Skip to content

Releases: DeterminateSystems/nix-installer

v0.10.0

27 Jun 18:09
e3cb372
Compare
Choose a tag to compare

This release includes a number of small features (notably for Mac and SteamOS) as well as additional install validation.

We now support nix's new ssl-cert-file option (NixOS/nix#8062) through our ssl-cert-file option, instead of modifying your shell profiles. This improves install consistency between operating systems and should improve the robustness of SSL support. (#527)

Before completing installation, we now perform a robust self-test. The installer invokes something like this to make sure your system works (#506):

nix build --no-link --expr '
derivation {
  name = "self-test-{executable}-{timestamp_millis}";
  system = "x86_64-linux";
  builder = "/bin/sh"; args = ["-c" "echo hello > \$out"];
}'

For Steam Deck users, if you've been exploring the new main channel releases of the Steam Deck, you may have noticed the appearance of a /home/.steamos/offload/nix folder! We now support the offload if we detect it, otherwise sticking to the old method of creating our own bind mount. (#495)

Primarily benefiting Steam Deck users for now (but also to support #389 in the future) we now do some /etc/os-release heuristics to determine which planner should used by default on your system. This means Steam Deck users shouldn't need to specify the steam-deck planner anymore. (#501)

For Mac users, we added time machine exclusions for /nix since you most likely don't want to back up your Nix store with Time Machine (#480). We were further motivated because it was possible for users to be unable to uninstall Nix because time machine was making a backup. We also now better handle cases where diskutil does not return a volume name (#490).

Unfortunately, our experiment in 0.9.x with the new auto-uid-allocation was not as successful on Mac as it was on Linux. While we've not found any issues with the feature on Linux, on Mac is creates issues in any builds that use something like whoami. For Mac users, the _nixbld user creation has returned, and your Mac installs will feel as fast as they were in 0.8.0. (#524)

Bug fixes

What's Changed

New Contributors

Full Changelog: v0.9.1...v0.10.0

v0.9.1

30 May 16:28
457127b
Compare
Choose a tag to compare

This release builds on v0.9.0, and includes a minor fix for the GITHUB_PATH support on Github Actions for Macs only.

It turns out, we were accidentally looking for the path appropriate for Linux on Macs too! This meant that if you ran nix profile install nixpkgs#hello and tried to run hello, it wouldn't work! That's super frustrating and if you met this issue, sorry about that!

What's Changed

Full Changelog: v0.9.0...v0.9.1

v0.9.0

19 May 18:22
5d0e28f
Compare
Choose a tag to compare

This release includes few big features, as well as several bug fixes (notably for the Steam Deck), we've highlighted below.

Nix 2.15 and newly enabled features

We're excited to adopt Nix 2.15!

2.15 includes the new auto-allocate-uids feature! While we still need to create a system group, This removes a significant portion of the installer complexity, especially on Mac. It also makes things a bit faster:

ana@ubuntu-22:~/Downloads$ hyperfine --warmup 2 "./v0.8.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm" "./v0.9.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm"
Benchmark 1: ./v0.8.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm
  Time (mean ± σ):      7.722 s ± 0.414 s    [User: 0.007 s, System: 0.009 s]
  Range (min … max):    7.343 s …  8.537 s    10 runs
 
Benchmark 2: ./v0.9.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm
  Time (mean ± σ):      3.774 s ± 0.047 s    [User: 0.006 s, System: 0.010 s]
  Range (min … max):    3.706 s …  3.836 s    10 runs
 
Summary
  './v0.9.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm' ran
    2.05 ± 0.11 times faster than './v0.8.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm'

SELinux Support

This release also includes support for SELinux based off https://github.com/nix-community/nix-installers/tree/master/selinux.

Here's an example of a Fedora install with SELinux set to Enforce:

[ana@fedora ~]$ getenforce
Enforcing
[ana@fedora ~]$ curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/tag/v0.9.0 | sh -s -- install --no-confirm --log-directive nix_installer=warn
info: downloading installer https://install.determinate.systems/nix/tag/v0.9.0/nix-installer-x86_64-linux
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
Nix was installed successfully!
To get started using Nix, open a new shell or run `. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh`
[ana@fedora ~]$ . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
[ana@fedora ~]$ nix run nixpkgs#hello
[37.3 MiB DL]
Hello, world!

[ana@fedora ~]$ getenforce
Enforcing

Infrastructure friendliness

We had some users reporting that they wanted to blindly run nix-installer during CI without having to check for a /nix. So, we now exit 0 and print a warning if the same version of Nix seems to be already installed.

If you're relying on this feature, we do advise picking a specific tag of the nix-installer instead of pinning to latest:

curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/tag/v0.9.0 | sh -s -- install --no-confirm

We also improved the container documentation to provide a unified feel for both Docker and Podman users.

What's Changed

Bug Fixes

  • Set permissions on unpacked Nix store paths more carefully by @Hoverbear in #451
  • Fixup multiple --extra-conf usages by @Hoverbear in #456
  • Improve WSL systemd detection by @Hoverbear in #469
  • RequiredBy items in the nix.mount of steam-deck planner in [Install] by @Hoverbear in #455

Full Changelog: v0.8.0...v0.9.0

v0.8.0

12 Apr 14:57
4cc8326
Compare
Choose a tag to compare

This release fixes several bug fixes as well as functionality to continue uninstalling with best effort, even if errors occur.

What's Changed

  • Fixup create_volume_service action tag by @Hoverbear in #398
  • Uninstall shouldn't fail fast by @Hoverbear in #382
  • Trim fdesetup output, remove accidently committed SSL related settings by @Hoverbear in #403
  • Split output docs by @Hoverbear in #407
  • Only stop the nix daemon if it's actually active, not just enabled by @Hoverbear in #410
  • Handle the APFS volume not existing but the Service and Fstab being present by @Hoverbear in #405
  • Provide users a better error message if systemd is not active by @Hoverbear in #412
  • Avoid globbing issues by using symlinks and readlink by @Hoverbear in #413
  • Check user group commands exist during plan by @Hoverbear in #411
  • Fixup a cure case where a store path already exists so we never make a symlink by @Hoverbear in #414

Full Changelog: v0.7.0...v0.8.0

v0.7.0

29 Mar 22:27
a506ac8
Compare
Choose a tag to compare

This release is mostly a release of bug fixes and documentation updates, containing no major features.

Users should notice less errors in the MacOS volume creation step, automatic Rosetta detection, and better encryption detection. Steam Deck users, we fixed the install read-only issue. During curing we are now less strict about file permissions.

What's Changed

Full Changelog: v0.6.0...v0.7.0

v0.6.0

20 Mar 18:15
a9a2e4b
Compare
Choose a tag to compare

With this release the installer can now support limited 'curing'.

More specifically, installing over an existing partial install (either from nix-installer or the official scripts) should, in many cases, result in a working install. Cured installations include uninstallation via /nix/nix-installer uninstall, just like normal installations.

We're very curious to find cases where curing breaks! If you find a case, please share it with us! along with any reproduction steps!

The command line prompts have undergone some minor trimming and now will only show you settings you've configured, instead of all settings.

For users of busybox, the adduser and addgroup commands.

For users working with proxies and custom certificates, there is now support for HTTPS_PROXY style variables as well as a --proxy flag. For certificates, the --ssl-cert-file flag can be used to set up a custom SSL certificate to use. We also now support your system CA certificates instead of only a static set.

For users using remote MacOS builders over SSH, please see the quirks section of the README.md for instructions how to workaround some zsh behavior which may prevent nix-shell or other tools from being on your $PATH. Previously we wrote to /etc/zshenv but discovered a $PATH ordering bug which caused us to revert this behavior.

What's Changed

Full Changelog: v0.5.0...v0.6.0

v0.5.0

06 Mar 20:20
9d939e7
Compare
Choose a tag to compare

This release includes some more work towards supporting installing over existing installations (see #126 for more information on our curing effort). Specifically, an existing /etc/nix/nix.conf file will no longer be a hard error1 and will instead be merged with the settings that we desire.

It also fixes a few bugs, like a typo in a permissions check (checking a file had a mode of 664 instead of 644), a macOS installation bug that affected some setups (see #295 and #298 for more information), and explicitly erroring on WSL1 as unsupported.

If you rely on us as a library, the change that will impact you the most is that we made all of our error enums #[non_exhaustive], so that adding new variants in the future won't require a new major version.

The diagnostics report also saw a slight rework to be somewhat more useful in actually diagnosing issues. A diagnostic report now looks like this:

{
  "version": "0.5.0",
  "planner": "linux",
  "configured_settings": [
    "modify_profile"
  ],
  "os_name": "Ubuntu",
  "os_version": "22.04.1 LTS (Jammy Jellyfish)",
  "triple": "x86_64-unknown-linux-musl",
  "is_ci": false,
  "action": "Install",
  "status": "Failure",
  "failure_chain": [
    "Action(\"configure_nix\")",
    "Child(\"place_nix_configuration\")",
    "Child(\"create_directory\")",
    "CreateDirectory(\"/etc/nix\")"
  ]
}

What's Changed

Full Changelog: v0.4.0...v0.5.0


  1. Currently, only experimental-features will be merged (please file an issue if you would like to see other options supported!); any other conflict between our desired settings and an existing nix.conf will still cause an error. In other words, if the setting is not one that we are trying to set (see the list here: https://github.com/DeterminateSystems/nix-installer/blob/v0.5.0/src/action/common/place_nix_configuration.rs#L32-L45), it will be seamlessly merged into the resulting nix.conf file.

v0.4.0

24 Feb 23:03
f9f9278
Compare
Choose a tag to compare

With 0.4.0, we're feeling like the Determinate Nix Installer is ready for general usage.

It's pretty exciting and we invite you to enjoy a cupcake to celebrate with us! 🧁

As part of this step up in stability, we managed to re-enable deleting users on Macs. We originally disabled this feature because our test Macs were giving strange errors. Turns out, it's because we weren't logged in graphically, so even though our user had a secure token, they still couldn't remove users! For more details, check out #33.

We also got feedback from some users (thanks!) that the permission mode checking we added last version was too strict and in some places just plain wrong. Those should be fixed up and the errors related to them greatly improved.

This release also includes a diagnostic reporting tool, allowing adopters to report back the status of installs. This is handy if you're deploying Nix across an organization and want to catch problems with deployments. The reporter is configurable and can write small reports to files or URLs that look like this:

{
    "version": "0.4.0",
    "planner": "linux",
    "configured_settings": [ "modify_profile" ],
    "os_name": "Ubuntu",
    "os_version": "22.04.1 LTS (Jammy Jellyfish)",
    "triple": "x86_64-unknown-linux-gnu",
    "action": "Install",
    "status": "Failure",
    "failure_variant": "Symlink"
}

If your organization starts using them, please let us know! We'd like to know more about how to make them useful. The default options of the installer drop a diagnostic to us to help us root out problems. Diagnostic reporting can always be disabled by adding --diagnostic-endpoint= to the end of the install command.

We also fixed an issue with nix-shell -p not working when it should have! We now add extra-nix-path = nixpkgs=flake:nixpkgs to the nix.conf.

Lastly, this release includes a number of minor "curing" functionality, meaning things like a /nix folder already existing won't immediately cause an error. These items will still cleanly get removed on uninstall. It's intended that this functionality helps repair existing partial installs (from any source).

What's Next

Next release we plan to focus more on "curing". It's our hope we can offer users the ability to repair existing installs, complete previous partial install attempts, and offer users a chance to uninstall an existing (non nix-installer created) install. As part of that we've been hacking on nix-config-parser and it's been a lot of fun!

What's Changed

Full Changelog: v0.3.0...v0.4.0

v0.3.0

14 Feb 18:11
41fdc2d
Compare
Choose a tag to compare

This release includes some fixes for issues users were experiencing on the Steam Deck, as well as some improved error messages. Several actions can now recognize existing partial installs and transparently take ownership of them.

We decided on the phrasing "The Determinate Nix Installer" when regarding this project and not wanting to use the binary name. We also adopted an increased software maturity stance.

We also noted that the planners felt awkwardly named given that linux-multi was able to install the root only mode. We renamed them from linux-multi to linux, and darwin-multi to macos. (steam-deck is unchanged) You may need to adjust your scripts to compensate for this.

Bug fixes

  • Attempt to minimize steam deck display manager restart risk by @Hoverbear in #237

What's Changed

Full Changelog: v0.2.0...v0.3.0

v0.2.0

01 Feb 22:10
95852f2
Compare
Choose a tag to compare

This release includes some fixes users reported on Macs (notably #212) and introduces a new init-less option for Linux.

Using --init none lets users enjoy Nix in places where an init system is not present. Since the darwin-multi and the steam-deck planners require the init system for mounting /nix, they did not receive a similar option. --init none permits use cases such as WSL2 (without Systemd) or inside running Docker containers.

Users of the linux-multi planner can also try --no-start-daemon which allows for Nix to be installed during a docker build command.

Bugfixes

  • Use a UUID instead of volume name for fstab on Mac by @Hoverbear in #215

What's Changed

  • Add a friendly top comment about nix-installer.sh by @Hoverbear in #216
  • Verify the apfs volume doesn't already exist before trying to create it by @Hoverbear in #217
  • Add plist use to the CreateFstabEntry action by @Hoverbear in #221
  • Use 30k range not 3k range for UIDs on Linux and 30k for a GID on all by @Hoverbear in #222
  • init-less install by @Hoverbear in #188

Full Changelog: v0.1.0...v0.2.0