16c923cef2
When displaying a warning about a removed Option we should always include reasoning why it was removed and how to get the same functionality without it. Introduces such a description argument and patches occurences (mostly with an empty string). startGnuPGAgent: further notes on replacement
454 lines
19 KiB
XML
454 lines
19 KiB
XML
<section xmlns="http://docbook.org/ns/docbook"
|
||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||
version="5.0"
|
||
xml:id="sec-release-16.03">
|
||
|
||
<title>Release 16.03 (“Emu”, 2016/03/31)</title>
|
||
|
||
<para>In addition to numerous new and upgraded packages, this release
|
||
has the following highlights:</para>
|
||
|
||
<itemizedlist>
|
||
|
||
<listitem>
|
||
<para>Systemd 229, bringing <link
|
||
xlink:href="https://github.com/systemd/systemd/blob/v229/NEWS">numerous
|
||
improvements</link> over 217.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Linux 4.4 (was 3.18).</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>GCC 5.3 (was 4.9). Note that GCC 5 <link
|
||
xlink:href="https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html">changes
|
||
the C++ ABI in an incompatible way</link>; this may cause problems
|
||
if you try to link objects compiled with different versions of
|
||
GCC.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Glibc 2.23 (was 2.21).</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Binutils 2.26 (was 2.23.1). See #909</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Improved support for ensuring <link
|
||
xlink:href="https://reproducible-builds.org/">bitwise reproducible
|
||
builds</link>. For example, <literal>stdenv</literal> now sets the
|
||
environment variable <envar
|
||
xlink:href="https://reproducible-builds.org/specs/source-date-epoch/">SOURCE_DATE_EPOCH</envar>
|
||
to a deterministic value, and Nix has <link
|
||
xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.11">gained
|
||
an option</link> to repeat a build a number of times to test
|
||
determinism. An ongoing project, the goal of exact reproducibility
|
||
is to allow binaries to be verified independently (e.g., a user
|
||
might only trust binaries that appear in three independent binary
|
||
caches).</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Perl 5.22.</para>
|
||
</listitem>
|
||
|
||
</itemizedlist>
|
||
|
||
<para>The following new services were added since the last release:
|
||
|
||
<itemizedlist>
|
||
<listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem>
|
||
<listitem><para><literal>hardware/video/webcam/facetimehd.nix</literal></para></listitem>
|
||
<listitem><para><literal>i18n/input-method/default.nix</literal></para></listitem>
|
||
<listitem><para><literal>i18n/input-method/fcitx.nix</literal></para></listitem>
|
||
<listitem><para><literal>i18n/input-method/ibus.nix</literal></para></listitem>
|
||
<listitem><para><literal>i18n/input-method/nabi.nix</literal></para></listitem>
|
||
<listitem><para><literal>i18n/input-method/uim.nix</literal></para></listitem>
|
||
<listitem><para><literal>programs/fish.nix</literal></para></listitem>
|
||
<listitem><para><literal>security/acme.nix</literal></para></listitem>
|
||
<listitem><para><literal>security/audit.nix</literal></para></listitem>
|
||
<listitem><para><literal>security/oath.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/hardware/irqbalance.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/mail/dspam.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/mail/opendkim.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/mail/postsrsd.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/mail/rspamd.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/mail/rmilter.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/misc/autofs.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/misc/bepasty.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/misc/calibre-server.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/misc/cfdyndns.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/misc/gammu-smsd.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/misc/mathics.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/misc/matrix-synapse.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/misc/octoprint.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/monitoring/hdaps.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/monitoring/heapster.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/network-filesystems/netatalk.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/network-filesystems/xtreemfs.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/networking/autossh.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/networking/dnschain.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/networking/gale.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/networking/miniupnpd.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/networking/namecoind.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/networking/ostinato.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/networking/pdnsd.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/networking/shairport-sync.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/networking/supplicant.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/search/kibana.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/security/haka.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/security/physlock.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/web-apps/pump.io.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/x11/hardware/libinput.nix</literal></para></listitem>
|
||
<listitem><para><literal>services/x11/window-managers/windowlab.nix</literal></para></listitem>
|
||
<listitem><para><literal>system/boot/initrd-network.nix</literal></para></listitem>
|
||
<listitem><para><literal>system/boot/initrd-ssh.nix</literal></para></listitem>
|
||
<listitem><para><literal>system/boot/loader/loader.nix</literal></para></listitem>
|
||
<listitem><para><literal>system/boot/networkd.nix</literal></para></listitem>
|
||
<listitem><para><literal>system/boot/resolved.nix</literal></para></listitem>
|
||
<listitem><para><literal>virtualisation/lxd.nix</literal></para></listitem>
|
||
<listitem><para><literal>virtualisation/rkt.nix</literal></para></listitem>
|
||
</itemizedlist>
|
||
</para>
|
||
|
||
<para>When upgrading from a previous release, please be aware of the
|
||
following incompatible changes:</para>
|
||
|
||
<itemizedlist>
|
||
|
||
<listitem>
|
||
<para>We no longer produce graphical ISO images and VirtualBox
|
||
images for <literal>i686-linux</literal>. A minimal ISO image is
|
||
still provided.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Firefox and similar browsers are now <emphasis>wrapped by default</emphasis>.
|
||
The package and attribute names are plain <literal>firefox</literal>
|
||
or <literal>midori</literal>, etc. Backward-compatibility attributes were set up,
|
||
but note that <command>nix-env -u</command> will <emphasis>not</emphasis> update
|
||
your current <literal>firefox-with-plugins</literal>;
|
||
you have to uninstall it and install <literal>firefox</literal> instead.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para><command>wmiiSnap</command> has been replaced with
|
||
<command>wmii_hg</command>, but
|
||
<command>services.xserver.windowManager.wmii.enable</command> has
|
||
been updated respectively so this only affects you if you have
|
||
explicitly installed <command>wmiiSnap</command>.
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para><literal>jobs</literal> NixOS option has been removed. It served as
|
||
compatibility layer between Upstart jobs and SystemD services. All services
|
||
have been rewritten to use <literal>systemd.services</literal></para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para><command>wmiimenu</command> is removed, as it has been
|
||
removed by the developers upstream. Use <command>wimenu</command>
|
||
from the <command>wmii-hg</command> package.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Gitit is no longer automatically added to the module list in
|
||
NixOS and as such there will not be any manual entries for it. You
|
||
will need to add an import statement to your NixOS configuration
|
||
in order to use it, e.g.
|
||
|
||
<programlisting><![CDATA[
|
||
{
|
||
imports = [ <nixpkgs/nixos/modules/services/misc/gitit.nix> ];
|
||
}
|
||
]]></programlisting>
|
||
|
||
will include the Gitit service configuration options.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para><command>nginx</command> does not accept flags for enabling and
|
||
disabling modules anymore. Instead it accepts <literal>modules</literal>
|
||
argument, which is a list of modules to be built in. All modules now
|
||
reside in <literal>nginxModules</literal> set. Example configuration:
|
||
|
||
<programlisting><![CDATA[
|
||
nginx.override {
|
||
modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
|
||
}
|
||
]]></programlisting>
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para><command>s3sync</command> is removed, as it hasn't been
|
||
developed by upstream for 4 years and only runs with ruby 1.8.
|
||
For an actively-developer alternative look at
|
||
<command>tarsnap</command> and others.
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para><command>ruby_1_8</command> has been removed as it's not
|
||
supported from upstream anymore and probably contains security
|
||
issues.
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para><literal>tidy-html5</literal> package is removed.
|
||
Upstream only provided <literal>(lib)tidy5</literal> during development,
|
||
and now they went back to <literal>(lib)tidy</literal> to work as a drop-in
|
||
replacement of the original package that has been unmaintained for years.
|
||
You can (still) use the <literal>html-tidy</literal> package, which got updated
|
||
to a stable release from this new upstream.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para><literal>extraDeviceOptions</literal> argument is removed
|
||
from <literal>bumblebee</literal> package. Instead there are
|
||
now two separate arguments: <literal>extraNvidiaDeviceOptions</literal>
|
||
and <literal>extraNouveauDeviceOptions</literal> for setting
|
||
extra X11 options for nvidia and nouveau drivers, respectively.
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>The <literal>Ctrl+Alt+Backspace</literal> key combination
|
||
no longer kills the X server by default.
|
||
There's a new option <option>services.xserver.enableCtrlAltBackspace</option>
|
||
allowing to enable the combination again.
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para><literal>emacsPackagesNg</literal> now contains all packages
|
||
from the ELPA, MELPA, and MELPA Stable repositories.
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Data directory for Postfix MTA server is moved from
|
||
<filename>/var/postfix</filename> to <filename>/var/lib/postfix</filename>.
|
||
Old configurations are migrated automatically. <literal>service.postfix</literal>
|
||
module has also received many improvements, such as correct directories' access
|
||
rights, new <literal>aliasFiles</literal> and <literal>mapFiles</literal>
|
||
options and more.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Filesystem options should now be configured as a list of strings, not
|
||
a comma-separated string. The old style will continue to work, but print a
|
||
warning, until the 16.09 release. An example of the new style:
|
||
|
||
<programlisting>
|
||
fileSystems."/example" = {
|
||
device = "/dev/sdc";
|
||
fsType = "btrfs";
|
||
options = [ "noatime" "compress=lzo" "space_cache" "autodefrag" ];
|
||
};
|
||
</programlisting>
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>CUPS, installed by <literal>services.printing</literal> module, now
|
||
has its data directory in <filename>/var/lib/cups</filename>. Old
|
||
configurations from <filename>/etc/cups</filename> are moved there
|
||
automatically, but there might be problems. Also configuration options
|
||
<literal>services.printing.cupsdConf</literal> and
|
||
<literal>services.printing.cupsdFilesConf</literal> were removed
|
||
because they had been allowing one to override configuration variables
|
||
required for CUPS to work at all on NixOS. For most use cases,
|
||
<literal>services.printing.extraConf</literal> and new option
|
||
<literal>services.printing.extraFilesConf</literal> should be enough;
|
||
if you encounter a situation when they are not, please file a bug.</para>
|
||
|
||
<para>There are also Gutenprint improvements; in particular, a new option
|
||
<literal>services.printing.gutenprint</literal> is added to enable automatic
|
||
updating of Gutenprint PPMs; it's greatly recommended to enable it instead
|
||
of adding <literal>gutenprint</literal> to the <literal>drivers</literal> list.
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para><literal>services.xserver.vaapiDrivers</literal> has been removed. Use
|
||
<literal>hardware.opengl.extraPackages{,32}</literal> instead. You can
|
||
also specify VDPAU drivers there.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
<literal>programs.ibus</literal> moved to <literal>i18n.inputMethod.ibus</literal>.
|
||
The option <literal>programs.ibus.plugins</literal> changed to <literal>i18n.inputMethod.ibus.engines</literal>
|
||
and the option to enable ibus changed from <literal>programs.ibus.enable</literal> to
|
||
<literal>i18n.inputMethod.enabled</literal>.
|
||
<literal>i18n.inputMethod.enabled</literal> should be set to the used input method name,
|
||
<literal>"ibus"</literal> for ibus.
|
||
An example of the new style:
|
||
|
||
<programlisting>
|
||
i18n.inputMethod.enabled = "ibus";
|
||
i18n.inputMethod.ibus.engines = with pkgs.ibus-engines; [ anthy mozc ];
|
||
</programlisting>
|
||
|
||
That is equivalent to the old version:
|
||
|
||
<programlisting>
|
||
programs.ibus.enable = true;
|
||
programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ];
|
||
</programlisting>
|
||
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para><literal>services.udev.extraRules</literal> option now writes rules
|
||
to <filename>99-local.rules</filename> instead of <filename>10-local.rules</filename>.
|
||
This makes all the user rules apply after others, so their results wouldn't be
|
||
overriden by anything else.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Large parts of the <literal>services.gitlab</literal> module has been
|
||
been rewritten. There are new configuration options available. The
|
||
<literal>stateDir</literal> option was renamned to
|
||
<literal>statePath</literal> and the <literal>satellitesDir</literal> option
|
||
was removed. Please review the currently available options.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
The option <option>services.nsd.zones.<name>.data</option> no
|
||
longer interpret the dollar sign ($) as a shell variable, as such it
|
||
should not be escaped anymore. Thus the following zone data:
|
||
</para>
|
||
<programlisting>
|
||
\$ORIGIN example.com.
|
||
\$TTL 1800
|
||
@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
|
||
</programlisting>
|
||
<para>
|
||
Should modified to look like the actual file expected by nsd:
|
||
</para>
|
||
<programlisting>
|
||
$ORIGIN example.com.
|
||
$TTL 1800
|
||
@ IN SOA ns1.vpn.nbp.name. admin.example.com. (
|
||
</programlisting>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
<literal>service.syncthing.dataDir</literal> options now has to point
|
||
to exact folder where syncthing is writing to. Example configuration should
|
||
look something like:
|
||
</para>
|
||
<programlisting>
|
||
services.syncthing = {
|
||
enable = true;
|
||
dataDir = "/home/somebody/.syncthing";
|
||
user = "somebody";
|
||
};
|
||
</programlisting>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
<literal>networking.firewall.allowPing</literal> is now enabled by
|
||
default. Users are encourarged to configure an approiate rate limit for
|
||
their machines using the Kernel interface at
|
||
<filename>/proc/sys/net/ipv4/icmp_ratelimit</filename> and
|
||
<filename>/proc/sys/net/ipv6/icmp/ratelimit</filename> or using the
|
||
firewall itself, i.e. by setting the NixOS option
|
||
<literal>networking.firewall.pingLimit</literal>.
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
Systems with some broadcom cards used to result into a generated config
|
||
that is no longer accepted. If you get errors like
|
||
<screen>error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created</screen>
|
||
you should either re-run <command>nixos-generate-config</command> or manually replace
|
||
<literal>"${config.boot.kernelPackages.broadcom_sta}"</literal>
|
||
by
|
||
<literal>config.boot.kernelPackages.broadcom_sta</literal>
|
||
in your <filename>/etc/nixos/hardware-configuration.nix</filename>.
|
||
More discussion is on <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12595">
|
||
the github issue</link>.
|
||
</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>
|
||
The <literal>services.xserver.startGnuPGAgent</literal> option has been removed.
|
||
GnuPG 2.1.x changed the way the gpg-agent works, and that new approach no
|
||
longer requires (or even supports) the "start everything as a child of the
|
||
agent" scheme we've implemented in NixOS for older versions.
|
||
To configure the gpg-agent for your X session, add the following code to
|
||
<filename>~/.bashrc</filename> or some file that’s sourced when your shell is started:
|
||
<programlisting>
|
||
GPG_TTY=$(tty)
|
||
export GPG_TTY
|
||
</programlisting>
|
||
If you want to use gpg-agent for SSH, too, add the following to your session
|
||
initialization (e.g. <literal>displayManager.sessionCommands</literal>)
|
||
<programlisting>
|
||
gpg-connect-agent /bye
|
||
unset SSH_AGENT_PID
|
||
export SSH_AUTH_SOCK="''${HOME}/.gnupg/S.gpg-agent.ssh"
|
||
</programlisting>
|
||
and make sure that
|
||
<programlisting>
|
||
enable-ssh-support
|
||
</programlisting>
|
||
is included in your <filename>~/.gnupg/gpg-agent.conf</filename>.
|
||
You will need to use <command>ssh-add</command> to re-add your ssh keys.
|
||
If gpg’s automatic transformation of the private keys to the new format fails,
|
||
you will need to re-import your private keyring as well:
|
||
<programlisting>
|
||
gpg --import ~/.gnupg/secring.gpg
|
||
</programlisting>
|
||
The <command>gpg-agent(1)</command> man page has more details about this subject,
|
||
i.e. in the "EXAMPLES" section.
|
||
</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
|
||
|
||
<para>Other notable improvements:
|
||
|
||
<itemizedlist>
|
||
|
||
<!--
|
||
<listitem>
|
||
<para>The <command>command-not-found</command> hook was extended.
|
||
Apart from <literal>$NIX_AUTO_INSTALL</literal> variable,
|
||
it newly also checks for <literal>$NIX_AUTO_RUN</literal>
|
||
which causes it to directly run the missing commands via
|
||
<command>nix-shell</command> (without installing anything).</para>
|
||
</listitem>
|
||
-->
|
||
|
||
<listitem>
|
||
<para><literal>ejabberd</literal> module is brought back and now works on
|
||
NixOS.</para>
|
||
</listitem>
|
||
|
||
<listitem>
|
||
<para>Input method support was improved. New NixOS modules (fcitx, nabi and uim),
|
||
fcitx engines (chewing, hangul, m17n, mozc and table-other) and ibus engines (hangul and m17n)
|
||
have been added.</para>
|
||
</listitem>
|
||
|
||
</itemizedlist></para>
|
||
|
||
</section>
|