Nix 0.11: Performance, Security, and Functionality Improvements

\"i686-linux\"` (note that `--argstr` prevents annoying quoting around shell arguments). - `nix-store` has a new operation `--read-log` (`-l`) `paths` that shows the build log of the given paths. - Nix now uses Berkeley DB 4.5. The database is upgraded automatically, but you should be careful not to use old versions of Nix that still use Berkeley DB 4.4. - The option `--max-silent-time` (corresponding to the configuration setting `build-max-silent-time`) allows you to set a timeout on builds — if a build produces no output on `stdout` or `stderr` for the given number of seconds, it is terminated. This is useful for recovering automatically from builds that are stuck in an infinite loop. - `nix-channel`: each subscribed channel is its own attribute in the top-level expression generated for the channel. This allows disambiguation (e.g. `nix-env -i -A nixpkgs_unstable.firefox`). - The substitutes table has been removed from the database. This makes operations such as `nix-pull` and `nix-channel --update` much, much faster. - `nix-pull` now supports bzip2-compressed manifests. This speeds up channels. - `nix-prefetch-url` now has a limited form of caching. This is used by `nix-channel` to prevent unnecessary downloads when the channel hasn’t changed. - `nix-prefetch-url` now by default computes the SHA-256 hash of the file instead of the MD5 hash. In calls to `fetchurl` you should pass the `sha256` attribute instead of `md5`. You can pass either a hexadecimal or a base-32 encoding of the hash. - Nix can now perform builds in an automatically generated “chroot”. This prevents a builder from accessing stuff outside of the Nix store, and thus helps ensure purity. This is an experimental feature. - The new command `nix-store --optimise` reduces Nix store disk space usage by finding identical files in the store and hard-linking them to each other. It typically reduces the size of the store by something like 25-35%. - `~/.nix-defexpr` can now be a directory, in which case the Nix expressions in that directory are combined into an attribute set, with the file names used as the names of the attributes. The command `nix-env --import` (which set the `~/.nix-defexpr` symlink) is removed. - Derivations can specify the new special attribute `allowedReferences` to enforce that the references in the output of a derivation are a subset of a declared set of paths. For example, if `allowedReferences` is an empty list, then the output must not have any references. This is used in NixOS to check that generated files such as initial ramdisks for booting Linux don’t have any dependencies. - The new attribute `exportReferencesGraph` allows builders access to the references graph of their inputs. This is used in NixOS for tasks such as generating ISO-9660 images that contain a Nix store populated with the closure of certain paths. - Fixed-output derivations (like `fetchurl`) can define the attribute `impureEnvVars` to allow external environment variables to be passed to builders. This is used in Nixpkgs to support proxy configuration, among other things. - Several new built-in functions: `builtins.attrNames`, `builtins.filterSource`, `builtins.isAttrs`, `builtins.isFunction`, `builtins.listToAttrs`, `builtins.stringLength`, `builtins.sub`, `builtins.substring`, `throw`, `builtins.trace`, `builtins.readFile`.

This section describes further enhancements in Nix 0.11, including `--argstr` option, `nix-store --read-log`, Berkeley DB 4.5 update, `--max-silent-time` option, `nix-channel` improvements, substitutes table removal, `nix-pull` support for bzip2, `nix-prefetch-url` caching and SHA-256 hashing, experimental chroot builds, `nix-store --optimise`, `~/.nix-defexpr` directory support, `allowedReferences` attribute for derivations, `exportReferencesGraph` attribute, `impureEnvVars` attribute, and new built-in functions.