Merge branch 'LnL7:master' into masterHEADmaster

1 files changed, 29 insertions, 0 deletions

diff --git a/CHANGELOG b/CHANGELOG
index b307cca..b9a9adc 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,32 @@
+2024-09-10
+- The default Nix build user group ID is now set to 350 when
+  `system.stateVersion` ≥ 5, to reflect the default for new Nix
+  installations. This only affects installations that enable
+  `nix.configureBuildUsers`, and any divergence will be detected on
+  system activation. To use `nix.configureBuildUsers` with a higher
+  `system.stateVersion` on installations using the old group ID, set:
+
+      ids.gids.nixbld = 30000;
+
+  We do not recommend trying to change the group ID with macOS user
+  management tools without a complete uninstallation and reinstallation
+  of Nix.
+
+2024-06-15
+- SECURITY NOTICE: The previous implementation of the
+  `users.users.<name>.openssh.authorizedKeys.*` options would not delete
+  authorized keys files when the setting for a given user was removed.
+
+  This means that if you previously stopped managing a user's authorized
+  SSH keys with nix-darwin, or intended to revoke their access by
+  removing the option, the previous set of keys could still be used to
+  log in as that user.
+
+  You can check the /etc/ssh/authorized_keys.d directory to see which
+  keys were permitted; afterwards, please remove the directory and
+  re-run activation. The options continue to be supported and will now
+  correctly permit only the keys in your current system configuration.
+
 2022-08-24
 - Major changes to `homebrew` module
   `homebrew.cleanup` was renamed to `homebrew.onActivation.cleanup`.