maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Nix 1.9 release notes

Browse source
This commit is contained in:
Eelco Dolstra 2015-06-01 12:57:43 +02:00
parent 07c69aa03b
commit d68941d89d
2 changed files with 217 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
doc/manual/release-notes/release-notes.xml
View file

@ -12,6 +12,7 @@
</partintro> </partintro>
--> -->
<xi:include href="rl-1.9.xml" />
<xi:include href="rl-1.8.xml" /> <xi:include href="rl-1.8.xml" />
<xi:include href="rl-1.7.xml" /> <xi:include href="rl-1.7.xml" />
<xi:include href="rl-1.6.1.xml" /> <xi:include href="rl-1.6.1.xml" />

216
doc/manual/release-notes/rl-1.9.xml Normal file
View file

@ -0,0 +1,216 @@
<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.9">
<title>Release 1.9 (June 2, 2015)</title>
<para>In addition to the usual bug fixes, this release has the
following new features:</para>
<itemizedlist>
<listitem>
<para>Signed binary cache support. You can enable signature
checking by adding the following to <filename>nix.conf</filename>:
<programlisting>
signed-binary-caches = *
binary-cache-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
</programlisting>
This will prevent Nix from downloading any binary from the cache
that is not signed by one of the keys listed in
<option>binary-cache-public-keys</option>.</para>
<para>Signature checking is only supported if you build Nix with
the <literal>libsodium</literal> package.</para>
<para>Nix has had experimental support for signed binary caches
since version 1.7, but this release changes the signature format
in a backwards-incompatible way.</para>
</listitem>
<listitem>
<para>Automatic downloading of Nix expression tarballs. In various
places, you can now specify the URL of a tarball containing Nix
expressions (such as Nixpkgs), which will be downloaded and
unpacked automatically. For example:</para>
<itemizedlist>
<listitem><para>In <command>nix-env</command>:
<screen>
$ nix-env -f https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz -iA firefox
</screen>
This installs Firefox from the latest tested and built revision
of the NixOS 14.12 channel.</para></listitem>
<listitem><para>In <command>nix-build</command> and
<command>nix-shell</command>:
<screen>
$ nix-build https://github.com/NixOS/nixpkgs/archive/master.tar.gz -A hello
</screen>
This builds GNU Hello from the latest revision of the Nixpkgs
master branch.</para></listitem>
<listitem><para>In the Nix search path (as specified via
<envar>NIX_PATH</envar> or <option>-I</option>). For example, to
start a shell containing the Pan package from a specific version
of Nixpkgs:
<screen>
$ nix-shell -p pan -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/8a3eea054838b55aca962c3fbde9c83c102b8bf2.tar.gz
</screen>
</para></listitem>
<listitem><para>In <command>nixos-rebuild</command> (on NixOS):
<screen>
$ nixos-rebuild test -I nixpkgs=nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz
</screen>
</para></listitem>
<listitem><para>In Nix expressions, via the new builtin function <function>fetchTarball</function>:
<programlisting>
with import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz) {}; …
</programlisting>
(This is not allowed in restricted mode.)</para></listitem>
</itemizedlist>
</listitem>
<listitem>
<para><command>nix-shell</command> improvements:</para>
<itemizedlist>
<listitem><para><command>nix-shell</command> now has a flag
<option>--run</option> to execute a command in the
<command>nix-shell</command> environment,
e.g. <literal>nix-shell --command make</literal>. This is like
the existing <option>--command</option> flag, except that it
uses a non-interactive shell (ensuring that hitting Ctrl-C wont
drop you into the child shell).</para></listitem>
<listitem><para><command>nix-shell</command> can now be used as
a <literal>#!</literal>-interpreter. This allows you to write
scripts that dynamically fetch their own dependencies. For
example, here is a Haskell script that, when invoked, first
downloads GHC and the Haskell packages on which it depends:
<programlisting>
#! /usr/bin/env nix-shell
#! nix-shell -i runghc -p haskellPackages.ghc haskellPackages.HTTP
import Network.HTTP
main = do
resp &lt;- Network.HTTP.simpleHTTP (getRequest "http://nixos.org/")
body &lt;- getResponseBody resp
print (take 100 body)
</programlisting>
Of course, the dependencies are cached in the Nix store, so the
second invocation of this script will be much
faster.</para></listitem>
</itemizedlist>
</listitem>
<listitem>
<para>Chroot improvements:</para>
<itemizedlist>
<listitem><para>Chroot builds are now supported on Mac OS X
(using its sandbox mechanism).</para></listitem>
<listitem><para>If chroots are enabled, they are now used for
all derivations, including fixed-output derivations (such as
<function>fetchurl</function>); however the latter do have
network access. Thus the latter can no longer access the host
filesystem. If you need the old behaviour, you can set the
option <option>build-use-chroot</option> to
<literal>relaxed</literal>.</para></listitem>
<listitem><para>On Linux, if chroots are enabled, builds are
performed in a private PID namespace once again. (This
functionality was lost in Nix 1.8.)</para></listitem>
<listitem><para>Store paths listed in
<option>build-chroot-dirs</option> are now automatically
expanded to their closure. For instance, if you want
<filename>/nix/store/…-bash/bin/sh</filename>> mounted in your
chroot as <filename>/bin/sh</filename>, you only need to say
<literal>build-chroot-dirs =
/bin/sh=/nix/store/…-bash/bin/sh</literal>; it is no longer
necessary to specify the dependencies of Bash.</para></listitem>
</itemizedlist>
</listitem>
<listitem><para>The new derivation attribute
<varname>passAsFile</varname> allows you to specify that the
contents of derivation attributes should be passed via files rather
than environment variables. This is useful if you need to pass very
long strings that exceed the size limit of the environment. The
Nixpkgs function <function>writeTextFile</function> uses
this.</para></listitem>
<listitem><para>You can now use <literal>~</literal> in Nix file
names to refer to your home directory, e.g. <literal>import
~/.nixpkgs/config.nix</literal>.</para></listitem>
<listitem><para>Nix has a new option <option>restrict-eval</option>
that allows limiting what paths the Nix evaluator has access to. By
passing <literal>--option restrict-eval true</literal> to Nix, the
evaluator will throw an exception if an attempt is made to access
any file outside of the Nix search path. This is primarily intended
for Hydra to ensure that a Hydra jobset only refers to its declared
inputs (and is therefore reproducible).</para></listitem>
<listitem><para><command>nix-env</command> now only created a new
“generation” symlink in <filename>/nix/var/nix/profiles</filename>
if something actually changed.</para></listitem>
<listitem><para>The environment variable <envar>NIX_PAGER</envar>
can now be set to override <envar>PAGER</envar>. You can set it to
<literal>cat</literal> to disable paging for Nix commands
only.</para></listitem>
<listitem><para>Failing <literal>&lt;...></literal>
lookups now show position information.</para></listitem>
<listitem><para>Improved Boehm GC use: we disabled scanning for
interior pointers, which should reduce the <literal>Repeated
allocation of very large block</literal> warnings and associated
retention of memory.</para></listitem>
</itemizedlist>
<para>This release has contributions from aszlig, Benjamin Staffin,
Charles Strahan, Christian Theune, Daniel Hahler, Danylo Hlynskyi
Daniel Peebles, Dan Peebles, Domen Kožar, Eelco Dolstra, Harald van
Dijk, Hoang Xuan Phu, Jaka Hudoklin, Jeff Ramnani, j-keck, Linquize,
Luca Bruno, Michael Merickel, Oliver Dunkl, Rob Vermaas, Rok Garbas,
Shea Levy, Tobias Geerinckx-Rice and William A. Kennington III.</para>
</section>