8.1 KiB
Release 0.11 (2007-12-31)
Nix 0.11 has many improvements over the previous stable release. The most important improvement is secure multi-user support. It also features many usability enhancements and language extensions, many of them prompted by NixOS, the purely functional Linux distribution based on Nix. Here is an (incomplete) list:
-
Secure multi-user support. A single Nix store can now be shared between multiple (possible untrusted) users. This is an important feature for NixOS, where it allows non-root users to install software. The old setuid method for sharing a store between multiple users has been removed. Details for setting up a multi-user store can be found in the manual.
-
The new command
nix-copy-closure
gives you an easy and efficient way to exchange software between machines. It copies the missing parts of the closure of a set of store path to or from a remote machine viassh
. -
A new kind of string literal: strings between double single-quotes (
''
) have indentation “intelligently” removed. This allows large strings (such as shell scripts or configuration file fragments in NixOS) to cleanly follow the indentation of the surrounding expression. It also requires much less escaping, since''
is less common in most languages than"
. -
nix-env
--set
modifies the current generation of a profile so that it contains exactly the specified derivation, and nothing else. For example,nix-env -p /nix/var/nix/profiles/browser --set firefox
lets the profile namedbrowser
contain just Firefox. -
nix-env
now maintains meta-information about installed packages in profiles. The meta-information is the contents of themeta
attribute of derivations, such asdescription
orhomepage
. The commandnix-env -q --xml --meta
shows all meta-information. -
nix-env
now uses themeta.priority
attribute of derivations to resolve filename collisions between packages. Lower priority values denote a higher priority. For instance, the GCC wrapper package and the Binutils package in Nixpkgs both have a filebin/ld
, so previously if you tried to install both you would get a collision. Now, on the other hand, the GCC wrapper declares a higher priority than Binutils, so the former’sbin/ld
is symlinked in the user environment. -
nix-env -i / -u
: instead of breaking package ties by version, break them by priority and version number. That is, if there are multiple packages with the same name, then pick the package with the highest priority, and only use the version if there are multiple packages with the same priority.This makes it possible to mark specific versions/variant in Nixpkgs more or less desirable than others. A typical example would be a beta version of some package (e.g.,
gcc-4.2.0rc1
) which should not be installed even though it is the highest version, except when it is explicitly selected (e.g.,nix-env -i gcc-4.2.0rc1
). -
nix-env --set-flag
allows meta attributes of installed packages to be modified. There are several attributes that can be usefully modified, because they affect the behaviour ofnix-env
or the user environment build script:-
meta.priority
can be changed to resolve filename clashes (see above). -
meta.keep
can be set totrue
to prevent the package from being upgraded or replaced. Useful if you want to hang on to an older version of a package. -
meta.active
can be set tofalse
to “disable” the package. That is, no symlinks will be generated to the files of the package, but it remains part of the profile (so it won’t be garbage-collected). Set it back totrue
to re-enable the package.
-
-
nix-env -q
now has a flag--prebuilt-only
(-b
) that causesnix-env
to show only those derivations whose output is already in the Nix store or that can be substituted (i.e., downloaded from somewhere). In other words, it shows the packages that can be installed “quickly”, i.e., don’t need to be built from source. The-b
flag is also available innix-env -i
andnix-env -u
to filter out derivations for which no pre-built binary is available. -
The new option
--argstr
(innix-env
,nix-instantiate
andnix-build
) is like--arg
, except that the value is a string. For example,--argstr system i686-linux
is equivalent to--arg system \"i686-linux\"
(note that--argstr
prevents annoying quoting around shell arguments). -
nix-store
has a new operation--read-log
(-l
)paths
that shows the build log of the given paths. -
Nix now uses Berkeley DB 4.5. The database is upgraded automatically, but you should be careful not to use old versions of Nix that still use Berkeley DB 4.4.
-
The option
--max-silent-time
(corresponding to the configuration settingbuild-max-silent-time
) allows you to set a timeout on builds — if a build produces no output onstdout
orstderr
for the given number of seconds, it is terminated. This is useful for recovering automatically from builds that are stuck in an infinite loop. -
nix-channel
: each subscribed channel is its own attribute in the top-level expression generated for the channel. This allows disambiguation (e.g.nix-env -i -A nixpkgs_unstable.firefox
). -
The substitutes table has been removed from the database. This makes operations such as
nix-pull
andnix-channel --update
much, much faster. -
nix-pull
now supports bzip2-compressed manifests. This speeds up channels. -
nix-prefetch-url
now has a limited form of caching. This is used bynix-channel
to prevent unnecessary downloads when the channel hasn’t changed. -
nix-prefetch-url
now by default computes the SHA-256 hash of the file instead of the MD5 hash. In calls tofetchurl
you should pass thesha256
attribute instead ofmd5
. You can pass either a hexadecimal or a base-32 encoding of the hash. -
Nix can now perform builds in an automatically generated “chroot”. This prevents a builder from accessing stuff outside of the Nix store, and thus helps ensure purity. This is an experimental feature.
-
The new command
nix-store --optimise
reduces Nix store disk space usage by finding identical files in the store and hard-linking them to each other. It typically reduces the size of the store by something like 25-35%. -
~/.nix-defexpr
can now be a directory, in which case the Nix expressions in that directory are combined into an attribute set, with the file names used as the names of the attributes. The commandnix-env --import
(which set the~/.nix-defexpr
symlink) is removed. -
Derivations can specify the new special attribute
allowedReferences
to enforce that the references in the output of a derivation are a subset of a declared set of paths. For example, ifallowedReferences
is an empty list, then the output must not have any references. This is used in NixOS to check that generated files such as initial ramdisks for booting Linux don’t have any dependencies. -
The new attribute
exportReferencesGraph
allows builders access to the references graph of their inputs. This is used in NixOS for tasks such as generating ISO-9660 images that contain a Nix store populated with the closure of certain paths. -
Fixed-output derivations (like
fetchurl
) can define the attributeimpureEnvVars
to allow external environment variables to be passed to builders. This is used in Nixpkgs to support proxy configuration, among other things. -
Several new built-in functions:
builtins.attrNames
,builtins.filterSource
,builtins.isAttrs
,builtins.isFunction
,builtins.listToAttrs
,builtins.stringLength
,builtins.sub
,builtins.substring
,throw
,builtins.trace
,builtins.readFile
.