 272 <para> 273 Hydra package and NixOS module were added for convenience. 274 </para> 275 </listitem> 276 </itemizedlist> 277</section>