Home Explore Blog Models CI



nixpkgs
23th chunk of `nixos/doc/manual/release-notes/rl-2405.section.md`
4a256af185de7e2d0eb2c3b1bdc7f893dd275a117d1c86320000000100000b41
  non-child processes. This means you will not be able to attach gdb to an
  existing process, but will need to start that process from gdb (so it is a
  child). Or you can set `boot.kernel.sysctl."kernel.yama.ptrace_scope"` to 0.

- Lisp modules: previously deprecated interface based on `common-lisp.sh` has now been removed.

- The `systemd-confinement` module extension is now compatible with `DynamicUser=true` and thus `ProtectSystem=strict` too.


## Nixpkgs Library {#sec-release-24.05-nixpkgs-lib}

### Additions and Improvements {#sec-release-24.05-lib-additions-improvements}

New functions:
- [`lib.asserts.assertEachOneOf`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.asserts.assertEachOneOf): Check that each value is one of the allowed ones.
- [`lib.attrsets.longestValidPathPrefix`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.attrsets.longestValidPathPrefix): The longest prefix of an attribute path that refers to an existing attribute in a nesting of attribute sets.
- [`lib.attrsets.mapCartesianProduct`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.attrsets.mapCartesianProduct): Apply a function to the cartesian product of attribute set value combinations.
- [`lib.trivial.xor`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.trivial.xor): Boolean "exclusive or"
- [`lib.lists.ifilter0`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.lists.ifilter0): Filter a list for elements that satisfy a predicate function. The predicate function is called with both the index and value for each element.
- [`lib.lists.sortOn`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.lists.sortOn): Sort a list based on the default comparison of a derived property.
- [`lib.path.hasStorePathPrefix`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.path.hasStorePathPrefix): Whether a [path](https://nixos.org/manual/nix/stable/language/values.html#type-path) has a [store path](https://nixos.org/manual/nix/stable/store/store-path.html#store-path) as a prefix.
- [`lib.filesystem.packagesFromDirectoryRecursive`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.filesystem.packagesFromDirectoryRecursive): Transform a directory tree containing package files suitable for `callPackage` into a matching nested attribute set of derivations.
- [`lib.fileset.toList`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.fileset.toList): The list of file paths contained in a given file set.
- [`lib.fileset.maybeMissing`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.fileset.maybeMissing): Create a file set from a path that may or may not exist.
- [`lib.derivations.optionalDrvAttr`](https://nixos.org/manual/nixpkgs/unstable#function-library-lib.derivations.optionalDrvAttr): Conditionally set a derivation attribute.
Title: Kernel, Module, and Nixpkgs Library Updates
Summary
This chunk details several system-level changes and a significant expansion of the Nixpkgs library. Key updates include the kernel Yama LSM being enabled by default, which restricts `ptrace` to child processes (with a `sysctl` override option); the removal of the deprecated `common-lisp.sh` interface for Lisp modules; and improved compatibility for the `systemd-confinement` module extension with `DynamicUser=true` and `ProtectSystem=strict`. The majority of the chunk focuses on the 'Nixpkgs Library' additions and improvements, introducing new functions such as `lib.asserts.assertEachOneOf`, `lib.attrsets.longestValidPathPrefix`, `lib.attrsets.mapCartesianProduct`, `lib.trivial.xor`, `lib.lists.ifilter0`, `lib.lists.sortOn`, `lib.path.hasStorePathPrefix`, `lib.filesystem.packagesFromDirectoryRecursive`, `lib.fileset.toList`, `lib.fileset.maybeMissing`, and `lib.derivations.optionalDrvAttr`.