Throw out your manual provisioning runbook: fully automated Nix installation on macOS comes to AWS. Autoscale and deploy Apple hardware without logging in graphically to allow Full Disk Access with the latest Determinate Nix Installer. Check out the blog post for details:
Skip the unskippable: eliminate the macOS Full Disk Access approval on AWS EC2 with Determinate.
Has your build ended with "error: Nix daemon disconnected unexpectedly (maybe it crashed?)"? Good news: Nix 2.24.9 is phasing in through all Determinate channels, improving the reliability and fixing this issue. See:
Motivation This method is marked as noexcept, but enqueueFileTransfer() can throw Interrupted if the user has hit Ctrl-C or if the ThreadPool that the thread is a part of is shutting down. Should f...
Corporate Nix user? Determinate automatically handles Zscaler and other MITM proxies for you. Check out our blog post on solving enterprise TLS certificates for Nix on macOS: https://buff.ly/4eHFTAf
NixOS users can determine if CUPS is enabled, and their machine may be impacted by the recent CUPS vulnerabilities via: nix eval .#nixosConfigurations.YOURMACHINENAME.config.services.printing.enable The machine is not affected if nix eval prints "false".
The primary risk is leaking of netrc credentials through a crafted derivation plus an attacker-in-the-middle. Users of the experimental feature `impure-derivations` are at greater risk. FlakeHub Cache users and users of impure derivations should upgrade as soon as possible.
builtin:fetchurl is a builtin derivation that requires an output hash, and is not the same as `builtins.fetchUrl`, which does not. `builtins.fetchUrl` is not affected.
Nix 2.24.8 is currently phasing in through all Determinate distribution channels. This release improves the security of Nix's builtin:fetchurl builder by validating TLS certificates against the system's certificate store. Note: builtin:fetchurl is not builtins.fetchUrl...
Excited for macOS Sequoia? Make the upgrade seamless by preparing your Nix installation first. Our latest Determinate Nix Installer release includes a repair tool to make any existing installation compatible.
Nix fully supports the upcoming macOS Sequoia, but you'll have to repair the build users first.
Nix 2.24.6 is now available through all Determinate channels, resolving last night's security vuln. Users can get our supported Nix via our Nix flake: https://buff.ly/47jg5Ig. Other users can update Nix via `nix upgrade-nix` see the below link. Details:
Determinate's Status Page - Uncoordinated disclosure of a Nix 2.24 privilege escalation vulnerability.
A vuln in Nix versions 2.24.{0-5} was disclosed without a coordinated Nix release. Affected versions are yanked from the DeterminateSystems/nix flake, and Determinate Nix Installer is rolled back to 2.23.3. See: https://buff.ly/4cXEMv9https://buff.ly/3MEIXRO