diff options
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes/rl-1603.section.xml')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-1603.section.xml | 695 |
1 files changed, 695 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-1603.section.xml b/nixos/doc/manual/from_md/release-notes/rl-1603.section.xml new file mode 100644 index 00000000000..172b800b599 --- /dev/null +++ b/nixos/doc/manual/from_md/release-notes/rl-1603.section.xml @@ -0,0 +1,695 @@ +<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-16.03"> + <title>Release 16.03 (<quote>Emu</quote>, 2016/03/31)</title> + <para> + In addition to numerous new and upgraded packages, this release has + the following highlights: + </para> + <itemizedlist> + <listitem> + <para> + Systemd 229, bringing + <link xlink:href="https://github.com/systemd/systemd/blob/v229/NEWS">numerous + improvements</link> over 217. + </para> + </listitem> + <listitem> + <para> + Linux 4.4 (was 3.18). + </para> + </listitem> + <listitem> + <para> + GCC 5.3 (was 4.9). Note that GCC 5 + <link xlink:href="https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html">changes + the C++ ABI in an incompatible way</link>; this may cause + problems if you try to link objects compiled with different + versions of GCC. + </para> + </listitem> + <listitem> + <para> + Glibc 2.23 (was 2.21). + </para> + </listitem> + <listitem> + <para> + Binutils 2.26 (was 2.23.1). See #909 + </para> + </listitem> + <listitem> + <para> + Improved support for ensuring + <link xlink:href="https://reproducible-builds.org/">bitwise + reproducible builds</link>. For example, + <literal>stdenv</literal> now sets the environment variable + <literal>SOURCE_DATE_EPOCH</literal> to a deterministic value, + and Nix has + <link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-1.11">gained + an option</link> to repeat a build a number of times to test + determinism. An ongoing project, the goal of exact + reproducibility is to allow binaries to be verified + independently (e.g., a user might only trust binaries that + appear in three independent binary caches). + </para> + </listitem> + <listitem> + <para> + Perl 5.22. + </para> + </listitem> + </itemizedlist> + <para> + The following new services were added since the last release: + </para> + <itemizedlist> + <listitem> + <para> + <literal>services/monitoring/longview.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>hardware/video/webcam/facetimehd.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>i18n/input-method/default.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>i18n/input-method/fcitx.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>i18n/input-method/ibus.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>i18n/input-method/nabi.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>i18n/input-method/uim.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>programs/fish.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>security/acme.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>security/audit.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>security/oath.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/hardware/irqbalance.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/mail/dspam.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/mail/opendkim.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/mail/postsrsd.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/mail/rspamd.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/mail/rmilter.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/misc/autofs.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/misc/bepasty.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/misc/calibre-server.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/misc/cfdyndns.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/misc/gammu-smsd.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/misc/mathics.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/misc/matrix-synapse.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/misc/octoprint.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/monitoring/hdaps.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/monitoring/heapster.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/monitoring/longview.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/network-filesystems/netatalk.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/network-filesystems/xtreemfs.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/networking/autossh.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/networking/dnschain.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/networking/gale.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/networking/miniupnpd.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/networking/namecoind.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/networking/ostinato.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/networking/pdnsd.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/networking/shairport-sync.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/networking/supplicant.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/search/kibana.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/security/haka.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/security/physlock.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/web-apps/pump.io.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/x11/hardware/libinput.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>services/x11/window-managers/windowlab.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>system/boot/initrd-network.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>system/boot/initrd-ssh.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>system/boot/loader/loader.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>system/boot/networkd.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>system/boot/resolved.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>virtualisation/lxd.nix</literal> + </para> + </listitem> + <listitem> + <para> + <literal>virtualisation/rkt.nix</literal> + </para> + </listitem> + </itemizedlist> + <para> + When upgrading from a previous release, please be aware of the + following incompatible changes: + </para> + <itemizedlist> + <listitem> + <para> + We no longer produce graphical ISO images and VirtualBox images + for <literal>i686-linux</literal>. A minimal ISO image is still + provided. + </para> + </listitem> + <listitem> + <para> + Firefox and similar browsers are now <emphasis>wrapped by + default</emphasis>. The package and attribute names are plain + <literal>firefox</literal> or <literal>midori</literal>, etc. + Backward-compatibility attributes were set up, but note that + <literal>nix-env -u</literal> will <emphasis>not</emphasis> + update your current <literal>firefox-with-plugins</literal>; you + have to uninstall it and install <literal>firefox</literal> + instead. + </para> + </listitem> + <listitem> + <para> + <literal>wmiiSnap</literal> has been replaced with + <literal>wmii_hg</literal>, but + <literal>services.xserver.windowManager.wmii.enable</literal> + has been updated respectively so this only affects you if you + have explicitly installed <literal>wmiiSnap</literal>. + </para> + </listitem> + <listitem> + <para> + <literal>jobs</literal> NixOS option has been removed. It served + as compatibility layer between Upstart jobs and SystemD + services. All services have been rewritten to use + <literal>systemd.services</literal> + </para> + </listitem> + <listitem> + <para> + <literal>wmiimenu</literal> is removed, as it has been removed + by the developers upstream. Use <literal>wimenu</literal> from + the <literal>wmii-hg</literal> package. + </para> + </listitem> + <listitem> + <para> + Gitit is no longer automatically added to the module list in + NixOS and as such there will not be any manual entries for it. + You will need to add an import statement to your NixOS + configuration in order to use it, e.g. + </para> + <programlisting language="bash"> +{ + imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ]; +} +</programlisting> + <para> + will include the Gitit service configuration options. + </para> + </listitem> + <listitem> + <para> + <literal>nginx</literal> does not accept flags for enabling and + disabling modules anymore. Instead it accepts + <literal>modules</literal> argument, which is a list of modules + to be built in. All modules now reside in + <literal>nginxModules</literal> set. Example configuration: + </para> + <programlisting language="bash"> +nginx.override { + modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ]; +} +</programlisting> + </listitem> + <listitem> + <para> + <literal>s3sync</literal> is removed, as it hasn't been + developed by upstream for 4 years and only runs with ruby 1.8. + For an actively-developer alternative look at + <literal>tarsnap</literal> and others. + </para> + </listitem> + <listitem> + <para> + <literal>ruby_1_8</literal> has been removed as it's not + supported from upstream anymore and probably contains security + issues. + </para> + </listitem> + <listitem> + <para> + <literal>tidy-html5</literal> package is removed. Upstream only + provided <literal>(lib)tidy5</literal> during development, and + now they went back to <literal>(lib)tidy</literal> to work as a + drop-in replacement of the original package that has been + unmaintained for years. You can (still) use the + <literal>html-tidy</literal> package, which got updated to a + stable release from this new upstream. + </para> + </listitem> + <listitem> + <para> + <literal>extraDeviceOptions</literal> argument is removed from + <literal>bumblebee</literal> package. Instead there are now two + separate arguments: <literal>extraNvidiaDeviceOptions</literal> + and <literal>extraNouveauDeviceOptions</literal> for setting + extra X11 options for nvidia and nouveau drivers, respectively. + </para> + </listitem> + <listitem> + <para> + The <literal>Ctrl+Alt+Backspace</literal> key combination no + longer kills the X server by default. There's a new option + <literal>services.xserver.enableCtrlAltBackspace</literal> + allowing to enable the combination again. + </para> + </listitem> + <listitem> + <para> + <literal>emacsPackagesNg</literal> now contains all packages + from the ELPA, MELPA, and MELPA Stable repositories. + </para> + </listitem> + <listitem> + <para> + Data directory for Postfix MTA server is moved from + <literal>/var/postfix</literal> to + <literal>/var/lib/postfix</literal>. Old configurations are + migrated automatically. <literal>service.postfix</literal> + module has also received many improvements, such as correct + directories' access rights, new <literal>aliasFiles</literal> + and <literal>mapFiles</literal> options and more. + </para> + </listitem> + <listitem> + <para> + Filesystem options should now be configured as a list of + strings, not a comma-separated string. The old style will + continue to work, but print a warning, until the 16.09 release. + An example of the new style: + </para> + <programlisting language="bash"> +{ + fileSystems."/example" = { + device = "/dev/sdc"; + fsType = "btrfs"; + options = [ "noatime" "compress=lzo" "space_cache" "autodefrag" ]; + }; +} +</programlisting> + </listitem> + <listitem> + <para> + CUPS, installed by <literal>services.printing</literal> module, + now has its data directory in <literal>/var/lib/cups</literal>. + Old configurations from <literal>/etc/cups</literal> are moved + there automatically, but there might be problems. Also + configuration options + <literal>services.printing.cupsdConf</literal> and + <literal>services.printing.cupsdFilesConf</literal> were removed + because they had been allowing one to override configuration + variables required for CUPS to work at all on NixOS. For most + use cases, <literal>services.printing.extraConf</literal> and + new option <literal>services.printing.extraFilesConf</literal> + should be enough; if you encounter a situation when they are + not, please file a bug. + </para> + <para> + There are also Gutenprint improvements; in particular, a new + option <literal>services.printing.gutenprint</literal> is added + to enable automatic updating of Gutenprint PPMs; it's greatly + recommended to enable it instead of adding + <literal>gutenprint</literal> to the <literal>drivers</literal> + list. + </para> + </listitem> + <listitem> + <para> + <literal>services.xserver.vaapiDrivers</literal> has been + removed. Use + <literal>hardware.opengl.extraPackages{,32}</literal> instead. + You can also specify VDPAU drivers there. + </para> + </listitem> + <listitem> + <para> + <literal>programs.ibus</literal> moved to + <literal>i18n.inputMethod.ibus</literal>. The option + <literal>programs.ibus.plugins</literal> changed to + <literal>i18n.inputMethod.ibus.engines</literal> and the option + to enable ibus changed from + <literal>programs.ibus.enable</literal> to + <literal>i18n.inputMethod.enabled</literal>. + <literal>i18n.inputMethod.enabled</literal> should be set to the + used input method name, <literal>"ibus"</literal> for + ibus. An example of the new style: + </para> + <programlisting language="bash"> +{ + i18n.inputMethod.enabled = "ibus"; + i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ]; +} +</programlisting> + <para> + That is equivalent to the old version: + </para> + <programlisting language="bash"> +{ + programs.ibus.enable = true; + programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ]; +} +</programlisting> + </listitem> + <listitem> + <para> + <literal>services.udev.extraRules</literal> option now writes + rules to <literal>99-local.rules</literal> instead of + <literal>10-local.rules</literal>. This makes all the user rules + apply after others, so their results wouldn't be overriden by + anything else. + </para> + </listitem> + <listitem> + <para> + Large parts of the <literal>services.gitlab</literal> module has + been been rewritten. There are new configuration options + available. The <literal>stateDir</literal> option was renamned + to <literal>statePath</literal> and the + <literal>satellitesDir</literal> option was removed. Please + review the currently available options. + </para> + </listitem> + <listitem> + <para> + The option + <literal>services.nsd.zones.<name>.data</literal> no + longer interpret the dollar sign ($) as a shell variable, as + such it should not be escaped anymore. Thus the following zone + data: + </para> + <programlisting> +$ORIGIN example.com. +$TTL 1800 +@ IN SOA ns1.vpn.nbp.name. admin.example.com. ( +</programlisting> + <para> + Should modified to look like the actual file expected by nsd: + </para> + <programlisting> +$ORIGIN example.com. +$TTL 1800 +@ IN SOA ns1.vpn.nbp.name. admin.example.com. ( +</programlisting> + </listitem> + <listitem> + <para> + <literal>service.syncthing.dataDir</literal> options now has to + point to exact folder where syncthing is writing to. Example + configuration should look something like: + </para> + <programlisting language="bash"> +{ + services.syncthing = { + enable = true; + dataDir = "/home/somebody/.syncthing"; + user = "somebody"; + }; +} +</programlisting> + </listitem> + <listitem> + <para> + <literal>networking.firewall.allowPing</literal> is now enabled + by default. Users are encouraged to configure an appropriate + rate limit for their machines using the Kernel interface at + <literal>/proc/sys/net/ipv4/icmp_ratelimit</literal> and + <literal>/proc/sys/net/ipv6/icmp/ratelimit</literal> or using + the firewall itself, i.e. by setting the NixOS option + <literal>networking.firewall.pingLimit</literal>. + </para> + </listitem> + <listitem> + <para> + Systems with some broadcom cards used to result into a generated + config that is no longer accepted. If you get errors like + </para> + <programlisting> +error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created +</programlisting> + <para> + you should either re-run + <literal>nixos-generate-config</literal> or manually replace + <literal>"${config.boot.kernelPackages.broadcom_sta}"</literal> + by <literal>config.boot.kernelPackages.broadcom_sta</literal> in + your <literal>/etc/nixos/hardware-configuration.nix</literal>. + More discussion is on + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12595"> + the github issue</link>. + </para> + </listitem> + <listitem> + <para> + The <literal>services.xserver.startGnuPGAgent</literal> option + has been removed. GnuPG 2.1.x changed the way the gpg-agent + works, and that new approach no longer requires (or even + supports) the "start everything as a child of the + agent" scheme we've implemented in NixOS for older + versions. To configure the gpg-agent for your X session, add the + following code to <literal>~/.bashrc</literal> or some file + that’s sourced when your shell is started: + </para> + <programlisting> +GPG_TTY=$(tty) +export GPG_TTY +</programlisting> + <para> + If you want to use gpg-agent for SSH, too, add the following to + your session initialization (e.g. + <literal>displayManager.sessionCommands</literal>) + </para> + <programlisting> + gpg-connect-agent /bye + unset SSH_AGENT_PID + export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh" +</programlisting> + <para> + and make sure that + </para> + <programlisting> + enable-ssh-support +</programlisting> + <para> + is included in your <literal>~/.gnupg/gpg-agent.conf</literal>. + You will need to use <literal>ssh-add</literal> to re-add your + ssh keys. If gpg’s automatic transformation of the private keys + to the new format fails, you will need to re-import your private + keyring as well: + </para> + <programlisting> + gpg --import ~/.gnupg/secring.gpg +</programlisting> + <para> + The <literal>gpg-agent(1)</literal> man page has more details + about this subject, i.e. in the "EXAMPLES" section. + </para> + </listitem> + </itemizedlist> + <para> + Other notable improvements: + </para> + <itemizedlist> + <listitem> + <para> + <literal>ejabberd</literal> module is brought back and now works + on NixOS. + </para> + </listitem> + <listitem> + <para> + Input method support was improved. New NixOS modules (fcitx, + nabi and uim), fcitx engines (chewing, hangul, m17n, mozc and + table-other) and ibus engines (hangul and m17n) have been added. + </para> + </listitem> + </itemizedlist> +</section> |