Release 2.0 (2018-02-??) This release has the following new features: Start of new nix command line interface. This is a work in progress and the interface is subject to change. Self-documenting: shows all available command-line arguments. shows all configuration options. nix build: Replacement for nix-build. nix ls-store and nix ls-nar allow listing the contents of a store path or NAR file. nix cat-store and nix cat-nar allow extracting a file from a store path or NAR file. nix verify checks whether a store path is unmodified and/or is trusted. nix copy-sigs copies signatures from one store to another. nix sign-paths signs store paths. nix copy copies paths between arbitrary Nix stores, generalising nix-copy-closure and nix-push. nix path-info shows information about store paths. nix run starts a shell in which the specified packages are available. nix log shows the build log of a package or path. If the build log is not available locally, it will try to obtain it from a binary cache. nix eval replaces nix-instantiate --eval. nix dump-path to get a NAR from a store path. nix edit opens the source code of a package in an editor. nix search replaces nix-env -qa. It searches the available packages for occurences of a search string in the attribute name, package name or description. It caches available packages to speed up searches. nix why-depends (d41c5eb13f4f3a37d80dbc6d3888644170c3b44a). nix show-derivation (e8d6ee7c1b90a2fe6d824f1a875acc56799ae6e2). nix add-to-store (970366266b8df712f5f9cedb45af183ef5a8357f). nix upgrade-nix upgrades Nix to the latest stable version. This requires that Nix is installed in a profile. (Thus it won’t work on NixOS, or if it’s installed outside of the Nix store.) Progress indicator. All options are available as flags now (b8283773bd64d7da6859ed520ee19867742a03ba). The external program nix-repl has been integrated into Nix as nix repl. If a fixed-output derivation produces a result with an incorrect hash, the output path will be moved to the location corresponding to the actual hash and registered as valid. Thus, a subsequent build of the fixed-output derivation with the correct hash is unnecessary. It is no longer necessary to set the NIX_REMOTE environment variable if you need to use the Nix daemon. Nix will use the daemon automatically if you don’t have write access to the Nix database. The Nix language now supports floating point numbers. They are based on regular C++ float and compatible with existing integers and number-related operations. Export and import to and from JSON and XML works, too. nix-shell now sets the IN_NIX_SHELL environment variable during evaluation and in the shell itself. This can be used to perform different actions depending on whether you’re in a Nix shell or in a regular build. Nixpkgs provides lib.inNixShell to check this variable during evaluation. (bb36a1a3cf3fbe6bc9d0afcc5fa0f928bed03170) Internal: all Store classes are now thread-safe. RemoteStore supports multiple concurrent connections to the daemon. This is primarily useful in multi-threaded programs such as hydra-queue-runner. The dependency on Perl has been removed. As a result, some (obsolete) programs have been removed: nix-push (replaced by nix copy), nix-pull (obsoleted by binary caches), nix-generate-patches, bsdiff, bspatch. Improved store abstraction. Substituters eliminated. BinaryCacheStore, LocalBinaryCacheStore, HttpBinaryCacheStore, S3BinaryCacheStore (compile-time optional), SSHStore. Add docs + examples? Nix now stores signatures for local store paths. Locally-built paths are now signed automatically using the secret keys specified by the store option. In addition, store paths that have been built locally are marked as “ultimately trusted”, and content-addressable store paths carry a “content-addressability assertion” that allow them to be trusted without any signatures. NIX_PATH is now lazy, so URIs in the path are only downloaded if they are needed for evaluation. You can now use channel:channel-name as a short-hand for https://nixos.org/channels/channel-name/nixexprs.tar.xz. For example, nix-build channel:nixos-15.09 -A hello will build the GNU Hello package from the nixos-15.09 channel. When is given, the last 10 lines of the build log will be shown if a build fails. builtins.fetchGit. (38539b943a060d9cdfc24d6e5d997c0885b8aa2f) <nix/fetchurl.nix> now uses the content-addressable tarball cache at http://tarballs.nixos.org/, just like fetchurl in Nixpkgs. (f2682e6e18a76ecbfb8a12c17e3a0ca15c084197) Chroot Nix stores: allow the “physical” location of the Nix store (e.g. /home/alice/nix/store) to differ from its “logical” location (typically /nix/store). This allows non-root users to use Nix while still getting the benefits from prebuilt binaries from cache.nixos.org. (4494000e04122f24558e1436e66d20d89028b4bd, 3eb621750848e0e6b30e5a79f76afbb096bb6c8a) On Linux, builds are now executed in a user namespace with uid 1000 and gid 100. builtins.fetchurl and builtins.fetchTarball now support sha256 and name attributes. HttpBinaryCacheStore (the replacement of download-from-binary-cache) now retries automatically on certain HTTP error codes. Derivation attributes can now reference the outputs of the derivation using the placeholder builtin function. For example, the attribute configureFlags = "--prefix=${placeholder "out"} --includedir=${placeholder "dev"}"; will cause the configureFlags environment variable to contain the actual store paths corresponding to the out and dev outputs. TODO: add docs. Support for HTTP/2. This makes binary cache lookups much more efficient. (90ad02bf626b885a5dd8967894e2eafc953bdf92) The configuration option can now specify optional paths by appending a ?, e.g. /dev/nvidiactl? will bind-mount /dev/nvidiactl only if it exists. More support for testing build reproducibility: when is set to false, it’s no longer a fatal error build rounds produce different output (8bdf83f936adae6f2c907a6d2541e80d4120f051); add a hook to run diffoscope when build rounds produce different output (9a313469a4bdea2d1e8df24d16289dc2a172a169w). Kill builds as soon as stdout/stderr is closed. This fixes a bug that allowed builds to hang Nix indefinitely (regardless of timeouts). (21948deed99a3295e4d5666e027a6ca42dc00b40) Add support for passing structured data to builders. TODO: document. (6de33a9c675b187437a2e1abbcb290981a89ecb1) exportReferencesGraph: Export more complete info in JSON format. (c2b0d8749f7e77afc1c4b3e8dd36b7ee9720af4a) Support for netrc. (e6e74f987f0fa284d220432d426eb965269a97d6, 302386f775eea309679654e5ea7c972fb6e7b9af) Support s3:// URIs in all places where Nix allows URIs. (9ff9c3f2f80ba4108e9c945bbfda2c64735f987b) The option can be set to auto to use the number of CPUs in the system. (7251d048fa812d2551b7003bc9f13a8f5d4c95a5) Add support for Brotli compression. cache.nixos.org compresses build logs using Brotli. Substitutions from binary caches now require signatures by default. This was already the case on NixOS. (ecbc3fedd3d5bdc5a0e1a0a51b29062f2874ac8b) nix-env now ignores packages with bad derivation names (in particular those starting with a digit or containing a dot). (b0cb11722626e906a73f10dd9a0c9eea29faf43a) Renamed various configuration options. (TODO: in progress) Remote machines can now be specified on the command line. TODO: document. (1a68710d4dff609bbaf61db3e17a2573f0aadf17) In Linux sandbox builds, we now use /build instead of /tmp as the temporary build directory. This fixes potential security problems when a build accidentally stores its TMPDIR in some critical place, such as an RPATH. (eba840c8a13b465ace90172ff76a0db2899ab11b) In Linux sandbox builds, we now provide a default /bin/sh (namely ash from BusyBox). (a2d92bb20e82a0957067ede60e91fab256948b41) Make all configuration options available as command line flags (b8283773bd64d7da6859ed520ee19867742a03ba). Support base-64 hashes. (c0015e87af70f539f24d2aa2bc224a9d8b84276b) nix-shell now uses bashInteractive from Nixpkgs, rather than the bash command that happens to be in the caller’s PATH. This is especially important on macOS where the bash provided by the system is seriously outdated and cannot execute stdenv’s setup script. New builtin functions: builtins.split (b8867a0239b1930a16f9ef3f7f3e864b01416dff), builtins.partition. Automatic garbage collection. nix-store -q --roots and nix-store --gc --print-roots now show temporary and in-memory roots. Builders can now communicate what build phase they are in by writing messages to the file descriptor specified in NIX_LOG_FD. (88e6bb76de5564b3217be9688677d1c89101b2a3) Some features were removed: “Nested” log output. As a result, nix-log2xml was also removed. OpenSSL-based signing. (f435f8247553656774dd1b2c88e9de5d59cab203) Caching of failed builds. (8cffec84859cec8b610a2a22ab0c4d462a9351ff) nix-mode.el has been removed from Nix. It is now a separate repository in https://github.com/NixOS/nix-mode and can be installed through the MELPA package repository. In restricted evaluation mode (), builtin functions that download from the network (such as fetchGit) are permitted to fetch underneath the list of URI prefixes specified in the option . This release has contributions from TBD.