pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / doc / manual / from_md / release-notes / rl-1609.section.xml
at 23.05-pre 11 kB view raw
1<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-16.09"> 2 <title>Release 16.09 (<quote>Flounder</quote>, 2016/09/30)</title> 3 <para> 4 In addition to numerous new and upgraded packages, this release has 5 the following highlights: 6 </para> 7 <itemizedlist> 8 <listitem> 9 <para> 10 Many NixOS configurations and Nix packages now use significantly 11 less disk space, thanks to the 12 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/7117">extensive 13 work on closure size reduction</link>. For example, the closure 14 size of a minimal NixOS container went down from ~424 MiB in 15 16.03 to ~212 MiB in 16.09, while the closure size of Firefox 16 went from ~651 MiB to ~259 MiB. 17 </para> 18 </listitem> 19 <listitem> 20 <para> 21 To improve security, packages are now 22 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12895">built 23 using various hardening features</link>. See the Nixpkgs manual 24 for more information. 25 </para> 26 </listitem> 27 <listitem> 28 <para> 29 Support for PXE netboot. See 30 <xref linkend="sec-booting-from-pxe" /> for documentation. 31 </para> 32 </listitem> 33 <listitem> 34 <para> 35 X.org server 1.18. If you use the <literal>ati_unfree</literal> 36 driver, 1.17 is still used due to an ABI incompatibility. 37 </para> 38 </listitem> 39 <listitem> 40 <para> 41 This release is based on Glibc 2.24, GCC 5.4.0 and systemd 231. 42 The default Linux kernel remains 4.4. 43 </para> 44 </listitem> 45 </itemizedlist> 46 <para> 47 The following new services were added since the last release: 48 </para> 49 <itemizedlist spacing="compact"> 50 <listitem> 51 <para> 52 <literal>(this will get automatically generated at release time)</literal> 53 </para> 54 </listitem> 55 </itemizedlist> 56 <para> 57 When upgrading from a previous release, please be aware of the 58 following incompatible changes: 59 </para> 60 <itemizedlist> 61 <listitem> 62 <para> 63 A large number of packages have been converted to use the 64 multiple outputs feature of Nix to greatly reduce the amount of 65 required disk space, as mentioned above. This may require 66 changes to any custom packages to make them build again; see the 67 relevant chapter in the Nixpkgs manual for more information. 68 (Additional caveat to packagers: some packaging conventions 69 related to multiple-output packages 70 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/14766">were 71 changed</link> late (August 2016) in the release cycle and 72 differ from the initial introduction of multiple outputs.) 73 </para> 74 </listitem> 75 <listitem> 76 <para> 77 Previous versions of Nixpkgs had support for all versions of the 78 LTS Haskell package set. That support has been dropped. The 79 previously provided <literal>haskell.packages.lts-x_y</literal> 80 package sets still exist in name to aviod breaking user code, 81 but these package sets don't actually contain the versions 82 mandated by the corresponding LTS release. Instead, our package 83 set it loosely based on the latest available LTS release, i.e. 84 LTS 7.x at the time of this writing. New releases of NixOS and 85 Nixpkgs will drop those old names entirely. 86 <link xlink:href="https://nixos.org/nix-dev/2016-June/020585.html">The 87 motivation for this change</link> has been discussed at length 88 on the <literal>nix-dev</literal> mailing list and in 89 <link xlink:href="https://github.com/NixOS/nixpkgs/issues/14897">Github 90 issue #14897</link>. Development strategies for Haskell hackers 91 who want to rely on Nix and NixOS have been described in 92 <link xlink:href="https://nixos.org/nix-dev/2016-June/020642.html">another 93 nix-dev article</link>. 94 </para> 95 </listitem> 96 <listitem> 97 <para> 98 Shell aliases for systemd sub-commands 99 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/15598">were 100 dropped</link>: <literal>start</literal>, 101 <literal>stop</literal>, <literal>restart</literal>, 102 <literal>status</literal>. 103 </para> 104 </listitem> 105 <listitem> 106 <para> 107 Redis now binds to 127.0.0.1 only instead of listening to all 108 network interfaces. This is the default behavior of Redis 3.2 109 </para> 110 </listitem> 111 <listitem> 112 <para> 113 <literal>/var/empty</literal> is now immutable. Activation 114 script runs <literal>chattr +i</literal> to forbid any 115 modifications inside the folder. See 116 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18365"> 117 the pull request</link> for what bugs this caused. 118 </para> 119 </listitem> 120 <listitem> 121 <para> 122 Gitlab's maintainance script <literal>gitlab-runner</literal> 123 was removed and split up into the more clearer 124 <literal>gitlab-run</literal> and <literal>gitlab-rake</literal> 125 scripts, because <literal>gitlab-runner</literal> is a component 126 of Gitlab CI. 127 </para> 128 </listitem> 129 <listitem> 130 <para> 131 <literal>services.xserver.libinput.accelProfile</literal> 132 default changed from <literal>flat</literal> to 133 <literal>adaptive</literal>, as per 134 <link xlink:href="https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79"> 135 official documentation</link>. 136 </para> 137 </listitem> 138 <listitem> 139 <para> 140 <literal>fonts.fontconfig.ultimate.rendering</literal> was 141 removed because our presets were obsolete for some time. New 142 presets are hardcoded into FreeType; you can select a preset via 143 <literal>fonts.fontconfig.ultimate.preset</literal>. You can 144 customize those presets via ordinary environment variables, 145 using <literal>environment.variables</literal>. 146 </para> 147 </listitem> 148 <listitem> 149 <para> 150 The <literal>audit</literal> service is no longer enabled by 151 default. Use <literal>security.audit.enable = true</literal> to 152 explicitly enable it. 153 </para> 154 </listitem> 155 <listitem> 156 <para> 157 <literal>pkgs.linuxPackages.virtualbox</literal> now contains 158 only the kernel modules instead of the VirtualBox user space 159 binaries. If you want to reference the user space binaries, you 160 have to use the new <literal>pkgs.virtualbox</literal> instead. 161 </para> 162 </listitem> 163 <listitem> 164 <para> 165 <literal>goPackages</literal> was replaced with separated Go 166 applications in appropriate <literal>nixpkgs</literal> 167 categories. Each Go package uses its own dependency set. There's 168 also a new <literal>go2nix</literal> tool introduced to generate 169 a Go package definition from its Go source automatically. 170 </para> 171 </listitem> 172 <listitem> 173 <para> 174 <literal>services.mongodb.extraConfig</literal> configuration 175 format was changed to YAML. 176 </para> 177 </listitem> 178 <listitem> 179 <para> 180 PHP has been upgraded to 7.0 181 </para> 182 </listitem> 183 </itemizedlist> 184 <para> 185 Other notable improvements: 186 </para> 187 <itemizedlist> 188 <listitem> 189 <para> 190 Revamped grsecurity/PaX support. There is now only a single 191 general-purpose distribution kernel and the configuration 192 interface has been streamlined. Desktop users should be able to 193 simply set 194 </para> 195 <programlisting language="bash"> 196{ 197 security.grsecurity.enable = true; 198} 199</programlisting> 200 <para> 201 to get a reasonably secure system without having to sacrifice 202 too much functionality. 203 </para> 204 </listitem> 205 <listitem> 206 <para> 207 Special filesystems, like <literal>/proc</literal>, 208 <literal>/run</literal> and others, now have the same mount 209 options as recommended by systemd and are unified across 210 different places in NixOS. Mount options are updated during 211 <literal>nixos-rebuild switch</literal> if possible. One benefit 212 from this is improved security — most such filesystems are now 213 mounted with <literal>noexec</literal>, <literal>nodev</literal> 214 and/or <literal>nosuid</literal> options. 215 </para> 216 </listitem> 217 <listitem> 218 <para> 219 The reverse path filter was interfering with DHCPv4 server 220 operation in the past. An exception for DHCPv4 and a new option 221 to log packets that were dropped due to the reverse path filter 222 was added 223 (<literal>networking.firewall.logReversePathDrops</literal>) for 224 easier debugging. 225 </para> 226 </listitem> 227 <listitem> 228 <para> 229 Containers configuration within 230 <literal>containers.&lt;name&gt;.config</literal> is 231 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/17365">now 232 properly typed and checked</link>. In particular, partial 233 configurations are merged correctly. 234 </para> 235 </listitem> 236 <listitem> 237 <para> 238 The directory container setuid wrapper programs, 239 <literal>/var/setuid-wrappers</literal>, 240 <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18124">is 241 now updated atomically to prevent failures if the switch to a 242 new configuration is interrupted.</link> 243 </para> 244 </listitem> 245 <listitem> 246 <para> 247 <literal>services.xserver.startGnuPGAgent</literal> has been 248 removed due to GnuPG 2.1.x bump. See 249 <link xlink:href="https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c"> 250 how to achieve similar behavior</link>. You might need to 251 <literal>pkill gpg-agent</literal> after the upgrade to prevent 252 a stale agent being in the way. 253 </para> 254 </listitem> 255 <listitem> 256 <para> 257 <link xlink:href="https://github.com/NixOS/nixpkgs/commit/e561edc322d275c3687fec431935095cfc717147"> 258 Declarative users could share the uid due to the bug in the 259 script handling conflict resolution. </link> 260 </para> 261 </listitem> 262 <listitem> 263 <para> 264 Gummi boot has been replaced using systemd-boot. 265 </para> 266 </listitem> 267 <listitem> 268 <para> 269 Hydra package and NixOS module were added for convenience. 270 </para> 271 </listitem> 272 </itemizedlist> 273</section>