NixOS 23.05 released!

Hey everyone,

we are very pleased to announce the public availability of NixOS 23.05, the Linux distribution, and nixpkgs 23.05 the package set, under the codename “Stoat” :otter:.

The release is the culmination of six months of work by over 1800 contributors and we’re very proud of all that has been achieved.

Two things we want to highlight are the finalized migration to libxcrypt and the general availability of Bootspec.

The libxcrypt library is a replacement for glibc’s very own libcrypt library. Both of them provide the crypt() function that is widely used for password hashing. In 2017 glibc started the deprecation process for libcrypt, when libxcrypt appeared as a suitable replacement. The migration offers many new hashing schemes which everyone should take advantage of.
We confirm the deprecation of a number of legacy hashing schemes announced in the 22.11 release.
If you are relying on a non-strong crypt algorithm, you very likely need to take action by either calling passwd to interactively renew the password hash, or mkpasswd to generate a new hash for your declarative configuration.
For what is worth, hashes prefixes by $6$ using sha512-crypt are still considered supported for now, but do not hesitate to migrate to something stronger like ycrypt.
Please do understand that a lot of software relies on that library like openldap and may lock out your users of their account if they did not migrate. As an escape hatch, consider overriding any software with libxcrypt-legacy to get access again to the weak algorithms.

Bootspec is the result of the RFC-125 aiming to provide a standardization of all data required to install bootloaders in NixOS. This is important as our bootloaders all have their own features and we want to make the tooling more and more agnostic of the implementation, degrade gracefully.
After a long feature preview in nixpkgs unstable, everyone can benefit from a boot.json (a Bootspec document) available in their top-level system generation e.g. /run/current-system/boot.json, this enable all sorts of new boot usecases: SecureBoot, multiple initrds, A/B partition schemas (more powerful rollbacks!).

There’s a lot more interesting changes that made it into the release, they can be found in the release notes.

The 22.11 “Raccoon” release is now officially deprecated and will cease to receive updates and security fixes after 2023-06-31. Please schedule your upgrades accordingly.

We’re so excited for what everyone has planned for NixOS 23.11, which will be named “Tapir”.

We’re scheduling a retrospective for 2023-06-10T14:00:00Z on Jitsi Meet. If you have something to contribute please join the release management room, where the URL will be announced.

Finally I want to mention and thank the release team for their participation in the release process: @hexa, @riotbib, @winter, @cole-h, @vcunat and many more!

Everyone, please enjoy NixOS 23.05! :otter:


You are my heroes!



The community are my heroes! :slight_smile:


I’m really excited for the bootspec stuff :slight_smile: I’ve wanted secure boot for forever, thanks so much @grahamc

Now I just need motherboards whose verification isn’t trivial to bypass ;p


Honestly, I just want to be able to use dracut’s zfsbootmenu module! :heart_eyes_cat:


nit: Previous NixOS release announcements went into “Announcements” → “NixOS Releases”. Is there a reason this post didn’t go there?

I have that subtopic set to notify me of posts, and that was my mechanism for making sure I heard about new NixOS releases (as there’s no “announcements” mailing list or similar). I suspect others might have done the same and won’t have seen this announcement in the “Development” section.


Fixed the category, thank you.


thank you very much, this was again a very smooth upgrade!


I upgrade from 22.11 and my first install was 22.05 and I got insecure warning for openssl-1.1.1u is there anyway to find out which of my pkgs selection has that as dependencies?

1 Like

This can be helpful: openssl_1_1: mark end-of-life by mweinelt · Pull Request #232521 · NixOS/nixpkgs · GitHub


It’s appflowy and thanks for that answer I suspect some users will trip on that warning too

The release retrospective is set at 2023-06-10T14:00:00Z on Jitsi Meet !