Discussion - Channel updates, minor versions and packages

My investment in learning and migrating to NixOS is and has been primarily driven by providing consistency, predictability and reliability as this is where other operating environments are failing IMHO. So far, it has been an exceptional experience in all of these but I now find myself needing to manage updates on a greater scale and want to also achieve this with the same goals, so I am really interested to discuss and learn how others use and manage updates particularly with regards to packages.


It’s probably worth explaining how I understand things to work which somehow after 2 years of using NixOS caught me by surprise, probably because I didn’t really think about it fully but maybe also because looking back I was so caught up with declarative configs and immutable systems that I didn’t carefully read all the documentation!

Yesterday (10Jul24) I built a test NixOS 24.05 domain (virtual machine) from a minimal ISO (nixos-minimal-24.05.1270.2819fffa7fa4-x86_64-linux.iso) and a binary cache (built 17Jun24 from the same ISO and with no updates applied). When each of these machines were built, Firefox 126.0.1 was installed using configuration.nix. The NixOS version on the test system shows as:

$ nixos-version
24.05.1270.2819fffa7fa4 (Uakari)

If I remove Firefox from configuration.nix on the test system, rebuild, reboot and then run a garbage collection, I am left with what appears to be a clean system with no Firefox. If I then add Firefox again to the configuration.nix and do another rebuild using the external substituter http://cache.nixos.org and not the binary cache. Firefox 126.0.1 is re-installed despite Firefox 127.0.2 being currently available in the NixOS 24.05 channel.

Firefox 126.0.1 seems therefore to be ‘pinned’ to NixOS version 24.05.1270.2819fffa7fa4

Looking in nixpkgs using the commit hash above, I can find Firefox 126.0.1 under applications / networking / browsers / firefox.

If I do a rebuild using the nixos-rebuild --upgrade option, Firefox is then upgraded to Firefox 127.0.2. and the new NixOS version is 24.05.2580.194846768975.

So my understanding is that the version of packages _ by default _ are tied to the ‘minor’ version of NixOS.

I was initially concerned that upgrades within the ‘stable’ channel of NixOS, didn’t necessarily mean that updates to applications would also stay within their own equivalent of ‘stable’ if the package offers such a thing until I found the following comment from @danieldk:

Hopefully I have both understood and explained this correctly, even if my explanation is somewhat simplistic.

My naive expectation

For some reason I had always expected that if I installed a package on NixOS it would install the version shown by Search for the relevant channel. :man_facepalming:

Questions and Thoughts

I am currently reading (and re-reading) everything I can find on this topic but would be grateful for any ‘recommended reading’ as there is so much out there!

  • I am looking for info on when updates happen - predictable periodic cycle like the channel or ad-hoc based on flowing down from the upstream or possibly both.
    • How are packages bundled into updates
    • How do people know that updates are there and what’s in them
  • How do others manage updates to applications in the real world?


I find with each passing year a greater portion of my life is consumed by either doing updates or dealing with the fallout of updates. The fallout can be either re-establishing operation and integration or just finding where someone decided to move a button! So I am really keen to establish (and evolve) methods to do the best I can in this area and would value good input from anyone on this. TIA

What gets installed into your system is decided by the version of Nixpkgs that your system’s “nixos” channel is currently pointing to. When your nixos-version was showing 24.05.1270.2819fffa7fa4 (Uakari) that means it was tracking git commit 2819fffa7fa4 which has firefox 126.0.1. Unless you actively update your channel, your system is going to stay on that state getting packages from that Nixpkgs revision. The update happened when you ran nixos-rebuild --upgrade for which the manpage states:

       --upgrade, --upgrade-all
               Update the root user's channel named ‘nixos’ before rebuilding the system.

               In addition to the ‘nixos’ channel, the root user's channels which have a file
               named ‘.update-on-nixos-rebuild’ in their base directory will also be updated.

               Passing --upgrade-all updates all of the root user's channels.

So this does roughly the equivalent of running sudo nix-channel --update nixos.


Understood, thanks for confirming that. :+1: