Hey everyone,
we are very pleased to announce the public availability of NixOS 23.05, the Linux distribution, and nixpkgs 23.05 the package set, under the codename “Stoat” 
.
The release is the culmination of six months of work by over 1800 contributors and we’re very proud of all that has been achieved.
Two things we want to highlight are the finalized migration to libxcrypt and the general availability of Bootspec.
The libxcrypt library is a replacement for glibc’s very own libcrypt library. Both of them provide the crypt() function that is widely used for password hashing. In 2017 glibc started the deprecation process for libcrypt, when libxcrypt appeared as a suitable replacement. The migration offers many new hashing schemes which everyone should take advantage of.
We confirm the deprecation of a number of legacy hashing schemes announced in the 22.11 release.
If you are relying on a non-strong crypt algorithm, you very likely need to take action by either calling passwd to interactively renew the password hash, or mkpasswd to generate a new hash for your declarative configuration.
For what is worth, hashes prefixes by $6$ using sha512-crypt are still considered supported for now, but do not hesitate to migrate to something stronger like ycrypt.
Please do understand that a lot of software relies on that library like openldap and may lock out your users of their account if they did not migrate. As an escape hatch, consider overriding any software with libxcrypt-legacy to get access again to the weak algorithms.
Bootspec is the result of the RFC-125 aiming to provide a standardization of all data required to install bootloaders in NixOS. This is important as our bootloaders all have their own features and we want to make the tooling more and more agnostic of the implementation, degrade gracefully.
After a long feature preview in nixpkgs unstable, everyone can benefit from a boot.json (a Bootspec document) available in their top-level system generation e.g. /run/current-system/boot.json, this enable all sorts of new boot usecases: SecureBoot, multiple initrds, A/B partition schemas (more powerful rollbacks!).
There’s a lot more interesting changes that made it into the release, they can be found in the release notes.
The 22.11 “Raccoon” release is now officially deprecated and will cease to receive updates and security fixes after 2023-06-31. Please schedule your upgrades accordingly.
We’re so excited for what everyone has planned for NixOS 23.11, which will be named “Tapir”.
We’re scheduling a retrospective for 2023-06-10T14:00:00Z on Jitsi Meet. If you have something to contribute please join the release management room, where the URL will be announced.
Finally I want to mention and thank the release team for their participation in the release process: @hexa, @riotbib, @winter, @cole-h, @vcunat and many more!
Everyone, please enjoy NixOS 23.05!
