Nix 1.9 release notes

2 files changed, 217 insertions, 0 deletions

diff --git a/doc/manual/release-notes/release-notes.xml b/doc/manual/release-notes/release-notes.xml
index 920870a27989..ba72901378e5 100644
--- a/doc/manual/release-notes/release-notes.xml
+++ b/doc/manual/release-notes/release-notes.xml
@@ -12,6 +12,7 @@
 </partintro>
 -->
 
+<xi:include href="rl-1.9.xml" />
 <xi:include href="rl-1.8.xml" />
 <xi:include href="rl-1.7.xml" />
 <xi:include href="rl-1.6.1.xml" />
diff --git a/doc/manual/release-notes/rl-1.9.xml b/doc/manual/release-notes/rl-1.9.xml
new file mode 100644
index 000000000000..9955bc24a9ac
--- /dev/null
+++ b/doc/manual/release-notes/rl-1.9.xml
@@ -0,0 +1,216 @@
+<section xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="ssec-relnotes-1.9">
+
+<title>Release 1.9 (June 2, 2015)</title>
+
+<para>In addition to the usual bug fixes, this release has the
+following new features:</para>
+
+<itemizedlist>
+
+  <listitem>
+    <para>Signed binary cache support. You can enable signature
+    checking by adding the following to <filename>nix.conf</filename>:
+
+<programlisting>
+signed-binary-caches = *
+binary-cache-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+</programlisting>
+
+    This will prevent Nix from downloading any binary from the cache
+    that is not signed by one of the keys listed in
+    <option>binary-cache-public-keys</option>.</para>
+
+    <para>Signature checking is only supported if you build Nix with
+    the <literal>libsodium</literal> package.</para>
+
+    <para>Nix has had experimental support for signed binary caches
+    since version 1.7, but this release changes the signature format
+    in a backwards-incompatible way.</para>
+
+  </listitem>
+
+  <listitem>
+
+    <para>Automatic downloading of Nix expression tarballs. In various
+    places, you can now specify the URL of a tarball containing Nix
+    expressions (such as Nixpkgs), which will be downloaded and
+    unpacked automatically. For example:</para>
+
+    <itemizedlist>
+
+      <listitem><para>In <command>nix-env</command>:
+
+<screen>
+$ nix-env -f https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz -iA firefox
+</screen>
+
+      This installs Firefox from the latest tested and built revision
+      of the NixOS 14.12 channel.</para></listitem>
+
+      <listitem><para>In <command>nix-build</command> and
+      <command>nix-shell</command>:
+
+<screen>
+$ nix-build https://github.com/NixOS/nixpkgs/archive/master.tar.gz -A hello
+</screen>
+
+      This builds GNU Hello from the latest revision of the Nixpkgs
+      master branch.</para></listitem>
+
+      <listitem><para>In the Nix search path (as specified via
+      <envar>NIX_PATH</envar> or <option>-I</option>). For example, to
+      start a shell containing the Pan package from a specific version
+      of Nixpkgs:
+
+<screen>
+$ nix-shell -p pan -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/8a3eea054838b55aca962c3fbde9c83c102b8bf2.tar.gz
+</screen>
+
+      </para></listitem>
+
+      <listitem><para>In <command>nixos-rebuild</command> (on NixOS):
+
+<screen>
+$ nixos-rebuild test -I nixpkgs=nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz
+</screen>
+
+      </para></listitem>
+
+      <listitem><para>In Nix expressions, via the new builtin function <function>fetchTarball</function>:
+
+<programlisting>
+with import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz) {}; …
+</programlisting>
+
+      (This is not allowed in restricted mode.)</para></listitem>
+
+    </itemizedlist>
+
+  </listitem>
+
+  <listitem>
+
+    <para><command>nix-shell</command> improvements:</para>
+
+    <itemizedlist>
+
+      <listitem><para><command>nix-shell</command> now has a flag
+      <option>--run</option> to execute a command in the
+      <command>nix-shell</command> environment,
+      e.g. <literal>nix-shell --command make</literal>. This is like
+      the existing <option>--command</option> flag, except that it
+      uses a non-interactive shell (ensuring that hitting Ctrl-C won’t
+      drop you into the child shell).</para></listitem>
+
+      <listitem><para><command>nix-shell</command> can now be used as
+      a <literal>#!</literal>-interpreter. This allows you to write
+      scripts that dynamically fetch their own dependencies. For
+      example, here is a Haskell script that, when invoked, first
+      downloads GHC and the Haskell packages on which it depends:
+
+<programlisting>
+#! /usr/bin/env nix-shell
+#! nix-shell -i runghc -p haskellPackages.ghc haskellPackages.HTTP
+
+import Network.HTTP
+
+main = do
+  resp &lt;- Network.HTTP.simpleHTTP (getRequest "http://nixos.org/")
+  body &lt;- getResponseBody resp
+  print (take 100 body)
+</programlisting>
+
+      Of course, the dependencies are cached in the Nix store, so the
+      second invocation of this script will be much
+      faster.</para></listitem>
+
+    </itemizedlist>
+
+  </listitem>
+
+  <listitem>
+
+    <para>Chroot improvements:</para>
+
+    <itemizedlist>
+
+      <listitem><para>Chroot builds are now supported on Mac OS X
+      (using its sandbox mechanism).</para></listitem>
+
+      <listitem><para>If chroots are enabled, they are now used for
+      all derivations, including fixed-output derivations (such as
+      <function>fetchurl</function>); however the latter do have
+      network access. Thus the latter can no longer access the host
+      filesystem. If you need the old behaviour, you can set the
+      option <option>build-use-chroot</option> to
+      <literal>relaxed</literal>.</para></listitem>
+
+      <listitem><para>On Linux, if chroots are enabled, builds are
+      performed in a private PID namespace once again. (This
+      functionality was lost in Nix 1.8.)</para></listitem>
+
+      <listitem><para>Store paths listed in
+      <option>build-chroot-dirs</option> are now automatically
+      expanded to their closure. For instance, if you want
+      <filename>/nix/store/…-bash/bin/sh</filename>> mounted in your
+      chroot as <filename>/bin/sh</filename>, you only need to say
+      <literal>build-chroot-dirs =
+      /bin/sh=/nix/store/…-bash/bin/sh</literal>; it is no longer
+      necessary to specify the dependencies of Bash.</para></listitem>
+
+    </itemizedlist>
+
+  </listitem>
+
+  <listitem><para>The new derivation attribute
+  <varname>passAsFile</varname> allows you to specify that the
+  contents of derivation attributes should be passed via files rather
+  than environment variables. This is useful if you need to pass very
+  long strings that exceed the size limit of the environment. The
+  Nixpkgs function <function>writeTextFile</function> uses
+  this.</para></listitem>
+
+  <listitem><para>You can now use <literal>~</literal> in Nix file
+  names to refer to your home directory, e.g. <literal>import
+  ~/.nixpkgs/config.nix</literal>.</para></listitem>
+
+  <listitem><para>Nix has a new option <option>restrict-eval</option>
+  that allows limiting what paths the Nix evaluator has access to. By
+  passing <literal>--option restrict-eval true</literal> to Nix, the
+  evaluator will throw an exception if an attempt is made to access
+  any file outside of the Nix search path. This is primarily intended
+  for Hydra to ensure that a Hydra jobset only refers to its declared
+  inputs (and is therefore reproducible).</para></listitem>
+
+  <listitem><para><command>nix-env</command> now only created a new
+  “generation” symlink in <filename>/nix/var/nix/profiles</filename>
+  if something actually changed.</para></listitem>
+
+  <listitem><para>The environment variable <envar>NIX_PAGER</envar>
+  can now be set to override <envar>PAGER</envar>. You can set it to
+  <literal>cat</literal> to disable paging for Nix commands
+  only.</para></listitem>
+
+  <listitem><para>Failing <literal>&lt;...></literal>
+  lookups now show position information.</para></listitem>
+
+  <listitem><para>Improved Boehm GC use: we disabled scanning for
+  interior pointers, which should reduce the <literal>Repeated
+  allocation of very large block</literal> warnings and associated
+  retention of memory.</para></listitem>
+
+</itemizedlist>
+
+<para>This release has contributions from aszlig, Benjamin Staffin,
+Charles Strahan, Christian Theune, Daniel Hahler, Danylo Hlynskyi
+Daniel Peebles, Dan Peebles, Domen Kožar, Eelco Dolstra, Harald van
+Dijk, Hoang Xuan Phu, Jaka Hudoklin, Jeff Ramnani, j-keck, Linquize,
+Luca Bruno, Michael Merickel, Oliver Dunkl, Rob Vermaas, Rok Garbas,
+Shea Levy, Tobias Geerinckx-Rice and William A. Kennington III.</para>
+
+</section>
+