nixos/doc/manual/release-notes/rl-2009.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211

<section xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
         version="5.0"
         xml:id="sec-release-20.09">
 <title>Release 20.09 (“Nightingale”, 2020.09/??)</title>

 <section xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
         version="5.0"
         xml:id="sec-release-20.09-highlights">
  <title>Highlights</title>

  <para>
   In addition to numerous new and upgraded packages, this release has the
   following highlights:
  </para>

  <itemizedlist>
   <listitem>
    <para>
     Support is planned until the end of April 2021, handing over to 21.03.
    </para>
   </listitem>
   <listitem>
    <para>
     PHP now defaults to PHP 7.4, updated from 7.3.
    </para>
   </listitem>
   <listitem>
    <para>
     Two new options, <link linkend="opt-services.openssh.authorizedKeysCommand">authorizedKeysCommand</link>
     and <link linkend="opt-services.openssh.authorizedKeysCommandUser">authorizedKeysCommandUser</link>, have
     been added to the <literal>openssh</literal> module. If you have <literal>AuthorizedKeysCommand</literal>
     in your <link linkend="opt-services.openssh.extraConfig">services.openssh.extraConfig</link> you should
     make use of these new options instead.
    </para>
   </listitem>
  </itemizedlist>
 </section>

 <section xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
         version="5.0"
         xml:id="sec-release-20.09-new-services">
  <title>New Services</title>

  <para>
   The following new services were added since the last release:
  </para>

  <itemizedlist>
   <listitem>
    <para />
   </listitem>
  </itemizedlist>

 </section>

 <section xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
         version="5.0"
         xml:id="sec-release-20.09-incompatibilities">
  <title>Backward Incompatibilities</title>

  <para>
   When upgrading from a previous release, please be aware of the following
   incompatible changes:
  </para>

  <itemizedlist>
   <listitem>
    <para>
     Grafana is now built without support for phantomjs by default. Phantomjs support has been
     <link xlink:href="https://grafana.com/docs/grafana/latest/guides/whats-new-in-v6-4/">deprecated in Grafana</link>
     and the <package>phantomjs</package> project is
     <link xlink:href="https://github.com/ariya/phantomjs/issues/15344#issue-302015362">currently unmaintained</link>.
     It can still be enabled by providing <literal>phantomJsSupport = true</literal> to the package instanciation:
<programlisting>{
  services.grafana.package = pkgs.grafana.overrideAttrs (oldAttrs: rec {
    phantomJsSupport = false;
  });
}</programlisting>
    </para>
   </listitem>
   <listitem>
    <para>
      The <link linkend="opt-services.supybot.enable">supybot</link> module now uses <literal>/var/lib/supybot</literal>
      as its default <link linkend="opt-services.supybot.stateDir">stateDir</link> path if <literal>stateVersion</literal>
      is 20.09 or higher. It also enables number of
      <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.exec.html#Sandboxing">systemd sandboxing options</link>
      which may possibly interfere with some plugins. If this is the case you can disable the options through attributes in
      <option>systemd.services.supybot.serviceConfig</option>.
    </para>
   </listitem>
   <listitem>
    <para>
      The <literal>security.duosec.skey</literal> option, which stored a secret in the
      nix store, has been replaced by a new
      <link linkend="opt-security.duosec.secretKeyFile">security.duosec.secretKeyFile</link>
      option for better security.
    </para>
    <para>
      <literal>security.duosec.ikey</literal> has been renamed to
      <link linkend="opt-security.duosec.integrationKey">security.duosec.integrationKey</link>.
    </para>
   </listitem>
   <listitem>
    <para>
     The initrd SSH support now uses OpenSSH rather than Dropbear to
     allow the use of Ed25519 keys and other OpenSSH-specific
     functionality. Host keys must now be in the OpenSSH format, and at
     least one pre-generated key must be specified.
    </para>
    <para>
     If you used the <option>boot.initrd.network.ssh.host*Key</option>
     options, you'll get an error explaining how to convert your host
     keys and migrate to the new
     <option>boot.initrd.network.ssh.hostKeys</option> option.
     Otherwise, if you don't have any host keys set, you'll need to
     generate some; see the <option>hostKeys</option> option
     documentation for instructions.
    </para>
   </listitem>
   <listitem>
     <para>
       Since this release there's an easy way to customize your PHP install to get a much smaller
       base PHP with only wanted extensions enabled. See the following snippet installing a smaller PHP
       with the extensions <literal>imagick</literal>, <literal>opcache</literal> and
       <literal>pdo_mysql</literal> loaded:

       <programlisting>
environment.systemPackages = [
(pkgs.php.buildEnv { exts = pp: with pp.exts; [
    pp.imagick
    opcache
    pdo_mysql
  ]; })
];</programlisting>

       The default <literal>php</literal> attribute hasn't lost any extensions -
       the <literal>opcache</literal> extension was added there.

       All upstream PHP extensions are available under <package><![CDATA[php.packages.exts.<name?>]]></package>.
     </para>
     <para>
       The updated <literal>php</literal> attribute is now easily customizable to your liking
       by using extensions instead of writing config files or changing configure flags.

       Therefore we have removed the following configure flags:

       <itemizedlist>
         <title>PHP <literal>config</literal> flags that we don't read anymore:</title>
         <listitem><para><literal>config.php.argon2</literal></para></listitem>
         <listitem><para><literal>config.php.bcmath</literal></para></listitem>
         <listitem><para><literal>config.php.bz2</literal></para></listitem>
         <listitem><para><literal>config.php.calendar</literal></para></listitem>
         <listitem><para><literal>config.php.curl</literal></para></listitem>
         <listitem><para><literal>config.php.exif</literal></para></listitem>
         <listitem><para><literal>config.php.ftp</literal></para></listitem>
         <listitem><para><literal>config.php.gd</literal></para></listitem>
         <listitem><para><literal>config.php.gettext</literal></para></listitem>
         <listitem><para><literal>config.php.gmp</literal></para></listitem>
         <listitem><para><literal>config.php.imap</literal></para></listitem>
         <listitem><para><literal>config.php.intl</literal></para></listitem>
         <listitem><para><literal>config.php.ldap</literal></para></listitem>
         <listitem><para><literal>config.php.libxml2</literal></para></listitem>
         <listitem><para><literal>config.php.libzip</literal></para></listitem>
         <listitem><para><literal>config.php.mbstring</literal></para></listitem>
         <listitem><para><literal>config.php.mysqli</literal></para></listitem>
         <listitem><para><literal>config.php.mysqlnd</literal></para></listitem>
         <listitem><para><literal>config.php.openssl</literal></para></listitem>
         <listitem><para><literal>config.php.pcntl</literal></para></listitem>
         <listitem><para><literal>config.php.pdo_mysql</literal></para></listitem>
         <listitem><para><literal>config.php.pdo_odbc</literal></para></listitem>
         <listitem><para><literal>config.php.pdo_pgsql</literal></para></listitem>
         <listitem><para><literal>config.php.phpdbg</literal></para></listitem>
         <listitem><para><literal>config.php.postgresql</literal></para></listitem>
         <listitem><para><literal>config.php.readline</literal></para></listitem>
         <listitem><para><literal>config.php.soap</literal></para></listitem>
         <listitem><para><literal>config.php.sockets</literal></para></listitem>
         <listitem><para><literal>config.php.sodium</literal></para></listitem>
         <listitem><para><literal>config.php.sqlite</literal></para></listitem>
         <listitem><para><literal>config.php.tidy</literal></para></listitem>
         <listitem><para><literal>config.php.xmlrpc</literal></para></listitem>
         <listitem><para><literal>config.php.xsl</literal></para></listitem>
         <listitem><para><literal>config.php.zip</literal></para></listitem>
         <listitem><para><literal>config.php.zlib</literal></para></listitem>
       </itemizedlist>
     </para>
   </listitem>
  </itemizedlist>
 </section>

 <section xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
         version="5.0"
         xml:id="sec-release-20.09-notable-changes">
  <title>Other Notable Changes</title>

  <itemizedlist>
   <listitem>
    <para />
   </listitem>
  </itemizedlist>
 </section>
</section>