tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-15 20:27:38 +01:00
Code Issues Packages Projects Releases Wiki Activity
nixpkgs/nixos/doc/manual/release-notes/rl-2411.section.md
github-actions[bot] 26e3a02633
Merge master into haskell-updates
2024-06-08 00:14:17 +00:00

4.6 KiB
Raw Blame History

Release 24.11 (“Vicuña”, 2024.11/??)

Highlights

  • Create the first release note entry in this section!

New Services

Backward Incompatibilities

  • nginx package no longer includes gd and geoip dependencies. For enabling it, override nginx package with the optionals withImageFilter and withGeoIP.

  • openssh and openssh_hpn are now compiled without Kerberos 5 / GSSAPI support in an effort to reduce the attack surface of the components for the majority of users. Users needing this support can use the new opensshWithKerberos and openssh_hpnWithKerberos flavors (e.g. programs.ssh.package = pkgs.openssh_gssapi).

  • nvimpager was updated to version 0.13.0, which changes the order of user and nvimpager settings: user commands in -c and --cmd now override the respective default settings because they are executed later.

  • services.forgejo.mailerPasswordFile has been deprecated by the drop-in replacement services.forgejo.secrets.mailer.PASSWD, which is part of the new free-form services.forgejo.secrets option. services.forgejo.secrets is a small wrapper over systemd's LoadCredential=. It has the same structure (sections/keys) as services.forgejo.settings but takes file paths that will be read before service startup instead of some plaintext value.

  • services.ddclient.use has been deprecated: ddclient now supports separate IPv4 and IPv6 configuration. Use services.ddclient.usev4 and services.ddclient.usev6 instead.

  • The Invoiceplane module now only accepts the structured settings option. extraConfig is now removed.

  • Legacy package stalwart-mail_0_6 was dropped, please note the manual upgrade process before changing the package to pkgs.stalwart-mail in services.stalwart-mail.package.

  • haskell.lib.compose.justStaticExecutables now disallows references to GHC in the output by default, to alert users to closure size issues caused by #164630. See "Packaging Helpers" in the Haskell section of the Nixpkgs manual for information on working around output '...' is not allowed to refer to the following paths errors caused by this change.

  • The stalwart-mail module now uses RocksDB as the default storage backend for stateVersion ≥ 24.11. (It was previously using SQLite for structured data and the filesystem for blobs).

  • zx was updated to v8, which introduces several breaking changes. See the v8 changelog for more information.

  • The portunus package and service do not support weak password hashes anymore. If you installed Portunus on NixOS 23.11 or earlier, upgrade to NixOS 24.05 first to get support for strong password hashing. Then, follow the instructions on the upstream release notes to upgrade all existing user accounts to strong password hashes. If you need to upgrade to 24.11 without having completed the migration, consider the security implications of weak password hashes on your user accounts, and add the following to your configuration:

    services.portunus.package      = pkgs.portunus.override { libxcrypt = pkgs.libxcrypt-legacy; };
services.portunus.ldap.package = pkgs.openldap.override { libxcrypt = pkgs.libxcrypt-legacy; };

Other Notable Changes

  • hareHook has been added as the language framework for Hare. From now on, it, not the hare package, should be added to nativeBuildInputs when building Hare programs.

  • To facilitate dependency injection, the imgui package now builds a static archive using vcpkg' CMake rules. The derivation now installs "impl" headers selectively instead of by a wildcard. Use imgui.src if you just want to access the unpacked sources.