Release 2025_037 (2025-10-13)¶
Impact¶
25.05¶
Machines will reboot to activate the changed kernel.
NixOS 24.11 platform¶
Increase DNS resolver timeouts. (PL-129951)
We’ve seen sporadic but annoying DNS resolution issues which are likely caused by somewhat laggy DNS authoritatives or forwarders. One aspect of our previous combination of low timeouts and high retry count meant that clients a) might not be retrying correctly and b) resolvers might be retrying with different upstream servers that all exhibit the same sluggishness and thus then fail over and over and over.
Increasing the timeouts will reduce fragility and reducing the number of retries means applications don’t get stuck too long in case resolvers aren’t responding
Note: we’re also adjusting our resolver setup in the next releases for further reliability improvements that integrate with this change.
NixOS 25.05 platform¶
statshost-global: The Flying Circus infrastructure-wide statshost now stores metrics of the
nstat
telegraf output (PL-133683)fc-maintenance: detect need for reboot based on kernel package, not only version number (PL-134082)
This makes the parsing of a system’s used kernel more robust, and introduces reboots for changed kernels within the same version number.
fc-agent: Fix automatic maintenance updates that referred to already garbage-collected system paths (PL-133993)
This avoids breakage of updates even when they have been pending for a while and the current system state already changed, e.g. due to modified configuration.
Increase DNS resolver timeouts. (PL-129951)
We’ve seen sporadic but annoying DNS resolution issues which are likely caused by somewhat laggy DNS authoritatives or forwarders. One aspect of our previous combination of low timeouts and high retry count meant that clients a) might not be retrying correctly and b) resolvers might be retrying with different upstream servers that all exhibit the same sluggishness and thus then fail over and over and over.
Increasing the timeouts will reduce fragility and reducing the number of retries means applications don’t get stuck too long in case resolvers aren’t responding
Note: we’re also adjusting our resolver setup in the next releases for further reliability improvements that integrate with this change.
Pull upstream NixOS changes, security fixes, and package updates:
chromedriver: 140.0.7339.207 -> 141.0.7390.54
chromium: 140.0.7339.207 -> 141.0.7390.54
element-web: 1.11.112 -> 1.12.0
fetchmail: 6.5.1 -> 6.5.6
firefox: 143.0.1 -> 143.0.4
gitaly: 18.4.0 -> 18.4.1
gitlab: 18.4.0 -> 18.4.1
gitlab-container-registry: 4.27.0 -> 4.28.0
gitlab-ee: 18.4.0 -> 18.4.1
gitlab-pages: 18.4.0 -> 18.4.1
gitlab-workhorse: 18.4.0 -> 18.4.1
grafana: 12.0.4 -> 12.0.5
jetty: 12.1.0 -> 12.1.1
libressl: 4.0.0 -> 4.1.1
linuxKernelStable: 6.12.48 -> 6.12.50
linuxKernelVerify: 6.12.48 -> 6.12.50
matrix-synapse: 1.138.0 -> 1.139.2
php83: 8.3.25 -> 8.3.26
php84: 8.4.12 -> 8.4.13
redis: 7.2.10 -> 7.2.11
tomcat10: 10.1.44 -> 10.1.46
tomcat9: 9.0.108 -> 9.0.109
webkitgtk: 2.48.6 -> 2.50.0
Detailed Changes¶
NixOS 24.11: platform code, metadata, channel url
NixOS 25.05: platform code, nixpkgs/upstream changes, metadata, channel url