Releases: DeterminateSystems/nix-installer
v0.16.0
This is mostly bug fix and nix
version bump release.
We now install Nix 2.19.2 by default. In addition #772 means that nix upgrade-nix
should no longer result in your Nix version downgrading.
Bug Fixes
- MacOS installer does not honor case sensitive setting by @Hoverbear in #748
- Don't modify shell profile files if they are symlinks by @Hoverbear in #767
- Fix arm64 darwin install by @Hoverbear in #789
- Fix
adduser
so it doesn't create the home by @Hoverbear in #801
What's Changed
- Fetch
nix
version freshness from install.determinate.systems by default by @grahamc in #772 - Clippy nits while hacking around by @grahamc in #737
- nix-2.19.2 by @Hoverbear in #756
- Update deps by @Hoverbear in #771 #800
- fix create build users action description by @Hoverbear in #788
Full Changelog: v0.15.1...v0.16.0
v0.15.1
This release is mostly a bugfix release.
For folks using MacOS remote builders, we now apply a to have nix
on the SSH session PATH
automatically.
Bug Fixes
- Fix exit code inconsistency by @Hoverbear in #684
- Remove the writable flag, don't set too many permission bits by @grahamc in #718
- Nix config: add extra newlines after the initial comment by @grahamc in #719
What's Changed
- Make sure /etc/tmpfiles.d exists on the ostree planner by @grahamc in #686
- Document the known nix-darwin related uninstall issue by @Hoverbear in #687
- Add 'sudo' to suggestions for launchd-related config fixes by @timsutton in #706
- Don't include the version number in the nix config, for reproducibility by @grahamc in #710
- Document max-jobs=auto by @mkenigs in #712
- Support remote-building to macOS hosts by @grahamc in #714
New Contributors
- @timsutton made their first contribution in #706
Other Notes
Keen observers may have noticed v0.15.0 in #728, unfortunately the Cargo.lock
didn't get updated and it wasn't noticed until after tagging. We could have updated the lock, and re-released, but we'd already built the binaries for the tag. In order to be safe, we cut a 0.15.1. If you happen to use 0.15.0 it should still work, building might just result in a dirty Cargo.lock
.
Full Changelog: v0.14.0...v0.15.1
v0.14.0
This is a relatively minor release which introduces a brand new repair
subcommand which can repair your shell profiles.
For example, this means if you run:
nix-installer install --no-confirm
rm -rf /etc/bashrc
nix-installer repair
The repair
subcommand should create a new /etc/bashrc
with the Nix related content in it.
For Mac users in particular, this repair
command is now run by a oneshot launchd service on boot. This should make it so nix
should be on path even after Mac version updates that would normally remove it.
What's Changed
- Update ssl-cert-file docs by @lytedev in #671
- Make our Nix installation immune to macOS upgrades by @grahamc in #672
- Release v0.14.0 by @Hoverbear in #679
New Contributors
Full Changelog: v0.13.1...v0.14.0
v0.13.1
This release upgrades to Nix 2.18.1 and includes a fix for an Mac APFS issue (#647 & #662).
Also, the generated nix.conf
should have a consistent outcome order now, as we use an IndexMap
instead of a HashMap
(#664).
What's Changed
- Unmount apfs volumes before deleting them by @Hoverbear in #662
- Upgrade to Nix 2.18.1 by @Hoverbear in #661
- flake-compat: use flakehub by @grahamc in #663
- Update nix-config-parser to use indexmap by @Hoverbear in #664
- Update deps by @Hoverbear in #665
- Release v0.13.1 by @Hoverbear in #666
Full Changelog: v0.13.0...v0.13.1
v0.13.0
This release rolls back #620 as we noticed elevated rates of errors on GHA. We plan to re-approach the problem soon.
What's Changed
- v0.12.1-unreleased by @Hoverbear in #644
- Revert "Make nix.conf changes deterministic (#620)" by @Hoverbear in #648
- Release v0.12.1 by @Hoverbear in #649
- Revert "Release v0.12.1" by @Hoverbear in #650
- Reintroduce 640, 638, 627 by @Hoverbear in #651
- Release v0.13.0 by @Hoverbear in #652
Full Changelog: v0.12.0...v0.13.0
v0.12.0
This release upgrades to Nix 2.18, enables the repl-flake
feature by default, and sets max-jobs
to auto.
Changes to the nix.conf
are now deterministic, and the installer should produce the same output each install regardless of the existing configuration.
This release also includes a number of small correctness improvements and UX tweaks.
Bug Fixes
- (Mac) Uninvert EnableOwnership logic by @Hoverbear in #623
What's Changed
- Language and readme update by @grahamc in #612
- Update README.md a bit to highlight flakes by @grahamc in #616
- Bump dependencies by @Hoverbear in #619
- Readme cutificiation by @Hoverbear in #618
- Add Upgrading section to README.md by @mig4ng in #598
- Improve
--help
by @Hoverbear in #624 - Check for file existence before attempting to open it by @Hoverbear in #626
- Fix uninstall instructions by @Hoverbear in #631
- Make nix.conf changes deterministic by @Hoverbear in #620
- Set max jobs to auto by @Hoverbear in #627
- Support user-defined diagnostics attribution by @grahamc in #635
- Add support for URLs or paths in --nix-package-url and --extra-conf by @Hoverbear in #634
- Disable auto-allocate-uids on Linux too by @Hoverbear in #638
- Upgrade to Nix 2.18 by @Hoverbear in #637
- Plan prompts for sudo by @Hoverbear in #639
- Enable repl-flake experimental feature by @Hoverbear in #640
- Fixup VM tests by @Hoverbear in #642
- Tweak nix-build-user-count default in all places by @Hoverbear in #643
- Release v0.12.0 by @Hoverbear in #641
New Contributors
Full Changelog: v0.11.0...v0.12.0
v0.11.0
It's a v0.11.0! 🎉
This release bumps the Nix version to 2.17 (#597).
Thanks to @Hofer-Julian, we now support Fedora Silverblue, Clear Linux and other OSTree distributions. (#586)
We also rewrote the Github Action in Typescript! v5 includes the Typescript revamp, but there should be no major user facing changes. (DeterminateSystems/nix-installer-action#34).
For Mac users, nix-installer uninstall
will now try to see if you have nix-darwin
uninstalled and ask you to uninstall that first! Why? Because if you don't, it creates a bit of a mess and a reinstall tends to break things. (#561)
Bug Fixes
- bugfix: Let Mac users specify encryption directly by @Hoverbear in #546
What's Changed
- Remove local eclint package definition by @lucperkins in #537
- Turn off auto optimise store on mac by @Hoverbear in #542
- Support create_directory paths being an existing mount by @Hoverbear in #547
- Remove atty dependency by @Hoverbear in #554
launchctl bootstrap
fails with disabled in a dirty state by @Hoverbear in #555- Add tracing around the Github Actions reinstall issue by @Hoverbear in #541
- Offer better messaging around user/group creation by @Hoverbear in #557
- Tweak self-test reporting to make it more clear it may not be a total failure by @Hoverbear in #559
- Add pre install/uninstall checks to planners by @Hoverbear in #561
- Disable steam deck CI until #566 by @Hoverbear in #571
- Fix most clippy warnings by @Hofer-Julian in #572
- Remove unneeded lifetime by @Hofer-Julian in #573
- Let typescript action set runner as trusted and do Github path by @Hoverbear in #568
- DS-970: Add Magic Nix Cache and other workflow changes by @flexiondotorg in #569
- Teach installer about Clear Linux by @Hoverbear in #581
- Add support for ostree-based Linux distributions by @Hofer-Julian in #586
- Fix the Mac CI with Silverblue by @Hoverbear in #591
- Make self-test errors a warning only by @Hoverbear in #587
- Update installer to Nix 2.17 #DS-1032 by @flexiondotorg in #597
- Check versions on uninstall for safety by @Hoverbear in #579
- Improve the message when security delete-generic-password is required by @Hoverbear in #570
- Enable clippy on CI by @Hoverbear in #574
New Contributors
- @Hofer-Julian made their first contribution in #572
- @flexiondotorg made their first contribution in #569
Full Changelog: v0.10.0...v0.11.0
v0.10.0
This release includes a number of small features (notably for Mac and SteamOS) as well as additional install validation.
We now support nix
's new ssl-cert-file
option (NixOS/nix#8062) through our ssl-cert-file
option, instead of modifying your shell profiles. This improves install consistency between operating systems and should improve the robustness of SSL support. (#527)
Before completing installation, we now perform a robust self-test. The installer invokes something like this to make sure your system works (#506):
nix build --no-link --expr '
derivation {
name = "self-test-{executable}-{timestamp_millis}";
system = "x86_64-linux";
builder = "/bin/sh"; args = ["-c" "echo hello > \$out"];
}'
For Steam Deck users, if you've been exploring the new main
channel releases of the Steam Deck, you may have noticed the appearance of a /home/.steamos/offload/nix
folder! We now support the offload if we detect it, otherwise sticking to the old method of creating our own bind mount. (#495)
Primarily benefiting Steam Deck users for now (but also to support #389 in the future) we now do some /etc/os-release
heuristics to determine which planner should used by default on your system. This means Steam Deck users shouldn't need to specify the steam-deck
planner anymore. (#501)
For Mac users, we added time machine exclusions for /nix
since you most likely don't want to back up your Nix store with Time Machine (#480). We were further motivated because it was possible for users to be unable to uninstall Nix because time machine was making a backup. We also now better handle cases where diskutil
does not return a volume name (#490).
Unfortunately, our experiment in 0.9.x with the new auto-uid-allocation
was not as successful on Mac as it was on Linux. While we've not found any issues with the feature on Linux, on Mac is creates issues in any builds that use something like whoami
. For Mac users, the _nixbld
user creation has returned, and your Mac installs will feel as fast as they were in 0.8.0. (#524)
Bug fixes
- APFS volumes don't necessarily have names by @Hoverbear in #490
- Restore user creation on Mac by @Hoverbear in #524
- Uninstalling should change directory if in nix by @Hoverbear in #526
What's Changed
- Add time machine exclusions for Mac by @Hoverbear in #480
- Improve messaging when /nix/receipt.json is already found by @Hoverbear in #491
- Add full path to nix-installer in bug report instructions by @cole-h in #499
- Support for SteamOS Nix Offload in SteamOS 20230522.1000 by @Hoverbear in #495
- Use os-release to determine appropriate planner by @Hoverbear in #501
- Fix uninstalling on latest steam deck with offload by @Hoverbear in #502
- typo fix for auto-allocate-uids by @georgyo in #505
- Add self test functionality by @Hoverbear in #506
- Fix darwin devShell by @mkenigs in #514
- swap fortune for hello in CI workflow by @abathur in #525
- Add flake checker action to GHA lints by @lucperkins in #515
- Use ssl-cert-file config by @Hoverbear in #527
- ci: use our cacher action by @cole-h in #532
- Fix devshell on i686 by @Hoverbear in #533
New Contributors
- @georgyo made their first contribution in #505
- @mkenigs made their first contribution in #514
- @abathur made their first contribution in #525
Full Changelog: v0.9.1...v0.10.0
v0.9.1
This release builds on v0.9.0, and includes a minor fix for the GITHUB_PATH
support on Github Actions for Macs only.
It turns out, we were accidentally looking for the path appropriate for Linux on Macs too! This meant that if you ran nix profile install nixpkgs#hello
and tried to run hello
, it wouldn't work! That's super frustrating and if you met this issue, sorry about that!
What's Changed
- Fixup GHA home directory on Mac by @Hoverbear in #482
Full Changelog: v0.9.0...v0.9.1
v0.9.0
This release includes few big features, as well as several bug fixes (notably for the Steam Deck), we've highlighted below.
Nix 2.15 and newly enabled features
We're excited to adopt Nix 2.15!
2.15 includes the new auto-allocate-uids
feature! While we still need to create a system group, This removes a significant portion of the installer complexity, especially on Mac. It also makes things a bit faster:
ana@ubuntu-22:~/Downloads$ hyperfine --warmup 2 "./v0.8.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm" "./v0.9.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm"
Benchmark 1: ./v0.8.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm
Time (mean ± σ): 7.722 s ± 0.414 s [User: 0.007 s, System: 0.009 s]
Range (min … max): 7.343 s … 8.537 s 10 runs
Benchmark 2: ./v0.9.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm
Time (mean ± σ): 3.774 s ± 0.047 s [User: 0.006 s, System: 0.010 s]
Range (min … max): 3.706 s … 3.836 s 10 runs
Summary
'./v0.9.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm' ran
2.05 ± 0.11 times faster than './v0.8.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm'
SELinux Support
This release also includes support for SELinux based off https://github.com/nix-community/nix-installers/tree/master/selinux.
Here's an example of a Fedora install with SELinux set to Enforce
:
[ana@fedora ~]$ getenforce
Enforcing
[ana@fedora ~]$ curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/tag/v0.9.0 | sh -s -- install --no-confirm --log-directive nix_installer=warn
info: downloading installer https://install.determinate.systems/nix/tag/v0.9.0/nix-installer-x86_64-linux
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
Nix was installed successfully!
To get started using Nix, open a new shell or run `. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh`
[ana@fedora ~]$ . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
[ana@fedora ~]$ nix run nixpkgs#hello
[37.3 MiB DL]
Hello, world!
[ana@fedora ~]$ getenforce
Enforcing
Infrastructure friendliness
We had some users reporting that they wanted to blindly run nix-installer
during CI without having to check for a /nix
. So, we now exit 0 and print a warning if the same version of Nix seems to be already installed.
If you're relying on this feature, we do advise picking a specific tag of the nix-installer
instead of pinning to latest:
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/tag/v0.9.0 | sh -s -- install --no-confirm
We also improved the container documentation to provide a unified feel for both Docker and Podman users.
What's Changed
- Nix 2.13.3 -> 2.15.0 by @grahamc in #428
- Add SELinux support by @Hoverbear in #465
- Adopted the new auto-uid-allocation feature by @Hoverbear in #196
- fsync after writing Nix config to attempt to fix the flaky preserves_comment test by @Hoverbear in #448
- Don't error if already installed with same settings, just warn by @Hoverbear in #454
- Improve failure chain on revert by @Hoverbear in #467
- Improve messaging around version incompatability by @Hoverbear in #457
- Improve the SELinux heuristic to look for sestatus by @Hoverbear in #470
- Improve container docs somewhat by @Hoverbear in #472
Bug Fixes
- Set permissions on unpacked Nix store paths more carefully by @Hoverbear in #451
- Fixup multiple --extra-conf usages by @Hoverbear in #456
- Improve WSL systemd detection by @Hoverbear in #469
- RequiredBy items in the nix.mount of steam-deck planner in [Install] by @Hoverbear in #455
Full Changelog: v0.8.0...v0.9.0