Home Explore Blog CI



nix
1st chunk of `doc/manual/source/release-notes/rl-2.24.md`
ca4e18cd94000d29a7e2e725549d209dba82f4f8ff6e60ea0000000100001103
# Release 2.24.0 (2024-07-31)

### Significant changes

- Harden user sandboxing

  The build directory has been hardened against interference with the outside world by nesting it inside another directory owned by (and only readable by) the daemon user.

  This is a low severity security fix, [CVE-2024-38531](https://www.cve.org/CVERecord?id=CVE-2024-38531).

  Credit: [**@alois31**](https://github.com/alois31), [**Linus Heckemann (@lheckemann)**](https://github.com/lheckemann)
  Co-authors: [**@edolstra**](https://github.com/edolstra)

- `nix-shell <directory>` looks for `shell.nix` [#496](https://github.com/NixOS/nix/issues/496) [#2279](https://github.com/NixOS/nix/issues/2279) [#4529](https://github.com/NixOS/nix/issues/4529) [#5431](https://github.com/NixOS/nix/issues/5431) [#11053](https://github.com/NixOS/nix/issues/11053) [#11057](https://github.com/NixOS/nix/pull/11057)

  `nix-shell $x` now looks for `$x/shell.nix` when `$x` resolves to a directory.

  Although this might be seen as a breaking change, its primarily interactive usage makes it a minor issue.
  This adjustment addresses a commonly reported problem.

  This also applies to `nix-shell` shebang scripts. Consider the following example:

  ```shell
  #!/usr/bin/env nix-shell
  #!nix-shell -i bash
  ```

  This will now load `shell.nix` from the script's directory, if it exists; `default.nix` otherwise.

  The old behavior can be opted into by setting the option [`nix-shell-always-looks-for-shell-nix`](@docroot@/command-ref/conf-file.md#conf-nix-shell-always-looks-for-shell-nix) to `false`.

  Author: [**Robert Hensing (@roberth)**](https://github.com/roberth)

- `nix-repl`'s `:doc` shows documentation comments [#3904](https://github.com/NixOS/nix/issues/3904) [#10771](https://github.com/NixOS/nix/issues/10771) [#1652](https://github.com/NixOS/nix/pull/1652) [#9054](https://github.com/NixOS/nix/pull/9054) [#11072](https://github.com/NixOS/nix/pull/11072)

  `nix repl` has a `:doc` command that previously only rendered documentation for internally defined functions.
  This feature has been extended to also render function documentation comments, in accordance with [RFC 145].

  Example:

  ```
  nix-repl> :doc lib.toFunction
  Function toFunction
      … defined at /home/user/h/nixpkgs/lib/trivial.nix:1072:5

      Turns any non-callable values into constant functions. Returns
      callable values as is.

  Inputs

      v

        : Any value

  Examples

      :::{.example}

  ## lib.trivial.toFunction usage example

        | nix-repl> lib.toFunction 1 2
        | 1
        |
        | nix-repl> lib.toFunction (x: x + 1) 2
        | 3

      :::
  ```

  Known limitations:
  - It does not render documentation for "formals", such as `{ /** the value to return */ x, ... }: x`.
  - Some extensions to markdown are not yet supported, as you can see in the example above.

  We'd like to acknowledge [Yingchi Long (@inclyc)](https://github.com/inclyc) for proposing a proof of concept for this functionality in [#9054](https://github.com/NixOS/nix/pull/9054), as well as [@sternenseemann](https://github.com/sternenseemann) and [Johannes Kirschbauer (@hsjobeki)](https://github.com/hsjobeki) for their contributions, proposals, and their work on [RFC 145].

  Author: [**Robert Hensing (@roberth)**](https://github.com/roberth)


### Other changes

- Solve `cached failure of attribute X` [#9165](https://github.com/NixOS/nix/issues/9165) [#10513](https://github.com/NixOS/nix/issues/10513) [#10564](https://github.com/NixOS/nix/pull/10564)

  This eliminates all "cached failure of attribute X" messages by forcing evaluation of the original value when needed to show the exception to the user. This enhancement improves error reporting by providing the underlying message and stack trace.

  Author: [**Eelco Dolstra (@edolstra)**](https://github.com/edolstra)

- Run the flake regressions test suite [#10603](https://github.com/NixOS/nix/pull/10603)

  This update introduces a GitHub action to run a subset of the [flake regressions test suite](https://github.com/NixOS/flake-regressions), which includes 259 flakes with their expected evaluation results. Currently, the action runs the first 25 flakes due to the full test suite's extensive runtime. A manually triggered action may be implemented later to run the entire test suite.
Title: Nix Release 2.24.0: Significant Changes and Bug Fixes
Summary
Nix release 2.24.0 includes security enhancements to user sandboxing (CVE-2024-38531), a change in `nix-shell` to look for `shell.nix` in directories, and an extended `:doc` command in `nix repl` to render documentation comments. It also addresses the 'cached failure of attribute X' issue and introduces a GitHub action for running flake regression tests.