File nix.changes of Package nix
-------------------------------------------------------------------
Tue Jul 8 16:14:34 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.30.0:
## Backward-incompatible changes and deprecations
- build-dir longer defaults to $TMPDIR The directory in which
temporary build directories are created no longer defaults to
TMPDIR or /tmp , to avoid builders making their directories
world-accessible. This behavior allowed escaping the build
sandbox and can cause build impurities even when not used
maliciously. We now default to builds in NIX_STATE_DIR (which
is /nix/var/nix/builds in the default configuration).
- Deprecate manually making structured attrs using the __json
attribute #13220 https://github.com/NixOS/nix/pull/13220The
proper way to create a derivation using structured attrs in the
Nix language is by using __structuredAttrs = true with
builtins. derivation
However, by exploiting how structured attrs are implementated,
it has also been possible to create them by setting the __json
environment variable to a serialized JSON string. This sneaky
alternative method is now deprecated, and may be disallowed in
future versions of Nix.
- Rename nix profile install to nix profile add #13224
https://github.com/NixOS/nix/pull/13224 The command nix
profile install has been renamed to nix profile add (though
the former is still available as an alias). This is because the
verb "add" is a better antonym for the verb "remove" (i.e. nix
profile remove ). Nix also does not have install hooks or
general behavior often associated with "installing".
## Performance improvements
This release has a number performance improvements, in particular:
- Reduce the size of value from 24 to 16 bytes #13407
https://github. com/NixOS/nix/pull/13407 This shaves off a very
significant amount of memory used for evaluation (~20% percent
reduction in maximum heap size and ~17% in total bytes).
## Features
- Add stack sampling evaluation profiler #13220 https://github.
com/NixOS/nix/pull/13220 The Nix evaluator now supports stack
sampling evaluation profiling via the --eval-profiler
flamegraph setting. It outputs collapsed call stack information
to the file specified by --eval-profile-file ( nix. profile by
default) in a format directly consumable by flamegraph.pl and
compatible tools like speedscope https://speedscope. app/.
Sampling frequency can be configured via
--eval-profiler-frequency (99 Hz by default).Unlike the
existing --trace-function-calls this profiler includes the
name of the function being called when it's available.
- nix repl
prints which variables were loaded #11406
https://github.com/NixOS/nix/pull/11406Instead of Added <n>
variables it now prints the first 10 variables that were added
to the global scope.
- nix flake archive : Add --no-check-sigs
option #13277 https://github.com/NixOS/nix/pull/13277This is
useful when using nix flake archive with the destination set
to a remote store.
- Emit warnings for IFDs with trace-import-from-derivation
option #13279 https://github.com/NixOS/nix/pull/13279While we
have the setting allow-import-from-derivation
to deny import-from-derivation (IFD), sometimes users would
like to observe IFDs during CI processes to gradually phase out
the idiom. The new setting trace-import-from-derivation , when
set, logs a simple warning to the console.
- json-log-path setting #13003
https://github.com/NixOS/nix/pull/13003New setting
json-log-path that sends a copy of all Nix log messages (in
JSON format) to a file or Unix domain socket.
- Non-flake inputs now contain a sourceInfo attribute #13164
https://github.com/NixOS/nix/issues/13164 #13170
https://github. com/NixOS/nix/pull/13170Flakes have always had
a sourceInfo attribute which describes the source of the
flake. The sourceInfo.outPath is often identical to the
flake's outPath . However, it can differ when the flake is
located in a subdirectory of its source.Non-flake inputs (i.e.
inputs with flake = false inputs) can also be located at some
path within a wider source. This usually happens when defining
a relative path input within the same source as the parent
flake, e.g. inputs.foo.url = ./some-file.nix . Such relative
inputs will now inherit their parent's sourceInfo .This also
means it is now possible to use ?dir=subdir on non-flake
inputs.This iterates on the work done in 2.26 to improve
relative path support (#10089
https://github.com/NixOS/nix/pull/10089), and resolves a
regression introduced in 2.28 relating to nested relative path
inputs (#13164 https://github.com/NixOS/nix/issues/13164).
## Miscellaneous changes
- builtins.sort uses PeekSort #12623
https://github.com/NixOS/nix/pull/12623Previously it used
libstdc++'s std::stable_sort() . However, that implementation
is not reliable if the user-supplied comparison function is not
a strict weak ordering.
- Revert incomplete closure mixed download and build feature #77
https://github.com/NixOS/nix/issues/77 #12628 https://github.
com/NixOS/nix/issues/12628 #13176 https://github.
com/NixOS/nix/pull/13176 Since Nix 1.3 (commit 299141e in
2013) Nix has attempted to mix together upstream fresh
builds and downstream substitutions when remote substuters
contain an "incomplete closure" (have some store objects, but
not the store objects they reference). This feature is now
removed.In the worst case, removing this feature could cause
more building downstream, but it should not cause outright
failures, since this is not happening for opaque store objects
that we don't know how to build if we decide not to substitute.
In practice, however, we doubt even more building is very
likely to happen. Remote stores that are missing dependencies
in arbitrary ways (e.g. corruption) don't seem to be very
common.On the contrary, when remote stores fail to implement
the closure property it is usually an intentional choice on the
part of the remote store, because it wishes to serve as an
"overlay" store over another store, such as
https://cache.nixos. org . If an "incomplete closure" is
encountered in that situation, the right fix is not to do some
sort of "franken-building" as this feature implemented, but
instead to make sure both substituters are enabled in the
settings.(In the future, we should make it easier for remote
stores to indicate this to clients, to catch settings that
won't work in general before a missing dependency is actually
encountered.)
- refresh 0001-port-option-to-disable-functional-tests-to-meson.patch
-------------------------------------------------------------------
Tue Jul 1 15:08:17 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Fix some BuildRequires to make it more friendly towards building
on SLE 15
-------------------------------------------------------------------
Tue Jun 24 15:44:37 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.29.1: (boo#1245319)
Fixes:
- CVE-2025-46415
- CVE-2025-52991
- CVE-2025-52992
- CVE-2025-52993
For the details see:
https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017
-------------------------------------------------------------------
Tue Jun 17 09:42:04 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Update to 2.29.0:
* Prettified JSON output on the terminal. Pass --no-pretty to
disable when using a pseudo-tty.
* REPL: improve continuation prompt for incomplete expressions
* REPL: load-flake and :reload now work together
* Increase retry delays on HTTP 429 Too Many Requests
* S3: opt-in the STSProfileCredentialsProvider
* Reduce connect timeout for http substituter to 5s
* C API: add functions for locking and loading a flake
* No longer copy flakes that are in the nix store
* Consistently preserve error messages from cached evaluation
* Faster blake3 hashing
* Fix progress bar for S3 binary caches and make file transfers
interruptible
* Add host attribute of github/gitlab flakerefs to URL
serialization
* Multiple signatures support in store urls
* nix flake show now skips over import-from-derivation
* Add nix formatter build and nix formatter run commands
* Amend OSC 8 escape stripping for xterm-style separator
-------------------------------------------------------------------
Mon Jun 2 11:58:56 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Add -doc subpackage
- Build docs if on x86_64 or aarch64
-------------------------------------------------------------------
Sun Jun 1 01:50:10 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Enable -Dembedded-sandbox-shell to allow building packages that
depends on bash, as it is default in NixOS
-------------------------------------------------------------------
Sat May 24 13:33:49 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Do not require fish-completion and zsh-completion as they do not
exist
-------------------------------------------------------------------
Wed May 14 20:32:13 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Split into subpackages: nix-bash-completion, nix-fish-completion,
nix-zsh-completition
- Move Perl bindings to the right folder
- Remove 0003-default-to-readline.patch: pass argument via Meson
setup command
-------------------------------------------------------------------
Mon May 12 20:52:11 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Add --localstatedir=%{_sharedstatedir}/nix to save files inside
/var/lib/nix (instead of /var/nix, which does not respect FHS)
- Add /nix to the list of files installed
-------------------------------------------------------------------
Sun May 11 16:25:09 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Add %check section
- Remove possibility to build without meson
* The meson build system is now the only supported build system.
- Use common URL format for source urls
- Update to 2.28.3:
* https://github.com/NixOS/nix/compare/2.28.0...2.28.3
- Update to 2.28.0:
* Unstable C++ API reworked
* C API nix_flake_init_global removed
- Update to 2.27:
* inputs.self.submodules flake attribute
* Git LFS support
* Handle the case where a chroot store is used and some inputs
are in the "host" /nix/store
* nix flake prefetch now has a --out-link option
* Set FD_CLOEXEC on sockets created by curl
* https://nix.dev/manual/nix/2.28/release-notes/rl-2.27
- Add /usr/lib64/nix/ to ldconfig paths
-------------------------------------------------------------------
Wed Mar 5 18:51:56 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.26.3
https://github.com/NixOS/nix/releases/tag/2.26.3
-------------------------------------------------------------------
Wed Feb 12 21:06:18 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.26.2
https://github.com/NixOS/nix/releases/tag/2.26.2
-------------------------------------------------------------------
Sun Feb 9 20:40:36 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.26.1
https://github.com/NixOS/nix/releases/tag/2.26.1
https://github.com/NixOS/nix/releases/tag/2.26.0
https://github.com/NixOS/nix/releases/tag/2.25.5
https://github.com/NixOS/nix/releases/tag/2.25.4
https://github.com/NixOS/nix/releases/tag/2.25.3
https://github.com/NixOS/nix/releases/tag/2.25.2
https://github.com/NixOS/nix/releases/tag/2.25.1
https://github.com/NixOS/nix/releases/tag/2.25.0
-------------------------------------------------------------------
Thu Jan 23 07:51:07 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- use optflags to pass the define for lowdown 1.4 as the autotools
based build wasnt update and meson isnt usable for us
-------------------------------------------------------------------
Wed Jan 22 10:47:07 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.12
https://github.com/NixOS/nix/releases/tag/2.24.12
- drop 0002-handle-lowdown-1.4-API-change.patch
-------------------------------------------------------------------
Sun Dec 29 18:39:01 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- switch to meson as build system
- add add_option_to_disable_tests.patch
meson didnt have an option yet to disable the testsuite
- Adapt to the lowdown 1.4 API
lowdown14.patch
based on https://github.com/NixOS/nix/pull/12115
-------------------------------------------------------------------
Sun Dec 29 18:31:09 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.11
https://github.com/NixOS/nix/releases/tag/2.24.11
-------------------------------------------------------------------
Tue Nov 12 18:52:40 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Switch back to the 2.24 branch
-------------------------------------------------------------------
Mon Nov 11 16:35:49 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.25.0
https://github.com/NixOS/nix/releases/tag/2.25.0
-------------------------------------------------------------------
Thu Oct 31 11:39:56 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.10
https://github.com/NixOS/nix/releases/tag/2.24.10
-------------------------------------------------------------------
Fri Sep 27 22:51:47 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.9
https://github.com/NixOS/nix/releases/tag/2.24.9
-------------------------------------------------------------------
Thu Sep 26 16:41:14 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Check if we can build with meson
- adds meson.readline.patch
- meson build has no option to disable testsuites
-------------------------------------------------------------------
Thu Sep 26 16:11:49 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Import sysusers file from Arch Linux
-------------------------------------------------------------------
Thu Sep 26 09:38:38 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.8
-------------------------------------------------------------------
Tue Sep 24 15:26:06 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.7
-------------------------------------------------------------------
Sat Sep 7 12:25:17 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.5
-------------------------------------------------------------------
Mon May 20 22:55:49 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update the seccomp.patch to match my pull request
-------------------------------------------------------------------
Mon May 20 14:30:28 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- initial package
