Do Son NixOS is a GNU/Linux distribution that aims to improve the state of the art in system configuration management. In existing distributions, actions such as upgrades are dangerous: upgrading a package can cause other packages to break, upgrading an entire system is much less reliable than reinstalling from scratch, you canβt safely test what the results of a configuration change will be, you cannot easily undo changes to the system, and so on.Β NixOS has many innovative features:
- Declarative system configuration model
In NixOS, the entire operating system β the kernel, applications, system packages, configuration files, and so on β is built by theΒ Nix package managerΒ from a description in a purely functional build language. The fact that itβs purely functional essentially means that building a new configuration cannot overwrite previous configurations. Most of the other features follow from this.
You configure a NixOS system by writing a specification of the functionality that you want on your machine inΒ /etc/nixos/configuration.nix.
-
Reliable upgrades
Another advantage of purely functional package management is thatΒ nixos-rebuild switchΒ will always produce the same result, regardless of what packages or configuration files you already had on your system. Thus, upgrading a system is as reliable as reinstalling from scratch.
-
Atomic upgrades
NixOS has aΒ transactionalΒ approach to configuration management: configuration changes such as upgrades areΒ atomic. This means that if the upgrade to a new configuration is interrupted β say, the power fails half-way through β the system will still be in a consistent state: it will either boot in the old or the new configuration. In most other systems, youβll end up in an inconsistent state, and your machine may not even boot anymore.
-
Rollbacks
Because the files of a new configuration donβt overwrite old ones, you can (atomically) roll back to a previous configuration. For instance, if after aΒ nixos-rebuild switchΒ you discover that you donβt like the new configuration, you can just go back:Β $ nixos-rebuild switch –rollback
-
Reproducible system configurations
NixOSβ declarative configuration model makes it easy to reproduce a system configuration on another machine (for instance, to test a change in a test environment before doing it on the production server). You just copy theΒ configuration.nixΒ file to the target NixOS machine and runΒ nixos-rebuild switch. This will give you the same configuration (kernel, applications, system services, and so on) except for βmutable stateβ (such as the stuff that lives inΒ /var).
- Safe to test changes
NixOS makes it safe to test potentially dangerous changes to the system because you can always roll back. (Unless you screw up the bootloader, that isβ¦) For instance, whether the change is as simple as enabling a system service, or as large as rebuilding the entire system with a new version of Glibc, you can test it by doing:Β $ nixos-rebuild test
- Source-based model, with binaries
The Nix build language used by NixOS specifies how to build packages from source. This makes it easy to adapt the system β just edit any of the βNix expressionsβ for NixOS or Nixpkgs in/etc/nixos, and runΒ nixos-rebuild. However, building from source is also slow. Therefore Nix automatically downloads pre-built binaries fromΒ nixos.orgΒ if they are available. This gives the flexibility of a source-based package management model with the efficiency of a binary model.
- Consistency
The Nix package manager ensures that the running system is βconsistentβ with the logical specification of the system, meaning that it will rebuild all packages that need to be rebuilt. For instance, if you change the kernel, Nix will ensure that external kernel modules such as the NVIDIA driver will be rebuilt as well β so you never run into an X server that mysteriously fails to start after a kernel security upgrade. And if you update the OpenSSL library, Nix ensures that all packages in the system use the new version, even packages that statically link against OpenSSL.
- Multi-user package management
On NixOS, you do not need to be root to install software. In addition to the system-wide βprofileβ (set of installed packages), all user have their own profile in which they can install packages. Nix allows multiple versions of a package to coexist, so different users can have different versions of the same package installed in their respective profiles. If two users install the same version of a package, only one copy will be built or downloaded, and Nixβs security model ensures that this is secure. Users cannot installΒ setuidΒ binaries.
NixOS 18.03 released.
Changelog
- End of support is planned for end of October 2018, handing over to 18.09.
- Platform support: x86_64-linux and x86_64-darwin since release time (the latter isn’t NixOS, really). Binaries for aarch64-linux are available, but no channel exists yet, as it’s waiting for some test fixes, etc.
- Nix now defaults to 2.0; see itsΒ release notes.
- Core version changes: linux: 4.9 -> 4.14, glibc: 2.25 -> 2.26, gcc: 6 -> 7, systemd: 234 -> 237.
- Desktop version changes: gnome: 3.24 -> 3.26, (KDE) plasma-desktop: 5.10 -> 5.12.
- MariaDB 10.2, updated from 10.1, is now the default MySQL implementation. While upgrading a few changes have been made to the infrastructure involved:
libmysqlΒ has been deprecated, please useΒmysql.connector-cΒ instead, a compatibility passthru has been added to the MySQL packages.- TheΒ
mysql57Β package has a newΒstaticΒ output containing the static libraries includingΒlibmysqld.a
- PHP now defaults to PHP 7.2, updated from 7.1.
Download
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
