v0.13.0

This release rolls back #620 as we noticed elevated rates of errors on GHA. We plan to re-approach the problem soon.

What's Changed

• v0.12.1-unreleased by @Hoverbear in #644
• Revert "Make nix.conf changes deterministic (#620)" by @Hoverbear in #648
• Release v0.12.1 by @Hoverbear in #649
• Revert "Release v0.12.1" by @Hoverbear in #650
• Reintroduce 640, 638, 627 by @Hoverbear in #651
• Release v0.13.0 by @Hoverbear in #652

Full Changelog: v0.12.0...v0.13.0

v0.12.0

This release upgrades to Nix 2.18, enables the repl-flake feature by default, and sets max-jobs to auto.

Changes to the nix.conf are now deterministic, and the installer should produce the same output each install regardless of the existing configuration.

This release also includes a number of small correctness improvements and UX tweaks.

Bug Fixes

• (Mac) Uninvert EnableOwnership logic by @Hoverbear in #623

What's Changed

• Language and readme update by @grahamc in #612
• Update README.md a bit to highlight flakes by @grahamc in #616
• Bump dependencies by @Hoverbear in #619
• Readme cutificiation by @Hoverbear in #618
• Add Upgrading section to README.md by @mig4ng in #598
• Improve --help by @Hoverbear in #624
• Check for file existence before attempting to open it by @Hoverbear in #626
• Fix uninstall instructions by @Hoverbear in #631
• Make nix.conf changes deterministic by @Hoverbear in #620
• Set max jobs to auto by @Hoverbear in #627
• Support user-defined diagnostics attribution by @grahamc in #635
• Add support for URLs or paths in --nix-package-url and --extra-conf by @Hoverbear in #634
• Disable auto-allocate-uids on Linux too by @Hoverbear in #638
• Upgrade to Nix 2.18 by @Hoverbear in #637
• Plan prompts for sudo by @Hoverbear in #639
• Enable repl-flake experimental feature by @Hoverbear in #640
• Fixup VM tests by @Hoverbear in #642
• Tweak nix-build-user-count default in all places by @Hoverbear in #643
• Release v0.12.0 by @Hoverbear in #641

New Contributors

• @mig4ng made their first contribution in #598

Full Changelog: v0.11.0...v0.12.0

v0.11.0

It's a v0.11.0! 🎉

This release bumps the Nix version to 2.17 (#597).

Thanks to @Hofer-Julian, we now support Fedora Silverblue, Clear Linux and other OSTree distributions. (#586)

We also rewrote the Github Action in Typescript! v5 includes the Typescript revamp, but there should be no major user facing changes. (DeterminateSystems/nix-installer-action#34).

For Mac users, nix-installer uninstall will now try to see if you have nix-darwin uninstalled and ask you to uninstall that first! Why? Because if you don't, it creates a bit of a mess and a reinstall tends to break things. (#561)

Bug Fixes

• bugfix: Let Mac users specify encryption directly by @Hoverbear in #546

What's Changed

• Remove local eclint package definition by @lucperkins in #537
• Turn off auto optimise store on mac by @Hoverbear in #542
• Support create_directory paths being an existing mount by @Hoverbear in #547
• Remove atty dependency by @Hoverbear in #554
• launchctl bootstrap fails with disabled in a dirty state by @Hoverbear in #555
• Add tracing around the Github Actions reinstall issue by @Hoverbear in #541
• Offer better messaging around user/group creation by @Hoverbear in #557
• Tweak self-test reporting to make it more clear it may not be a total failure by @Hoverbear in #559
• Add pre install/uninstall checks to planners by @Hoverbear in #561
• Disable steam deck CI until #566 by @Hoverbear in #571
• Fix most clippy warnings by @Hofer-Julian in #572
• Remove unneeded lifetime by @Hofer-Julian in #573
• Let typescript action set runner as trusted and do Github path by @Hoverbear in #568
• DS-970: Add Magic Nix Cache and other workflow changes by @flexiondotorg in #569
• Teach installer about Clear Linux by @Hoverbear in #581
• Add support for ostree-based Linux distributions by @Hofer-Julian in #586
• Fix the Mac CI with Silverblue by @Hoverbear in #591
• Make self-test errors a warning only by @Hoverbear in #587
• Update installer to Nix 2.17 #DS-1032 by @flexiondotorg in #597
• Check versions on uninstall for safety by @Hoverbear in #579
• Improve the message when security delete-generic-password is required by @Hoverbear in #570
• Enable clippy on CI by @Hoverbear in #574

New Contributors

• @Hofer-Julian made their first contribution in #572
• @flexiondotorg made their first contribution in #569

Full Changelog: v0.10.0...v0.11.0

v0.10.0

This release includes a number of small features (notably for Mac and SteamOS) as well as additional install validation.

We now support nix's new ssl-cert-file option (NixOS/nix#8062) through our ssl-cert-file option, instead of modifying your shell profiles. This improves install consistency between operating systems and should improve the robustness of SSL support. (#527)

Before completing installation, we now perform a robust self-test. The installer invokes something like this to make sure your system works (#506):

nix build --no-link --expr '
derivation {
  name = "self-test-{executable}-{timestamp_millis}";
  system = "x86_64-linux";
  builder = "/bin/sh"; args = ["-c" "echo hello > \$out"];
}'

For Steam Deck users, if you've been exploring the new main channel releases of the Steam Deck, you may have noticed the appearance of a /home/.steamos/offload/nix folder! We now support the offload if we detect it, otherwise sticking to the old method of creating our own bind mount. (#495)

Primarily benefiting Steam Deck users for now (but also to support #389 in the future) we now do some /etc/os-release heuristics to determine which planner should used by default on your system. This means Steam Deck users shouldn't need to specify the steam-deck planner anymore. (#501)

For Mac users, we added time machine exclusions for /nix since you most likely don't want to back up your Nix store with Time Machine (#480). We were further motivated because it was possible for users to be unable to uninstall Nix because time machine was making a backup. We also now better handle cases where diskutil does not return a volume name (#490).

Unfortunately, our experiment in 0.9.x with the new auto-uid-allocation was not as successful on Mac as it was on Linux. While we've not found any issues with the feature on Linux, on Mac is creates issues in any builds that use something like whoami. For Mac users, the _nixbld user creation has returned, and your Mac installs will feel as fast as they were in 0.8.0. (#524)

Bug fixes

• APFS volumes don't necessarily have names by @Hoverbear in #490
• Restore user creation on Mac by @Hoverbear in #524
• Uninstalling should change directory if in nix by @Hoverbear in #526

What's Changed

• Add time machine exclusions for Mac by @Hoverbear in #480
• Improve messaging when /nix/receipt.json is already found by @Hoverbear in #491
• Add full path to nix-installer in bug report instructions by @cole-h in #499
• Support for SteamOS Nix Offload in SteamOS 20230522.1000 by @Hoverbear in #495
• Use os-release to determine appropriate planner by @Hoverbear in #501
• Fix uninstalling on latest steam deck with offload by @Hoverbear in #502
• typo fix for auto-allocate-uids by @georgyo in #505
• Add self test functionality by @Hoverbear in #506
• Fix darwin devShell by @mkenigs in #514
• swap fortune for hello in CI workflow by @abathur in #525
• Add flake checker action to GHA lints by @lucperkins in #515
• Use ssl-cert-file config by @Hoverbear in #527
• ci: use our cacher action by @cole-h in #532
• Fix devshell on i686 by @Hoverbear in #533

New Contributors

• @georgyo made their first contribution in #505
• @mkenigs made their first contribution in #514
• @abathur made their first contribution in #525

Full Changelog: v0.9.1...v0.10.0

v0.9.1

This release builds on v0.9.0, and includes a minor fix for the GITHUB_PATH support on Github Actions for Macs only.

It turns out, we were accidentally looking for the path appropriate for Linux on Macs too! This meant that if you ran nix profile install nixpkgs#hello and tried to run hello, it wouldn't work! That's super frustrating and if you met this issue, sorry about that!

What's Changed

• Fixup GHA home directory on Mac by @Hoverbear in #482

Full Changelog: v0.9.0...v0.9.1

v0.9.0

This release includes few big features, as well as several bug fixes (notably for the Steam Deck), we've highlighted below.

Nix 2.15 and newly enabled features

We're excited to adopt Nix 2.15!

2.15 includes the new auto-allocate-uids feature! While we still need to create a system group, This removes a significant portion of the installer complexity, especially on Mac. It also makes things a bit faster:

ana@ubuntu-22:~/Downloads$ hyperfine --warmup 2 "./v0.8.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm" "./v0.9.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm"
Benchmark 1: ./v0.8.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm
  Time (mean ± σ):      7.722 s ± 0.414 s    [User: 0.007 s, System: 0.009 s]
  Range (min … max):    7.343 s …  8.537 s    10 runs
 
Benchmark 2: ./v0.9.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm
  Time (mean ± σ):      3.774 s ± 0.047 s    [User: 0.006 s, System: 0.010 s]
  Range (min … max):    3.706 s …  3.836 s    10 runs
 
Summary
  './v0.9.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm' ran
    2.05 ± 0.11 times faster than './v0.8.0 install --no-confirm && /nix/nix-installer uninstall --no-confirm'

SELinux Support

This release also includes support for SELinux based off https://github.com/nix-community/nix-installers/tree/master/selinux.

Here's an example of a Fedora install with SELinux set to Enforce:

[ana@fedora ~]$ getenforce
Enforcing
[ana@fedora ~]$ curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/tag/v0.9.0 | sh -s -- install --no-confirm --log-directive nix_installer=warn
info: downloading installer https://install.determinate.systems/nix/tag/v0.9.0/nix-installer-x86_64-linux
`nix-installer` needs to run as `root`, attempting to escalate now via `sudo`...
Nix was installed successfully!
To get started using Nix, open a new shell or run `. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh`
[ana@fedora ~]$ . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
[ana@fedora ~]$ nix run nixpkgs#hello
[37.3 MiB DL]
Hello, world!

[ana@fedora ~]$ getenforce
Enforcing

Infrastructure friendliness

We had some users reporting that they wanted to blindly run nix-installer during CI without having to check for a /nix. So, we now exit 0 and print a warning if the same version of Nix seems to be already installed.

If you're relying on this feature, we do advise picking a specific tag of the nix-installer instead of pinning to latest:

curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/tag/v0.9.0 | sh -s -- install --no-confirm

We also improved the container documentation to provide a unified feel for both Docker and Podman users.

What's Changed

• Nix 2.13.3 -> 2.15.0 by @grahamc in #428
• Add SELinux support by @Hoverbear in #465
• Adopted the new auto-uid-allocation feature by @Hoverbear in #196
• fsync after writing Nix config to attempt to fix the flaky preserves_comment test by @Hoverbear in #448
• Don't error if already installed with same settings, just warn by @Hoverbear in #454
• Improve failure chain on revert by @Hoverbear in #467
• Improve messaging around version incompatability by @Hoverbear in #457
• Improve the SELinux heuristic to look for sestatus by @Hoverbear in #470
• Improve container docs somewhat by @Hoverbear in #472

Bug Fixes

• Set permissions on unpacked Nix store paths more carefully by @Hoverbear in #451
• Fixup multiple --extra-conf usages by @Hoverbear in #456
• Improve WSL systemd detection by @Hoverbear in #469
• RequiredBy items in the nix.mount of steam-deck planner in [Install] by @Hoverbear in #455

Full Changelog: v0.8.0...v0.9.0

v0.8.0

This release fixes several bug fixes as well as functionality to continue uninstalling with best effort, even if errors occur.

What's Changed

• Fixup create_volume_service action tag by @Hoverbear in #398
• Uninstall shouldn't fail fast by @Hoverbear in #382
• Trim fdesetup output, remove accidently committed SSL related settings by @Hoverbear in #403
• Split output docs by @Hoverbear in #407
• Only stop the nix daemon if it's actually active, not just enabled by @Hoverbear in #410
• Handle the APFS volume not existing but the Service and Fstab being present by @Hoverbear in #405
• Provide users a better error message if systemd is not active by @Hoverbear in #412
• Avoid globbing issues by using symlinks and readlink by @Hoverbear in #413
• Check user group commands exist during plan by @Hoverbear in #411
• Fixup a cure case where a store path already exists so we never make a symlink by @Hoverbear in #414

Full Changelog: v0.7.0...v0.8.0

v0.7.0

This release is mostly a release of bug fixes and documentation updates, containing no major features.

Users should notice less errors in the MacOS volume creation step, automatic Rosetta detection, and better encryption detection. Steam Deck users, we fixed the install read-only issue. During curing we are now less strict about file permissions.

What's Changed

• Be less grumpy about existing file permissions. by @Hoverbear in #359
• Add Rosetta check for Mac by @Hoverbear in #355
• Detect fdesetup properly by @Hoverbear in #361
• Do not try to reload the systemd daemon when we are using --no-start-daemon by @Hoverbear in #365
• Fixup diagnostic_endpoint setting to be more flexible by @Hoverbear in #374
• Improve Mac Volume Curing by @Hoverbear in #362
• Add Fedora v37 tests by @Hoverbear in #364
• Make shell profile locations chosen by planner by @Hoverbear in #375
• Use retry strategy after diskutil create by @Hoverbear in #376
• Revert default_missing_value to default_value by @Hoverbear in #380
• Bump dependencies by @Hoverbear in #385
• Add semver check by @Hoverbear in #156
• Add a bit of issue metadata by @Hoverbear in #386
• Document version pinning by @Hoverbear in #388

Full Changelog: v0.6.0...v0.7.0

v0.6.0

With this release the installer can now support limited 'curing'.

More specifically, installing over an existing partial install (either from nix-installer or the official scripts) should, in many cases, result in a working install. Cured installations include uninstallation via /nix/nix-installer uninstall, just like normal installations.

We're very curious to find cases where curing breaks! If you find a case, please share it with us! along with any reproduction steps!

The command line prompts have undergone some minor trimming and now will only show you settings you've configured, instead of all settings.

For users of busybox, the adduser and addgroup commands.

For users working with proxies and custom certificates, there is now support for HTTPS_PROXY style variables as well as a --proxy flag. For certificates, the --ssl-cert-file flag can be used to set up a custom SSL certificate to use. We also now support your system CA certificates instead of only a static set.

For users using remote MacOS builders over SSH, please see the quirks section of the README.md for instructions how to workaround some zsh behavior which may prevent nix-shell or other tools from being on your $PATH. Previously we wrote to /etc/zshenv but discovered a $PATH ordering bug which caused us to revert this behavior.

What's Changed

• Make CreateUser idempotent by @Hoverbear in #306
• Remove nix channel placement by @Hoverbear in #304
• README: clarify WSL means WSL2 by @cole-h in #315
• Curing existing /nix by @Hoverbear in #310
• Fix vm/container tests after #304 by @Hoverbear in #316
• Cure existing systemd units by @cole-h in #313
• Fixup a couple differences with the official installer scripts by @Hoverbear in #311
• Cure APFS/Fstabs on Mac by @Hoverbear in #246
• Only symlink if the link doesn't already exist by @Hoverbear in #317
• Add curing vm tests by @Hoverbear in #312
• Tweak the logging levels in CI and in some instrumentation by @Hoverbear in #318
• Add test for missing users and groups by @Hoverbear in #321
• Support busybox user/group modification, more informational errors by @cole-h in #319
• Repair /nix removal test by @Hoverbear in #320
• Include user index in the user comment by @cole-h in #330
• Make nix-installer plan invalid-plan fail by @cole-h in #331
• Add install script cure tests by @Hoverbear in #322
• Only list changed plan settings in summary by @cole-h in #333
• Be more positive in help output about our software working and not failing by @Hoverbear in #334
• Default to systemd, refer to documentation if systemd is not available by @cole-h in #336
• Use rustls-tls-native-roots by @Hoverbear in #332
• Add fish vendor_conf.d support by @Hoverbear in #335
• Explicit proxy support by @Hoverbear in #337
• Proxy envs need to get elevated by @Hoverbear in #342
• Groom plan synopsis by @Hoverbear in #338
• Update the install differences in the readme by @Hoverbear in #340
• In the README, recommend a git url by @Hoverbear in #343
• Add ssl-cert-file option by @Hoverbear in #341
• Update zshrc, not zshenv by @Hoverbear in #339
• Fancy-fy the README a bit by @Hoverbear in #345
• Update dependencies by @Hoverbear in #346
• Set NIX_SSL_CERT_FILE in the daemon by @Hoverbear in #347
• Use nixpkgs-unstable by @Hoverbear in #351

Full Changelog: v0.5.0...v0.6.0

v0.5.0

This release includes some more work towards supporting installing over existing installations (see #126 for more information on our curing effort). Specifically, an existing /etc/nix/nix.conf file will no longer be a hard error¹ and will instead be merged with the settings that we desire.

It also fixes a few bugs, like a typo in a permissions check (checking a file had a mode of 664 instead of 644), a macOS installation bug that affected some setups (see #295 and #298 for more information), and explicitly erroring on WSL1 as unsupported.

If you rely on us as a library, the change that will impact you the most is that we made all of our error enums #[non_exhaustive], so that adding new variants in the future won't require a new major version.

The diagnostics report also saw a slight rework to be somewhat more useful in actually diagnosing issues. A diagnostic report now looks like this:

{
  "version": "0.5.0",
  "planner": "linux",
  "configured_settings": [
    "modify_profile"
  ],
  "os_name": "Ubuntu",
  "os_version": "22.04.1 LTS (Jammy Jellyfish)",
  "triple": "x86_64-unknown-linux-musl",
  "is_ci": false,
  "action": "Install",
  "status": "Failure",
  "failure_chain": [
    "Action(\"configure_nix\")",
    "Child(\"place_nix_configuration\")",
    "Child(\"create_directory\")",
    "CreateDirectory(\"/etc/nix\")"
  ]
}

What's Changed

• Describe Diagnostics by @grahamc in #276
• Use 0o644 for files, not 0o664 by @cole-h in #278
• Update default nix_package_url to Nix 2.13.3 by @cole-h in #279
• Add newline to end of plan json output by @cole-h in #283
• Use launchctl load -w on macOS by @cole-h in #298
• Detect WSL1 and error by @cole-h in #297
• Make errors non-exhaustive by @cole-h in #299
• Add more failure context / Improve error structure by @Hoverbear in #296
• Update some dependencies by @Hoverbear in #303
• Integrate nix-config-parser by @cole-h in #263

Full Changelog: v0.4.0...v0.5.0

---

1. Currently, only experimental-features will be merged (please file an issue if you would like to see other options supported!); any other conflict between our desired settings and an existing nix.conf will still cause an error. In other words, if the setting is not one that we are trying to set (see the list here: https://github.com/DeterminateSystems/nix-installer/blob/v0.5.0/src/action/common/place_nix_configuration.rs#L32-L45), it will be seamlessly merged into the resulting nix.conf file. ↩