diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/manual/conf-file.xml | 14 | ||||
-rw-r--r-- | doc/manual/introduction.xml | 2 | ||||
-rw-r--r-- | doc/manual/release-notes.xml | 75 |
3 files changed, 80 insertions, 11 deletions
diff --git a/doc/manual/conf-file.xml b/doc/manual/conf-file.xml index 00016b97b45a..021b42ec63f3 100644 --- a/doc/manual/conf-file.xml +++ b/doc/manual/conf-file.xml @@ -297,6 +297,16 @@ build-use-chroot = /dev /proc /bin</programlisting> </varlistentry> + <varlistentry><term><literal>build-compress-log</literal></term> + + <listitem><para>If set to <literal>true</literal> (the default), + build logs written to <filename>/nix/var/log/nix/drvs</filename> + will be compressed on the fly using bzip2. Otherwise, they will + not be compressed.</para></listitem> + + </varlistentry> + + <varlistentry><term><literal>binary-caches</literal></term> <listitem><para>A list of URLs of binary caches, separated by @@ -305,7 +315,7 @@ build-use-chroot = /dev /proc /bin</programlisting> <literal>http://nixos.org/binary-cache</literal>.</para></listitem> </varlistentry> - + <varlistentry><term><literal>binary-caches-parallel-connections</literal></term> @@ -315,7 +325,7 @@ build-use-chroot = /dev /proc /bin</programlisting> 150.</para></listitem> </varlistentry> - + <varlistentry><term><literal>system</literal></term> diff --git a/doc/manual/introduction.xml b/doc/manual/introduction.xml index 5641d110baba..21b1df1564e5 100644 --- a/doc/manual/introduction.xml +++ b/doc/manual/introduction.xml @@ -225,7 +225,7 @@ href="docs/papers.html#servicecm">SCM-12 paper</a>.</para> <simplesect><title>Portability</title> <para>Nix should run on most Unix systems, including Linux, FreeBSD and -Mac OS X. It is also supported on Windows using Cygwin.</para> +Mac OS X.<!-- It is also supported on Windows using Cygwin.--></para> </simplesect> diff --git a/doc/manual/release-notes.xml b/doc/manual/release-notes.xml index 9a5449def23e..4dfcb6b477ca 100644 --- a/doc/manual/release-notes.xml +++ b/doc/manual/release-notes.xml @@ -15,25 +15,84 @@ <itemizedlist> <listitem> - <para>Builds in chroots are now executed in a private network - namespace, meaning that they do not see any network interfaces - except a private loopback interface. This ensures that builds - cannot communicate with processes outside of the chroot, or clash - with other builds by listening on an identical port number.</para> + <para>On Linux, when doing a chroot build, Nix now uses various + namespace features provided by the Linux kernel to improve + build isolation. Namely: + <itemizedlist> + <listitem><para>The private network namespace ensures that + builders cannot talk to the outside world (or vice versa): each + build only sees a private loopback interface. This also means + that two concurrent builds can listen on the same port (e.g. as + part of a test) without conflicting with each + other.</para></listitem> + <listitem><para>The PID namespace causes each build to start as + PID 1. Processes outside of the chroot are not visible to those + on the inside. On the other hand, processes inside the chroot + <emphasis>are</emphasis> visible from the outside (though with + different PIDs).</para></listitem> + <listitem><para>The IPC namespace prevents the builder from + communicating with outside processes using SysV IPC mechanisms + (shared memory, message queues, semaphores). It also ensures + that all IPC objects are destroyed when the builder + exits.</para></listitem> + <listitem><para>The UTS namespace ensures that builders see a + hostname of <literal>localhost</literal> rather than the actual + hostname.</para></listitem> + <listitem><para>The private mount namespace was already used by + Nix to ensure that the bind-mounts used to set up the chroot are + cleaned up automatically.</para></listitem> + </itemizedlist> + </para> </listitem> <listitem> <para>Build logs are now compressed using <command>bzip2</command>. The command <command>nix-store - -l</command> decompresses them on the fly.</para> + -l</command> decompresses them on the fly. This can be disabled + by setting the option <literal>build-compress-log</literal> to + <literal>false</literal>.</para> </listitem> <listitem> <para>The creation of build logs in <filename>/nix/var/log/nix/drvs</filename> can be disabled by setting the new option <literal>build-keep-log</literal> to - <literal>false</literal>.</para> - </listitem> + <literal>false</literal>. This is useful, for instance, for Hydra + build machines.</para> + </listitem> + + <listitem> + <para>Nix now reserves some space in + <filename>/nix/var/nix/db/reserved</filename> to ensure that the + garbage collector can run successfully if the disk is full. This + is necessary because SQLite transactions fail if the disk is + full.</para> + </listitem> + + <listitem> + <para>Added a basic <function>fetchurl</function> function. This + is not intended to replace the <function>fetchurl</function> in + Nixpkgs, but is useful for bootstrapping; e.g., it will allow us + to get rid of the bootstrap binaries in the Nixpkgs source tree + and download them instead. You can use it by doing + <literal>import <nix/fetchurl.nix> { url = + <replaceable>url</replaceable>; sha256 = + "<replaceable>hash</replaceable>"; }</literal>. (Shea Levy)</para> + </listitem> + + <listitem> + <para>Improved RPM spec file. (Michel Alexandre Salim)</para> + </listitem> + + <listitem> + <para>Support for on-demand socket-based activation in the Nix + daemon with <command>systemd</command>.</para> + </listitem> + + <listitem> + <para>Added a manpage for + <citerefentry><refentrytitle>nix.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> + </listitem> <listitem> <para>When using the Nix daemon, the <option>-s</option> flag in |