From 8a9e625ba5483f08aaef7c4b7074042bcc7f0f57 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Mon, 7 Jul 2025 14:06:24 +0200 Subject: [PATCH] release notes: 2.30.0 --- doc/manual/rl-next/build-dir-mandatory.md | 9 -- doc/manual/rl-next/deprecate__json.md | 11 -- doc/manual/rl-next/eval-profiler.md | 13 --- doc/manual/rl-next/json-logger.md | 6 - doc/manual/rl-next/nix-profile-add.md | 6 - .../rl-next/outpath-and-sourceinfo-fixes.md | 17 --- doc/manual/rl-next/revert-77.md | 17 --- doc/manual/source/SUMMARY.md.in | 1 + doc/manual/source/release-notes/rl-2.30.md | 106 ++++++++++++++++++ .../data/release-credits-email-to-handle.json | 21 +++- .../data/release-credits-handle-to-name.json | 18 ++- 11 files changed, 144 insertions(+), 81 deletions(-) delete mode 100644 doc/manual/rl-next/build-dir-mandatory.md delete mode 100644 doc/manual/rl-next/deprecate__json.md delete mode 100644 doc/manual/rl-next/eval-profiler.md delete mode 100644 doc/manual/rl-next/json-logger.md delete mode 100644 doc/manual/rl-next/nix-profile-add.md delete mode 100644 doc/manual/rl-next/outpath-and-sourceinfo-fixes.md delete mode 100644 doc/manual/rl-next/revert-77.md create mode 100644 doc/manual/source/release-notes/rl-2.30.md diff --git a/doc/manual/rl-next/build-dir-mandatory.md b/doc/manual/rl-next/build-dir-mandatory.md deleted file mode 100644 index cb45a4315..000000000 --- a/doc/manual/rl-next/build-dir-mandatory.md +++ /dev/null @@ -1,9 +0,0 @@ ---- -synopsis: "`build-dir` no longer defaults to `$TMPDIR`" ---- - -The directory in which temporary build directories are created no longer defaults -to `TMPDIR` or `/tmp`, to avoid builders making their directories -world-accessible. This behavior allowed escaping the build sandbox and can -cause build impurities even when not used maliciously. We now default to `builds` -in `NIX_STATE_DIR` (which is `/nix/var/nix/builds` in the default configuration). diff --git a/doc/manual/rl-next/deprecate__json.md b/doc/manual/rl-next/deprecate__json.md deleted file mode 100644 index 7fc05832f..000000000 --- a/doc/manual/rl-next/deprecate__json.md +++ /dev/null @@ -1,11 +0,0 @@ ---- -synopsis: Deprecate manually making structured attrs with `__json = ...;` -prs: [13220] ---- - -The proper way to create a derivation using [structured attrs] in the Nix language is by using `__structuredAttrs = true` with [`builtins.derivation`]. -However, by exploiting how structured attrs are implementated, it has also been possible to create them by setting the `__json` environment variable to a serialized JSON string. -This sneaky alternative method is now deprecated, and may be disallowed in future versions of Nix. - -[structured attrs]: @docroot@/language/advanced-attributes.md#adv-attr-structuredAttrs -[`builtins.derivation`]: @docroot@/language/builtins.html#builtins-derivation diff --git a/doc/manual/rl-next/eval-profiler.md b/doc/manual/rl-next/eval-profiler.md deleted file mode 100644 index 6b2bf2ce7..000000000 --- a/doc/manual/rl-next/eval-profiler.md +++ /dev/null @@ -1,13 +0,0 @@ ---- -synopsis: Add stack sampling evaluation profiler -prs: [13220] ---- - -Nix evaluator now supports stack sampling evaluation profiling via `--eval-profiler flamegraph` setting. -It collects collapsed call stack information to output file specified by -`--eval-profile-file` (`nix.profile` by default) in a format directly consumable -by `flamegraph.pl` and compatible tools like [speedscope](https://speedscope.app/). -Sampling frequency can be configured via `--eval-profiler-frequency` (99 Hz by default). - -Unlike existing `--trace-function-calls` this profiler includes the name of the function -being called when it's available. diff --git a/doc/manual/rl-next/json-logger.md b/doc/manual/rl-next/json-logger.md deleted file mode 100644 index 867b5d8b3..000000000 --- a/doc/manual/rl-next/json-logger.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -synopsis: "`json-log-path` setting" -prs: [13003] ---- - -New setting `json-log-path` that sends a copy of all Nix log messages (in JSON format) to a file or Unix domain socket. diff --git a/doc/manual/rl-next/nix-profile-add.md b/doc/manual/rl-next/nix-profile-add.md deleted file mode 100644 index a2fbcaa8d..000000000 --- a/doc/manual/rl-next/nix-profile-add.md +++ /dev/null @@ -1,6 +0,0 @@ ---- -synopsis: "Rename `nix profile install` to `nix profile add`" -prs: [13224] ---- - -The command `nix profile install` has been renamed to `nix profile add` (though the former is still available as an alias). This is because the verb "add" is a better antonym for the verb "remove" (i.e. `nix profile remove`). Nix also does not have install hooks or general behavior often associated with "installing". diff --git a/doc/manual/rl-next/outpath-and-sourceinfo-fixes.md b/doc/manual/rl-next/outpath-and-sourceinfo-fixes.md deleted file mode 100644 index 479a2f5cb..000000000 --- a/doc/manual/rl-next/outpath-and-sourceinfo-fixes.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -synopsis: Non-flake inputs now contain a `sourceInfo` attribute -issues: 13164 -prs: 13170 ---- - -Flakes have always a `sourceInfo` attribute which describes the source of the flake. -The `sourceInfo.outPath` is often identical to the flake's `outPath`, however it can differ when the flake is located in a subdirectory of its source. - -Non-flake inputs (i.e. inputs with `flake = false`) can also be located at some path _within_ a wider source. -This usually happens when defining a relative path input within the same source as the parent flake, e.g. `inputs.foo.url = ./some-file.nix`. -Such relative inputs will now inherit their parent's `sourceInfo`. - -This also means it is now possible to use `?dir=subdir` on non-flake inputs. - -This iterates on the work done in 2.26 to improve relative path support ([#10089](https://github.com/NixOS/nix/pull/10089)), -and resolves a regression introduced in 2.28 relating to nested relative path inputs ([#13164](https://github.com/NixOS/nix/issues/13164)). diff --git a/doc/manual/rl-next/revert-77.md b/doc/manual/rl-next/revert-77.md deleted file mode 100644 index c2cef74d3..000000000 --- a/doc/manual/rl-next/revert-77.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -synopsis: Revert incomplete closure mixed download and build feature -issues: [77, 12628] -prs: [13176] ---- - -Since Nix 1.3 (299141ecbd08bae17013226dbeae71e842b4fdd7 in 2013) Nix has attempted to mix together upstream fresh builds and downstream substitutions when remote substuters contain an "incomplete closure" (have some store objects, but not the store objects they reference). -This feature is now removed. - -Worst case, removing this feature could cause more building downstream, but it should not cause outright failures, since this is not happening for opaque store objects that we don't know how to build if we decide not to substitute. -In practice, however, we doubt even the more building is very likely to happen. -Remote stores that are missing dependencies in arbitrary ways (e.g. corruption) don't seem to be very common. - -On the contrary, when remote stores fail to implement the [closure property](@docroot@/store/store-object.md#closure-property), it is usually an *intentional* choice on the part of the remote store, because it wishes to serve as an "overlay" store over another store, such as `https://cache.nixos.org`. -If an "incomplete closure" is encountered in that situation, the right fix is not to do some sort of "franken-building" as this feature implemented, but instead to make sure both substituters are enabled in the settings. - -(In the future, we should make it easier for remote stores to indicate this to clients, to catch settings that won't work in general before a missing dependency is actually encountered.) diff --git a/doc/manual/source/SUMMARY.md.in b/doc/manual/source/SUMMARY.md.in index 8326a96e3..bfb921567 100644 --- a/doc/manual/source/SUMMARY.md.in +++ b/doc/manual/source/SUMMARY.md.in @@ -137,6 +137,7 @@ - [Contributing](development/contributing.md) - [Releases](release-notes/index.md) {{#include ./SUMMARY-rl-next.md}} + - [Release 2.30 (2025-07-07)](release-notes/rl-2.30.md) - [Release 2.29 (2025-05-14)](release-notes/rl-2.29.md) - [Release 2.28 (2025-04-02)](release-notes/rl-2.28.md) - [Release 2.27 (2025-03-03)](release-notes/rl-2.27.md) diff --git a/doc/manual/source/release-notes/rl-2.30.md b/doc/manual/source/release-notes/rl-2.30.md new file mode 100644 index 000000000..b205bad51 --- /dev/null +++ b/doc/manual/source/release-notes/rl-2.30.md @@ -0,0 +1,106 @@ +# Release 2.30.0 (2025-07-07) + +- `build-dir` no longer defaults to `$TMPDIR` + + The directory in which temporary build directories are created no longer defaults + to `TMPDIR` or `/tmp`, to avoid builders making their directories + world-accessible. This behavior allowed escaping the build sandbox and can + cause build impurities even when not used maliciously. We now default to `builds` + in `NIX_STATE_DIR` (which is `/nix/var/nix/builds` in the default configuration). + +- Deprecate manually making structured attrs with `__json = ...;` [#13220](https://github.com/NixOS/nix/pull/13220) + + The proper way to create a derivation using [structured attrs] in the Nix language is by using `__structuredAttrs = true` with [`builtins.derivation`]. + However, by exploiting how structured attrs are implementated, it has also been possible to create them by setting the `__json` environment variable to a serialized JSON string. + This sneaky alternative method is now deprecated, and may be disallowed in future versions of Nix. + + [structured attrs]: @docroot@/language/advanced-attributes.md#adv-attr-structuredAttrs + [`builtins.derivation`]: @docroot@/language/builtins.html#builtins-derivation + +- Add stack sampling evaluation profiler [#13220](https://github.com/NixOS/nix/pull/13220) + + Nix evaluator now supports stack sampling evaluation profiling via `--eval-profiler flamegraph` setting. + It collects collapsed call stack information to output file specified by + `--eval-profile-file` (`nix.profile` by default) in a format directly consumable + by `flamegraph.pl` and compatible tools like [speedscope](https://speedscope.app/). + Sampling frequency can be configured via `--eval-profiler-frequency` (99 Hz by default). + + Unlike existing `--trace-function-calls` this profiler includes the name of the function + being called when it's available. + +- `json-log-path` setting [#13003](https://github.com/NixOS/nix/pull/13003) + + New setting `json-log-path` that sends a copy of all Nix log messages (in JSON format) to a file or Unix domain socket. + +- Rename `nix profile install` to `nix profile add` [#13224](https://github.com/NixOS/nix/pull/13224) + + The command `nix profile install` has been renamed to `nix profile add` (though the former is still available as an alias). This is because the verb "add" is a better antonym for the verb "remove" (i.e. `nix profile remove`). Nix also does not have install hooks or general behavior often associated with "installing". + +- Non-flake inputs now contain a `sourceInfo` attribute [#13164](https://github.com/NixOS/nix/issues/13164) [#13170](https://github.com/NixOS/nix/pull/13170) + + Flakes have always a `sourceInfo` attribute which describes the source of the flake. + The `sourceInfo.outPath` is often identical to the flake's `outPath`, however it can differ when the flake is located in a subdirectory of its source. + + Non-flake inputs (i.e. inputs with `flake = false`) can also be located at some path _within_ a wider source. + This usually happens when defining a relative path input within the same source as the parent flake, e.g. `inputs.foo.url = ./some-file.nix`. + Such relative inputs will now inherit their parent's `sourceInfo`. + + This also means it is now possible to use `?dir=subdir` on non-flake inputs. + + This iterates on the work done in 2.26 to improve relative path support ([#10089](https://github.com/NixOS/nix/pull/10089)), + and resolves a regression introduced in 2.28 relating to nested relative path inputs ([#13164](https://github.com/NixOS/nix/issues/13164)). + +- Revert incomplete closure mixed download and build feature [#77](https://github.com/NixOS/nix/issues/77) [#12628](https://github.com/NixOS/nix/issues/12628) [#13176](https://github.com/NixOS/nix/pull/13176) + + Since Nix 1.3 (299141ecbd08bae17013226dbeae71e842b4fdd7 in 2013) Nix has attempted to mix together upstream fresh builds and downstream substitutions when remote substuters contain an "incomplete closure" (have some store objects, but not the store objects they reference). + This feature is now removed. + + Worst case, removing this feature could cause more building downstream, but it should not cause outright failures, since this is not happening for opaque store objects that we don't know how to build if we decide not to substitute. + In practice, however, we doubt even the more building is very likely to happen. + Remote stores that are missing dependencies in arbitrary ways (e.g. corruption) don't seem to be very common. + + On the contrary, when remote stores fail to implement the [closure property](@docroot@/store/store-object.md#closure-property), it is usually an *intentional* choice on the part of the remote store, because it wishes to serve as an "overlay" store over another store, such as `https://cache.nixos.org`. + If an "incomplete closure" is encountered in that situation, the right fix is not to do some sort of "franken-building" as this feature implemented, but instead to make sure both substituters are enabled in the settings. + + (In the future, we should make it easier for remote stores to indicate this to clients, to catch settings that won't work in general before a missing dependency is actually encountered.) + + +# Contributors + + +This release was made possible by the following 32 contributors: + +- Robert Hensing [**(@roberth)**](https://github.com/roberth) +- Jörg Thalheim [**(@Mic92)**](https://github.com/Mic92) +- Egor Konovalov [**(@egorkonovalov)**](https://github.com/egorkonovalov) +- PopeRigby [**(@poperigby)**](https://github.com/poperigby) +- Peder Bergebakken Sundt [**(@pbsds)**](https://github.com/pbsds) +- Farid Zakaria [**(@fzakaria)**](https://github.com/fzakaria) +- Gwenn Le Bihan [**(@gwennlbh)**](https://github.com/gwennlbh) +- Jade Masker [**(@donottellmetonottellyou)**](https://github.com/donottellmetonottellyou) +- Nikita Krasnov [**(@synalice)**](https://github.com/synalice) +- tomberek [**(@tomberek)**](https://github.com/tomberek) +- Wolfgang Walther [**(@wolfgangwalther)**](https://github.com/wolfgangwalther) +- Samuli Thomasson [**(@SimSaladin)**](https://github.com/SimSaladin) +- h0nIg [**(@h0nIg)**](https://github.com/h0nIg) +- Valentin Gagarin [**(@fricklerhandwerk)**](https://github.com/fricklerhandwerk) +- Vladimír Čunát [**(@vcunat)**](https://github.com/vcunat) +- Graham Christensen [**(@grahamc)**](https://github.com/grahamc) +- kstrafe [**(@kstrafe)**](https://github.com/kstrafe) +- gustavderdrache [**(@gustavderdrache)**](https://github.com/gustavderdrache) +- Matt Sturgeon [**(@MattSturgeon)**](https://github.com/MattSturgeon) +- John Ericson [**(@Ericson2314)**](https://github.com/Ericson2314) +- Tristan Ross [**(@RossComputerGuy)**](https://github.com/RossComputerGuy) +- jayeshv [**(@jayeshv)**](https://github.com/jayeshv) +- Eelco Dolstra [**(@edolstra)**](https://github.com/edolstra) +- pennae [**(@pennae)**](https://github.com/pennae) +- Luc Perkins [**(@lucperkins)**](https://github.com/lucperkins) +- Cole Helbling [**(@cole-h)**](https://github.com/cole-h) +- Pol Dellaiera [**(@drupol)**](https://github.com/drupol) +- Sergei Zimmerman [**(@xokdvium)**](https://github.com/xokdvium) +- Seth Flynn [**(@getchoo)**](https://github.com/getchoo) +- Jonas Chevalier [**(@zimbatm)**](https://github.com/zimbatm) +- Stefan Boca [**(@stefanboca)**](https://github.com/stefanboca) +- Jeremy Fleischman [**(@jfly)**](https://github.com/jfly) +- Philipp Otterbein +- Raito Bezarius diff --git a/maintainers/data/release-credits-email-to-handle.json b/maintainers/data/release-credits-email-to-handle.json index c77fe4684..48e8685e6 100644 --- a/maintainers/data/release-credits-email-to-handle.json +++ b/maintainers/data/release-credits-email-to-handle.json @@ -166,5 +166,24 @@ "the-tumultuous-unicorn-of-darkness@gmx.com": "TheTumultuousUnicornOfDarkness", "dev@rodney.id.au": "rvl", "pe@pijul.org": "P-E-Meunier", - "yannik@floxdev.com": "ysndr" + "yannik@floxdev.com": "ysndr", + "73017521+egorkonovalov@users.noreply.github.com": "egorkonovalov", + "raito@lix.systems": null, + "nikita.nikita.krasnov@gmail.com": "synalice", + "lucperkins@gmail.com": "lucperkins", + "vladimir.cunat@nic.cz": "vcunat", + "walther@technowledgy.de": "wolfgangwalther", + "jayesh.mail@gmail.com": "jayeshv", + "samuli.thomasson@pm.me": "SimSaladin", + "kevin@stravers.net": "kstrafe", + "poperigby@mailbox.org": "poperigby", + "cole.helbling@determinate.systems": "cole-h", + "donottellmetonottellyou@gmail.com": "donottellmetonottellyou", + "getchoo@tuta.io": "getchoo", + "alex.ford@determinate.systems": "gustavderdrache", + "stefan.r.boca@gmail.com": "stefanboca", + "gwenn.lebihan7@gmail.com": "gwennlbh", + "hey@ewen.works": "gwennlbh", + "matt@sturgeon.me.uk": "MattSturgeon", + "pbsds@hotmail.com": "pbsds" } \ No newline at end of file diff --git a/maintainers/data/release-credits-handle-to-name.json b/maintainers/data/release-credits-handle-to-name.json index 734476078..a6352c44b 100644 --- a/maintainers/data/release-credits-handle-to-name.json +++ b/maintainers/data/release-credits-handle-to-name.json @@ -146,5 +146,21 @@ "ajlekcahdp4": "Alexander Romanov", "Valodim": "Vincent Breitmoser", "rvl": "Rodney Lorrimar", - "whatsthecraic": "Dean De Leo" + "whatsthecraic": "Dean De Leo", + "gwennlbh": "Gwenn Le Bihan", + "donottellmetonottellyou": "Jade Masker", + "kstrafe": null, + "synalice": "Nikita Krasnov", + "poperigby": "PopeRigby", + "MattSturgeon": "Matt Sturgeon", + "lucperkins": "Luc Perkins", + "gustavderdrache": null, + "SimSaladin": "Samuli Thomasson", + "getchoo": "Seth Flynn", + "stefanboca": "Stefan Boca", + "wolfgangwalther": "Wolfgang Walther", + "pbsds": "Peder Bergebakken Sundt", + "egorkonovalov": "Egor Konovalov", + "jayeshv": "jayeshv", + "vcunat": "Vladim\u00edr \u010cun\u00e1t" } \ No newline at end of file