summary refs log tree commit diff
path: root/nixos/doc/manual/from_md/release-notes/rl-1603.section.xml
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes/rl-1603.section.xml')
-rw-r--r--nixos/doc/manual/from_md/release-notes/rl-1603.section.xml695
1 files changed, 695 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-1603.section.xml b/nixos/doc/manual/from_md/release-notes/rl-1603.section.xml
new file mode 100644
index 00000000000..172b800b599
--- /dev/null
+++ b/nixos/doc/manual/from_md/release-notes/rl-1603.section.xml
@@ -0,0 +1,695 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-16.03">
+  <title>Release 16.03 (<quote>Emu</quote>, 2016/03/31)</title>
+  <para>
+    In addition to numerous new and upgraded packages, this release has
+    the following highlights:
+  </para>
+  <itemizedlist>
+    <listitem>
+      <para>
+        Systemd 229, bringing
+        <link xlink:href="https://github.com/systemd/systemd/blob/v229/NEWS">numerous
+        improvements</link> over 217.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Linux 4.4 (was 3.18).
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        GCC 5.3 (was 4.9). Note that GCC 5
+        <link xlink:href="https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html">changes
+        the C++ ABI in an incompatible way</link>; this may cause
+        problems if you try to link objects compiled with different
+        versions of GCC.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Glibc 2.23 (was 2.21).
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Binutils 2.26 (was 2.23.1). See #909
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Improved support for ensuring
+        <link xlink:href="https://reproducible-builds.org/">bitwise
+        reproducible builds</link>. For example,
+        <literal>stdenv</literal> now sets the environment variable
+        <literal>SOURCE_DATE_EPOCH</literal> to a deterministic value,
+        and Nix has
+        <link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-1.11">gained
+        an option</link> to repeat a build a number of times to test
+        determinism. An ongoing project, the goal of exact
+        reproducibility is to allow binaries to be verified
+        independently (e.g., a user might only trust binaries that
+        appear in three independent binary caches).
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Perl 5.22.
+      </para>
+    </listitem>
+  </itemizedlist>
+  <para>
+    The following new services were added since the last release:
+  </para>
+  <itemizedlist>
+    <listitem>
+      <para>
+        <literal>services/monitoring/longview.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>hardware/video/webcam/facetimehd.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>i18n/input-method/default.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>i18n/input-method/fcitx.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>i18n/input-method/ibus.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>i18n/input-method/nabi.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>i18n/input-method/uim.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>programs/fish.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>security/acme.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>security/audit.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>security/oath.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/hardware/irqbalance.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/mail/dspam.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/mail/opendkim.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/mail/postsrsd.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/mail/rspamd.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/mail/rmilter.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/misc/autofs.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/misc/bepasty.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/misc/calibre-server.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/misc/cfdyndns.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/misc/gammu-smsd.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/misc/mathics.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/misc/matrix-synapse.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/misc/octoprint.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/monitoring/hdaps.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/monitoring/heapster.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/monitoring/longview.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/network-filesystems/netatalk.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/network-filesystems/xtreemfs.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/networking/autossh.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/networking/dnschain.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/networking/gale.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/networking/miniupnpd.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/networking/namecoind.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/networking/ostinato.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/networking/pdnsd.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/networking/shairport-sync.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/networking/supplicant.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/search/kibana.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/security/haka.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/security/physlock.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/web-apps/pump.io.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/x11/hardware/libinput.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services/x11/window-managers/windowlab.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>system/boot/initrd-network.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>system/boot/initrd-ssh.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>system/boot/loader/loader.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>system/boot/networkd.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>system/boot/resolved.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>virtualisation/lxd.nix</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>virtualisation/rkt.nix</literal>
+      </para>
+    </listitem>
+  </itemizedlist>
+  <para>
+    When upgrading from a previous release, please be aware of the
+    following incompatible changes:
+  </para>
+  <itemizedlist>
+    <listitem>
+      <para>
+        We no longer produce graphical ISO images and VirtualBox images
+        for <literal>i686-linux</literal>. A minimal ISO image is still
+        provided.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Firefox and similar browsers are now <emphasis>wrapped by
+        default</emphasis>. The package and attribute names are plain
+        <literal>firefox</literal> or <literal>midori</literal>, etc.
+        Backward-compatibility attributes were set up, but note that
+        <literal>nix-env -u</literal> will <emphasis>not</emphasis>
+        update your current <literal>firefox-with-plugins</literal>; you
+        have to uninstall it and install <literal>firefox</literal>
+        instead.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>wmiiSnap</literal> has been replaced with
+        <literal>wmii_hg</literal>, but
+        <literal>services.xserver.windowManager.wmii.enable</literal>
+        has been updated respectively so this only affects you if you
+        have explicitly installed <literal>wmiiSnap</literal>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>jobs</literal> NixOS option has been removed. It served
+        as compatibility layer between Upstart jobs and SystemD
+        services. All services have been rewritten to use
+        <literal>systemd.services</literal>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>wmiimenu</literal> is removed, as it has been removed
+        by the developers upstream. Use <literal>wimenu</literal> from
+        the <literal>wmii-hg</literal> package.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Gitit is no longer automatically added to the module list in
+        NixOS and as such there will not be any manual entries for it.
+        You will need to add an import statement to your NixOS
+        configuration in order to use it, e.g.
+      </para>
+      <programlisting language="bash">
+{
+  imports = [ &lt;nixpkgs/nixos/modules/services/misc/gitit.nix&gt; ];
+}
+</programlisting>
+      <para>
+        will include the Gitit service configuration options.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>nginx</literal> does not accept flags for enabling and
+        disabling modules anymore. Instead it accepts
+        <literal>modules</literal> argument, which is a list of modules
+        to be built in. All modules now reside in
+        <literal>nginxModules</literal> set. Example configuration:
+      </para>
+      <programlisting language="bash">
+nginx.override {
+  modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
+}
+</programlisting>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>s3sync</literal> is removed, as it hasn't been
+        developed by upstream for 4 years and only runs with ruby 1.8.
+        For an actively-developer alternative look at
+        <literal>tarsnap</literal> and others.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>ruby_1_8</literal> has been removed as it's not
+        supported from upstream anymore and probably contains security
+        issues.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>tidy-html5</literal> package is removed. Upstream only
+        provided <literal>(lib)tidy5</literal> during development, and
+        now they went back to <literal>(lib)tidy</literal> to work as a
+        drop-in replacement of the original package that has been
+        unmaintained for years. You can (still) use the
+        <literal>html-tidy</literal> package, which got updated to a
+        stable release from this new upstream.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>extraDeviceOptions</literal> argument is removed from
+        <literal>bumblebee</literal> package. Instead there are now two
+        separate arguments: <literal>extraNvidiaDeviceOptions</literal>
+        and <literal>extraNouveauDeviceOptions</literal> for setting
+        extra X11 options for nvidia and nouveau drivers, respectively.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        The <literal>Ctrl+Alt+Backspace</literal> key combination no
+        longer kills the X server by default. There's a new option
+        <literal>services.xserver.enableCtrlAltBackspace</literal>
+        allowing to enable the combination again.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>emacsPackagesNg</literal> now contains all packages
+        from the ELPA, MELPA, and MELPA Stable repositories.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Data directory for Postfix MTA server is moved from
+        <literal>/var/postfix</literal> to
+        <literal>/var/lib/postfix</literal>. Old configurations are
+        migrated automatically. <literal>service.postfix</literal>
+        module has also received many improvements, such as correct
+        directories' access rights, new <literal>aliasFiles</literal>
+        and <literal>mapFiles</literal> options and more.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Filesystem options should now be configured as a list of
+        strings, not a comma-separated string. The old style will
+        continue to work, but print a warning, until the 16.09 release.
+        An example of the new style:
+      </para>
+      <programlisting language="bash">
+{
+  fileSystems.&quot;/example&quot; = {
+    device = &quot;/dev/sdc&quot;;
+    fsType = &quot;btrfs&quot;;
+    options = [ &quot;noatime&quot; &quot;compress=lzo&quot; &quot;space_cache&quot; &quot;autodefrag&quot; ];
+  };
+}
+</programlisting>
+    </listitem>
+    <listitem>
+      <para>
+        CUPS, installed by <literal>services.printing</literal> module,
+        now has its data directory in <literal>/var/lib/cups</literal>.
+        Old configurations from <literal>/etc/cups</literal> are moved
+        there automatically, but there might be problems. Also
+        configuration options
+        <literal>services.printing.cupsdConf</literal> and
+        <literal>services.printing.cupsdFilesConf</literal> were removed
+        because they had been allowing one to override configuration
+        variables required for CUPS to work at all on NixOS. For most
+        use cases, <literal>services.printing.extraConf</literal> and
+        new option <literal>services.printing.extraFilesConf</literal>
+        should be enough; if you encounter a situation when they are
+        not, please file a bug.
+      </para>
+      <para>
+        There are also Gutenprint improvements; in particular, a new
+        option <literal>services.printing.gutenprint</literal> is added
+        to enable automatic updating of Gutenprint PPMs; it's greatly
+        recommended to enable it instead of adding
+        <literal>gutenprint</literal> to the <literal>drivers</literal>
+        list.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services.xserver.vaapiDrivers</literal> has been
+        removed. Use
+        <literal>hardware.opengl.extraPackages{,32}</literal> instead.
+        You can also specify VDPAU drivers there.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>programs.ibus</literal> moved to
+        <literal>i18n.inputMethod.ibus</literal>. The option
+        <literal>programs.ibus.plugins</literal> changed to
+        <literal>i18n.inputMethod.ibus.engines</literal> and the option
+        to enable ibus changed from
+        <literal>programs.ibus.enable</literal> to
+        <literal>i18n.inputMethod.enabled</literal>.
+        <literal>i18n.inputMethod.enabled</literal> should be set to the
+        used input method name, <literal>&quot;ibus&quot;</literal> for
+        ibus. An example of the new style:
+      </para>
+      <programlisting language="bash">
+{
+  i18n.inputMethod.enabled = &quot;ibus&quot;;
+  i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ];
+}
+</programlisting>
+      <para>
+        That is equivalent to the old version:
+      </para>
+      <programlisting language="bash">
+{
+  programs.ibus.enable = true;
+  programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ];
+}
+</programlisting>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services.udev.extraRules</literal> option now writes
+        rules to <literal>99-local.rules</literal> instead of
+        <literal>10-local.rules</literal>. This makes all the user rules
+        apply after others, so their results wouldn't be overriden by
+        anything else.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Large parts of the <literal>services.gitlab</literal> module has
+        been been rewritten. There are new configuration options
+        available. The <literal>stateDir</literal> option was renamned
+        to <literal>statePath</literal> and the
+        <literal>satellitesDir</literal> option was removed. Please
+        review the currently available options.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        The option
+        <literal>services.nsd.zones.&lt;name&gt;.data</literal> no
+        longer interpret the dollar sign ($) as a shell variable, as
+        such it should not be escaped anymore. Thus the following zone
+        data:
+      </para>
+      <programlisting>
+$ORIGIN example.com.
+$TTL 1800
+@       IN      SOA     ns1.vpn.nbp.name.      admin.example.com. (
+</programlisting>
+      <para>
+        Should modified to look like the actual file expected by nsd:
+      </para>
+      <programlisting>
+$ORIGIN example.com.
+$TTL 1800
+@       IN      SOA     ns1.vpn.nbp.name.      admin.example.com. (
+</programlisting>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>service.syncthing.dataDir</literal> options now has to
+        point to exact folder where syncthing is writing to. Example
+        configuration should look something like:
+      </para>
+      <programlisting language="bash">
+{
+  services.syncthing = {
+      enable = true;
+      dataDir = &quot;/home/somebody/.syncthing&quot;;
+      user = &quot;somebody&quot;;
+  };
+}
+</programlisting>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>networking.firewall.allowPing</literal> is now enabled
+        by default. Users are encouraged to configure an appropriate
+        rate limit for their machines using the Kernel interface at
+        <literal>/proc/sys/net/ipv4/icmp_ratelimit</literal> and
+        <literal>/proc/sys/net/ipv6/icmp/ratelimit</literal> or using
+        the firewall itself, i.e. by setting the NixOS option
+        <literal>networking.firewall.pingLimit</literal>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Systems with some broadcom cards used to result into a generated
+        config that is no longer accepted. If you get errors like
+      </para>
+      <programlisting>
+error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created
+</programlisting>
+      <para>
+        you should either re-run
+        <literal>nixos-generate-config</literal> or manually replace
+        <literal>&quot;${config.boot.kernelPackages.broadcom_sta}&quot;</literal>
+        by <literal>config.boot.kernelPackages.broadcom_sta</literal> in
+        your <literal>/etc/nixos/hardware-configuration.nix</literal>.
+        More discussion is on
+        <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12595">
+        the github issue</link>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        The <literal>services.xserver.startGnuPGAgent</literal> option
+        has been removed. GnuPG 2.1.x changed the way the gpg-agent
+        works, and that new approach no longer requires (or even
+        supports) the &quot;start everything as a child of the
+        agent&quot; scheme we've implemented in NixOS for older
+        versions. To configure the gpg-agent for your X session, add the
+        following code to <literal>~/.bashrc</literal> or some file
+        that’s sourced when your shell is started:
+      </para>
+      <programlisting>
+GPG_TTY=$(tty)
+export GPG_TTY
+</programlisting>
+      <para>
+        If you want to use gpg-agent for SSH, too, add the following to
+        your session initialization (e.g.
+        <literal>displayManager.sessionCommands</literal>)
+      </para>
+      <programlisting>
+    gpg-connect-agent /bye
+    unset SSH_AGENT_PID
+    export SSH_AUTH_SOCK=&quot;''${HOME}/.gnupg/S.gpg-agent.ssh&quot;
+</programlisting>
+      <para>
+        and make sure that
+      </para>
+      <programlisting>
+    enable-ssh-support
+</programlisting>
+      <para>
+        is included in your <literal>~/.gnupg/gpg-agent.conf</literal>.
+        You will need to use <literal>ssh-add</literal> to re-add your
+        ssh keys. If gpg’s automatic transformation of the private keys
+        to the new format fails, you will need to re-import your private
+        keyring as well:
+      </para>
+      <programlisting>
+    gpg --import ~/.gnupg/secring.gpg
+</programlisting>
+      <para>
+        The <literal>gpg-agent(1)</literal> man page has more details
+        about this subject, i.e. in the &quot;EXAMPLES&quot; section.
+      </para>
+    </listitem>
+  </itemizedlist>
+  <para>
+    Other notable improvements:
+  </para>
+  <itemizedlist>
+    <listitem>
+      <para>
+        <literal>ejabberd</literal> module is brought back and now works
+        on NixOS.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Input method support was improved. New NixOS modules (fcitx,
+        nabi and uim), fcitx engines (chewing, hangul, m17n, mozc and
+        table-other) and ibus engines (hangul and m17n) have been added.
+      </para>
+    </listitem>
+  </itemizedlist>
+</section>