diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/installation/upgrading.xml | 16 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2105.xml | 272 | ||||
-rw-r--r-- | nixos/modules/security/acme.nix | 2 |
3 files changed, 184 insertions, 106 deletions
diff --git a/nixos/doc/manual/installation/upgrading.xml b/nixos/doc/manual/installation/upgrading.xml index 15ba5db9a37be..960d4fa9a436e 100644 --- a/nixos/doc/manual/installation/upgrading.xml +++ b/nixos/doc/manual/installation/upgrading.xml @@ -14,7 +14,7 @@ <para> <emphasis>Stable channels</emphasis>, such as <literal - xlink:href="https://nixos.org/channels/nixos-20.09">nixos-20.09</literal>. + xlink:href="https://nixos.org/channels/nixos-21.05">nixos-21.05</literal>. These only get conservative bug fixes and package upgrades. For instance, a channel update may cause the Linux kernel on your system to be upgraded from 4.19.34 to 4.19.38 (a minor bug fix), but not from @@ -38,7 +38,7 @@ <para> <emphasis>Small channels</emphasis>, such as <literal - xlink:href="https://nixos.org/channels/nixos-20.09-small">nixos-20.09-small</literal> + xlink:href="https://nixos.org/channels/nixos-21.05-small">nixos-21.05-small</literal> or <literal xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>. @@ -63,8 +63,8 @@ <para> When you first install NixOS, you’re automatically subscribed to the NixOS channel that corresponds to your installation source. For instance, if you - installed from a 20.09 ISO, you will be subscribed to the - <literal>nixos-20.09</literal> channel. To see which NixOS channel you’re + installed from a 21.05 ISO, you will be subscribed to the + <literal>nixos-21.05</literal> channel. To see which NixOS channel you’re subscribed to, run the following as root: <screen> <prompt># </prompt>nix-channel --list | grep nixos @@ -75,13 +75,13 @@ nixos https://nixos.org/channels/nixos-unstable <prompt># </prompt>nix-channel --add https://nixos.org/channels/<replaceable>channel-name</replaceable> nixos </screen> (Be sure to include the <literal>nixos</literal> parameter at the end.) For - instance, to use the NixOS 20.09 stable channel: + instance, to use the NixOS 21.05 stable channel: <screen> -<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09 nixos +<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-21.05 nixos </screen> If you have a server, you may want to use the “small” channel instead: <screen> -<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-20.09-small nixos +<prompt># </prompt>nix-channel --add https://nixos.org/channels/nixos-21.05-small nixos </screen> And if you want to live on the bleeding edge: <screen> @@ -132,7 +132,7 @@ nixos https://nixos.org/channels/nixos-unstable kernel, initrd or kernel modules. You can also specify a channel explicitly, e.g. <programlisting> -<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-20.09; +<xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-21.05; </programlisting> </para> </section> diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml index 12a9ae2f44ea8..d76d7446e6b2d 100644 --- a/nixos/doc/manual/release-notes/rl-2105.xml +++ b/nixos/doc/manual/release-notes/rl-2105.xml @@ -3,8 +3,11 @@ xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-release-21.05"> - <title>Release 21.05 (“Okapi”, 2021.05/??)</title> + <title>Release 21.05 (“Okapi”, 2021.05/31)</title> + <para> + Support is planned until the end of December 2021, handing over to 21.11. + </para> <section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" @@ -18,114 +21,81 @@ </para> <itemizedlist> + <listitem> <para> - Support is planned until the end of December 2021, handing over to 21.11. - </para> - </listitem> - <listitem> - <para>The default Linux kernel was updated to the 5.10 LTS series, coming from the 5.4 LTS series.</para> - <para>The <package>linux_latest</package> kernel was updated to the 5.12 series. It currently is not officially supported for use with the zfs filesystem. If you use zfs, you should use a different kernel version (either the LTS kernel, or track a specific one). </para> - </listitem> - <listitem> - <para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.gnuradio.org/">GNURadio</link> 3.8 was - <link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link> - packaged, along with a rewrite to the Nix expressions, allowing users to - override the features upstream supports selecting to compile or not to. - Additionally, the attribute <code>gnuradio</code> and <code>gnuradio3_7</code> - now point to an externally wrapped by default derivations, that allow you to - also add `extraPythonPackages` to the Python interpreter used by GNURadio. - Missing environmental variables needed for operational GUI were also added - (<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>). - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.gnuradio.org/">GNURadio</link> has a - <code>pkgs</code> attribute set, and there's a <code>gnuradio.callPackage</code> - function that extends <code>pkgs</code> with a <code>mkDerivation</code>, and a - <code>mkDerivationWith</code>, like Qt5. Now all <code>gnuradio.pkgs</code> are - defined with <code>gnuradio.callPackage</code> and some packages that depend - on gnuradio are defined with this as well. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://www.privoxy.org/">Privoxy</link> has been updated - to version 3.0.32 (See <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>). - Compared to the previous release, Privoxy has gained support for HTTPS - inspection (still experimental), Brotli decompression, several new filters - and lots of bug fixes, including security ones. In addition, the package - is now built with compression and external filters support, which were - previously disabled. - </para> - <para> - Regarding the NixOS module, new options for HTTPS inspection have been added - and <option>services.privoxy.extraConfig</option> has been replaced by the new - <xref linkend="opt-services.privoxy.settings"/> - (See <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link> - for the motivation). - </para> - </listitem> - <listitem> - <para> - Python optimizations were disabled again. Builds with optimizations enabled - are not reproducible. Optimizations can now be enabled with an option. - </para> - </listitem> - <listitem> - <para> - <link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.1 "Matrix". See - the <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> for - further details. - </para> - </listitem> - <listitem> - <para> - The <option>services.packagekit.backend</option> option has been removed as - it only supported a single setting which would always be the default. - Instead new <link - xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC - 0042</link> compliant <xref linkend="opt-services.packagekit.settings"/> - and <xref linkend="opt-services.packagekit.vendorSettings"/> options have - been introduced. + Core version changes: </para> + <itemizedlist> + <listitem> + <para> + gcc: 9.3.0 -> 10.3.0 + </para> + </listitem> + <listitem> + <para> + glibc: 2.30 -> 2.32 + </para> + </listitem> + <listitem> + <para> + default linux: 5.4 -> 5.10, all supported kernels available + </para> + </listitem> + <listitem> + <para> + mesa: 20.1.7 -> 21.0.1 + </para> + </listitem> + </itemizedlist> </listitem> <listitem> <para> - <link xlink:href="https://nginx.org">Nginx</link> has been updated to stable version 1.20.0. - Now nginx uses the zlib-ng library by default. + Desktop Environments: </para> + <itemizedlist> + <listitem> + <para> + Gnome: 3.36 -> 3.40, see its <link xlink:href="https://help.gnome.org/misc/release-notes/3.40/">release notes</link> + </para> + </listitem> + <listitem> + <para> + Plasma5: 5.18.5 -> 5.21.3 + </para> + </listitem> + <listitem> + <para> + kdeApplications: 20.08.1 -> 20.12.3 + </para> + </listitem> + <listitem> + <para> + cinnamon: 4.6 -> 4.8.1 + </para> + </listitem> + </itemizedlist> </listitem> + <listitem> <para> - KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its - <link xlink:href="https://kde.org/announcements/gear/21.04/">release - notes</link> for details. - </para> - <para> - The <code>kdeApplications</code> package set is now <code>kdeGear</code>, - in keeping with the new name. The old name remains for compatibility, but - it is deprecated. + Programming Languages and Frameworks: </para> + <itemizedlist> + + <listitem> + <para> + Python optimizations were disabled again. Builds with optimizations enabled + are not reproducible. Optimizations can now be enabled with an option. + </para> + </listitem> + + </itemizedlist> </listitem> <listitem> - <para> - <link xlink:href="https://libreswan.org/">Libreswan</link> has been updated - to version 4.4. The package now includes example configurations and manual - pages by default. The NixOS module has been changed to use the upstream - systemd units and write the configuration in the <literal>/etc/ipsec.d/ - </literal> directory. In addition, two new options have been added to - specify connection policies - (<xref linkend="opt-services.libreswan.policies"/>) - and disable send/receive redirects - (<xref linkend="opt-services.libreswan.disableRedirects"/>). - </para> + <para>The <package>linux_latest</package> kernel was updated to the 5.12 series. It currently is not officially supported for use with the zfs filesystem. If you use zfs, you should use a different kernel version (either the LTS kernel, or track a specific one). </para> </listitem> + </itemizedlist> </section> @@ -142,6 +112,20 @@ <itemizedlist> <listitem> + <para> + <link xlink:href="https://www.gnuradio.org/">GNURadio</link> 3.8 was + <link xlink:href="https://github.com/NixOS/nixpkgs/issues/82263">finally</link> + packaged, along with a rewrite to the Nix expressions, allowing users to + override the features upstream supports selecting to compile or not to. + Additionally, the attribute <code>gnuradio</code> and <code>gnuradio3_7</code> + now point to an externally wrapped by default derivations, that allow you to + also add `extraPythonPackages` to the Python interpreter used by GNURadio. + Missing environmental variables needed for operational GUI were also added + (<link xlink:href="https://github.com/NixOS/nixpkgs/issues/75478">#75478</link>). + </para> + </listitem> + + <listitem> <para> <link xlink:href="https://www.keycloak.org/">Keycloak</link>, an open source identity and access management server with @@ -194,6 +178,10 @@ <itemizedlist> <listitem> + <para>GNOME desktop environment was upgraded to 40, see the release notes for <link xlink:href="https://help.gnome.org/misc/release-notes/40.0/">40.0</link> and <link xlink:href="https://help.gnome.org/misc/release-notes/3.38/">3.38</link>. The <code>gnome3</code> attribute set has been renamed to <code>gnome</code> and so have been the NixOS options.</para> + </listitem> + + <listitem> <para> If you are using <option>services.udev.extraRules</option> to assign custom names to network interfaces, this may stop working due to a change @@ -600,7 +588,7 @@ http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/e <programlisting> self: super: { - mpi = super.mpich; + mpi = super.mpich; } </programlisting> </para> @@ -804,6 +792,16 @@ environment.systemPackages = [ the deprecated <option>services.radicale.config</option> is used. </para> </listitem> + <listitem> + <para> + In the <option>security.acme</option> module, use of <literal>--reuse-key</literal> + parameter for Lego has been removed. It was introduced for HKPK, but this security + feature is now deprecated. It is a better security practice to rotate key pairs + instead of always keeping the same. If you need to keep this parameter, you can add + it back using <literal>extraLegoRenewFlags</literal> as an option for the + appropriate certificate. + </para> + </listitem> </itemizedlist> </section> @@ -823,6 +821,85 @@ environment.systemPackages = [ for details. </para> </listitem> + + <listitem> + <para> + <link xlink:href="https://www.gnuradio.org/">GNURadio</link> has a + <code>pkgs</code> attribute set, and there's a <code>gnuradio.callPackage</code> + function that extends <code>pkgs</code> with a <code>mkDerivation</code>, and a + <code>mkDerivationWith</code>, like Qt5. Now all <code>gnuradio.pkgs</code> are + defined with <code>gnuradio.callPackage</code> and some packages that depend + on gnuradio are defined with this as well. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://www.privoxy.org/">Privoxy</link> has been updated + to version 3.0.32 (See <link xlink:href="https://lists.privoxy.org/pipermail/privoxy-announce/2021-February/000007.html">announcement</link>). + Compared to the previous release, Privoxy has gained support for HTTPS + inspection (still experimental), Brotli decompression, several new filters + and lots of bug fixes, including security ones. In addition, the package + is now built with compression and external filters support, which were + previously disabled. + </para> + <para> + Regarding the NixOS module, new options for HTTPS inspection have been added + and <option>services.privoxy.extraConfig</option> has been replaced by the new + <xref linkend="opt-services.privoxy.settings"/> + (See <link xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC 0042</link> + for the motivation). + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://kodi.tv/">Kodi</link> has been updated to version 19.1 "Matrix". See + the <link xlink:href="https://kodi.tv/article/kodi-190-matrix-release">announcement</link> for + further details. + </para> + </listitem> + <listitem> + <para> + The <option>services.packagekit.backend</option> option has been removed as + it only supported a single setting which would always be the default. + Instead new <link + xlink:href="https://github.com/NixOS/rfcs/blob/master/rfcs/0042-config-option.md">RFC + 0042</link> compliant <xref linkend="opt-services.packagekit.settings"/> + and <xref linkend="opt-services.packagekit.vendorSettings"/> options have + been introduced. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://nginx.org">Nginx</link> has been updated to stable version 1.20.0. + Now nginx uses the zlib-ng library by default. + </para> + </listitem> + <listitem> + <para> + KDE Gear (formerly KDE Applications) is upgraded to 21.04, see its + <link xlink:href="https://kde.org/announcements/gear/21.04/">release + notes</link> for details. + </para> + <para> + The <code>kdeApplications</code> package set is now <code>kdeGear</code>, + in keeping with the new name. The old name remains for compatibility, but + it is deprecated. + </para> + </listitem> + <listitem> + <para> + <link xlink:href="https://libreswan.org/">Libreswan</link> has been updated + to version 4.4. The package now includes example configurations and manual + pages by default. The NixOS module has been changed to use the upstream + systemd units and write the configuration in the <literal>/etc/ipsec.d/ + </literal> directory. In addition, two new options have been added to + specify connection policies + (<xref linkend="opt-services.libreswan.policies"/>) + and disable send/receive redirects + (<xref linkend="opt-services.libreswan.disableRedirects"/>). + </para> + </listitem> + <listitem> <para> The Mailman NixOS module (<literal>services.mailman</literal>) has a new @@ -984,7 +1061,8 @@ environment.systemPackages = [ PulseAudio was upgraded to 14.0, with changes to the handling of default sinks. See its <link xlink:href="https://www.freedesktop.org/wiki/Software/PulseAudio/Notes/14.0/">release notes</link>. </para> - + </listitem> + <listitem> <para> GNOME users may wish to delete their <literal>~/.config/pulse</literal> due to the changes to stream routing logic. See <link xlink:href="https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/832">PulseAudio bug 832</link> diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix index eb3599b924d7f..c0250171109ff 100644 --- a/nixos/modules/security/acme.nix +++ b/nixos/modules/security/acme.nix @@ -152,7 +152,7 @@ let ); renewOpts = escapeShellArgs ( commonOpts - ++ [ "renew" "--reuse-key" ] + ++ [ "renew" ] ++ optionals data.ocspMustStaple [ "--must-staple" ] ++ data.extraLegoRenewFlags ); |