1 files changed, 92 insertions, 2 deletions

diff --git a/nixos/doc/manual/release-notes.xml b/nixos/doc/manual/release-notes.xml
index 7995497708e..bacd97e0dc4 100644
--- a/nixos/doc/manual/release-notes.xml
+++ b/nixos/doc/manual/release-notes.xml
@@ -1,4 +1,5 @@
 <appendix xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
           xml:id="ch-release-notes">
 
 <title>Release notes</title>
@@ -9,8 +10,9 @@
 
 <title>Release 14.04 (“Baboon”, 2014/04/??)</title>
 
-<para>This is the second stable release branch of NixOS.  The main
-enhancements are the following:
+<para>This is the second stable release branch of NixOS.  In addition
+to numerous new and upgraded packages and modules, this release has
+the following highlights:
 
 <itemizedlist>
 
@@ -18,9 +20,63 @@ enhancements are the following:
   <xref linkend="sec-uefi-installation"/> for
   details.</para></listitem>
 
+  <listitem><para>Systemd has been updated to version 212, which has
+  <link xlink:href="http://cgit.freedesktop.org/systemd/systemd/plain/NEWS?id=v212">numerous
+  improvements</link>. NixOS now automatically starts systemd user
+  instances when you log in. You can define global user units through
+  the <option>systemd.unit.*</option> options.</para></listitem>
+
   <listitem><para>NixOS is now based on Glibc 2.19 and GCC
   4.8.</para></listitem>
 
+  <listitem><para>The default Linux kernel has been updated to
+  3.12.</para></listitem>
+
+  <listitem><para>KDE has been updated to 4.12.</para></listitem>
+
+  <listitem><para>Nix has been updated to 1.7 (<link
+  xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.7">details</link>).</para></listitem>
+
+  <listitem><para>NixOS now supports fully declarative management of
+  users and groups. If you set <option>users.mutableUsers</option> to
+  <literal>false</literal>, then the contents of
+  <filename>/etc/passwd</filename> and <filename>/etc/group</filename>
+  will be <link
+  xlink:href="https://www.usenix.org/legacy/event/lisa02/tech/full_papers/traugott/traugott_html/">congruent</link>
+  to your NixOS configuration. For instance, if you remove a user from
+  <option>users.extraUsers</option> and run
+  <command>nixos-rebuild</command>, the user account will cease to
+  exist. Also, imperative commands for managing users and groups, such
+  as <command>useradd</command>, are no longer available. If
+  <option>users.mutableUsers</option> is <literal>true</literal> (the
+  default), then behaviour is unchanged from NixOS
+  13.10.</para></listitem>
+
+  <listitem><para>NixOS now has basic container support, meaning you
+  can easily run a NixOS instance as a container in a NixOS host
+  system. These containers are suitable for testing and
+  experimentation but not production use, since they’re not fully
+  isolated from the host. See <xref linkend="ch-containers"/> for
+  details.</para></listitem>
+
+  <listitem><para>Systemd units provided by packages can now be
+  overridden from the NixOS configuration. For instance, if a package
+  <literal>foo</literal> provides systemd units, you can say:
+
+<programlisting>
+systemd.packages = [ pkgs.foo ];
+</programlisting>
+
+  to enable those units. You can then set or override unit options in
+  the usual way, e.g.
+
+<programlisting>
+systemd.services.foo.wantedBy = [ "multi-user.target" ];
+systemd.services.foo.serviceConfig.MemoryLimit = "512M";
+</programlisting>
+
+  </para></listitem>
+
 </itemizedlist>
 
 </para>
@@ -47,6 +103,18 @@ error: package ‘nvidia-x11-331.49-3.12.17’ in ‘…/nvidia-x11/default.nix:
 
   </para></listitem>
 
+  <listitem><para>The Adobe Flash player is no longer enabled by
+  default in the Firefox and Chromium wrappers. To enable it, you must
+  set:
+
+<programlisting>
+nixpkgs.config.allowUnfree = true;
+nixpkgs.config.firefox.enableAdobeFlash = true; # for Firefox
+nixpkgs.config.chromium.enableAdobeFlash = true; # for Chromium
+</programlisting>
+
+  </para></listitem>
+
   <listitem><para>The firewall is now enabled by default. If you don’t
   want this, you need to disable it explicitly:
 
@@ -65,6 +133,28 @@ networking.firewall.enable = false;
   sets a default for the option
   <option>services.mysql.package</option>.</para></listitem>
 
+  <listitem><para>Package variants are now differentiated by suffixing
+  the name, rather than the version. For instance,
+  <filename>sqlite-3.8.4.3-interactive</filename> is now called
+  <filename>sqlite-interactive-3.8.4.3</filename>. This ensures that
+  <literal>nix-env -i sqlite</literal> is unambiguous, and that
+  <literal>nix-env -u</literal> won’t “upgrade”
+  <literal>sqlite</literal> to <literal>sqlite-interactive</literal>
+  or vice versa. Notably, this change affects the Firefox wrapper
+  (which provides plugins), as it is now called
+  <literal>firefox-wrapper</literal>. So when using
+  <command>nix-env</command>, you should do <literal>nix-env -e
+  firefox; nix-env -i firefox-wrapper</literal> if you want to keep
+  using the wrapper. This change does not affect declarative package
+  management, since attribute names like
+  <literal>pkgs.firefoxWrapper</literal> were already
+  unambiguous.</para></listitem>
+
+  <listitem><para>The symlink <filename>/etc/ca-bundle.crt</filename>
+  is gone. Programs should instead use the environment variable
+  <envar>OPENSSL_X509_CERT_FILE</envar> (which points to
+  <filename>/etc/ssl/certs/ca-bundle.crt</filename>).</para></listitem>
+
 </itemizedlist>
 
 </para>