Home Explore Blog Models CI



nixpkgs
1st chunk of `nixos/doc/manual/release-notes/rl-1903.section.md`
b91c2d6f0980481f88039851f57cc014a723470388df17ae000000010000101f
# Release 19.03 ("Koi", 2019/04/11) {#sec-release-19.03}

## Highlights {#sec-release-19.03-highlights}

In addition to numerous new and upgraded packages, this release has the following highlights:

- End of support is planned for end of October 2019, handing over to 19.09.

- The default Python 3 interpreter is now CPython 3.7 instead of CPython 3.6.

- Added the Pantheon desktop environment. It can be enabled through `services.xserver.desktopManager.pantheon.enable`.

  ::: {.note}
  By default, `services.xserver.desktopManager.pantheon` enables LightDM as a display manager, as pantheon's screen locking implementation relies on it.
  Because of that it is recommended to leave LightDM enabled. If you'd like to disable it anyway, set `services.xserver.displayManager.lightdm.enable` to `false` and enable your preferred display manager.
  :::

  Also note that Pantheon's LightDM greeter is not enabled by default, because it has numerous issues in NixOS and isn't optimal for use here yet.

- A major refactoring of the Kubernetes module has been completed. Refactorings primarily focus on decoupling components and enhancing security. Two-way TLS and RBAC has been enabled by default for all components, which slightly changes the way the module is configured. See: [](#sec-kubernetes) for details.

- There is now a set of `confinement` options for `systemd.services`, which allows to restrict services into a chroot 2 ed environment that only contains the store paths from the runtime closure of the service.

## New Services {#sec-release-19.03-new-services}

The following new services were added since the last release:

- `./programs/nm-applet.nix`

- There is a new `security.googleOsLogin` module for using [OS Login](https://cloud.google.com/compute/docs/instances/managing-instance-access) to manage SSH access to Google Compute Engine instances, which supersedes the imperative and broken `google-accounts-daemon` used in `nixos/modules/virtualisation/google-compute-config.nix`.

- `./services/misc/beanstalkd.nix`

- There is a new `services.cockroachdb` module for running CockroachDB databases. NixOS now ships with CockroachDB 2.1.x as well, available on `x86_64-linux` and `aarch64-linux`.

- `./security/duosec.nix`

- The [PAM module for Duo Security](https://duo.com/docs/duounix) has been enabled for use. One can configure it using the `security.duosec` options along with the corresponding PAM option in `security.pam.services.<name?>.duoSecurity.enable`.

## Backward Incompatibilities {#sec-release-19.03-incompatibilities}

When upgrading from a previous release, please be aware of the following incompatible changes:

- The minimum version of Nix required to evaluate Nixpkgs is now 2.0.

  - For users of NixOS 18.03 and 19.03, NixOS defaults to Nix 2.0, but supports using Nix 1.11 by setting `nix.package = pkgs.nix1;`. If this option is set to a Nix 1.11 package, you will need to either unset the option or upgrade it to Nix 2.0.

  - For users of NixOS 17.09, you will first need to upgrade Nix by setting `nix.package = pkgs.nixStable2;` and run `nixos-rebuild switch` as the `root` user.

  - For users of a daemon-less Nix installation on Linux or macOS, you can upgrade Nix by running `curl -L https://nixos.org/nix/install | sh`, or prior to doing a channel update, running `nix-env -iA nix`. If you have already run a channel update and Nix is no longer able to evaluate Nixpkgs, the error message printed should provide adequate directions for upgrading Nix.

  - For users of the Nix daemon on macOS, you can upgrade Nix by running `sudo -i sh -c 'nix-channel --update && nix-env -iA nixpkgs.nix'; sudo launchctl stop org.nixos.nix-daemon; sudo launchctl start org.nixos.nix-daemon`.

- The `buildPythonPackage` function now sets `strictDeps = true` to help distinguish between native and non-native dependencies in order to improve cross-compilation compatibility. Note however that this may break user expressions.

- The `buildPythonPackage` function now sets `LANG = C.UTF-8` to enable Unicode support. The `glibcLocales` package is no longer needed as a build input.
Title: NixOS Release 19.03: Key Changes and Updates
Summary
Release 19.03 ("Koi") brings several significant updates, including planned end-of-support in October 2019, CPython 3.7 as the default Python 3 interpreter, and the addition of the Pantheon desktop environment. It also features a major refactoring of the Kubernetes module for enhanced security, enabling two-way TLS and RBAC by default, and new `confinement` options for `systemd.services`. New services introduced include `security.googleOsLogin` for Google Compute Engine SSH access, `services.cockroachdb`, and a PAM module for Duo Security. Backward incompatibilities require a minimum Nix version of 2.0 for evaluation, and `buildPythonPackage` now defaults `strictDeps` to `true` (which may impact user expressions) and sets `LANG = C.UTF-8` for Unicode support, removing the need for `glibcLocales`.