File nix.changes of Package nix
-------------------------------------------------------------------
Tue Sep 2 09:38:03 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.31.1:
- libexpr: Canonicalize TOML timestamps for toml11 > 4.0
- libexpr: Use table.size() instead of unnecessary loop
- nix/develop: Fix misleading ignored error when run with
--arg/--argstr
- Handle empty ports
- SQLite: fsync db.sqlite-shm before opening the database
-------------------------------------------------------------------
Mon Aug 25 08:58:05 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.31.0:
- `build-cores = 0` now auto-detects CPU cores
[#13402](https://github.com/NixOS/nix/pull/13402) When
`build-cores` is set to `0`, Nix now automatically detects the
number of available CPU cores and passes this value via
`NIX_BUILD_CORES`, instead of passing `0` directly. This
matches the behavior when `build-cores` is unset. This prevents
the builder from having to detect the number of cores.
- Fix Git LFS SSH issues
[#13337](https://github.com/NixOS/nix/issues/13337)
[#13743](https://github.com/NixOS/nix/pull/13743) Fixed some
outstanding issues with Git LFS and SSH.
- Added support for `NIX_SSHOPTS`.
- Properly use the parsed port from URL.
- Better use of the response of `git-lfs-authenticate` to
determine API endpoint when the API is not exposed on port
443.
- Add support for `user@address:port` syntax in store URIs
[#7044](https://github.com/NixOS/nix/issues/7044)
[#3425](https://github.com/NixOS/nix/pull/3425) It's now
possible to specify the port used for SSH stores directly in
the store URL in accordance with
[RFC3986](https://datatracker.ietf.org/doc/html/rfc3986).
Previously the only way to specify custom ports was via
`ssh_config` or the `NIX_SSHOPTS` environment variable, because
Nix incorrectly passed the port number together with the host
name to the SSH executable. This change affects [store
references](@docroot@/store/types/index.md#store-url-format)
passed via the `--store` and similar flags in CLI as well as in
the configuration for [remote
builders](@docroot@/command-ref/conf-file.md#conf-builders).
For example, the following store URIs now work:
- `ssh://127.0.0.1:2222`
- `ssh://[b573:6a48:e224:840b:6007:6275:f8f7:ebf3]:22`
- `ssh-ng://[b573:6a48:e224:840b:6007:6275:f8f7:ebf3]:22`
- Represent IPv6 RFC4007 ZoneId literals in conformance with
RFC6874 [#13445](https://github.com/NixOS/nix/pull/13445) Prior
versions of Nix since
[#4646](https://github.com/NixOS/nix/pull/4646) accepted [IPv6
scoped
addresses](https://datatracker.ietf.org/doc/html/rfc4007) in
URIs like [store
references](@docroot@/store/types/index.md#store-url-format) in
the textual representation with a literal percent character:
`[fe80::1%18]`. This was ambiguous, because the the percent
literal `%` is reserved by
[RFC3986](https://datatracker.ietf.org/doc/html/rfc3986), since
it's used to indicate percent encoding. Nix now requires that
the percent `%` symbol is percent-encoded as `%25`. This
implements
[RFC6874](https://datatracker.ietf.org/doc/html/rfc6874), which
defines the representation of zone identifiers in URIs. The
example from above now has to be specified as `[fe80::1%2518]`.
- Use WAL mode for SQLite cache databases
[#13800](https://github.com/NixOS/nix/pull/13800) Previously,
Nix used SQLite's "truncate" mode for caches. However, this
could cause a Nix process to block if another process was
updating the cache. This was a problem for the flake evaluation
cache in particular, since it uses long-running transactions.
Thus, concurrent Nix commands operating on the same flake could
be blocked for an unbounded amount of time. WAL mode avoids
this problem. This change required updating the versions of the
SQLite caches. For instance, `eval-cache-v5.sqlite` is now
`eval-cache-v6.sqlite`.
- Enable parallel marking in bdwgc
[#13708](https://github.com/NixOS/nix/pull/13708) Previously
marking was done by only one thread, which takes a long time if
the heap gets big. Enabling parallel marking speeds up
evaluation a lot, for example (on a Ryzen 9 5900X 12-Core):
- `nix search nixpkgs` from 24.3s to 18.9s.
- Evaluating the `NixOS/nix/2.21.2` flake regression test from
86.1s to 71.2s.
- New command `nix flake prefetch-inputs`
[#13565](https://github.com/NixOS/nix/pull/13565) This command
fetches all inputs of a flake in parallel. This can be a lot
faster than the serialized on-demand fetching during regular
flake evaluation. The downside is that it may fetch inputs that
aren't normally used.
- Add `warn-short-path-literals` setting
[#13489](https://github.com/NixOS/nix/pull/13489) This setting,
when enabled, causes Nix to emit warnings when encountering
relative path literals that don't start with `.` or `/`, for
instance suggesting that `foo/bar` should be rewritten to
`./foo/bar`.
- When updating a lock, respect the input's lock file
[#13437](https://github.com/NixOS/nix/pull/13437) For example,
if a flake has a lock for `a` and `a/b`, and we change the
flakeref for `a`, previously Nix would fetch the latest version
of `b` rather than using the lock for `b` from `a`.
- Implement support for Git hashing with SHA-256
[#13543](https://github.com/NixOS/nix/pull/13543) The
experimental support for
[Git-hashing](@docroot@/development/experimental-features.md#xp-feature-git-hashing)
store objects now also includes support for SHA-256, not just
SHA-1, in line with upstream Git.
- refresh 0001-port-option-to-disable-functional-tests-to-meson.patch
-------------------------------------------------------------------
Mon Aug 11 16:49:56 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Add /nix/var/build to %files
- Run %fdupes on %buildroot
-------------------------------------------------------------------
Fri Jul 25 10:05:34 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.30.2:
- minor bug fix release
-------------------------------------------------------------------
Sat Jul 12 14:16:23 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.30.1:
- minor bug fix release
-------------------------------------------------------------------
Tue Jul 8 16:14:34 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.30.0:
## Backward-incompatible changes and deprecations
- build-dir longer defaults to $TMPDIR The directory in which
temporary build directories are created no longer defaults to
TMPDIR or /tmp , to avoid builders making their directories
world-accessible. This behavior allowed escaping the build
sandbox and can cause build impurities even when not used
maliciously. We now default to builds in NIX_STATE_DIR (which
is /nix/var/nix/builds in the default configuration).
- Deprecate manually making structured attrs using the __json
attribute #13220 https://github.com/NixOS/nix/pull/13220The
proper way to create a derivation using structured attrs in the
Nix language is by using __structuredAttrs = true with
builtins. derivation
However, by exploiting how structured attrs are implementated,
it has also been possible to create them by setting the __json
environment variable to a serialized JSON string. This sneaky
alternative method is now deprecated, and may be disallowed in
future versions of Nix.
- Rename nix profile install to nix profile add #13224
https://github.com/NixOS/nix/pull/13224 The command nix
profile install has been renamed to nix profile add (though
the former is still available as an alias). This is because the
verb "add" is a better antonym for the verb "remove" (i.e. nix
profile remove ). Nix also does not have install hooks or
general behavior often associated with "installing".
## Performance improvements
This release has a number performance improvements, in particular:
- Reduce the size of value from 24 to 16 bytes #13407
https://github. com/NixOS/nix/pull/13407 This shaves off a very
significant amount of memory used for evaluation (~20% percent
reduction in maximum heap size and ~17% in total bytes).
## Features
- Add stack sampling evaluation profiler #13220 https://github.
com/NixOS/nix/pull/13220 The Nix evaluator now supports stack
sampling evaluation profiling via the --eval-profiler
flamegraph setting. It outputs collapsed call stack information
to the file specified by --eval-profile-file ( nix. profile by
default) in a format directly consumable by flamegraph.pl and
compatible tools like speedscope https://speedscope. app/.
Sampling frequency can be configured via
--eval-profiler-frequency (99 Hz by default).Unlike the
existing --trace-function-calls this profiler includes the
name of the function being called when it's available.
- nix repl
prints which variables were loaded #11406
https://github.com/NixOS/nix/pull/11406Instead of Added <n>
variables it now prints the first 10 variables that were added
to the global scope.
- nix flake archive : Add --no-check-sigs
option #13277 https://github.com/NixOS/nix/pull/13277This is
useful when using nix flake archive with the destination set
to a remote store.
- Emit warnings for IFDs with trace-import-from-derivation
option #13279 https://github.com/NixOS/nix/pull/13279While we
have the setting allow-import-from-derivation
to deny import-from-derivation (IFD), sometimes users would
like to observe IFDs during CI processes to gradually phase out
the idiom. The new setting trace-import-from-derivation , when
set, logs a simple warning to the console.
- json-log-path setting #13003
https://github.com/NixOS/nix/pull/13003New setting
json-log-path that sends a copy of all Nix log messages (in
JSON format) to a file or Unix domain socket.
- Non-flake inputs now contain a sourceInfo attribute #13164
https://github.com/NixOS/nix/issues/13164 #13170
https://github. com/NixOS/nix/pull/13170Flakes have always had
a sourceInfo attribute which describes the source of the
flake. The sourceInfo.outPath is often identical to the
flake's outPath . However, it can differ when the flake is
located in a subdirectory of its source.Non-flake inputs (i.e.
inputs with flake = false inputs) can also be located at some
path within a wider source. This usually happens when defining
a relative path input within the same source as the parent
flake, e.g. inputs.foo.url = ./some-file.nix . Such relative
inputs will now inherit their parent's sourceInfo .This also
means it is now possible to use ?dir=subdir on non-flake
inputs.This iterates on the work done in 2.26 to improve
relative path support (#10089
https://github.com/NixOS/nix/pull/10089), and resolves a
regression introduced in 2.28 relating to nested relative path
inputs (#13164 https://github.com/NixOS/nix/issues/13164).
## Miscellaneous changes
- builtins.sort uses PeekSort #12623
https://github.com/NixOS/nix/pull/12623Previously it used
libstdc++'s std::stable_sort() . However, that implementation
is not reliable if the user-supplied comparison function is not
a strict weak ordering.
- Revert incomplete closure mixed download and build feature #77
https://github.com/NixOS/nix/issues/77 #12628 https://github.
com/NixOS/nix/issues/12628 #13176 https://github.
com/NixOS/nix/pull/13176 Since Nix 1.3 (commit 299141e in
2013) Nix has attempted to mix together upstream fresh
builds and downstream substitutions when remote substuters
contain an "incomplete closure" (have some store objects, but
not the store objects they reference). This feature is now
removed.In the worst case, removing this feature could cause
more building downstream, but it should not cause outright
failures, since this is not happening for opaque store objects
that we don't know how to build if we decide not to substitute.
In practice, however, we doubt even more building is very
likely to happen. Remote stores that are missing dependencies
in arbitrary ways (e.g. corruption) don't seem to be very
common.On the contrary, when remote stores fail to implement
the closure property it is usually an intentional choice on the
part of the remote store, because it wishes to serve as an
"overlay" store over another store, such as
https://cache.nixos. org . If an "incomplete closure" is
encountered in that situation, the right fix is not to do some
sort of "franken-building" as this feature implemented, but
instead to make sure both substituters are enabled in the
settings.(In the future, we should make it easier for remote
stores to indicate this to clients, to catch settings that
won't work in general before a missing dependency is actually
encountered.)
- refresh 0001-port-option-to-disable-functional-tests-to-meson.patch
-------------------------------------------------------------------
Tue Jul 1 15:08:17 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Fix some BuildRequires to make it more friendly towards building
on SLE 15
-------------------------------------------------------------------
Tue Jun 24 15:44:37 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.29.1: (boo#1245319)
Fixes:
- CVE-2025-46415
- CVE-2025-52991
- CVE-2025-52992
- CVE-2025-52993
For the details see:
https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017
-------------------------------------------------------------------
Tue Jun 17 09:42:04 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Update to 2.29.0:
* Prettified JSON output on the terminal. Pass --no-pretty to
disable when using a pseudo-tty.
* REPL: improve continuation prompt for incomplete expressions
* REPL: load-flake and :reload now work together
* Increase retry delays on HTTP 429 Too Many Requests
* S3: opt-in the STSProfileCredentialsProvider
* Reduce connect timeout for http substituter to 5s
* C API: add functions for locking and loading a flake
* No longer copy flakes that are in the nix store
* Consistently preserve error messages from cached evaluation
* Faster blake3 hashing
* Fix progress bar for S3 binary caches and make file transfers
interruptible
* Add host attribute of github/gitlab flakerefs to URL
serialization
* Multiple signatures support in store urls
* nix flake show now skips over import-from-derivation
* Add nix formatter build and nix formatter run commands
* Amend OSC 8 escape stripping for xterm-style separator
-------------------------------------------------------------------
Mon Jun 2 11:58:56 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Add -doc subpackage
- Build docs if on x86_64 or aarch64
-------------------------------------------------------------------
Sun Jun 1 01:50:10 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Enable -Dembedded-sandbox-shell to allow building packages that
depends on bash, as it is default in NixOS
-------------------------------------------------------------------
Sat May 24 13:33:49 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Do not require fish-completion and zsh-completion as they do not
exist
-------------------------------------------------------------------
Wed May 14 20:32:13 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Split into subpackages: nix-bash-completion, nix-fish-completion,
nix-zsh-completition
- Move Perl bindings to the right folder
- Remove 0003-default-to-readline.patch: pass argument via Meson
setup command
-------------------------------------------------------------------
Mon May 12 20:52:11 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Add --localstatedir=%{_sharedstatedir}/nix to save files inside
/var/lib/nix (instead of /var/nix, which does not respect FHS)
- Add /nix to the list of files installed
-------------------------------------------------------------------
Sun May 11 16:25:09 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Add %check section
- Remove possibility to build without meson
* The meson build system is now the only supported build system.
- Use common URL format for source urls
- Update to 2.28.3:
* https://github.com/NixOS/nix/compare/2.28.0...2.28.3
- Update to 2.28.0:
* Unstable C++ API reworked
* C API nix_flake_init_global removed
- Update to 2.27:
* inputs.self.submodules flake attribute
* Git LFS support
* Handle the case where a chroot store is used and some inputs
are in the "host" /nix/store
* nix flake prefetch now has a --out-link option
* Set FD_CLOEXEC on sockets created by curl
* https://nix.dev/manual/nix/2.28/release-notes/rl-2.27
- Add /usr/lib64/nix/ to ldconfig paths
-------------------------------------------------------------------
Wed Mar 5 18:51:56 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.26.3
https://github.com/NixOS/nix/releases/tag/2.26.3
-------------------------------------------------------------------
Wed Feb 12 21:06:18 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.26.2
https://github.com/NixOS/nix/releases/tag/2.26.2
-------------------------------------------------------------------
Sun Feb 9 20:40:36 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.26.1
https://github.com/NixOS/nix/releases/tag/2.26.1
https://github.com/NixOS/nix/releases/tag/2.26.0
https://github.com/NixOS/nix/releases/tag/2.25.5
https://github.com/NixOS/nix/releases/tag/2.25.4
https://github.com/NixOS/nix/releases/tag/2.25.3
https://github.com/NixOS/nix/releases/tag/2.25.2
https://github.com/NixOS/nix/releases/tag/2.25.1
https://github.com/NixOS/nix/releases/tag/2.25.0
-------------------------------------------------------------------
Thu Jan 23 07:51:07 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- use optflags to pass the define for lowdown 1.4 as the autotools
based build wasnt update and meson isnt usable for us
-------------------------------------------------------------------
Wed Jan 22 10:47:07 UTC 2025 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.12
https://github.com/NixOS/nix/releases/tag/2.24.12
- drop 0002-handle-lowdown-1.4-API-change.patch
-------------------------------------------------------------------
Sun Dec 29 18:39:01 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- switch to meson as build system
- add add_option_to_disable_tests.patch
meson didnt have an option yet to disable the testsuite
- Adapt to the lowdown 1.4 API
lowdown14.patch
based on https://github.com/NixOS/nix/pull/12115
-------------------------------------------------------------------
Sun Dec 29 18:31:09 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.11
https://github.com/NixOS/nix/releases/tag/2.24.11
-------------------------------------------------------------------
Tue Nov 12 18:52:40 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Switch back to the 2.24 branch
-------------------------------------------------------------------
Mon Nov 11 16:35:49 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.25.0
https://github.com/NixOS/nix/releases/tag/2.25.0
-------------------------------------------------------------------
Thu Oct 31 11:39:56 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.10
https://github.com/NixOS/nix/releases/tag/2.24.10
-------------------------------------------------------------------
Fri Sep 27 22:51:47 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.9
https://github.com/NixOS/nix/releases/tag/2.24.9
-------------------------------------------------------------------
Thu Sep 26 16:41:14 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Check if we can build with meson
- adds meson.readline.patch
- meson build has no option to disable testsuites
-------------------------------------------------------------------
Thu Sep 26 16:11:49 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Import sysusers file from Arch Linux
-------------------------------------------------------------------
Thu Sep 26 09:38:38 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.8
-------------------------------------------------------------------
Tue Sep 24 15:26:06 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.7
-------------------------------------------------------------------
Sat Sep 7 12:25:17 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update to 2.24.5
-------------------------------------------------------------------
Mon May 20 22:55:49 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- Update the seccomp.patch to match my pull request
-------------------------------------------------------------------
Mon May 20 14:30:28 UTC 2024 - Marcus Rueckert <mrueckert@suse.de>
- initial package
