pyrox.dev
1<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-16.03">
2 <title>Release 16.03 (<quote>Emu</quote>, 2016/03/31)</title>
3 <para>
4 In addition to numerous new and upgraded packages, this release has
5 the following highlights:
6 </para>
7 <itemizedlist>
8 <listitem>
9 <para>
10 Systemd 229, bringing
11 <link xlink:href="https://github.com/systemd/systemd/blob/v229/NEWS">numerous
12 improvements</link> over 217.
13 </para>
14 </listitem>
15 <listitem>
16 <para>
17 Linux 4.4 (was 3.18).
18 </para>
19 </listitem>
20 <listitem>
21 <para>
22 GCC 5.3 (was 4.9). Note that GCC 5
23 <link xlink:href="https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html">changes
24 the C++ ABI in an incompatible way</link>; this may cause
25 problems if you try to link objects compiled with different
26 versions of GCC.
27 </para>
28 </listitem>
29 <listitem>
30 <para>
31 Glibc 2.23 (was 2.21).
32 </para>
33 </listitem>
34 <listitem>
35 <para>
36 Binutils 2.26 (was 2.23.1). See #909
37 </para>
38 </listitem>
39 <listitem>
40 <para>
41 Improved support for ensuring
42 <link xlink:href="https://reproducible-builds.org/">bitwise
43 reproducible builds</link>. For example,
44 <literal>stdenv</literal> now sets the environment variable
45 <literal>SOURCE_DATE_EPOCH</literal> to a deterministic value,
46 and Nix has
47 <link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-1.11">gained
48 an option</link> to repeat a build a number of times to test
49 determinism. An ongoing project, the goal of exact
50 reproducibility is to allow binaries to be verified
51 independently (e.g., a user might only trust binaries that
52 appear in three independent binary caches).
53 </para>
54 </listitem>
55 <listitem>
56 <para>
57 Perl 5.22.
58 </para>
59 </listitem>
60 </itemizedlist>
61 <para>
62 The following new services were added since the last release:
63 </para>
64 <itemizedlist>
65 <listitem>
66 <para>
67 <literal>services/monitoring/longview.nix</literal>
68 </para>
69 </listitem>
70 <listitem>
71 <para>
72 <literal>hardware/video/webcam/facetimehd.nix</literal>
73 </para>
74 </listitem>
75 <listitem>
76 <para>
77 <literal>i18n/input-method/default.nix</literal>
78 </para>
79 </listitem>
80 <listitem>
81 <para>
82 <literal>i18n/input-method/fcitx.nix</literal>
83 </para>
84 </listitem>
85 <listitem>
86 <para>
87 <literal>i18n/input-method/ibus.nix</literal>
88 </para>
89 </listitem>
90 <listitem>
91 <para>
92 <literal>i18n/input-method/nabi.nix</literal>
93 </para>
94 </listitem>
95 <listitem>
96 <para>
97 <literal>i18n/input-method/uim.nix</literal>
98 </para>
99 </listitem>
100 <listitem>
101 <para>
102 <literal>programs/fish.nix</literal>
103 </para>
104 </listitem>
105 <listitem>
106 <para>
107 <literal>security/acme.nix</literal>
108 </para>
109 </listitem>
110 <listitem>
111 <para>
112 <literal>security/audit.nix</literal>
113 </para>
114 </listitem>
115 <listitem>
116 <para>
117 <literal>security/oath.nix</literal>
118 </para>
119 </listitem>
120 <listitem>
121 <para>
122 <literal>services/hardware/irqbalance.nix</literal>
123 </para>
124 </listitem>
125 <listitem>
126 <para>
127 <literal>services/mail/dspam.nix</literal>
128 </para>
129 </listitem>
130 <listitem>
131 <para>
132 <literal>services/mail/opendkim.nix</literal>
133 </para>
134 </listitem>
135 <listitem>
136 <para>
137 <literal>services/mail/postsrsd.nix</literal>
138 </para>
139 </listitem>
140 <listitem>
141 <para>
142 <literal>services/mail/rspamd.nix</literal>
143 </para>
144 </listitem>
145 <listitem>
146 <para>
147 <literal>services/mail/rmilter.nix</literal>
148 </para>
149 </listitem>
150 <listitem>
151 <para>
152 <literal>services/misc/autofs.nix</literal>
153 </para>
154 </listitem>
155 <listitem>
156 <para>
157 <literal>services/misc/bepasty.nix</literal>
158 </para>
159 </listitem>
160 <listitem>
161 <para>
162 <literal>services/misc/calibre-server.nix</literal>
163 </para>
164 </listitem>
165 <listitem>
166 <para>
167 <literal>services/misc/cfdyndns.nix</literal>
168 </para>
169 </listitem>
170 <listitem>
171 <para>
172 <literal>services/misc/gammu-smsd.nix</literal>
173 </para>
174 </listitem>
175 <listitem>
176 <para>
177 <literal>services/misc/mathics.nix</literal>
178 </para>
179 </listitem>
180 <listitem>
181 <para>
182 <literal>services/misc/matrix-synapse.nix</literal>
183 </para>
184 </listitem>
185 <listitem>
186 <para>
187 <literal>services/misc/octoprint.nix</literal>
188 </para>
189 </listitem>
190 <listitem>
191 <para>
192 <literal>services/monitoring/hdaps.nix</literal>
193 </para>
194 </listitem>
195 <listitem>
196 <para>
197 <literal>services/monitoring/heapster.nix</literal>
198 </para>
199 </listitem>
200 <listitem>
201 <para>
202 <literal>services/monitoring/longview.nix</literal>
203 </para>
204 </listitem>
205 <listitem>
206 <para>
207 <literal>services/network-filesystems/netatalk.nix</literal>
208 </para>
209 </listitem>
210 <listitem>
211 <para>
212 <literal>services/network-filesystems/xtreemfs.nix</literal>
213 </para>
214 </listitem>
215 <listitem>
216 <para>
217 <literal>services/networking/autossh.nix</literal>
218 </para>
219 </listitem>
220 <listitem>
221 <para>
222 <literal>services/networking/dnschain.nix</literal>
223 </para>
224 </listitem>
225 <listitem>
226 <para>
227 <literal>services/networking/gale.nix</literal>
228 </para>
229 </listitem>
230 <listitem>
231 <para>
232 <literal>services/networking/miniupnpd.nix</literal>
233 </para>
234 </listitem>
235 <listitem>
236 <para>
237 <literal>services/networking/namecoind.nix</literal>
238 </para>
239 </listitem>
240 <listitem>
241 <para>
242 <literal>services/networking/ostinato.nix</literal>
243 </para>
244 </listitem>
245 <listitem>
246 <para>
247 <literal>services/networking/pdnsd.nix</literal>
248 </para>
249 </listitem>
250 <listitem>
251 <para>
252 <literal>services/networking/shairport-sync.nix</literal>
253 </para>
254 </listitem>
255 <listitem>
256 <para>
257 <literal>services/networking/supplicant.nix</literal>
258 </para>
259 </listitem>
260 <listitem>
261 <para>
262 <literal>services/search/kibana.nix</literal>
263 </para>
264 </listitem>
265 <listitem>
266 <para>
267 <literal>services/security/haka.nix</literal>
268 </para>
269 </listitem>
270 <listitem>
271 <para>
272 <literal>services/security/physlock.nix</literal>
273 </para>
274 </listitem>
275 <listitem>
276 <para>
277 <literal>services/web-apps/pump.io.nix</literal>
278 </para>
279 </listitem>
280 <listitem>
281 <para>
282 <literal>services/x11/hardware/libinput.nix</literal>
283 </para>
284 </listitem>
285 <listitem>
286 <para>
287 <literal>services/x11/window-managers/windowlab.nix</literal>
288 </para>
289 </listitem>
290 <listitem>
291 <para>
292 <literal>system/boot/initrd-network.nix</literal>
293 </para>
294 </listitem>
295 <listitem>
296 <para>
297 <literal>system/boot/initrd-ssh.nix</literal>
298 </para>
299 </listitem>
300 <listitem>
301 <para>
302 <literal>system/boot/loader/loader.nix</literal>
303 </para>
304 </listitem>
305 <listitem>
306 <para>
307 <literal>system/boot/networkd.nix</literal>
308 </para>
309 </listitem>
310 <listitem>
311 <para>
312 <literal>system/boot/resolved.nix</literal>
313 </para>
314 </listitem>
315 <listitem>
316 <para>
317 <literal>virtualisation/lxd.nix</literal>
318 </para>
319 </listitem>
320 <listitem>
321 <para>
322 <literal>virtualisation/rkt.nix</literal>
323 </para>
324 </listitem>
325 </itemizedlist>
326 <para>
327 When upgrading from a previous release, please be aware of the
328 following incompatible changes:
329 </para>
330 <itemizedlist>
331 <listitem>
332 <para>
333 We no longer produce graphical ISO images and VirtualBox images
334 for <literal>i686-linux</literal>. A minimal ISO image is still
335 provided.
336 </para>
337 </listitem>
338 <listitem>
339 <para>
340 Firefox and similar browsers are now <emphasis>wrapped by
341 default</emphasis>. The package and attribute names are plain
342 <literal>firefox</literal> or <literal>midori</literal>, etc.
343 Backward-compatibility attributes were set up, but note that
344 <literal>nix-env -u</literal> will <emphasis>not</emphasis>
345 update your current <literal>firefox-with-plugins</literal>; you
346 have to uninstall it and install <literal>firefox</literal>
347 instead.
348 </para>
349 </listitem>
350 <listitem>
351 <para>
352 <literal>wmiiSnap</literal> has been replaced with
353 <literal>wmii_hg</literal>, but
354 <literal>services.xserver.windowManager.wmii.enable</literal>
355 has been updated respectively so this only affects you if you
356 have explicitly installed <literal>wmiiSnap</literal>.
357 </para>
358 </listitem>
359 <listitem>
360 <para>
361 <literal>jobs</literal> NixOS option has been removed. It served
362 as compatibility layer between Upstart jobs and SystemD
363 services. All services have been rewritten to use
364 <literal>systemd.services</literal>
365 </para>
366 </listitem>
367 <listitem>
368 <para>
369 <literal>wmiimenu</literal> is removed, as it has been removed
370 by the developers upstream. Use <literal>wimenu</literal> from
371 the <literal>wmii-hg</literal> package.
372 </para>
373 </listitem>
374 <listitem>
375 <para>
376 Gitit is no longer automatically added to the module list in
377 NixOS and as such there will not be any manual entries for it.
378 You will need to add an import statement to your NixOS
379 configuration in order to use it, e.g.
380 </para>
381 <programlisting language="bash">
382{
383 imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ];
384}
385</programlisting>
386 <para>
387 will include the Gitit service configuration options.
388 </para>
389 </listitem>
390 <listitem>
391 <para>
392 <literal>nginx</literal> does not accept flags for enabling and
393 disabling modules anymore. Instead it accepts
394 <literal>modules</literal> argument, which is a list of modules
395 to be built in. All modules now reside in
396 <literal>nginxModules</literal> set. Example configuration:
397 </para>
398 <programlisting language="bash">
399nginx.override {
400 modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
401}
402</programlisting>
403 </listitem>
404 <listitem>
405 <para>
406 <literal>s3sync</literal> is removed, as it hasn't been
407 developed by upstream for 4 years and only runs with ruby 1.8.
408 For an actively-developer alternative look at
409 <literal>tarsnap</literal> and others.
410 </para>
411 </listitem>
412 <listitem>
413 <para>
414 <literal>ruby_1_8</literal> has been removed as it's not
415 supported from upstream anymore and probably contains security
416 issues.
417 </para>
418 </listitem>
419 <listitem>
420 <para>
421 <literal>tidy-html5</literal> package is removed. Upstream only
422 provided <literal>(lib)tidy5</literal> during development, and
423 now they went back to <literal>(lib)tidy</literal> to work as a
424 drop-in replacement of the original package that has been
425 unmaintained for years. You can (still) use the
426 <literal>html-tidy</literal> package, which got updated to a
427 stable release from this new upstream.
428 </para>
429 </listitem>
430 <listitem>
431 <para>
432 <literal>extraDeviceOptions</literal> argument is removed from
433 <literal>bumblebee</literal> package. Instead there are now two
434 separate arguments: <literal>extraNvidiaDeviceOptions</literal>
435 and <literal>extraNouveauDeviceOptions</literal> for setting
436 extra X11 options for nvidia and nouveau drivers, respectively.
437 </para>
438 </listitem>
439 <listitem>
440 <para>
441 The <literal>Ctrl+Alt+Backspace</literal> key combination no
442 longer kills the X server by default. There's a new option
443 <literal>services.xserver.enableCtrlAltBackspace</literal>
444 allowing to enable the combination again.
445 </para>
446 </listitem>
447 <listitem>
448 <para>
449 <literal>emacsPackagesNg</literal> now contains all packages
450 from the ELPA, MELPA, and MELPA Stable repositories.
451 </para>
452 </listitem>
453 <listitem>
454 <para>
455 Data directory for Postfix MTA server is moved from
456 <literal>/var/postfix</literal> to
457 <literal>/var/lib/postfix</literal>. Old configurations are
458 migrated automatically. <literal>service.postfix</literal>
459 module has also received many improvements, such as correct
460 directories' access rights, new <literal>aliasFiles</literal>
461 and <literal>mapFiles</literal> options and more.
462 </para>
463 </listitem>
464 <listitem>
465 <para>
466 Filesystem options should now be configured as a list of
467 strings, not a comma-separated string. The old style will
468 continue to work, but print a warning, until the 16.09 release.
469 An example of the new style:
470 </para>
471 <programlisting language="bash">
472{
473 fileSystems."/example" = {
474 device = "/dev/sdc";
475 fsType = "btrfs";
476 options = [ "noatime" "compress=lzo" "space_cache" "autodefrag" ];
477 };
478}
479</programlisting>
480 </listitem>
481 <listitem>
482 <para>
483 CUPS, installed by <literal>services.printing</literal> module,
484 now has its data directory in <literal>/var/lib/cups</literal>.
485 Old configurations from <literal>/etc/cups</literal> are moved
486 there automatically, but there might be problems. Also
487 configuration options
488 <literal>services.printing.cupsdConf</literal> and
489 <literal>services.printing.cupsdFilesConf</literal> were removed
490 because they had been allowing one to override configuration
491 variables required for CUPS to work at all on NixOS. For most
492 use cases, <literal>services.printing.extraConf</literal> and
493 new option <literal>services.printing.extraFilesConf</literal>
494 should be enough; if you encounter a situation when they are
495 not, please file a bug.
496 </para>
497 <para>
498 There are also Gutenprint improvements; in particular, a new
499 option <literal>services.printing.gutenprint</literal> is added
500 to enable automatic updating of Gutenprint PPMs; it's greatly
501 recommended to enable it instead of adding
502 <literal>gutenprint</literal> to the <literal>drivers</literal>
503 list.
504 </para>
505 </listitem>
506 <listitem>
507 <para>
508 <literal>services.xserver.vaapiDrivers</literal> has been
509 removed. Use
510 <literal>hardware.opengl.extraPackages{,32}</literal> instead.
511 You can also specify VDPAU drivers there.
512 </para>
513 </listitem>
514 <listitem>
515 <para>
516 <literal>programs.ibus</literal> moved to
517 <literal>i18n.inputMethod.ibus</literal>. The option
518 <literal>programs.ibus.plugins</literal> changed to
519 <literal>i18n.inputMethod.ibus.engines</literal> and the option
520 to enable ibus changed from
521 <literal>programs.ibus.enable</literal> to
522 <literal>i18n.inputMethod.enabled</literal>.
523 <literal>i18n.inputMethod.enabled</literal> should be set to the
524 used input method name, <literal>"ibus"</literal> for
525 ibus. An example of the new style:
526 </para>
527 <programlisting language="bash">
528{
529 i18n.inputMethod.enabled = "ibus";
530 i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ];
531}
532</programlisting>
533 <para>
534 That is equivalent to the old version:
535 </para>
536 <programlisting language="bash">
537{
538 programs.ibus.enable = true;
539 programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ];
540}
541</programlisting>
542 </listitem>
543 <listitem>
544 <para>
545 <literal>services.udev.extraRules</literal> option now writes
546 rules to <literal>99-local.rules</literal> instead of
547 <literal>10-local.rules</literal>. This makes all the user rules
548 apply after others, so their results wouldn't be overriden by
549 anything else.
550 </para>
551 </listitem>
552 <listitem>
553 <para>
554 Large parts of the <literal>services.gitlab</literal> module has
555 been been rewritten. There are new configuration options
556 available. The <literal>stateDir</literal> option was renamned
557 to <literal>statePath</literal> and the
558 <literal>satellitesDir</literal> option was removed. Please
559 review the currently available options.
560 </para>
561 </listitem>
562 <listitem>
563 <para>
564 The option
565 <literal>services.nsd.zones.<name>.data</literal> no
566 longer interpret the dollar sign ($) as a shell variable, as
567 such it should not be escaped anymore. Thus the following zone
568 data:
569 </para>
570 <programlisting>
571$ORIGIN example.com.
572$TTL 1800
573@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
574</programlisting>
575 <para>
576 Should modified to look like the actual file expected by nsd:
577 </para>
578 <programlisting>
579$ORIGIN example.com.
580$TTL 1800
581@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
582</programlisting>
583 </listitem>
584 <listitem>
585 <para>
586 <literal>service.syncthing.dataDir</literal> options now has to
587 point to exact folder where syncthing is writing to. Example
588 configuration should look something like:
589 </para>
590 <programlisting language="bash">
591{
592 services.syncthing = {
593 enable = true;
594 dataDir = "/home/somebody/.syncthing";
595 user = "somebody";
596 };
597}
598</programlisting>
599 </listitem>
600 <listitem>
601 <para>
602 <literal>networking.firewall.allowPing</literal> is now enabled
603 by default. Users are encouraged to configure an appropriate
604 rate limit for their machines using the Kernel interface at
605 <literal>/proc/sys/net/ipv4/icmp_ratelimit</literal> and
606 <literal>/proc/sys/net/ipv6/icmp/ratelimit</literal> or using
607 the firewall itself, i.e. by setting the NixOS option
608 <literal>networking.firewall.pingLimit</literal>.
609 </para>
610 </listitem>
611 <listitem>
612 <para>
613 Systems with some broadcom cards used to result into a generated
614 config that is no longer accepted. If you get errors like
615 </para>
616 <programlisting>
617error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created
618</programlisting>
619 <para>
620 you should either re-run
621 <literal>nixos-generate-config</literal> or manually replace
622 <literal>"${config.boot.kernelPackages.broadcom_sta}"</literal>
623 by <literal>config.boot.kernelPackages.broadcom_sta</literal> in
624 your <literal>/etc/nixos/hardware-configuration.nix</literal>.
625 More discussion is on
626 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12595">
627 the github issue</link>.
628 </para>
629 </listitem>
630 <listitem>
631 <para>
632 The <literal>services.xserver.startGnuPGAgent</literal> option
633 has been removed. GnuPG 2.1.x changed the way the gpg-agent
634 works, and that new approach no longer requires (or even
635 supports) the "start everything as a child of the
636 agent" scheme we've implemented in NixOS for older
637 versions. To configure the gpg-agent for your X session, add the
638 following code to <literal>~/.bashrc</literal> or some file
639 that’s sourced when your shell is started:
640 </para>
641 <programlisting>
642GPG_TTY=$(tty)
643export GPG_TTY
644</programlisting>
645 <para>
646 If you want to use gpg-agent for SSH, too, add the following to
647 your session initialization (e.g.
648 <literal>displayManager.sessionCommands</literal>)
649 </para>
650 <programlisting>
651 gpg-connect-agent /bye
652 unset SSH_AGENT_PID
653 export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh"
654</programlisting>
655 <para>
656 and make sure that
657 </para>
658 <programlisting>
659 enable-ssh-support
660</programlisting>
661 <para>
662 is included in your <literal>~/.gnupg/gpg-agent.conf</literal>.
663 You will need to use <literal>ssh-add</literal> to re-add your
664 ssh keys. If gpg’s automatic transformation of the private keys
665 to the new format fails, you will need to re-import your private
666 keyring as well:
667 </para>
668 <programlisting>
669 gpg --import ~/.gnupg/secring.gpg
670</programlisting>
671 <para>
672 The <literal>gpg-agent(1)</literal> man page has more details
673 about this subject, i.e. in the "EXAMPLES" section.
674 </para>
675 </listitem>
676 </itemizedlist>
677 <para>
678 Other notable improvements:
679 </para>
680 <itemizedlist>
681 <listitem>
682 <para>
683 <literal>ejabberd</literal> module is brought back and now works
684 on NixOS.
685 </para>
686 </listitem>
687 <listitem>
688 <para>
689 Input method support was improved. New NixOS modules (fcitx,
690 nabi and uim), fcitx engines (chewing, hangul, m17n, mozc and
691 table-other) and ibus engines (hangul and m17n) have been added.
692 </para>
693 </listitem>
694 </itemizedlist>
695</section>