doc/rl-2511: cleanup

- **This release of Nixpkgs requires macOS Sonoma 14.0 or newer, as announced in the 25.05 release notes.**

  The default SDK is now 14.4, but the minimum version is 14.0.

  cc-wrapper will enforce that availability annotations are used or an appropriate deployment target is set.

  `cc-wrapper` will enforce that availability annotations are used or an appropriate deployment target is set.

  See the Darwin platform notes for details.

- **We expect to drop support for `x86_64-darwin` by Nixpkgs 26.11,** in light of Apple’s announcement that macOS 26 will be the final version to support Intel Macs.

- GCC 9, 10, 11, and 12 have been removed, as they have reached end‐of‐life upstream and are no longer supported.

- `gentium` package now provides `Gentium-*.ttf` files, and not `GentiumPlus-*.ttf` files like before. The font identifiers `Gentium Plus*` are available in the `gentium-plus` package, and if you want to use the more recently updated package `gentium` [by SIL](https://software.sil.org/gentium/), you should update your configuration files to use the `Gentium` font identifier.

- `gentium` package now provides `Gentium-*.ttf` files, and not `GentiumPlus-*.ttf` files like before. The font identifiers `Gentium Plus*` are available in the `gentium-plus` package. If you want to use the more recently updated package `gentium` [by SIL](https://software.sil.org/gentium/), you should update your configuration files to use the `Gentium` font identifier.

- GHCJS 8.10, exposed via `haskell.compiler.ghcjs` and `haskell.compiler.ghcjs810`, has been removed. Downstream users should migrate their projects to the new JavaScript backend of GHC proper which can be used via `pkgsCross.ghcjs` from Nixpkgs. Haskell packaging code, like `haskellPackages.mkDerivation`, `ghcWithPackages` and `hoogleWithPackages`, also no longer supports GHCJS.

- `gnome-keyring` no longer ships with an SSH agent anymore because it has been deprecated upstream. You should use `gcr_4` instead, which provides the same features. More information on why this was done can be found on [the relevant GCR upstream PR](https://gitlab.gnome.org/GNOME/gcr/-/merge_requests/67).

- `go-mockery` has been updated to v3. For migration instructions see the [upstream documentation](https://vektra.github.io/mockery/latest/v3/). If v2 is still required `go-mockery_v2` has been added but will be removed on or before 2029-12-31 in-line with its [upstream support lifecycle](https://vektra.github.io/mockery/)

- `go-mockery` has been updated to v3. For migration instructions see the [upstream documentation](https://vektra.github.io/mockery/latest/v3/). If v2 is still required `go-mockery_v2` has been added but will be removed on or before 2029-12-31 in-line with its [upstream support lifecycle](https://vektra.github.io/mockery/).

- `gradience` has been removed because it was archived upstream.

- `inspircd` has been updated to the v4 release series. Please refer to the upstream documentation for [general information](https://docs.inspircd.org/4/overview/#v4-overview) and a list of [breaking changes](https://docs.inspircd.org/4/breaking-changes/).

- `installShellFiles`: Allow installManPage to take a piped input, add the `--name` flag for renaming the file when installed. Can also append `--` to opt-out of all subsequent parsing.

- `installShellFiles` now allows `installManPage` to take a piped input, add the `--name` flag for renaming the file when installed. You can also append `--` to opt-out of all subsequent parsing.

- `kbd` package's `outputs` now include a `man` and `scripts` outputs. The `unicode_start` and `unicode_stop` Bash scripts are now part of the `scripts` output, allowing most usages of the `kbd` package to not pull in `bash`.

- `k2pdfopt` has been removed, as it's broken.

- `k3s` airgap images passthru attributes have changed:

- `k3s` airgap images `passthru` attributes have changed:

  - `imagesList` was removed

  - `airgapImages` was renamed to `airgap-images`

  - `airgapImagesAmd64` was renamed to `airgap-images-amd64-tar-zst`

- `lima` package now only includes the guest agent for the host's architecture by default. If your guest VM's architecture differs from your Lima host's, you'll need to enable the `lima-additional-guestagents` package by setting `withAdditionalGuestAgents = true` when overriding lima with this input.

- `libpinyin`, which is used for Chinese character input, has migrated from the unmaintained BDB database format to the newer KyotoCabinet database format. If you want to migrate your user input statistics you can consider using [bdbtokyotodb](https://codeberg.org/raboof/bdbtokyotodb).

- `libpinyin`, which is used for Chinese character input, has migrated from the unmaintained BDB database format to the newer KyotoCabinet database format. If you want to migrate your user input statistics, you can consider using [bdbtokyotodb](https://codeberg.org/raboof/bdbtokyotodb).

- `linux` and all other Linux kernel packages have moved all in-tree kernel modules into a new `modules` output.

    and backwards incompatible database migrations. Ensure backups are valid and run a Full Scan after

    starting the new version.

- NetBox was updated to `>= 4.4.0`. Have a look at the breaking changes

- NetBox was updated to `>= 4.4.0`. You should review the breaking changes

  of the [4.3 release](https://github.com/netbox-community/netbox/releases/tag/v4.3.0)

  and the [4.4 release](https://github.com/netbox-community/netbox/releases/tag/v4.4.0),

  make the required changes to your database, if needed, then upgrade by setting `services.netbox.package = pkgs.netbox_4_4;` in your configuration.

  the [4.4 release](https://github.com/netbox-community/netbox/releases/tag/v4.4.0),

  make the required changes to your database (if needed), and then upgrade by setting `services.netbox.package = pkgs.netbox_4_4;` in your configuration.

- `neovimUtils.makeNeovimConfig` now uses `customLuaRC` parameter instead of accepting `luaRcContent`. The old usage is deprecated but still works with a warning.

- `python3Packages.bjoern` has been removed, as the upstream is unmaintained and it depends on a 14-year-old version of http-parser with numerous vulnerabilities.

- `python3Packages.duckduckgo-search` has been updated to v9+ and therefore has been renamed to ddgs.

  Use `python3Packages.ddgs` instead.

  See [release note for v9.0.0](https://github.com/deedy5/ddgs/releases/tag/v9.0.0)

- `python3Packages.duckduckgo-search` has been updated to v9+ and renamed to `python3Packages.ddgs`.

  See [release note for v9.0.0](https://github.com/deedy5/ddgs/releases/tag/v9.0.0).

- `python3Packages.heif-image-plugin` has been dropped due to lack of upstream maintenance and breakage. Use `python3Packages.pillow-heif` instead.

- `qt5.full` and `qt6.full` aliases have been removed. Their use has always been discouraged, and downstream projects should use `qtN.env` with the right set of packages.

- `rabbitmq-server` has been updated from 4.0.9 to 4.1.4. The 4.1.0 release includes breaking changes. For more information read the [changelog of 4.1.0](https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.1.0)

- `rabbitmq-server` has been updated from 4.0.9 to 4.1.4. The 4.1.0 release includes breaking changes. For more information read the [changelog of 4.1.0](https://github.com/rabbitmq/rabbitmq-server/releases/tag/v4.1.0).

- `reaction` has been updated to version 2, which includes some breaking changes.

  For more information, [check the release article](https://blog.ppom.me/en-reaction-v2).

- The minimum version of Nix required to evaluate Nixpkgs has been raised from 2.3 to 2.18.

- The `offrss` package was removed due to lack of upstream maintenance since 2012. It's recommended for users to migrate to another RSS reader

- The `offrss` package was removed due to lack of upstream maintenance since 2012. It's recommended for users to migrate to another RSS reader.

- The `pie` hardening flag has been removed. compilers are expected to enable PIE by default, as has been common practice since 2016 outside of nixpkgs. If a package needs `pie` disabled pass `-no-pie` in `CFLAGS`. It is unlikely this will be necessary in many cases; due to the prevalance of default PIE toolchains most packages incompatible with PIE already pass no-pie.

- The `pie` hardening flag has been removed. Compilers are expected to enable PIE by default, as has been common practice since 2016 outside of Nixpkgs. If a package needs `pie` disabled pass `-no-pie` in `CFLAGS`. It is unlikely this will be necessary in many cases; due to the prevalence of default PIE toolchains, most packages incompatible with PIE already pass `-no-pie`.

- The `vlock` output from kbd has been removed. Instead a new package `kbdVlock` has been introduced. Use this package now instead of the output.

- `yggdrasil-jumper` has been updated to v0.4, changing traversal protocol. See [release notes](https://github.com/one-d-wide/yggdrasil-jumper/releases/tag/v0.4.0).

- Zig 0.12 has been removed.

- `zig_0_12` has been removed.

## Other Notable Changes {#sec-nixpkgs-release-25.11-notable-changes}

- `buildPythonPackage` and `buildPythonApplication` now default to `nix-update-script` as their default `updateScript`. This should improve automated updates, since nix-update is better maintained than the in-tree update script and has more robust fetcher support.

- `clickhouse`: Added `serverConfig`, `usersConfig` configuration options accepting Nix attribute sets. Also added `extraServerConfig` and `extraUsersConfig` options accepting plain text (expecting XML configuration).

- `clickhouse` now has `serverConfig`, `usersConfig` override options accepting Nix attribute sets. Also added `extraServerConfig` and `extraUsersConfig` options accepting plain text (expecting XML configuration).

- `cloudflare-ddns`: Added package cloudflare-ddns.

- `cloudflare-ddns` has been added.

- `dragonflydb` has been updated from version 0.1.0 to version 1.34.2.

- `emacs` now disables the GC mark trace buffer by default. This improves GC performance by 5%, but can make GC issues harder to debug. This is configurable with `withGcMarkTrace`.

- `fetchgit`: Add `gitConfigFile` argument to set a git config (via `$GIT_CONFIG_GLOBAL`) for the fetcher.

- `fetchgit` now accepts a `gitConfigFile` argument to set a git config (via `$GIT_CONFIG_GLOBAL`) for the fetcher.

- `fetchgit`: Add `rootDir` argument to limit the resulting source to one subdirectory of the whole Git repository. Corresponding `--root-dir` option added to `nix-prefetch-git`.

- `fetchgit` now accepts a `rootDir` argument to limit the resulting source to one subdirectory of the whole Git repository. Corresponding `--root-dir` option added to `nix-prefetch-git`.

- `fetchNpmDeps`: Add `npmRegistryOverridesString` argument to pass NPM registry overrides to the fetcher.

- `fetchNpmDeps` now accepts a `npmRegistryOverridesString` argument to pass NPM registry overrides to the fetcher.

- `ffmpeg_8`, `ffmpeg_8-headless`, and `ffmpeg_8-full` have been added. The default version of FFmpeg is now `ffmpeg_8`. You can install previous versions from package attributes such as `ffmpeg_7`.

- `forgejo-runner`: The upgrade to version 11 brings a license change from MIT to GPLv3-or-later.

- `forgejo-runner` upgrading to version 11 brings a license change from MIT to GPLv3-or-later.

- GIMP now defaults to version 3. Use `gimp2` for the old version.

- [`homebox` 0.20.0](https://github.com/sysadminsmedia/homebox/releases/tag/v0.20.0) changed how assets are stored and hashed. It is recommended to back up your database before this update. In particular, `--storage-data` was replaced with `--storage-conn-string` and `--storage-prefix-path`. If your configuration set `HBOX_STORAGE_DATA` manually, you must migrate it to `HBOX_STORAGE_CONN_STRING` and `HBOX_STORAGE_PREFIX_PATH`.

- `idris2` supports being instantiated with a package environment with `idris.withPackages (p: [ ])`

- `idris2` supports being instantiated with a package environment with `idris.withPackages (p: [ ])`.

- `installShellCompletion`: now supports Nushell completion files

- `installShellCompletion` now supports Nushell completion files.

- `jellyfin` was updated to `10.11.x`, which includes heavy backend changes.

  Make sure to backup your data and configuration directories

- `lisp-modules` were brought in sync with the [June 2025 Quicklisp release](http://blog.quicklisp.org/2025/07/june-2025-quicklisp-dist-now-available.html).

- `meta.mainProgram`: Changing this `meta` entry can lead to a package rebuild due to being used to determine the `NIX_MAIN_PROGRAM` environment variable.

- `meta.mainProgram` is now used to determine the `NIX_MAIN_PROGRAM` environment variable. This means that changing it can now lead to a package rebuild.

- `neovim`: Added support for the `vim.o.exrc` option, the `VIMINIT` environment variable, and sourcing of `sysinit.vim`.

- `neovim` now has support for the `vim.o.exrc` option, the `VIMINIT` environment variable, and sourcing of `sysinit.vim`.

  See the neovim help page [`:help startup`](https://neovim.io/doc/user/starting.html#startup) for more information, as well as [the nixpkgs neovim wrapper documentation](#neovim-custom-configuration).

- New hardening flags `strictflexarrays1`, `strictflexarrays3`, `glibcxxassertions`, `libcxxhardeningfast` and `libcxxhardeningextensive` were made available.

- `nix-prefetch-git`: Added a `--no-add-path` argument to disable adding the path to the store; this is useful when working with a [read-only store](https://nix.dev/manual/nix/2.28/command-ref/new-cli/nix3-help-stores#store-experimental-local-overlay-store-read-only).

- `nix-prefetch-git` now has a `--no-add-path` argument to disable adding the path to the store. This is useful when working with a [read-only store](https://nix.dev/manual/nix/2.28/command-ref/new-cli/nix3-help-stores#store-experimental-local-overlay-store-read-only).

- Passing `stdenv` to `buildPythonPackage` or `buildPythonApplication` has been deprecated and will trigger an error in a future release.

  Instead, you should _override_ the python build helper, e.g., `(buildPythonPackage.override { stdenv = customStdenv; })`.

- The systemd initrd will now respect `x-systemd.wants` and `x-systemd.requires` for reliably unlocking multi-disk bcachefs volumes.

- `versionCheckHook`: Packages that previously relied solely on `pname` to locate the program used to version check, but have a differing `meta.mainProgram` entry, might now fail.

- Packages using `versionCheckHook` that previously relied solely on `pname` to locate the program used to version check, but have a differing `meta.mainProgram` entry, might now fail.

- `waydroid-nftables`: New variant of `waydroid` that supports nftables instead of iptables.

- `waydroid-nftables` is a new variant of `waydroid` that supports nftables instead of iptables.

  If your previous configuration included a secret reference like `server.secret_key = "@SEARX_SECRET_KEY@"`, you must migrate to the new envsubst syntax: `server.secret_key = "$SEARX_SECRET_KEY"`.

## Nixpkgs Library {#sec-nixpkgs-release-25.11-lib}

- `lib.options.mkPackageOptionMD` has been removed, following its deprecation in NixOS 24.11. Use `lib.options.mkPackageOption` instead.

- `lib.readPathsFromFile` has been removed, use a list instead

- `lib.readPathsFromFile` has been removed, use a list instead.

- `lib.replaceChars` has been removed, it was a deprecated alias of `lib.replaceStrings`.

- `lib.cli.toCommandLine`, `lib.cli.toCommandLineShell`, `lib.cli.toCommandLineGNU` and `lib.cli.toCommandLineShellGNU` have been added to address multiple issues in `lib.cli.toGNUCommandLine` and `lib.cli.toGNUCommandLineShell`.

- `ugrep`: Added `wrapWithFilterUtils` package flag for optionally wrapping `ugrep+` and `ug+` with filter utilities for grepping other file types.

- `ugrep`: Added `createGrepReplacementLinks` package flag for optionally creating drop-in replacement symlinks for `gnugrep`.

- `ugrep` now has two new override options:

  - `wrapWithFilterUtils` for optionally wrapping `ugrep+` and `ug+` with filter utilities for grepping other file types.

  - `createGrepReplacementLinks` for optionally creating drop-in replacement symlinks for `gnugrep`.