We at Determinate Systems are excited to announce the release of Determinate Secure Packages version 26.05, based on Nixpkgs 26.05. For the covered package set of now over 10,000 packages, this release comes with the same features as our other Determinate Secure Packages releases:
- CVE remediation backed by an
SLA - Full cache coverage in
FlakeHub Cache - Access to FlakeBOM, our lightning-fast CLI for generating SBOMs in CycloneDX format
- An optional Federal Information Processing Standards (FIPS) variant, which offers FIPS-compliant versions of packages like OpenSSL and GnuTLS and even a FIPS-compliant GNOME environment
- Cryptographically signed packages (which will soon include Commercial National Security Algorithm (CNSA) 2.0 post-quantum signatures)
To start using Determinate Secure Packages 26.05:
-
Obtain access to our secure packages product by getting in touch with us at sales@determinate.systems.
-
Swap out the
nixpkgsinput in your flakes:flake.nix {inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";inputs.nixpkgs.url ="https://flakehub.com/f/DeterminateSystems/secure-packages-26.05/0";}
If you need a Federal Information Processing Standards (FIPS) variant with FIPS-compliant cryptographic components, you can swap out this flake reference instead:
{ inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; inputs.nixpkgs.url = "https://flakehub.com/f/DeterminateSystems/secure-packages-26.05-fips/0";}To pull in the latest fixes:
nix flake update nixpkgsAnd that’s really it: no integration, no refactoring, just Nix pulling secure packages from our
Major half-yearly Nixpkgs upgrades aren’t something to be taken lightly in the enterprise. Determinate Secure Packages won’t smooth over all of the pains of upgrading, of course, but it will provide the assurance that your flake updates are backed by a team working around the clock to fix security issues.
If you want to know more or schedule a demo, reach out to us at sales@determinate.systems.
