about summary refs log blame commit diff
path: root/doc/manual/release-notes/rl-11.xml
blob: db9939be1f2860e8ef73b9eefda54c30435ebec4 (plain) (tree)



































































































                                                                                                        
<chapter xmlns="http://docbook.org/ns/docbook"
      xmlns:xlink="http://www.w3.org/1999/xlink"
      xmlns:xi="http://www.w3.org/2001/XInclude"
      version="5.0"
      xml:id="ssec-relnotes-1.1">

<title>Release 1.1 (July 18, 2012)</title>

<para>This release has the following improvements:</para>

<itemizedlist>

  <listitem>
    <para>On Linux, when doing a chroot build, Nix now uses various
    namespace features provided by the Linux kernel to improve
    build isolation.  Namely:
    <itemizedlist>
      <listitem><para>The private network namespace ensures that
      builders cannot talk to the outside world (or vice versa): each
      build only sees a private loopback interface.  This also means
      that two concurrent builds can listen on the same port (e.g. as
      part of a test) without conflicting with each
      other.</para></listitem>
      <listitem><para>The PID namespace causes each build to start as
      PID 1.  Processes outside of the chroot are not visible to those
      on the inside.  On the other hand, processes inside the chroot
      <emphasis>are</emphasis> visible from the outside (though with
      different PIDs).</para></listitem>
      <listitem><para>The IPC namespace prevents the builder from
      communicating with outside processes using SysV IPC mechanisms
      (shared memory, message queues, semaphores).  It also ensures
      that all IPC objects are destroyed when the builder
      exits.</para></listitem>
      <listitem><para>The UTS namespace ensures that builders see a
      hostname of <literal>localhost</literal> rather than the actual
      hostname.</para></listitem>
      <listitem><para>The private mount namespace was already used by
      Nix to ensure that the bind-mounts used to set up the chroot are
      cleaned up automatically.</para></listitem>
    </itemizedlist>
    </para>
  </listitem>

  <listitem>
    <para>Build logs are now compressed using
    <command>bzip2</command>.  The command <command>nix-store
    -l</command> decompresses them on the fly.  This can be disabled
    by setting the option <literal>build-compress-log</literal> to
    <literal>false</literal>.</para>
  </listitem>

  <listitem>
    <para>The creation of build logs in
    <filename>/nix/var/log/nix/drvs</filename> can be disabled by
    setting the new option <literal>build-keep-log</literal> to
    <literal>false</literal>.  This is useful, for instance, for Hydra
    build machines.</para>
  </listitem>

  <listitem>
    <para>Nix now reserves some space in
    <filename>/nix/var/nix/db/reserved</filename> to ensure that the
    garbage collector can run successfully if the disk is full.  This
    is necessary because SQLite transactions fail if the disk is
    full.</para>
  </listitem>

  <listitem>
    <para>Added a basic <function>fetchurl</function> function.  This
    is not intended to replace the <function>fetchurl</function> in
    Nixpkgs, but is useful for bootstrapping; e.g., it will allow us
    to get rid of the bootstrap binaries in the Nixpkgs source tree
    and download them instead.  You can use it by doing
    <literal>import &lt;nix/fetchurl.nix> { url =
    <replaceable>url</replaceable>; sha256 =
    "<replaceable>hash</replaceable>"; }</literal>. (Shea Levy)</para>
  </listitem>

  <listitem>
    <para>Improved RPM spec file. (Michel Alexandre Salim)</para>
  </listitem>

  <listitem>
    <para>Support for on-demand socket-based activation in the Nix
    daemon with <command>systemd</command>.</para>
  </listitem>

  <listitem>
    <para>Added a manpage for
    <citerefentry><refentrytitle>nix.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
  </listitem>

  <listitem>
    <para>When using the Nix daemon, the <option>-s</option> flag in
    <command>nix-env -qa</command> is now much faster.</para>
  </listitem>

</itemizedlist>

</chapter>