pyrox.dev
1<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-17.03">
2 <title>Release 17.03 (<quote>Gorilla</quote>, 2017/03/31)</title>
3 <section xml:id="sec-release-17.03-highlights">
4 <title>Highlights</title>
5 <para>
6 In addition to numerous new and upgraded packages, this release
7 has the following highlights:
8 </para>
9 <itemizedlist>
10 <listitem>
11 <para>
12 Nixpkgs is now extensible through overlays. See the
13 <link xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">Nixpkgs
14 manual</link> for more information.
15 </para>
16 </listitem>
17 <listitem>
18 <para>
19 This release is based on Glibc 2.25, GCC 5.4.0 and systemd
20 232. The default Linux kernel is 4.9 and Nix is at 1.11.8.
21 </para>
22 </listitem>
23 <listitem>
24 <para>
25 The default desktop environment now is KDE's Plasma 5. KDE 4
26 has been removed
27 </para>
28 </listitem>
29 <listitem>
30 <para>
31 The setuid wrapper functionality now supports setting
32 capabilities.
33 </para>
34 </listitem>
35 <listitem>
36 <para>
37 X.org server uses branch 1.19. Due to ABI incompatibilities,
38 <literal>ati_unfree</literal> keeps forcing 1.17 and
39 <literal>amdgpu-pro</literal> starts forcing 1.18.
40 </para>
41 </listitem>
42 <listitem>
43 <para>
44 Cross compilation has been rewritten. See the nixpkgs manual
45 for details. The most obvious breaking change is that in
46 derivations there is no <literal>.nativeDrv</literal> nor
47 <literal>.crossDrv</literal> are now cross by default, not
48 native.
49 </para>
50 </listitem>
51 <listitem>
52 <para>
53 The <literal>overridePackages</literal> function has been
54 rewritten to be replaced by
55 <link xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
56 overlays</link>
57 </para>
58 </listitem>
59 <listitem>
60 <para>
61 Packages in nixpkgs can be marked as insecure through listed
62 vulnerabilities. See the
63 <link xlink:href="https://nixos.org/nixpkgs/manual/#sec-allow-insecure">Nixpkgs
64 manual</link> for more information.
65 </para>
66 </listitem>
67 <listitem>
68 <para>
69 PHP now defaults to PHP 7.1
70 </para>
71 </listitem>
72 </itemizedlist>
73 </section>
74 <section xml:id="sec-release-17.03-new-services">
75 <title>New Services</title>
76 <para>
77 The following new services were added since the last release:
78 </para>
79 <itemizedlist>
80 <listitem>
81 <para>
82 <literal>hardware/ckb.nix</literal>
83 </para>
84 </listitem>
85 <listitem>
86 <para>
87 <literal>hardware/mcelog.nix</literal>
88 </para>
89 </listitem>
90 <listitem>
91 <para>
92 <literal>hardware/usb-wwan.nix</literal>
93 </para>
94 </listitem>
95 <listitem>
96 <para>
97 <literal>hardware/video/capture/mwprocapture.nix</literal>
98 </para>
99 </listitem>
100 <listitem>
101 <para>
102 <literal>programs/adb.nix</literal>
103 </para>
104 </listitem>
105 <listitem>
106 <para>
107 <literal>programs/chromium.nix</literal>
108 </para>
109 </listitem>
110 <listitem>
111 <para>
112 <literal>programs/gphoto2.nix</literal>
113 </para>
114 </listitem>
115 <listitem>
116 <para>
117 <literal>programs/java.nix</literal>
118 </para>
119 </listitem>
120 <listitem>
121 <para>
122 <literal>programs/mtr.nix</literal>
123 </para>
124 </listitem>
125 <listitem>
126 <para>
127 <literal>programs/oblogout.nix</literal>
128 </para>
129 </listitem>
130 <listitem>
131 <para>
132 <literal>programs/vim.nix</literal>
133 </para>
134 </listitem>
135 <listitem>
136 <para>
137 <literal>programs/wireshark.nix</literal>
138 </para>
139 </listitem>
140 <listitem>
141 <para>
142 <literal>security/dhparams.nix</literal>
143 </para>
144 </listitem>
145 <listitem>
146 <para>
147 <literal>services/audio/ympd.nix</literal>
148 </para>
149 </listitem>
150 <listitem>
151 <para>
152 <literal>services/computing/boinc/client.nix</literal>
153 </para>
154 </listitem>
155 <listitem>
156 <para>
157 <literal>services/continuous-integration/buildbot/master.nix</literal>
158 </para>
159 </listitem>
160 <listitem>
161 <para>
162 <literal>services/continuous-integration/buildbot/worker.nix</literal>
163 </para>
164 </listitem>
165 <listitem>
166 <para>
167 <literal>services/continuous-integration/gitlab-runner.nix</literal>
168 </para>
169 </listitem>
170 <listitem>
171 <para>
172 <literal>services/databases/riak-cs.nix</literal>
173 </para>
174 </listitem>
175 <listitem>
176 <para>
177 <literal>services/databases/stanchion.nix</literal>
178 </para>
179 </listitem>
180 <listitem>
181 <para>
182 <literal>services/desktops/gnome3/gnome-terminal-server.nix</literal>
183 </para>
184 </listitem>
185 <listitem>
186 <para>
187 <literal>services/editors/infinoted.nix</literal>
188 </para>
189 </listitem>
190 <listitem>
191 <para>
192 <literal>services/hardware/illum.nix</literal>
193 </para>
194 </listitem>
195 <listitem>
196 <para>
197 <literal>services/hardware/trezord.nix</literal>
198 </para>
199 </listitem>
200 <listitem>
201 <para>
202 <literal>services/logging/journalbeat.nix</literal>
203 </para>
204 </listitem>
205 <listitem>
206 <para>
207 <literal>services/mail/offlineimap.nix</literal>
208 </para>
209 </listitem>
210 <listitem>
211 <para>
212 <literal>services/mail/postgrey.nix</literal>
213 </para>
214 </listitem>
215 <listitem>
216 <para>
217 <literal>services/misc/couchpotato.nix</literal>
218 </para>
219 </listitem>
220 <listitem>
221 <para>
222 <literal>services/misc/docker-registry.nix</literal>
223 </para>
224 </listitem>
225 <listitem>
226 <para>
227 <literal>services/misc/errbot.nix</literal>
228 </para>
229 </listitem>
230 <listitem>
231 <para>
232 <literal>services/misc/geoip-updater.nix</literal>
233 </para>
234 </listitem>
235 <listitem>
236 <para>
237 <literal>services/misc/gogs.nix</literal>
238 </para>
239 </listitem>
240 <listitem>
241 <para>
242 <literal>services/misc/leaps.nix</literal>
243 </para>
244 </listitem>
245 <listitem>
246 <para>
247 <literal>services/misc/nix-optimise.nix</literal>
248 </para>
249 </listitem>
250 <listitem>
251 <para>
252 <literal>services/misc/ssm-agent.nix</literal>
253 </para>
254 </listitem>
255 <listitem>
256 <para>
257 <literal>services/misc/sssd.nix</literal>
258 </para>
259 </listitem>
260 <listitem>
261 <para>
262 <literal>services/monitoring/arbtt.nix</literal>
263 </para>
264 </listitem>
265 <listitem>
266 <para>
267 <literal>services/monitoring/netdata.nix</literal>
268 </para>
269 </listitem>
270 <listitem>
271 <para>
272 <literal>services/monitoring/prometheus/default.nix</literal>
273 </para>
274 </listitem>
275 <listitem>
276 <para>
277 <literal>services/monitoring/prometheus/alertmanager.nix</literal>
278 </para>
279 </listitem>
280 <listitem>
281 <para>
282 <literal>services/monitoring/prometheus/blackbox-exporter.nix</literal>
283 </para>
284 </listitem>
285 <listitem>
286 <para>
287 <literal>services/monitoring/prometheus/json-exporter.nix</literal>
288 </para>
289 </listitem>
290 <listitem>
291 <para>
292 <literal>services/monitoring/prometheus/nginx-exporter.nix</literal>
293 </para>
294 </listitem>
295 <listitem>
296 <para>
297 <literal>services/monitoring/prometheus/node-exporter.nix</literal>
298 </para>
299 </listitem>
300 <listitem>
301 <para>
302 <literal>services/monitoring/prometheus/snmp-exporter.nix</literal>
303 </para>
304 </listitem>
305 <listitem>
306 <para>
307 <literal>services/monitoring/prometheus/unifi-exporter.nix</literal>
308 </para>
309 </listitem>
310 <listitem>
311 <para>
312 <literal>services/monitoring/prometheus/varnish-exporter.nix</literal>
313 </para>
314 </listitem>
315 <listitem>
316 <para>
317 <literal>services/monitoring/sysstat.nix</literal>
318 </para>
319 </listitem>
320 <listitem>
321 <para>
322 <literal>services/monitoring/telegraf.nix</literal>
323 </para>
324 </listitem>
325 <listitem>
326 <para>
327 <literal>services/monitoring/vnstat.nix</literal>
328 </para>
329 </listitem>
330 <listitem>
331 <para>
332 <literal>services/network-filesystems/cachefilesd.nix</literal>
333 </para>
334 </listitem>
335 <listitem>
336 <para>
337 <literal>services/network-filesystems/glusterfs.nix</literal>
338 </para>
339 </listitem>
340 <listitem>
341 <para>
342 <literal>services/network-filesystems/ipfs.nix</literal>
343 </para>
344 </listitem>
345 <listitem>
346 <para>
347 <literal>services/networking/dante.nix</literal>
348 </para>
349 </listitem>
350 <listitem>
351 <para>
352 <literal>services/networking/dnscrypt-wrapper.nix</literal>
353 </para>
354 </listitem>
355 <listitem>
356 <para>
357 <literal>services/networking/fakeroute.nix</literal>
358 </para>
359 </listitem>
360 <listitem>
361 <para>
362 <literal>services/networking/flannel.nix</literal>
363 </para>
364 </listitem>
365 <listitem>
366 <para>
367 <literal>services/networking/htpdate.nix</literal>
368 </para>
369 </listitem>
370 <listitem>
371 <para>
372 <literal>services/networking/miredo.nix</literal>
373 </para>
374 </listitem>
375 <listitem>
376 <para>
377 <literal>services/networking/nftables.nix</literal>
378 </para>
379 </listitem>
380 <listitem>
381 <para>
382 <literal>services/networking/powerdns.nix</literal>
383 </para>
384 </listitem>
385 <listitem>
386 <para>
387 <literal>services/networking/pdns-recursor.nix</literal>
388 </para>
389 </listitem>
390 <listitem>
391 <para>
392 <literal>services/networking/quagga.nix</literal>
393 </para>
394 </listitem>
395 <listitem>
396 <para>
397 <literal>services/networking/redsocks.nix</literal>
398 </para>
399 </listitem>
400 <listitem>
401 <para>
402 <literal>services/networking/wireguard.nix</literal>
403 </para>
404 </listitem>
405 <listitem>
406 <para>
407 <literal>services/system/cgmanager.nix</literal>
408 </para>
409 </listitem>
410 <listitem>
411 <para>
412 <literal>services/torrent/opentracker.nix</literal>
413 </para>
414 </listitem>
415 <listitem>
416 <para>
417 <literal>services/web-apps/atlassian/confluence.nix</literal>
418 </para>
419 </listitem>
420 <listitem>
421 <para>
422 <literal>services/web-apps/atlassian/crowd.nix</literal>
423 </para>
424 </listitem>
425 <listitem>
426 <para>
427 <literal>services/web-apps/atlassian/jira.nix</literal>
428 </para>
429 </listitem>
430 <listitem>
431 <para>
432 <literal>services/web-apps/frab.nix</literal>
433 </para>
434 </listitem>
435 <listitem>
436 <para>
437 <literal>services/web-apps/nixbot.nix</literal>
438 </para>
439 </listitem>
440 <listitem>
441 <para>
442 <literal>services/web-apps/selfoss.nix</literal>
443 </para>
444 </listitem>
445 <listitem>
446 <para>
447 <literal>services/web-apps/quassel-webserver.nix</literal>
448 </para>
449 </listitem>
450 <listitem>
451 <para>
452 <literal>services/x11/unclutter-xfixes.nix</literal>
453 </para>
454 </listitem>
455 <listitem>
456 <para>
457 <literal>services/x11/urxvtd.nix</literal>
458 </para>
459 </listitem>
460 <listitem>
461 <para>
462 <literal>system/boot/systemd-nspawn.nix</literal>
463 </para>
464 </listitem>
465 <listitem>
466 <para>
467 <literal>virtualisation/ecs-agent.nix</literal>
468 </para>
469 </listitem>
470 <listitem>
471 <para>
472 <literal>virtualisation/lxcfs.nix</literal>
473 </para>
474 </listitem>
475 <listitem>
476 <para>
477 <literal>virtualisation/openstack/keystone.nix</literal>
478 </para>
479 </listitem>
480 <listitem>
481 <para>
482 <literal>virtualisation/openstack/glance.nix</literal>
483 </para>
484 </listitem>
485 </itemizedlist>
486 </section>
487 <section xml:id="sec-release-17.03-incompatibilities">
488 <title>Backward Incompatibilities</title>
489 <para>
490 When upgrading from a previous release, please be aware of the
491 following incompatible changes:
492 </para>
493 <itemizedlist>
494 <listitem>
495 <para>
496 Derivations have no <literal>.nativeDrv</literal> nor
497 <literal>.crossDrv</literal> and are now cross by default, not
498 native.
499 </para>
500 </listitem>
501 <listitem>
502 <para>
503 <literal>stdenv.overrides</literal> is now expected to take
504 <literal>self</literal> and <literal>super</literal>
505 arguments. See <literal>lib.trivial.extends</literal> for what
506 those parameters represent.
507 </para>
508 </listitem>
509 <listitem>
510 <para>
511 <literal>ansible</literal> now defaults to ansible version 2
512 as version 1 has been removed due to a serious
513 <link xlink:href="https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt">
514 vulnerability</link> unpatched by upstream.
515 </para>
516 </listitem>
517 <listitem>
518 <para>
519 <literal>gnome</literal> alias has been removed along with
520 <literal>gtk</literal>, <literal>gtkmm</literal> and several
521 others. Now you need to use versioned attributes, like
522 <literal>gnome3</literal>.
523 </para>
524 </listitem>
525 <listitem>
526 <para>
527 The attribute name of the Radicale daemon has been changed
528 from <literal>pythonPackages.radicale</literal> to
529 <literal>radicale</literal>.
530 </para>
531 </listitem>
532 <listitem>
533 <para>
534 The <literal>stripHash</literal> bash function in
535 <literal>stdenv</literal> changed according to its
536 documentation; it now outputs the stripped name to
537 <literal>stdout</literal> instead of putting it in the
538 variable <literal>strippedName</literal>.
539 </para>
540 </listitem>
541 <listitem>
542 <para>
543 PHP now scans for extra configuration .ini files in /etc/php.d
544 instead of /etc. This prevents accidentally loading non-PHP
545 .ini files that may be in /etc.
546 </para>
547 </listitem>
548 <listitem>
549 <para>
550 Two lone top-level dict dbs moved into
551 <literal>dictdDBs</literal>. This affects:
552 <literal>dictdWordnet</literal> which is now at
553 <literal>dictdDBs.wordnet</literal> and
554 <literal>dictdWiktionary</literal> which is now at
555 <literal>dictdDBs.wiktionary</literal>
556 </para>
557 </listitem>
558 <listitem>
559 <para>
560 Parsoid service now uses YAML configuration format.
561 <literal>service.parsoid.interwikis</literal> is now called
562 <literal>service.parsoid.wikis</literal> and is a list of
563 either API URLs or attribute sets as specified in parsoid's
564 documentation.
565 </para>
566 </listitem>
567 <listitem>
568 <para>
569 <literal>Ntpd</literal> was replaced by
570 <literal>systemd-timesyncd</literal> as the default service to
571 synchronize system time with a remote NTP server. The old
572 behavior can be restored by setting
573 <literal>services.ntp.enable</literal> to
574 <literal>true</literal>. Upstream time servers for all NTP
575 implementations are now configured using
576 <literal>networking.timeServers</literal>.
577 </para>
578 </listitem>
579 <listitem>
580 <para>
581 <literal>service.nylon</literal> is now declared using named
582 instances. As an example:
583 </para>
584 <programlisting language="bash">
585{
586 services.nylon = {
587 enable = true;
588 acceptInterface = "br0";
589 bindInterface = "tun1";
590 port = 5912;
591 };
592}
593</programlisting>
594 <para>
595 should be replaced with:
596 </para>
597 <programlisting language="bash">
598{
599 services.nylon.myvpn = {
600 enable = true;
601 acceptInterface = "br0";
602 bindInterface = "tun1";
603 port = 5912;
604 };
605}
606</programlisting>
607 <para>
608 this enables you to declare a SOCKS proxy for each uplink.
609 </para>
610 </listitem>
611 <listitem>
612 <para>
613 <literal>overridePackages</literal> function no longer exists.
614 It is replaced by
615 <link xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
616 overlays</link>. For example, the following code:
617 </para>
618 <programlisting language="bash">
619let
620 pkgs = import <nixpkgs> {};
621in
622 pkgs.overridePackages (self: super: ...)
623</programlisting>
624 <para>
625 should be replaced by:
626 </para>
627 <programlisting language="bash">
628let
629 pkgs = import <nixpkgs> {};
630in
631 import pkgs.path { overlays = [(self: super: ...)]; }
632</programlisting>
633 </listitem>
634 <listitem>
635 <para>
636 Autoloading connection tracking helpers is now disabled by
637 default. This default was also changed in the Linux kernel and
638 is considered insecure if not configured properly in your
639 firewall. If you need connection tracking helpers (i.e. for
640 active FTP) please enable
641 <literal>networking.firewall.autoLoadConntrackHelpers</literal>
642 and tune
643 <literal>networking.firewall.connectionTrackingModules</literal>
644 to suit your needs.
645 </para>
646 </listitem>
647 <listitem>
648 <para>
649 <literal>local_recipient_maps</literal> is not set to empty
650 value by Postfix service. It's an insecure default as stated
651 by Postfix documentation. Those who want to retain this
652 setting need to set it via
653 <literal>services.postfix.extraConfig</literal>.
654 </para>
655 </listitem>
656 <listitem>
657 <para>
658 Iputils no longer provide ping6 and traceroute6. The
659 functionality of these tools has been integrated into ping and
660 traceroute respectively. To enforce an address family the new
661 flags <literal>-4</literal> and <literal>-6</literal> have
662 been added. One notable incompatibility is that specifying an
663 interface (for link-local IPv6 for instance) is no longer done
664 with the <literal>-I</literal> flag, but by encoding the
665 interface into the address
666 (<literal>ping fe80::1%eth0</literal>).
667 </para>
668 </listitem>
669 <listitem>
670 <para>
671 The socket handling of the <literal>services.rmilter</literal>
672 module has been fixed and refactored. As rmilter doesn't
673 support binding to more than one socket, the options
674 <literal>bindUnixSockets</literal> and
675 <literal>bindInetSockets</literal> have been replaced by
676 <literal>services.rmilter.bindSocket.*</literal>. The default
677 is still a unix socket in
678 <literal>/run/rmilter/rmilter.sock</literal>. Refer to the
679 options documentation for more information.
680 </para>
681 </listitem>
682 <listitem>
683 <para>
684 The <literal>fetch*</literal> functions no longer support md5,
685 please use sha256 instead.
686 </para>
687 </listitem>
688 <listitem>
689 <para>
690 The dnscrypt-proxy module interface has been streamlined
691 around the <literal>extraArgs</literal> option. Where
692 possible, legacy option declarations are mapped to
693 <literal>extraArgs</literal> but will emit warnings. The
694 <literal>resolverList</literal> has been outright removed: to
695 use an unlisted resolver, use the
696 <literal>customResolver</literal> option.
697 </para>
698 </listitem>
699 <listitem>
700 <para>
701 torbrowser now stores local state under
702 <literal>~/.local/share/tor-browser</literal> by default. Any
703 browser profile data from the old location,
704 <literal>~/.torbrowser4</literal>, must be migrated manually.
705 </para>
706 </listitem>
707 <listitem>
708 <para>
709 The ihaskell, monetdb, offlineimap and sitecopy services have
710 been removed.
711 </para>
712 </listitem>
713 </itemizedlist>
714 </section>
715 <section xml:id="sec-release-17.03-notable-changes">
716 <title>Other Notable Changes</title>
717 <itemizedlist>
718 <listitem>
719 <para>
720 Module type system have a new extensible option types feature
721 that allow to extend certain types, such as enum, through
722 multiple option declarations of the same option across
723 multiple modules.
724 </para>
725 </listitem>
726 <listitem>
727 <para>
728 <literal>jre</literal> now defaults to GTK UI by default. This
729 improves visual consistency and makes Java follow system font
730 style, improving the situation on HighDPI displays. This has a
731 cost of increased closure size; for server and other headless
732 workloads it's recommended to use
733 <literal>jre_headless</literal>.
734 </para>
735 </listitem>
736 <listitem>
737 <para>
738 Python 2.6 interpreter and package set have been removed.
739 </para>
740 </listitem>
741 <listitem>
742 <para>
743 The Python 2.7 interpreter does not use modules anymore.
744 Instead, all CPython interpreters now include the whole
745 standard library except for `tkinter`, which is available in
746 the Python package set.
747 </para>
748 </listitem>
749 <listitem>
750 <para>
751 Python 2.7, 3.5 and 3.6 are now built deterministically and
752 3.4 mostly. Minor modifications had to be made to the
753 interpreters in order to generate deterministic bytecode. This
754 has security implications and is relevant for those using
755 Python in a <literal>nix-shell</literal>. See the Nixpkgs
756 manual for details.
757 </para>
758 </listitem>
759 <listitem>
760 <para>
761 The Python package sets now use a fixed-point combinator and
762 the sets are available as attributes of the interpreters.
763 </para>
764 </listitem>
765 <listitem>
766 <para>
767 The Python function <literal>buildPythonPackage</literal> has
768 been improved and can be used to build from Setuptools source,
769 Flit source, and precompiled Wheels.
770 </para>
771 </listitem>
772 <listitem>
773 <para>
774 When adding new or updating current Python libraries, the
775 expressions should be put in separate files in
776 <literal>pkgs/development/python-modules</literal> and called
777 from <literal>python-packages.nix</literal>.
778 </para>
779 </listitem>
780 <listitem>
781 <para>
782 The dnscrypt-proxy service supports synchronizing the list of
783 public resolvers without working DNS resolution. This fixes
784 issues caused by the resolver list becoming outdated. It also
785 improves the viability of DNSCrypt only configurations.
786 </para>
787 </listitem>
788 <listitem>
789 <para>
790 Containers using bridged networking no longer lose their
791 connection after changes to the host networking.
792 </para>
793 </listitem>
794 <listitem>
795 <para>
796 ZFS supports pool auto scrubbing.
797 </para>
798 </listitem>
799 <listitem>
800 <para>
801 The bind DNS utilities (e.g. dig) have been split into their
802 own output and are now also available in
803 <literal>pkgs.dnsutils</literal> and it is no longer necessary
804 to pull in all of <literal>bind</literal> to use them.
805 </para>
806 </listitem>
807 <listitem>
808 <para>
809 Per-user configuration was moved from
810 <literal>~/.nixpkgs</literal> to
811 <literal>~/.config/nixpkgs</literal>. The former is still
812 valid for <literal>config.nix</literal> for backwards
813 compatibility.
814 </para>
815 </listitem>
816 </itemizedlist>
817 </section>
818</section>