nixpkgs/nixos/doc/manual/release-notes/rl-1603.xml

454 lines
19 KiB
XML
Raw Normal View History

<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
2016-02-29 11:39:11 +01:00
xml:id="sec-release-16.03">
<title>Release 16.03 (“Emu”, 2016/03/31)</title>
<para>In addition to numerous new and upgraded packages, this release
has the following highlights:</para>
<itemizedlist>
<listitem>
2016-03-31 12:30:05 +02:00
<para>Systemd 229, bringing <link
xlink:href="https://github.com/systemd/systemd/blob/v229/NEWS">numerous
improvements</link> over 217.</para>
</listitem>
<listitem>
<para>Linux 4.4 (was 3.18).</para>
</listitem>
<listitem>
<para>GCC 5.3 (was 4.9). Note that GCC 5 <link
xlink:href="https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html">changes
the C++ ABI in an incompatible way</link>; this may cause problems
if you try to link objects compiled with different versions of
GCC.</para>
</listitem>
<listitem>
<para>Glibc 2.23 (was 2.21).</para>
</listitem>
<listitem>
<para>Binutils 2.26 (was 2.23.1). See #909</para>
</listitem>
2016-03-31 12:30:05 +02:00
<listitem>
<para>Improved support for ensuring <link
xlink:href="https://reproducible-builds.org/">bitwise reproducible
builds</link>. For example, <literal>stdenv</literal> now sets the
environment variable <envar
xlink:href="https://reproducible-builds.org/specs/source-date-epoch/">SOURCE_DATE_EPOCH</envar>
to a deterministic value, and Nix has <link
xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.11">gained
an option</link> to repeat a build a number of times to test
determinism. An ongoing project, the goal of exact reproducibility
is to allow binaries to be verified independently (e.g., a user
might only trust binaries that appear in three independent binary
caches).</para>
</listitem>
<listitem>
<para>Perl 5.22.</para>
</listitem>
</itemizedlist>
<para>The following new services were added since the last release:
<itemizedlist>
<listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem>
<listitem><para><literal>hardware/video/webcam/facetimehd.nix</literal></para></listitem>
2016-04-12 12:46:12 +02:00
<listitem><para><literal>i18n/input-method/default.nix</literal></para></listitem>
<listitem><para><literal>i18n/input-method/fcitx.nix</literal></para></listitem>
<listitem><para><literal>i18n/input-method/ibus.nix</literal></para></listitem>
<listitem><para><literal>i18n/input-method/nabi.nix</literal></para></listitem>
<listitem><para><literal>i18n/input-method/uim.nix</literal></para></listitem>
<listitem><para><literal>programs/fish.nix</literal></para></listitem>
<listitem><para><literal>security/acme.nix</literal></para></listitem>
<listitem><para><literal>security/audit.nix</literal></para></listitem>
<listitem><para><literal>security/oath.nix</literal></para></listitem>
<listitem><para><literal>services/hardware/irqbalance.nix</literal></para></listitem>
<listitem><para><literal>services/mail/dspam.nix</literal></para></listitem>
<listitem><para><literal>services/mail/opendkim.nix</literal></para></listitem>
<listitem><para><literal>services/mail/postsrsd.nix</literal></para></listitem>
<listitem><para><literal>services/mail/rspamd.nix</literal></para></listitem>
<listitem><para><literal>services/mail/rmilter.nix</literal></para></listitem>
<listitem><para><literal>services/misc/autofs.nix</literal></para></listitem>
<listitem><para><literal>services/misc/bepasty.nix</literal></para></listitem>
<listitem><para><literal>services/misc/calibre-server.nix</literal></para></listitem>
<listitem><para><literal>services/misc/cfdyndns.nix</literal></para></listitem>
<listitem><para><literal>services/misc/gammu-smsd.nix</literal></para></listitem>
<listitem><para><literal>services/misc/mathics.nix</literal></para></listitem>
<listitem><para><literal>services/misc/matrix-synapse.nix</literal></para></listitem>
<listitem><para><literal>services/misc/octoprint.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/hdaps.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/heapster.nix</literal></para></listitem>
<listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem>
<listitem><para><literal>services/network-filesystems/netatalk.nix</literal></para></listitem>
<listitem><para><literal>services/network-filesystems/xtreemfs.nix</literal></para></listitem>
<listitem><para><literal>services/networking/autossh.nix</literal></para></listitem>
<listitem><para><literal>services/networking/dnschain.nix</literal></para></listitem>
<listitem><para><literal>services/networking/gale.nix</literal></para></listitem>
<listitem><para><literal>services/networking/miniupnpd.nix</literal></para></listitem>
<listitem><para><literal>services/networking/namecoind.nix</literal></para></listitem>
<listitem><para><literal>services/networking/ostinato.nix</literal></para></listitem>
2016-02-11 12:02:11 +01:00
<listitem><para><literal>services/networking/pdnsd.nix</literal></para></listitem>
<listitem><para><literal>services/networking/shairport-sync.nix</literal></para></listitem>
<listitem><para><literal>services/networking/supplicant.nix</literal></para></listitem>
<listitem><para><literal>services/search/kibana.nix</literal></para></listitem>
2016-02-01 09:47:23 +01:00
<listitem><para><literal>services/security/haka.nix</literal></para></listitem>
<listitem><para><literal>services/security/physlock.nix</literal></para></listitem>
<listitem><para><literal>services/web-apps/pump.io.nix</literal></para></listitem>
<listitem><para><literal>services/x11/hardware/libinput.nix</literal></para></listitem>
<listitem><para><literal>services/x11/window-managers/windowlab.nix</literal></para></listitem>
<listitem><para><literal>system/boot/initrd-network.nix</literal></para></listitem>
<listitem><para><literal>system/boot/initrd-ssh.nix</literal></para></listitem>
<listitem><para><literal>system/boot/loader/loader.nix</literal></para></listitem>
<listitem><para><literal>system/boot/networkd.nix</literal></para></listitem>
<listitem><para><literal>system/boot/resolved.nix</literal></para></listitem>
<listitem><para><literal>virtualisation/lxd.nix</literal></para></listitem>
<listitem><para><literal>virtualisation/rkt.nix</literal></para></listitem>
</itemizedlist>
</para>
<para>When upgrading from a previous release, please be aware of the
2015-09-21 11:02:17 +02:00
following incompatible changes:</para>
<itemizedlist>
2016-03-31 12:30:05 +02:00
<listitem>
<para>We no longer produce graphical ISO images and VirtualBox
images for <literal>i686-linux</literal>. A minimal ISO image is
still provided.</para>
</listitem>
<listitem>
<para>Firefox and similar browsers are now <emphasis>wrapped by default</emphasis>.
The package and attribute names are plain <literal>firefox</literal>
or <literal>midori</literal>, etc. Backward-compatibility attributes were set up,
but note that <command>nix-env -u</command> will <emphasis>not</emphasis> update
your current <literal>firefox-with-plugins</literal>;
you have to uninstall it and install <literal>firefox</literal> instead.</para>
</listitem>
2015-09-21 11:02:17 +02:00
<listitem>
<para><command>wmiiSnap</command> has been replaced with
<command>wmii_hg</command>, but
<command>services.xserver.windowManager.wmii.enable</command> has
been updated respectively so this only affects you if you have
explicitly installed <command>wmiiSnap</command>.
</para>
</listitem>
2016-01-14 13:07:56 +01:00
<listitem>
<para><literal>jobs</literal> NixOS option has been removed. It served as
compatibility layer between Upstart jobs and SystemD services. All services
have been rewritten to use <literal>systemd.services</literal></para>
</listitem>
2015-09-21 11:02:17 +02:00
<listitem>
<para><command>wmiimenu</command> is removed, as it has been
removed by the developers upstream. Use <command>wimenu</command>
from the <command>wmii-hg</command> package.</para>
</listitem>
<listitem>
<para>Gitit is no longer automatically added to the module list in
NixOS and as such there will not be any manual entries for it. You
will need to add an import statement to your NixOS configuration
in order to use it, e.g.
<programlisting><![CDATA[
{
imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ];
2015-09-21 11:02:17 +02:00
}
]]></programlisting>
will include the Gitit service configuration options.</para>
</listitem>
2015-11-01 23:14:40 +01:00
<listitem>
<para><command>nginx</command> does not accept flags for enabling and
disabling modules anymore. Instead it accepts <literal>modules</literal>
argument, which is a list of modules to be built in. All modules now
reside in <literal>nginxModules</literal> set. Example configuration:
<programlisting><![CDATA[
nginx.override {
modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
}
]]></programlisting>
</para>
</listitem>
<listitem>
<para><command>s3sync</command> is removed, as it hasn't been
developed by upstream for 4 years and only runs with ruby 1.8.
For an actively-developer alternative look at
<command>tarsnap</command> and others.
</para>
</listitem>
<listitem>
<para><command>ruby_1_8</command> has been removed as it's not
supported from upstream anymore and probably contains security
issues.
</para>
</listitem>
<listitem>
<para><literal>tidy-html5</literal> package is removed.
Upstream only provided <literal>(lib)tidy5</literal> during development,
and now they went back to <literal>(lib)tidy</literal> to work as a drop-in
replacement of the original package that has been unmaintained for years.
You can (still) use the <literal>html-tidy</literal> package, which got updated
to a stable release from this new upstream.</para>
</listitem>
<listitem>
<para><literal>extraDeviceOptions</literal> argument is removed
from <literal>bumblebee</literal> package. Instead there are
now two separate arguments: <literal>extraNvidiaDeviceOptions</literal>
and <literal>extraNouveauDeviceOptions</literal> for setting
extra X11 options for nvidia and nouveau drivers, respectively.
</para>
</listitem>
<listitem>
<para>The <literal>Ctrl+Alt+Backspace</literal> key combination
no longer kills the X server by default.
There's a new option <option>services.xserver.enableCtrlAltBackspace</option>
allowing to enable the combination again.
</para>
</listitem>
<listitem>
<para><literal>emacsPackagesNg</literal> now contains all packages
from the ELPA, MELPA, and MELPA Stable repositories.
</para>
</listitem>
2016-01-21 10:38:03 +01:00
<listitem>
<para>Data directory for Postfix MTA server is moved from
<filename>/var/postfix</filename> to <filename>/var/lib/postfix</filename>.
Old configurations are migrated automatically. <literal>service.postfix</literal>
module has also received many improvements, such as correct directories' access
rights, new <literal>aliasFiles</literal> and <literal>mapFiles</literal>
options and more.</para>
</listitem>
2016-01-25 10:02:15 +01:00
<listitem>
<para>Filesystem options should now be configured as a list of strings, not
a comma-separated string. The old style will continue to work, but print a
warning, until the 16.09 release. An example of the new style:
<programlisting>
fileSystems."/example" = {
device = "/dev/sdc";
fsType = "btrfs";
options = [ "noatime" "compress=lzo" "space_cache" "autodefrag" ];
};
</programlisting>
2016-02-07 13:52:42 +01:00
</para>
</listitem>
2016-01-21 10:38:03 +01:00
<listitem>
<para>CUPS, installed by <literal>services.printing</literal> module, now
has its data directory in <filename>/var/lib/cups</filename>. Old
configurations from <filename>/etc/cups</filename> are moved there
automatically, but there might be problems. Also configuration options
<literal>services.printing.cupsdConf</literal> and
<literal>services.printing.cupsdFilesConf</literal> were removed
because they had been allowing one to override configuration variables
required for CUPS to work at all on NixOS. For most use cases,
<literal>services.printing.extraConf</literal> and new option
<literal>services.printing.extraFilesConf</literal> should be enough;
if you encounter a situation when they are not, please file a bug.</para>
<para>There are also Gutenprint improvements; in particular, a new option
<literal>services.printing.gutenprint</literal> is added to enable automatic
updating of Gutenprint PPMs; it's greatly recommended to enable it instead
of adding <literal>gutenprint</literal> to the <literal>drivers</literal> list.
</para>
</listitem>
<listitem>
<para><literal>services.xserver.vaapiDrivers</literal> has been removed. Use
<literal>hardware.opengl.extraPackages{,32}</literal> instead. You can
also specify VDPAU drivers there.</para>
</listitem>
2016-02-16 15:32:01 +01:00
<listitem>
<para>
<literal>programs.ibus</literal> moved to <literal>i18n.inputMethod.ibus</literal>.
The option <literal>programs.ibus.plugins</literal> changed to <literal>i18n.inputMethod.ibus.engines</literal>
and the option to enable ibus changed from <literal>programs.ibus.enable</literal> to
<literal>i18n.inputMethod.enabled</literal>.
<literal>i18n.inputMethod.enabled</literal> should be set to the used input method name,
<literal>"ibus"</literal> for ibus.
An example of the new style:
<programlisting>
i18n.inputMethod.enabled = "ibus";
i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ];
</programlisting>
That is equivalent to the old version:
<programlisting>
programs.ibus.enable = true;
programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ];
</programlisting>
</para>
</listitem>
<listitem>
<para><literal>services.udev.extraRules</literal> option now writes rules
to <filename>99-local.rules</filename> instead of <filename>10-local.rules</filename>.
This makes all the user rules apply after others, so their results wouldn't be
overriden by anything else.</para>
</listitem>
<listitem>
<para>Large parts of the <literal>services.gitlab</literal> module has been
been rewritten. There are new configuration options available. The
<literal>stateDir</literal> option was renamned to
<literal>statePath</literal> and the <literal>satellitesDir</literal> option
was removed. Please review the currently available options.</para>
</listitem>
<listitem>
<para>
The option <option>services.nsd.zones.&lt;name&gt;.data</option> no
longer interpret the dollar sign ($) as a shell variable, as such it
should not be escaped anymore. Thus the following zone data:
</para>
<programlisting>
\$ORIGIN example.com.
\$TTL 1800
@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
</programlisting>
<para>
Should modified to look like the actual file expected by nsd:
</para>
<programlisting>
$ORIGIN example.com.
$TTL 1800
@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
</programlisting>
</listitem>
<listitem>
<para>
<literal>service.syncthing.dataDir</literal> options now has to point
to exact folder where syncthing is writing to. Example configuration should
look something like:
</para>
<programlisting>
services.syncthing = {
enable = true;
dataDir = "/home/somebody/.syncthing";
user = "somebody";
};
</programlisting>
</listitem>
<listitem>
<para>
<literal>networking.firewall.allowPing</literal> is now enabled by
default. Users are encourarged to configure an approiate rate limit for
their machines using the Kernel interface at
<filename>/proc/sys/net/ipv4/icmp_ratelimit</filename> and
<filename>/proc/sys/net/ipv6/icmp/ratelimit</filename> or using the
firewall itself, i.e. by setting the NixOS option
<literal>networking.firewall.pingLimit</literal>.
</para>
</listitem>
<listitem>
<para>
Systems with some broadcom cards used to result into a generated config
that is no longer accepted. If you get errors like
<screen>error: path /nix/store/*-broadcom-sta-* does not exist and cannot be created</screen>
you should either re-run <command>nixos-generate-config</command> or manually replace
<literal>"${config.boot.kernelPackages.broadcom_sta}"</literal>
by
<literal>config.boot.kernelPackages.broadcom_sta</literal>
in your <filename>/etc/nixos/hardware-configuration.nix</filename>.
More discussion is on <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12595">
the github issue</link>.
</para>
</listitem>
<listitem>
<para>
The <literal>services.xserver.startGnuPGAgent</literal> option has been removed.
GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no
longer requires (or even supports) the "start everything as a child of the
agent" scheme we've implemented in NixOS for older versions.
To configure the gpg-agent for your X session, add the following code to
<filename>~/.bashrc</filename> or some file thats sourced when your shell is started:
<programlisting>
GPG_TTY=$(tty)
export GPG_TTY
</programlisting>
If you want to use gpg-agent for SSH, too, add the following to your session
initialization (e.g. <literal>displayManager.sessionCommands</literal>)
<programlisting>
gpg-connect-agent /bye
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh"
</programlisting>
and make sure that
<programlisting>
enable-ssh-support
</programlisting>
is included in your <filename>~/.gnupg/gpg-agent.conf</filename>.
You will need to use <command>ssh-add</command> to re-add your ssh keys.
If gpgs automatic transformation of the private keys to the new format fails,
you will need to re-import your private keyring as well:
<programlisting>
gpg --import ~/.gnupg/secring.gpg
</programlisting>
The <command>gpg-agent(1)</command> man page has more details about this subject,
i.e. in the "EXAMPLES" section.
</para>
</listitem>
2015-09-21 11:02:17 +02:00
</itemizedlist>
<para>Other notable improvements:
2016-03-31 12:30:05 +02:00
<itemizedlist>
2016-03-31 12:30:05 +02:00
<!--
<listitem>
<para>The <command>command-not-found</command> hook was extended.
Apart from <literal>$NIX_AUTO_INSTALL</literal> variable,
it newly also checks for <literal>$NIX_AUTO_RUN</literal>
which causes it to directly run the missing commands via
2016-03-31 12:30:05 +02:00
<command>nix-shell</command> (without installing anything).</para>
</listitem>
2016-03-31 12:30:05 +02:00
-->
<listitem>
<para><literal>ejabberd</literal> module is brought back and now works on
NixOS.</para>
</listitem>
2016-02-16 15:32:01 +01:00
<listitem>
<para>Input method support was improved. New NixOS modules (fcitx, nabi and uim),
fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus engines (hangul and m17n)
have been added.</para>
</listitem>
</itemizedlist></para>
</section>