Releases: DeterminateSystems/nix-src
v3.16.3
Release 3.16.3 (2026-02-24)
- Based on upstream Nix 2.33.3.
What's Changed
This release only includes changes in determinate-nixd.
v3.16.2
Release 3.16.2 (2026-02-23)
- Based on upstream Nix 2.33.3.
What's Changed
This release is exclusively improvements to determinate-nixd.
v3.16.1
Release 3.16.1 (2026-02-22)
- Based on upstream Nix 2.33.3.
What's Changed
nix store info now correctly support --refresh and --offline
Previously, Nix had a hard-coded TTL of seven days.
Determinate Nix moved that TTL to a new setting narinfo-cache-meta-ttl and now nix store info respects the --refresh and --offline flags.
This change makes it possible to freshly validate authenticating to a remote store.
PR: DeterminateSystems/nix-src#355
Corrected builtins.hashString behavior under lazy trees
builtins.hashString now devirtualizes lazy paths, making the hash result stable.
PR: DeterminateSystems/nix-src#360
Full Changelog: v3.16.0...v3.16.1
v3.16.0
Release 3.16.0 (2026-02-12)
- Based on upstream Nix 2.33.3.
Support .gitattributes in subdirectories
For performance, the Git backwards compatibility hack was only applied to repositories that had a .gitattributes in the root directory.
However, it is possible to have a .gitattributes file in a subdirectory, and there are real-world repos that do this, so we have dropped that restriction.
PR: DeterminateSystems/nix-src#335
Fix hung downloads when http-connections = 0
When we started limiting the number of active cURL handles in DeterminateSystems/nix-src#315, we did not take into account that http-connections = 0 is a special value that means, roughly "as many connections as possible" (the exact behavior is up to cURL).
This should now be fixed.
PR: DeterminateSystems/nix-src#327
builtins.getFlake now supports relative paths
builtins.getFlake now supports using relative paths, like:
builtins.getFlake ./..instead of the hacky
builtins.getFlake (builtins.flakeRefToString { type = "path"; path = self.sourceInfo.outPath; narHash = self.narHash; });Note that allowing builtins.getFlake to fetch from store paths is probably a bad idea, since it's ambiguous when using chroot stores, so a warning will be printed when this is encountered.
PRs:
Fixed a bug with too many open files
Recently, some users have reported seeing errors like:
error: creating git packfile indexer: failed to create temporary file '/Users/anon/.cache/nix/tarball-cache-v2/objects/pack/pack_git2_56d617039ac17c2b': Too many open files
This should now be fixed.
PR: DeterminateSystems/nix-src#347
Full Changelog: v3.15.2...v3.16.0
v3.15.2
Release 3.15.2 (2026-01-20)
- Based on upstream Nix 2.33.1.
What's Changed
Improved performance for users with a lot of dependencies
If you even had the occasion to query your binary cache for over 110,000 store path simultaneously you might have found it rather slow.
Previously, Nix would enqueue all the downloads at once.
This appears to trigger quadratic behavior in curl.
Determinate Nix now enqueues a reasonable number of subtitutions once.
At the same time, we fixed a performance issue in the progress bar with so many dependencies.
PR: DeterminateSystems/nix-src#315
Lazy trees update: path inputs are now lazy
Previously inputs like path:///path/to/a/dependency were eagerly fetched when lazy-trees is enabled.
In Determinate Nix 3.15.2, path input types are also fetched lazily.
This change saves time and improves performance for users with path inputs.
PRs:
nix repl now reports the Determinate version
A small change, but now nix repl correctly reports the Determinate Nix version:
$ nix repl
Nix (Determinate Nix 3.15.1) 2.33.0
Type :? for help.
nix-repl>
PR: DeterminateSystems/nix-src#316
New Contributors
- @dliberalesso made their first contribution in DeterminateSystems/nix-src#313
Full Changelog: v3.15.1...v3.15.2
Contributors
Assets 2
v3.15.1
Release 3.15.1 (2025-12-24)
- Based on upstream Nix 2.33.0.
What's Changed
Users reported the v3.15.0 tarball could not be fetched in a fixed-output derivation due to current stdenv paths present in the documentation. This release eliminated those paths.
PR: DeterminateSystems/nix-src#306
Additionally, this change re-enables CodeRabbit's code review on our changes. CodeRabit was disabled by the upstream project, and we inadvertently included that change.
PR: DeterminateSystems/nix-src#305
Full Changelog: v3.15.0...v3.15.1
v3.15.0
Release 3.15.0 (2025-12-19)
- Based on upstream Nix 2.33.0.
fetchTree improvement
builtins.fetchTree now implicitly treats the fetched tree as "final" when a narHash is supplied, meaning that it will not return attributes like lastModified or revCount unless they were specified by the caller. This makes it possible to substitute the tree from a binary cache, which is often more efficient. Furthermore, for Git inputs, it allows Nix to perform a shallow fetch, which is much faster.
This is primarily useful for users of flake-compat, since it uses builtins.fetchTree internally.
PR: DeterminateSystems/nix-src#297
New builtin function builtins.filterAttrs
Nixpkgs heavily relies on this function to select attributes from an attribute set:
filterAttrs = pred: set: removeAttrs set (filter (name: !pred name set.${name}) (attrNames set));Determinate Nix now has this function built-in, which makes it much faster.
PR: DeterminateSystems/nix-src#291
New Contributors
- @not-ronjinger made their first contribution in DeterminateSystems/nix-src#291
Full Changelog: v3.14.0...v3.15.0
Contributors
Assets 2
v3.14.0
Release 3.14.0 (2025-12-08)
- Based on upstream Nix 2.32.4.
What is going on?! nix ps to the rescue
Determinate Nix now features a nix ps command to summarize all of the active builds and child processes:
$ nix ps
USER PID CPU DERIVATION/COMMAND
_nixbld1 30167 0.4s /nix/store/h431bcfml83czhpyzljhp9mw4yrq95vs-determinate-nix-manual-3.14.0.drv (wall=9s)
_nixbld1 30167 0.2s └───bash -e /nix/store/vj1c3wf9c11a0qs6p3ymfvrnsdgsdcbq-source-stdenv.sh /nix/store/shkw4qm9qcw5sc5n1k5jznc83ny02r39-default-builder.s
_nixbld1 30278 0.0s └───ninja -j14
_nixbld1 30279 0.0s ├───/nix/store/v21kg4vm7yy0wflh0avkibz0shk86jn8-python3-3.12.11/bin/python3.12 /nix/store/lp001an6p80qx2fhdxgv5ysbn2iwj9pa-mes
_nixbld1 30286 0.0s │ └───/nix/store/z59zm01pjwzil2qkvv0s4ibk54risy9a-determinate-nix-3.14.0/bin/nix config show --json
_nixbld1 30280 0.0s ├───/nix/store/v21kg4vm7yy0wflh0avkibz0shk86jn8-python3-3.12.11/bin/python3.12 /nix/store/lp001an6p80qx2fhdxgv5ysbn2iwj9pa-mes
_nixbld1 30287 0.0s │ └───/nix/store/z59zm01pjwzil2qkvv0s4ibk54risy9a-determinate-nix-3.14.0/bin/nix __dump-language
_nixbld1 30281 0.0s ├───/nix/store/v21kg4vm7yy0wflh0avkibz0shk86jn8-python3-3.12.11/bin/python3.12 /nix/store/lp001an6p80qx2fhdxgv5ysbn2iwj9pa-mes
_nixbld1 30288 0.0s │ └───/nix/store/z59zm01pjwzil2qkvv0s4ibk54risy9a-determinate-nix-3.14.0/bin/nix __dump-cli
_nixbld1 30282 0.0s ├───/nix/store/v21kg4vm7yy0wflh0avkibz0shk86jn8-python3-3.12.11/bin/python3.12 /nix/store/lp001an6p80qx2fhdxgv5ysbn2iwj9pa-mes
_nixbld1 30284 0.0s │ └───/nix/store/z59zm01pjwzil2qkvv0s4ibk54risy9a-determinate-nix-3.14.0/bin/nix __dump-xp-features
_nixbld1 30283 0.0s └───/nix/store/v21kg4vm7yy0wflh0avkibz0shk86jn8-python3-3.12.11/bin/python3.12 /nix/store/lp001an6p80qx2fhdxgv5ysbn2iwj9pa-mes
_nixbld1 30285 0.0s └───/nix/store/5c8hb299k0acbypqw6j9m4znyd6b97cz-bash-5.2p37/bin/bash -euo pipefail -c if type -p build-release-notes > /de
_nixbld1 30289 0.0s └───changelog-d ../source/release-notes/../../rl-next
For the integrators out there, it also has a --json flag with all the raw data.
PRs:
Nix build, profile, and flake check commands tell you what output failed
These commands now tell you exactly what flake outputs failed to build.
Previously, the error would indicate only what derivation failed to build -- but not which output.
Now, nix build and nix profile commands provide the specific output:
$ nix build .#oneFakeHash .#badSystem --keep-going
❌ git+file:///Users/grahamc/src/github.com/DeterminateSystems/samples#oneFakeHash
error: hash mismatch in fixed-output derivation '/nix/store/58pp1y74j4f5zxfq50xncv2wvnxf7w3y-one-fake-hash.drv':
specified: sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
got: sha256-i7j83d71sibS/ssSjLJ5PMKmbhjAM+BHW0aElvkgEwY=
❌ git+file:///Users/grahamc/src/github.com/DeterminateSystems/samples#badSystem
error: Cannot build '/nix/store/5vsaxi730yl2icngkyvn8wiflik5wfmq-bad-system.drv'.
Reason: required system or feature not available
Required system: 'bogus' with features {}
Current system: 'aarch64-darwin' with features {apple-virt, benchmark, big-parallel, nixos-test}
And in a great change for CI, nix flake check users get improved summaries too:
$ nix flake check
❓ checks.aarch64-darwin.twoFakeHashes (cancelled)
❓ checks.aarch64-darwin.badSystemNested (cancelled)
❓ checks.aarch64-darwin.oneFakeHash (cancelled)
❓ checks.aarch64-darwin.failure (cancelled)
❓ checks.aarch64-darwin.badSystem (cancelled)
❓ checks.aarch64-darwin.weirdHash (cancelled)
❓ checks.aarch64-darwin.all (cancelled)
❓ checks.aarch64-darwin.fakeHashes (cancelled)
❓ checks.aarch64-darwin.incorrectHashes (cancelled)
❓ checks.aarch64-darwin.badFeaturesNested (cancelled)
❓ checks.aarch64-darwin.failureNested (cancelled)
❌ checks.aarch64-darwin.badFeatures
error: Cannot build '/nix/store/sc1cyhrpsm9yjx55cl2zzyr5lypwigi6-bad-feature.drv'.
Reason: required system or feature not available
Required system: 'aarch64-darwin' with features {bogus}
Current system: 'aarch64-darwin' with features {apple-virt, benchmark, big-parallel, nixos-test}
PRs:
More seamless upgrades from Nix 2.18 and Nix 2.19
We've heard from some users who are trying to upgrade from Nix 2.18.
These users are primarily experiencing problems caused by Nix 2.20 switching from git-archive to libgit2 for fetching repositories.
This change caused some git-archive filters to stop executing, like autocrlf.
Not running those filters is an improvement, and running those filters can cause instability in source hashes.
However, this switch did cause previously valid hashes to become invalid.
Determinate Nix now retries fetching an old archive with git-archive as a fallback when libgit2 fails to provide the correct source.
Further, to support a progressive migration Determinate Nix has a new option: nix-219-compat.
Set nix-219-compat=true to cause Nix to author new flake.nix files with a git-archive based source hash.
Finally, a user identified builtins.path changed since 2.18 and stopped propagating references.
We have corrected this regression.
PRs:
Flake registry mirroring
Determinate Nix now includes a fallback copy of the Nix Registry.
This change builds on top of v3.13.2, where we changed from the upstream Nix registry to a mirrored copy hosted by install.determinate.systems.
Combined, these changes increase the reliability of Nix in the face of network outages.
Note
Flake registry URLs for flake.nix inputs is deprecated.
The flake registry should only be used for interactive use.
See: #37
PR: DeterminateSystems/nix-src#273
Flake registry resolution CLI
We added the new command nix registry resolve to help debug issues with Flake registries.
This command looks up a flake registry input name and returns the flakeref it resolves to.
For example, looking up Nixpkgs:
$ nix registry resolve nixpkgs
github:NixOS/nixpkgs/nixpkgs-unstable
Or looking up the 25.11 branch of Nixpkgs:
$ nix registry resolve nixpkgs/release-25.11
github:NixOS/nixpkgs/release-25.11
Note
Flake registry URLs for flake.nix inputs is deprecated.
The flake registry should only be used for interactive use.
See: #37
PR: DeterminateSystems/nix-src#273
Improved Docker image packaging
Thanks to employee-64c7dcd530593118dcccc3fb, the OCI / Docker images built by the Determinate Nix flake.nix can be further customized.
Users can specify their own base image by specifying fromImage.
Additionally, users can specify additional directories to include at the beginning or end of the PATH variable with extraPrePaths and extraPostPaths.
PRs:
Bug fixes
- Corrected an error with parallel evaluation which (DeterminateSystems/nix-src#286)
- Fixed compatibility with updated Nixpkgs versions. Thank you SandaruKasa! (DeterminateSystems/nix-src#284)
Full Changelog: v3.13.2...v3.14.0
v3.13.2
Release 3.13.2 (2025-11-19)
- Based on upstream Nix 2.32.4.
What's Changed
Abbreviate flakerefs in lockfile diffs and nix flake metadata
Flake refs are now abbreviated when possible, to reduce visual clutter.
For example, this changes
• Updated input 'blender-bin':
'https://api.flakehub.com/f/pinned/edolstra/blender-bin/1.0.19/01993ca7-2aa8-746f-96f5-ca8d2c2b962d/source.tar.gz?narHash=sha256-ZqVhVl9UYVErF8HW8lcvqss005VWYjuX//rZ%2BOmXyHg%3D' (2025-09-12)
→ 'https://api.flakehub.com/f/pinned/edolstra/blender-bin/1.0.20/019a8772-b044-7738-8c03-109bdc9f0a01/source.tar.gz?narHash=sha256-sVj9Gmx0kwTDQPJ5kgQYszE3Hdjevu0zx0b/bL2fyUc%3D' (2025-11-15)
• Updated input 'nix':
'github:DeterminateSystems/nix-src/236ebef6514f3a2a9765c8a1d80dd503b8e672be?narHash=sha256-s6/Err0yqOp5fM3OdCF1vhmEYpeElbPOWX88YrW2qj4%3D' (2025-10-23)
→ 'github:DeterminateSystems/nix-src/ef054dc06e9701597bce0b0572af18cb4c7e7277?narHash=sha256-uqYmH0KA8caQqX5u4BMarZsuDlC%2B71HRsH3h4f3DPCA%3D' (2025-11-12)
to
• Updated input 'blender-bin':
'https://api.flakehub.com/f/pinned/edolstra/blender-bin/1.0.19/01993ca7-2aa8-746f-96f5-ca8d2c2b962d/source.tar.gz' (2025-09-12)
→ 'https://api.flakehub.com/f/pinned/edolstra/blender-bin/1.0.20/019a8772-b044-7738-8c03-109bdc9f0a01/source.tar.gz' (2025-11-15)
• Updated input 'nix':
'github:DeterminateSystems/nix-src/236ebef' (2025-10-23)
→ 'github:DeterminateSystems/nix-src/ef054dc' (2025-11-12)
PR: DeterminateSystems/nix-src#264
nix flake prefetch-inputs now skips build-time inputs
Build-time inputs can already be fetched in parallel, so prefetching them is usually not what you want.
This can be especially noticeable in projects that make extensive use of build-time flake inputs.
PR: DeterminateSystems/nix-src#263
Don't compute revCount/lastModified if they're already specified
We don't care if the user (or more likely the lock file) specifies an incorrect value for these attributes, since it doesn't matter for security (unlike content hashes like narHash).
This can save time when operating on large repos -- having to recalculate these attributes could slow things down greatly.
PR: DeterminateSystems/nix-src#269
Avoid unnecessary Git refetches
This fixes the issue where updating a Git input does a non-shallow fetch, and then a subsequent eval does a shallow refetch because the revCount is already known.
Now the subsequent eval will reuse the repo used in the first fetch.
PR: DeterminateSystems/nix-src#270
Use our mirrored flake registry
The flake registry is security-critical and thus should have high availability.
By mirroring the upstream Nix flake registry, we can make it less likely that a GitHub outage affects being able to resolve from the registry.
PR: DeterminateSystems/nix-src#271
Full Changelog: v3.13.1...v3.13.2
v3.13.1
Release 3.13.1 (2025-11-12)
- Based on upstream Nix 2.32.4.
What's Changed
- nix bundle: Wait for async path writer by @edolstra in DeterminateSystems/nix-src#260
- Sync with upstream 2.32.4 by @edolstra in DeterminateSystems/nix-src#261
Full Changelog: v3.13.0...v3.13.1
