From a9166d143d8a9b9db9e2e903abbb4ce3a27a26ae Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 29 Sep 2016 13:48:38 +0200 Subject: Some release notes updates --- nixos/doc/manual/release-notes/rl-1609.xml | 99 +++++++++++++++++++----------- 1 file changed, 64 insertions(+), 35 deletions(-) (limited to 'nixos/doc/manual/release-notes') diff --git a/nixos/doc/manual/release-notes/rl-1609.xml b/nixos/doc/manual/release-notes/rl-1609.xml index c884eaa3ec2..994764e188e 100644 --- a/nixos/doc/manual/release-notes/rl-1609.xml +++ b/nixos/doc/manual/release-notes/rl-1609.xml @@ -4,7 +4,7 @@ version="5.0" xml:id="sec-release-16.09"> -Release 16.09 (“Flounder”, 2016/09/??) +Release 16.09 (“Flounder”, 2016/09/31) In addition to numerous new and upgraded packages, this release has the following highlights: @@ -12,22 +12,45 @@ has the following highlights: - PXE "netboot" media has landed in . - See for documentation. + Many NixOS configurations and Nix packages now use + significantly less disk space, thanks to the extensive + work on closure size reduction. For example, the closure + size of a minimal NixOS container went down from ~424 MiB in 16.03 + to ~212 MiB in 16.09, while the closure size of Firefox went from + ~651 MiB to ~259 MiB. - Xorg-server-1.18.*. If you choose "ati_unfree" driver, - 1.17.* is still used due to ABI incompatibility. + To improve security, packages are now built + using various hardening features. See the Nixpkgs manual + for more information. + + + Support for PXE netboot. See for documentation. + + + + X.org server 1.18. If you use the + ati_unfree driver, 1.17 is still used due to an + ABI incompatibility. + + + + This release is based on Glibc 2.24, GCC 5.4.0 and systemd + 231. The default Linux kernel remains 4.4. + + The following new services were added since the last release: - - (this will get automatically generated at release time) - - + + (this will get automatically generated at release time) + When upgrading from a previous release, please be aware of the following incompatible changes: @@ -36,7 +59,8 @@ following incompatible changes: A large number of packages have been converted to use the multiple outputs feature - of Nix to greatly reduce the amount of required disk space. This may require changes + of Nix to greatly reduce the amount of required disk space, as + mentioned above. This may require changes to any custom packages to make them build again; see the relevant chapter in the Nixpkgs manual for more information. (Additional caveat to packagers: some packaging conventions related to multiple-output packages @@ -58,16 +82,12 @@ following incompatible changes: - /var/setuid-wrappers/ - is now a symlink so - it can be atomically updated - and it's not mounted as tmpfs anymore since setuid binaries are located on /run/ as tmpfs. - - - - - Gitlab's maintainence script gitlab-runner was removed and split up into the more clearer - gitlab-run and gitlab-rake scripts because gitlab-runner is a component of Gitlab CI. + Gitlab's maintainance script + gitlab-runner was removed and split up into the + more clearer gitlab-run and + gitlab-rake scripts, because + gitlab-runner is a component of Gitlab + CI. @@ -80,14 +100,14 @@ following incompatible changes: fonts.fontconfig.ultimate.rendering was removed because our presets were obsolete for some time. New presets are hardcoded - into freetype; one selects a preset via fonts.fontconfig.ultimate.preset. + into FreeType; you can select a preset via fonts.fontconfig.ultimate.preset. You can customize those presets via ordinary environment variables, using environment.variables. The audit service is no longer enabled by default. - Use security.audit.enable = true; to explicitly enable it. + Use security.audit.enable = true to explicitly enable it. @@ -100,10 +120,11 @@ following incompatible changes: - goPackages was replaced with separated Go applications - in appropriate nixpkgs categories. Each Go package uses its own - dependency set defined in nix. There's also a new go2nix - tool introduced to generate Go package definition from its Go source automatically. + goPackages was replaced with separated Go + applications in appropriate nixpkgs + categories. Each Go package uses its own dependency set. There's + also a new go2nix tool introduced to generate a + Go package definition from its Go source automatically. @@ -127,10 +148,11 @@ following incompatible changes: Special filesystems, like /proc, - /run and others, now have the same mount options as - recommended by systemd. They are now unified across different places in NixOS. - Options are also updated on the system switch if possible. One benefit from - this is improved security -- most such filesystems are now mounted with + /run and others, now have the same mount options + as recommended by systemd and are unified across different places in + NixOS. Mount options are updated during nixos-rebuild + switch if possible. One benefit from this is improved + security — most such filesystems are now mounted with noexec, nodev and/or nosuid options. @@ -141,11 +163,18 @@ following incompatible changes: debugging. Containers configuration within - containers.<name>.config is now properly - typed and checked. In particular, partial configurations are merged - correctly. - (#17365) - + containers.<name>.config is now + properly typed and checked. In particular, partial + configurations are merged correctly. + + + The directory container setuid wrapper programs, + /var/setuid-wrappers, is now + updated atomically to prevent failures if the switch to a new + configuration is interrupted. + -- cgit 1.4.1