diff --git a/NEWS b/NEWS index 4384e60cc..f3b34a473 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,25 @@ +Version 0.7 + +* Binary patching. When upgrading components using pre-built binaries + (through nix-pull / nix-channel), Nix can automatically download and + apply binary patches to already installed components instead of full + downloads. Patching is "smart": if there is a *sequence* of patches + to an installed component, Nix will use it. Patches are currently + generated automatically between Nixpkgs (pre-)releases. + +* Simplifications to the substitute mechanism. + +* Nix-pull now stores downloaded manifests in /nix/var/nix/manifests. + +* Metadata on files in the Nix store is canonicalised after builds: + the last-modified timestamp is set to 0 (00:00:00 1/1/1970), the + mode is set to 0444 or 0555 (readable and possibly executable by + all; setuid/setgid bits are dropped), and the group is set to the + default. This ensures that the result of a build and an + installation through a substitute is the same; and that timestamp + dependencies are revealed. + + Version 0.6 Major changes include the following: diff --git a/doc/manual/introduction.xml b/doc/manual/introduction.xml index 35f18dee2..5eb43f3d7 100644 --- a/doc/manual/introduction.xml +++ b/doc/manual/introduction.xml @@ -75,7 +75,7 @@ be adapted easily to achieve similar policies. Nix component builds aim to be pure; that is, unaffected by anything other than the declared dependencies. -This means that if a component was built succesfully once, it can be +This means that if a component was built successfully once, it can be rebuilt again on another machine and the result will be the same. We cannot guarantee this (e.g., if the build depends on the time-of-day), but Nix (and the tools in the Nix Packages @@ -113,6 +113,13 @@ software deployment also apply here: for instance, the ability trivially to have multiple configurations at the same time, or the ability to do rollbacks. +Nix can efficiently upgrade between different versions +of a component through binary patching. If +patches are available on a server, and you try to install a new +version of some component, Nix will automatically apply a patch (or +sequence of patches), if available, to transform the installed +component into the new version. + diff --git a/doc/manual/writing-nix-expressions.xml b/doc/manual/writing-nix-expressions.xml index 0c4a85837..28b70b786 100644 --- a/doc/manual/writing-nix-expressions.xml +++ b/doc/manual/writing-nix-expressions.xml @@ -1253,6 +1253,17 @@ command-line argument. See + After the build, Nix sets the last-modified + timestamp on all files in the build result to 0 (00:00:00 1/1/1970 + UTC), sets the group to the default group, and sets the mode of the + file to 0444 or 0555 (i.e., read-only, with execute permission + enabled if the file was originally executable). Note that possible + setuid and setgid bits are + cleared. Setuid and setgid programs are not currently supported by + Nix. This is because the Nix archives used in deployment have no + concept of ownership information, and because it makes the build + result dependent on the user performing the build. +