diff options
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes/rl-1609.section.xml')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-1609.section.xml | 273 |
1 files changed, 273 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-1609.section.xml b/nixos/doc/manual/from_md/release-notes/rl-1609.section.xml new file mode 100644 index 00000000000..0fba40a0e78 --- /dev/null +++ b/nixos/doc/manual/from_md/release-notes/rl-1609.section.xml @@ -0,0 +1,273 @@ +<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-release-16.09"> + <title>Release 16.09 (<quote>Flounder</quote>, 2016/09/30)</title> + <para> + In addition to numerous new and upgraded packages, this release has + the following highlights: + </para> + <itemizedlist> + <listitem> + <para> + Many NixOS configurations and Nix packages now use significantly + less disk space, thanks to the + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/7117">extensive + work on closure size reduction</link>. For example, the closure + size of a minimal NixOS container went down from ~424 MiB in + 16.03 to ~212 MiB in 16.09, while the closure size of Firefox + went from ~651 MiB to ~259 MiB. + </para> + </listitem> + <listitem> + <para> + To improve security, packages are now + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12895">built + using various hardening features</link>. See the Nixpkgs manual + for more information. + </para> + </listitem> + <listitem> + <para> + Support for PXE netboot. See + <xref linkend="sec-booting-from-pxe" /> for documentation. + </para> + </listitem> + <listitem> + <para> + X.org server 1.18. If you use the <literal>ati_unfree</literal> + driver, 1.17 is still used due to an ABI incompatibility. + </para> + </listitem> + <listitem> + <para> + This release is based on Glibc 2.24, GCC 5.4.0 and systemd 231. + The default Linux kernel remains 4.4. + </para> + </listitem> + </itemizedlist> + <para> + The following new services were added since the last release: + </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + <literal>(this will get automatically generated at release time)</literal> + </para> + </listitem> + </itemizedlist> + <para> + When upgrading from a previous release, please be aware of the + following incompatible changes: + </para> + <itemizedlist> + <listitem> + <para> + A large number of packages have been converted to use the + multiple outputs feature of Nix to greatly reduce the amount of + required disk space, as mentioned above. This may require + changes to any custom packages to make them build again; see the + relevant chapter in the Nixpkgs manual for more information. + (Additional caveat to packagers: some packaging conventions + related to multiple-output packages + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/14766">were + changed</link> late (August 2016) in the release cycle and + differ from the initial introduction of multiple outputs.) + </para> + </listitem> + <listitem> + <para> + Previous versions of Nixpkgs had support for all versions of the + LTS Haskell package set. That support has been dropped. The + previously provided <literal>haskell.packages.lts-x_y</literal> + package sets still exist in name to aviod breaking user code, + but these package sets don't actually contain the versions + mandated by the corresponding LTS release. Instead, our package + set it loosely based on the latest available LTS release, i.e. + LTS 7.x at the time of this writing. New releases of NixOS and + Nixpkgs will drop those old names entirely. + <link xlink:href="https://nixos.org/nix-dev/2016-June/020585.html">The + motivation for this change</link> has been discussed at length + on the <literal>nix-dev</literal> mailing list and in + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/14897">Github + issue #14897</link>. Development strategies for Haskell hackers + who want to rely on Nix and NixOS have been described in + <link xlink:href="https://nixos.org/nix-dev/2016-June/020642.html">another + nix-dev article</link>. + </para> + </listitem> + <listitem> + <para> + Shell aliases for systemd sub-commands + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/15598">were + dropped</link>: <literal>start</literal>, + <literal>stop</literal>, <literal>restart</literal>, + <literal>status</literal>. + </para> + </listitem> + <listitem> + <para> + Redis now binds to 127.0.0.1 only instead of listening to all + network interfaces. This is the default behavior of Redis 3.2 + </para> + </listitem> + <listitem> + <para> + <literal>/var/empty</literal> is now immutable. Activation + script runs <literal>chattr +i</literal> to forbid any + modifications inside the folder. See + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18365"> + the pull request</link> for what bugs this caused. + </para> + </listitem> + <listitem> + <para> + Gitlab's maintainance script <literal>gitlab-runner</literal> + was removed and split up into the more clearer + <literal>gitlab-run</literal> and <literal>gitlab-rake</literal> + scripts, because <literal>gitlab-runner</literal> is a component + of Gitlab CI. + </para> + </listitem> + <listitem> + <para> + <literal>services.xserver.libinput.accelProfile</literal> + default changed from <literal>flat</literal> to + <literal>adaptive</literal>, as per + <link xlink:href="https://wayland.freedesktop.org/libinput/doc/latest/group__config.html#gad63796972347f318b180e322e35cee79"> + official documentation</link>. + </para> + </listitem> + <listitem> + <para> + <literal>fonts.fontconfig.ultimate.rendering</literal> was + removed because our presets were obsolete for some time. New + presets are hardcoded into FreeType; you can select a preset via + <literal>fonts.fontconfig.ultimate.preset</literal>. You can + customize those presets via ordinary environment variables, + using <literal>environment.variables</literal>. + </para> + </listitem> + <listitem> + <para> + The <literal>audit</literal> service is no longer enabled by + default. Use <literal>security.audit.enable = true</literal> to + explicitly enable it. + </para> + </listitem> + <listitem> + <para> + <literal>pkgs.linuxPackages.virtualbox</literal> now contains + only the kernel modules instead of the VirtualBox user space + binaries. If you want to reference the user space binaries, you + have to use the new <literal>pkgs.virtualbox</literal> instead. + </para> + </listitem> + <listitem> + <para> + <literal>goPackages</literal> was replaced with separated Go + applications in appropriate <literal>nixpkgs</literal> + categories. Each Go package uses its own dependency set. There's + also a new <literal>go2nix</literal> tool introduced to generate + a Go package definition from its Go source automatically. + </para> + </listitem> + <listitem> + <para> + <literal>services.mongodb.extraConfig</literal> configuration + format was changed to YAML. + </para> + </listitem> + <listitem> + <para> + PHP has been upgraded to 7.0 + </para> + </listitem> + </itemizedlist> + <para> + Other notable improvements: + </para> + <itemizedlist> + <listitem> + <para> + Revamped grsecurity/PaX support. There is now only a single + general-purpose distribution kernel and the configuration + interface has been streamlined. Desktop users should be able to + simply set + </para> + <programlisting language="bash"> +{ + security.grsecurity.enable = true; +} +</programlisting> + <para> + to get a reasonably secure system without having to sacrifice + too much functionality. + </para> + </listitem> + <listitem> + <para> + Special filesystems, like <literal>/proc</literal>, + <literal>/run</literal> and others, now have the same mount + options as recommended by systemd and are unified across + different places in NixOS. Mount options are updated during + <literal>nixos-rebuild switch</literal> if possible. One benefit + from this is improved security — most such filesystems are now + mounted with <literal>noexec</literal>, <literal>nodev</literal> + and/or <literal>nosuid</literal> options. + </para> + </listitem> + <listitem> + <para> + The reverse path filter was interfering with DHCPv4 server + operation in the past. An exception for DHCPv4 and a new option + to log packets that were dropped due to the reverse path filter + was added + (<literal>networking.firewall.logReversePathDrops</literal>) for + easier debugging. + </para> + </listitem> + <listitem> + <para> + Containers configuration within + <literal>containers.<name>.config</literal> is + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/17365">now + properly typed and checked</link>. In particular, partial + configurations are merged correctly. + </para> + </listitem> + <listitem> + <para> + The directory container setuid wrapper programs, + <literal>/var/setuid-wrappers</literal>, + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18124">is + now updated atomically to prevent failures if the switch to a + new configuration is interrupted.</link> + </para> + </listitem> + <listitem> + <para> + <literal>services.xserver.startGnuPGAgent</literal> has been + removed due to GnuPG 2.1.x bump. See + <link xlink:href="https://github.com/NixOS/nixpkgs/commit/5391882ebd781149e213e8817fba6ac3c503740c"> + how to achieve similar behavior</link>. You might need to + <literal>pkill gpg-agent</literal> after the upgrade to prevent + a stale agent being in the way. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://github.com/NixOS/nixpkgs/commit/e561edc322d275c3687fec431935095cfc717147"> + Declarative users could share the uid due to the bug in the + script handling conflict resolution. </link> + </para> + </listitem> + <listitem> + <para> + Gummi boot has been replaced using systemd-boot. + </para> + </listitem> + <listitem> + <para> + Hydra package and NixOS module were added for convenience. + </para> + </listitem> + </itemizedlist> +</section> |