maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
snix/third_party/nix/doc/manual/release-notes/rl-1.1.xml
Vincent Ambo 7994fd1d54 Add 'third_party/nix/' from commit 'be66c7a6b24e3c3c6157fd37b86c7203d14acf10' 
git-subtree-dir: third_party/nix
git-subtree-mainline: cf8cd640c1
git-subtree-split: be66c7a6b24e3c3c6157fd37b86c7203d14acf10
2020-05-17 15:52:38 +01:00

100 lines
3.8 KiB
XML
Raw Blame History

<section xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude"
version="5.0"
xml:id="ssec-relnotes-1.1">
<title>Release 1.1 (2012-07-18)</title>
<para>This release has the following improvements:</para>
<itemizedlist>
<listitem>
<para>On Linux, when doing a chroot build, Nix now uses various
namespace features provided by the Linux kernel to improve
build isolation. Namely:
<itemizedlist>
<listitem><para>The private network namespace ensures that
builders cannot talk to the outside world (or vice versa): each
build only sees a private loopback interface. This also means
that two concurrent builds can listen on the same port (e.g. as
part of a test) without conflicting with each
other.</para></listitem>
<listitem><para>The PID namespace causes each build to start as
PID 1. Processes outside of the chroot are not visible to those
on the inside. On the other hand, processes inside the chroot
<emphasis>are</emphasis> visible from the outside (though with
different PIDs).</para></listitem>
<listitem><para>The IPC namespace prevents the builder from
communicating with outside processes using SysV IPC mechanisms
(shared memory, message queues, semaphores). It also ensures
that all IPC objects are destroyed when the builder
exits.</para></listitem>
<listitem><para>The UTS namespace ensures that builders see a
hostname of <literal>localhost</literal> rather than the actual
hostname.</para></listitem>
<listitem><para>The private mount namespace was already used by
Nix to ensure that the bind-mounts used to set up the chroot are
cleaned up automatically.</para></listitem>
</itemizedlist>
</para>
</listitem>
<listitem>
<para>Build logs are now compressed using
<command>bzip2</command>. The command <command>nix-store
-l</command> decompresses them on the fly. This can be disabled
by setting the option <literal>build-compress-log</literal> to
<literal>false</literal>.</para>
</listitem>
<listitem>
<para>The creation of build logs in
<filename>/nix/var/log/nix/drvs</filename> can be disabled by
setting the new option <literal>build-keep-log</literal> to
<literal>false</literal>. This is useful, for instance, for Hydra
build machines.</para>
</listitem>
<listitem>
<para>Nix now reserves some space in
<filename>/nix/var/nix/db/reserved</filename> to ensure that the
garbage collector can run successfully if the disk is full. This
is necessary because SQLite transactions fail if the disk is
full.</para>
</listitem>
<listitem>
<para>Added a basic <function>fetchurl</function> function. This
is not intended to replace the <function>fetchurl</function> in
Nixpkgs, but is useful for bootstrapping; e.g., it will allow us
to get rid of the bootstrap binaries in the Nixpkgs source tree
and download them instead. You can use it by doing
<literal>import &lt;nix/fetchurl.nix> { url =
<replaceable>url</replaceable>; sha256 =
"<replaceable>hash</replaceable>"; }</literal>. (Shea Levy)</para>
</listitem>
<listitem>
<para>Improved RPM spec file. (Michel Alexandre Salim)</para>
</listitem>
<listitem>
<para>Support for on-demand socket-based activation in the Nix
daemon with <command>systemd</command>.</para>
</listitem>
<listitem>
<para>Added a manpage for
<citerefentry><refentrytitle>nix.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
</listitem>
<listitem>
<para>When using the Nix daemon, the <option>-s</option> flag in
<command>nix-env -qa</command> is now much faster.</para>
</listitem>
</itemizedlist>
</section>
Reference in a new issue View git blame Copy permalink