about summary refs log tree commit diff
path: root/doc/manual/release-notes/rl-2.0.xml
blob: 32cdb1d0cefc65792d43e6a5a8d1aa98284fe293 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
<section xmlns="http://docbook.org/ns/docbook"
      xmlns:xlink="http://www.w3.org/1999/xlink"
      xmlns:xi="http://www.w3.org/2001/XInclude"
      version="5.0"
      xml:id="ssec-relnotes-2.0">

<title>Release 2.0 (2018-02-??)</title>

<para>This release has the following new features:</para>

<itemizedlist>

  <listitem>
    <para>Start of new <command>nix</command> command line
    interface. This is a work in progress and the interface is subject
    to change.</para>

    <itemizedlist>

      <listitem><para>Self-documenting: <option>--help</option> shows
      all available command-line arguments.</para></listitem>

      <listitem><para><option>--help-config</option> shows all
      configuration options.</para></listitem>

      <listitem><para><command>nix build</command>: Replacement for
      <command>nix-build</command>.</para></listitem>

      <listitem><para><command>nix ls-store</command> and <command>nix
      ls-nar</command> allow listing the contents of a store path or
      NAR file.</para></listitem>

      <listitem><para><command>nix cat-store</command> and
      <command>nix cat-nar</command> allow extracting a file from a
      store path or NAR file.</para></listitem>

      <listitem><para><command>nix verify</command> checks whether a
      store path is unmodified and/or is trusted.</para></listitem>

      <listitem><para><command>nix copy-sigs</command> copies
      signatures from one store to another.</para></listitem>

      <listitem><para><command>nix sign-paths</command> signs store
      paths.</para></listitem>

      <listitem><para><command>nix copy</command> copies paths between
      arbitrary Nix stores, generalising
      <command>nix-copy-closure</command> and
      <command>nix-push</command>.</para></listitem>

      <listitem><para><command>nix path-info</command> shows
      information about store paths.</para></listitem>

      <listitem><para><command>nix run</command> starts a shell in
      which the specified packages are available.</para></listitem>

      <listitem><para><command>nix log</command> shows the build log
      of a package or path. If the build log is not available locally,
      it will try to obtain it from a binary cache.</para></listitem>

      <listitem><para><command>nix eval</command> replaces
      <command>nix-instantiate --eval</command>.</para></listitem>

      <listitem><para><command>nix dump-path</command> to get a NAR
      from a store path.</para></listitem>

      <listitem><para><command>nix edit</command> opens the source
      code of a package in an editor.</para></listitem>

      <listitem><para><command>nix search</command> replaces
      <command>nix-env -qa</command>. It searches the available
      packages for occurences of a search string in the attribute
      name, package name or description. It caches available packages
      to speed up searches.</para></listitem>

      <listitem><para><command>nix why-depends</command> (d41c5eb13f4f3a37d80dbc6d3888644170c3b44a).</para></listitem>

      <listitem><para><command>nix show-derivation</command> (e8d6ee7c1b90a2fe6d824f1a875acc56799ae6e2).</para></listitem>

      <listitem><para><command>nix add-to-store</command> (970366266b8df712f5f9cedb45af183ef5a8357f).</para></listitem>

      <listitem><para><command>nix upgrade-nix</command> upgrades Nix
      to the latest stable version. This requires that Nix is
      installed in a profile. (Thus it won’t work on NixOS, or if it’s
      installed outside of the Nix store.)</para></listitem>

      <listitem><para>Progress indicator.</para></listitem>

      <listitem><para>All options are available as flags now
      (b8283773bd64d7da6859ed520ee19867742a03ba).</para></listitem>

    </itemizedlist>

  </listitem>

  <listitem>
    <para>The external program <command>nix-repl</command> has been
    integrated into Nix as <command>nix repl</command>.</para>
  </listitem>

  <listitem>
    <para>If a fixed-output derivation produces a result with an
    incorrect hash, the output path will be moved to the location
    corresponding to the actual hash and registered as valid. Thus, a
    subsequent build of the fixed-output derivation with the correct
    hash is unnecessary.</para>
  </listitem>

  <listitem>
    <para>It is no longer necessary to set the
    <envar>NIX_REMOTE</envar> environment variable if you need to use
    the Nix daemon. Nix will use the daemon automatically if you don’t
    have write access to the Nix database.</para>
  </listitem>

  <listitem>
    <para>The Nix language now supports floating point numbers. They are
    based on regular C++ <literal>float</literal> and compatible with
    existing integers and number-related operations. Export and import to and
    from JSON and XML works, too.</para>
  </listitem>

  <listitem>
    <para><command>nix-shell</command> now sets the
    <varname>IN_NIX_SHELL</varname> environment variable during
    evaluation and in the shell itself. This can be used to perform
    different actions depending on whether you’re in a Nix shell or in
    a regular build. Nixpkgs provides
    <varname>lib.inNixShell</varname> to check this variable during
    evaluation. (bb36a1a3cf3fbe6bc9d0afcc5fa0f928bed03170)</para>
  </listitem>

  <listitem>
    <para>Internal: all <classname>Store</classname> classes are now
    thread-safe. <classname>RemoteStore</classname> supports multiple
    concurrent connections to the daemon. This is primarily useful in
    multi-threaded programs such as
    <command>hydra-queue-runner</command>.</para>
  </listitem>

  <listitem>
    <para>The dependency on Perl has been removed. As a result, some
    (obsolete) programs have been removed: <command>nix-push</command>
    (replaced by <command>nix copy</command>),
    <command>nix-pull</command> (obsoleted by binary caches),
    <command>nix-generate-patches</command>,
    <command>bsdiff</command>, <command>bspatch</command>.</para>
  </listitem>

  <listitem>
    <para>Improved store abstraction. Substituters
    eliminated. BinaryCacheStore, LocalBinaryCacheStore,
    HttpBinaryCacheStore, S3BinaryCacheStore (compile-time
    optional), SSHStore. Add docs + examples?
    </para>
  </listitem>

  <listitem>
    <para>Nix now stores signatures for local store
    paths. Locally-built paths are now signed automatically using the
    secret keys specified by the <option>secret-key-files</option>
    store option.</para>

    <para>In addition, store paths that have been built locally are
    marked as “ultimately trusted”, and content-addressable store
    paths carry a “content-addressability assertion” that allow them
    to be trusted without any signatures.</para>
  </listitem>

  <listitem>
    <para><envar>NIX_PATH</envar> is now lazy, so URIs in the path are
    only downloaded if they are needed for evaluation.</para>
  </listitem>

  <listitem>
    <para>You can now use
    <uri>channel:<replaceable>channel-name</replaceable></uri> as a
    short-hand for
    <uri>https://nixos.org/channels/<replaceable>channel-name</replaceable>/nixexprs.tar.xz</uri>. For
    example, <literal>nix-build channel:nixos-15.09 -A hello</literal>
    will build the GNU Hello package from the
    <literal>nixos-15.09</literal> channel.</para>
  </listitem>

  <listitem>
    <para>When <option>--no-build-output</option> is given, the last
    10 lines of the build log will be shown if a build
    fails.</para>
  </listitem>

  <listitem>
    <para><function>builtins.fetchGit</function>.
    (38539b943a060d9cdfc24d6e5d997c0885b8aa2f)</para>
  </listitem>

  <listitem>
    <para><literal>&lt;nix/fetchurl.nix&gt;</literal> now uses the
    content-addressable tarball cache at
    <uri>http://tarballs.nixos.org/</uri>, just like
    <function>fetchurl</function> in
    Nixpkgs. (f2682e6e18a76ecbfb8a12c17e3a0ca15c084197)</para>
  </listitem>

  <listitem>
    <para>Chroot Nix stores: allow the “physical” location of the Nix
    store (e.g. <filename>/home/alice/nix/store</filename>) to differ
    from its “logical” location (typically
    <filename>/nix/store</filename>). This allows non-root users to
    use Nix while still getting the benefits from prebuilt binaries
    from
    <uri>cache.nixos.org</uri>. (4494000e04122f24558e1436e66d20d89028b4bd,
    3eb621750848e0e6b30e5a79f76afbb096bb6c8a)</para>
  </listitem>

  <listitem>
    <para>On Linux, builds are now executed in a user
    namespace with uid 1000 and gid 100.</para>
  </listitem>

  <listitem>
    <para><function>builtins.fetchurl</function> and
    <function>builtins.fetchTarball</function> now support
    <varname>sha256</varname> and <varname>name</varname>
    attributes.</para>
  </listitem>

  <listitem>
    <para><literal>HttpBinaryCacheStore</literal> (the replacement of
    <command>download-from-binary-cache</command>) now retries
    automatically on certain HTTP error codes.</para>
  </listitem>

  <listitem>
    <para>Derivation attributes can now reference the outputs of the
    derivation using the <function>placeholder</function> builtin
    function. For example, the attribute

<programlisting>
configureFlags = "--prefix=${placeholder "out"} --includedir=${placeholder "dev"}";
</programlisting>

    will cause the <envar>configureFlags</envar> environment variable
    to contain the actual store paths corresponding to the
    <literal>out</literal> and <literal>dev</literal> outputs. TODO:
    add docs.</para>
  </listitem>

  <listitem>
    <para>Support for HTTP/2. This makes binary cache lookups much
    more efficient. (90ad02bf626b885a5dd8967894e2eafc953bdf92)</para>
  </listitem>

  <listitem>
    <para>The <option>build-sandbox-paths</option> configuration
    option can now specify optional paths by appending a
    <literal>?</literal>, e.g. <literal>/dev/nvidiactl?</literal> will
    bind-mount <varname>/dev/nvidiactl</varname> only if it
    exists.</para>
  </listitem>

  <listitem>
    <para>More support for testing build reproducibility: when
    <option>enforce-determinism</option> is set to
    <literal>false</literal>, it’s no longer a fatal error build
    rounds produce different output
    (8bdf83f936adae6f2c907a6d2541e80d4120f051); add a hook to run
    diffoscope when build rounds produce different output
    (9a313469a4bdea2d1e8df24d16289dc2a172a169w).</para>
  </listitem>

  <listitem>
    <para>Kill builds as soon as stdout/stderr is closed. This fixes a
    bug that allowed builds to hang Nix indefinitely (regardless of
    timeouts). (21948deed99a3295e4d5666e027a6ca42dc00b40)</para>
  </listitem>

  <listitem>
    <para>Add support for passing structured data to builders. TODO:
    document. (6de33a9c675b187437a2e1abbcb290981a89ecb1)</para>
  </listitem>

  <listitem>
    <para><varname>exportReferencesGraph</varname>: Export more
    complete info in JSON
    format. (c2b0d8749f7e77afc1c4b3e8dd36b7ee9720af4a)</para>
  </listitem>

  <listitem>
    <para>Support for
    netrc. (e6e74f987f0fa284d220432d426eb965269a97d6,
    302386f775eea309679654e5ea7c972fb6e7b9af)</para>
  </listitem>

  <listitem>
    <para>Support <uri>s3://</uri> URIs in all places where Nix allows
    URIs. (9ff9c3f2f80ba4108e9c945bbfda2c64735f987b)</para>
  </listitem>

  <listitem>
    <para>The <option>build-max-jobs</option> option can be set to
    <literal>auto</literal> to use the number of CPUs in the
    system. (7251d048fa812d2551b7003bc9f13a8f5d4c95a5)</para>
  </listitem>

  <listitem>
    <para>Add support for Brotli compression.
    <uri>cache.nixos.org</uri> compresses build logs using
    Brotli.</para>
  </listitem>

  <listitem>
    <para>Substitutions from binary caches now require signatures by
    default. This was already the case on
    NixOS. (ecbc3fedd3d5bdc5a0e1a0a51b29062f2874ac8b)</para>
  </listitem>

  <listitem>
    <para><command>nix-env</command> now ignores packages with bad
    derivation names (in particular those starting with a digit or
    containing a
    dot). (b0cb11722626e906a73f10dd9a0c9eea29faf43a)</para>
  </listitem>

  <listitem>
    <para>Renamed various configuration options. (TODO: in progress)</para>
  </listitem>

  <listitem>
    <para>Remote machines can now be specified on the command
    line. TODO:
    document. (1a68710d4dff609bbaf61db3e17a2573f0aadf17)</para>
  </listitem>

  <listitem>
    <para>In Linux sandbox builds, we now use
    <filename>/build</filename> instead of <filename>/tmp</filename>
    as the temporary build directory. This fixes potential security
    problems when a build accidentally stores its
    <envar>TMPDIR</envar> in some critical place, such as an
    RPATH. (eba840c8a13b465ace90172ff76a0db2899ab11b)</para>
  </listitem>

  <listitem>
    <para>In Linux sandbox builds, we now provide a default
    <filename>/bin/sh</filename> (namely <filename>ash</filename> from
    BusyBox). (a2d92bb20e82a0957067ede60e91fab256948b41)</para>
  </listitem>

  <listitem>
    <para>Make all configuration options available as command line
    flags (b8283773bd64d7da6859ed520ee19867742a03ba).</para>
  </listitem>

  <listitem>
    <para>Support base-64
    hashes. (c0015e87af70f539f24d2aa2bc224a9d8b84276b)</para>
  </listitem>

  <listitem>
    <para><command>nix-shell</command> now uses
    <varname>bashInteractive</varname> from Nixpkgs, rather than the
    <command>bash</command> command that happens to be in the caller’s
    <envar>PATH</envar>. This is especially important on macOS where
    the <command>bash</command> provided by the system is seriously
    outdated and cannot execute <literal>stdenv</literal>’s setup
    script.</para>
  </listitem>

  <listitem>
    <para>New builtin functions: <function>builtins.split</function>
    (b8867a0239b1930a16f9ef3f7f3e864b01416dff),
    <function>builtins.partition</function>.</para>
  </listitem>

  <listitem>
    <para>Automatic garbage collection.</para>
  </listitem>

  <listitem>
    <para><command>nix-store -q --roots</command> and
    <command>nix-store --gc --print-roots</command> now show temporary
    and in-memory roots.</para>
  </listitem>

  <listitem>
    <para>Builders can now communicate what build phase they are in by
    writing messages to the file descriptor specified in
    <envar>NIX_LOG_FD</envar>. (88e6bb76de5564b3217be9688677d1c89101b2a3)
    </para>
  </listitem>

</itemizedlist>

<para>Some features were removed:</para>

<itemizedlist>

  <listitem>
    <para>“Nested” log output. As a result,
    <command>nix-log2xml</command> was also removed.</para>
  </listitem>

  <listitem>
    <para>OpenSSL-based signing. (f435f8247553656774dd1b2c88e9de5d59cab203)</para>
  </listitem>

  <listitem>
    <para>Caching of failed
    builds. (8cffec84859cec8b610a2a22ab0c4d462a9351ff)</para>
  </listitem>

  <listitem>
    <para><filename>nix-mode.el</filename> has been removed from
    Nix. It is now a separate repository in
    <uri>https://github.com/NixOS/nix-mode</uri> and can be installed
    through the MELPA package repository.</para>
  </listitem>

  <listitem>
    <para>In restricted evaluation mode
    (<option>--restrict-eval</option>), builtin functions that
    download from the network (such as <function>fetchGit</function>)
    are permitted to fetch underneath the list of URI prefixes
    specified in the option <option>allowed-uris</option>.</para>
  </listitem>

</itemizedlist>

<para>This release has contributions from TBD.</para>

</section>