Commit graph

226 commits

Author SHA1 Message Date
Michael Peyton Jones
e675296a9c Release notes: add note for overlays via file 2017-08-17 22:13:39 +00:00
Franz Pletz
0f4179aed2
fixup! reword 2017-08-06 15:16:57 +02:00
Linus Heckemann
0abf9d2b12 Document timezone changes in release notes 2017-08-05 12:06:31 +01:00
John Ericson
a753f2fef7 17.09 release-notes: New breaking change: cc-wrapper exports more env vars 2017-08-04 13:43:38 -04:00
Robin Gloster
dc13376ee2
wvdial: remove 2017-08-04 02:24:07 +02:00
Robin Gloster
a4647bc33f
tlsdate: remove
Dead and does not build with openssl 1.1.
Debian has removed it, too.
2017-08-04 02:24:03 +02:00
Robin Gloster
2799a94963
zfs, spl: 0.6.5.11 -> 0.7.0 2017-07-27 19:00:54 +02:00
Graham Christensen
ef95175ba3
manual: update mailing list links 2017-07-18 07:54:36 -04:00
Nadrieril
8669fb1f96 tinc service: BindToAddress and ListenAddress are different options, they should not be mistaken 2017-07-17 13:07:49 +02:00
Pascal Bach
f71d556e18 mysql service: add changelog for changed dataDir 2017-07-08 00:28:01 +02:00
nonsequitur
8210d86041 Release notes: Fix syntax in code sample 2017-07-05 16:39:19 +03:00
Franz Pletz
994ffc01a0
ssh module: disable agent by default 2017-06-15 19:27:01 +02:00
Edward Tjörnhammar
3dcecf09fc
Remove aiccu package and service due to sunsetting.
https://www.sixxs.net/main/
2017-06-15 06:58:08 +02:00
Franz Pletz
ac5258edb2
caddy service: don't use extra dotdir in dataDir 2017-06-13 21:21:59 +02:00
Jan Tojnar
e35f3c0679
doc: Fix some typos 2017-06-11 22:13:42 +02:00
Pascal Bach
de52d2450e Cleanup PostgreSQL for state version 17.09 (#25753)
* postgresql service: make 9.6 the default version for 17.09

* postgresql service: change default superuser for 17.09

Change the default superuser from `root` to `postgres` for state
version 17.09

* postgresql service: change default data directory for 17.09

The new directory includes the schema version of the database.
This makes upgrades easier and is more consistent with other distros.

* updated nixos release notes
2017-05-30 21:05:39 +01:00
Silvan Mosberger
df8a7d956d ipfs service: dataDir backwards compatibility (#25782)
Fixes dataDir existance detection. Fixes #25759, #26069.
2017-05-24 20:51:02 +02:00
aszlig
9dca737d62
Merge pull request #15353 (improve xrandrHeads)
When you have a setup consisting of multiple monitors, the default is
that the first monitor detected by xrandr is set to the primary monitor.

However this may not be the monitor you need to be set as primary. In
fact this monitor set to primary may in fact be disconnected.

This has happened for the original submitter of the pull request and it
affected these programs:

 * XMonad: Gets confused with Super + {w,e,r}
 * SDDM: Puts the login screen on the wrong monitor, and does not
         currently duplicate the login screen on all monitors
 * XMobar: Puts the XMobar on the wrong monitor, as it only puts the
           taskbar on the primary monitor

These changes should fix that not only by setting a primary monitor in
xrandrHeads but also make it possible to make a different monitor the
primary one.

The changes are also backwards-compatible.
2017-05-02 23:14:26 +02:00
Peter Marheine
fd1f1aca9e release notes: incompatible flexget upgrade 2017-05-01 10:10:34 +02:00
aszlig
d7a8876c13
nixos/doc: Improve release notes for xrandrHeads
The xrandrHeads option has been there since a long time, so there is no
need to advertise it as a new feature.

Instead, let's focus on just what has changed, which is that we now
assign one head to be primary.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-04-24 11:54:38 +02:00
Roger Qiu
bb6a5b079f nixos/xserver: Changed xrandrHeads to support corresponding monitor section configuration in Xorg 2017-04-21 22:01:29 +10:00
Jörg Thalheim
c84dd4f09e Merge pull request #24526 from miltador/jetbrains
idea: numerous fixes and improvements
2017-04-11 13:56:20 +02:00
Carles Pagès
d5a623cb39 Update 17.03 release notes 2017-04-03 22:54:34 +02:00
Vasiliy Solovey
4fc2a86795 rl-notes 17.09: add note about idea -> jetbrains renaming 2017-04-01 12:46:27 +03:00
Robin Gloster
cbd6fb1b3a
Release Notes: tracking UIDs/GIDs is in 17.09 2017-03-31 15:51:37 +02:00
Eelco Dolstra
e241fb87a1
Update 17.03 release notes 2017-03-31 15:00:30 +02:00
Robin Gloster
163668f6c4
Release Notes 17.03: update on master 2017-03-30 22:52:08 +02:00
Joachim Fasting
c504e14c87
rl-notes 17.03: add notes about changes to the dnscrypt-proxy interface
(cherry picked from commit 961367717662ca84daf01a1f9ee3f9404ae659d0)
2017-03-30 13:36:08 +02:00
Joachim Fasting
8427222eca
rl-notes 17.03: add note about pre-NSS dnscrypt-proxy
(cherry picked from commit de5d4dc14788bcf0c8e6ef8dd5d8f3500a568422)
2017-03-29 00:05:48 +02:00
Vladimír Čunát
c1a9dc3d37
Merge branch 'master' into staging 2017-03-23 13:31:28 +01:00
Eelco Dolstra
86721a5f78
Allow attaching to non-child processes by default
The inability to run strace or gdb is the kind of
developer-unfriendliness that we're used to from OS X, let's not do it
on NixOS.

This restriction can be re-enabled by setting

  boot.kernel.sysctl."kernel.yama.ptrace_scope" = 1;

It might be nice to have a NixOS module for enabling hardened defaults.

Xref #14392.

Thanks @abbradar.
2017-03-21 18:48:35 +01:00
Robin Gloster
c93eb74e6a Merge pull request #23838 from mayflower/remove-md5
fetch-*: remove md5 support
2017-03-21 13:27:51 +01:00
Frederik Rietdijk
94eb74eaad Merge remote-tracking branch 'upstream/master' into HEAD 2017-03-21 13:04:37 +01:00
Frederik Rietdijk
4263c53f66 Python changelog 2017-03-21 11:05:03 +01:00
Robin Gloster
5e0f932de0
rl-notes 17.03: info on python module location
closes #11567
2017-03-20 23:28:51 +01:00
Robin Gloster
c066dc8416
fetch-*: add md5 support removal to rl-notes 2017-03-20 22:26:02 +01:00
Thomas Tuegel
d458b5401a
nixos/fontconfig: add Changelog message about FreeType update 2017-03-20 10:39:48 -05:00
Franz Pletz
8ab2d2ee27
rmilter service: support only one socket 2017-03-17 23:00:34 +01:00
Daiderd Jordan
35a65a6704
release-nodes: move disabledModules to 17.09 2017-03-05 14:17:00 +01:00
Daiderd Jordan
d88721e440
modules: add support for module replacement with disabledModules
This is based on a prototype Nicolas B. Pierron worked on during a
discussion we had at FOSDEM.

A new version with a workaround for problems of the reverted original.
Discussion: https://github.com/NixOS/nixpkgs/commit/3f2566689
2017-03-03 13:45:22 +01:00
Vladimír Čunát
fcec3e1c72
Revert "modules: add support for module replacement with disabledModules"
This reverts commit 3f2566689d for now.
Evaluation of the tested job got broken, blocking nixos-unstable.
2017-03-01 21:56:01 +01:00
Vladimír Čunát
b43614a6bb
Merge branch 'staging'
(Truly, this time :-)
2017-03-01 11:34:44 +01:00
Daiderd Jordan
3f2566689d modules: add support for module replacement with disabledModules
This is based on a prototype Nicolas B. Pierron worked on during a
discussion we had at FOSDEM.
2017-02-28 00:14:48 +01:00
Vladimír Čunát
81b43ccd57
17.09 release notes: fix typos 2017-02-27 23:03:16 +01:00
Robin Gloster
755902b543
release-notes: add 17.09 2017-02-27 20:46:34 +01:00
Vladimír Čunát
a1919db7cd
Merge branch 'master' into staging 2017-02-27 20:15:27 +01:00
Frederik Rietdijk
f69292ddc0 Python: explain deterministic builds in release notes 2017-02-26 14:51:26 +01:00
Graham Christensen
a9c875fc2e
nixpkgs: allow packages to be marked insecure
If a package's meta has `knownVulnerabilities`, like so:

    stdenv.mkDerivation {
      name = "foobar-1.2.3";

      ...

      meta.knownVulnerabilities = [
        "CVE-0000-00000: remote code execution"
        "CVE-0000-00001: local privilege escalation"
      ];
    }

and a user attempts to install the package, they will be greeted with
a warning indicating that maybe they don't want to install it:

    error: Package ‘foobar-1.2.3’ in ‘...default.nix:20’ is marked as insecure, refusing to evaluate.

    Known issues:

     - CVE-0000-00000: remote code execution
     - CVE-0000-00001: local privilege escalation

    You can install it anyway by whitelisting this package, using the
    following methods:

    a) for `nixos-rebuild` you can add ‘foobar-1.2.3’ to
       `nixpkgs.config.permittedInsecurePackages` in the configuration.nix,
       like so:

         {
           nixpkgs.config.permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

    b) For `nix-env`, `nix-build`, `nix-shell` or any other Nix command you can add
    ‘foobar-1.2.3’ to `permittedInsecurePackages` in
    ~/.config/nixpkgs/config.nix, like so:

         {
           permittedInsecurePackages = [
             "foobar-1.2.3"
           ];
         }

Adding either of these configurations will permit this specific
version to be installed. A third option also exists:

  NIXPKGS_ALLOW_INSECURE=1 nix-build ...

though I specifically avoided having a global file-based toggle to
disable this check. This way, users don't disable it once in order to
get a single package, and then don't realize future packages are
insecure.
2017-02-24 07:41:05 -05:00
Franz Pletz
9b81dcfda2
nixos/release-notes: fix typos 2017-02-22 08:45:30 +01:00
Jörg Thalheim
45719174c3
nixos/release-notes: mention iputils changes 2017-02-22 00:32:52 +01:00