* Update to the latest upstream version of pass-secret-service that includes systemd service files. * Add patch to fix use of a function that has been removed from the Python Cryptography library in NixOS 22.05 * Install systemd service files in the Nix package. * Add NixOS test to ensure the D-Bus API activates the service unit. * Add myself as a maintainer to the package and NixOS test. * Use checkTarget instead of equivalent custom checkPhase.
8.9 KiB
Release 22.11 (“Raccoon”, 2022.11/??)
Support is planned until the end of June 2023, handing over to 23.05.
Highlights
In addition to numerous new and upgraded packages, this release has the following highlights:
-
During cross-compilation, tests are now executed if the test suite can be executed by the build platform. This is the case when doing “native” cross-compilation where the build and host platforms are largely the same, but the nixpkgs' cross compilation infrastructure is used, e.g.
pkgsStatic
andpkgsLLVM
. Another possibility is that the build platform is a superset of the host platform, e.g. when cross-compiling fromx86_64-unknown-linux
toi686-unknown-linux
. The predicate gating test suite execution is the newly addedcanExecute
predicate: You can e.g. check ifstdenv.buildPlatform
can execute binaries built forstdenv.hostPlatform
(i.e. produced bystdenv.cc
) by evaluatingstdenv.buildPlatform.canExecute stdenv.hostPlatform
. -
The
nixpkgs.hostPlatform
andnixpkgs.buildPlatform
options have been added. These cover and override thenixpkgs.{system,localSystem,crossSystem}
options.hostPlatform
is the platform or "system
" string of the NixOS system described by the configuration.buildPlatform
is the platform that is responsible for building the NixOS configuration. It defaults to thehostPlatform
, for a non-cross build configuration. To cross compile, setbuildPlatform
to a different value.
The new options convey the same information, but with fewer options, and following the Nixpkgs terminology.
The existing options
nixpkgs.{system,localSystem,crossSystem}
have not been formally deprecated, to allow for evaluation of the change and to allow for a transition period so that in time the ecosystem can switch without breaking compatibility with any supported NixOS release. -
nixos-generate-config
now generates configurations that can be built in pure mode. This is achieved by setting the newnixpkgs.hostPlatform
option.You may have to unset the
system
parameter inlib.nixosSystem
, or similarly remove definitions of thenixpkgs.{system,localSystem,crossSystem}
options.Alternatively, you can remove the
hostPlatform
line and use NixOS like you would in NixOS 22.05 and earlier. -
PHP now defaults to PHP 8.1, updated from 8.0.
-
hardware.nvidia
has a new optionopen
that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see NVIDIA Releases Open-Source GPU Kernel Modules for the official announcement.
New Services
-
appvm, Nix based app VMs. Available as virtualisation.appvm.
-
dragonflydb, a modern replacement for Redis and Memcached. Available as services.dragonflydb.
-
infnoise, a hardware True Random Number Generator dongle. Available as services.infnoise.
-
persistent-evdev, a daemon to add virtual proxy devices that mirror a physical input device but persist even if the underlying hardware is hot-plugged. Available as services.persistent-evdev.
-
schleuder, a mailing list manager with PGP support. Enable using services.schleuder.
-
expressvpn, the CLI client for ExpressVPN. Available as services.expressvpn.
Backward Incompatibilities
-
The
isCompatible
predicate checking CPU compatibility is no longer exposed by the platform sets generated usinglib.systems.elaborate
. In most cases you will want to use the newcanExecute
predicate instead which also considers the kernel / syscall interface. It is briefly described in the release's highlights section.lib.systems.parse.isCompatible
still exists, but has changed semantically: Architectures with differing endianness modes are no longer considered compatible. -
ngrok
has been upgraded from 2.3.40 to 3.0.4. Please see the upgrade guide and changelog. Notably, breaking changes are that the config file format has changed and support for single hypen arguments was dropped. -
i18n.supportedLocales
is now by default only generated with the locales set ini18n.defaultLocale
andi18n.extraLocaleSettings
. This got partially copied over from the minimal profile and reduces the final system size by up to 200MB. If you require all locales installed set the option to[ "all" ]
. -
The
isPowerPC
predicate, found onplatform
attrsets (hostPlatform
,buildPlatform
,targetPlatform
, etc) has been removed in order to reduce confusion. The predicate was was defined such that it matches only the 32-bit big-endian members of the POWER/PowerPC family, despite having a name which would imply a broader set of systems. If you were using this predicate, you can replacefoo.isPowerPC
with(with foo; isPower && is32bit && isBigEndian)
. -
bsp-layout
no longer uses the commandcycle
to switch to other window layouts, as it got replaced by the commandsprevious
andnext
. -
The Barco ClickShare driver/client package
pkgs.clickshare-csc1
and the optionprograms.clickshare-csc1.enable
have been removed, as it requiresqt4
, which reached its end-of-life 2015 and will no longer be supported by nixpkgs. According to Barco many of their base unit models can be used with Google Chrome and the Google Cast extension. -
PHP 7.4 is no longer supported due to upstream not supporting this version for the entire lifecycle of the 22.11 release.
-
riak package removed along with
services.riak
module, due to lack of maintainer to update the package. -
(Neo)Vim can not be configured with
configure.pathogen
anymore to reduce maintainance burden. Useconfigure.packages
instead. -
k3s
no longer supports docker as runtime due to upstream dropping support.
Other Notable Changes
-
The
xplr
package has been updated from 0.18.0 to 0.19.0, which brings some breaking changes. See the upstream release notes for more details. -
A new module was added for the Saleae Logic device family, providing the options
hardware.saleae-logic.enable
andhardware.saleae-logic.package
. -
The Redis module now disables RDB persistence when
services.redis.servers.<name>.save = []
instead of using the Redis default. -
Matrix Synapse now requires entries in the
state_group_edges
table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation. -
dockerTools.buildImage
deprecates the misunderstoodcontents
parameter, in favor ofcopyToRoot
. UsecopyToRoot = buildEnv { ... };
or similar if you intend to add packages to/bin
. -
memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot's fork is no longer available.
-
Add udev rules for the Teensy family of microcontrollers.
-
The
pass-secret-service
package now includes systemd units from upstream, so adding it to the NixOSservices.dbus.packages
option will make it start automatically as a systemd user service when an application tries to talk to the libsecret D-Bus API. -
There is a new module for the
thunar
program (the Xfce file manager), which depends on thexfconf
dbus service, and also has a dbus service and a systemd unit. The optionservices.xserver.desktopManager.xfce.thunarPlugins
has been renamed toprograms.thunar.plugins
, and in a future release it may be removed. -
There is a new module for the
xfconf
program (the Xfce configuration storage system), which has a dbus service.