Release 3.21.1 (2026-06-08)
- Based on upstream Nix 2.34.7.
Faster nix copy
Previously, nix copy processed store paths in topological order, meaning that if store path A depends on B, then Nix wouldn't even start the fetch of store path A from the source store, or the writing of store path A to the destination store, until store path B had been added to the destination store.
Now, Nix can start fetching and writing store paths before their dependencies have been added to the destination store. This can provide significant speedups. For instance, the command
# nix copy \
--from file:///tmp/binary-cache \
--to file:///tmp/binary-cache-2?compression=xz \
--no-check-sigs \
/nix/store/8xyk1qxxjfb8cm62g61yc59phwha92w7-kdenlive-25.08.3
went from 117.7s to 47.2s on a machine with 24 cores.
This optimisation affects copying to binary caches and local stores, but not when going through the Nix daemon. It also does not speed up substitution yet.
PRs: DeterminateSystems/nix-src#477, DeterminateSystems/nix-src#478, DeterminateSystems/nix-src#481, DeterminateSystems/nix-src#480
Determinate Secure Packages
Determinate Nix is now built against Determinate Secure Packages, a distribution of Nixpkgs that adds enterprise-grade security, compliance controls, and managed vulnerability remediation.
Determinate Nix's top-level flake still builds against upstream Nixpkgs. The flake github:DeterminateSystems/nix-src?dir=packaging/secure-packages uses Determinate Secure Packages.
PR: DeterminateSystems/nix-src#288
Flake schema changes
Flakes can now distinguish between schemas for their own outputs (via the schemas output), and schemas that they make available to other flakes (via the exportedSchemas output). If you're using the flake-schemas flake, you should use its exportedSchemas output, e.g.
{
inputs.flake-schemas.url = "https://flakehub.com/f/DeterminateSystems/flake-schemas/0.5";
outputs = { self, flake-schemas, ... }: {
schemas = flake-schemas.exportedSchemas // { ... my own schemas ... }
};
}
PRs: DeterminateSystems/nix-src#479, DeterminateSystems/nix-src#486, DeterminateSystems/flake-schemas#63
Various bug fixes
- Stop leaked logger in Finally block by @cole-h in DeterminateSystems/nix-src#472
- Denote empty files in stack traces by @edolstra in DeterminateSystems/nix-src#473
- Input::isRelative(): Fix assertion failure by @edolstra in DeterminateSystems/nix-src#474
- Mark thread-local variables as initial-exec by @edolstra in DeterminateSystems/nix-src#476
- Register temp roots in a few places by @edolstra in DeterminateSystems/nix-src#482
- Sync with upstream 2.34.7 by @edolstra in DeterminateSystems/nix-src#483
- Add a test for
nix psby @edolstra in DeterminateSystems/nix-src#484 - nix develop: Restore hiding the "dirty" notice by @edolstra in DeterminateSystems/nix-src#485
Full Changelog: v3.21.0...v3.21.1