nixpkgs/doc/release-notes/rl-2511.section.md

Nixpkgs 25.11 ("Xantusia", 2025.11/??)

Highlights

• The initial work to support native compilation on LoongArch64 has completed, with further changes currently in preparation. In accordance with the Software Development and Build Convention for LoongArch Architectures, this release sets the default march level to la64v1.0, covering the desktop and server processors of 3X5000 and newer series. However, embedded chips without LSX (Loongson SIMD eXtension), such as 2K0300 SoC, are not supported. pkgsCross.loongarch64-linux-embedded can be used to build software and systems for these platforms.
• The official Nix formatter nixfmt is now stable and available as pkgs.nixfmt, deprecating the temporary pkgs.nixfmt-rfc-style attribute. The classic nixfmt will stay available for some more time as pkgs.nixfmt-classic.

Backward Incompatibilities

• nixVersions.nix_2_3 has been dropped because it was insecure and unmaintained.

• The minimum version of Nix required to evaluate Nixpkgs has been raised from 2.3 to 2.18.

• mono4 and mono5 have been removed. Use mono6 or mono instead.

• The offrss package was removed due to lack of upstream maintenance since 2012. It's recommended for users to migrate to another RSS reader

• GCC 9, 10, 11, and 12 have been removed, as they have reached end‐of‐life upstream and are no longer supported.

• GHC 8.6 and its package set have been removed. It was only used to bootstrap GHC for powerpc64le, but this was probably broken anyway.

• base16-builder node package has been removed due to lack of upstream maintenance.

• python3Packages.bjoern has been removed, as the upstream is unmaintained and it depends on a 14-year-old version of http-parser with numerous vulnerabilities.

• buildGoModule now warns if <pkg>.passthru.overrideModAttrs is lost during the overriding of its result packages.

• gentium package now provides Gentium-*.ttf files, and not GentiumPlus-*.ttf files like before. The font identifiers Gentium Plus* are available in the gentium-plus package, and if you want to use the more recently updated package gentium by sil, you should update your configuration files to use the Gentium font identifier.

• space-orbit package has been removed due to lack of upstream maintenance. Debian upstream stopped tracking it in 2011.

• Derivations setting both separateDebugInfo and one of allowedReferences, allowedRequisites, disallowedReferences or disallowedRequisites must now set __structuredAttrs to true. The effect of reference whitelisting or blacklisting will be disabled on the debug output created by separateDebugInfo.

• victoriametrics no longer contains VictoriaLogs components. These have been separated into the new package victorialogs.

• mx-puppet-discord was removed from Nixpkgs along with its NixOS module as it was unmaintained and was the only user of sha1 hashes in tree.

• kbd package's outputs now include a man and scripts outputs. The unicode_start and unicode_stop Bash scripts are now part of the scripts output, allowing most usages of the kbd package to not pull in bash.

• cudaPackages.cudatoolkit-legacy-runfile has been removed.

• conduwuit was removed due to upstream ceasing development and deleting their repository. For existing data, a migration to matrix-conduit, matrix-continuwuity or matrix-tuwunel may be possible.

• The GHCJS 8.10.7, exposed via haskell.compiler.ghcjs and haskell.compiler.ghcjs810, has been removed. Downstream users should migrate their projects to the new JavaScript backend of GHC proper which can be used via pkgsCross.ghcjs from Nixpkgs. Haskell packaging code, like haskellPackages.mkDerivation, ghcWithPackages and hoogleWithPackages, also no longer supports GHCJS.

• The ghcInfo and controlPhases functions have been removed from haskell.lib.compose and haskell.lib. They were unused and would return incorrect results.

  • Instead of using controlPhases, the doCheck attribute of derivations can be accessed which is more accurate. doBenchmark can't be introspected at the moment.
  • To detect cross compilation, the relevant platforms exposed by stdenv should be compared instead of using ghcInfo.
  • Nixpkgs no longer packages any ghcjs compiler.
  • To find a suitable nativeGhc, buildHaskellPackages should be used. ghcInfo would use ghc.bootPkgs.ghc if cross compiling, and the given ghc otherwise. This approach is not recommended since it results in mismatched GHC versions.

• gnome-keyring no longer ships with an SSH agent anymore because it has been deprecated upstream. You should use gcr_4 instead, which provides the same features. More information on why this was done can be found on the relevant GCR upstream PR.

• stdenv.mkDerivation and other derivation builders that use it no longer allow the value of env to be anything but an attribute set, for the purpose of setting environment variables that are available to the builder process. An environment variable called env can still be provided by means of mkDerivation { env.env = ...; }, though we recommend to use a more specific name than "env".

• The default Android NDK version has been raised to 27, and the default SDK version to 35. NDK 21–26 have been removed, as they are end‐of‐life.

• nuget-to-nix has been removed as it was deprecated in favor of nuget-to-json. Out-of-tree packages that were using nuget-to-nix should migrate to use nuget-to-json instead for generating .NET dependency lock files.

• conftest since 0.60.0 has moved to use rego v1 as default. To continue using v0 use --rego-version v0. For more information about upgrading to Rego v1 syntax, see the upstream docs.

• Zig 0.12 has been removed.

• ansible-later has been removed because it was discontinued by the author.

• k3s airgap images passthru attributes have changed:

  • imagesList was removed
  • airgapImages was renamed to airgap-images
  • airgapImagesAmd64 was renamed to airgap-images-amd64-tar-zst
  • airgapImagesArm64 was renamed to airgap-images-arm64-tar-zst
  • airgapImagesArm was renamed to airgap-images-arm-tar-zst

• stalwart-mail since 0.13.0 "introduces a significant redesign of the MTA’s delivery and queueing subsystem". See the upgrading announcement for the 0.13.0 release.

• Greetd and its original greeters (tuigreet, gtkgreet, qtgreet, regreet, wlgreet) were moved from greetd namespace to top level (greetd.tuigreet -> tuigreet, greetd.greetd -> greetd, etc). The original attrs are available for compatibility as passthrus of greetd, but will emit a warning. They will be removed in future releases.

• The archipelago-minecraft package was removed, as upstream no longer provides support for the Minecraft APWorld.

• navidrome 0.58.0 introduces multi-library support and backwards incompatible database migrations. Ensure backups are valid and run a Full Scan after starting the new version.

• tooling-language-server has been renamed to deputy (both the package and binary), following the rename of the upstream project.

• fetchtorrent, when using the "rqbit" backend, erroneously started fetching files into a subdirectory in Nixpkgs 24.11. The original behaviour – which matches the behaviour using the "transmission" backend – has now been restored. Users reliant on the erroneous behaviour can temporarily maintain it by adding flatten = false to the fetchtorrent arguments; Nix will produce an evaluation warning for anyone using backend = "rqbit" without flatten = true.

• linux and all other Linux kernel packages have moved all in-tree kernel modules into a new modules output.

• webfontkitgenerator has been renamed to webfont-bundler, following the rename of the upstream project. The binary name remains webfontkitgenerator. The webfontkitgenerator package is an alias to webfont-bundler.

• python3Packages.triton no longer takes an enableRocm argument and supports ROCm in all build configurations via runtime binding. In most cases no action will be needed. If triton is unable to find the HIP SDK add rocmPackages.clr as a build input or set the environment variable HIP_PATH="${rocmPackages.clr}".

• inspircd has been updated to the v4 release series. Please refer to the upstream documentation for general information and a list of breaking changes.

• lima package now only includes the guest agent for the host's architecture by default. If your guest VM's architecture differs from your Lima host's, you'll need to enable the lima-additional-guestagents package by setting withAdditionalGuestAgents = true when overriding lima with this input.

• mongodb-6_0 was removed as it is end of life as of 2025-07-31.

• CUDA versions below 12.6 have been removed, as they are unmaintained upstream and depend on end‐of‐life compilers.

• vmware-horizon-client was renamed to omnissa-horizon-client, following VMware's sale of their end-user business to Omnissa. The binary has been renamed from vmware-view to horizon-client.

• neovimUtils.makeNeovimConfig now uses customLuaRC parameter instead of accepting luaRcContent. The old usage is deprecated but still works with a warning.

• telegram-desktop packages now uses Telegram for its binary. The previous name was telegram-desktop. This is due to an upstream decision to make the name consistent with other platforms.

• podofo has been updated from 0.9.8 to 1.0.0. These releases are by nature very incompatible due to major API changes. The legacy versions can be found under podofo_0_10 and podofo_0_9. Changelog: https://github.com/podofo/podofo/blob/1.0.0/CHANGELOG.md, API-Migration-Guide: https://github.com/podofo/podofo/blob/1.0.0/API-MIGRATION.md.

• NetBox was updated to >= 4.3.0. Have a look at the breaking changes of the 4.3 release, make the required changes to your database, if needed, then upgrade by setting services.netbox.package = pkgs.netbox_4_3; in your configuration.

• privatebin has been updated to 2.0.0. This release changes configuration defaults including switching the template and removing legacy features. See the v2.0.0 changelog entry for details on how to upgrade.

• rocmPackages.triton has been removed in favor of python3Packages.triton.

• linpinyin, which is used for Chinese character input, has migrated from the unmaintained BDB database format to the newer KyotoCabinet database format. If you want to migrate your user input statistics you can consider using bdbtokyotodb.

• go-mockery has been updated to v3. For migration instructions see the upstream documentation. If v2 is still required go-mockery_v2 has been added but will be removed on or before 2029-12-31 in-line with its upstream support lifecycle

• prometheus-script-exporter has been updated to use a new maintained alternative. This release updates from 1.2.0 -> 3.0.1 and largely changes configuration options formats from json to yaml, among other changes.

• private-gpt service has been removed by lack of maintenance upstream.

• lxde scope has been removed, and its packages have been moved the top-level.

• pulsemeeter has been updated to 2.0.0. The configuration file from older versions has to be deleted. For more information and instructions see the v2.0.0 changelog entry.

Other Notable Changes

• Added rewriteURL attribute to the nixpkgs config, to allow for rewriting the URLs downloaded by fetchurl.

• The systemd initrd will now respect x-systemd.wants and x-systemd.requires for reliably unlocking multi-disk bcachefs volumes.

• homebox 0.20.0 changed how assets are stored and hashed. It is recommended to back up your database before this update.

• New hardening flags, strictflexarrays1 and strictflexarrays3 were made available, corresponding to the gcc/clang options -fstrict-flex-arrays=1 and -fstrict-flex-arrays=3 respectively.

• gramps has been updated to 6.0.0 Upstream recommends backing up your Family Trees before upgrading.

• meta.mainProgram: Changing this meta entry can lead to a package rebuild due to being used to determine the NIX_MAIN_PROGRAM environment variable.

• lisp-modules were brought in sync with the June 2025 Quicklisp release.

• ffmpeg_8, ffmpeg_8-headless, and ffmpeg_8-full have been added. The default version of FFmpeg remains ffmpeg_7 for now, though this may change before release.

• searx was updated to use envsubst instead of sed for parsing secrets from environment variables. If your previous configuration included a secret reference like server.secret_key = "@SEARX_SECRET_KEY@", you must migrate to the new envsubst syntax: server.secret_key = "$SEARX_SECRET_KEY".

• versionCheckHook: Packages that previously relied solely on pname to locate the program used to version check, but have a differing meta.mainProgram entry, might now fail.

• The debug outputs produced by separateDebugInfo = true; now contain symlinks mapping build-ids to the original source and ELF file. Specifically, if $out/bin/ninja has build-id 483bd7f7229bdb06462222e1e353e4f37e15c293, then

  • $debug/lib/debug/.build-id/48/3bd7f7229bdb06462222e1e353e4f37e15c293.executable is a symlink to $out/bin/ninja
  • $debug/lib/debug/.build-id/48/3bd7f7229bdb06462222e1e353e4f37e15c293.source is a symlink to the value of $src during build
  • $debug/lib/debug/.build-id/48/3bd7f7229bdb06462222e1e353e4f37e15c293.sourceoverlay is a symlink to a directory with the same structure as the expanded $sourceRoot but containing only a copy of files which were patched during the build
  • $debug/lib/debug/.build-id/48/3bd7f7229bdb06462222e1e353e4f37e15c293.debug is the file containing debug symbols (like before).

• fetchgit: Add rootDir argument to limit the resulting source to one subdirectory of the whole Git repository. Corresponding --root-dir option added to nix-prefetch-git.

• sftpman has been updated to version 2, a rewrite in Rust which is mostly backward compatible but does include some changes to the CLI. For more information, check the project's README.

• The clickhouse package now track the stable upstream version per upstream's recommendation. Users can continue to use the clickhouse-lts package if desired.

• buildPythonPackage and buildPythonApplication now default to nix-update-script as their default updateScript. This should improve automated updates, since nix-update is better maintained than the in-tree update script and has more robust fetcher support.

Nixpkgs Library

• mealie has been updated to 3.0.2: This update introduces breaking changes in some API endpoints (see the release changelog).

Breaking changes

• reaction has been updated to version 2, which includes some breaking changes. For more information, check the release article.

• The buildPythonPackage and buildPythonApplication functions now require an explicit format attribute. Previously the default format used setuptools and called setup.py from the source tree, which is deprecated. The modern alternative is to configure pyproject = true with build-system = [ setuptools ].

• boot.enableContainers is only turned on when a declarative NixOS container is defined in containers. If you use the nixos-container tool for imperative container management, set boot.enableContainers = true; explicitly.

Deprecations

• Create the first release note entry in this section!

Additions and Improvements

• neovim: Added support for the vim.o.exrc option, the VIMINIT environment variable, and sourcing of sysinit.vim.

  See the neovim help page :help startup for more information, as well as the nixpkgs neovim wrapper documentation.