Upgrading nixos: How to see changes?

nomeata · July 12, 2021, 5:52pm

I am running nixos 21.05 for a few weeks on my laptop now, and I should probably update it, to get security updates. (Side question: Do people here generally get their browser security updates through nixpkgs updates, or are they installing browsers in a way that they auto-date, which may be faster?)

I guess I could just follow the instructions in the manual and run

nixos-rebuild switch --upgrade

but that would just dump me in a new system, with no good indication what has changed.

When I was using Debian, I could use apt-show-changes to get a summary of which packages have changed, and sometimes even skim through a mildly useful changelog.

Is there a way to achieve something similar with nixos?

My currently best bet is to run nixos-rebuild build and nixos rebuild build -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/release-21.05.tar.gz, find the /nix/store/ycv9kzl2bvxg21iwysrpinhrb7f3lj7k-nixos-system-riviera-21.05pre-git.drv derivation name of both and pass them to nix-diff, but that is very verbose.

But I admit I can’t fully articulate what I would like to see. Maybe simply a list of version number changes of the packages directly listed in environment.systemPackages would be a start.

TLATER · July 12, 2021, 7:41pm

You’re looking for: Nvd: Simple Nix/NixOS version diff tool - #21 by pvonmoradi

Though it will only show you after the fact. Rollbacks are luckily easy.

Getting more detail is probably best done with a git diff, especially combined with flakes.

nomeata · July 12, 2021, 8:30pm

Oh, indeed:

$ nvd diff result-old result-new
<<< result-old
>>> result-new
Version changes:
[U*]  #01  cpupower                       5.10.43 -> 5.10.48
[U.]  #02  dhcp                           4.4.2 -> 4.4.2-P1
[U*]  #03  firefox-bin                    89.0 -> 89.0.2
[U.]  #04  firefox-release-bin-unwrapped  89.0 -> 89.0.2
[U*]  #05  glibc                          2.32-46 x2, 2.32-46-bin, 2.32-46-dev -> 2.32-48 x2, 2.32-48-bin, 2.32-48-dev
[U*]  #06  glibc-locales                  2.32-46 -> 2.32-48
[U*]  #07  google-chrome                  91.0.4472.101 -> 91.0.4472.114
[U.]  #08  ilmbase                        2.5.3 -> 2.5.7
[U.]  #09  imagemagick                    7.0.11-13 -> 7.1.0-2
[U.]  #10  initrd-linux                   5.10.43 -> 5.10.48
[U.]  #11  libX11                         1.7.0, 1.7.0-dev, 1.7.0-man -> 1.7.2, 1.7.2-dev, 1.7.2-man
[U.]  #12  linux                          5.10.43, 5.10.43-modules-shrunk -> 5.10.48, 5.10.48-modules-shrunk
[U.]  #13  nettle                         3.7.2 -> 3.7.3
[D.]  #14  nixos-system-riviera           21.05.961.1f91fd10406 -> 21.05pre-git
[U.]  #15  openexr                        2.5.3 -> 2.5.7
[U*]  #16  password-store                 1.7.3 -> 1.7.4
[U.]  #17  pipewire                       0.3.27-lib -> 0.3.30-lib
[U.]  #18  postgresql                     11.11-lib -> 11.12-lib
[U.]  #19  ruby                           2.7.3 -> 2.7.4
[U*]  #20  signal-desktop                 5.4.1 -> 5.8.0
[U.]  #21  spidermonkey                   78.8.0 -> 78.11.0
[U.]  #22  sqlite                         3.35.2, 3.35.2-bin, 3.35.2-dev -> 3.35.5, 3.35.5-bin, 3.35.5-dev
[U.]  #23  wireless-regdb                 2020.04.29 -> 2021.04.21

I didn’t have to do this after the fact, I can run

nixos-rebuild  build
mv result result-new
nixos-rebuild  build -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/release-21.05.tar.gz
mv result result-old
nvd diff result-old result-new

to compare beforehand.

TLATER · July 12, 2021, 8:56pm

Ah, heh, you’re right. Well, now I have no excuse not to put this in CI anymore

nomeata · August 25, 2021, 7:47am

Or, after the fact, nvd works well on the system profiles, e.g.:

~ $ nvd diff /nix/var/nix/profiles/system-{134,135}-link

nomeata · September 21, 2021, 11:03am

Or, crude but effective,

nvd diff $(ls -d1v /nix/var/nix/profiles/system-*-link|tail -n 2)