nathan/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2026-06-05 21:03:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

doc/rl-2605: Move entries from nixos to nixpkgs doc

Browse Source
This commit is contained in:
yaya
2026-05-30 12:57:32 +02:00
parent 0264f06d5c
commit 0f48c24eb5
2 changed files with 70 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
doc/release-notes/rl-2605.section.md
View File

@@ -6,6 +6,44 @@
- GCC has been updated from GCC 14 to GCC 15.
This introduces some backwards incompatible changes; Refer to the [upstream porting guide](https://gcc.gnu.org/gcc-15/porting_to.html) for details.
- `glibc` has been updated to version 2.42.
This version no longer makes the stack executable when a shared library requires this. A symptom
is an error like
> cannot enable executable stack as shared object requires: Invalid argument
This is usually a bug. Please consider reporting it to the software maintainers.
In a lot of cases, the library requires the execstack by mistake only. The following workarounds exist:
* When building the shared library in question from source, use the following linker flags to force turning off the
executable flag:
```nix
mkDerivation {
# …
env.NIX_LDFLAGS = "-z,noexecstack";
}
```
* If the sources are not available, the execstack-flag can be cleared with `patchelf`:
```
patchelf --clear-execstack binary-only.so
```
* If the shared library to be loaded actually requires an executable stack and it isn't turned
on by the application loading it, you may force allowing that behavior by setting the
following environment variable:
```
GLIBC_TUNABLES=glibc.rtld.execstack=2
```
**Do not set this globally!** This makes your setup inherently less secure.
- Node.js default version has been updated from 22 LTS to 24 LTS.
This introduces some breaking changes; Refer to the [upstream migration article](https://nodejs.org/en/blog/migrations/v22-to-v24) for details.
@@ -74,6 +112,8 @@
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
- `mdbook-linkcheck` has been removed as it is unmaintained and incompatible with the latest version of `mdbook`. Users can instead migrate to `mdbook-linkcheck2`.
- The `nodePackages` package set has been removed entirely from nixpkgs. This package set was created to ease the maintenance burden of maintaining lots of
NodeJS-based packages within nixpkgs, but became a burden itself. Over the past several releases, there has been a focus on removing it in favor of the more modern nixpkgs packaging strategies.
After a long time, this package set has been deprecated and removed. If you are using its package set in your own config, please use the top-level packages instead.(i.e `pkgs.package-name` instead of `pkgs.nodePackages.package-name`).
@@ -111,6 +151,23 @@
- `nodePackages.wavedrom-cli` has been removed, as it was unmaintained within nixpkgs.
- MATE packages have been moved to top level (e.g. if you previously added `pkgs.mate.caja` to `environment.systemPackages`, you will need to change it to `pkgs.caja`).
- `kratos` has been updated from 1.3.1 to [25.4.0](https://github.com/ory/kratos/releases/tag/v25.4.0). Upstream switched to a new versioning scheme (year.major.minor). Notable breaking changes:
- The `migrate sql` CLI command is now `migrate sql up`
- OIDC registration validation errors are now placed in the `default` node group instead of `oidc`
- Failed OIDC account linking returns HTTP 400 instead of 200
- `pdns` has been updated to version [v5.0.x](https://doc.powerdns.com/authoritative/changelog/5.0.html), which introduces breaking changes. Check out the [Upgrade Notes](https://doc.powerdns.com/authoritative/upgrading.html#to-5-0-0) for details.
- `geph` package's built-in GUI `geph5-client-gui` has been [removed](https://github.com/geph-official/geph5/commit/f2221fb8386312daf2cef05483ebb353ff48bdb4) by the upstream. All users who wish to continue using the GUI should install the `gephgui-wry`, which is consistent with the official release version.
- `xfsprogs` was updated to version 6.18.0, which enables parent pointers and exchange-range by default. Upstream recommends not to use these features with kernels older than 6.18.
GRUB2 is likely unable to boot from filesystems with these features enabled.
- `lunarvim` package has been removed, as it was abandoned upstream and relied on an old version of `neovim` to work properly.
- `requireFile` now treats any `message` or `url` argument as a literal string, rather than subjecting it to Bash here-doc expansion. This allows including strings like `$PWD` in the message without needing to know about and handle the undocumented Bash expansion.
- `nodePackages.browserify` has been removed, as it was unmaintained within nixpkgs.
@@ -314,6 +371,8 @@
- `linuxPackages.nvidiaPackages` now follows NVIDIA's official release branches by exposing `production`, `new_feature`, and `beta`. The convenience aliases `latest` (newer of `production` and `new_feature`) and `bleeding_edge` (newer of `latest` and `beta`) are provided; note that `beta` now refers strictly to the beta branch.
- `stestrCheckHook` was added: This test hook runs `stestr run`. You can disable tests with `disabledTests` and `disabledTestsRegex`.
- `balatro` now supports the Google Play and Xbox PC versions of the game. Pass the `apk` or `Assets.zip` as `balatro.override { src = "…" }`.
- `uptime-kuma` has been updated to v2, which requires an automated migration that can take a few hours. **A backup is highly recommended.**
@@ -324,6 +383,16 @@
- The `libcxxhardeningextensive` hardening flag has been **disabled** by default. Enabling it by default in 25.11 was unintentional and may have had a negative effect on performance in some cases. `libcxxhardeningfast` remains enabled by default.
- Wine has been updated to the 11.0 branch. Please check the [upstream announcement](https://gitlab.winehq.org/wine/wine/-/releases/wine-11.0) for more details.
- Cinnamon has been updated to 6.6, please check the [upstream announcement](https://www.linuxmint.com/rel_zena_whatsnew.php) for more details.
- `rspamd` has been updated to 4.0. Please check the upstream [migration](https://docs.rspamd.com/tutorials/migration/#migration-to-rspamd-400) documentation, especially if you run a sharded Redis deployment.
- `hyphen` now supports over 40 language variants through `hyphenDicts` and now allows to enable all supported languages through `hyphenDicts.all`.
- `budgie` has been updated to 10.10, please check the [upstream announcement](https://buddiesofbudgie.org/blog/budgie-10-10-released) for more details.
- The packages `ibtool`, `actool` and `re-plistbuddy` have been added, providing reimplementations of the corresponding proprietary Apple tools. They are more compatible with the originals than the previously existing `xcbuild` package, and should enable more darwin software to be built from source.
- Switch inhibitors were introduced, which add a pre-switch check that compares a list of strings between the previous and the new generation, and refuses to switch into the new generation when there is a difference between the two lists. This allows avoiding switching into a system when for instance the systemd version changed by adding `config.systemd.package.version` to the switch inhibitors for your system. You can still forcefully switch into any generation by setting `NIXOS_NO_CHECK=1`.
@@ -423,3 +492,4 @@ gnuradioMinimal.override {
- The builder `php.buildComposerProject2` for PHP applications has been improved for better reliability and stability.
- The `services.drupal` module has a few improvements aimed at making it better for installing custom Drupal instances, namely a new `webRoot` option for identifying custom webroots in source code, a new `configRoot` option for identifying and synchronizing config yamls onto NixOS, and some new settings for managing variable content and filepaths.

68
nixos/doc/manual/release-notes/rl-2605.section.md
View File

@@ -302,8 +302,6 @@ of pulling the upstream container image from Docker Hub. If you want the old beh
- [services.desktopManager.gnome](#opt-services.desktopManager.gnome.enable) no longer installs the Geary e-mail client since it is not part of the GNOME [core applications](https://apps.gnome.org/) list. Geary's position in the default favorite apps section has been replaced by GNOME Text Editor. To keep it installed, add `programs.geary.enable = true;` to your configuration.
- MATE packages have been moved to top level (e.g. if you previously added `pkgs.mate.caja` to `environment.systemPackages`, you will need to change it to `pkgs.caja`).
- `walker` has been updated to 2.0.0+, which is a complete rewrite in rust.
It now requires a running `elephant` application launcher backend service, which can be enabled using the new `services.elephant.enable`.
@@ -350,14 +348,6 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>.
- In both "networkd" and "scripted" backends, the configuration of name servers is now part of `network-local-commands.service` (fixes issue [#445496](https://github.com/NixOS/nixpkgs/issues/445496)).
- The issue that resulted in a completely unconfigured network if both `resolvconf` was disabled and no default gateway configured, has also been fixed.
- `kratos` has been updated from 1.3.1 to [25.4.0](https://github.com/ory/kratos/releases/tag/v25.4.0). Upstream switched to a new versioning scheme (year.major.minor). Notable breaking changes:
- The `migrate sql` CLI command is now `migrate sql up`
- OIDC registration validation errors are now placed in the `default` node group instead of `oidc`
- Failed OIDC account linking returns HTTP 400 instead of 200
- `pdns` has been updated to version [v5.0.x](https://doc.powerdns.com/authoritative/changelog/5.0.html), which introduces breaking changes. Check out the [Upgrade Notes](https://doc.powerdns.com/authoritative/upgrading.html#to-5-0-0) for details.
- In the PowerDNS Recursor module, following the deprecation period started with NixOS 25.05, the option {option}`services.pdns-recursor.old-settings` has been removed and {option}`services.pdns-recursor.yaml-settings` consequently renamed to [](#opt-services.pdns-recursor.settings).
- [services.angrr](#opt-services.angrr.enable) now uses TOML for configuration. Define policies with [](#opt-services.angrr.settings) (generate TOML file) or point to a file using [](#opt-services.angrr.configFile). The legacy options `services.angrr.period`, `services.angrr.ownedOnly`, and `services.angrr.removeRoot` have been removed. See `man 5 angrr` and the description of [](#opt-services.angrr.settings) options for examples and details.
@@ -366,8 +356,6 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>.
- `services.pingvin-share` has been removed as the `pingvin-share.backend` package was broken and the project was archived upstream.
- `geph` package's built-in GUI `geph5-client-gui` has been [removed](https://github.com/geph-official/geph5/commit/f2221fb8386312daf2cef05483ebb353ff48bdb4) by the upstream. All users who wish to continue using the GUI should install the `gephgui-wry`, which is consistent with the official release version.
- `services.jellyseerr` has been renamed to [services.seerr](#opt-services.seerr.enable) following the upstream changes. Notable breaking changes:
- systemd service name changed accordingly.
- Default config directory moved from `/var/lib/jellyseerr/config` to `/var/lib/seerr/`.
@@ -384,13 +372,8 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>.
- SQLite paths are now relative to `service.rootpath` unless absolute. Startup now validates file
storage and OAuth providers.
- `xfsprogs` was updated to version 6.18.0, which enables parent pointers and exchange-range by default. Upstream recommends not to use these features with kernels older than 6.18.
GRUB2 is likely unable to boot from filesystems with these features enabled.
- `services.xtreemfs` has been removed as the `xtreemfs` package was broken and unmaintained upstream.
- `lunarvim` package has been removed, as it was abandoned upstream and relied on an old version of `neovim` to work properly.
- `opengfw` package and `services.opengfw` module have been removed as the upstream GitHub repository and website have been shut down.
- [services.esphome](#opt-services.esphome.enable) no longer uses `DynamicUser`. The service now runs as a static `esphome` system user. systemd handles the migration from `/var/lib/private/esphome` automatically, but users with [impermanence](https://github.com/nix-community/impermanence) setups should ensure `/var/lib/esphome` is persisted.
@@ -415,8 +398,6 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>.
- [hardware.xpadneo](#opt-hardware.xpadneo.enable) now supports configuring kernel module parameters via a freeform [settings](#opt-hardware.xpadneo.settings) option, with convenience options for [rumble attenuation](#opt-hardware.xpadneo.rumbleAttenuation) and [controller quirks](#opt-hardware.xpadneo.quirks).
- Wine has been updated to the 11.0 branch. Please check the [upstream announcement](https://gitlab.winehq.org/wine/wine/-/releases/wine-11.0) for more details.
- `security.acme` now defaults to a dynamic renewal duration, if
[security.acme.defaults.validMinDays](#opt-security.acme.defaults.validMinDays)
remains unset. This accommodates certificates with different ACME profile:
@@ -430,17 +411,8 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>.
Also see the list of available settings for [Dovecot 2.3](https://doc.dovecot.org/2.3/settings/core/) or [2.4](https://doc.dovecot.org/2.4.2/core/summaries/settings.html).
- Cinnamon has been updated to 6.6, please check the [upstream announcement](https://www.linuxmint.com/rel_zena_whatsnew.php) for more details.
- Rspamd has been updated to 4.0. Please check the upstream [migration](https://docs.rspamd.com/tutorials/migration/#migration-to-rspamd-400) documentation, especially if you run a sharded Redis deployment.
- Budgie has been updated to 10.10, please check the [upstream announcement](https://buddiesofbudgie.org/blog/budgie-10-10-released) for more details.
- [](#opt-fonts.fontconfig.useEmbeddedBitmaps) is now set to `true` by default.
- `stestrCheckHook` was added: This test hook runs `stestr run`. You can disable tests with `disabledTests` and `disabledTestsRegex`.
- `hyphen` now supports over 40 language variants through `hyphenDicts` and now allows to enable all supported languages through `hyphenDicts.all`.
- [services.frp](#opt-services.frp.instances) now supports multiple instances through [](#opt-services.frp.instances) to make it possible to run multiple frp clients or servers at the same time.
- [services.resolved](#opt-services.resolved.enable) module was converted to RFC42-style settings. The moved options have also been renamed to match the upstream names. Aliases mean current configs will continue to function, but users should move to the new options as convenient.
@@ -491,44 +463,4 @@ See <https://github.com/NixOS/nixpkgs/issues/481673>.
`component.settings`. The unix module now supports using SSH keys from Kanidm via
`services.kanidm.unix.sshIntegration = true`.
- `mdbook-linkcheck` has been removed as it is unmaintained and incompatible with the latest version of `mdbook`. Users can instead migrate to `mdbook-linkcheck2`.
- `glibc` has been updated to version 2.42.
This version no longer makes the stack executable when a shared library requires this. A symptom
is an error like
> cannot enable executable stack as shared object requires: Invalid argument
This is usually a bug. Please consider reporting it to the software maintainers.
In a lot of cases, the library requires the execstack by mistake only. The following workarounds exist:
* When building the shared library in question from source, use the following linker flags to force turning off the
executable flag:
```nix
mkDerivation {
# …
env.NIX_LDFLAGS = "-z,noexecstack";
}
```
* If the sources are not available, the execstack-flag can be cleared with `patchelf`:
```
patchelf --clear-execstack binary-only.so
```
* If the shared library to be loaded actually requires an executable stack and it isn't turned
on by the application loading it, you may force allowing that behavior by setting the
following environment variable:
```
GLIBC_TUNABLES=glibc.rtld.execstack=2
```
**Do not set this globally!** This makes your setup inherently less secure.
- [services.radicle](#opt-services.radicle.enable) now supports importing the private key and passphrase as systemd creds.