From f76e85d8f581cc8f71b66386e86ed93c2c3d6992 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 10 Aug 2017 18:44:45 +0200 Subject: [PATCH] Start of 1.12 release notes --- doc/manual/release-notes/rl-1.12.xml | 362 ++++++++++++++++++++++++++- 1 file changed, 360 insertions(+), 2 deletions(-) diff --git a/doc/manual/release-notes/rl-1.12.xml b/doc/manual/release-notes/rl-1.12.xml index b7f45fc44..6aab0ab90 100644 --- a/doc/manual/release-notes/rl-1.12.xml +++ b/doc/manual/release-notes/rl-1.12.xml @@ -10,6 +10,91 @@ + + Start of new nix command line + interface. This is a work in progress and the interface is subject + to change. + + + + Self-documenting: shows + all available command-line arguments. + + shows all + configuration options. + + nix build: Replacement for + nix-build. + + nix ls-store and nix + ls-nar allow listing the contents of a store path or + NAR file. + + nix cat-store and + nix cat-nar allow extracting a file from a + store path or NAR file. + + nix verify checks whether a + store path is unmodified and/or is trusted. + + nix copy-sigs copies + signatures from one store to another. + + nix sign-paths signs store + paths. + + nix copy copies paths between + arbitrary Nix stores, generalising + nix-copy-closure and + nix-push. + + nix path-info shows + information about store paths. + + nix run starts a shell in + which the specified packages are available. (TODO: currently + broken in chroot mode) + + nix log shows the build log + of a package or path. If the build log is not available locally, + it will try to obtain it from a binary cache. + + nix eval replaces + nix-instantiate --eval. + + nix dump-path to get a NAR + from a store path. + + nix edit opens the source + code of a package in an editor. + + nix search replaces + nix-env -qa. It searches the available + packages for occurences of a search string in the attribute + name, package name or description. It caches available packages + to speed up searches. + + + + + + + The external program nix-repl has been + integrated into Nix as nix repl. + + + + Nix now supports floating-point numbers. + + + + New build mode nix-build --hash that + builds a derivation, computes the hash of the output, and moves + the output to the store path corresponding to what a fixed-output + derivation with that hash would produce. + (Add docs and examples; see d367b8e7875161e655deaa96bf8a5dd0bcf8229e) + + It is no longer necessary to set the NIX_REMOTE environment variable if you need to use @@ -21,9 +106,282 @@ The Nix language now supports floating point numbers. They are based on regular C++ float and compatible with existing integers and number-related operations. Export and import to and - from JSON and XML works, too. - + from JSON and XML works, too. + + + nix-shell now sets the + IN_NIX_SHELL environment variable during + evaluation and in the shell itself. This can be used to perform + different actions depending on whether you’re in a Nix shell or in + a regular build. Nixpkgs provides + lib.inNixShell to check this variable during + evaluation. (bb36a1a3cf3fbe6bc9d0afcc5fa0f928bed03170) + + + + Internal: all Store classes are now + thread-safe. RemoteStore supports multiple + concurrent connections to the daemon. This is primarily useful in + multi-threaded programs such as + hydra-queue-runner. + + + + The dependency on Perl has been removed. As a result, some + (obsolete) programs have been removed: nix-push + (replaced by nix copy), + nix-pull (obsoleted by binary caches), + nix-generate-patches, + bsdiff, bspatch. + + + + Improved store abstraction. Substituters + eliminated. BinaryCacheStore, LocalBinaryCacheStore, + HttpBinaryCacheStore, S3BinaryCacheStore (compile-time + optional), SSHStore. Add docs + examples? + + + + + Nix now stores signatures for local store + paths. Locally-built paths are now signed automatically using the + secret keys specified by the + store option. + + In addition, store paths that have been built locally are + marked as “ultimately trusted”, and content-addressable store + paths carry a “content-addressability assertion” that allow them + to be trusted without any signatures. + + + + NIX_PATH is now lazy, so URIs in the path are + only downloaded if they are needed for evaluation. + + + + You can now use + channel:channel-name as a + short-hand for + https://nixos.org/channels/channel-name/nixexprs.tar.xz. For + example, nix-build channel:nixos-15.09 -A hello + will build the GNU Hello package from the + nixos-15.09 channel. + + + + “Nested” log output was removed. As a result, + nix-log2xml was also removed. + + + + When is given, the last + 10 lines of the build log will be shown if a build + fails. + + + + builtins.fetchgit. + (38539b943a060d9cdfc24d6e5d997c0885b8aa2f) + + + + Git repositories can now be specified in the Nix search + path, + e.g. nixpkgs=git://github.com/NixOS/nixpkgs. + (d8bf0d4859e28ddd23401fbe89f4e528aa09ddb3) + + + + Removed OpenSSL-based signing. (f435f8247553656774dd1b2c88e9de5d59cab203) + + + + <nix/fetchurl.nix> now uses the + content-addressable tarball cache at + http://tarballs.nixos.org/, just like + fetchurl in + Nixpkgs. (f2682e6e18a76ecbfb8a12c17e3a0ca15c084197) + + + + Chroot Nix stores: allow the “physical” location of the Nix + store (e.g. /home/alice/nix/store) to differ + from its “logical” location (typically + /nix/store). This allows non-root users to + use Nix while still getting the benefits from prebuilt binaries + from + cache.nixos.org. (4494000e04122f24558e1436e66d20d89028b4bd, + 3eb621750848e0e6b30e5a79f76afbb096bb6c8a) + + + + On Linux, builds are now executed in a user + namespace with uid 1000 and gid 100. + + + + builtins.fetchurl and + builtins.fetchTarball now support + sha256 and name + attributes. Using these functions is now allowed in restricted + mode if a hash is supplied. + + + + HttpBinaryCacheStore (the replacement of + download-from-binary-cache) now retries + automatically on certain HTTP error codes. + + + + Derivation attributes can now reference the outputs of the + derivation using the placeholder builtin + function. For example, the attribute + + +configureFlags = "--prefix=${placeholder "out"} --includedir=${placeholder "dev"}"; + + + will cause the configureFlags environment variable + to contain the actual store paths corresponding to the + out and dev outputs. TODO: + add docs. + + + + Added builtin function + builtins.partition. + + + + Support for HTTP/2. This makes binary cache lookups much + more efficient. (90ad02bf626b885a5dd8967894e2eafc953bdf92) + + + + Caching of failed builds has been + removed. (8cffec84859cec8b610a2a22ab0c4d462a9351ff) + + + + The configuration + option can now specify optional paths by appending a + ?, e.g. /dev/nvidiactl? will + bind-mount /dev/nvidiactl only if it + exists. + + + + More support for testing build reproducibility: when + is set to + false, it’s no longer a fatal error build + rounds produce different output + (8bdf83f936adae6f2c907a6d2541e80d4120f051); add a hook to run + diffoscope when build rounds produce different output + (9a313469a4bdea2d1e8df24d16289dc2a172a169w). + + + + Kill builds as soon as stdout/stderr is closed. This fixes a + bug that allowed builds to hang Nix indefinitely (regardless of + timeouts). (21948deed99a3295e4d5666e027a6ca42dc00b40) + + + + Add support for passing structured data to builders. TODO: + document. (6de33a9c675b187437a2e1abbcb290981a89ecb1) + + + + exportReferencesGraph: Export more + complete info in JSON + format. (c2b0d8749f7e77afc1c4b3e8dd36b7ee9720af4a) + + + + Support for + netrc. (e6e74f987f0fa284d220432d426eb965269a97d6, + 302386f775eea309679654e5ea7c972fb6e7b9af) + + + + Support s3:// URIs in all places where Nix allows + URIs. (9ff9c3f2f80ba4108e9c945bbfda2c64735f987b) + + + + The option can be set to + auto to use the number of CPUs in the + system. (7251d048fa812d2551b7003bc9f13a8f5d4c95a5) + + + + Add support for Brotli compression. + cache.nixos.org compresses build logs using + Brotli. + + + + Substitutions from binary caches now require signatures by + default. This was already the case on + NixOS. (ecbc3fedd3d5bdc5a0e1a0a51b29062f2874ac8b) + + + + nix-env now ignores packages with bad + derivation names (in particular those starting with a digit or + containing a + dot). (b0cb11722626e906a73f10dd9a0c9eea29faf43a) + + + + Renamed various configuration options. (TODO: in progress) + + + + Remote machines can now be specified on the command + line. TODO: + document. (1a68710d4dff609bbaf61db3e17a2573f0aadf17) + + + + In Linux sandbox builds, we now use + /build instead of /tmp + as the temporary build directory. This fixes potential security + problems when a build accidentally stores its + TMPDIR in some critical place, such as an + RPATH. (eba840c8a13b465ace90172ff76a0db2899ab11b) + + + + In Linux sandbox builds, we now provide a default + /bin/sh (namely ash from + BusyBox). (a2d92bb20e82a0957067ede60e91fab256948b41) + + + + Make all configuration options available as command line + flags (b8283773bd64d7da6859ed520ee19867742a03ba). + + + + Support base-64 + hashes. (c0015e87af70f539f24d2aa2bc224a9d8b84276b) + + + + nix-shell now used + bashInteractive from Nixpkgs, rather than the + bash command that happens to be in the caller’s + PATH. This is especially important on macOS where + the bash provided by the system is seriously + outdated and cannot execute stdenv’s setup + script. + + This release has contributions from TBD.