summary refs log tree commit diff
path: root/nixos/doc/manual/from_md/release-notes/rl-1609.section.xml
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes/rl-1609.section.xml')
-rw-r--r--nixos/doc/manual/from_md/release-notes/rl-1609.section.xml273
1 files changed, 273 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-1609.section.xml b/nixos/doc/manual/from_md/release-notes/rl-1609.section.xml
new file mode 100644
index 00000000000..0fba40a0e78
--- /dev/null
+++ b/nixos/doc/manual/from_md/release-notes/rl-1609.section.xml
@@ -0,0 +1,273 @@
+<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-16.09">
+  <title>Release 16.09 (<quote>Flounder</quote>, 2016/09/30)</title>
+  <para>
+    In addition to numerous new and upgraded packages, this release has
+    the following highlights:
+  </para>
+  <itemizedlist>
+    <listitem>
+      <para>
+        Many NixOS configurations and Nix packages now use significantly
+        less disk space, thanks to the
+        <link xlink:href="https://github.com/NixOS/nixpkgs/issues/7117">extensive
+        work on closure size reduction</link>. For example, the closure
+        size of a minimal NixOS container went down from ~424 MiB in
+        16.03 to ~212 MiB in 16.09, while the closure size of Firefox
+        went from ~651 MiB to ~259 MiB.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        To improve security, packages are now
+        <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12895">built
+        using various hardening features</link>. See the Nixpkgs manual
+        for more information.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Support for PXE netboot. See
+        <xref linkend="sec-booting-from-pxe" /> for documentation.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        X.org server 1.18. If you use the <literal>ati_unfree</literal>
+        driver, 1.17 is still used due to an ABI incompatibility.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        This release is based on Glibc 2.24, GCC 5.4.0 and systemd 231.
+        The default Linux kernel remains 4.4.
+      </para>
+    </listitem>
+  </itemizedlist>
+  <para>
+    The following new services were added since the last release:
+  </para>
+  <itemizedlist spacing="compact">
+    <listitem>
+      <para>
+        <literal>(this will get automatically generated at release time)</literal>
+      </para>
+    </listitem>
+  </itemizedlist>
+  <para>
+    When upgrading from a previous release, please be aware of the
+    following incompatible changes:
+  </para>
+  <itemizedlist>
+    <listitem>
+      <para>
+        A large number of packages have been converted to use the
+        multiple outputs feature of Nix to greatly reduce the amount of
+        required disk space, as mentioned above. This may require
+        changes to any custom packages to make them build again; see the
+        relevant chapter in the Nixpkgs manual for more information.
+        (Additional caveat to packagers: some packaging conventions
+        related to multiple-output packages
+        <link xlink:href="https://github.com/NixOS/nixpkgs/pull/14766">were
+        changed</link> late (August 2016) in the release cycle and
+        differ from the initial introduction of multiple outputs.)
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Previous versions of Nixpkgs had support for all versions of the
+        LTS Haskell package set. That support has been dropped. The
+        previously provided <literal>haskell.packages.lts-x_y</literal>
+        package sets still exist in name to aviod breaking user code,
+        but these package sets don't actually contain the versions
+        mandated by the corresponding LTS release. Instead, our package
+        set it loosely based on the latest available LTS release, i.e.
+        LTS 7.x at the time of this writing. New releases of NixOS and
+        Nixpkgs will drop those old names entirely.
+        <link xlink:href="https://nixos.org/nix-dev/2016-June/020585.html">The
+        motivation for this change</link> has been discussed at length
+        on the <literal>nix-dev</literal> mailing list and in
+        <link xlink:href="https://github.com/NixOS/nixpkgs/issues/14897">Github
+        issue #14897</link>. Development strategies for Haskell hackers
+        who want to rely on Nix and NixOS have been described in
+        <link xlink:href="https://nixos.org/nix-dev/2016-June/020642.html">another
+        nix-dev article</link>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Shell aliases for systemd sub-commands
+        <link xlink:href="https://github.com/NixOS/nixpkgs/pull/15598">were
+        dropped</link>: <literal>start</literal>,
+        <literal>stop</literal>, <literal>restart</literal>,
+        <literal>status</literal>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Redis now binds to 127.0.0.1 only instead of listening to all
+        network interfaces. This is the default behavior of Redis 3.2
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>/var/empty</literal> is now immutable. Activation
+        script runs <literal>chattr +i</literal> to forbid any
+        modifications inside the folder. See
+        <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18365">
+        the pull request</link> for what bugs this caused.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Gitlab's maintainance script <literal>gitlab-runner</literal>
+        was removed and split up into the more clearer
+        <literal>gitlab-run</literal> and <literal>gitlab-rake</literal>
+        scripts, because <literal>gitlab-runner</literal> is a component
+        of Gitlab CI.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services.xserver.libinput.accelProfile</literal>
+        default changed from <literal>flat</literal> to
+        <literal>adaptive</literal>, as per
+        <link xlink:href="https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79">
+        official documentation</link>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>fonts.fontconfig.ultimate.rendering</literal> was
+        removed because our presets were obsolete for some time. New
+        presets are hardcoded into FreeType; you can select a preset via
+        <literal>fonts.fontconfig.ultimate.preset</literal>. You can
+        customize those presets via ordinary environment variables,
+        using <literal>environment.variables</literal>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        The <literal>audit</literal> service is no longer enabled by
+        default. Use <literal>security.audit.enable = true</literal> to
+        explicitly enable it.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>pkgs.linuxPackages.virtualbox</literal> now contains
+        only the kernel modules instead of the VirtualBox user space
+        binaries. If you want to reference the user space binaries, you
+        have to use the new <literal>pkgs.virtualbox</literal> instead.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>goPackages</literal> was replaced with separated Go
+        applications in appropriate <literal>nixpkgs</literal>
+        categories. Each Go package uses its own dependency set. There's
+        also a new <literal>go2nix</literal> tool introduced to generate
+        a Go package definition from its Go source automatically.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services.mongodb.extraConfig</literal> configuration
+        format was changed to YAML.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        PHP has been upgraded to 7.0
+      </para>
+    </listitem>
+  </itemizedlist>
+  <para>
+    Other notable improvements:
+  </para>
+  <itemizedlist>
+    <listitem>
+      <para>
+        Revamped grsecurity/PaX support. There is now only a single
+        general-purpose distribution kernel and the configuration
+        interface has been streamlined. Desktop users should be able to
+        simply set
+      </para>
+      <programlisting language="bash">
+{
+  security.grsecurity.enable = true;
+}
+</programlisting>
+      <para>
+        to get a reasonably secure system without having to sacrifice
+        too much functionality.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Special filesystems, like <literal>/proc</literal>,
+        <literal>/run</literal> and others, now have the same mount
+        options as recommended by systemd and are unified across
+        different places in NixOS. Mount options are updated during
+        <literal>nixos-rebuild switch</literal> if possible. One benefit
+        from this is improved security — most such filesystems are now
+        mounted with <literal>noexec</literal>, <literal>nodev</literal>
+        and/or <literal>nosuid</literal> options.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        The reverse path filter was interfering with DHCPv4 server
+        operation in the past. An exception for DHCPv4 and a new option
+        to log packets that were dropped due to the reverse path filter
+        was added
+        (<literal>networking.firewall.logReversePathDrops</literal>) for
+        easier debugging.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Containers configuration within
+        <literal>containers.&lt;name&gt;.config</literal> is
+        <link xlink:href="https://github.com/NixOS/nixpkgs/pull/17365">now
+        properly typed and checked</link>. In particular, partial
+        configurations are merged correctly.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        The directory container setuid wrapper programs,
+        <literal>/var/setuid-wrappers</literal>,
+        <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18124">is
+        now updated atomically to prevent failures if the switch to a
+        new configuration is interrupted.</link>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <literal>services.xserver.startGnuPGAgent</literal> has been
+        removed due to GnuPG 2.1.x bump. See
+        <link xlink:href="https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c">
+        how to achieve similar behavior</link>. You might need to
+        <literal>pkill gpg-agent</literal> after the upgrade to prevent
+        a stale agent being in the way.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        <link xlink:href="https://github.com/NixOS/nixpkgs/commit/e561edc322d275c3687fec431935095cfc717147">
+        Declarative users could share the uid due to the bug in the
+        script handling conflict resolution. </link>
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Gummi boot has been replaced using systemd-boot.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Hydra package and NixOS module were added for convenience.
+      </para>
+    </listitem>
+  </itemizedlist>
+</section>