diff options
author | Martin Weinelt | 2023-05-31 13:51:44 +0200 |
---|---|---|
committer | GitHub | 2023-05-31 13:51:44 +0200 |
commit | 79f01961e13e13d919722f0fdd2b4fb46a7136c3 (patch) | |
tree | ae6454656384de1f4c65050daed7ee082b4c0f7c /nixos/doc/manual/release-notes/rl-2305.section.md | |
parent | 8d3dea249cadf4ea740928793c8007c3ee3cac09 (diff) | |
parent | 3c8af3ab5525a256ff943081fdf51493376689f9 (diff) |
Merge pull request #235187 from NixOS/23.05/rl2305-final
[backport release-23.05] rl-2305: finalize the release notes
Diffstat (limited to 'nixos/doc/manual/release-notes/rl-2305.section.md')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2305.section.md | 58 |
1 files changed, 28 insertions, 30 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 117aca84f8cf..4b34269712f4 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -12,34 +12,35 @@ To upgrade to the latest release, follow the [upgrade chapter](https://nixos.org In addition to numerous new and updated packages, this release has the following highlights: -- The default Linux kernel has been updated from 5.15 to 6.1, all kernels version supported on <kernel.org> are also available. +- The default [Nix](https://github.com/NixOS/nix) version was updated from 2.11 to 2.13. In particular, this includes a [small language alteration](https://github.com/NixOS/nix/issues/8259) in the way floats are represented in `builtins.toJSON`. See the release notes for [2.13](https://nixos.org/manual/nix/stable/release-notes/rl-2.13.html) and [2.14](https://nixos.org/manual/nix/unstable/release-notes/rl-2.14.html) for more information. -- systemd has been updated from v252 to v253, see [release notes](https://github.com/systemd/systemd/blob/main/NEWS#L21-L677) for more info. - - Updating with `nixos-rebuild boot` and `reboot` is recommended, since in some rare cases the `switch` into the new generation on a live system might fail due to missing mount units. +- The default [Linux Kernel](https://kernel.org/) was updated from version 5.15 to 6.1, see [Kernelnewbies](https://kernelnewbies.org/Linux_6.1) for what has changed. All currently shown Kernels shown on [kernel.org](https://kernel.org/) are available. -- The glibc has been updated from 2.35 to 2.37 +- [systemd](https://systemd.io) has been updated from v252 to v253, see [the release notes](https://github.com/systemd/systemd/blob/main/NEWS#L21-L677) for more information on the changes. + - Updating with `nixos-rebuild boot` and rebooting is recommended, since in some rare cases the `nixos-rebuild switch` into the new generation on a live system might fail due to missing mount units. -- GNOME has been updated to version 44. Please see the [release notes](https://release.gnome.org/44/) for details. +- [glibc](https://www.gnu.org/software/libc/) has been updated from version 2.35 to 2.37, see [the release notes](https://sourceware.org/glibc/wiki/Release/2.37) for what was changed. -- KDE Plasma has been updated to v5.27, see [the release notes](https://kde.org/announcements/plasma/5/5.27.0/) for what is changed. +- [libxcrypt](https://github.com/besser82/libxcrypt), the library providing the `crypt(3)` password hashing function, is now built without support for algorithms not flagged [`strong`](https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L48). This affects the availability of password hashing algorithms used for system login (`login(1)`, `passwd(1)`), but also Apache2 Basic-Auth, Samba, OpenLDAP, Dovecot, and [many other packages](https://sourcegraph.com/search?q=context:global+repo:%5Egithub%5C.com/NixOS/nixpkgs%24+libxcrypt&patternType=standard&sm=1&groupBy=path). -- Cinnamon has been updated to 5.6, see [the pull request](https://github.com/NixOS/nixpkgs/pull/201328#issue-1449910204) for what is changed. - -- `libxcrypt`, the library providing the `crypt(3)` password hashing function, is now built without support for algorithms not flagged [`strong`](https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf#L48). This affects the availability of password hashing algorithms used for system login (`login(1)`, `passwd(1)`), but also Apache2 Basic-Auth, Samba, OpenLDAP, Dovecot, and [many other packages](https://sourcegraph.com/search?q=context:global+repo:%5Egithub%5C.com/NixOS/nixpkgs%24+libxcrypt&patternType=standard&sm=1&groupBy=path). - -- NixOS now defaults to using [nsncd](https://github.com/twosigma/nsncd), a non-caching reimplementation of nscd in Rust, as its NSS lookup dispatcher. This replaces the buggy and deprecated nscd implementation provided through glibc. When you find problems, you can switch back by setting +- NixOS now defaults to using [nsncd](https://github.com/twosigma/nsncd), a non-caching reimplementation of nscd in Rust, as its NSS lookup dispatcher. This replaces the buggy and deprecated nscd implementation provided through glibc. When you find problems, you can switch back by disabling it: ```nix services.nscd.enableNsncd = false; ``` - but please open an issue in nixpkgs, so your problem can be addressed. -- Python implements [PEP 668](https://peps.python.org/pep-0668/), providing better feedback to users that try to run `pip install` for system-wide or user home installations. +- The internal option `boot.bootspec.enable` is now enabled by default because [RFC 0125](https://github.com/NixOS/rfcs/pull/125) was merged. This means you will have a bootspec document called `boot.json` generated for each system and specialisation in the top-level. This is useful to enable advanced boot use cases in NixOS, such as Secure Boot. -- There have been two changes to `nixos-rebuild`: +- Two changes to `nixos-rebuild` are important to highlight as well. - Support for an extra `--specialisation` option was added that can be used to change specialisation for `switch` and `test` commands. - - The `--target-host` and `--build-host` options no longer treat the `localhost` value specially – to build on/deploy to a local machine, omit the relevant flag. + - The `--target-host` and `--build-host` options no longer treat the `localhost` value specially – to build on resp. deploy to a local machine, omit the relevant flag. + +- [Python](https://www.python.org) implements [PEP 668](https://peps.python.org/pep-0668/), providing better feedback to users that try to run `pip install` for system-wide or user home installations. + +- [Cinnamon](https://github.com/linuxmint/Cinnamon) has been updated to version 5.6, see [the pull request](https://github.com/NixOS/nixpkgs/pull/201328#issue-1449910204) for what was changed. + +- [GNOME](https://www.gnome.org) has been updated to version 44, see the [the release notes](https://release.gnome.org/44/) for details. -- `boot.bootspec.enable` (internal option) is now enabled by default because [RFC 0125](https://github.com/NixOS/rfcs/pull/125) was merged. This means you will have a bootspec document called `boot.json` generated for each system and specialisation in the top-level. This is useful to enable advanced boot use cases in NixOS, such as Secure Boot. +- [KDE Plasma](https://kde.org/de/plasma-desktop/) has been updated to version 5.27, see [the release notes](https://kde.org/announcements/plasma/5/5.27.0/) for what was changed. ## New Services {#sec-release-23.05-new-services} @@ -167,7 +168,7 @@ In addition to numerous new and updated packages, this release has the following - [woodpecker](https://woodpecker-ci.org/), a simple CI engine with great extensibility. Available as [services.woodpecker-server](#opt-services.woodpecker-server.enable) and [services.woodpecker-agents](#opt-services.woodpecker-agents.agents._name_.enable). -- [wstunnel](https://github.com/erebe/wstunnel), a proxy tunnelling arbitrary TCP or UDP traffic through a WebSocket connection. Instances may be configured via [services.wstunnel](options.html#opt-services.wstunnel.enable). +- [wstunnel](https://github.com/erebe/wstunnel), a proxy tunnelling arbitrary TCP or UDP traffic through a WebSocket connection. Available as [services.wstunnel](options.html#opt-services.wstunnel.enable). ## Backward Incompatibilities {#sec-release-23.05-incompatibilities} @@ -306,12 +307,10 @@ In addition to numerous new and updated packages, this release has the following - Please note that an upgrade from v24 (or older) to v26 directly is not possible. Please upgrade to `nextcloud25` (or earlier) first. Nextcloud prohibits skipping major versions while upgrading. You can upgrade by declaring [`services.nextcloud.package = pkgs.nextcloud25;`](options.html#opt-services.nextcloud.package). - It's recommended to use the latest version available (i.e. v26) and to specify that using `services.nextcloud.package`. -- .NET 5.0 and .NET 3.1 were removed due to being end-of-life, use a newer, supported .NET version - https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core +- .NET 5.0 and .NET 3.1 were removed due to being end-of-life, use a newer, supported .NET version. Visit the [Support Policy](https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core) for more information. - The iputils package, which is installed by default, no longer provides the - `ninfod`, `rarpd` and `rdisc` tools. See - [upstream's release notes](https://github.com/iputils/iputils/releases/tag/20221126) - for more details and available replacements. + `ninfod`, `rarpd` and `rdisc` tools. See [upstream's release notes](https://github.com/iputils/iputils/releases/tag/20221126) for more details and available replacements. - The ppp plugin `rp-pppoe.so` has been renamed to `pppoe.so` in ppp 2.4.9. Starting from ppp 2.5.0, there is no longer an alias for backwards compatibility. Configurations that use this plugin must be updated accordingly from `plugin rp-pppoe.so` to `plugin pppoe.so`. See [upstream change](https://github.com/ppp-project/ppp/commit/610a7bd76eb1f99f22317541b35001b1e24877ed). @@ -323,7 +322,7 @@ In addition to numerous new and updated packages, this release has the following - In `services.fail2ban`, `bantime-increment.<name>` options now default to `null` (except `bantime-increment.enable`) and are used to set the corresponding option in `jail.local` only if not `null`. Also, enforce that `bantime-increment.formula` and `bantime-increment.multipliers` are not both specified. -- The default Asterisk package was changed to v20 from v19. Asterisk versions 16 and 19 have been dropped due to being EOL. You may need to update /var/lib/asterisk to match the template files in `${asterisk-20}/var/lib/asterisk`. +- The default `asterisk` package was changed to v20 from v19. Asterisk versions 16 and 19 have been dropped due to being EOL. You may need to update /var/lib/asterisk to match the template files in `${asterisk-20}/var/lib/asterisk`. - conntrack helper autodetection has been removed from kernels 6.0 and up upstream, and an assertion was added to ensure things don't silently stop working. Migrate your configuration to assign helpers explicitly or use an older LTS kernel branch as a temporary workaround. @@ -341,9 +340,7 @@ In addition to numerous new and updated packages, this release has the following - The `qlandkartegt` and `garmindev` packages were removed due to being unmaintained and insecure. -- Only `k3s` version 1.26 is included. Users of the `k3s_1_24` or `k3s_1_25` packages should upgrade to use the `1.26` version of the package. - -- `go-ethereum` package has been updated to v1.11.5 and the `puppeth` command is no longer available as of v1.11.0. +- The `go-ethereum` package has been updated to v1.11.5 and the `puppeth` command is no longer available as of v1.11.0. - The `pnpm` package has be updated to from version 7.29.1 to version 8.1.1 and Node.js 14 support has been discontinued (though, there are workarounds if Node.js 14 is still required) - Migration instructions: ["Before updating pnpm to v8 in your CI, regenerate your pnpm-lock.yaml. To upgrade your lockfile, run pnpm install and commit the changes. Existing dependencies will not be updated; however, due to configuration changes in pnpm v8, some missing peer dependencies may be added to the lockfile and some packages may get deduplicated. You can commit the new lockfile even before upgrading Node.js in the CI, as pnpm v7 already supports the new lockfile format."](https://github.com/pnpm/pnpm/releases/tag/v8.0.0) @@ -358,11 +355,13 @@ In addition to numerous new and updated packages, this release has the following - `espanso` has been updated to major version 2. Therefore, migration steps may need to be performed. See [the official migration instructions](https://espanso.org/docs/migration/overview/) for how to perform these migrations. Further, `espanso-wayland` can now be used for Wayland support. +- Only `k3s` version 1.26 is included. Users of the `k3s_1_24` or `k3s_1_25` packages should upgrade to use the `1.26` version of the package. + ## Other Notable Changes {#sec-release-23.05-notable-changes} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> -- A few openssh options have been moved from extraConfig to the new freeform option `settings` and renamed as follows: +- To follow [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md) a few options of `openssh` have been moved from `extraConfig` to the new freeform option `settings` and renamed, e.g.: - `services.openssh.forwardX11` to `services.openssh.settings.X11Forwarding` - `services.openssh.kbdInteractiveAuthentication` -> `services.openssh.settings.KbdInteractiveAuthentication` - `services.openssh.passwordAuthentication` to `services.openssh.settings.PasswordAuthentication` @@ -470,10 +469,7 @@ In addition to numerous new and updated packages, this release has the following - The module `services.headscale` was refactored to be compliant with [RFC 0042](https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md). To be precise, this means that the following things have changed: - - Most settings have been migrated below [services.headscale.settings](#opt-services.headscale.settings) which is a freeform attribute-set that - will be converted into headscale's YAML config format. This means that the configuration from - [headscale's example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml) - can be directly written as attribute-set in Nix within this option. + - Most settings have been migrated below [services.headscale.settings](#opt-services.headscale.settings) which is a freeform attribute-set that will be converted into headscale's YAML config format. This means that the configuration from [headscale's example configuration](https://github.com/juanfont/headscale/blob/main/config-example.yaml) can be directly written as attribute-set in Nix within this option. - `services.kubo` now unmounts `ipfsMountDir` and `ipnsMountDir` even if it is killed unexpectedly when `autoMount` is enabled. @@ -549,6 +545,8 @@ In addition to numerous new and updated packages, this release has the following - Booting from a volume managed by the Stratis storage management daemon is now supported. Use `fileSystems.<name>.stratis.poolUuid` to configure the pool containing the fs. +- Only `k3s` version 1.26 is included. Users of the `k3s_1_24` or `k3s_1_25` packages should upgrade to use the version 1.26 of the package. + ## Nixpkgs internals {#sec-release-23.05-nixpkgs-internals} - `buildDunePackage` now defaults to `strictDeps = true` which means that any library should go into `buildInputs` or `checkInputs`. Any executable that is run on the building machine should go into `nativeBuildInputs` or `nativeCheckInputs` respectively. Example of executables are `ocaml`, `findlib` and `menhir`. PPXs are libraries which are built by dune and should therefore not go into `nativeBuildInputs`. |