Home Explore Blog CI



nix
2nd chunk of `doc/manual/source/release-notes/rl-2.25.md`
9c41838e8dfa7750aba01b541d15ced0367c124d8e6052ba0000000100000d79
  The build hook protocol did in principle support custom ways of remote building, but that can also be accomplished with a custom service for the ssh or daemon/ssh-ng protocols, or with a custom [store type](@docroot@/store/types/index.md) i.e. `Store` subclass. <!-- we normally don't mention classes, but consider that this release note is about a library use case -->

  The Perl bindings no longer expose `getBinDir` either, since the underlying C++ libraries those bindings wrap no longer know the location of installed binaries as described above.

- Wrap filesystem exceptions more correctly [#11378](https://github.com/NixOS/nix/pull/11378)

  With the switch to `std::filesystem` in different places, Nix started to throw `std::filesystem::filesystem_error` in many places instead of its own exceptions.
  As a result, Nix no longer generated error traces when (for example) listing a non-existing directory. It could also lead to crashes inside the Nix REPL.

  This version catches these types of exception correctly and wraps them into Nix's own exception type.

  Author: [**@Mic92**](https://github.com/Mic92)

- Add setting `fsync-store-paths` [#1218](https://github.com/NixOS/nix/issues/1218) [#7126](https://github.com/NixOS/nix/pull/7126)

  Nix now has a setting `fsync-store-paths` that ensures that new store paths are durably written to disk before they are registered as "valid" in Nix's database. This can prevent Nix store corruption if the system crashes or there is a power loss. This setting defaults to `false`.

  Author: [**@squalus**](https://github.com/squalus)

- Removing the default argument passed to the `nix fmt` formatter [#11438](https://github.com/NixOS/nix/pull/11438)

  The underlying formatter no longer receives the "." default argument when `nix fmt` is called with no arguments.

  This change was necessary as the formatter wasn't able to distinguish between
  a user wanting to format the current folder with `nix fmt .` or the generic
  `nix fmt`.

  The default behavior is now the responsibility of the formatter itself, and
  allows tools such as `treefmt` to format the whole tree instead of only the
  current directory and below.

  Author: [**@zimbatm**](https://github.com/zimbatm)

- `<nix/fetchurl.nix>` uses TLS verification [#11585](https://github.com/NixOS/nix/pull/11585)

  Previously `<nix/fetchurl.nix>` did not do TLS verification. This was because the Nix sandbox in the past did not have access to TLS certificates, and Nix checks the hash of the fetched file anyway. However, this can expose authentication data from `netrc` and URLs to man-in-the-middle attackers. In addition, Nix now in some cases (such as when using impure derivations) does *not* check the hash. Therefore we have now enabled TLS verification. This means that downloads by `<nix/fetchurl.nix>` will now fail if you're fetching from a HTTPS server that does not have a valid certificate.

  `<nix/fetchurl.nix>` is also known as the builtin derivation builder `builtin:fetchurl`. It's not to be confused with the evaluation-time function `builtins.fetchurl`, which was not affected by this issue.


# Contributors

This release was made possible by the following 58 contributors:

- 1444 [**(@0x5a4)**](https://github.com/0x5a4)
- Adrian Hesketh [**(@a-h)**](https://github.com/a-h)
- Aleksana [**(@Aleksanaa)**](https://github.com/Aleksanaa)
- Alyssa Ross [**(@alyssais)**](https://github.com/alyssais)
Title: Nix Release 2.25.0 - Perl Bindings, Filesystem Exceptions, fsync-store-paths, nix fmt, and fetchurl TLS Verification
Summary
This section details more changes in Nix Release 2.25.0, including the removal of `getBinDir` from Perl bindings, improved handling of filesystem exceptions, the addition of the `fsync-store-paths` setting for ensuring durable writes, changes to the default argument of `nix fmt`, and the enabling of TLS verification for `<nix/fetchurl.nix>` to enhance security. It also acknowledges the contributors to this release.