470 lines
18 KiB
XML
470 lines
18 KiB
XML
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
version="5.0"
|
|
xml:id="sec-release-18.03">
|
|
|
|
<title>Release 18.03 (“Impala”, 2018/03/??)</title>
|
|
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
version="5.0"
|
|
xml:id="sec-release-18.03-highlights">
|
|
|
|
<title>Highlights</title>
|
|
|
|
<para>In addition to numerous new and upgraded packages, this release
|
|
has the following highlights: </para>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
Nix now defaults to 2.0; see its
|
|
<link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.0">release notes</link>.
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
Linux kernel defaults to the 4.14 branch (it was 4.9).
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
GCC defaults to 7.x (it was 6.x).
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
MariaDB 10.2, updated from 10.1, is now the default MySQL implementation. While upgrading a few changes
|
|
have been made to the infrastructure involved:
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<literal>libmysql</literal> has been deprecated, please use <literal>mysql.connector-c</literal>
|
|
instead, a compatibility passthru has been added to the MySQL packages.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>mysql57</literal> package has a new <literal>static</literal> output containing
|
|
the static libraries including <literal>libmysqld.a</literal>
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>
|
|
The GNOME version is now 3.26.
|
|
</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>PHP now defaults to PHP 7.2</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
</section>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
version="5.0"
|
|
xml:id="sec-release-18.03-new-services">
|
|
|
|
<title>New Services</title>
|
|
|
|
<para>The following new services were added since the last release:</para>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para></para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
</section>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
version="5.0"
|
|
xml:id="sec-release-18.03-incompatibilities">
|
|
|
|
<title>Backward Incompatibilities</title>
|
|
|
|
<para>When upgrading from a previous release, please be aware of the
|
|
following incompatible changes:</para>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<literal>sound.enable</literal> now defaults to false.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Dollar signs in options under <option>services.postfix</option> are
|
|
passed verbatim to Postfix, which will interpret them as the beginning of
|
|
a parameter expression. This was already true for string-valued options
|
|
in the previous release, but not for list-valued options. If you need to
|
|
pass literal dollar signs through Postfix, double them.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>postage</literal> package (for web-based PostgreSQL
|
|
administration) has been renamed to <literal>pgmanage</literal>. The
|
|
corresponding module has also been renamed. To migrate please rename all
|
|
<option>services.postage</option> options to
|
|
<option>services.pgmanage</option>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Package attributes starting with a digit have been prefixed with an
|
|
underscore sign. This is to avoid quoting in the configuration and
|
|
other issues with command-line tools like <literal>nix-env</literal>.
|
|
The change affects the following packages:
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para><literal>2048-in-terminal</literal> → <literal>_2048-in-terminal</literal></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><literal>90secondportraits</literal> → <literal>_90secondportraits</literal></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><literal>2bwm</literal> → <literal>_2bwm</literal></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><literal>389-ds-base</literal> → <literal>_389-ds-base</literal></para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<emphasis role="strong">
|
|
The OpenSSH service no longer enables support for DSA keys by default,
|
|
which could cause a system lock out. Update your keys or, unfavorably,
|
|
re-enable DSA support manually.
|
|
</emphasis>
|
|
</para>
|
|
|
|
<para>
|
|
DSA support was
|
|
<link xlink:href="https://www.openssh.com/legacy.html">deprecated in OpenSSH 7.0</link>,
|
|
due to it being too weak. To re-enable support, add
|
|
<literal>PubkeyAcceptedKeyTypes +ssh-dss</literal> to the end of your
|
|
<option>services.openssh.extraConfig</option>.
|
|
</para>
|
|
|
|
<para>
|
|
After updating the keys to be stronger, anyone still on a pre-17.03
|
|
version is safe to jump to 17.03, as vetted
|
|
<link xlink:href="https://search.nix.gsc.io/?q=stateVersion">here</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>openssh</literal> package
|
|
now includes Kerberos support by default;
|
|
the <literal>openssh_with_kerberos</literal> package
|
|
is now a deprecated alias.
|
|
If you do not want Kerberos support,
|
|
you can do <literal>openssh.override { withKerboros = false; }</literal>.
|
|
Note, this also applies to the <literal>openssh_hpn</literal> package.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>cc-wrapper</literal> has been split in two; there is now also a <literal>bintools-wrapper</literal>.
|
|
The most commonly used files in <filename>nix-support</filename> are now split between the two wrappers.
|
|
Some commonly used ones, like <filename>nix-support/dynamic-linker</filename>, are duplicated for backwards compatability, even though they rightly belong only in <literal>bintools-wrapper</literal>.
|
|
Other more obscure ones are just moved.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The propagation logic has been changed.
|
|
The new logic, along with new types of dependencies that go with, is thoroughly documented in the "Specifying dependencies" section of the "Standard Environment" chapter of the nixpkgs manual.
|
|
<!-- That's <xref linkend="ssec-stdenv-attributes"> were we to merge the manuals. -->
|
|
The old logic isn't but is easy to describe: dependencies were propagated as the same type of dependency no matter what.
|
|
In practice, that means that many <function>propagatedNativeBuildInputs</function> should instead be <function>propagatedBuildInputs</function>.
|
|
Thankfully, that was and is the least used type of dependency.
|
|
Also, it means that some <function>propagatedBuildInputs</function> should instead be <function>depsTargetTargetPropagated</function>.
|
|
Other types dependencies should be unaffected.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>lib.addPassthru drv passthru</literal> is removed. Use <literal>lib.extendDerivation true passthru drv</literal> instead.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>memcached</literal> service no longer accept dynamic socket
|
|
paths via <option>services.memcached.socket</option>. Unix sockets can be
|
|
still enabled by <option>services.memcached.enableUnixSocket</option> and
|
|
will be accessible at <literal>/run/memcached/memcached.sock</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <varname>hardware.amdHybridGraphics.disable</varname> option was removed for lack of a maintainer. If you still need this module, you may wish to include a copy of it from an older version of nixos in your imports.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The merging of config options for <varname>services.postfix.config</varname>
|
|
was buggy. Previously, if other options in the Postfix module like
|
|
<varname>services.postfix.useSrs</varname> were set and the user set config
|
|
options that were also set by such options, the resulting config wouldn't
|
|
include all options that were needed. They are now merged correctly. If
|
|
config options need to be overridden, <literal>lib.mkForce</literal> or
|
|
<literal>lib.mkOverride</literal> can be used.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The following changes apply if the <literal>stateVersion</literal> is changed to 18.03 or higher.
|
|
For <literal>stateVersion = "17.09"</literal> or lower the old behavior is preserved.
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
<literal>matrix-synapse</literal> uses postgresql by default instead of sqlite.
|
|
Migration instructions can be found <link xlink:href="https://github.com/matrix-org/synapse/blob/master/docs/postgres.rst#porting-from-sqlite"> here </link>.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>jid</literal> package has been removed, due to maintenance
|
|
overhead of a go package having non-versioned dependencies.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
When using <option>services.xserver.libinput</option> (enabled by default in GNOME),
|
|
it now handles all input devices, not just touchpads. As a result, you might need to
|
|
re-evaluate any custom Xorg configuration. In particular,
|
|
<literal>Option "XkbRules" "base"</literal> may result in broken keyboard layout.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>attic</literal> package was removed. A maintained fork called
|
|
<link xlink:href="https://www.borgbackup.org/">Borg</link> should be used instead.
|
|
Migration instructions can be found
|
|
<link xlink:href="http://borgbackup.readthedocs.io/en/stable/usage/upgrade.html#attic-and-borg-0-xx-to-borg-1-x">here</link>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The Piwik analytics software was renamed to Matomo:
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>The package <literal>pkgs.piwik</literal> was renamed to <literal>pkgs.matomo</literal>.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>The service <literal>services.piwik</literal> was renamed to <literal>services.matomo</literal>.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The data directory <filename>/var/lib/piwik</filename> was renamed to <filename>/var/lib/matomo</filename>.
|
|
All files will be moved automatically on first startup, but you might need to adjust your backup scripts.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The default <option>serverName</option> for the nginx configuration changed from
|
|
<literal>piwik.${config.networking.hostName}</literal> to
|
|
<literal>matomo.${config.networking.hostName}.${config.networking.domain}</literal>
|
|
if <option>config.networking.domain</option> is set,
|
|
<literal>matomo.${config.networking.hostName}</literal> if it is not set.
|
|
If you change your <option>serverName</option>, remember you'll need to update the
|
|
<literal>trustedHosts[]</literal> array in <filename>/var/lib/matomo/config/config.ini.php</filename>
|
|
as well.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>piwik</literal> user was renamed to <literal>matomo</literal>.
|
|
The service will adjust ownership automatically for files in the data directory.
|
|
If you use unix socket authentication, remember to give the new <literal>matomo</literal> user
|
|
access to the database and to change the <literal>username</literal> to <literal>matomo</literal>
|
|
in the <literal>[database]</literal> section of <filename>/var/lib/matomo/config/config.ini.php</filename>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
If you named your database `piwik`, you might want to rename it to `matomo` to keep things clean,
|
|
but this is neither enforced nor required.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>nodejs-4_x</literal> is end-of-life.
|
|
<literal>nodejs-4_x</literal>, <literal>nodejs-slim-4_x</literal> and <literal>nodePackages_4_x</literal> are removed.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The <literal>pump.io</literal> NixOS module was removed.
|
|
It is now maintained as an
|
|
<link xlink:href="https://github.com/rvl/pump.io-nixos">external module</link>.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
</section>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
version="5.0"
|
|
xml:id="sec-release-18.03-notable-changes">
|
|
|
|
<title>Other Notable Changes</title>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>
|
|
ZNC option <option>services.znc.mutable</option> now defaults to
|
|
<literal>true</literal>. That means that old configuration is not
|
|
overwritten by default when update to the znc options are made.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The option <option>networking.wireless.networks.<name>.auth</option>
|
|
has been added for wireless networks with WPA-Enterprise authentication.
|
|
There is also a new <option>extraConfig</option> option to directly
|
|
configure <literal>wpa_supplicant</literal> and <option>hidden</option>
|
|
to connect to hidden networks.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
In the module <option>networking.interfaces.<name></option> the
|
|
following options have been removed:
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para><option>ipAddress</option></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><option>ipv6Address</option></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><option>prefixLength</option></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><option>ipv6PrefixLength</option></para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><option>subnetMask</option></para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
To assign static addresses to an interface the options
|
|
<option>ipv4.addresses</option> and <option>ipv6.addresses</option>
|
|
should be used instead.
|
|
The options <option>ip4</option> and <option>ip6</option> have been
|
|
renamed to <option>ipv4.addresses</option> <option>ipv6.addresses</option>
|
|
respectively.
|
|
The new options <option>ipv4.routes</option> and <option>ipv6.routes</option>
|
|
have been added to set up static routing.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The option <option>services.xserver.desktopManager.default</option> is now
|
|
<literal>none</literal> by default. An assertion failure is thrown if WM's
|
|
and DM's default are <literal>none</literal>.
|
|
To explicitly run a plain X session without and DM or WM, the newly
|
|
introduced option <option>services.xserver.plainX</option> must be set to true.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The option <option>services.logstash.listenAddress</option> is now <literal>127.0.0.1</literal> by default.
|
|
Previously the default behaviour was to listen on all interfaces.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>services.btrfs.autoScrub</literal> has been added, to
|
|
periodically check btrfs filesystems for data corruption.
|
|
If there's a correct copy available, it will automatically repair
|
|
corrupted blocks.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>displayManager.lightdm.greeters.gtk.clock-format.</literal>
|
|
has been added, the clock format string (as expected by
|
|
strftime, e.g. <literal>%H:%M</literal>) to use with the lightdm
|
|
gtk greeter panel.
|
|
</para>
|
|
<para>
|
|
If set to null the default clock format is used.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<literal>displayManager.lightdm.greeters.gtk.indicators</literal>
|
|
has been added, a list of allowed indicator modules to use with
|
|
the lightdm gtk greeter panel.
|
|
</para>
|
|
<para>
|
|
Built-in indicators include <literal>~a11y</literal>,
|
|
<literal>~language</literal>, <literal>~session</literal>,
|
|
<literal>~power</literal>, <literal>~clock</literal>,
|
|
<literal>~host</literal>, <literal>~spacer</literal>. Unity
|
|
indicators can be represented by short name
|
|
(e.g. <literal>sound</literal>, <literal>power</literal>),
|
|
service file name, or absolute path.
|
|
</para>
|
|
<para>
|
|
If set to <literal>null</literal> the default indicators are
|
|
used.
|
|
</para>
|
|
<para>
|
|
In order to have the previous default configuration add
|
|
<programlisting>
|
|
services.xserver.displayManager.lightdm.greeters.gtk.indicators = [
|
|
"~host" "~spacer"
|
|
"~clock" "~spacer"
|
|
"~session"
|
|
"~language"
|
|
"~a11y"
|
|
"~power"
|
|
];
|
|
</programlisting>
|
|
to your <literal>configuration.nix</literal>.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
The NixOS test driver supports user services declared by <literal>systemd.user.services</literal>.
|
|
The methods <literal>waitForUnit</literal>, <literal>getUnitInfo</literal>, <literal>startJob</literal>
|
|
and <literal>stopJob</literal> provide an optional <literal>$user</literal> argument for that purpose.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
Enabling bash completion on NixOS, <literal>programs.bash.enableCompletion</literal>, will now also enable
|
|
completion for the Nix command line tools by installing the
|
|
<link xlink:href="https://github.com/hedning/nix-bash-completions">nix-bash-completions</link> package.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
</section>
|
|
</section>
|