One of the most software-rich Linux distributions, NixOS, has released v22.11 with a strong focus on security and updated software versions.
Many of you are probably thinking, “Yet another new version of one of the many Linux distros.” However, the story is different because we are dealing with a one-of-a-kind beast.
So, before we go into the dry and dull “statistics” of Linux kernel versions, desktop environments, and software in this NixOS release, we’d like to explain why this Linux distro is exceptional and deserves your attention.
NixOS is a unique Linux distro due to the concept upon which it is built. However, to avoid further confusion, two key terms should be first defined: Nix, which is a cross-distro package system, and NixOS, which is the Linux distribution itself.
In a nutshell, NixOS is built on the Nix package system and the concept of immutability. Therefore, any changes you make to your system will not be destructive. You can, for example, always revert to a previous OS state, represented by a hash computed from all installed packages.
Yes, I know you’ve heard that before. After all, that is the key distinguishing feature of the immutable Linux distros. But before you say that Fedora Silverblue and openSUSE MicroOS are playing in the same league, NixOS comes out one step ahead. Here’s what I mean.
Thanks to the Nix package system, NixOS makes installing many versions of the same package simple and allows you to switch between them at will. Furthermore, unprivileged users can install the software in an entirely safe manner.
Did I mention that NixOS is one of the most software-rich Linux distros? Only Linux behemoths such as Arch (thanks to the AUR repository) and Debian can offer greater variety.
With that cleared up, we can now move on to the pure news part of this post, which is about the novelties in the just-released NixOS 22.11.
NixOS 22.11 Highlights
NixOS 22.11, named “Raccoon,” comes powered by Linux kernel 5.15.80. However, the focus of this release is the planned change to the approach to user account security. Here’s what it is all about.
NixOS’ software that utilizes the crypt password hashing API now uses libxcrypt’s implementation rather than glibc’s, enabling support for more secure algorithms.
In its next release, NixOS 23.05, expected at the end of May next year, the distro’s developers plan to disable weak password hashes. Unfortunately, this means old password hashes may need to be updated during the NixOS 22.11 lifespan.
The devs specify that if the libxcrypt, a modern library for one-way password hashing, has not flagged password algorithms as strong, NixOS considers them weak. So, they strongly encourage all users to update their system passwords using sha512crypt.
In addition, if your system is set up with weak hashes, a script will alert you during activation. In this case, users can use the
passwd command to update interactively configured passwords, while
mkpasswd can generate new password hashes.
If you rely on NixOS as a workstation, the new 22.11 release includes updated versions of the two most popular desktop environments, GNOME 43 and KDE Plasma 5.26. In addition, Cinnamon has also been updated to v5.4. But, of course, the software updates don’t end there.
As you may know, NixOS is a Linux distro heavily focused on developers, so this release continues the tradition of providing them with the most up-to-date development tools. They get PHP 8.1, Perl 5.36, and Python 3.10 here.
Nix, a tool for reproducible and declarative configuration management, has been bumped to v2.11.0, and OpenSSL now defaults to OpenSSL 3. Finally we will mention that nsncd is now available as a replacement for nscd (Name Service Cache Daemon). The devs plan to use nsncd by default in NixOS 23.05.
For a complete list of changes, view the official announcement. In addition, NixOS 22.11 will receive security updates until the end of June 2023.
NixOS 22.11 is available for free download in several variants: with the GNOME desktop environment for 64-bit AMD/Intel and ARM architectures and with KDE Plasma for 64-bit AMD/Intel and ARM architectures.
Furthermore, it includes the well-known Calamares installer, so most Linux users should have no trouble installing it.
There is also a minimal installation ISO image for 64-bit AMD/Intel/ARM architecture and a 32-bit version for AMD/Intel only. However, remember that the minimal installation ISO image does not include the graphical user interface.