Release 3.17.1 (2026-03-18)
- Based on upstream Nix 2.33.3.
What's Changed
Provenance now supports "build-time" provenance tags
Users can now specify key/value tags to attach to a build's provenance.
For example, the nix-installer-action now attaches the following properties to each build:
- github_workflow_ref
- github_workflow_sha
- github_sha
- github_run_attempt
- github_run_id
- github_run_number
- github_job
- github_ref
- github_repository
- github_server_url
PR: DeterminateSystems/nix-src#374
Flake inputs are substituted when possible
Locked flake inputs will be fetched from a binary cache when possible, instead of preferring the authoritative flake source. This is intended to reduce load on code forges, and also improves the user experience on large flake inputs.
PR: [DeterminateSystems/nix-src#380](https://github.com/DeterminateSystems/nix-
nix profile upgrade and nix profile remove now support tab completion
PR: DeterminateSystems/nix-src#382
Flake schemas can now define an output as "legacy"
"Legacy" flakes are intended for legacyPackages on Nixpkgs. The "legacy" mark is intended to reduce evaluation time due to the extreme size of legacyPackages. Note: the name "legacy" is not intended as a value judgement, and at this point we're sort of stuck with the name.
Bug fixes
- Fix crash in
nix replloading an invalid WASM file twice. DeterminateSystems/nix-src#378 - nix profile upgrade/remove: Implement tab completion by @edolstra in * Don't crash if SIGINT happens while printing an exception. DeterminateSystems/nix-src#384
- nix-env -i: Wait for the async path writer. DeterminateSystems/nix-src#385
Full Changelog: v3.17.0...v3.17.1