wroclaw-git-backups/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2025-07-07 18:31:49 +02:00
Code Activity

Rename doc/manual{src -> source}

Browse source 
This is needed to avoid this
https://github.com/mesonbuild/meson/issues/13774 when we go back to
making our subproject directory `src`.
This commit is contained in:
John Ericson 2024-10-10 12:04:33 -04:00
parent d5c45952ac
commit eb7d7780b1
221 changed files with 75 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

13
doc/manual/source/release-notes/index.md Normal file
View file

@ -0,0 +1,13 @@
# Nix Release Notes
The Nix release cycle is calendar-based as follows:
Nix has a release cycle of roughly 6 weeks.
Notable changes and additions are announced in the release notes for each version.
The supported Nix versions are:
- The latest release
- The version used in the stable NixOS release, which is announced in the [NixOS release notes](https://nixos.org/manual/nixos/stable/release-notes.html#ch-release-notes).
Bugfixes and security issues are backported to every supported version.
Patch releases are published as needed.

24
doc/manual/source/release-notes/meson.build Normal file
View file

@ -0,0 +1,24 @@
rl_next_generated = custom_target(
command : [
'bash',
'-euo',
'pipefail',
'-c',
'''
if type -p build-release-notes > /dev/null; then
build-release-notes --change-authors @CURRENT_SOURCE_DIR@/../../change-authors.yml @CURRENT_SOURCE_DIR@/../../rl-next
elif type -p changelog-d > /dev/null; then
changelog-d @CURRENT_SOURCE_DIR@/../../rl-next
fi
@0@ @INPUT0@ @CURRENT_SOURCE_DIR@/../../rl-next > @DEPFILE@
'''.format(
python.full_path(),
),
],
input : [
generate_manual_deps,
],
output : 'rl-next.md',
capture : true,
depfile : 'rl-next.d',
)

5
doc/manual/source/release-notes/rl-0.10.1.md Normal file
View file

@ -0,0 +1,5 @@
# Release 0.10.1 (2006-10-11)
This release fixes two somewhat obscure bugs that occur when evaluating
Nix expressions that are stored inside the Nix store (`NIX-67`). These
do not affect most users.

212
doc/manual/source/release-notes/rl-0.10.md Normal file
View file

@ -0,0 +1,212 @@
# Release 0.10 (2006-10-06)
> **Note**
>
> This version of Nix uses Berkeley DB 4.4 instead of 4.3. The database
> is upgraded automatically, but you should be careful not to use old
> versions of Nix that still use Berkeley DB 4.3. In particular, if you
> use a Nix installed through Nix, you should run
>
> $ nix-store --clear-substitutes
>
> first.
> **Warning**
>
> Also, the database schema has changed slighted to fix a performance
> issue (see below). When you run any Nix 0.10 command for the first
> time, the database will be upgraded automatically. This is
> irreversible.
- `nix-env` usability improvements:
- An option `--compare-versions` (or `-c`) has been added to
`nix-env
--query` to allow you to compare installed versions of packages
to available versions, or vice versa. An easy way to see if you
are up to date with whats in your subscribed channels is
`nix-env -qc \*`.
- `nix-env --query` now takes as arguments a list of package names
about which to show information, just like `--install`, etc.:
for example, `nix-env -q gcc`. Note that to show all
derivations, you need to specify `\*`.
- `nix-env -i
pkgname` will now install the highest available version of
*pkgname*, rather than installing all available versions (which
would probably give collisions) (`NIX-31`).
- `nix-env (-i|-u) --dry-run` now shows exactly which missing
paths will be built or substituted.
- `nix-env -qa --description` shows human-readable descriptions of
packages, provided that they have a `meta.description` attribute
(which most packages in Nixpkgs dont have yet).
- New language features:
- Reference scanning (which happens after each build) is much
faster and takes a constant amount of memory.
- String interpolation. Expressions like
"--with-freetype2-library=" + freetype + "/lib"
can now be written as
"--with-freetype2-library=${freetype}/lib"
You can write arbitrary expressions within `${...}`, not just
identifiers.
- Multi-line string literals.
- String concatenations can now involve derivations, as in the
example `"--with-freetype2-library="
+ freetype + "/lib"`. This was not previously possible because
we need to register that a derivation that uses such a string is
dependent on `freetype`. The evaluator now properly propagates
this information. Consequently, the subpath operator (`~`) has
been deprecated.
- Default values of function arguments can now refer to other
function arguments; that is, all arguments are in scope in the
default values (`NIX-45`).
- Lots of new built-in primitives, such as functions for list
manipulation and integer arithmetic. See the manual for a
complete list. All primops are now available in the set
`builtins`, allowing one to test for the availability of primop
in a backwards-compatible way.
- Real let-expressions: `let x = ...;
... z = ...; in ...`.
- New commands `nix-pack-closure` and `nix-unpack-closure` than can be
used to easily transfer a store path with all its dependencies to
another machine. Very convenient whenever you have some package on
your machine and you want to copy it somewhere else.
- XML support:
- `nix-env -q --xml` prints the installed or available packages in
an XML representation for easy processing by other tools.
- `nix-instantiate --eval-only
--xml` prints an XML representation of the resulting term. (The
new flag `--strict` forces deep evaluation of the result,
i.e., list elements and attributes are evaluated recursively.)
- In Nix expressions, the primop `builtins.toXML` converts a term
to an XML representation. This is primarily useful for passing
structured information to builders.
- You can now unambiguously specify which derivation to build or
install in `nix-env`, `nix-instantiate` and `nix-build` using the
`--attr` / `-A` flags, which takes an attribute name as argument.
(Unlike symbolic package names such as `subversion-1.4.0`, attribute
names in an attribute set are unique.) For instance, a quick way to
perform a test build of a package in Nixpkgs is `nix-build
pkgs/top-level/all-packages.nix -A
foo`. `nix-env -q
--attr` shows the attribute names corresponding to each derivation.
- If the top-level Nix expression used by `nix-env`, `nix-instantiate`
or `nix-build` evaluates to a function whose arguments all have
default values, the function will be called automatically. Also, the
new command-line switch `--arg
name
value` can be used to specify function arguments on the command
line.
- `nix-install-package --url
URL` allows a package to be installed directly from the given URL.
- Nix now works behind an HTTP proxy server; just set the standard
environment variables `http_proxy`, `https_proxy`, `ftp_proxy` or
`all_proxy` appropriately. Functions such as `fetchurl` in Nixpkgs
also respect these variables.
- `nix-build -o
symlink` allows the symlink to the build result to be named
something other than `result`.
- Platform support:
- Support for 64-bit platforms, provided a [suitably patched ATerm
library](http://bugzilla.sen.cwi.nl:8080/show_bug.cgi?id=606) is
used. Also, files larger than 2 GiB are now supported.
- Added support for Cygwin (Windows, `i686-cygwin`), Mac OS X on
Intel (`i686-darwin`) and Linux on PowerPC (`powerpc-linux`).
- Users of SMP and multicore machines will appreciate that the
number of builds to be performed in parallel can now be
specified in the configuration file in the `build-max-jobs`
setting.
- Garbage collector improvements:
- Open files (such as running programs) are now used as roots of
the garbage collector. This prevents programs that have been
uninstalled from being garbage collected while they are still
running. The script that detects these additional runtime roots
(`find-runtime-roots.pl`) is inherently system-specific, but it
should work on Linux and on all platforms that have the `lsof`
utility.
- `nix-store --gc` (a.k.a. `nix-collect-garbage`) prints out the
number of bytes freed on standard output. `nix-store
--gc --print-dead` shows how many bytes would be freed by an
actual garbage collection.
- `nix-collect-garbage -d` removes all old generations of *all*
profiles before calling the actual garbage collector (`nix-store
--gc`). This is an easy way to get rid of all old packages in
the Nix store.
- `nix-store` now has an operation `--delete` to delete specific
paths from the Nix store. It wont delete reachable
(non-garbage) paths unless `--ignore-liveness` is specified.
- Berkeley DB 4.4s process registry feature is used to recover from
crashed Nix processes.
- A performance issue has been fixed with the `referer` table, which
stores the inverse of the `references` table (i.e., it tells you
what store paths refer to a given path). Maintaining this table
could take a quadratic amount of time, as well as a quadratic amount
of Berkeley DB log file space (in particular when running the
garbage collector) (`NIX-23`).
- Nix now catches the `TERM` and `HUP` signals in addition to the
`INT` signal. So you can now do a `killall
nix-store` without triggering a database recovery.
- `bsdiff` updated to version 4.3.
- Substantial performance improvements in expression evaluation and
`nix-env -qa`, all thanks to [Valgrind](http://valgrind.org/).
Memory use has been reduced by a factor 8 or so. Big speedup by
memoisation of path hashing.
- Lots of bug fixes, notably:
- Make sure that the garbage collector can run successfully when
the disk is full (`NIX-18`).
- `nix-env` now locks the profile to prevent races between
concurrent `nix-env` operations on the same profile (`NIX-7`).
- Removed misleading messages from `nix-env -i` (e.g.,
``installing
`foo'`` followed by ``uninstalling
`foo'``) (`NIX-17`).
- Nix source distributions are a lot smaller now since we no longer
include a full copy of the Berkeley DB source distribution (but only
the bits we need).
- Header files are now installed so that external programs can use the
Nix libraries.

167
doc/manual/source/release-notes/rl-0.11.md Normal file
View file

@ -0,0 +1,167 @@
# Release 0.11 (2007-12-31)
Nix 0.11 has many improvements over the previous stable release. The
most important improvement is secure multi-user support. It also
features many usability enhancements and language extensions, many of
them prompted by NixOS, the purely functional Linux distribution based
on Nix. Here is an (incomplete) list:
- Secure multi-user support. A single Nix store can now be shared
between multiple (possible untrusted) users. This is an important
feature for NixOS, where it allows non-root users to install
software. The old setuid method for sharing a store between multiple
users has been removed. Details for setting up a multi-user store
can be found in the manual.
- The new command `nix-copy-closure` gives you an easy and efficient
way to exchange software between machines. It copies the missing
parts of the closure of a set of store path to or from a remote
machine via `ssh`.
- A new kind of string literal: strings between double single-quotes
(`''`) have indentation “intelligently” removed. This allows large
strings (such as shell scripts or configuration file fragments in
NixOS) to cleanly follow the indentation of the surrounding
expression. It also requires much less escaping, since `''` is less
common in most languages than `"`.
- `nix-env` `--set` modifies the current generation of a profile so
that it contains exactly the specified derivation, and nothing else.
For example, `nix-env -p /nix/var/nix/profiles/browser --set
firefox` lets the profile named `browser` contain just Firefox.
- `nix-env` now maintains meta-information about installed packages in
profiles. The meta-information is the contents of the `meta`
attribute of derivations, such as `description` or `homepage`. The
command `nix-env -q --xml
--meta` shows all meta-information.
- `nix-env` now uses the `meta.priority` attribute of derivations to
resolve filename collisions between packages. Lower priority values
denote a higher priority. For instance, the GCC wrapper package and
the Binutils package in Nixpkgs both have a file `bin/ld`, so
previously if you tried to install both you would get a collision.
Now, on the other hand, the GCC wrapper declares a higher priority
than Binutils, so the formers `bin/ld` is symlinked in the user
environment.
- `nix-env -i / -u`: instead of breaking package ties by version,
break them by priority and version number. That is, if there are
multiple packages with the same name, then pick the package with the
highest priority, and only use the version if there are multiple
packages with the same priority.
This makes it possible to mark specific versions/variant in Nixpkgs
more or less desirable than others. A typical example would be a
beta version of some package (e.g., `gcc-4.2.0rc1`) which should not
be installed even though it is the highest version, except when it
is explicitly selected (e.g., `nix-env -i
gcc-4.2.0rc1`).
- `nix-env --set-flag` allows meta attributes of installed packages to
be modified. There are several attributes that can be usefully
modified, because they affect the behaviour of `nix-env` or the user
environment build script:
- `meta.priority` can be changed to resolve filename clashes (see
above).
- `meta.keep` can be set to `true` to prevent the package from
being upgraded or replaced. Useful if you want to hang on to an
older version of a package.
- `meta.active` can be set to `false` to “disable” the package.
That is, no symlinks will be generated to the files of the
package, but it remains part of the profile (so it wont be
garbage-collected). Set it back to `true` to re-enable the
package.
- `nix-env -q` now has a flag `--prebuilt-only` (`-b`) that causes
`nix-env` to show only those derivations whose output is already in
the Nix store or that can be substituted (i.e., downloaded from
somewhere). In other words, it shows the packages that can be
installed “quickly”, i.e., dont need to be built from source. The
`-b` flag is also available in `nix-env -i` and `nix-env -u` to
filter out derivations for which no pre-built binary is available.
- The new option `--argstr` (in `nix-env`, `nix-instantiate` and
`nix-build`) is like `--arg`, except that the value is a string. For
example, `--argstr system
i686-linux` is equivalent to `--arg system
\"i686-linux\"` (note that `--argstr` prevents annoying quoting
around shell arguments).
- `nix-store` has a new operation `--read-log` (`-l`) `paths` that
shows the build log of the given paths.
- Nix now uses Berkeley DB 4.5. The database is upgraded
automatically, but you should be careful not to use old versions of
Nix that still use Berkeley DB 4.4.
- The option `--max-silent-time` (corresponding to the configuration
setting `build-max-silent-time`) allows you to set a timeout on
builds — if a build produces no output on `stdout` or `stderr` for
the given number of seconds, it is terminated. This is useful for
recovering automatically from builds that are stuck in an infinite
loop.
- `nix-channel`: each subscribed channel is its own attribute in the
top-level expression generated for the channel. This allows
disambiguation (e.g. `nix-env
-i -A nixpkgs_unstable.firefox`).
- The substitutes table has been removed from the database. This makes
operations such as `nix-pull` and `nix-channel --update` much, much
faster.
- `nix-pull` now supports bzip2-compressed manifests. This speeds up
channels.
- `nix-prefetch-url` now has a limited form of caching. This is used
by `nix-channel` to prevent unnecessary downloads when the channel
hasnt changed.
- `nix-prefetch-url` now by default computes the SHA-256 hash of the
file instead of the MD5 hash. In calls to `fetchurl` you should pass
the `sha256` attribute instead of `md5`. You can pass either a
hexadecimal or a base-32 encoding of the hash.
- Nix can now perform builds in an automatically generated “chroot”.
This prevents a builder from accessing stuff outside of the Nix
store, and thus helps ensure purity. This is an experimental
feature.
- The new command `nix-store
--optimise` reduces Nix store disk space usage by finding identical
files in the store and hard-linking them to each other. It typically
reduces the size of the store by something like 25-35%.
- `~/.nix-defexpr` can now be a directory, in which case the Nix
expressions in that directory are combined into an attribute set,
with the file names used as the names of the attributes. The command
`nix-env
--import` (which set the `~/.nix-defexpr` symlink) is removed.
- Derivations can specify the new special attribute
`allowedReferences` to enforce that the references in the output of
a derivation are a subset of a declared set of paths. For example,
if `allowedReferences` is an empty list, then the output must not
have any references. This is used in NixOS to check that generated
files such as initial ramdisks for booting Linux dont have any
dependencies.
- The new attribute `exportReferencesGraph` allows builders access to
the references graph of their inputs. This is used in NixOS for
tasks such as generating ISO-9660 images that contain a Nix store
populated with the closure of certain paths.
- Fixed-output derivations (like `fetchurl`) can define the attribute
`impureEnvVars` to allow external environment variables to be passed
to builders. This is used in Nixpkgs to support proxy configuration,
among other things.
- Several new built-in functions: `builtins.attrNames`,
`builtins.filterSource`, `builtins.isAttrs`, `builtins.isFunction`,
`builtins.listToAttrs`, `builtins.stringLength`, `builtins.sub`,
`builtins.substring`, `throw`, `builtins.trace`,
`builtins.readFile`.

123
doc/manual/source/release-notes/rl-0.12.md Normal file
View file

@ -0,0 +1,123 @@
# Release 0.12 (2008-11-20)
- Nix no longer uses Berkeley DB to store Nix store metadata. The
principal advantages of the new storage scheme are: it works
properly over decent implementations of NFS (allowing Nix stores to
be shared between multiple machines); no recovery is needed when a
Nix process crashes; no write access is needed for read-only
operations; no more running out of Berkeley DB locks on certain
operations.
You still need to compile Nix with Berkeley DB support if you want
Nix to automatically convert your old Nix store to the new schema.
If you dont need this, you can build Nix with the `configure`
option `--disable-old-db-compat`.
After the automatic conversion to the new schema, you can delete the
old Berkeley DB files:
$ cd /nix/var/nix/db
$ rm __db* log.* derivers references referrers reserved validpaths DB_CONFIG
The new metadata is stored in the directories `/nix/var/nix/db/info`
and `/nix/var/nix/db/referrer`. Though the metadata is stored in
human-readable plain-text files, they are not intended to be
human-editable, as Nix is rather strict about the format.
The new storage schema may or may not require less disk space than
the Berkeley DB environment, mostly depending on the cluster size of
your file system. With 1 KiB clusters (which seems to be the `ext3`
default nowadays) it usually takes up much less space.
- There is a new substituter that copies paths directly from other
(remote) Nix stores mounted somewhere in the filesystem. For
instance, you can speed up an installation by mounting some remote
Nix store that already has the packages in question via NFS or
`sshfs`. The environment variable `NIX_OTHER_STORES` specifies the
locations of the remote Nix directories, e.g. `/mnt/remote-fs/nix`.
- New `nix-store` operations `--dump-db` and `--load-db` to dump and
reload the Nix database.
- The garbage collector has a number of new options to allow only some
of the garbage to be deleted. The option `--max-freed N` tells the
collector to stop after at least *N* bytes have been deleted. The
option `--max-links
N` tells it to stop after the link count on `/nix/store` has dropped
below *N*. This is useful for very large Nix stores on filesystems
with a 32000 subdirectories limit (like `ext3`). The option
`--use-atime` causes store paths to be deleted in order of ascending
last access time. This allows non-recently used stuff to be deleted.
The option `--max-atime time` specifies an upper limit to the last
accessed time of paths that may be deleted. For instance,
```
$ nix-store --gc -v --max-atime $(date +%s -d "2 months ago")
```
deletes everything that hasnt been accessed in two months.
- `nix-env` now uses optimistic profile locking when performing an
operation like installing or upgrading, instead of setting an
exclusive lock on the profile. This allows multiple `nix-env -i / -u
/ -e` operations on the same profile in parallel. If a `nix-env`
operation sees at the end that the profile was changed in the
meantime by another process, it will just restart. This is generally
cheap because the build results are still in the Nix store.
- The option `--dry-run` is now supported by `nix-store -r` and
`nix-build`.
- The information previously shown by `--dry-run` (i.e., which
derivations will be built and which paths will be substituted) is
now always shown by `nix-env`, `nix-store -r` and `nix-build`. The
total download size of substitutable paths is now also shown. For
instance, a build will show something like
the following derivations will be built:
/nix/store/129sbxnk5n466zg6r1qmq1xjv9zymyy7-activate-configuration.sh.drv
/nix/store/7mzy971rdm8l566ch8hgxaf89x7lr7ik-upstart-jobs.drv
...
the following paths will be downloaded/copied (30.02 MiB):
/nix/store/4m8pvgy2dcjgppf5b4cj5l6wyshjhalj-samba-3.2.4
/nix/store/7h1kwcj29ip8vk26rhmx6bfjraxp0g4l-libunwind-0.98.6
...
- Language features:
- @-patterns as in Haskell. For instance, in a function definition
f = args @ {x, y, z}: ...;
`args` refers to the argument as a whole, which is further
pattern-matched against the attribute set pattern `{x, y, z}`.
- “`...`” (ellipsis) patterns. An attribute set pattern can now
say `...` at the end of the attribute name list to specify that
the function takes *at least* the listed attributes, while
ignoring additional attributes. For instance,
{stdenv, fetchurl, fuse, ...}: ...
defines a function that accepts any attribute set that includes
at least the three listed attributes.
- New primops: `builtins.parseDrvName` (split a package name
string like `"nix-0.12pre12876"` into its name and version
components, e.g. `"nix"` and `"0.12pre12876"`),
`builtins.compareVersions` (compare two version strings using
the same algorithm that `nix-env` uses), `builtins.length`
(efficiently compute the length of a list), `builtins.mul`
(integer multiplication), `builtins.div` (integer division).
- `nix-prefetch-url` now supports `mirror://` URLs, provided that the
environment variable `NIXPKGS_ALL` points at a Nixpkgs tree.
- Removed the commands `nix-pack-closure` and `nix-unpack-closure`.
You can do almost the same thing but much more efficiently by doing
`nix-store --export
$(nix-store -qR paths) > closure` and `nix-store --import <
closure`.
- Lots of bug fixes, including a big performance bug in the handling
of `with`-expressions.

55
doc/manual/source/release-notes/rl-0.13.md Normal file
View file

@ -0,0 +1,55 @@
# Release 0.13 (2009-11-05)
This is primarily a bug fix release. It has some new features:
- Syntactic sugar for writing nested attribute sets. Instead of
{
foo = {
bar = 123;
xyzzy = true;
};
a = { b = { c = "d"; }; };
}
you can write
{
foo.bar = 123;
foo.xyzzy = true;
a.b.c = "d";
}
This is useful, for instance, in NixOS configuration files.
- Support for Nix channels generated by Hydra, the Nix-based
continuous build system. (Hydra generates NAR archives on the fly,
so the size and hash of these archives isnt known in advance.)
- Support `i686-linux` builds directly on `x86_64-linux` Nix
installations. This is implemented using the `personality()`
syscall, which causes `uname` to return `i686` in child processes.
- Various improvements to the `chroot` support. Building in a `chroot`
works quite well now.
- Nix no longer blocks if it tries to build a path and another process
is already building the same path. Instead it tries to build another
buildable path first. This improves parallelism.
- Support for large (\> 4 GiB) files in NAR archives.
- Various (performance) improvements to the remote build mechanism.
- New primops: `builtins.addErrorContext` (to add a string to stack
traces — useful for debugging), `builtins.isBool`,
`builtins.isString`, `builtins.isInt`, `builtins.intersectAttrs`.
- OpenSolaris support (Sander van der Burg).
- Stack traces are no longer displayed unless the `--show-trace`
option is used.
- The scoping rules for `inherit
(e) ...` in recursive attribute sets have changed. The expression
*e* can now refer to the attributes defined in the containing set.

21
doc/manual/source/release-notes/rl-0.14.md Normal file
View file

@ -0,0 +1,21 @@
# Release 0.14 (2010-02-04)
This release has the following improvements:
- The garbage collector now starts deleting garbage much faster than
before. It no longer determines liveness of all paths in the store,
but does so on demand.
- Added a new operation, `nix-store --query
--roots`, that shows the garbage collector roots that directly or
indirectly point to the given store paths.
- Removed support for converting Berkeley DB-based Nix databases to
the new schema.
- Removed the `--use-atime` and `--max-atime` garbage collector
options. They were not very useful in practice.
- On Windows, Nix now requires Cygwin 1.7.x.
- A few bug fixes.

5
doc/manual/source/release-notes/rl-0.15.md Normal file
View file

@ -0,0 +1,5 @@
# Release 0.15 (2010-03-17)
This is a bug-fix release. Among other things, it fixes building on Mac
OS X (Snow Leopard), and improves the contents of `/etc/passwd` and
`/etc/group` in `chroot` builds.

25
doc/manual/source/release-notes/rl-0.16.md Normal file
View file

@ -0,0 +1,25 @@
# Release 0.16 (2010-08-17)
This release has the following improvements:
- The Nix expression evaluator is now much faster in most cases:
typically, [3 to 8 times compared to the old
implementation](http://www.mail-archive.com/nix-dev@cs.uu.nl/msg04113.html).
It also uses less memory. It no longer depends on the ATerm library.
- Support for configurable parallelism inside builders. Build scripts
have always had the ability to perform multiple build actions in
parallel (for instance, by running `make -j
2`), but this was not desirable because the number of actions to be
performed in parallel was not configurable. Nix now has an option
`--cores
N` as well as a configuration setting `build-cores =
N` that causes the environment variable `NIX_BUILD_CORES` to be set
to *N* when the builder is invoked. The builder can use this at its
discretion to perform a parallel build, e.g., by calling `make -j
N`. In Nixpkgs, this can be enabled on a per-package basis by
setting the derivation attribute `enableParallelBuilding` to `true`.
- `nix-store -q` now supports XML output through the `--xml` flag.
- Several bug fixes.

3
doc/manual/source/release-notes/rl-0.5.md Normal file
View file

@ -0,0 +1,3 @@
# Release 0.5 and earlier
Please refer to the Subversion commit log messages.

64
doc/manual/source/release-notes/rl-0.6.md Normal file
View file

@ -0,0 +1,64 @@
# Release 0.6 (2004-11-14)
- Rewrite of the normalisation engine.
- Multiple builds can now be performed in parallel (option `-j`).
- Distributed builds. Nix can now call a shell script to forward
builds to Nix installations on remote machines, which may or may
not be of the same platform type.
- Option `--fallback` allows recovery from broken substitutes.
- Option `--keep-going` causes building of other (unaffected)
derivations to continue if one failed.
- Improvements to the garbage collector (i.e., it should actually work
now).
- Setuid Nix installations allow a Nix store to be shared among
multiple users.
- Substitute registration is much faster now.
- A utility `nix-build` to build a Nix expression and create a symlink
to the result int the current directory; useful for testing Nix
derivations.
- Manual updates.
- `nix-env` changes:
- Derivations for other platforms are filtered out (which can be
overridden using `--system-filter`).
- `--install` by default now uninstall previous derivations with
the same name.
- `--upgrade` allows upgrading to a specific version.
- New operation `--delete-generations` to remove profile
generations (necessary for effective garbage collection).
- Nicer output (sorted, columnised).
- More sensible verbosity levels all around (builder output is now
shown always, unless `-Q` is given).
- Nix expression language changes:
- New language construct: `with
E1;
E2` brings all attributes defined in the attribute set *E1* in
scope in *E2*.
- Added a `map` function.
- Various new operators (e.g., string concatenation).
- Expression evaluation is much faster.
- An Emacs mode for editing Nix expressions (with syntax highlighting
and indentation) has been added.
- Many bug fixes.

21
doc/manual/source/release-notes/rl-0.7.md Normal file
View file

@ -0,0 +1,21 @@
# Release 0.7 (2005-01-12)
- Binary patching. When upgrading components using pre-built binaries
(through nix-pull / nix-channel), Nix can automatically download and
apply binary patches to already installed components instead of full
downloads. Patching is “smart”: if there is a *sequence* of patches
to an installed component, Nix will use it. Patches are currently
generated automatically between Nixpkgs (pre-)releases.
- Simplifications to the substitute mechanism.
- Nix-pull now stores downloaded manifests in
`/nix/var/nix/manifests`.
- Metadata on files in the Nix store is canonicalised after builds:
the last-modified timestamp is set to 0 (00:00:00 1/1/1970), the
mode is set to 0444 or 0555 (readable and possibly executable by
all; setuid/setgid bits are dropped), and the group is set to the
default. This ensures that the result of a build and an installation
through a substitute is the same; and that timestamp dependencies
are revealed.

8
doc/manual/source/release-notes/rl-0.8.1.md Normal file
View file

@ -0,0 +1,8 @@
# Release 0.8.1 (2005-04-13)
This is a bug fix release.
- Patch downloading was broken.
- The garbage collector would not delete paths that had references
from invalid (but substitutable) paths.

166
doc/manual/source/release-notes/rl-0.8.md Normal file
View file

@ -0,0 +1,166 @@
# Release 0.8 (2005-04-11)
NOTE: the hashing scheme in Nix 0.8 changed (as detailed below). As a
result, `nix-pull` manifests and channels built for Nix 0.7 and below
will not work anymore. However, the Nix expression language has not
changed, so you can still build from source. Also, existing user
environments continue to work. Nix 0.8 will automatically upgrade the
database schema of previous installations when it is first run.
If you get the error message
you have an old-style manifest `/nix/var/nix/manifests/[...]'; please
delete it
you should delete previously downloaded manifests:
$ rm /nix/var/nix/manifests/*
If `nix-channel` gives the error message
manifest `http://catamaran.labs.cs.uu.nl/dist/nix/channels/[channel]/MANIFEST'
is too old (i.e., for Nix <= 0.7)
then you should unsubscribe from the offending channel (`nix-channel
--remove
URL`; leave out `/MANIFEST`), and subscribe to the same URL, with
`channels` replaced by `channels-v3` (e.g.,
<http://catamaran.labs.cs.uu.nl/dist/nix/channels-v3/nixpkgs-unstable>).
Nix 0.8 has the following improvements:
- The cryptographic hashes used in store paths are now 160 bits long,
but encoded in base-32 so that they are still only 32 characters
long (e.g.,
`/nix/store/csw87wag8bqlqk7ipllbwypb14xainap-atk-1.9.0`). (This is
actually a 160 bit truncation of a SHA-256 hash.)
- Big cleanups and simplifications of the basic store semantics. The
notion of “closure store expressions” is gone (and so is the notion
of “successors”); the file system references of a store path are now
just stored in the database.
For instance, given any store path, you can query its closure:
$ nix-store -qR $(which firefox)
... lots of paths ...
Also, Nix now remembers for each store path the derivation that
built it (the “deriver”):
$ nix-store -qR $(which firefox)
/nix/store/4b0jx7vq80l9aqcnkszxhymsf1ffa5jd-firefox-1.0.1.drv
So to see the build-time dependencies, you can do
$ nix-store -qR $(nix-store -qd $(which firefox))
or, in a nicer format:
$ nix-store -q --tree $(nix-store -qd $(which firefox))
File system references are also stored in reverse. For instance, you
can query all paths that directly or indirectly use a certain Glibc:
$ nix-store -q --referrers-closure \
/nix/store/8lz9yc6zgmc0vlqmn2ipcpkjlmbi51vv-glibc-2.3.4
- The concept of fixed-output derivations has been formalised.
Previously, functions such as `fetchurl` in Nixpkgs used a hack
(namely, explicitly specifying a store path hash) to prevent changes
to, say, the URL of the file from propagating upwards through the
dependency graph, causing rebuilds of everything. This can now be
done cleanly by specifying the `outputHash` and `outputHashAlgo`
attributes. Nix itself checks that the content of the output has the
specified hash. (This is important for maintaining certain
invariants necessary for future work on secure shared stores.)
- One-click installation :-) It is now possible to install any
top-level component in Nixpkgs directly, through the web — see,
e.g., <http://catamaran.labs.cs.uu.nl/dist/nixpkgs-0.8/>. All you
have to do is associate `/nix/bin/nix-install-package` with the MIME
type `application/nix-package` (or the extension `.nixpkg`), and
clicking on a package link will cause it to be installed, with all
appropriate dependencies. If you just want to install some specific
application, this is easier than subscribing to a channel.
- `nix-store -r
PATHS` now builds all the derivations PATHS in parallel. Previously
it did them sequentially (though exploiting possible parallelism
between subderivations). This is nice for build farms.
- `nix-channel` has new operations `--list` and `--remove`.
- New ways of installing components into user environments:
- Copy from another user environment:
$ nix-env -i --from-profile .../other-profile firefox
- Install a store derivation directly (bypassing the Nix
expression language entirely):
$ nix-env -i /nix/store/z58v41v21xd3...-aterm-2.3.1.drv
(This is used to implement `nix-install-package`, which is
therefore immune to evolution in the Nix expression language.)
- Install an already built store path directly:
$ nix-env -i /nix/store/hsyj5pbn0d9i...-aterm-2.3.1
- Install the result of a Nix expression specified as a
command-line argument:
$ nix-env -f .../i686-linux.nix -i -E 'x: x.firefoxWrapper'
The difference with the normal installation mode is that `-E`
does not use the `name` attributes of derivations. Therefore,
this can be used to disambiguate multiple derivations with the
same name.
- A hash of the contents of a store path is now stored in the database
after a successful build. This allows you to check whether store
paths have been tampered with: `nix-store
--verify --check-contents`.
- Implemented a concurrent garbage collector. It is now always safe to
run the garbage collector, even if other Nix operations are
happening simultaneously.
However, there can still be GC races if you use `nix-instantiate`
and `nix-store
--realise` directly to build things. To prevent races, use the
`--add-root` flag of those commands.
- The garbage collector now finally deletes paths in the right order
(i.e., topologically sorted under the “references” relation), thus
making it safe to interrupt the collector without risking a store
that violates the closure invariant.
- Likewise, the substitute mechanism now downloads files in the right
order, thus preserving the closure invariant at all times.
- The result of `nix-build` is now registered as a root of the garbage
collector. If the `./result` link is deleted, the GC root disappears
automatically.
- The behaviour of the garbage collector can be changed globally by
setting options in `/nix/etc/nix/nix.conf`.
- `gc-keep-derivations` specifies whether deriver links should be
followed when searching for live paths.
- `gc-keep-outputs` specifies whether outputs of derivations
should be followed when searching for live paths.
- `env-keep-derivations` specifies whether user environments
should store the paths of derivations when they are added (thus
keeping the derivations alive).
- New `nix-env` query flags `--drv-path` and `--out-path`.
- `fetchurl` allows SHA-1 and SHA-256 in addition to MD5. Just specify
the attribute `sha1` or `sha256` instead of `md5`.
- Manual updates.

4
doc/manual/source/release-notes/rl-0.9.1.md Normal file
View file

@ -0,0 +1,4 @@
# Release 0.9.1 (2005-09-20)
This bug fix release addresses a problem with the ATerm library when the
`--with-aterm` flag in `configure` was *not* used.

11
doc/manual/source/release-notes/rl-0.9.2.md Normal file
View file

@ -0,0 +1,11 @@
# Release 0.9.2 (2005-09-21)
This bug fix release fixes two problems on Mac OS X:
- If Nix was linked against statically linked versions of the ATerm or
Berkeley DB library, there would be dynamic link errors at runtime.
- `nix-pull` and `nix-push` intermittently failed due to race
conditions involving pipes and child processes with error messages
such as `open2: open(GLOB(0x180b2e4), >&=9) failed: Bad
file descriptor at /nix/bin/nix-pull line 77` (issue `NIX-14`).

72
doc/manual/source/release-notes/rl-0.9.md Normal file
View file

@ -0,0 +1,72 @@
# Release 0.9 (2005-09-16)
NOTE: this version of Nix uses Berkeley DB 4.3 instead of 4.2. The
database is upgraded automatically, but you should be careful not to use
old versions of Nix that still use Berkeley DB 4.2. In particular, if
you use a Nix installed through Nix, you should run
$ nix-store --clear-substitutes
first.
- Unpacking of patch sequences is much faster now since we no longer
do redundant unpacking and repacking of intermediate paths.
- Nix now uses Berkeley DB 4.3.
- The `derivation` primitive is lazier. Attributes of dependent
derivations can mutually refer to each other (as long as there are
no data dependencies on the `outPath` and `drvPath` attributes
computed by `derivation`).
For example, the expression `derivation
attrs` now evaluates to (essentially)
attrs // {
type = "derivation";
outPath = derivation! attrs;
drvPath = derivation! attrs;
}
where `derivation!` is a primop that does the actual derivation
instantiation (i.e., it does what `derivation` used to do). The
advantage is that it allows commands such as `nix-env -qa` and
`nix-env -i` to be much faster since they no longer need to
instantiate all derivations, just the `name` attribute.
Also, it allows derivations to cyclically reference each other, for
example,
webServer = derivation {
...
hostName = "svn.cs.uu.nl";
services = [svnService];
};
svnService = derivation {
...
hostName = webServer.hostName;
};
Previously, this would yield a black hole (infinite recursion).
- `nix-build` now defaults to using `./default.nix` if no Nix
expression is specified.
- `nix-instantiate`, when applied to a Nix expression that evaluates
to a function, will call the function automatically if all its
arguments have defaults.
- Nix now uses libtool to build dynamic libraries. This reduces the
size of executables.
- A new list concatenation operator `++`. For example, `[1 2 3] ++
[4 5
6]` evaluates to `[1 2 3 4 5
6]`.
- Some currently undocumented primops to support low-level build
management using Nix (i.e., using Nix as a Make replacement). See
the commit messages for `r3578` and `r3580`.
- Various bug fixes and performance improvements.

68
doc/manual/source/release-notes/rl-1.0.md Normal file
View file

@ -0,0 +1,68 @@
# Release 1.0 (2012-05-11)
There have been numerous improvements and bug fixes since the previous
release. Here are the most significant:
- Nix can now optionally use the Boehm garbage collector. This
significantly reduces the Nix evaluators memory footprint,
especially when evaluating large NixOS system configurations. It can
be enabled using the `--enable-gc` configure option.
- Nix now uses SQLite for its database. This is faster and more
flexible than the old *ad hoc* format. SQLite is also used to cache
the manifests in `/nix/var/nix/manifests`, resulting in a
significant speedup.
- Nix now has an search path for expressions. The search path is set
using the environment variable `NIX_PATH` and the `-I` command line
option. In Nix expressions, paths between angle brackets are used to
specify files that must be looked up in the search path. For
instance, the expression `<nixpkgs/default.nix>` looks for a file
`nixpkgs/default.nix` relative to every element in the search path.
- The new command `nix-build --run-env` builds all dependencies of a
derivation, then starts a shell in an environment containing all
variables from the derivation. This is useful for reproducing the
environment of a derivation for development.
- The new command `nix-store --verify-path` verifies that the contents
of a store path have not changed.
- The new command `nix-store --print-env` prints out the environment
of a derivation in a format that can be evaluated by a shell.
- Attribute names can now be arbitrary strings. For instance, you can
write `{ "foo-1.2" = …; "bla bla" = …; }."bla
bla"`.
- Attribute selection can now provide a default value using the `or`
operator. For instance, the expression `x.y.z or e` evaluates to the
attribute `x.y.z` if it exists, and `e` otherwise.
- The right-hand side of the `?` operator can now be an attribute
path, e.g., `attrs ?
a.b.c`.
- On Linux, Nix will now make files in the Nix store immutable on
filesystems that support it. This prevents accidental modification
of files in the store by the root user.
- Nix has preliminary support for derivations with multiple outputs.
This is useful because it allows parts of a package to be deployed
and garbage-collected separately. For instance, development parts of
a package such as header files or static libraries would typically
not be part of the closure of an application, resulting in reduced
disk usage and installation time.
- The Nix store garbage collector is faster and holds the global lock
for a shorter amount of time.
- The option `--timeout` (corresponding to the configuration setting
`build-timeout`) allows you to set an absolute timeout on builds —
if a build runs for more than the given number of seconds, it is
terminated. This is useful for recovering automatically from builds
that are stuck in an infinite loop but keep producing output, and
for which `--max-silent-time` is ineffective.
- Nix development has moved to GitHub
(<https://github.com/NixOS/nix>).

61
doc/manual/source/release-notes/rl-1.1.md Normal file
View file

@ -0,0 +1,61 @@
# Release 1.1 (2012-07-18)
This release has the following improvements:
- On Linux, when doing a chroot build, Nix now uses various namespace
features provided by the Linux kernel to improve build isolation.
Namely:
- The private network namespace ensures that builders cannot talk
to the outside world (or vice versa): each build only sees a
private loopback interface. This also means that two concurrent
builds can listen on the same port (e.g. as part of a test)
without conflicting with each other.
- The PID namespace causes each build to start as PID 1. Processes
outside of the chroot are not visible to those on the inside. On
the other hand, processes inside the chroot *are* visible from
the outside (though with different PIDs).
- The IPC namespace prevents the builder from communicating with
outside processes using SysV IPC mechanisms (shared memory,
message queues, semaphores). It also ensures that all IPC
objects are destroyed when the builder exits.
- The UTS namespace ensures that builders see a hostname of
`localhost` rather than the actual hostname.
- The private mount namespace was already used by Nix to ensure
that the bind-mounts used to set up the chroot are cleaned up
automatically.
- Build logs are now compressed using `bzip2`. The command `nix-store
-l` decompresses them on the fly. This can be disabled by setting
the option `build-compress-log` to `false`.
- The creation of build logs in `/nix/var/log/nix/drvs` can be
disabled by setting the new option `build-keep-log` to `false`. This
is useful, for instance, for Hydra build machines.
- Nix now reserves some space in `/nix/var/nix/db/reserved` to ensure
that the garbage collector can run successfully if the disk is full.
This is necessary because SQLite transactions fail if the disk is
full.
- Added a basic `fetchurl` function. This is not intended to replace
the `fetchurl` in Nixpkgs, but is useful for bootstrapping; e.g., it
will allow us to get rid of the bootstrap binaries in the Nixpkgs
source tree and download them instead. You can use it by doing
`import <nix/fetchurl.nix> { url =
url; sha256 =
"hash"; }`. (Shea Levy)
- Improved RPM spec file. (Michel Alexandre Salim)
- Support for on-demand socket-based activation in the Nix daemon with
`systemd`.
- Added a manpage for nix.conf5.
- When using the Nix daemon, the `-s` flag in `nix-env -qa` is now
much faster.

31
doc/manual/source/release-notes/rl-1.10.md Normal file
View file

@ -0,0 +1,31 @@
# Release 1.10 (2015-09-03)
This is primarily a bug fix release. It also has a number of new
features:
- A number of builtin functions have been added to reduce
Nixpkgs/NixOS evaluation time and memory consumption: `all`, `any`,
`concatStringsSep`, `foldl`, `genList`, `replaceStrings`, `sort`.
- The garbage collector is more robust when the disk is full.
- Nix supports a new API for building derivations that doesnt require
a `.drv` file to be present on disk; it only requires an in-memory
representation of the derivation. This is used by the Hydra
continuous build system to make remote builds more efficient.
- The function `<nix/fetchurl.nix>` now uses a *builtin* builder (i.e.
it doesnt require starting an external process; the download is
performed by Nix itself). This ensures that derivation paths dont
change when Nix is upgraded, and obviates the need for ugly hacks to
support chroot execution.
- `--version -v` now prints some configuration information, in
particular what compile-time optional features are enabled, and the
paths of various directories.
- Build users have their supplementary groups set correctly.
This release has contributions from Eelco Dolstra, Guillaume Maudoux,
Iwan Aucamp, Jaka Hudoklin, Kirill Elagin, Ludovic Courtès, Manolis
Ragkousis, Nicolas B. Pierron and Shea Levy.

21
doc/manual/source/release-notes/rl-1.11.10.md Normal file
View file

@ -0,0 +1,21 @@
# Release 1.11.10 (2017-06-12)
This release fixes a security bug in Nixs “build user” build isolation
mechanism. Previously, Nix builders had the ability to create setuid
binaries owned by a `nixbld` user. Such a binary could then be used by
an attacker to assume a `nixbld` identity and interfere with subsequent
builds running under the same UID.
To prevent this issue, Nix now disallows builders to create setuid and
setgid binaries. On Linux, this is done using a seccomp BPF filter. Note
that this imposes a small performance penalty (e.g. 1% when building GNU
Hello). Using seccomp, we now also prevent the creation of extended
attributes and POSIX ACLs since these cannot be represented in the NAR
format and (in the case of POSIX ACLs) allow bypassing regular Nix store
permissions. On macOS, the restriction is implemented using the existing
sandbox mechanism, which now uses a minimal “allow all except the
creation of setuid/setgid binaries” profile when regular sandboxing is
disabled. On other platforms, the “build user” mechanism is now
disabled.
Thanks go to Linus Heckemann for discovering and reporting this bug.

87
doc/manual/source/release-notes/rl-1.11.md Normal file
View file

@ -0,0 +1,87 @@
# Release 1.11 (2016-01-19)
This is primarily a bug fix release. It also has a number of new
features:
- `nix-prefetch-url` can now download URLs specified in a Nix
expression. For example,
$ nix-prefetch-url -A hello.src
will prefetch the file specified by the `fetchurl` call in the
attribute `hello.src` from the Nix expression in the current
directory, and print the cryptographic hash of the resulting file on
stdout. This differs from `nix-build -A
hello.src` in that it doesn't verify the hash, and is thus useful
when youre updating a Nix expression.
You can also prefetch the result of functions that unpack a tarball,
such as `fetchFromGitHub`. For example:
$ nix-prefetch-url --unpack https://github.com/NixOS/patchelf/archive/0.8.tar.gz
or from a Nix expression:
$ nix-prefetch-url -A nix-repl.src
- The builtin function `<nix/fetchurl.nix>` now supports downloading
and unpacking NARs. This removes the need to have multiple downloads
in the Nixpkgs stdenv bootstrap process (like a separate busybox
binary for Linux, or curl/mkdir/sh/bzip2 for Darwin). Now all those
files can be combined into a single NAR, optionally compressed using
`xz`.
- Nix now supports SHA-512 hashes for verifying fixed-output
derivations, and in `builtins.hashString`.
- The new flag `--option build-repeat
N` will cause every build to be executed *N*+1 times. If the build
output differs between any round, the build is rejected, and the
output paths are not registered as valid. This is primarily useful
to verify build determinism. (We already had a `--check` option to
repeat a previously succeeded build. However, with `--check`,
non-deterministic builds are registered in the DB. Preventing that
is useful for Hydra to ensure that non-deterministic builds don't
end up getting published to the binary cache.)
- The options `--check` and `--option
build-repeat N`, if they detect a difference between two runs of the
same derivation and `-K` is given, will make the output of the other
run available under `store-path-check`. This makes it easier to
investigate the non-determinism using tools like `diffoscope`, e.g.,
$ nix-build pkgs/stdenv/linux -A stage1.pkgs.zlib --check -K
error: derivation /nix/store/l54i8wlw2265…-zlib-1.2.8.drv may not
be deterministic: output /nix/store/11a27shh6n2i…-zlib-1.2.8
differs from /nix/store/11a27shh6n2i…-zlib-1.2.8-check
$ diffoscope /nix/store/11a27shh6n2i…-zlib-1.2.8 /nix/store/11a27shh6n2i…-zlib-1.2.8-check
├── lib/libz.a
│ ├── metadata
│ │ @@ -1,15 +1,15 @@
│ │ -rw-r--r-- 30001/30000 3096 Jan 12 15:20 2016 adler32.o
│ │ +rw-r--r-- 30001/30000 3096 Jan 12 15:28 2016 adler32.o
- Improved FreeBSD support.
- `nix-env -qa --xml --meta` now prints license information.
- The maximum number of parallel TCP connections that the binary cache
substituter will use has been decreased from 150 to 25. This should
prevent upsetting some broken NAT routers, and also improves
performance.
- All "chroot"-containing strings got renamed to "sandbox". In
particular, some Nix options got renamed, but the old names are
still accepted as lower-priority aliases.
This release has contributions from Anders Claesson, Anthony Cowley,
Bjørn Forsman, Brian McKenna, Danny Wilson, davidak, Eelco Dolstra,
Fabian Schmitthenner, FrankHB, Ilya Novoselov, janus, Jim Garrison, John
Ericson, Jude Taylor, Ludovic Courtès, Manuel Jacob, Mathnerd314, Pascal
Wittmann, Peter Simons, Philip Potter, Preston Bennes, Rommel M.
Martinez, Sander van der Burg, Shea Levy, Tim Cuthbertson, Tuomas
Tynkkynen, Utku Demir and Vladimír Čunát.

97
doc/manual/source/release-notes/rl-1.2.md Normal file
View file

@ -0,0 +1,97 @@
# Release 1.2 (2012-12-06)
This release has the following improvements and changes:
- Nix has a new binary substituter mechanism: the *binary cache*. A
binary cache contains pre-built binaries of Nix packages. Whenever
Nix wants to build a missing Nix store path, it will check a set of
binary caches to see if any of them has a pre-built binary of that
path. The configuration setting `binary-caches` contains a list of
URLs of binary caches. For instance, doing
$ nix-env -i thunderbird --option binary-caches http://cache.nixos.org
will install Thunderbird and its dependencies, using the available
pre-built binaries in <http://cache.nixos.org>. The main advantage
over the old “manifest”-based method of getting pre-built binaries
is that you dont have to worry about your manifest being in sync
with the Nix expressions youre installing from; i.e., you dont
need to run `nix-pull` to update your manifest. Its also more
scalable because you dont need to redownload a giant manifest file
every time.
A Nix channel can provide a binary cache URL that will be used
automatically if you subscribe to that channel. If you use the
Nixpkgs or NixOS channels (<http://nixos.org/channels>) you
automatically get the cache <http://cache.nixos.org>.
Binary caches are created using `nix-push`. For details on the
operation and format of binary caches, see the `nix-push` manpage.
More details are provided in [this nix-dev
posting](https://nixos.org/nix-dev/2012-September/009826.html).
- Multiple output support should now be usable. A derivation can
declare that it wants to produce multiple store paths by saying
something like
outputs = [ "lib" "headers" "doc" ];
This will cause Nix to pass the intended store path of each output
to the builder through the environment variables `lib`, `headers`
and `doc`. Other packages can refer to a specific output by
referring to `pkg.output`, e.g.
buildInputs = [ pkg.lib pkg.headers ];
If you install a package with multiple outputs using `nix-env`, each
output path will be symlinked into the user environment.
- Dashes are now valid as part of identifiers and attribute names.
- The new operation `nix-store --repair-path` allows corrupted or
missing store paths to be repaired by redownloading them. `nix-store
--verify --check-contents
--repair` will scan and repair all paths in the Nix store.
Similarly, `nix-env`, `nix-build`, `nix-instantiate` and `nix-store
--realise` have a `--repair` flag to detect and fix bad paths by
rebuilding or redownloading them.
- Nix no longer sets the immutable bit on files in the Nix store.
Instead, the recommended way to guard the Nix store against
accidental modification on Linux is to make it a read-only bind
mount, like this:
$ mount --bind /nix/store /nix/store
$ mount -o remount,ro,bind /nix/store
Nix will automatically make `/nix/store` writable as needed (using a
private mount namespace) to allow modifications.
- Store optimisation (replacing identical files in the store with hard
links) can now be done automatically every time a path is added to
the store. This is enabled by setting the configuration option
`auto-optimise-store` to `true` (disabled by default).
- Nix now supports `xz` compression for NARs in addition to `bzip2`.
It compresses about 30% better on typical archives and decompresses
about twice as fast.
- Basic Nix expression evaluation profiling: setting the environment
variable `NIX_COUNT_CALLS` to `1` will cause Nix to print how many
times each primop or function was executed.
- New primops: `concatLists`, `elem`, `elemAt` and `filter`.
- The command `nix-copy-closure` has a new flag `--use-substitutes`
(`-s`) to download missing paths on the target machine using the
substitute mechanism.
- The command `nix-worker` has been renamed to `nix-daemon`. Support
for running the Nix worker in “slave” mode has been removed.
- The `--help` flag of every Nix command now invokes `man`.
- Chroot builds are now supported on systemd machines.
This release has contributions from Eelco Dolstra, Florian Friesdorf,
Mats Erik Andersson and Shea Levy.

10
doc/manual/source/release-notes/rl-1.3.md Normal file
View file

@ -0,0 +1,10 @@
# Release 1.3 (2013-01-04)
This is primarily a bug fix release. When this version is first run on
Linux, it removes any immutable bits from the Nix store and increases
the schema version of the Nix store. (The previous release removed
support for setting the immutable bit; this release clears any remaining
immutable bits to make certain operations more efficient.)
This release has contributions from Eelco Dolstra and Stuart
Pernsteiner.

22
doc/manual/source/release-notes/rl-1.4.md Normal file
View file

@ -0,0 +1,22 @@
# Release 1.4 (2013-02-26)
This release fixes a security bug in multi-user operation. It was
possible for derivations to cause the mode of files outside of the Nix
store to be changed to 444 (read-only but world-readable) by creating
hard links to those files
([details](https://github.com/NixOS/nix/commit/5526a282b5b44e9296e61e07d7d2626a79141ac4)).
There are also the following improvements:
- New built-in function: `builtins.hashString`.
- Build logs are now stored in `/nix/var/log/nix/drvs/XX/`, where *XX*
is the first two characters of the derivation. This is useful on
machines that keep a lot of build logs (such as Hydra servers).
- The function `corepkgs/fetchurl` can now make the downloaded file
executable. This will allow getting rid of all bootstrap binaries in
the Nixpkgs source tree.
- Language change: The expression `"${./path}
..."` now evaluates to a string instead of a path.

4
doc/manual/source/release-notes/rl-1.5.1.md Normal file
View file

@ -0,0 +1,4 @@
# Release 1.5.1 (2013-02-28)
The bug fix to the bug fix had a bug itself, of course. But this time it
will work for sure\!

4
doc/manual/source/release-notes/rl-1.5.2.md Normal file
View file

@ -0,0 +1,4 @@
# Release 1.5.2 (2013-05-13)
This is primarily a bug fix release. It has contributions from Eelco
Dolstra, Lluís Batlle i Rossell and Shea Levy.

4
doc/manual/source/release-notes/rl-1.5.md Normal file
View file

@ -0,0 +1,4 @@
# Release 1.5 (2013-02-27)
This is a brown paper bag release to fix a regression introduced by the
hard link security fix in 1.4.

32
doc/manual/source/release-notes/rl-1.6.1.md Normal file
View file

@ -0,0 +1,32 @@
# Release 1.6.1 (2013-10-28)
This is primarily a bug fix release. Changes of interest are:
- Nix 1.6 accidentally changed the semantics of antiquoted paths in
strings, such as `"${/foo}/bar"`. This release reverts to the Nix
1.5.3 behaviour.
- Previously, Nix optimised expressions such as `"${expr}"` to *expr*.
Thus it neither checked whether *expr* could be coerced to a string,
nor applied such coercions. This meant that `"${123}"` evaluatued to
`123`, and `"${./foo}"` evaluated to `./foo` (even though `"${./foo}
"` evaluates to `"/nix/store/hash-foo "`). Nix now checks the type
of antiquoted expressions and applies coercions.
- Nix now shows the exact position of undefined variables. In
particular, undefined variable errors in a `with` previously didn't
show *any* position information, so this makes it a lot easier to
fix such errors.
- Undefined variables are now treated consistently. Previously, the
`tryEval` function would catch undefined variables inside a `with`
but not outside. Now `tryEval` never catches undefined variables.
- Bash completion in `nix-shell` now works correctly.
- Stack traces are less verbose: they no longer show calls to builtin
functions and only show a single line for each derivation on the
call stack.
- New built-in function: `builtins.typeOf`, which returns the type of
its argument as a string.

72
doc/manual/source/release-notes/rl-1.6.md Normal file
View file

@ -0,0 +1,72 @@
# Release 1.6 (2013-09-10)
In addition to the usual bug fixes, this release has several new
features:
- The command `nix-build --run-env` has been renamed to `nix-shell`.
- `nix-shell` now sources `$stdenv/setup` *inside* the interactive
shell, rather than in a parent shell. This ensures that shell
functions defined by `stdenv` can be used in the interactive shell.
- `nix-shell` has a new flag `--pure` to clear the environment, so you
get an environment that more closely corresponds to the “real” Nix
build.
- `nix-shell` now sets the shell prompt (`PS1`) to ensure that Nix
shells are distinguishable from your regular shells.
- `nix-env` no longer requires a `*` argument to match all packages,
so `nix-env -qa` is equivalent to `nix-env
-qa '*'`.
- `nix-env -i` has a new flag `--remove-all` (`-r`) to remove all
previous packages from the profile. This makes it easier to do
declarative package management similar to NixOSs
`environment.systemPackages`. For instance, if you have a
specification `my-packages.nix` like this:
with import <nixpkgs> {};
[ thunderbird
geeqie
...
]
then after any change to this file, you can run:
$ nix-env -f my-packages.nix -ir
to update your profile to match the specification.
- The `with` language construct is now more lazy. It only evaluates
its argument if a variable might actually refer to an attribute in
the argument. For instance, this now works:
let
pkgs = with pkgs; { foo = "old"; bar = foo; } // overrides;
overrides = { foo = "new"; };
in pkgs.bar
This evaluates to `"new"`, while previously it gave an “infinite
recursion” error.
- Nix now has proper integer arithmetic operators. For instance, you
can write `x + y` instead of `builtins.add x y`, or `x <
y` instead of `builtins.lessThan x y`. The comparison operators also
work on strings.
- On 64-bit systems, Nix integers are now 64 bits rather than 32 bits.
- When using the Nix daemon, the `nix-daemon` worker process now runs
on the same CPU as the client, on systems that support setting CPU
affinity. This gives a significant speedup on some systems.
- If a stack overflow occurs in the Nix evaluator, you now get a
proper error message (rather than “Segmentation fault”) on some
systems.
- In addition to directories, you can now bind-mount regular files in
chroots through the (now misnamed) option `build-chroot-dirs`.
This release has contributions from Domen Kožar, Eelco Dolstra, Florian
Friesdorf, Gergely Risko, Ivan Kozik, Ludovic Courtès and Shea Levy.

140
doc/manual/source/release-notes/rl-1.7.md Normal file
View file

@ -0,0 +1,140 @@
# Release 1.7 (2014-04-11)
In addition to the usual bug fixes, this release has the following new
features:
- Antiquotation is now allowed inside of quoted attribute names (e.g.
`set."${foo}"`). In the case where the attribute name is just a
single antiquotation, the quotes can be dropped (e.g. the above
example can be written `set.${foo}`). If an attribute name inside of
a set declaration evaluates to `null` (e.g. `{ ${null} = false; }`),
then that attribute is not added to the set.
- Experimental support for cryptographically signed binary caches. See
[the commit for
details](https://github.com/NixOS/nix/commit/0fdf4da0e979f992db75cc17376e455ddc5a96d8).
- An experimental new substituter, `download-via-ssh`, that fetches
binaries from remote machines via SSH. Specifying the flags
`--option
use-ssh-substituter true --option ssh-substituter-hosts
user@hostname` will cause Nix to download binaries from the
specified machine, if it has them.
- `nix-store -r` and `nix-build` have a new flag, `--check`, that
builds a previously built derivation again, and prints an error
message if the output is not exactly the same. This helps to verify
whether a derivation is truly deterministic. For example:
$ nix-build '<nixpkgs>' -A patchelf
$ nix-build '<nixpkgs>' -A patchelf --check
error: derivation `/nix/store/1ipvxs…-patchelf-0.6' may not be deterministic:
hash mismatch in output `/nix/store/4pc1dm…-patchelf-0.6.drv'
- The `nix-instantiate` flags `--eval-only` and `--parse-only` have
been renamed to `--eval` and `--parse`, respectively.
- `nix-instantiate`, `nix-build` and `nix-shell` now have a flag
`--expr` (or `-E`) that allows you to specify the expression to be
evaluated as a command line argument. For instance, `nix-instantiate
--eval -E
'1 + 2'` will print `3`.
- `nix-shell` improvements:
- It has a new flag, `--packages` (or `-p`), that sets up a build
environment containing the specified packages from Nixpkgs. For
example, the command
$ nix-shell -p sqlite xorg.libX11 hello
will start a shell in which the given packages are present.
- It now uses `shell.nix` as the default expression, falling back
to `default.nix` if the former doesnt exist. This makes it
convenient to have a `shell.nix` in your project to set up a
nice development environment.
- It evaluates the derivation attribute `shellHook`, if set. Since
`stdenv` does not normally execute this hook, it allows you to
do `nix-shell`-specific setup.
- It preserves the users timezone setting.
- In chroots, Nix now sets up a `/dev` containing only a minimal set
of devices (such as `/dev/null`). Note that it only does this if you
*dont* have `/dev` listed in your `build-chroot-dirs` setting;
otherwise, it will bind-mount the `/dev` from outside the chroot.
Similarly, if you dont have `/dev/pts` listed in
`build-chroot-dirs`, Nix will mount a private `devpts` filesystem on
the chroots `/dev/pts`.
- New built-in function: `builtins.toJSON`, which returns a JSON
representation of a value.
- `nix-env -q` has a new flag `--json` to print a JSON representation
of the installed or available packages.
- `nix-env` now supports meta attributes with more complex values,
such as attribute sets.
- The `-A` flag now allows attribute names with dots in them, e.g.
$ nix-instantiate --eval '<nixos>' -A 'config.systemd.units."nscd.service".text'
- The `--max-freed` option to `nix-store --gc` now accepts a unit
specifier. For example, `nix-store --gc --max-freed
1G` will free up to 1 gigabyte of disk space.
- `nix-collect-garbage` has a new flag `--delete-older-than` *N*`d`,
which deletes all user environment generations older than *N* days.
Likewise, `nix-env
--delete-generations` accepts a *N*`d` age limit.
- Nix now heuristically detects whether a build failure was due to a
disk-full condition. In that case, the build is not flagged as
“permanently failed”. This is mostly useful for Hydra, which needs
to distinguish between permanent and transient build failures.
- There is a new symbol `__curPos` that expands to an attribute set
containing its file name and line and column numbers, e.g. `{ file =
"foo.nix"; line = 10;
column = 5; }`. There also is a new builtin function,
`unsafeGetAttrPos`, that returns the position of an attribute. This
is used by Nixpkgs to provide location information in error
messages, e.g.
$ nix-build '<nixpkgs>' -A libreoffice --argstr system x86_64-darwin
error: the package libreoffice-4.0.5.2 in .../applications/office/libreoffice/default.nix:263
is not supported on x86_64-darwin
- The garbage collector is now more concurrent with other Nix
processes because it releases certain locks earlier.
- The binary tarball installer has been improved. You can now install
Nix by running:
$ bash <(curl -L https://nixos.org/nix/install)
- More evaluation errors include position information. For instance,
selecting a missing attribute will print something like
error: attribute `nixUnstabl' missing, at /etc/nixos/configurations/misc/eelco/mandark.nix:216:15
- The command `nix-setuid-helper` is gone.
- Nix no longer uses Automake, but instead has a non-recursive, GNU
Make-based build system.
- All installed libraries now have the prefix `libnix`. In particular,
this gets rid of `libutil`, which could clash with libraries with
the same name from other packages.
- Nix now requires a compiler that supports C++11.
This release has contributions from Danny Wilson, Domen Kožar, Eelco
Dolstra, Ian-Woo Kim, Ludovic Courtès, Maxim Ivanov, Petr Rockai,
Ricardo M. Correia and Shea Levy.

88
doc/manual/source/release-notes/rl-1.8.md Normal file
View file

@ -0,0 +1,88 @@
# Release 1.8 (2014-12-14)
- Breaking change: to address a race condition, the remote build hook
mechanism now uses `nix-store
--serve` on the remote machine. This requires build slaves to be
updated to Nix 1.8.
- Nix now uses HTTPS instead of HTTP to access the default binary
cache, `cache.nixos.org`.
- `nix-env` selectors are now regular expressions. For instance, you
can do
$ nix-env -qa '.*zip.*'
to query all packages with a name containing `zip`.
- `nix-store --read-log` can now fetch remote build logs. If a build
log is not available locally, then nix-store -l will now try to
download it from the servers listed in the log-servers option in
nix.conf. For instance, if you have the configuration option
log-servers = http://hydra.nixos.org/log
then it will try to get logs from `http://hydra.nixos.org/log/base
name of the
store path`. This allows you to do things like:
$ nix-store -l $(which xterm)
and get a log even if `xterm` wasn't built locally.
- New builtin functions: `attrValues`, `deepSeq`, `fromJSON`,
`readDir`, `seq`.
- `nix-instantiate --eval` now has a `--json` flag to print the
resulting value in JSON format.
- `nix-copy-closure` now uses `nix-store --serve` on the remote side
to send or receive closures. This fixes a race condition between
`nix-copy-closure` and the garbage collector.
- Derivations can specify the new special attribute
`allowedRequisites`, which has a similar meaning to
`allowedReferences`. But instead of only enforcing to explicitly
specify the immediate references, it requires the derivation to
specify all the dependencies recursively (hence the name,
requisites) that are used by the resulting output.
- On Mac OS X, Nix now handles case collisions when importing closures
from case-sensitive file systems. This is mostly useful for running
NixOps on Mac OS X.
- The Nix daemon has new configuration options `allowed-users`
(specifying the users and groups that are allowed to connect to the
daemon) and `trusted-users` (specifying the users and groups that
can perform privileged operations like specifying untrusted binary
caches).
- The configuration option `build-cores` now defaults to the number of
available CPU cores.
- Build users are now used by default when Nix is invoked as root.
This prevents builds from accidentally running as root.
- Nix now includes systemd units and Upstart jobs.
- Speed improvements to `nix-store
--optimise`.
- Language change: the `==` operator now ignores string contexts (the
“dependencies” of a string).
- Nix now filters out Nix-specific ANSI escape sequences on standard
error. They are supposed to be invisible, but some terminals show
them anyway.
- Various commands now automatically pipe their output into the pager
as specified by the `PAGER` environment variable.
- Several improvements to reduce memory consumption in the evaluator.
This release has contributions from Adam Szkoda, Aristid Breitkreuz, Bob
van der Linden, Charles Strahan, darealshinji, Eelco Dolstra, Gergely
Risko, Joel Taylor, Ludovic Courtès, Marko Durkovic, Mikey Ariel, Paul
Colomiets, Ricardo M. Correia, Ricky Elrod, Robert Helgesson, Rob
Vermaas, Russell O'Connor, Shea Levy, Shell Turner, Sönke Hahn, Steve
Purcell, Vladimír Čunát and Wout Mertens.

143
doc/manual/source/release-notes/rl-1.9.md Normal file
View file

@ -0,0 +1,143 @@
# Release 1.9 (2015-06-12)
In addition to the usual bug fixes, this release has the following new
features:
- Signed binary cache support. You can enable signature checking by
adding the following to `nix.conf`:
signed-binary-caches = *
binary-cache-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
This will prevent Nix from downloading any binary from the cache
that is not signed by one of the keys listed in
`binary-cache-public-keys`.
Signature checking is only supported if you built Nix with the
`libsodium` package.
Note that while Nix has had experimental support for signed binary
caches since version 1.7, this release changes the signature format
in a backwards-incompatible way.
- Automatic downloading of Nix expression tarballs. In various places,
you can now specify the URL of a tarball containing Nix expressions
(such as Nixpkgs), which will be downloaded and unpacked
automatically. For example:
- In `nix-env`:
$ nix-env -f https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz -iA firefox
This installs Firefox from the latest tested and built revision
of the NixOS 14.12 channel.
- In `nix-build` and `nix-shell`:
$ nix-build https://github.com/NixOS/nixpkgs/archive/master.tar.gz -A hello
This builds GNU Hello from the latest revision of the Nixpkgs
master branch.
- In the Nix search path (as specified via `NIX_PATH` or `-I`).
For example, to start a shell containing the Pan package from a
specific version of Nixpkgs:
$ nix-shell -p pan -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/8a3eea054838b55aca962c3fbde9c83c102b8bf2.tar.gz
- In `nixos-rebuild` (on NixOS):
$ nixos-rebuild test -I nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/nixos-unstable.tar.gz
- In Nix expressions, via the new builtin function `fetchTarball`:
with import (fetchTarball https://github.com/NixOS/nixpkgs-channels/archive/nixos-14.12.tar.gz) {}; …
(This is not allowed in restricted mode.)
- `nix-shell` improvements:
- `nix-shell` now has a flag `--run` to execute a command in the
`nix-shell` environment, e.g. `nix-shell --run make`. This is
like the existing `--command` flag, except that it uses a
non-interactive shell (ensuring that hitting Ctrl-C wont drop
you into the child shell).
- `nix-shell` can now be used as a `#!`-interpreter. This allows
you to write scripts that dynamically fetch their own
dependencies. For example, here is a Haskell script that, when
invoked, first downloads GHC and the Haskell packages on which
it depends:
#! /usr/bin/env nix-shell
#! nix-shell -i runghc -p haskellPackages.ghc haskellPackages.HTTP
import Network.HTTP
main = do
resp <- Network.HTTP.simpleHTTP (getRequest "http://nixos.org/")
body <- getResponseBody resp
print (take 100 body)
Of course, the dependencies are cached in the Nix store, so the
second invocation of this script will be much faster.
- Chroot improvements:
- Chroot builds are now supported on Mac OS X (using its sandbox
mechanism).
- If chroots are enabled, they are now used for all derivations,
including fixed-output derivations (such as `fetchurl`). The
latter do have network access, but can no longer access the host
filesystem. If you need the old behaviour, you can set the
option `build-use-chroot` to `relaxed`.
- On Linux, if chroots are enabled, builds are performed in a
private PID namespace once again. (This functionality was lost
in Nix 1.8.)
- Store paths listed in `build-chroot-dirs` are now automatically
expanded to their closure. For instance, if you want
`/nix/store/…-bash/bin/sh` mounted in your chroot as `/bin/sh`,
you only need to say `build-chroot-dirs =
/bin/sh=/nix/store/…-bash/bin/sh`; it is no longer necessary to
specify the dependencies of Bash.
- The new derivation attribute `passAsFile` allows you to specify that
the contents of derivation attributes should be passed via files
rather than environment variables. This is useful if you need to
pass very long strings that exceed the size limit of the
environment. The Nixpkgs function `writeTextFile` uses this.
- You can now use `~` in Nix file names to refer to your home
directory, e.g. `import
~/.nixpkgs/config.nix`.
- Nix has a new option `restrict-eval` that allows limiting what paths
the Nix evaluator has access to. By passing `--option restrict-eval
true` to Nix, the evaluator will throw an exception if an attempt is
made to access any file outside of the Nix search path. This is
primarily intended for Hydra to ensure that a Hydra jobset only
refers to its declared inputs (and is therefore reproducible).
- `nix-env` now only creates a new “generation” symlink in
`/nix/var/nix/profiles` if something actually changed.
- The environment variable `NIX_PAGER` can now be set to override
`PAGER`. You can set it to `cat` to disable paging for Nix commands
only.
- Failing `<...>` lookups now show position information.
- Improved Boehm GC use: we disabled scanning for interior pointers,
which should reduce the “`Repeated
allocation of very large block`” warnings and associated retention
of memory.
This release has contributions from aszlig, Benjamin Staffin, Charles
Strahan, Christian Theune, Daniel Hahler, Danylo Hlynskyi Daniel
Peebles, Dan Peebles, Domen Kožar, Eelco Dolstra, Harald van Dijk, Hoang
Xuan Phu, Jaka Hudoklin, Jeff Ramnani, j-keck, Linquize, Luca Bruno,
Michael Merickel, Oliver Dunkl, Rob Vermaas, Rok Garbas, Shea Levy,
Tobias Geerinckx-Rice and William A. Kennington III.

558
doc/manual/source/release-notes/rl-2.0.md Normal file
View file

@ -0,0 +1,558 @@
# Release 2.0 (2018-02-22)
The following incompatible changes have been made:
- The manifest-based substituter mechanism
(`download-using-manifests`) has been
[removed](https://github.com/NixOS/nix/commit/867967265b80946dfe1db72d40324b4f9af988ed).
It has been superseded by the binary cache substituter mechanism
since several years. As a result, the following programs have been
removed:
- `nix-pull`
- `nix-generate-patches`
- `bsdiff`
- `bspatch`
- The “copy from other stores” substituter mechanism
(`copy-from-other-stores` and the `NIX_OTHER_STORES` environment
variable) has been removed. It was primarily used by the NixOS
installer to copy available paths from the installation medium. The
replacement is to use a chroot store as a substituter (e.g.
`--substituters /mnt`), or to build into a chroot store (e.g.
`--store /mnt --substituters /`).
- The command `nix-push` has been removed as part of the effort to
eliminate Nix's dependency on Perl. You can use `nix copy` instead,
e.g. `nix copy
--to file:///tmp/my-binary-cache paths…`
- The “nested” log output feature (`--log-type
pretty`) has been removed. As a result, `nix-log2xml` was also
removed.
- OpenSSL-based signing has been
[removed](https://github.com/NixOS/nix/commit/f435f8247553656774dd1b2c88e9de5d59cab203).
This feature was never well-supported. A better alternative is
provided by the `secret-key-files` and `trusted-public-keys`
options.
- Failed build caching has been
[removed](https://github.com/NixOS/nix/commit/8cffec84859cec8b610a2a22ab0c4d462a9351ff).
This feature was introduced to support the Hydra continuous build
system, but Hydra no longer uses it.
- `nix-mode.el` has been removed from Nix. It is now [a separate
repository](https://github.com/NixOS/nix-mode) and can be installed
through the MELPA package repository.
This release has the following new features:
- It introduces a new command named `nix`, which is intended to
eventually replace all `nix-*` commands with a more consistent and
better designed user interface. It currently provides replacements
for some (but not all) of the functionality provided by `nix-store`,
`nix-build`, `nix-shell -p`, `nix-env -qa`, `nix-instantiate
--eval`, `nix-push` and `nix-copy-closure`. It has the following
major features:
- Unlike the legacy commands, it has a consistent way to refer to
packages and package-like arguments (like store paths). For
example, the following commands all copy the GNU Hello package
to a remote machine:
nix copy --to ssh://machine nixpkgs.hello
nix copy --to ssh://machine /nix/store/0i2jd68mp5g6h2sa5k9c85rb80sn8hi9-hello-2.10
nix copy --to ssh://machine '(with import <nixpkgs> {}; hello)'
By contrast, `nix-copy-closure` only accepted store paths as
arguments.
- It is self-documenting: `--help` shows all available
command-line arguments. If `--help` is given after a subcommand,
it shows examples for that subcommand. `nix
--help-config` shows all configuration options.
- It is much less verbose. By default, it displays a single-line
progress indicator that shows how many packages are left to be
built or downloaded, and (if there are running builds) the most
recent line of builder output. If a build fails, it shows the
last few lines of builder output. The full build log can be
retrieved using `nix
log`.
- It
[provides](https://github.com/NixOS/nix/commit/b8283773bd64d7da6859ed520ee19867742a03ba)
all `nix.conf` configuration options as command line flags. For
example, instead of `--option
http-connections 100` you can write `--http-connections 100`.
Boolean options can be written as `--foo` or `--no-foo` (e.g.
`--no-auto-optimise-store`).
- Many subcommands have a `--json` flag to write results to stdout
in JSON format.
> **Warning**
>
> Please note that the `nix` command is a work in progress and the
> interface is subject to change.
It provides the following high-level (“porcelain”) subcommands:
- `nix build` is a replacement for `nix-build`.
- `nix run` executes a command in an environment in which the
specified packages are available. It is (roughly) a replacement
for `nix-shell
-p`. Unlike that command, it does not execute the command in a
shell, and has a flag (`-c`) that specifies the unquoted command
line to be executed.
It is particularly useful in conjunction with chroot stores,
allowing Linux users who do not have permission to install Nix
in `/nix/store` to still use binary substitutes that assume
`/nix/store`. For example,
nix run --store ~/my-nix nixpkgs.hello -c hello --greeting 'Hi everybody!'
downloads (or if not substitutes are available, builds) the GNU
Hello package into `~/my-nix/nix/store`, then runs `hello` in a
mount namespace where `~/my-nix/nix/store` is mounted onto
`/nix/store`.
- `nix search` replaces `nix-env
-qa`. It searches the available packages for occurrences of a
search string in the attribute name, package name or
description. Unlike `nix-env -qa`, it has a cache to speed up
subsequent searches.
- `nix copy` copies paths between arbitrary Nix stores,
generalising `nix-copy-closure` and `nix-push`.
- `nix repl` replaces the external program `nix-repl`. It provides
an interactive environment for evaluating and building Nix
expressions. Note that it uses `linenoise-ng` instead of GNU
Readline.
- `nix upgrade-nix` upgrades Nix to the latest stable version.
This requires that Nix is installed in a profile. (Thus it wont
work on NixOS, or if its installed outside of the Nix store.)
- `nix verify` checks whether store paths are unmodified and/or
“trusted” (see below). It replaces `nix-store --verify` and
`nix-store
--verify-path`.
- `nix log` shows the build log of a package or path. If the
build log is not available locally, it will try to obtain it
from the configured substituters (such as
[cache.nixos.org](https://cache.nixos.org/), which now
provides build logs).
- `nix edit` opens the source code of a package in your editor.
- `nix eval` replaces `nix-instantiate --eval`.
- `nix
why-depends` shows why one store path has another in its
closure. This is primarily useful to finding the causes of
closure bloat. For example,
nix why-depends nixpkgs.vlc nixpkgs.libdrm.dev
shows a chain of files and fragments of file contents that cause
the VLC package to have the “dev” output of `libdrm` in its
closure — an undesirable situation.
- `nix path-info` shows information about store paths, replacing
`nix-store -q`. A useful feature is the option `--closure-size`
(`-S`). For example, the following command show the closure
sizes of every path in the current NixOS system closure, sorted
by size:
nix path-info -rS /run/current-system | sort -nk2
- `nix optimise-store` replaces `nix-store --optimise`. The main
difference is that it has a progress indicator.
A number of low-level (“plumbing”) commands are also available:
- `nix ls-store` and `nix
ls-nar` list the contents of a store path or NAR file. The
former is primarily useful in conjunction with remote stores,
e.g.
nix ls-store --store https://cache.nixos.org/ -lR /nix/store/0i2jd68mp5g6h2sa5k9c85rb80sn8hi9-hello-2.10
lists the contents of path in a binary cache.
- `nix cat-store` and `nix
cat-nar` allow extracting a file from a store path or NAR file.
- `nix dump-path` writes the contents of a store path to stdout in
NAR format. This replaces `nix-store --dump`.
- `nix
show-derivation` displays a store derivation in JSON format.
This is an alternative to `pp-aterm`.
- `nix
add-to-store` replaces `nix-store
--add`.
- `nix sign-paths` signs store paths.
- `nix copy-sigs` copies signatures from one store to another.
- `nix show-config` shows all configuration options and their
current values.
- The store abstraction that Nix has had for a long time to support
store access via the Nix daemon has been extended
significantly. In particular, substituters (which used to be
external programs such as `download-from-binary-cache`) are now
subclasses of the abstract `Store` class. This allows many Nix
commands to operate on such store types. For example, `nix
path-info` shows information about paths in your local Nix store,
while `nix path-info --store https://cache.nixos.org/` shows
information about paths in the specified binary cache. Similarly,
`nix-copy-closure`, `nix-push` and substitution are all instances
of the general notion of copying paths between different kinds of
Nix stores.
Stores are specified using an URI-like syntax, e.g.
<https://cache.nixos.org/> or <ssh://machine>. The following store
types are supported:
- `LocalStore` (stori URI `local` or an absolute path) and the
misnamed `RemoteStore` (`daemon`) provide access to a local Nix
store, the latter via the Nix daemon. You can use `auto` or the
empty string to auto-select a local or daemon store depending on
whether you have write permission to the Nix store. It is no
longer necessary to set the `NIX_REMOTE` environment variable to
use the Nix daemon.
As noted above, `LocalStore` now supports chroot builds,
allowing the “physical” location of the Nix store (e.g.
`/home/alice/nix/store`) to differ from its “logical” location
(typically `/nix/store`). This allows non-root users to use Nix
while still getting the benefits from prebuilt binaries from
[cache.nixos.org](https://cache.nixos.org/).
- `BinaryCacheStore` is the abstract superclass of all binary
cache stores. It supports writing build logs and NAR content
listings in JSON format.
- `HttpBinaryCacheStore` (`http://`, `https://`) supports binary
caches via HTTP or HTTPS. If the server supports `PUT` requests,
it supports uploading store paths via commands such as `nix
copy`.
- `LocalBinaryCacheStore` (`file://`) supports binary caches in
the local filesystem.
- `S3BinaryCacheStore` (`s3://`) supports binary caches stored in
Amazon S3, if enabled at compile time.
- `LegacySSHStore` (`ssh://`) is used to implement remote builds
and `nix-copy-closure`.
- `SSHStore` (`ssh-ng://`) supports arbitrary Nix operations on a
remote machine via the same protocol used by `nix-daemon`.
- Security has been improved in various ways:
- Nix now stores signatures for local store paths. When paths are
copied between stores (e.g., copied from a binary cache to a
local store), signatures are propagated.
Locally-built paths are signed automatically using the secret
keys specified by the `secret-key-files` store option.
Secret/public key pairs can be generated using `nix-store
--generate-binary-cache-key`.
In addition, locally-built store paths are marked as “ultimately
trusted”, but this bit is not propagated when paths are copied
between stores.
- Content-addressable store paths no longer require signatures —
they can be imported into a store by unprivileged users even if
they lack signatures.
- The command `nix verify` checks whether the specified paths are
trusted, i.e., have a certain number of trusted signatures, are
ultimately trusted, or are content-addressed.
- Substitutions from binary caches
[now](https://github.com/NixOS/nix/commit/ecbc3fedd3d5bdc5a0e1a0a51b29062f2874ac8b)
require signatures by default. This was already the case on
NixOS.
- In Linux sandbox builds, we
[now](https://github.com/NixOS/nix/commit/eba840c8a13b465ace90172ff76a0db2899ab11b)
use `/build` instead of `/tmp` as the temporary build directory.
This fixes potential security problems when a build accidentally
stores its `TMPDIR` in some security-sensitive place, such as an
RPATH.
- *Pure evaluation mode*. With the `--pure-eval` flag, Nix enables a
variant of the existing restricted evaluation mode that forbids
access to anything that could cause different evaluations of the
same command line arguments to produce a different result. This
includes builtin functions such as `builtins.getEnv`, but more
importantly, *all* filesystem or network access unless a content
hash or commit hash is specified. For example, calls to
`builtins.fetchGit` are only allowed if a `rev` attribute is
specified.
The goal of this feature is to enable true reproducibility and
traceability of builds (including NixOS system configurations) at
the evaluation level. For example, in the future, `nixos-rebuild`
might build configurations from a Nix expression in a Git repository
in pure mode. That expression might fetch other repositories such as
Nixpkgs via `builtins.fetchGit`. The commit hash of the top-level
repository then uniquely identifies a running system, and, in
conjunction with that repository, allows it to be reproduced or
modified.
- There are several new features to support binary reproducibility
(i.e. to help ensure that multiple builds of the same derivation
produce exactly the same output). When `enforce-determinism` is set
to `false`, its [no
longer](https://github.com/NixOS/nix/commit/8bdf83f936adae6f2c907a6d2541e80d4120f051)
a fatal error if build rounds produce different output. Also, a hook
named `diff-hook` is
[provided](https://github.com/NixOS/nix/commit/9a313469a4bdea2d1e8df24d16289dc2a172a169)
to allow you to run tools such as `diffoscope` when build rounds
produce different output.
- Configuring remote builds is a lot easier now. Provided you are not
using the Nix daemon, you can now just specify a remote build
machine on the command line, e.g. `--option builders
'ssh://my-mac x86_64-darwin'`. The environment variable
`NIX_BUILD_HOOK` has been removed and is no longer needed. The
environment variable `NIX_REMOTE_SYSTEMS` is still supported for
compatibility, but it is also possible to specify builders in
`nix.conf` by setting the option `builders =
@path`.
- If a fixed-output derivation produces a result with an incorrect
hash, the output path is moved to the location corresponding to the
actual hash and registered as valid. Thus, a subsequent build of the
fixed-output derivation with the correct hash is unnecessary.
- `nix-shell`
[now](https://github.com/NixOS/nix/commit/ea59f39326c8e9dc42dfed4bcbf597fbce58797c)
sets the `IN_NIX_SHELL` environment variable during evaluation and
in the shell itself. This can be used to perform different actions
depending on whether youre in a Nix shell or in a regular build.
Nixpkgs provides `lib.inNixShell` to check this variable during
evaluation.
- `NIX_PATH` is now lazy, so URIs in the path are only downloaded if
they are needed for evaluation.
- You can now use `channel:` as a short-hand for
<https://nixos.org/channels//nixexprs.tar.xz>. For example,
`nix-build channel:nixos-15.09 -A hello` will build the GNU Hello
package from the `nixos-15.09` channel. In the future, this may
use Git to fetch updates more efficiently.
- When `--no-build-output` is given, the last 10 lines of the build
log will be shown if a build fails.
- Networking has been improved:
- HTTP/2 is now supported. This makes binary cache lookups [much
more
efficient](https://github.com/NixOS/nix/commit/90ad02bf626b885a5dd8967894e2eafc953bdf92).
- We now retry downloads on many HTTP errors, making binary caches
substituters more resilient to temporary failures.
- HTTP credentials can now be configured via the standard `netrc`
mechanism.
- If S3 support is enabled at compile time, <s3://> URIs are
[supported](https://github.com/NixOS/nix/commit/9ff9c3f2f80ba4108e9c945bbfda2c64735f987b)
in all places where Nix allows URIs.
- Brotli compression is now supported. In particular,
[cache.nixos.org](https://cache.nixos.org/) build logs are now compressed
using Brotli.
- `nix-env`
[now](https://github.com/NixOS/nix/commit/b0cb11722626e906a73f10dd9a0c9eea29faf43a)
ignores packages with bad derivation names (in particular those
starting with a digit or containing a dot).
- Many configuration options have been renamed, either because they
were unnecessarily verbose (e.g. `build-use-sandbox` is now just
`sandbox`) or to reflect generalised behaviour (e.g. `binary-caches`
is now `substituters` because it allows arbitrary store URIs). The
old names are still supported for compatibility.
- The `max-jobs` option can
[now](https://github.com/NixOS/nix/commit/7251d048fa812d2551b7003bc9f13a8f5d4c95a5)
be set to `auto` to use the number of CPUs in the system.
- Hashes can
[now](https://github.com/NixOS/nix/commit/c0015e87af70f539f24d2aa2bc224a9d8b84276b)
be specified in base-64 format, in addition to base-16 and the
non-standard base-32.
- `nix-shell` now uses `bashInteractive` from Nixpkgs, rather than the
`bash` command that happens to be in the callers `PATH`. This is
especially important on macOS where the `bash` provided by the
system is seriously outdated and cannot execute `stdenv`s setup
script.
- Nix can now automatically trigger a garbage collection if free disk
space drops below a certain level during a build. This is configured
using the `min-free` and `max-free` options.
- `nix-store -q --roots` and `nix-store --gc --print-roots` now show
temporary and in-memory roots.
- Nix can now be extended with plugins. See the documentation of the
`plugin-files` option for more details.
The Nix language has the following new features:
- It supports floating point numbers. They are based on the C++
`float` type and are supported by the existing numerical operators.
Export and import to and from JSON and XML works, too.
- Derivation attributes can now reference the outputs of the
derivation using the `placeholder` builtin function. For example,
the attribute
configureFlags = "--prefix=${placeholder "out"} --includedir=${placeholder "dev"}";
will cause the `configureFlags` environment variable to contain the
actual store paths corresponding to the `out` and `dev` outputs.
The following builtin functions are new or extended:
- `builtins.fetchGit` allows Git repositories to be fetched at
evaluation time. Thus it differs from the `fetchgit` function in
Nixpkgs, which fetches at build time and cannot be used to fetch Nix
expressions during evaluation. A typical use case is to import
external NixOS modules from your configuration, e.g.
imports = [ (builtins.fetchGit https://github.com/edolstra/dwarffs + "/module.nix") ];
- Similarly, `builtins.fetchMercurial` allows you to fetch Mercurial
repositories.
- `builtins.path` generalises `builtins.filterSource` and path
literals (e.g. `./foo`). It allows specifying a store path name that
differs from the source path name (e.g. `builtins.path { path =
./foo; name = "bar";
}`) and also supports filtering out unwanted files.
- `builtins.fetchurl` and `builtins.fetchTarball` now support `sha256`
and `name` attributes.
- `builtins.split` splits a string using a POSIX extended regular
expression as the separator.
- `builtins.partition` partitions the elements of a list into two
lists, depending on a Boolean predicate.
- `<nix/fetchurl.nix>` now uses the content-addressable tarball cache
at <http://tarballs.nixos.org/>, just like `fetchurl` in Nixpkgs.
(f2682e6e18a76ecbfb8a12c17e3a0ca15c084197)
- In restricted and pure evaluation mode, builtin functions that
download from the network (such as `fetchGit`) are permitted to
fetch underneath a list of URI prefixes specified in the option
`allowed-uris`.
The Nix build environment has the following changes:
- Values such as Booleans, integers, (nested) lists and attribute sets
can
[now](https://github.com/NixOS/nix/commit/6de33a9c675b187437a2e1abbcb290981a89ecb1)
be passed to builders in a non-lossy way. If the special attribute
`__structuredAttrs` is set to `true`, the other derivation
attributes are serialised in JSON format and made available to the
builder via the file `.attrs.json` in the builders temporary
directory. This obviates the need for `passAsFile` since JSON files
have no size restrictions, unlike process environments.
[As a convenience to Bash
builders](https://github.com/NixOS/nix/commit/2d5b1b24bf70a498e4c0b378704cfdb6471cc699),
Nix writes a script named `.attrs.sh` to the builders directory
that initialises shell variables corresponding to all attributes
that are representable in Bash. This includes non-nested
(associative) arrays. For example, the attribute `hardening.format =
true` ends up as the Bash associative array element
`${hardening[format]}`.
- Builders can
[now](https://github.com/NixOS/nix/commit/88e6bb76de5564b3217be9688677d1c89101b2a3)
communicate what build phase they are in by writing messages to the
file descriptor specified in `NIX_LOG_FD`. The current phase is
shown by the `nix` progress indicator.
- In Linux sandbox builds, we
[now](https://github.com/NixOS/nix/commit/a2d92bb20e82a0957067ede60e91fab256948b41)
provide a default `/bin/sh` (namely `ash` from BusyBox).
- In structured attribute mode, `exportReferencesGraph`
[exports](https://github.com/NixOS/nix/commit/c2b0d8749f7e77afc1c4b3e8dd36b7ee9720af4a)
extended information about closures in JSON format. In particular,
it includes the sizes and hashes of paths. This is primarily useful
for NixOS image builders.
- Builds are
[now](https://github.com/NixOS/nix/commit/21948deed99a3295e4d5666e027a6ca42dc00b40)
killed as soon as Nix receives EOF on the builders stdout or
stderr. This fixes a bug that allowed builds to hang Nix
indefinitely, regardless of timeouts.
- The `sandbox-paths` configuration option can now specify optional
paths by appending a `?`, e.g. `/dev/nvidiactl?` will bind-mount
`/dev/nvidiactl` only if it exists.
- On Linux, builds are now executed in a user namespace with UID 1000
and GID 100.
A number of significant internal changes were made:
- Nix no longer depends on Perl and all Perl components have been
rewritten in C++ or removed. The Perl bindings that used to be part
of Nix have been moved to a separate package, `nix-perl`.
- All `Store` classes are now thread-safe. `RemoteStore` supports
multiple concurrent connections to the daemon. This is primarily
useful in multi-threaded programs such as `hydra-queue-runner`.
This release has contributions from Adrien Devresse, Alexander Ried,
Alex Cruice, Alexey Shmalko, AmineChikhaoui, Andy Wingo, Aneesh Agrawal,
Anthony Cowley, Armijn Hemel, aszlig, Ben Gamari, Benjamin Hipple,
Benjamin Staffin, Benno Fünfstück, Bjørn Forsman, Brian McKenna, Charles
Strahan, Chase Adams, Chris Martin, Christian Theune, Chris Warburton,
Daiderd Jordan, Dan Connolly, Daniel Peebles, Dan Peebles, davidak,
David McFarland, Dmitry Kalinkin, Domen Kožar, Eelco Dolstra, Emery
Hemingway, Eric Litak, Eric Wolf, Fabian Schmitthenner, Frederik
Rietdijk, Gabriel Gonzalez, Giorgio Gallo, Graham Christensen, Guillaume
Maudoux, Harmen, Iavael, James Broadhead, James Earl Douglas, Janus
Troelsen, Jeremy Shaw, Joachim Schiele, Joe Hermaszewski, Joel Moberg,
Johannes 'fish' Ziemke, Jörg Thalheim, Jude Taylor, kballou, Keshav
Kini, Kjetil Orbekk, Langston Barrett, Linus Heckemann, Ludovic Courtès,
Manav Rathi, Marc Scholten, Markus Hauck, Matt Audesse, Matthew Bauer,
Matthias Beyer, Matthieu Coudron, N1X, Nathan Zadoks, Neil Mayhew,
Nicolas B. Pierron, Niklas Hambüchen, Nikolay Amiantov, Ole Jørgen
Brønner, Orivej Desh, Peter Simons, Peter Stuart, Pyry Jahkola, regnat,
Renzo Carbonara, Rhys, Robert Vollmert, Scott Olson, Scott R. Parish,
Sergei Trofimovich, Shea Levy, Sheena Artrip, Spencer Baugh, Stefan
Junker, Susan Potter, Thomas Tuegel, Timothy Allen, Tristan Hume, Tuomas
Tynkkynen, tv, Tyson Whitehead, Vladimír Čunát, Will Dietz, wmertens,
Wout Mertens, zimbatm and Zoran Plesivčak.

49
doc/manual/source/release-notes/rl-2.1.md Normal file
View file

@ -0,0 +1,49 @@
# Release 2.1 (2018-09-02)
This is primarily a bug fix release. It also reduces memory consumption
in certain situations. In addition, it has the following new features:
- The Nix installer will no longer default to the Multi-User
installation for macOS. You can still instruct the installer to
run in multi-user mode.
- The Nix installer now supports performing a Multi-User
installation for Linux computers which are running systemd. You
can select a Multi-User installation by passing the `--daemon`
flag to the installer: `sh <(curl -L https://nixos.org/nix/install)
--daemon`.
The multi-user installer cannot handle systems with SELinux. If
your system has SELinux enabled, you can force the installer to
run in single-user mode.
- New builtin functions: `builtins.bitAnd`, `builtins.bitOr`,
`builtins.bitXor`, `builtins.fromTOML`, `builtins.concatMap`,
`builtins.mapAttrs`.
- The S3 binary cache store now supports uploading NARs larger than 5
GiB.
- The S3 binary cache store now supports uploading to S3-compatible
services with the `endpoint` option.
- The flag `--fallback` is no longer required to recover from
disappeared NARs in binary caches.
- `nix-daemon` now respects `--store`.
- `nix run` now respects `nix-support/propagated-user-env-packages`.
This release has contributions from Adrien Devresse, Aleksandr Pashkov,
Alexandre Esteves, Amine Chikhaoui, Andrew Dunham, Asad Saeeduddin,
aszlig, Ben Challenor, Ben Gamari, Benjamin Hipple, Bogdan Seniuc, Corey
O'Connor, Daiderd Jordan, Daniel Peebles, Daniel Poelzleithner, Danylo
Hlynskyi, Dmitry Kalinkin, Domen Kožar, Doug Beardsley, Eelco Dolstra,
Erik Arvstedt, Félix Baylac-Jacqué, Gleb Peregud, Graham Christensen,
Guillaume Maudoux, Ivan Kozik, John Arnold, Justin Humm, Linus
Heckemann, Lorenzo Manacorda, Matthew Justin Bauer, Matthew O'Gorman,
Maximilian Bosch, Michael Bishop, Michael Fiano, Michael Mercier,
Michael Raskin, Michael Weiss, Nicolas Dudebout, Peter Simons, Ryan
Trinkle, Samuel Dionne-Riel, Sean Seefried, Shea Levy, Symphorien Gibol,
Tim Engler, Tim Sears, Tuomas Tynkkynen, volth, Will Dietz, Yorick van
Pelt and zimbatm.

31
doc/manual/source/release-notes/rl-2.10.md Normal file
View file

@ -0,0 +1,31 @@
# Release 2.10 (2022-07-11)
* `nix repl` now takes installables on the command line, unifying the usage
with other commands that use `--file` and `--expr`. Primary breaking change
is for the common usage of `nix repl '<nixpkgs>'` which can be recovered with
`nix repl --file '<nixpkgs>'` or `nix repl --expr 'import <nixpkgs>{}'`.
This is currently guarded by the `repl-flake` experimental feature.
* A new function `builtins.traceVerbose` is available. It is similar
to `builtins.trace` if the `trace-verbose` setting is set to true,
and it is a no-op otherwise.
* `nix search` has a new flag `--exclude` to filter out packages.
* On Linux, if `/nix` doesn't exist and cannot be created and you're
not running as root, Nix will automatically use
`~/.local/share/nix/root` as a chroot store. This enables non-root
users to download the statically linked Nix binary and have it work
out of the box, e.g.
```
# ~/nix run nixpkgs#hello
warning: '/nix' does not exists, so Nix will use '/home/ubuntu/.local/share/nix/root' as a chroot store
Hello, world!
```
* `flake-registry.json` is now fetched from `channels.nixos.org`.
* Nix can now be built with LTO by passing `--enable-lto` to `configure`.
LTO is currently only supported when building with GCC.

5
doc/manual/source/release-notes/rl-2.11.md Normal file
View file

@ -0,0 +1,5 @@
# Release 2.11 (2022-08-24)
* `nix copy` now copies the store paths in parallel as much as possible (again).
This doesn't apply for the `daemon` and `ssh-ng` stores which copy everything
in one batch to avoid latencies issues.

42
doc/manual/source/release-notes/rl-2.12.md Normal file
View file

@ -0,0 +1,42 @@
# Release 2.12 (2022-12-06)
* On Linux, Nix can now run builds in a user namespace where they run
as root (UID 0) and have 65,536 UIDs available.
This is primarily useful for running containers such as `systemd-nspawn`
inside a Nix build. For an example, see [`tests/systemd-nspawn/nix`][nspawn].
[nspawn]: https://github.com/NixOS/nix/blob/67bcb99700a0da1395fa063d7c6586740b304598/tests/systemd-nspawn.nix.
A build can enable this by setting the derivation attribute:
```
requiredSystemFeatures = [ "uid-range" ];
```
The `uid-range` [system feature] requires the [`auto-allocate-uids`]
setting to be enabled.
[system feature]: ../command-ref/conf-file.md#conf-system-features
* Nix can now automatically pick UIDs for builds, removing the need to
create `nixbld*` user accounts. See [`auto-allocate-uids`].
[`auto-allocate-uids`]: ../command-ref/conf-file.md#conf-auto-allocate-uids
* On Linux, Nix has experimental support for running builds inside a
cgroup. See
[`use-cgroups`](../command-ref/conf-file.md#conf-use-cgroups).
* `<nix/fetchurl.nix>` now accepts an additional argument `impure` which
defaults to `false`. If it is set to `true`, the `hash` and `sha256`
arguments will be ignored and the resulting derivation will have
`__impure` set to `true`, making it an impure derivation.
* If `builtins.readFile` is called on a file with context, then only
the parts of the context that appear in the content of the file are
retained. This avoids a lot of spurious errors where strings end up
having a context just because they are read from a store path
([#7260](https://github.com/NixOS/nix/pull/7260)).
* `nix build --json` now prints some statistics about top-level
derivations, such as CPU statistics when cgroups are enabled.

44
doc/manual/source/release-notes/rl-2.13.md Normal file
View file

@ -0,0 +1,44 @@
# Release 2.13 (2023-01-17)
* The `repeat` and `enforce-determinism` options have been removed
since they had been broken under many circumstances for a long time.
* You can now use [flake references] in the [old command line interface], e.g.
[flake references]: ../command-ref/new-cli/nix3-flake.md#flake-references
[old command line interface]: ../command-ref/main-commands.md
```shell-session
# nix-build flake:nixpkgs -A hello
# nix-build -I nixpkgs=flake:github:NixOS/nixpkgs/nixos-22.05 \
'<nixpkgs>' -A hello
# NIX_PATH=nixpkgs=flake:nixpkgs nix-build '<nixpkgs>' -A hello
```
* Instead of "antiquotation", the more common term [string interpolation](../language/string-interpolation.md) is now used consistently.
Historical release notes were not changed.
* Error traces have been reworked to provide detailed explanations and more
accurate error locations. A short excerpt of the trace is now shown by
default when an error occurs.
* Allow explicitly selecting outputs in a store derivation installable, just like we can do with other sorts of installables.
For example,
```shell-session
# nix build /nix/store/gzaflydcr6sb3567hap9q6srzx8ggdgg-glibc-2.33-78.drv^dev
```
now works just as
```shell-session
# nix build nixpkgs#glibc^dev
```
does already.
* On Linux, `nix develop` now sets the
[*personality*](https://man7.org/linux/man-pages/man2/personality.2.html)
for the development shell in the same way as the actual build of the
derivation. This makes shells for `i686-linux` derivations work
correctly on `x86_64-linux`.
* You can now disable the global flake registry by setting the `flake-registry`
configuration option to an empty string. The same can be achieved at runtime with
`--flake-registry ""`.

22
doc/manual/source/release-notes/rl-2.14.md Normal file
View file

@ -0,0 +1,22 @@
# Release 2.14 (2023-02-28)
* A new function `builtins.readFileType` is available. It is similar to
`builtins.readDir` but acts on a single file or directory.
* In flakes, the `.outPath` attribute of a flake now always refers to
the directory containing the `flake.nix`. This was not the case for
when `flake.nix` was in a subdirectory of e.g. a Git repository.
The root of the source of a flake in a subdirectory is still
available in `.sourceInfo.outPath`.
* In derivations that use structured attributes, you can now use `unsafeDiscardReferences`
to disable scanning a given output for runtime dependencies:
```nix
__structuredAttrs = true;
unsafeDiscardReferences.out = true;
```
This is useful e.g. when generating self-contained filesystem images with
their own embedded Nix store: hashes found inside such an image refer
to the embedded store and not to the host's Nix store.
This requires the `discard-references` experimental feature.

58
doc/manual/source/release-notes/rl-2.15.md Normal file
View file

@ -0,0 +1,58 @@
# Release 2.15 (2023-04-11)
* Commands which take installables on the command line can now read them from the standard input if
passed the `--stdin` flag. This is primarily useful when you have a large amount of paths which
exceed the OS argument limit.
* The `nix-hash` command now supports Base64 and SRI. Use the flags `--base64`
or `--sri` to specify the format of output hash as Base64 or SRI, and `--to-base64`
or `--to-sri` to convert a hash to Base64 or SRI format, respectively.
As the choice of hash formats is no longer binary, the `--base16` flag is also added
to explicitly specify the Base16 format, which is still the default.
* The special handling of an [installable](../command-ref/new-cli/nix.md#installables) with `.drv` suffix being interpreted as all of the given [store derivation](@docroot@/glossary.md#gloss-store-derivation)'s output paths is removed, and instead taken as the literal store path that it represents.
The new `^` syntax for store paths introduced in Nix 2.13 allows explicitly referencing output paths of a derivation.
Using this is better and more clear than relying on the now-removed `.drv` special handling.
For example,
```shell-session
$ nix path-info /nix/store/gzaflydcr6sb3567hap9q6srzx8ggdgg-glibc-2.33-78.drv
```
now gives info about the derivation itself, while
```shell-session
$ nix path-info /nix/store/gzaflydcr6sb3567hap9q6srzx8ggdgg-glibc-2.33-78.drv^*
```
provides information about each of its outputs.
* The experimental command `nix describe-stores` has been removed.
* Nix stores and their settings are now documented in [`nix help-stores`](@docroot@/command-ref/new-cli/nix3-help-stores.md).
* Documentation for operations of `nix-store` and `nix-env` are now available on separate pages of the manual.
They include all common options that can be specified and common environment variables that affect these commands.
These pages can be viewed offline with `man` using
* `man nix-store-<operation>` and `man nix-env-<operation>`
* `nix-store --help --<operation>` and `nix-env --help --<operation>`.
* Nix when used as a client now checks whether the store (the server) trusts the client.
(The store always had to check whether it trusts the client, but now the client is informed of the store's decision.)
This is useful for scripting interactions with (non-legacy-ssh) remote Nix stores.
`nix store ping` and `nix doctor` now display this information.
* The new command `nix derivation add` allows adding derivations to the store without involving the Nix language.
It exists to round out our collection of basic utility/plumbing commands, and allow for a low barrier-to-entry way of experimenting with alternative front-ends to the Nix Store.
It uses the same JSON layout as `nix derivation show`, and is its inverse.
* `nix show-derivation` has been renamed to `nix derivation show`.
This matches `nix derivation add`, and avoids bloating the top-level namespace.
The old name is still kept as an alias for compatibility, however.
* The `nix derivation {add,show}` JSON format now includes the derivation name as a top-level field.
This is useful in general, but especially necessary for the `add` direction, as otherwise we would need to pass in the name out of band for certain cases.

8
doc/manual/source/release-notes/rl-2.16.md Normal file
View file

@ -0,0 +1,8 @@
# Release 2.16 (2023-05-31)
* Speed-up of downloads from binary caches.
The number of parallel downloads (also known as substitutions) has been separated from the [`--max-jobs` setting](../command-ref/conf-file.md#conf-max-jobs).
The new setting is called [`max-substitution-jobs`](../command-ref/conf-file.md#conf-max-substitution-jobs).
The number of parallel downloads is now set to 16 by default (previously, the default was 1 due to the coupling to build jobs).
* The function [`builtins.replaceStrings`](@docroot@/language/builtins.md#builtins-replaceStrings) is now lazy in the value of its second argument `to`. That is, `to` is only evaluated when its corresponding pattern in `from` is matched in the string `s`.

42
doc/manual/source/release-notes/rl-2.17.md Normal file
View file

@ -0,0 +1,42 @@
# Release 2.17 (2023-07-24)
* [`nix-channel`](../command-ref/nix-channel.md) now supports a `--list-generations` subcommand.
* The function [`builtins.fetchClosure`](../language/builtins.md#builtins-fetchClosure) can now fetch input-addressed paths in [pure evaluation mode](../command-ref/conf-file.md#conf-pure-eval), as those are not impure.
* Nix now allows unprivileged/[`allowed-users`](../command-ref/conf-file.md#conf-allowed-users) to sign paths.
Previously, only [`trusted-users`](../command-ref/conf-file.md#conf-trusted-users) users could sign paths.
* Nested dynamic attributes are now merged correctly by the parser. For example:
```nix
{
nested = {
foo = 1;
};
nested = {
${"ba" + "r"} = 2;
};
}
```
This used to silently discard `nested.bar`, but now behaves as one would expect and evaluates to:
```nix
{ nested = { bar = 2; foo = 1; }; }
```
Note that the feature of merging multiple *full declarations* of attribute sets like `nested` in the example is of questionable value.
It allows writing expressions that are very hard to read, for instance when there are many lines of code between two declarations of the same attribute.
This has been around for a long time and is therefore supported for backwards compatibility, but should not be relied upon.
Instead, consider using the *nested attribute path* syntax:
```nix
{
nested.foo = 1;
nested.${"ba" + "r"} = 2;
}
```
* Tarball flakes can now redirect to an "immutable" URL that will be recorded in lock files. This allows the use of "mutable" tarball URLs like `https://example.org/hello/latest.tar.gz` in flakes. See the [tarball fetcher](../protocols/tarball-fetcher.md) for details.

28
doc/manual/source/release-notes/rl-2.18.md Normal file
View file

@ -0,0 +1,28 @@
# Release 2.18 (2023-09-20)
- Two new builtin functions,
[`builtins.parseFlakeRef`](@docroot@/language/builtins.md#builtins-parseFlakeRef)
and
[`builtins.flakeRefToString`](@docroot@/language/builtins.md#builtins-flakeRefToString),
have been added.
These functions are useful for converting between flake references encoded as attribute sets and URLs.
- [`builtins.toJSON`](@docroot@/language/builtins.md#builtins-parseFlakeRef) now prints [--show-trace](@docroot@/command-ref/conf-file.html#conf-show-trace) items for the path in which it finds an evaluation error.
- Error messages regarding malformed input to [`nix derivation add`](@docroot@/command-ref/new-cli/nix3-derivation-add.md) are now clearer and more detailed.
- The `discard-references` feature has been stabilized.
This means that the
[unsafeDiscardReferences](@docroot@/development/experimental-features.md#xp-feature-discard-references)
attribute is no longer guarded by an experimental flag and can be used
freely.
- The JSON output for derived paths which are store paths is now a string, not an object with a single `path` field.
This only affects `nix-build --json` when "building" non-derivation things like fetched sources, which is a no-op.
- A new builtin [`outputOf`](@docroot@/language/builtins.md#builtins-outputOf) has been added.
It is part of the [`dynamic-derivations`](@docroot@/development/experimental-features.md#xp-feature-dynamic-derivations) experimental feature.
- Flake follow paths at depths greater than 2 are now handled correctly, preventing "follows a non-existent input" errors.
- [`nix-store --query`](@docroot@/command-ref/nix-store/query.md) gained a new type of query: `--valid-derivers`. It returns all `.drv` files in the local store that *can be* used to build the output passed in argument. This is in contrast to `--deriver`, which returns the single `.drv` file that *was actually* used to build the output passed in argument. In case the output was substituted from a binary cache, this `.drv` file may only exist on said binary cache and not locally.

77
doc/manual/source/release-notes/rl-2.19.md Normal file
View file

@ -0,0 +1,77 @@
# Release 2.19 (2023-11-17)
- The experimental `nix` command can now act as a [shebang interpreter](@docroot@/command-ref/new-cli/nix.md#shebang-interpreter)
by appending the contents of any `#! nix` lines and the script's location into a single call.
- [URL flake references](@docroot@/command-ref/new-cli/nix3-flake.md#flake-references) now support [percent-encoded](https://datatracker.ietf.org/doc/html/rfc3986#section-2.1) characters.
- [Path-like flake references](@docroot@/command-ref/new-cli/nix3-flake.md#path-like-syntax) now accept arbitrary unicode characters (except `#` and `?`).
- The experimental feature `repl-flake` is no longer needed, as its functionality is now part of the `flakes` experimental feature. To get the previous behavior, use the `--file/--expr` flags accordingly.
- There is a new flake installable syntax `flakeref#.attrPath` where the "." prefix specifies that `attrPath` is interpreted from the root of the flake outputs, with no searching of default attribute prefixes like `packages.<SYSTEM>` or `legacyPackages.<SYSTEM>`.
- Nix adds `apple-virt` to the default system features on macOS systems that support virtualization. This is similar to what's done for the `kvm` system feature on Linux hosts.
- Add a new built-in function [`builtins.convertHash`](@docroot@/language/builtins.md#builtins-convertHash).
- `nix-shell` shebang lines now support single-quoted arguments.
- `builtins.fetchTree` is now its own experimental feature, [`fetch-tree`](@docroot@/development/experimental-features.md#xp-fetch-tree).
This allows stabilising it independently of the rest of what is encompassed by [`flakes`](@docroot@/development/experimental-features.md#xp-fetch-tree).
- The interface for creating and updating lock files has been overhauled:
- [`nix flake lock`](@docroot@/command-ref/new-cli/nix3-flake-lock.md) only creates lock files and adds missing inputs now.
It will *never* update existing inputs.
- [`nix flake update`](@docroot@/command-ref/new-cli/nix3-flake-update.md) does the same, but *will* update inputs.
- Passing no arguments will update all inputs of the current flake, just like it already did.
- Passing input names as arguments will ensure only those are updated. This replaces the functionality of `nix flake lock --update-input`
- To operate on a flake outside the current directory, you must now pass `--flake path/to/flake`.
- The flake-specific flags `--recreate-lock-file` and `--update-input` have been removed from all commands operating on installables.
They are superceded by `nix flake update`.
- Commit signature verification for the [`builtins.fetchGit`](@docroot@/language/builtins.md#builtins-fetchGit) is added as the new [`verified-fetches` experimental feature](@docroot@/development/experimental-features.md#xp-feature-verified-fetches).
- [`nix path-info --json`](@docroot@/command-ref/new-cli/nix3-path-info.md)
(experimental) now returns a JSON map rather than JSON list.
The `path` field of each object has instead become the key in the outer map, since it is unique.
The `valid` field also goes away because we just use `null` instead.
- Old way:
```json5
[
{
"path": "/nix/store/8fv91097mbh5049i9rglc73dx6kjg3qk-bash-5.2-p15",
"valid": true,
// ...
},
{
"path": "/nix/store/wffw7l0alvs3iw94cbgi1gmmbmw99sqb-home-manager-path",
"valid": false
}
]
```
- New way
```json5
{
"/nix/store/8fv91097mbh5049i9rglc73dx6kjg3qk-bash-5.2-p15": {
// ...
},
"/nix/store/wffw7l0alvs3iw94cbgi1gmmbmw99sqb-home-manager-path": null,
}
```
This makes it match `nix derivation show`, which also maps store paths to information.
- When Nix is installed using the [binary installer](@docroot@/installation/installing-binary.md), in supported shells (Bash, Zsh, Fish)
[`XDG_DATA_DIRS`](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html#variables) is now populated with the path to the `/share` subdirectory of the current profile.
This means that command completion scripts, `.desktop` files, and similar artifacts installed via [`nix-env`](@docroot@/command-ref/nix-env.md) or [`nix profile`](@docroot@/command-ref/new-cli/nix3-profile.md)
(experimental) can be found by any program that follows the [XDG Base Directory Specification](https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html).
- A new command `nix store add` has been added. It replaces `nix store add-file` and `nix store add-path` which are now deprecated.

82
doc/manual/source/release-notes/rl-2.2.md Normal file
View file

@ -0,0 +1,82 @@
# Release 2.2 (2019-01-11)
This is primarily a bug fix release. It also has the following changes:
- In derivations that use structured attributes (i.e. that specify set
the `__structuredAttrs` attribute to `true` to cause all attributes
to be passed to the builder in JSON format), you can now specify
closure checks per output, e.g.:
outputChecks."out" = {
# The closure of 'out' must not be larger than 256 MiB.
maxClosureSize = 256 * 1024 * 1024;
# It must not refer to C compiler or to the 'dev' output.
disallowedRequisites = [ stdenv.cc "dev" ];
};
outputChecks."dev" = {
# The 'dev' output must not be larger than 128 KiB.
maxSize = 128 * 1024;
};
- The derivation attribute `requiredSystemFeatures` is now enforced
for local builds, and not just to route builds to remote builders.
The supported features of a machine can be specified through the
configuration setting `system-features`.
By default, `system-features` includes `kvm` if `/dev/kvm` exists.
For compatibility, it also includes the pseudo-features
`nixos-test`, `benchmark` and `big-parallel` which are used by
Nixpkgs to route builds to particular Hydra build machines.
- Sandbox builds are now enabled by default on Linux.
- The new command `nix doctor` shows potential issues with your Nix
installation.
- The `fetchGit` builtin function now uses a caching scheme that puts
different remote repositories in distinct local repositories, rather
than a single shared repository. This may require more disk space
but is faster.
- The `dirOf` builtin function now works on relative paths.
- Nix now supports [SRI hashes](https://www.w3.org/TR/SRI/), allowing
the hash algorithm and hash to be specified in a single string. For
example, you can write:
import <nix/fetchurl.nix> {
url = https://nixos.org/releases/nix/nix-2.1.3/nix-2.1.3.tar.xz;
hash = "sha256-XSLa0FjVyADWWhFfkZ2iKTjFDda6mMXjoYMXLRSYQKQ=";
};
instead of
import <nix/fetchurl.nix> {
url = https://nixos.org/releases/nix/nix-2.1.3/nix-2.1.3.tar.xz;
sha256 = "5d22dad058d5c800d65a115f919da22938c50dd6ba98c5e3a183172d149840a4";
};
In fixed-output derivations, the `outputHashAlgo` attribute is no
longer mandatory if `outputHash` specifies the hash.
`nix hash-file` and `nix
hash-path` now print hashes in SRI format by default. They also use
SHA-256 by default instead of SHA-512 because that's what we use
most of the time in Nixpkgs.
- Integers are now 64 bits on all platforms.
- The evaluator now prints profiling statistics (enabled via the
`NIX_SHOW_STATS` and `NIX_COUNT_CALLS` environment variables) in
JSON format.
- The option `--xml` in `nix-store
--query` has been removed. Instead, there now is an option
`--graphml` to output the dependency graph in GraphML format.
- All `nix-*` commands are now symlinks to `nix`. This saves a bit of
disk space.
- `nix repl` now uses `libeditline` or `libreadline`.

208
doc/manual/source/release-notes/rl-2.20.md Normal file
View file

@ -0,0 +1,208 @@
# Release 2.20.0 (2024-01-29)
- Option `allowed-uris` can now match whole schemes in URIs without slashes [#9547](https://github.com/NixOS/nix/pull/9547)
If a scheme, such as `github:` is specified in the `allowed-uris` option, all URIs starting with `github:` are allowed.
Previously this only worked for schemes whose URIs used the `://` syntax.
- Include cgroup stats when building through the daemon [#9598](https://github.com/NixOS/nix/pull/9598)
Nix now also reports cgroup statistics when building through the Nix daemon and when doing remote builds using `ssh-ng`,
if both sides of the connection are using Nix 2.20 or newer.
- Disallow empty search regex in `nix search` [#9481](https://github.com/NixOS/nix/pull/9481)
[`nix search`](@docroot@/command-ref/new-cli/nix3-search.md) now requires a search regex to be passed. To show all packages, use `^`.
- Add new `eval-system` setting [#4093](https://github.com/NixOS/nix/pull/4093)
Add a new `eval-system` option.
Unlike `system`, it just overrides the value of `builtins.currentSystem`.
This is more useful than overriding `system`, because you can build these derivations on remote builders which can work on the given system.
In contrast, `system` also affects scheduling which will cause Nix to build those derivations locally even if that doesn't make sense.
`eval-system` only takes effect if it is non-empty.
If empty (the default) `system` is used as before, so there is no breakage.
- Import-from-derivation builds the derivation in the build store [#9661](https://github.com/NixOS/nix/pull/9661)
When using `--eval-store`, `import`ing from a derivation will now result in the derivation being built on the build store, i.e. the store specified in the `store` Nix option.
Because the resulting Nix expression must be copied back to the evaluation store in order to be imported, this requires the evaluation store to trust the build store's signatures.
- Mounted SSH Store [#7890](https://github.com/NixOS/nix/issues/7890) [#7912](https://github.com/NixOS/nix/pull/7912)
Introduced the store [`mounted-ssh-ng://`](@docroot@/command-ref/new-cli/nix3-help-stores.md).
This store allows full access to a Nix store on a remote machine and additionally requires that the store be mounted in the local filesystem.
- Rename `nix show-config` to `nix config show` [#7672](https://github.com/NixOS/nix/issues/7672) [#9477](https://github.com/NixOS/nix/pull/9477)
`nix show-config` was renamed to `nix config show`, and `nix doctor` was renamed to `nix config check`, to be more consistent with the rest of the command line interface.
- Add command `nix hash convert` [#9452](https://github.com/NixOS/nix/pull/9452)
This replaces the old `nix hash to-*` commands, which are still available but will emit a deprecation warning. Please convert as follows:
- `nix hash to-base16 $hash1 $hash2`: Use `nix hash convert --to base16 $hash1 $hash2` instead.
- `nix hash to-base32 $hash1 $hash2`: Use `nix hash convert --to nix32 $hash1 $hash2` instead.
- `nix hash to-base64 $hash1 $hash2`: Use `nix hash convert --to base64 $hash1 $hash2` instead.
- `nix hash to-sri $hash1 $hash2`: : Use `nix hash convert --to sri $hash1 $hash2` or even just `nix hash convert $hash1 $hash2` instead.
- Rename hash format `base32` to `nix32` [#9452](https://github.com/NixOS/nix/pull/9452)
Hash format `base32` was renamed to `nix32` since it used a special Nix-specific character set for
[Base32](https://en.wikipedia.org/wiki/Base32).
- `nix profile` now allows referring to elements by human-readable names [#8678](https://github.com/NixOS/nix/pull/8678)
[`nix profile`](@docroot@/command-ref/new-cli/nix3-profile.md) now uses names to refer to installed packages when running [`list`](@docroot@/command-ref/new-cli/nix3-profile-list.md), [`remove`](@docroot@/command-ref/new-cli/nix3-profile-remove.md) or [`upgrade`](@docroot@/command-ref/new-cli/nix3-profile-upgrade.md) as opposed to indices. Profile element names are generated when a package is installed and remain the same until the package is removed.
**Warning**: The `manifest.nix` file used to record the contents of profiles has changed. Nix will automatically upgrade profiles to the new version when you modify the profile. After that, the profile can no longer be used by older versions of Nix.
- Give `nix store add` a `--hash-algo` flag [#9809](https://github.com/NixOS/nix/pull/9809)
Adds a missing feature that was present in the old CLI, and matches our
plans to have similar flags for `nix hash convert` and `nix hash path`.
- Coercion errors include the failing value
The `error: cannot coerce a <TYPE> to a string` message now includes the value
which caused the error.
Before:
```
error: cannot coerce a set to a string
```
After:
```
error: cannot coerce a set to a string: { aesSupport = «thunk»;
avx2Support = «thunk»; avx512Support = «thunk»; avxSupport = «thunk»;
canExecute = «thunk»; config = «thunk»; darwinArch = «thunk»; darwinMinVersion
= «thunk»; darwinMinVersionVariable = «thunk»; darwinPlatform = «thunk»; «84
attributes elided»}
```
- Type errors include the failing value
In errors like `value is an integer while a list was expected`, the message now
includes the failing value.
Before:
```
error: value is a set while a string was expected
```
After:
```
error: expected a string but found a set: { ghc810 = «thunk»;
ghc8102Binary = «thunk»; ghc8107 = «thunk»; ghc8107Binary = «thunk»;
ghc865Binary = «thunk»; ghc90 = «thunk»; ghc902 = «thunk»; ghc92 = «thunk»;
ghc924Binary = «thunk»; ghc925 = «thunk»; «17 attributes elided»}
```
- Source locations are printed more consistently in errors [#561](https://github.com/NixOS/nix/issues/561) [#9555](https://github.com/NixOS/nix/pull/9555)
Source location information is now included in error messages more
consistently. Given this code:
```nix
let
attr = {foo = "bar";};
key = {};
in
attr.${key}
```
Previously, Nix would show this unhelpful message when attempting to evaluate
it:
```
error:
… while evaluating an attribute name
error: value is a set while a string was expected
```
Now, the error message displays where the problematic value was found:
```
error:
… while evaluating an attribute name
at bad.nix:4:11:
3| key = {};
4| in attr.${key}
| ^
5|
error: expected a string but found a set
```
- Some stack overflow segfaults are fixed [#9616](https://github.com/NixOS/nix/issues/9616) [#9617](https://github.com/NixOS/nix/pull/9617)
The number of nested function calls has been restricted, to detect and report
infinite function call recursions. The default maximum call depth is 10,000 and
can be set with [the `max-call-depth`
option](@docroot@/command-ref/conf-file.md#conf-max-call-depth).
This replaces the `stack overflow (possible infinite recursion)` message.
- Better error reporting for `with` expressions [#9658](https://github.com/NixOS/nix/pull/9658)
`with` expressions using non-attrset values to resolve variables are now reported with proper positions, e.g.
```
nix-repl> with 1; a
error:
… while evaluating the first subexpression of a with expression
at «string»:1:1:
1| with 1; a
| ^
error: expected a set but found an integer
```
- Functions are printed with more detail [#7145](https://github.com/NixOS/nix/issues/7145) [#9606](https://github.com/NixOS/nix/pull/9606)
`nix repl`, `nix eval`, `builtins.trace`, and most other places values are
printed will now include function names and source location information:
```
$ nix repl nixpkgs
nix-repl> builtins.map
«primop map»
nix-repl> builtins.map lib.id
«partially applied primop map»
nix-repl> builtins.trace lib.id "my-value"
trace: «lambda id @ /nix/store/8rrzq23h2zq7sv5l2vhw44kls5w0f654-source/lib/trivial.nix:26:5»
"my-value"
```
- Flake operations like `nix develop` will no longer fail when run in a Git
repository where the `flake.lock` file is `.gitignore`d
[#8854](https://github.com/NixOS/nix/issues/8854)
[#9324](https://github.com/NixOS/nix/pull/9324)
- Nix commands will now respect Ctrl-C
[#7145](https://github.com/NixOS/nix/issues/7145)
[#6995](https://github.com/NixOS/nix/pull/6995)
[#9687](https://github.com/NixOS/nix/pull/9687)
Previously, many Nix commands would hang indefinitely if Ctrl-C was pressed
while performing various operations (including `nix develop`, `nix flake
update`, and so on). With several fixes to Nix's signal handlers, Nix
commands will now exit quickly after Ctrl-C is pressed.
- `nix copy` to a `ssh-ng` store now needs `--substitute-on-destination` (a.k.a. `-s`)
in order to substitute paths on the remote store instead of copying them.
The behavior is consistent with `nix copy` to a different kind of remote store.
Previously this behavior was controlled by the
`builders-use-substitutes` setting and `--substitute-on-destination` was ignored.

302
doc/manual/source/release-notes/rl-2.21.md Normal file
View file

@ -0,0 +1,302 @@
# Release 2.21.0 (2024-03-11)
- Fix a fixed-output derivation sandbox escape (CVE-2024-27297)
Cooperating Nix derivations could send file descriptors to files in the Nix
store to each other via Unix domain sockets in the abstract namespace. This
allowed one derivation to modify the output of the other derivation, after Nix
has registered the path as "valid" and immutable in the Nix database.
In particular, this allowed the output of fixed-output derivations to be
modified from their expected content.
This isn't the case any more.
- CLI options `--arg-from-file` and `--arg-from-stdin` [#10122](https://github.com/NixOS/nix/pull/10122)
The new CLI option `--arg-from-file` *name* *path* passes the contents
of file *path* as a string value via the function argument *name* to a
Nix expression. Similarly, the new option `--arg-from-stdin` *name*
reads the contents of the string from standard input.
- Concise error printing in `nix repl` [#9928](https://github.com/NixOS/nix/pull/9928)
Previously, if an element of a list or attribute set threw an error while
evaluating, `nix repl` would print the entire error (including source location
information) inline. This output was clumsy and difficult to parse:
```
nix-repl> { err = builtins.throw "uh oh!"; }
{ err = «error:
… while calling the 'throw' builtin
at «string»:1:9:
1| { err = builtins.throw "uh oh!"; }
| ^
error: uh oh!»; }
```
Now, only the error message is displayed, making the output much more readable.
```
nix-repl> { err = builtins.throw "uh oh!"; }
{ err = «error: uh oh!»; }
```
However, if the whole expression being evaluated throws an error, source
locations and (if applicable) a stack trace are printed, just like you'd expect:
```
nix-repl> builtins.throw "uh oh!"
error:
… while calling the 'throw' builtin
at «string»:1:1:
1| builtins.throw "uh oh!"
| ^
error: uh oh!
```
- `--debugger` can now access bindings from `let` expressions [#8827](https://github.com/NixOS/nix/issues/8827) [#9918](https://github.com/NixOS/nix/pull/9918)
Breakpoints and errors in the bindings of a `let` expression can now access
those bindings in the debugger. Previously, only the body of `let` expressions
could access those bindings.
- Enter the `--debugger` when `builtins.trace` is called if `debugger-on-trace` is set [#9914](https://github.com/NixOS/nix/pull/9914)
If the `debugger-on-trace` option is set and `--debugger` is given,
`builtins.trace` calls will behave similarly to `builtins.break` and will enter
the debug REPL. This is useful for determining where warnings are being emitted
from.
- Debugger prints source position information [#9913](https://github.com/NixOS/nix/pull/9913)
The `--debugger` now prints source location information, instead of the
pointers of source location information. Before:
```
nix-repl> :bt
0: while evaluating the attribute 'python311.pythonForBuild.pkgs'
0x600001522598
```
After:
```
0: while evaluating the attribute 'python311.pythonForBuild.pkgs'
/nix/store/hg65h51xnp74ikahns9hyf3py5mlbbqq-source/overrides/default.nix:132:27
131|
132| bootstrappingBase = pkgs.${self.python.pythonAttr}.pythonForBuild.pkgs;
| ^
133| in
```
- The `--debugger` will start more reliably in `let` expressions and function calls [#6649](https://github.com/NixOS/nix/issues/6649) [#9917](https://github.com/NixOS/nix/pull/9917)
Previously, if you attempted to evaluate this file with the debugger:
```nix
let
a = builtins.trace "before inner break" (
builtins.break "hello"
);
b = builtins.trace "before outer break" (
builtins.break a
);
in
b
```
Nix would correctly enter the debugger at `builtins.break a`, but if you asked
it to `:continue`, it would skip over the `builtins.break "hello"` expression
entirely.
Now, Nix will correctly enter the debugger at both breakpoints.
- Nested debuggers are no longer supported [#9920](https://github.com/NixOS/nix/pull/9920)
Previously, evaluating an expression that throws an error in the debugger would
enter a second, nested debugger:
```
nix-repl> builtins.throw "what"
error: what
Starting REPL to allow you to inspect the current state of the evaluator.
Welcome to Nix 2.18.1. Type :? for help.
nix-repl>
```
Now, it just prints the error message like `nix repl`:
```
nix-repl> builtins.throw "what"
error:
… while calling the 'throw' builtin
at «string»:1:1:
1| builtins.throw "what"
| ^
error: what
```
- Consistent order of function arguments in printed expressions [#9874](https://github.com/NixOS/nix/pull/9874)
Function arguments are now printed in lexicographic order rather than the internal, creation-time based symbol order.
- Fix duplicate attribute error positions for `inherit` [#9874](https://github.com/NixOS/nix/pull/9874)
When an `inherit` caused a duplicate attribute error the position of the error was not reported correctly, placing the error with the inherit itself or at the start of the bindings block instead of the offending attribute name.
- `inherit (x) ...` evaluates `x` only once [#9847](https://github.com/NixOS/nix/pull/9847)
`inherit (x) a b ...` now evaluates the expression `x` only once for all inherited attributes rather than once for each inherited attribute.
This does not usually have a measurable impact, but side-effects (such as `builtins.trace`) would be duplicated and expensive expressions (such as derivations) could cause a measurable slowdown.
- Store paths are allowed to start with `.` [#912](https://github.com/NixOS/nix/issues/912) [#9091](https://github.com/NixOS/nix/pull/9091) [#9095](https://github.com/NixOS/nix/pull/9095) [#9120](https://github.com/NixOS/nix/pull/9120) [#9121](https://github.com/NixOS/nix/pull/9121) [#9122](https://github.com/NixOS/nix/pull/9122) [#9130](https://github.com/NixOS/nix/pull/9130) [#9219](https://github.com/NixOS/nix/pull/9219) [#9224](https://github.com/NixOS/nix/pull/9224) [#9867](https://github.com/NixOS/nix/pull/9867)
Leading periods were allowed by accident in Nix 2.4. The Nix team has considered this to be a bug, but this behavior has since been relied on by users, leading to unnecessary difficulties.
From now on, leading periods are supported. The names `.` and `..` are disallowed, as well as those starting with `.-` or `..-`.
Nix versions that denied leading periods are documented [in the issue](https://github.com/NixOS/nix/issues/912#issuecomment-1919583286).
- `nix repl` pretty-prints values [#9931](https://github.com/NixOS/nix/pull/9931)
`nix repl` will now pretty-print values:
```
{
attrs = {
a = {
b = {
c = { };
};
};
};
list = [ 1 ];
list' = [
1
2
3
];
}
```
- Introduction of `--regex` and `--all` in `nix profile remove` and `nix profile upgrade` [#10166](https://github.com/NixOS/nix/pull/10166)
Previously the command-line arguments for `nix profile remove` and `nix profile upgrade` matched the package entries using regular expression.
For instance:
```
nix profile remove '.*vim.*'
```
This would remove all packages that contain `vim` in their name.
In most cases, only singular package names were used to remove and upgrade packages. Mixing this with regular expressions sometimes lead to unintended behavior. For instance, `python3.1` could match `python311`.
To avoid unintended behavior, the arguments are now only matching exact names.
Matching using regular expressions is still possible by using the new `--regex` flag:
```
nix profile remove --regex '.*vim.*'
```
One of the most useful cases for using regular expressions was to upgrade all packages. This was previously accomplished by:
```
nix profile upgrade '.*'
```
With the introduction of the `--all` flag, this now becomes more straightforward:
```
nix profile upgrade --all
```
- Visual clutter in `--debugger` is reduced [#9919](https://github.com/NixOS/nix/pull/9919)
Before:
```
info: breakpoint reached
Starting REPL to allow you to inspect the current state of the evaluator.
Welcome to Nix 2.20.0pre20231222_dirty. Type :? for help.
nix-repl> :continue
error: uh oh
Starting REPL to allow you to inspect the current state of the evaluator.
Welcome to Nix 2.20.0pre20231222_dirty. Type :? for help.
nix-repl>
```
After:
```
info: breakpoint reached
Nix 2.20.0pre20231222_dirty debugger
Type :? for help.
nix-repl> :continue
error: uh oh
nix-repl>
```
- Cycle detection in `nix repl` is simpler and more reliable [#8672](https://github.com/NixOS/nix/issues/8672) [#9926](https://github.com/NixOS/nix/pull/9926)
The cycle detection in `nix repl`, `nix eval`, `builtins.trace`, and everywhere
else values are printed is now simpler and matches the cycle detection in
`nix-instantiate --eval` output.
Before:
```
nix eval --expr 'let self = { inherit self; }; in self'
{ self = { self = «repeated»; }; }
```
After:
```
{ self = «repeated»; }
```
- In the debugger, `while evaluating the attribute` errors now include position information [#9915](https://github.com/NixOS/nix/pull/9915)
Before:
```
0: while evaluating the attribute 'python311.pythonForBuild.pkgs'
0x600001522598
```
After:
```
0: while evaluating the attribute 'python311.pythonForBuild.pkgs'
/nix/store/hg65h51xnp74ikahns9hyf3py5mlbbqq-source/overrides/default.nix:132:27
131|
132| bootstrappingBase = pkgs.${self.python.pythonAttr}.pythonForBuild.pkgs;
| ^
133| in
```
- Stack size is increased on macOS [#9860](https://github.com/NixOS/nix/pull/9860)
Previously, Nix would set the stack size to 64MiB on Linux, but would leave the
stack size set to the default (approximately 8KiB) on macOS. Now, the stack
size is correctly set to 64MiB on macOS as well, which should reduce stack
overflow segfaults in deeply-recursive Nix expressions.

21
doc/manual/source/release-notes/rl-2.22.md Normal file
View file

@ -0,0 +1,21 @@
# Release 2.22.0 (2024-04-23)
### Significant changes
- Remove experimental repl-flake [#10103](https://github.com/NixOS/nix/issues/10103) [#10299](https://github.com/NixOS/nix/pull/10299)
The `repl-flake` experimental feature has been removed. The `nix repl` command now works like the rest of the new CLI in that `nix repl {path}` now tries to load a flake at `{path}` (or fails if the `flakes` experimental feature isn't enabled).
### Other changes
- `nix eval` prints derivations as `.drv` paths [#10200](https://github.com/NixOS/nix/pull/10200)
`nix eval` will now print derivations as their `.drv` paths, rather than as
attribute sets. This makes commands like `nix eval nixpkgs#bash` terminate
instead of infinitely looping into recursive self-referential attributes:
```ShellSession
$ nix eval nixpkgs#bash
«derivation /nix/store/m32cbgbd598f4w299g0hwyv7gbw6rqcg-bash-5.2p26.drv»
```

102
doc/manual/source/release-notes/rl-2.23.md Normal file
View file

@ -0,0 +1,102 @@
# Release 2.23.0 (2024-06-03)
- New builtin: `builtins.warn` [#306026](https://github.com/NixOS/nix/issues/306026) [#10592](https://github.com/NixOS/nix/pull/10592)
`builtins.warn` behaves like `builtins.trace "warning: ${msg}"`, has an accurate log level, and is controlled by the options
[`debugger-on-trace`](@docroot@/command-ref/conf-file.md#conf-debugger-on-trace),
[`debugger-on-warn`](@docroot@/command-ref/conf-file.md#conf-debugger-on-warn) and
[`abort-on-warn`](@docroot@/command-ref/conf-file.md#conf-abort-on-warn).
- Make `nix build --keep-going` consistent with `nix-build --keep-going`
This means that if e.g. multiple fixed-output derivations fail to
build, all hash mismatches are displayed.
- Modify `nix derivation {add,show}` JSON format [#9866](https://github.com/NixOS/nix/issues/9866) [#10722](https://github.com/NixOS/nix/pull/10722)
The JSON format for derivations has been slightly revised to better conform to our [JSON guidelines](@docroot@/development/cli-guideline.md#returning-future-proof-json).
In particular, the hash algorithm and content addressing method of content-addresed derivation outputs are now separated into two fields `hashAlgo` and `method`,
rather than one field with an arcane `:`-separated format.
This JSON format is only used by the experimental `nix derivation` family of commands, at this time.
Future revisions are expected as the JSON format is still not entirely in compliance even after these changes.
- Warn on unknown settings anywhere in the command line [#10701](https://github.com/NixOS/nix/pull/10701)
All `nix` commands will now properly warn when an unknown option is specified anywhere in the command line.
Before:
```console
$ nix-instantiate --option foobar baz --expr '{}'
warning: unknown setting 'foobar'
$ nix-instantiate '{}' --option foobar baz --expr
$ nix eval --expr '{}' --option foobar baz
{ }
```
After:
```console
$ nix-instantiate --option foobar baz --expr '{}'
warning: unknown setting 'foobar'
$ nix-instantiate '{}' --option foobar baz --expr
warning: unknown setting 'foobar'
$ nix eval --expr '{}' --option foobar baz
warning: unknown setting 'foobar'
{ }
```
- `nix env shell` is the new `nix shell`, and `nix shell` remains an accepted alias [#10504](https://github.com/NixOS/nix/issues/10504) [#10807](https://github.com/NixOS/nix/pull/10807)
This is part of an effort to bring more structure to the CLI subcommands.
`nix env` will be about the process environment.
Future commands may include `nix env run` and `nix env print-env`.
It is also somewhat analogous to the [planned](https://github.com/NixOS/nix/issues/10504) `nix dev shell` (currently `nix develop`), which is less about environment variables, and more about running a development shell, which is a more powerful command, but also requires more setup.
- Flake operations that expect derivations now print the failing value and its type [#10778](https://github.com/NixOS/nix/pull/10778)
In errors like `flake output attribute 'nixosConfigurations.yuki.config' is not a derivation or path`, the message now includes the failing value and type.
Before:
```
error: flake output attribute 'nixosConfigurations.yuki.config' is not a derivation or path
````
After:
```
error: expected flake output attribute 'nixosConfigurations.yuki.config' to be a derivation or path but found a set: { appstream = «thunk»; assertions = «thunk»; boot = { bcache = «thunk»; binfmt = «thunk»; binfmtMiscRegistrations = «thunk»; blacklistedKernelModules = «thunk»; bootMount = «thunk»; bootspec = «thunk»; cleanTmpDir = «thunk»; consoleLogLevel = «thunk»; «43 attributes elided» }; «48 attributes elided» }
```
- `fetchTree` now fetches Git repositories shallowly by default [#10028](https://github.com/NixOS/nix/pull/10028)
`builtins.fetchTree` now clones Git repositories shallowly by default, which reduces network traffic and disk usage significantly in many cases.
Previously, the default behavior was to clone the full history of a specific tag or branch (e.g. `ref`) and only afterwards extract the files of one specific revision.
From now on, the `ref` and `allRefs` arguments will be ignored, except if shallow cloning is disabled by setting `shallow = false`.
The defaults for `builtins.fetchGit` remain unchanged. Here, shallow cloning has to be enabled manually by passing `shallow = true`.
- Store object info JSON format now uses `null` rather than omitting fields [#9995](https://github.com/NixOS/nix/pull/9995)
The [store object info JSON format](@docroot@/protocols/json/store-object-info.md), used for e.g. `nix path-info`, no longer omits fields to indicate absent information, but instead includes the fields with a `null` value.
For example, `"ca": null` is used to indicate a store object that isn't content-addressed rather than omitting the `ca` field entirely.
This makes records of this sort more self-describing, and easier to consume programmatically.
We will follow this design principle going forward;
the [JSON guidelines](@docroot@/development/json-guideline.md) in the contributing section have been updated accordingly.
- Large path warnings [#10661](https://github.com/NixOS/nix/pull/10661)
Nix can now warn when evaluation of a Nix expression causes a large
path to be copied to the Nix store. The threshold for this warning can
be configured using [the `warn-large-path-threshold`
setting](@docroot@/command-ref/conf-file.md#conf-warn-large-path-threshold),
e.g. `--warn-large-path-threshold 100M` will warn about paths larger
than 100 MiB.

318
doc/manual/source/release-notes/rl-2.24.md Normal file
View file

@ -0,0 +1,318 @@
# Release 2.24.0 (2024-07-31)
### Significant changes
- Harden user sandboxing
The build directory has been hardened against interference with the outside world by nesting it inside another directory owned by (and only readable by) the daemon user.
This is a low severity security fix, [CVE-2024-38531](https://www.cve.org/CVERecord?id=CVE-2024-38531).
Credit: [**@alois31**](https://github.com/alois31), [**Linus Heckemann (@lheckemann)**](https://github.com/lheckemann)
Co-authors: [**@edolstra**](https://github.com/edolstra)
- `nix-shell <directory>` looks for `shell.nix` [#496](https://github.com/NixOS/nix/issues/496) [#2279](https://github.com/NixOS/nix/issues/2279) [#4529](https://github.com/NixOS/nix/issues/4529) [#5431](https://github.com/NixOS/nix/issues/5431) [#11053](https://github.com/NixOS/nix/issues/11053) [#11057](https://github.com/NixOS/nix/pull/11057)
`nix-shell $x` now looks for `$x/shell.nix` when `$x` resolves to a directory.
Although this might be seen as a breaking change, its primarily interactive usage makes it a minor issue.
This adjustment addresses a commonly reported problem.
This also applies to `nix-shell` shebang scripts. Consider the following example:
```shell
#!/usr/bin/env nix-shell
#!nix-shell -i bash
```
This will now load `shell.nix` from the script's directory, if it exists; `default.nix` otherwise.
The old behavior can be opted into by setting the option [`nix-shell-always-looks-for-shell-nix`](@docroot@/command-ref/conf-file.md#conf-nix-shell-always-looks-for-shell-nix) to `false`.
Author: [**Robert Hensing (@roberth)**](https://github.com/roberth)
- `nix-repl`'s `:doc` shows documentation comments [#3904](https://github.com/NixOS/nix/issues/3904) [#10771](https://github.com/NixOS/nix/issues/10771) [#1652](https://github.com/NixOS/nix/pull/1652) [#9054](https://github.com/NixOS/nix/pull/9054) [#11072](https://github.com/NixOS/nix/pull/11072)
`nix repl` has a `:doc` command that previously only rendered documentation for internally defined functions.
This feature has been extended to also render function documentation comments, in accordance with [RFC 145].
Example:
```
nix-repl> :doc lib.toFunction
Function toFunction
… defined at /home/user/h/nixpkgs/lib/trivial.nix:1072:5
Turns any non-callable values into constant functions. Returns
callable values as is.
Inputs
v
: Any value
Examples
:::{.example}
## lib.trivial.toFunction usage example
| nix-repl> lib.toFunction 1 2
| 1
|
| nix-repl> lib.toFunction (x: x + 1) 2
| 3
:::
```
Known limitations:
- It does not render documentation for "formals", such as `{ /** the value to return */ x, ... }: x`.
- Some extensions to markdown are not yet supported, as you can see in the example above.
We'd like to acknowledge [Yingchi Long (@inclyc)](https://github.com/inclyc) for proposing a proof of concept for this functionality in [#9054](https://github.com/NixOS/nix/pull/9054), as well as [@sternenseemann](https://github.com/sternenseemann) and [Johannes Kirschbauer (@hsjobeki)](https://github.com/hsjobeki) for their contributions, proposals, and their work on [RFC 145].
Author: [**Robert Hensing (@roberth)**](https://github.com/roberth)
[RFC 145]: https://github.com/NixOS/rfcs/pull/145
### Other changes
- Solve `cached failure of attribute X` [#9165](https://github.com/NixOS/nix/issues/9165) [#10513](https://github.com/NixOS/nix/issues/10513) [#10564](https://github.com/NixOS/nix/pull/10564)
This eliminates all "cached failure of attribute X" messages by forcing evaluation of the original value when needed to show the exception to the user. This enhancement improves error reporting by providing the underlying message and stack trace.
Author: [**Eelco Dolstra (@edolstra)**](https://github.com/edolstra)
- Run the flake regressions test suite [#10603](https://github.com/NixOS/nix/pull/10603)
This update introduces a GitHub action to run a subset of the [flake regressions test suite](https://github.com/NixOS/flake-regressions), which includes 259 flakes with their expected evaluation results. Currently, the action runs the first 25 flakes due to the full test suite's extensive runtime. A manually triggered action may be implemented later to run the entire test suite.
Author: [**Eelco Dolstra (@edolstra)**](https://github.com/edolstra)
- Support unit prefixes in configuration settings [#10668](https://github.com/NixOS/nix/pull/10668)
Configuration settings in Nix now support unit prefixes, allowing for more intuitive and readable configurations. For example, you can now specify [`--min-free 1G`](@docroot@/command-ref/opt-common.md#opt-min-free) to set the minimum free space to 1 gigabyte.
This enhancement was extracted from [#7851](https://github.com/NixOS/nix/pull/7851) and is also useful for PR [#10661](https://github.com/NixOS/nix/pull/10661).
Author: [**Eelco Dolstra (@edolstra)**](https://github.com/edolstra)
- `nix build`: show all FOD errors with `--keep-going` [#10734](https://github.com/NixOS/nix/pull/10734)
The [`nix build`](@docroot@/command-ref/new-cli/nix3-build.md) command has been updated to improve the behavior of the [`--keep-going`] flag. Now, when `--keep-going` is used, all hash-mismatch errors of failing fixed-output derivations (FODs) are displayed, similar to the behavior for other build failures. This enhancement ensures that all relevant build errors are shown, making it easier for users to update multiple derivations at once or to diagnose and fix issues.
Author: [**Jörg Thalheim (@Mic92)**](https://github.com/Mic92), [**Maximilian Bosch (@Ma27)**](https://github.com/Ma27)
[`--keep-going`](@docroot@/command-ref/opt-common.md#opt-keep-going)
- Build with Meson [#2503](https://github.com/NixOS/nix/issues/2503) [#10378](https://github.com/NixOS/nix/pull/10378) [#10855](https://github.com/NixOS/nix/pull/10855) [#10904](https://github.com/NixOS/nix/pull/10904) [#10908](https://github.com/NixOS/nix/pull/10908) [#10914](https://github.com/NixOS/nix/pull/10914) [#10933](https://github.com/NixOS/nix/pull/10933) [#10936](https://github.com/NixOS/nix/pull/10936) [#10954](https://github.com/NixOS/nix/pull/10954) [#10955](https://github.com/NixOS/nix/pull/10955) [#10963](https://github.com/NixOS/nix/pull/10963) [#10967](https://github.com/NixOS/nix/pull/10967) [#10973](https://github.com/NixOS/nix/pull/10973) [#11034](https://github.com/NixOS/nix/pull/11034) [#11054](https://github.com/NixOS/nix/pull/11054) [#11055](https://github.com/NixOS/nix/pull/11055) [#11060](https://github.com/NixOS/nix/pull/11060) [#11064](https://github.com/NixOS/nix/pull/11064) [#11155](https://github.com/NixOS/nix/pull/11155)
These changes aim to replace the use of autotools and `make` with Meson for building various components of Nix. Additionally, each library is built in its own derivation, leveraging Meson's "subprojects" feature to allow a single development shell for building all libraries while also supporting separate builds. This approach aims to improve productivity and build modularity, compared to both make and a monolithic Meson-based derivation.
Special thanks to everyone who has contributed to the Meson port, particularly [**@p01arst0rm**](https://github.com/p01arst0rm) and [**@Qyriad**](https://github.com/Qyriad).
Authors: [**John Ericson (@Ericson2314)**](https://github.com/Ericson2314), [**Tom Bereknyei**](https://github.com/tomberek), [**Théophane Hufschmitt (@thufschmitt)**](https://github.com/thufschmitt), [**Valentin Gagarin (@fricklerhandwerk)**](https://github.com/fricklerhandwerk), [**Robert Hensing (@roberth)**](https://github.com/roberth)
Co-authors: [**@p01arst0rm**](https://github.com/p01arst0rm), [**@Qyriad**](https://github.com/Qyriad)
- Evaluation cache: fix cache regressions [#10570](https://github.com/NixOS/nix/issues/10570) [#11086](https://github.com/NixOS/nix/pull/11086)
This update addresses two bugs in the evaluation cache system:
1. Regression in #10570: The evaluation cache was not being persisted in `nix develop`.
2. Nix could sometimes try to commit the evaluation cache SQLite transaction without there being an active transaction, resulting in non-error errors being printed.
Author: [**Lexi Mattick (@kognise)**](https://github.com/kognise)
- Introduce `libnixflake` [#9063](https://github.com/NixOS/nix/pull/9063)
A new library, `libnixflake`, has been introduced to better separate the Flakes layer within Nix. This change refactors the codebase to encapsulate Flakes-specific functionality within its own library.
See the commits in the pull request for detailed changes, with the only significant code modifications happening in the initial commit.
This change was alluded to in [RFC 134](https://github.com/nixos/rfcs/blob/master/rfcs/0134-nix-store-layer.md) and is a step towards a more modular and maintainable codebase.
Author: [**John Ericson (@Ericson2314)**](https://github.com/Ericson2314)
- CLI options `--arg-from-file` and `--arg-from-stdin` [#9913](https://github.com/NixOS/nix/pull/9913)
- The `--debugger` now prints source location information, instead of the
pointers of source location information. Before:
```
nix-repl> :bt
0: while evaluating the attribute 'python311.pythonForBuild.pkgs'
0x600001522598
```
After:
```
0: while evaluating the attribute 'python311.pythonForBuild.pkgs'
/nix/store/hg65h51xnp74ikahns9hyf3py5mlbbqq-source/overrides/default.nix:132:27
131|
132| bootstrappingBase = pkgs.${self.python.pythonAttr}.pythonForBuild.pkgs;
| ^
133| in
```
- Stop vendoring `toml11`
We don't apply any patches to it, and vendoring it locks users into
bugs (it hasn't been updated since its introduction in late 2021).
Author: [**Winter (@winterqt)**](https://github.com/winterqt)
- Rename hash format `base32` to `nix32` [#8678](https://github.com/NixOS/nix/pull/8678)
Hash format `base32` was renamed to `nix32` since it used a special nix-specific character set for
[Base32](https://en.wikipedia.org/wiki/Base32).
**Deprecation**: Use `nix32` instead of `base32` as `toHashFormat`
For the builtin `convertHash`, the `toHashFormat` parameter now accepts the same hash formats as the `--to`/`--from`
parameters of the `nix hash conert` command: `"base16"`, `"nix32"`, `"base64"`, and `"sri"`. The former `"base32"` value
remains as a deprecated alias for `"nix32"`. Please convert your code from:
```nix
builtins.convertHash { inherit hash hashAlgo; toHashFormat = "base32";}
```
to
```nix
builtins.convertHash { inherit hash hashAlgo; toHashFormat = "nix32";}
```
- Add `pipe-operators` experimental feature [#11131](https://github.com/NixOS/nix/pull/11131)
This is a draft implementation of [RFC 0148](https://github.com/NixOS/rfcs/pull/148).
The `pipe-operators` experimental feature adds [`<|` and `|>` operators][pipe operators] to the Nix language.
*a* `|>` *b* is equivalent to the function application *b* *a*, and
*a* `<|` *b* is equivalent to the function application *a* *b*.
For example:
```
nix-repl> 1 |> builtins.add 2 |> builtins.mul 3
9
nix-repl> builtins.add 1 <| builtins.mul 2 <| 3
7
```
`<|` and `|>` are right and left associative, respectively, and have lower precedence than any other operator.
These properties may change in future releases.
See [the RFC](https://github.com/NixOS/rfcs/pull/148) for more examples and rationale.
[pipe operators]: @docroot@/language/operators.md#pipe-operators
- `nix-shell` shebang uses relative path [#4232](https://github.com/NixOS/nix/issues/4232) [#5088](https://github.com/NixOS/nix/pull/5088) [#11058](https://github.com/NixOS/nix/pull/11058)
<!-- unfortunately no link target for the specific syntax -->
Relative [path](@docroot@/language/types.md#type-path) literals in `nix-shell` shebang scripts' options are now resolved relative to the [script's location](@docroot@/glossary.md?highlight=base%20directory#gloss-base-directory).
Previously they were resolved relative to the current working directory.
For example, consider the following script in `~/myproject/say-hi`:
```shell
#!/usr/bin/env nix-shell
#!nix-shell --expr 'import ./shell.nix'
#!nix-shell --arg toolset './greeting-tools.nix'
#!nix-shell -i bash
hello
```
Older versions of `nix-shell` would resolve `shell.nix` relative to the current working directory, such as the user's home directory in this example:
```console
[hostname:~]$ ./myproject/say-hi
error:
… while calling the 'import' builtin
at «string»:1:2:
1| (import ./shell.nix)
| ^
error: path '/home/user/shell.nix' does not exist
```
Since this release, `nix-shell` resolves `shell.nix` relative to the script's location, and `~/myproject/shell.nix` is used.
```console
$ ./myproject/say-hi
Hello, world!
```
**Opt-out**
This is technically a breaking change, so we have added an option so you can adapt independently of your Nix update.
The old behavior can be opted into by setting the option [`nix-shell-shebang-arguments-relative-to-script`](@docroot@/command-ref/conf-file.md#conf-nix-shell-shebang-arguments-relative-to-script) to `false`.
This option will be removed in a future release.
Author: [**Robert Hensing (@roberth)**](https://github.com/roberth)
- Improve handling of tarballs that don't consist of a single top-level directory [#11195](https://github.com/NixOS/nix/pull/11195)
In previous Nix releases, the tarball fetcher (used by `builtins.fetchTarball`) erroneously merged top-level directories into a single directory, and silently discarded top-level files that are not directories. This is no longer the case. The new behaviour is that *only* if the tarball consists of a single directory, the top-level path component of the files in the tarball is removed (similar to `tar`'s `--strip-components=1`).
Author: [**Eelco Dolstra (@edolstra)**](https://github.com/edolstra)
- Setting to warn about large paths [#10778](https://github.com/NixOS/nix/pull/10778)
Nix can now warn when evaluation of a Nix expression causes a large
path to be copied to the Nix store. The threshold for this warning can
be configured using the `warn-large-path-threshold` setting,
e.g. `--warn-large-path-threshold 100M`.
# Contributors
This release was made possible by the following 43 contributors:
- Andreas Rammhold [**(@andir)**](https://github.com/andir)
- Andrew Marshall [**(@amarshall)**](https://github.com/amarshall)
- Brian McKenna [**(@puffnfresh)**](https://github.com/puffnfresh)
- Cameron [**(@SkamDart)**](https://github.com/SkamDart)
- Cole Helbling [**(@cole-h)**](https://github.com/cole-h)
- Corbin Simpson [**(@MostAwesomeDude)**](https://github.com/MostAwesomeDude)
- Eelco Dolstra [**(@edolstra)**](https://github.com/edolstra)
- Emily [**(@emilazy)**](https://github.com/emilazy)
- Enno Richter [**(@elohmeier)**](https://github.com/elohmeier)
- Farid Zakaria [**(@fzakaria)**](https://github.com/fzakaria)
- HaeNoe [**(@haenoe)**](https://github.com/haenoe)
- Hamir Mahal [**(@hamirmahal)**](https://github.com/hamirmahal)
- Harmen [**(@alicebob)**](https://github.com/alicebob)
- Ivan Trubach [**(@tie)**](https://github.com/tie)
- Jared Baur [**(@jmbaur)**](https://github.com/jmbaur)
- John Ericson [**(@Ericson2314)**](https://github.com/Ericson2314)
- Jonathan De Troye [**(@detroyejr)**](https://github.com/detroyejr)
- Jörg Thalheim [**(@Mic92)**](https://github.com/Mic92)
- Klemens Nanni [**(@klemensn)**](https://github.com/klemensn)
- Las Safin [**(@L-as)**](https://github.com/L-as)
- Lexi Mattick [**(@kognise)**](https://github.com/kognise)
- Matthew Bauer [**(@matthewbauer)**](https://github.com/matthewbauer)
- Max “Goldstein” Siling [**(@GoldsteinE)**](https://github.com/GoldsteinE)
- Mingye Wang [**(@Artoria2e5)**](https://github.com/Artoria2e5)
- Philip Taron [**(@philiptaron)**](https://github.com/philiptaron)
- Pierre Bourdon [**(@delroth)**](https://github.com/delroth)
- Pino Toscano [**(@pinotree)**](https://github.com/pinotree)
- RTUnreal [**(@RTUnreal)**](https://github.com/RTUnreal)
- Robert Hensing [**(@roberth)**](https://github.com/roberth)
- Romain Neil [**(@romain-neil)**](https://github.com/romain-neil)
- Ryan Hendrickson [**(@rhendric)**](https://github.com/rhendric)
- Sergei Trofimovich [**(@trofi)**](https://github.com/trofi)
- Shogo Takata [**(@pineapplehunter)**](https://github.com/pineapplehunter)
- Siddhant Kumar [**(@siddhantk232)**](https://github.com/siddhantk232)
- Silvan Mosberger [**(@infinisil)**](https://github.com/infinisil)
- Théophane Hufschmitt [**(@thufschmitt)**](https://github.com/thufschmitt)
- Valentin Gagarin [**(@fricklerhandwerk)**](https://github.com/fricklerhandwerk)
- Winter [**(@winterqt)**](https://github.com/winterqt)
- jade [**(@lf-)**](https://github.com/lf-)
- kirillrdy [**(@kirillrdy)**](https://github.com/kirillrdy)
- pennae [**(@pennae)**](https://github.com/pennae)
- poweredbypie [**(@poweredbypie)**](https://github.com/poweredbypie)
- tomberek [**(@tomberek)**](https://github.com/tomberek)

44
doc/manual/source/release-notes/rl-2.3.md Normal file
View file

@ -0,0 +1,44 @@
# Release 2.3 (2019-09-04)
This is primarily a bug fix release. However, it makes some incompatible
changes:
- Nix now uses BSD file locks instead of POSIX file locks. Because of
this, you should not use Nix 2.3 and previous releases at the same
time on a Nix store.
It also has the following changes:
- `builtins.fetchGit`'s `ref` argument now allows specifying an
absolute remote ref. Nix will automatically prefix `ref` with
`refs/heads` only if `ref` doesn't already begin with `refs/`.
- The installer now enables sandboxing by default on Linux when the
system has the necessary kernel support.
- The `max-jobs` setting now defaults to 1.
- New builtin functions: `builtins.isPath`, `builtins.hashFile`.
- The `nix` command has a new `--print-build-logs` (`-L`) flag to
print build log output to stderr, rather than showing the last log
line in the progress bar. To distinguish between concurrent builds,
log lines are prefixed by the name of the package.
- Builds are now executed in a pseudo-terminal, and the `TERM`
environment variable is set to `xterm-256color`. This allows many
programs (e.g. `gcc`, `clang`, `cmake`) to print colorized log
output.
- Add `--no-net` convenience flag. This flag disables substituters;
sets the `tarball-ttl` setting to infinity (ensuring that any
previously downloaded files are considered current); and disables
retrying downloads and sets the connection timeout to the minimum.
This flag is enabled automatically if there are no configured
non-loopback network interfaces.
- Add a `post-build-hook` setting to run a program after a build has
succeeded.
- Add a `trace-function-calls` setting to log the duration of Nix
function calls to stderr.

544
doc/manual/source/release-notes/rl-2.4.md Normal file
View file

@ -0,0 +1,544 @@
# Release 2.4 (2021-11-01)
This is the first release in more than two years and is the result of
more than 2800 commits from 195 contributors since release 2.3.
## Highlights
* Nix's **error messages** have been improved a lot. For instance,
evaluation errors now point out the location of the error:
```
$ nix build
error: undefined variable 'bzip3'
at /nix/store/449lv242z0zsgwv95a8124xi11sp419f-source/flake.nix:88:13:
87| [ curl
88| bzip3 xz brotli editline
| ^
89| openssl sqlite
```
* The **`nix` command** has seen a lot of work and is now almost at
feature parity with the old command-line interface (the `nix-*`
commands). It aims to be [more modern, consistent and pleasant to
use](../development/cli-guideline.md) than the old CLI. It is still
marked as experimental but its interface should not change much
anymore in future releases.
* **Flakes** are a new format to package Nix-based projects in a more
discoverable, composable, consistent and reproducible way. A flake
is just a repository or tarball containing a file named `flake.nix`
that specifies dependencies on other flakes and returns any Nix
assets such as packages, Nixpkgs overlays, NixOS modules or CI
tests. The new `nix` CLI is primarily based around flakes; for
example, a command like `nix run nixpkgs#hello` runs the `hello`
application from the `nixpkgs` flake.
Flakes are currently marked as experimental. For an introduction,
see [this blog
post](https://www.tweag.io/blog/2020-05-25-flakes/). For detailed
information about flake syntax and semantics, see the [`nix flake`
manual page](../command-ref/new-cli/nix3-flake.md).
* Nix's store can now be **content-addressed**, meaning that the hash
component of a store path is the hash of the path's
contents. Previously Nix could only build **input-addressed** store
paths, where the hash is computed from the derivation dependency
graph. Content-addressing allows deduplication, early cutoff in
build systems, and unprivileged closure copying. This is still [an
experimental
feature](https://discourse.nixos.org/t/content-addressed-nix-call-for-testers/12881).
* The Nix manual has been converted into Markdown, making it easier to
contribute. In addition, every `nix` subcommand now has a manual
page, documenting every option.
* A new setting that allows **experimental features** to be enabled
selectively. This allows us to merge unstable features into Nix more
quickly and do more frequent releases.
## Other features
* There are many new `nix` subcommands:
- `nix develop` is intended to replace `nix-shell`. It has a number
of new features:
* It automatically sets the output environment variables (such as
`$out`) to writable locations (such as `./outputs/out`).
* It can store the environment in a profile. This is useful for
offline work.
* It can run specific phases directly. For instance, `nix develop
--build` runs `buildPhase`.
- It allows dependencies in the Nix store to be "redirected" to
arbitrary directories using the `--redirect` flag. This is
useful if you want to hack on a package *and* some of its
dependencies at the same time.
- `nix print-dev-env` prints the environment variables and bash
functions defined by a derivation. This is useful for users of
other shells than bash (especially with `--json`).
- `nix shell` was previously named `nix run` and is intended to
replace `nix-shell -p`, but without the `stdenv` overhead. It
simply starts a shell where some packages have been added to
`$PATH`.
- `nix run` (not to be confused with the old subcommand that has
been renamed to `nix shell`) runs an "app", a flake output that
specifies a command to run, or an eponymous program from a
package. For example, `nix run nixpkgs#hello` runs the `hello`
program from the `hello` package in `nixpkgs`.
- `nix flake` is the container for flake-related operations, such as
creating a new flake, querying the contents of a flake or updating
flake lock files.
- `nix registry` allows you to query and update the flake registry,
which maps identifiers such as `nixpkgs` to concrete flake URLs.
- `nix profile` is intended to replace `nix-env`. Its main advantage
is that it keeps track of the provenance of installed packages
(e.g. exactly which flake version a package came from). It also
has some helpful subcommands:
* `nix profile history` shows what packages were added, upgraded
or removed between each version of a profile.
* `nix profile diff-closures` shows the changes between the
closures of each version of a profile. This allows you to
discover the addition or removal of dependencies or size
changes.
**Warning**: after a profile has been updated using `nix profile`,
it is no longer usable with `nix-env`.
- `nix store diff-closures` shows the differences between the
closures of two store paths in terms of the versions and sizes of
dependencies in the closures.
- `nix store make-content-addressable` rewrites an arbitrary closure
to make it content-addressed. Such paths can be copied into other
stores without requiring signatures.
- `nix bundle` uses the [`nix-bundle`
program](https://github.com/matthewbauer/nix-bundle) to convert a
closure into a self-extracting executable.
- Various other replacements for the old CLI, e.g. `nix store gc`,
`nix store delete`, `nix store repair`, `nix nar dump-path`, `nix
store prefetch-file`, `nix store prefetch-tarball`, `nix key` and
`nix daemon`.
* Nix now has an **evaluation cache** for flake outputs. For example,
a second invocation of the command `nix run nixpkgs#firefox` will
not need to evaluate the `firefox` attribute because it's already in
the evaluation cache. This is made possible by the hermetic
evaluation model of flakes.
Intermediate results are not cached.
* The new `--offline` flag disables substituters and causes all
locally cached tarballs and repositories to be considered
up-to-date.
* The new `--refresh` flag causes all locally cached tarballs and
repositories to be considered out-of-date.
* Many `nix` subcommands now have a `--json` option to produce
machine-readable output.
* `nix repl` has a new `:doc` command to show documentation about
builtin functions (e.g. `:doc builtins.map`).
* Binary cache stores now have an option `index-debug-info` to create
an index of DWARF debuginfo files for use by
[`dwarffs`](https://github.com/edolstra/dwarffs).
* To support flakes, Nix now has an extensible mechanism for fetching
source trees. Currently it has the following backends:
* Git repositories
* Mercurial repositories
* GitHub and GitLab repositories (an optimisation for faster
fetching than Git)
* Tarballs
* Arbitrary directories
The fetcher infrastructure is exposed via flake input specifications
and via the `fetchTree` built-in.
* **Languages changes**: the only new language feature is that you can
now have antiquotations in paths, e.g. `./${foo}` instead of `./. +
foo`.
* **New built-in functions**:
- `builtins.fetchTree` allows fetching a source tree using any
backends supported by the fetcher infrastructure. It subsumes the
functionality of existing built-ins like `fetchGit`,
`fetchMercurial` and `fetchTarball`.
- `builtins.getFlake` fetches a flake and returns its output
attributes. This function should not be used inside flakes! Use
flake inputs instead.
- `builtins.floor` and `builtins.ceil` round a floating-point number
down and up, respectively.
* Experimental support for recursive Nix. This means that Nix
derivations can now call Nix to build other derivations. This is not
in a stable state yet and not well
[documented](https://github.com/NixOS/nix/commit/c4d7c76b641d82b2696fef73ce0ac160043c18da).
* The new experimental feature `no-url-literals` disables URL
literals. This helps to implement [RFC
45](https://github.com/NixOS/rfcs/pull/45).
* Nix now uses `libarchive` to decompress and unpack tarballs and zip
files, so `tar` is no longer required.
* The priority of substituters can now be overridden using the
`priority` substituter setting (e.g. `--substituters
'http://cache.nixos.org?priority=100 daemon?priority=10'`).
* `nix edit` now supports non-derivation attributes, e.g. `nix edit
.#nixosConfigurations.bla`.
* The `nix` command now provides command line completion for `bash`,
`zsh` and `fish`. Since the support for getting completions is built
into `nix`, it's easy to add support for other shells.
* The new `--log-format` flag selects what Nix's output looks like. It
defaults to a terse progress indicator. There is a new
`internal-json` output format for use by other programs.
* `nix eval` has a new `--apply` flag that applies a function to the
evaluation result.
* `nix eval` has a new `--write-to` flag that allows it to write a
nested attribute set of string leaves to a corresponding directory
tree.
* Memory improvements: many operations that add paths to the store or
copy paths between stores now run in constant memory.
* Many `nix` commands now support the flag `--derivation` to operate
on a `.drv` file itself instead of its outputs.
* There is a new store called `dummy://` that does not support
building or adding paths. This is useful if you want to use the Nix
evaluator but don't have a Nix store.
* The `ssh-ng://` store now allows substituting paths on the remote,
as `ssh://` already did.
* When auto-calling a function with an ellipsis, all arguments are now
passed.
* New `nix-shell` features:
- It preserves the `PS1` environment variable if
`NIX_SHELL_PRESERVE_PROMPT` is set.
- With `-p`, it passes any `--arg`s as Nixpkgs arguments.
- Support for structured attributes.
* `nix-prefetch-url` has a new `--executable` flag.
* On `x86_64` systems, [`x86_64` microarchitecture
levels](https://lwn.net/Articles/844831/) are mapped to additional
system types (e.g. `x86_64-v1-linux`).
* The new `--eval-store` flag allows you to use a different store for
evaluation than for building or storing the build result. This is
primarily useful when you want to query whether something exists in
a read-only store, such as a binary cache:
```
# nix path-info --json --store https://cache.nixos.org \
--eval-store auto nixpkgs#hello
```
(Here `auto` indicates the local store.)
* The Nix daemon has a new low-latency mechanism for copying
closures. This is useful when building on remote stores such as
`ssh-ng://`.
* Plugins can now register `nix` subcommands.
* The `--indirect` flag to `nix-store --add-root` has become a no-op.
`--add-root` will always generate indirect GC roots from now on.
## Incompatible changes
* The `nix` command is now marked as an experimental feature. This
means that you need to add
```
experimental-features = nix-command
```
to your `nix.conf` if you want to use it, or pass
`--extra-experimental-features nix-command` on the command line.
* The `nix` command no longer has a syntax for referring to packages
in a channel. This means that the following no longer works:
```console
nix build nixpkgs.hello # Nix 2.3
```
Instead, you can either use the `#` syntax to select a package from
a flake, e.g.
```console
nix build nixpkgs#hello
```
Or, if you want to use the `nixpkgs` channel in the `NIX_PATH`
environment variable:
```console
nix build -f '<nixpkgs>' hello
```
* The old `nix run` has been renamed to `nix shell`, while there is a
new `nix run` that runs a default command. So instead of
```console
nix run nixpkgs.hello -c hello # Nix 2.3
```
you should use
```console
nix shell nixpkgs#hello -c hello
```
or just
```console
nix run nixpkgs#hello
```
if the command you want to run has the same name as the package.
* It is now an error to modify the `plugin-files` setting via a
command-line flag that appears after the first non-flag argument to
any command, including a subcommand to `nix`. For example,
`nix-instantiate default.nix --plugin-files ""` must now become
`nix-instantiate --plugin-files "" default.nix`.
* We no longer release source tarballs. If you want to build from
source, please build from the tags in the Git repository.
## Contributors
This release has contributions from
Adam Höse,
Albert Safin,
Alex Kovar,
Alex Zero,
Alexander Bantyev,
Alexandre Esteves,
Alyssa Ross,
Anatole Lucet,
Anders Kaseorg,
Andreas Rammhold,
Antoine Eiche,
Antoine Martin,
Arnout Engelen,
Arthur Gautier,
aszlig,
Ben Burdette,
Benjamin Hipple,
Bernardo Meurer,
Björn Gohla,
Bjørn Forsman,
Bob van der Linden,
Brian Leung,
Brian McKenna,
Brian Wignall,
Bruce Toll,
Bryan Richter,
Calle Rosenquist,
Calvin Loncaric,
Carlo Nucera,
Carlos D'Agostino,
Chaz Schlarp,
Christian Höppner,
Christian Kampka,
Chua Hou,
Chuck,
Cole Helbling,
Daiderd Jordan,
Dan Callahan,
Dani,
Daniel Fitzpatrick,
Danila Fedorin,
Daniël de Kok,
Danny Bautista,
DavHau,
David McFarland,
Dima,
Domen Kožar,
Dominik Schrempf,
Dominique Martinet,
dramforever,
Dustin DeWeese,
edef,
Eelco Dolstra,
Ellie Hermaszewska,
Emilio Karakey,
Emily,
Eric Culp,
Ersin Akinci,
Fabian Möller,
Farid Zakaria,
Federico Pellegrin,
Finn Behrens,
Florian Franzen,
Félix Baylac-Jacqué,
Gabriella Gonzalez,
Geoff Reedy,
Georges Dubus,
Graham Christensen,
Greg Hale,
Greg Price,
Gregor Kleen,
Gregory Hale,
Griffin Smith,
Guillaume Bouchard,
Harald van Dijk,
illustris,
Ivan Zvonimir Horvat,
Jade,
Jake Waksbaum,
jakobrs,
James Ottaway,
Jan Tojnar,
Janne Heß,
Jaroslavas Pocepko,
Jarrett Keifer,
Jeremy Schlatter,
Joachim Breitner,
Joe Pea,
John Ericson,
Jonathan Ringer,
Josef Kemetmüller,
Joseph Lucas,
Jude Taylor,
Julian Stecklina,
Julien Tanguy,
Jörg Thalheim,
Kai Wohlfahrt,
keke,
Keshav Kini,
Kevin Quick,
Kevin Stock,
Kjetil Orbekk,
Krzysztof Gogolewski,
kvtb,
Lars Mühmel,
Leonhard Markert,
Lily Ballard,
Linus Heckemann,
Lorenzo Manacorda,
Lucas Desgouilles,
Lucas Franceschino,
Lucas Hoffmann,
Luke Granger-Brown,
Madeline Haraj,
Marwan Aljubeh,
Mat Marini,
Mateusz Piotrowski,
Matthew Bauer,
Matthew Kenigsberg,
Mauricio Scheffer,
Maximilian Bosch,
Michael Adler,
Michael Bishop,
Michael Fellinger,
Michael Forney,
Michael Reilly,
mlatus,
Mykola Orliuk,
Nathan van Doorn,
Naïm Favier,
ng0,
Nick Van den Broeck,
Nicolas Stig124 Formichella,
Niels Egberts,
Niklas Hambüchen,
Nikola Knezevic,
oxalica,
p01arst0rm,
Pamplemousse,
Patrick Hilhorst,
Paul Opiyo,
Pavol Rusnak,
Peter Kolloch,
Philipp Bartsch,
Philipp Middendorf,
Piotr Szubiakowski,
Profpatsch,
Puck Meerburg,
Ricardo M. Correia,
Rickard Nilsson,
Robert Hensing,
Robin Gloster,
Rodrigo,
Rok Garbas,
Ronnie Ebrin,
Rovanion Luckey,
Ryan Burns,
Ryan Mulligan,
Ryne Everett,
Sam Doshi,
Sam Lidder,
Samir Talwar,
Samuel Dionne-Riel,
Sebastian Ullrich,
Sergei Trofimovich,
Sevan Janiyan,
Shao Cheng,
Shea Levy,
Silvan Mosberger,
Stefan Frijters,
Stefan Jaax,
sternenseemann,
Steven Shaw,
Stéphan Kochen,
SuperSandro2000,
Suraj Barkale,
Taeer Bar-Yam,
Thomas Churchman,
Théophane Hufschmitt,
Timothy DeHerrera,
Timothy Klim,
Tobias Möst,
Tobias Pflug,
Tom Bereknyei,
Travis A. Everett,
Ujjwal Jain,
Vladimír Čunát,
Wil Taylor,
Will Dietz,
Yaroslav Bolyukin,
Yestin L. Harrison,
YI,
Yorick van Pelt,
Yuriy Taraday and
zimbatm.

16
doc/manual/source/release-notes/rl-2.5.md Normal file
View file

@ -0,0 +1,16 @@
# Release 2.5 (2021-12-13)
* The garbage collector no longer blocks new builds, so the message
`waiting for the big garbage collector lock...` is a thing of the
past.
* Binary cache stores now have a setting `compression-level`.
* `nix develop` now has a flag `--unpack` to run `unpackPhase`.
* Lists can now be compared lexicographically using the `<` operator.
* New built-in function: `builtins.groupBy`, with the same functionality as
Nixpkgs' `lib.groupBy`, but faster.
* `nix repl` now has a `:log` command.

21
doc/manual/source/release-notes/rl-2.6.md Normal file
View file

@ -0,0 +1,21 @@
# Release 2.6 (2022-01-24)
* The Nix CLI now searches for a `flake.nix` up until the root of the current
Git repository or a filesystem boundary rather than just in the current
directory.
* The TOML parser used by `builtins.fromTOML` has been replaced by [a
more compliant one](https://github.com/ToruNiina/toml11).
* Added `:st`/`:show-trace` commands to `nix repl`, which are used to
set or toggle display of error traces.
* New builtin function `builtins.zipAttrsWith` with the same
functionality as `lib.zipAttrsWith` from Nixpkgs, but much more
efficient.
* New command `nix store copy-log` to copy build logs from one store
to another.
* The `commit-lockfile-summary` option can be set to a non-empty
string to override the commit summary used when commiting an updated
lockfile. This may be used in conjunction with the `nixConfig`
attribute in `flake.nix` to better conform to repository
conventions.
* `docker run -ti nixos/nix:master` will place you in the Docker
container with the latest version of Nix from the `master` branch.

33
doc/manual/source/release-notes/rl-2.7.md Normal file
View file

@ -0,0 +1,33 @@
# Release 2.7 (2022-03-07)
* Nix will now make some helpful suggestions when you mistype
something on the command line. For instance, if you type `nix build
nixpkgs#thunderbrd`, it will suggest `thunderbird`.
* A number of "default" flake output attributes have been
renamed. These are:
* `defaultPackage.<system>``packages.<system>.default`
* `defaultApps.<system>``apps.<system>.default`
* `defaultTemplate``templates.default`
* `defaultBundler.<system>``bundlers.<system>.default`
* `overlay``overlays.default`
* `devShell.<system>``devShells.<system>.default`
The old flake output attributes still work, but `nix flake check`
will warn about them.
* Breaking API change: `nix bundle` now supports bundlers of the form
`bundler.<system>.<name>= derivation: another-derivation;`. This
supports additional functionality to inspect evaluation information
during bundling. A new
[repository](https://github.com/NixOS/bundlers) has various bundlers
implemented.
* `nix store ping` now reports the version of the remote Nix daemon.
* `nix flake {init,new}` now display information about which files have been
created.
* Templates can now define a `welcomeText` attribute, which is printed out by
`nix flake {init,new} --template <template>`.

53
doc/manual/source/release-notes/rl-2.8.md Normal file
View file

@ -0,0 +1,53 @@
# Release 2.8 (2022-04-19)
* New experimental command: `nix fmt`, which applies a formatter
defined by the `formatter.<system>` flake output to the Nix
expressions in a flake.
* Various Nix commands can now read expressions from standard input
using `--file -`.
* New experimental builtin function `builtins.fetchClosure` that
copies a closure from a binary cache at evaluation time and rewrites
it to content-addressed form (if it isn't already). Like
`builtins.storePath`, this allows importing pre-built store paths;
the difference is that it doesn't require the user to configure
binary caches and trusted public keys.
This function is only available if you enable the experimental
feature `fetch-closure`.
* New experimental feature: *impure derivations*. These are
derivations that can produce a different result every time they're
built. Here is an example:
```nix
stdenv.mkDerivation {
name = "impure";
__impure = true; # marks this derivation as impure
buildCommand = "date > $out";
}
```
Running `nix build` twice on this expression will build the
derivation twice, producing two different content-addressed store
paths. Like fixed-output derivations, impure derivations have access
to the network. Only fixed-output derivations and impure derivations
can depend on an impure derivation.
* `nix store make-content-addressable` has been renamed to `nix store
make-content-addressed`.
* The `nixosModule` flake output attribute has been renamed consistent
with the `.default` renames in Nix 2.7.
* `nixosModule``nixosModules.default`
As before, the old output will continue to work, but `nix flake check` will
issue a warning about it.
* `nix run` is now stricter in what it accepts: members of the `apps`
flake output are now required to be apps (as defined in [the
manual](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-run.html#apps)),
and members of `packages` or `legacyPackages` must be derivations
(not apps).

47
doc/manual/source/release-notes/rl-2.9.md Normal file
View file

@ -0,0 +1,47 @@
# Release 2.9 (2022-05-30)
* Running Nix with the new `--debugger` flag will cause it to start a
repl session if an exception is thrown during evaluation, or if
`builtins.break` is called. From there you can inspect the values
of variables and evaluate Nix expressions. In debug mode, the
following new repl commands are available:
```
:env Show env stack
:bt Show trace stack
:st Show current trace
:st <idx> Change to another trace in the stack
:c Go until end of program, exception, or builtins.break().
:s Go one step
```
Read more about the debugger
[here](https://www.zknotes.com/note/5970).
* Nix now provides better integration with zsh's `run-help`
feature. It is now included in the Nix installation in the form of
an autoloadable shell function, `run-help-nix`. It picks up Nix
subcommands from the currently typed in command and directs the user
to the associated man pages.
* `nix repl` has a new build-and-link (`:bl`) command that builds a
derivation while creating GC root symlinks.
* The path produced by `builtins.toFile` is now allowed to be imported
or read even with restricted evaluation. Note that this will not
work with a read-only store.
* `nix build` has a new `--print-out-paths` flag to print the
resulting output paths. This matches the default behaviour of
`nix-build`.
* You can now specify which outputs of a derivation `nix` should
operate on using the syntax `installable^outputs`,
e.g. `nixpkgs#glibc^dev,static` or `nixpkgs#glibc^*`. By default,
`nix` will use the outputs specified by the derivation's
`meta.outputsToInstall` attribute if it exists, or all outputs
otherwise.
* `builtins.fetchTree` (and flake inputs) can now be used to fetch
plain files over the `http(s)` and `file` protocols in addition to
directory tarballs.