nixos/doc/manual/release-notes/rl-1703.section.md at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / doc / manual / release-notes / rl-1703.section.md
at 25.11-pre 12 kB view raw view rendered
  1# Release 17.03 ("Gorilla", 2017/03/31) {#sec-release-17.03}
  2
  3## Highlights {#sec-release-17.03-highlights}
  4
  5In addition to numerous new and upgraded packages, this release has the following highlights:
  6
  7- Nixpkgs is now extensible through overlays. See the [Nixpkgs manual](https://nixos.org/nixpkgs/manual/#sec-overlays-install) for more information.
  8
  9- This release is based on Glibc 2.25, GCC 5.4.0 and systemd 232. The default Linux kernel is 4.9 and Nix is at 1.11.8.
 10
 11- The default desktop environment now is KDE's Plasma 5. KDE 4 has been removed
 12
 13- The setuid wrapper functionality now supports setting capabilities.
 14
 15- X.org server uses branch 1.19. Due to ABI incompatibilities, `ati_unfree` keeps forcing 1.17 and `amdgpu-pro` starts forcing 1.18.
 16
 17- Cross compilation has been rewritten. See the nixpkgs manual for details. The most obvious breaking change is that in derivations there is no `.nativeDrv` nor `.crossDrv` are now cross by default, not native.
 18
 19- The `overridePackages` function has been rewritten to be replaced by [ overlays](https://nixos.org/nixpkgs/manual/#sec-overlays-install)
 20
 21- Packages in nixpkgs can be marked as insecure through listed vulnerabilities. See the [Nixpkgs manual](https://nixos.org/nixpkgs/manual/#sec-allow-insecure) for more information.
 22
 23- PHP now defaults to PHP 7.1
 24
 25## New Services {#sec-release-17.03-new-services}
 26
 27The following new services were added since the last release:
 28
 29- `hardware/ckb.nix`
 30
 31- `hardware/mcelog.nix`
 32
 33- `hardware/usb-wwan.nix`
 34
 35- `hardware/video/capture/mwprocapture.nix`
 36
 37- `programs/adb.nix`
 38
 39- `programs/chromium.nix`
 40
 41- `programs/gphoto2.nix`
 42
 43- `programs/java.nix`
 44
 45- `programs/mtr.nix`
 46
 47- `programs/oblogout.nix`
 48
 49- `programs/vim.nix`
 50
 51- `programs/wireshark.nix`
 52
 53- `security/dhparams.nix`
 54
 55- `services/audio/ympd.nix`
 56
 57- `services/computing/boinc/client.nix`
 58
 59- `services/continuous-integration/buildbot/master.nix`
 60
 61- `services/continuous-integration/buildbot/worker.nix`
 62
 63- `services/continuous-integration/gitlab-runner.nix`
 64
 65- `services/databases/riak-cs.nix`
 66
 67- `services/databases/stanchion.nix`
 68
 69- `services/desktops/gnome3/gnome-terminal-server.nix`
 70
 71- `services/editors/infinoted.nix`
 72
 73- `services/hardware/illum.nix`
 74
 75- `services/hardware/trezord.nix`
 76
 77- `services/logging/journalbeat.nix`
 78
 79- `services/mail/offlineimap.nix`
 80
 81- `services/mail/postgrey.nix`
 82
 83- `services/misc/couchpotato.nix`
 84
 85- `services/misc/docker-registry.nix`
 86
 87- `services/misc/errbot.nix`
 88
 89- `services/misc/geoip-updater.nix`
 90
 91- `services/misc/gogs.nix`
 92
 93- `services/misc/leaps.nix`
 94
 95- `services/misc/nix-optimise.nix`
 96
 97- `services/misc/ssm-agent.nix`
 98
 99- `services/misc/sssd.nix`
100
101- `services/monitoring/arbtt.nix`
102
103- `services/monitoring/netdata.nix`
104
105- `services/monitoring/prometheus/default.nix`
106
107- `services/monitoring/prometheus/alertmanager.nix`
108
109- `services/monitoring/prometheus/blackbox-exporter.nix`
110
111- `services/monitoring/prometheus/json-exporter.nix`
112
113- `services/monitoring/prometheus/nginx-exporter.nix`
114
115- `services/monitoring/prometheus/node-exporter.nix`
116
117- `services/monitoring/prometheus/snmp-exporter.nix`
118
119- `services/monitoring/prometheus/unifi-exporter.nix`
120
121- `services/monitoring/prometheus/varnish-exporter.nix`
122
123- `services/monitoring/sysstat.nix`
124
125- `services/monitoring/telegraf.nix`
126
127- `services/monitoring/vnstat.nix`
128
129- `services/network-filesystems/cachefilesd.nix`
130
131- `services/network-filesystems/glusterfs.nix`
132
133- `services/network-filesystems/ipfs.nix`
134
135- `services/networking/dante.nix`
136
137- `services/networking/dnscrypt-wrapper.nix`
138
139- `services/networking/fakeroute.nix`
140
141- `services/networking/flannel.nix`
142
143- `services/networking/htpdate.nix`
144
145- `services/networking/miredo.nix`
146
147- `services/networking/nftables.nix`
148
149- `services/networking/powerdns.nix`
150
151- `services/networking/pdns-recursor.nix`
152
153- `services/networking/quagga.nix`
154
155- `services/networking/redsocks.nix`
156
157- `services/networking/wireguard.nix`
158
159- `services/system/cgmanager.nix`
160
161- `services/torrent/opentracker.nix`
162
163- `services/web-apps/atlassian/confluence.nix`
164
165- `services/web-apps/atlassian/crowd.nix`
166
167- `services/web-apps/atlassian/jira.nix`
168
169- `services/web-apps/frab.nix`
170
171- `services/web-apps/nixbot.nix`
172
173- `services/web-apps/selfoss.nix`
174
175- `services/web-apps/quassel-webserver.nix`
176
177- `services/x11/unclutter-xfixes.nix`
178
179- `services/x11/urxvtd.nix`
180
181- `system/boot/systemd-nspawn.nix`
182
183- `virtualisation/ecs-agent.nix`
184
185- `virtualisation/lxcfs.nix`
186
187- `virtualisation/openstack/keystone.nix`
188
189- `virtualisation/openstack/glance.nix`
190
191## Backward Incompatibilities {#sec-release-17.03-incompatibilities}
192
193When upgrading from a previous release, please be aware of the following incompatible changes:
194
195- Derivations have no `.nativeDrv` nor `.crossDrv` and are now cross by default, not native.
196
197- `stdenv.overrides` is now expected to take `self` and `super` arguments. See `lib.trivial.extends` for what those parameters represent.
198
199- `ansible` now defaults to ansible version 2 as version 1 has been removed due to a serious [ vulnerability](https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt) unpatched by upstream.
200
201- `gnome` alias has been removed along with `gtk`, `gtkmm` and several others. Now you need to use versioned attributes, like `gnome3`.
202
203- The attribute name of the Radicale daemon has been changed from `pythonPackages.radicale` to `radicale`.
204
205- The `stripHash` bash function in `stdenv` changed according to its documentation; it now outputs the stripped name to `stdout` instead of putting it in the variable `strippedName`.
206
207- PHP now scans for extra configuration .ini files in /etc/php.d instead of /etc. This prevents accidentally loading non-PHP .ini files that may be in /etc.
208
209- Two lone top-level dict dbs moved into `dictdDBs`. This affects: `dictdWordnet` which is now at `dictdDBs.wordnet` and `dictdWiktionary` which is now at `dictdDBs.wiktionary`
210
211- Parsoid service now uses YAML configuration format. `service.parsoid.interwikis` is now called `service.parsoid.wikis` and is a list of either API URLs or attribute sets as specified in parsoid's documentation.
212
213- `Ntpd` was replaced by `systemd-timesyncd` as the default service to synchronize system time with a remote NTP server. The old behavior can be restored by setting `services.ntp.enable` to `true`. Upstream time servers for all NTP implementations are now configured using `networking.timeServers`.
214
215- `service.nylon` is now declared using named instances. As an example:
216
217  ```nix
218  {
219    services.nylon = {
220      enable = true;
221      acceptInterface = "br0";
222      bindInterface = "tun1";
223      port = 5912;
224    };
225  }
226  ```
227
228  should be replaced with:
229
230  ```nix
231  {
232    services.nylon.myvpn = {
233      enable = true;
234      acceptInterface = "br0";
235      bindInterface = "tun1";
236      port = 5912;
237    };
238  }
239  ```
240
241  this enables you to declare a SOCKS proxy for each uplink.
242
243- `overridePackages` function no longer exists. It is replaced by [ overlays](https://nixos.org/nixpkgs/manual/#sec-overlays-install). For example, the following code:
244
245  ```nix
246  let
247    pkgs = import <nixpkgs> {};
248  in
249    pkgs.overridePackages (self: super: { /* ... */ })
250  ```
251
252  should be replaced by:
253
254  ```nix
255  let
256    pkgs = import <nixpkgs> {};
257  in
258    import pkgs.path { overlays = [(self: super: { /* ... */ })]; }
259  ```
260
261- Autoloading connection tracking helpers is now disabled by default. This default was also changed in the Linux kernel and is considered insecure if not configured properly in your firewall. If you need connection tracking helpers (i.e. for active FTP) please enable `networking.firewall.autoLoadConntrackHelpers` and tune `networking.firewall.connectionTrackingModules` to suit your needs.
262
263- `local_recipient_maps` is not set to empty value by Postfix service. It's an insecure default as stated by Postfix documentation. Those who want to retain this setting need to set it via `services.postfix.extraConfig`.
264
265- Iputils no longer provide ping6 and traceroute6. The functionality of these tools has been integrated into ping and traceroute respectively. To enforce an address family the new flags `-4` and `-6` have been added. One notable incompatibility is that specifying an interface (for link-local IPv6 for instance) is no longer done with the `-I` flag, but by encoding the interface into the address (`ping fe80::1%eth0`).
266
267- The socket handling of the `services.rmilter` module has been fixed and refactored. As rmilter doesn't support binding to more than one socket, the options `bindUnixSockets` and `bindInetSockets` have been replaced by `services.rmilter.bindSocket.*`. The default is still a unix socket in `/run/rmilter/rmilter.sock`. Refer to the options documentation for more information.
268
269- The `fetch*` functions no longer support md5, please use sha256 instead.
270
271- The dnscrypt-proxy module interface has been streamlined around the `extraArgs` option. Where possible, legacy option declarations are mapped to `extraArgs` but will emit warnings. The `resolverList` has been outright removed: to use an unlisted resolver, use the `customResolver` option.
272
273- torbrowser now stores local state under `~/.local/share/tor-browser` by default. Any browser profile data from the old location, `~/.torbrowser4`, must be migrated manually.
274
275- The ihaskell, monetdb, offlineimap and sitecopy services have been removed.
276
277## Other Notable Changes {#sec-release-17.03-notable-changes}
278
279- Module type system have a new extensible option types feature that allow to extend certain types, such as enum, through multiple option declarations of the same option across multiple modules.
280
281- `jre` now defaults to GTK UI by default. This improves visual consistency and makes Java follow system font style, improving the situation on HighDPI displays. This has a cost of increased closure size; for server and other headless workloads it's recommended to use `jre_headless`.
282
283- Python 2.6 interpreter and package set have been removed.
284
285- The Python 2.7 interpreter does not use modules anymore. Instead, all CPython interpreters now include the whole standard library except for \`tkinter\`, which is available in the Python package set.
286
287- Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly. Minor modifications had to be made to the interpreters in order to generate deterministic bytecode. This has security implications and is relevant for those using Python in a `nix-shell`. See the Nixpkgs manual for details.
288
289- The Python package sets now use a fixed-point combinator and the sets are available as attributes of the interpreters.
290
291- The Python function `buildPythonPackage` has been improved and can be used to build from Setuptools source, Flit source, and precompiled Wheels.
292
293- When adding new or updating current Python libraries, the expressions should be put in separate files in `pkgs/development/python-modules` and called from `python-packages.nix`.
294
295- The dnscrypt-proxy service supports synchronizing the list of public resolvers without working DNS resolution. This fixes issues caused by the resolver list becoming outdated. It also improves the viability of DNSCrypt only configurations.
296
297- Containers using bridged networking no longer lose their connection after changes to the host networking.
298
299- ZFS supports pool auto scrubbing.
300
301- The bind DNS utilities (e.g. dig) have been split into their own output and are now also available in `pkgs.dnsutils` and it is no longer necessary to pull in all of `bind` to use them.
302
303- Per-user configuration was moved from `~/.nixpkgs` to `~/.config/nixpkgs`. The former is still valid for `config.nix` for backwards compatibility.