Install from closure: wording and fallback using .bash_profile

- use empty ~/.bash_profile if it's not there - use "source" instead of vague "." - make it explicit how to start using Nix after installation
Drop a few more references to all-packages.nix
2017-01-25 19:21:57 +01:00 · 2017-01-03 16:42:24 +01:00 · 2017-01-03 11:42:56 +01:00 · 2017-01-03 11:40:51 +01:00 · 2017-01-03 10:08:15 +01:00 · 2017-01-03 10:11:09 +02:00
336 changed files with 15579 additions and 13291 deletions
--- a/.dir-locals.el
+++ b/.dir-locals.el
@@ -0,0 +1,16 @@
+((c++-mode . (
+  (c-file-style . "k&r")
+  (c-basic-offset . 4)
+  (indent-tabs-mode . nil)
+  (tab-width . 4)
+  (show-trailing-whitespace . t)
+  (indicate-empty-lines . t)
+  (eval . (c-set-offset 'innamespace 0))
+  (eval . (c-set-offset 'defun-open 0))
+  (eval . (c-set-offset 'inline-open 0))
+  (eval . (c-set-offset 'arglist-intro '+))
+  (eval . (c-set-offset 'arglist-cont 0))
+  (eval . (c-set-offset 'arglist-cont-nonempty '+))
+  (eval . (c-set-offset 'substatement-open 0))
+  (eval . (c-set-offset 'access-label '-))
+  )))
--- a/.gitignore
+++ b/.gitignore
@@ -34,31 +34,11 @@ Makefile.config

 # /scripts/
 /scripts/nix-profile.sh
-/scripts/nix-pull
-/scripts/nix-push
-/scripts/nix-switch
-/scripts/nix-collect-garbage
-/scripts/nix-prefetch-url
-/scripts/nix-install-package
-/scripts/nix-channel
-/scripts/nix-build
 /scripts/nix-copy-closure
-/scripts/nix-generate-patches
-/scripts/NixConfig.pm
-/scripts/NixManifest.pm
-/scripts/GeneratePatches.pm
-/scripts/download-using-manifests.pl
-/scripts/copy-from-other-stores.pl
-/scripts/download-from-binary-cache.pl
-/scripts/find-runtime-roots.pl
 /scripts/build-remote.pl
 /scripts/nix-reduce-build
 /scripts/nix-http-export.cgi

-# /src/bsdiff-4.3/
-/src/bsdiff-4.3/bsdiff
-/src/bsdiff-4.3/bspatch
-
 # /src/libexpr/
 /src/libexpr/lexer-tab.cc
 /src/libexpr/lexer-tab.hh
@@ -69,28 +49,38 @@ Makefile.config

 # /src/libstore/
 /src/libstore/schema.sql.hh
+/src/libstore/sandbox-defaults.sb
+
+/src/nix/nix

 # /src/nix-env/
 /src/nix-env/nix-env

-# /src/nix-hash/
-/src/nix-hash/nix-hash
-
 # /src/nix-instantiate/
 /src/nix-instantiate/nix-instantiate

-# /src/nix-log2xml/
-/src/nix-log2xml/nix-log2xml
-
 # /src/nix-store/
 /src/nix-store/nix-store

+/src/nix-prefetch-url/nix-prefetch-url
+
 # /src/nix-daemon/
 /src/nix-daemon/nix-daemon

+/src/nix-collect-garbage/nix-collect-garbage
+
+# /src/nix-channel/
+/src/nix-channel/nix-channel
+
 # /src/download-via-ssh/
 /src/download-via-ssh/download-via-ssh

+# /src/buildenv/
+/src/buildenv/buildenv
+
+# /src/nix-build/
+/src/nix-build/nix-build
+
 # /tests/
 /tests/test-tmp
 /tests/common.sh
@@ -109,6 +99,8 @@ Makefile.config
 /misc/systemd/nix-daemon.socket
 /misc/upstart/nix-daemon.conf

+inst/
+
 *.a
 *.o
 *.so
--- a/229
+++ b/229
@@ -1,229 +0,0 @@
-Copyright 1994, 1995, 1996, 1999, 2000, 2001, 2002 Free Software
-Foundation, Inc.
-
-   This file is free documentation; the Free Software Foundation gives
-unlimited permission to copy, distribute and modify it.
-
-Basic Installation
-==================
-
-   These are generic installation instructions.
-
-   The `configure' shell script attempts to guess correct values for
-various system-dependent variables used during compilation.  It uses
-those values to create a `Makefile' in each directory of the package.
-It may also create one or more `.h' files containing system-dependent
-definitions.  Finally, it creates a shell script `config.status' that
-you can run in the future to recreate the current configuration, and a
-file `config.log' containing compiler output (useful mainly for
-debugging `configure').
-
-   It can also use an optional file (typically called `config.cache'
-and enabled with `--cache-file=config.cache' or simply `-C') that saves
-the results of its tests to speed up reconfiguring.  (Caching is
-disabled by default to prevent problems with accidental use of stale
-cache files.)
-
-   If you need to do unusual things to compile the package, please try
-to figure out how `configure' could check whether to do them, and mail
-diffs or instructions to the address given in the `README' so they can
-be considered for the next release.  If you are using the cache, and at
-some point `config.cache' contains results you don't want to keep, you
-may remove or edit it.
-
-   The file `configure.ac' (or `configure.in') is used to create
-`configure' by a program called `autoconf'.  You only need
-`configure.ac' if you want to change it or regenerate `configure' using
-a newer version of `autoconf'.
-
-The simplest way to compile this package is:
-
-  1. `cd' to the directory containing the package's source code and type
-     `./configure' to configure the package for your system.  If you're
-     using `csh' on an old version of System V, you might need to type
-     `sh ./configure' instead to prevent `csh' from trying to execute
-     `configure' itself.
-
-     Running `configure' takes awhile.  While running, it prints some
-     messages telling which features it is checking for.
-
-  2. Type `make' to compile the package.
-
-  3. Optionally, type `make check' to run any self-tests that come with
-     the package.
-
-  4. Type `make install' to install the programs and any data files and
-     documentation.
-
-  5. You can remove the program binaries and object files from the
-     source code directory by typing `make clean'.  To also remove the
-     files that `configure' created (so you can compile the package for
-     a different kind of computer), type `make distclean'.  There is
-     also a `make maintainer-clean' target, but that is intended mainly
-     for the package's developers.  If you use it, you may have to get
-     all sorts of other programs in order to regenerate files that came
-     with the distribution.
-
-Compilers and Options
-=====================
-
-   Some systems require unusual options for compilation or linking that
-the `configure' script does not know about.  Run `./configure --help'
-for details on some of the pertinent environment variables.
-
-   You can give `configure' initial values for configuration parameters
-by setting variables in the command line or in the environment.  Here
-is an example:
-
-     ./configure CC=c89 CFLAGS=-O2 LIBS=-lposix
-
-   *Note Defining Variables::, for more details.
-
-Compiling For Multiple Architectures
-====================================
-
-   You can compile the package for more than one kind of computer at the
-same time, by placing the object files for each architecture in their
-own directory.  To do this, you must use a version of `make' that
-supports the `VPATH' variable, such as GNU `make'.  `cd' to the
-directory where you want the object files and executables to go and run
-the `configure' script.  `configure' automatically checks for the
-source code in the directory that `configure' is in and in `..'.
-
-   If you have to use a `make' that does not support the `VPATH'
-variable, you have to compile the package for one architecture at a
-time in the source code directory.  After you have installed the
-package for one architecture, use `make distclean' before reconfiguring
-for another architecture.
-
-Installation Names
-==================
-
-   By default, `make install' will install the package's files in
-`/usr/local/bin', `/usr/local/man', etc.  You can specify an
-installation prefix other than `/usr/local' by giving `configure' the
-option `--prefix=PATH'.
-
-   You can specify separate installation prefixes for
-architecture-specific files and architecture-independent files.  If you
-give `configure' the option `--exec-prefix=PATH', the package will use
-PATH as the prefix for installing programs and libraries.
-Documentation and other data files will still use the regular prefix.
-
-   In addition, if you use an unusual directory layout you can give
-options like `--bindir=PATH' to specify different values for particular
-kinds of files.  Run `configure --help' for a list of the directories
-you can set and what kinds of files go in them.
-
-   If the package supports it, you can cause programs to be installed
-with an extra prefix or suffix on their names by giving `configure' the
-option `--program-prefix=PREFIX' or `--program-suffix=SUFFIX'.
-
-Optional Features
-=================
-
-   Some packages pay attention to `--enable-FEATURE' options to
-`configure', where FEATURE indicates an optional part of the package.
-They may also pay attention to `--with-PACKAGE' options, where PACKAGE
-is something like `gnu-as' or `x' (for the X Window System).  The
-`README' should mention any `--enable-' and `--with-' options that the
-package recognizes.
-
-   For packages that use the X Window System, `configure' can usually
-find the X include and library files automatically, but if it doesn't,
-you can use the `configure' options `--x-includes=DIR' and
-`--x-libraries=DIR' to specify their locations.
-
-Specifying the System Type
-==========================
-
-   There may be some features `configure' cannot figure out
-automatically, but needs to determine by the type of machine the package
-will run on.  Usually, assuming the package is built to be run on the
-_same_ architectures, `configure' can figure that out, but if it prints
-a message saying it cannot guess the machine type, give it the
-`--build=TYPE' option.  TYPE can either be a short name for the system
-type, such as `sun4', or a canonical name which has the form:
-
-     CPU-COMPANY-SYSTEM
-
-where SYSTEM can have one of these forms:
-
-     OS KERNEL-OS
-
-   See the file `config.sub' for the possible values of each field.  If
-`config.sub' isn't included in this package, then this package doesn't
-need to know the machine type.
-
-   If you are _building_ compiler tools for cross-compiling, you should
-use the `--target=TYPE' option to select the type of system they will
-produce code for.
-
-   If you want to _use_ a cross compiler, that generates code for a
-platform different from the build platform, you should specify the
-"host" platform (i.e., that on which the generated programs will
-eventually be run) with `--host=TYPE'.
-
-Sharing Defaults
-================
-
-   If you want to set default values for `configure' scripts to share,
-you can create a site shell script called `config.site' that gives
-default values for variables like `CC', `cache_file', and `prefix'.
-`configure' looks for `PREFIX/share/config.site' if it exists, then
-`PREFIX/etc/config.site' if it exists.  Or, you can set the
-`CONFIG_SITE' environment variable to the location of the site script.
-A warning: not all `configure' scripts look for a site script.
-
-Defining Variables
-==================
-
-   Variables not defined in a site shell script can be set in the
-environment passed to `configure'.  However, some packages may run
-configure again during the build, and the customized values of these
-variables may be lost.  In order to avoid this problem, you should set
-them in the `configure' command line, using `VAR=value'.  For example:
-
-     ./configure CC=/usr/local2/bin/gcc
-
-will cause the specified gcc to be used as the C compiler (unless it is
-overridden in the site shell script).
-
-`configure' Invocation
-======================
-
-   `configure' recognizes the following options to control how it
-operates.
-
-`--help'
-`-h'
-     Print a summary of the options to `configure', and exit.
-
-`--version'
-`-V'
-     Print the version of Autoconf used to generate the `configure'
-     script, and exit.
-
-`--cache-file=FILE'
-     Enable the cache: use and save the results of the tests in FILE,
-     traditionally `config.cache'.  FILE defaults to `/dev/null' to
-     disable caching.
-
-`--config-cache'
-`-C'
-     Alias for `--cache-file=config.cache'.
-
-`--quiet'
-`--silent'
-`-q'
-     Do not print messages saying which checks are being made.  To
-     suppress all normal output, redirect it to `/dev/null' (any error
-     messages will still be shown).
-
-`--srcdir=DIR'
-     Look for the package's source code in directory DIR.  Usually
-     `configure' can determine that directory automatically.
-
-`configure' also accepts some other, not widely useful, options.  Run
-`configure --help' for more details.
-
--- a/13
+++ b/13
@@ -5,15 +5,17 @@ makefiles = \
  src/libstore/local.mk \
  src/libmain/local.mk \
  src/libexpr/local.mk \
-  src/nix-hash/local.mk \
+  src/nix/local.mk \
  src/nix-store/local.mk \
  src/nix-instantiate/local.mk \
  src/nix-env/local.mk \
  src/nix-daemon/local.mk \
  src/nix-collect-garbage/local.mk \
-  src/download-via-ssh/local.mk \
-  src/nix-log2xml/local.mk \
-  src/bsdiff-4.3/local.mk \
+  src/nix-prefetch-url/local.mk \
+  src/buildenv/local.mk \
+  src/resolve-system-dependencies/local.mk \
+  src/nix-channel/local.mk \
+  src/nix-build/local.mk \
  perl/local.mk \
  scripts/local.mk \
  corepkgs/local.mk \
@@ -23,8 +25,9 @@ makefiles = \
  misc/emacs/local.mk \
  doc/manual/local.mk \
  tests/local.mk
+  #src/download-via-ssh/local.mk \

-GLOBAL_CXXFLAGS += -std=c++0x -g -Wall
+GLOBAL_CXXFLAGS += -std=c++11 -g -Wall

 -include Makefile.config

--- a/Makefile.config.in
+++ b/Makefile.config.in
@@ -3,19 +3,21 @@ CC = @CC@
 CFLAGS = @CFLAGS@
 CXX = @CXX@
 CXXFLAGS = @CXXFLAGS@
-HAVE_OPENSSL = @HAVE_OPENSSL@
+ENABLE_S3 = @ENABLE_S3@
 HAVE_SODIUM = @HAVE_SODIUM@
+LIBCURL_LIBS = @LIBCURL_LIBS@
 OPENSSL_LIBS = @OPENSSL_LIBS@
 PACKAGE_NAME = @PACKAGE_NAME@
 PACKAGE_VERSION = @PACKAGE_VERSION@
 SODIUM_LIBS = @SODIUM_LIBS@
+LIBLZMA_LIBS = @LIBLZMA_LIBS@
+SQLITE3_LIBS = @SQLITE3_LIBS@
 bash = @bash@
 bindir = @bindir@
 bsddiff_compat_include = @bsddiff_compat_include@
 curl = @curl@
 datadir = @datadir@
 datarootdir = @datarootdir@
-dblatex = @dblatex@
 docdir = @docdir@
 exec_prefix = @exec_prefix@
 includedir = @includedir@
@@ -30,5 +32,6 @@ pkglibdir = $(libdir)/$(PACKAGE_NAME)
 prefix = @prefix@
 storedir = @storedir@
 sysconfdir = @sysconfdir@
+doc_generate = @doc_generate@
 xmllint = @xmllint@
 xsltproc = @xsltproc@
--- a/10
+++ b/10
@@ -1,10 +0,0 @@
-Nix is a purely functional package manager.  For installation and
-usage instructions, please read the manual, which can be found in
-`docs/manual/manual.html', and additionally at the Nix website at
-<http://nixos.org/>.
-
-
-Acknowledgments
-
-This product includes software developed by the OpenSSL Project for
-use in the OpenSSL Toolkit (http://www.OpenSSL.org/).
--- a/README.md
+++ b/README.md
@@ -0,0 +1,22 @@
+Nix, the purely functional package manager
+------------------------------------------
+
+Nix is a new take on package management that is fairly unique. Because of it's
+purity aspects, a lot of issues found in traditional package managers don't
+appear with Nix.
+
+To find out more about the tool, usage and installation instructions, please
+read the manual, which is available on the Nix website at
+<http://nixos.org/nix/manual>.
+
+## Contributing
+
+Take a look at the [Hacking Section](http://nixos.org/nix/manual/#chap-hacking)
+of the manual. It helps you to get started with building Nix from source.
+
+## License
+
+Nix is released under the LGPL v2.1
+
+This product includes software developed by the OpenSSL Project for
+use in the [OpenSSL Toolkit](http://www.OpenSSL.org/).
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_INIT(nix, m4_esyscmd([bash -c "echo -n $(cat ./version)$VERSION_SUFFIX"]))
-AC_CONFIG_SRCDIR(README)
+AC_CONFIG_SRCDIR(README.md)
 AC_CONFIG_AUX_DIR(config)

 AC_PROG_SED
@@ -16,12 +16,14 @@ AC_ARG_WITH(system, AC_HELP_STRING([--with-system=SYSTEM],
        machine_name="i686";;
     amd64)
        machine_name="x86_64";;
+     armv6|armv7)
+        machine_name="${host_cpu}l";;
     *)
        machine_name="$host_cpu";;
   esac

   case "$host_os" in
-     linux-gnu*)
+     linux-gnu*|linux-musl*)
        # For backward compatibility, strip the `-gnu' part.
        system="$machine_name-linux";;
     *)
@@ -48,6 +50,7 @@ test "$localstatedir" = '${prefix}/var' && localstatedir=/nix/var


 # Solaris-specific stuff.
+AC_STRUCT_DIRENT_D_TYPE
 if test "$sys_name" = sunos; then
    # Solaris requires -lsocket -lnsl for network functions
    LIBS="-lsocket -lnsl $LIBS"
@@ -58,6 +61,7 @@ CFLAGS=
 CXXFLAGS=
 AC_PROG_CC
 AC_PROG_CXX
+AX_CXX_COMPILE_STDCXX_11


 # Use 64-bit file system calls so that we can support files > 2 GiB.
@@ -76,18 +80,7 @@ static char buf[1024];]],
 AC_LANG_POP(C++)


-# Check for chroot support (requires chroot() and bind mounts).
-AC_CHECK_FUNCS([chroot])
-AC_CHECK_FUNCS([unshare])
-AC_CHECK_FUNCS([statvfs])
-AC_CHECK_HEADERS([sched.h])
-AC_CHECK_HEADERS([sys/param.h])
-AC_CHECK_HEADERS([sys/mount.h], [], [],
-[#ifdef HAVE_SYS_PARAM_H
-# include <sys/param.h>
-# endif
-])
-AC_CHECK_HEADERS([sys/syscall.h])
+AC_CHECK_FUNCS([statvfs pipe2])


 # Check for lutimes, optionally used for changing the mtime of
@@ -95,10 +88,6 @@ AC_CHECK_HEADERS([sys/syscall.h])
 AC_CHECK_FUNCS([lutimes])


-# Check for sched_setaffinity.
-AC_CHECK_FUNCS([sched_setaffinity])
-
-
 # Check whether the store optimiser can optimise symlinks.
 AC_MSG_CHECKING([whether it is possible to create a link to a symlink])
 ln -s bla tmp_link
@@ -117,15 +106,6 @@ AC_CHECK_HEADERS([locale])
 AC_LANG_POP(C++)


-# Check for <err.h>.
-AC_CHECK_HEADER([err.h], [], [bsddiff_compat_include="-Icompat-include"])
-AC_SUBST([bsddiff_compat_include])
-
-
-# Check for <linux/fs.h> (for immutable file support).
-AC_CHECK_HEADERS([linux/fs.h])
-
-
 AC_DEFUN([NEED_PROG],
 [
 AC_PATH_PROG($1, $2)
@@ -148,7 +128,6 @@ NEED_PROG(bzip2, bzip2)
 NEED_PROG(gzip, gzip)
 NEED_PROG(xz, xz)
 AC_PATH_PROG(dot, dot)
-AC_PATH_PROG(dblatex, dblatex)
 AC_PATH_PROG(pv, pv, pv)


@@ -183,16 +162,8 @@ AC_ARG_WITH(store-dir, AC_HELP_STRING([--with-store-dir=PATH],
 AC_SUBST(storedir)


-# Look for OpenSSL, an optional dependency.
-AC_PATH_PROG(openssl, openssl, openssl) # if not found, call openssl in $PATH
-AC_SUBST(openssl)
-AC_DEFINE_UNQUOTED(OPENSSL_PATH, ["$openssl"], [Path of the OpenSSL binary])
-
-PKG_CHECK_MODULES([OPENSSL], [libcrypto],
-  [AC_DEFINE([HAVE_OPENSSL], [1], [Whether to use OpenSSL.])
-   CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"
-   have_openssl=1], [have_openssl=])
-AC_SUBST(HAVE_OPENSSL, [$have_openssl])
+# Look for OpenSSL, a required dependency.
+PKG_CHECK_MODULES([OPENSSL], [libcrypto], [CXXFLAGS="$OPENSSL_CFLAGS $CXXFLAGS"])


 # Look for libbz2, a required dependency.
@@ -218,6 +189,19 @@ PKG_CHECK_MODULES([SODIUM], [libsodium],
 AC_SUBST(HAVE_SODIUM, [$have_sodium])


+# Look for liblzma, a required dependency.
+PKG_CHECK_MODULES([LIBLZMA], [liblzma], [CXXFLAGS="$LIBLZMA_CFLAGS $CXXFLAGS"])
+
+
+# Look for aws-cpp-sdk-s3.
+AC_LANG_PUSH(C++)
+AC_CHECK_HEADERS([aws/s3/S3Client.h],
+  [AC_DEFINE([ENABLE_S3], [1], [Whether to enable S3 support via aws-cpp-sdk-s3.])
+  enable_s3=1], [enable_s3=])
+AC_SUBST(ENABLE_S3, [$enable_s3])
+AC_LANG_POP(C++)
+
+
 # Whether to use the Boehm garbage collector.
 AC_ARG_ENABLE(gc, AC_HELP_STRING([--enable-gc],
  [enable garbage collection in the Nix expression evaluator (requires Boehm GC) [default=no]]),
@@ -229,7 +213,7 @@ if test "$gc" = yes; then
 fi


-# Check for the required Perl dependencies (DBI, DBD::SQLite and WWW::Curl).
+# Check for the required Perl dependencies (DBI, DBD::SQLite).
 perlFlags="-I$perllibdir"

 AC_ARG_WITH(dbi, AC_HELP_STRING([--with-dbi=PATH],
@@ -240,10 +224,6 @@ AC_ARG_WITH(dbd-sqlite, AC_HELP_STRING([--with-dbd-sqlite=PATH],
  [prefix of the Perl DBD::SQLite library]),
  perlFlags="$perlFlags -I$withval")

-AC_ARG_WITH(www-curl, AC_HELP_STRING([--with-www-curl=PATH],
-  [prefix of the Perl WWW::Curl library]),
-  perlFlags="$perlFlags -I$withval")
-
 AC_MSG_CHECKING([whether DBD::SQLite works])
 if ! $perl $perlFlags -e 'use DBI; use DBD::SQLite;' 2>&5; then
    AC_MSG_RESULT(no)
@@ -251,13 +231,6 @@ if ! $perl $perlFlags -e 'use DBI; use DBD::SQLite;' 2>&5; then
 fi
 AC_MSG_RESULT(yes)

-AC_MSG_CHECKING([whether WWW::Curl works])
-if ! $perl $perlFlags -e 'use WWW::Curl;' 2>&5; then
-    AC_MSG_RESULT(no)
-    AC_MSG_FAILURE([The Perl module WWW::Curl is missing.])
-fi
-AC_MSG_RESULT(yes)
-
 AC_SUBST(perlFlags)


@@ -280,6 +253,13 @@ AC_ARG_ENABLE(init-state, AC_HELP_STRING([--disable-init-state],
 #AM_CONDITIONAL(INIT_STATE, test "$init_state" = "yes")


+# documentation generation switch
+AC_ARG_ENABLE(doc-gen, AC_HELP_STRING([--disable-doc-gen],
+  [disable documentation generation]),
+  doc_generate=$enableval, doc_generate=yes)
+AC_SUBST(doc_generate)
+
+
 # Setuid installations.
 AC_CHECK_FUNCS([setresuid setreuid lchown])

--- a/corepkgs/buildenv.nix
+++ b/corepkgs/buildenv.nix
@@ -5,10 +5,9 @@ with import <nix/config.nix>;
 derivation {
  name = "user-environment";
  system = builtins.currentSystem;
-  builder = perl;
-  args = [ "-w" ./buildenv.pl ];
+  builder = nixLibexecDir + "/nix/buildenv";

-  manifest = manifest;
+  inherit manifest;

  # !!! grmbl, need structured data for passing this in a clean way.
  derivations =
@@ -23,5 +22,23 @@ derivation {
  # network traffic, so don't do that.
  preferLocalBuild = true;

+  # Also don't bother substituting.
+  allowSubstitutes = false;
+
+  __sandboxProfile = ''
+    (allow sysctl-read)
+    (allow file-read*
+           (literal "/usr/lib/libSystem.dylib")
+           (literal "/usr/lib/libSystem.B.dylib")
+           (literal "/usr/lib/libobjc.A.dylib")
+           (literal "/usr/lib/libobjc.dylib")
+           (literal "/usr/lib/libauto.dylib")
+           (literal "/usr/lib/libc++abi.dylib")
+           (literal "/usr/lib/libc++.1.dylib")
+           (literal "/usr/lib/libDiagnosticMessagesClient.dylib")
+           (subpath "/usr/lib/system")
+           (subpath "/dev"))
+  '';
+
  inherit chrootDeps;
 }
--- a/corepkgs/buildenv.pl
+++ b/corepkgs/buildenv.pl
@@ -1,168 +0,0 @@
-use strict;
-use Cwd;
-use IO::Handle;
-use utf8;
-
-STDOUT->autoflush(1);
-
-my $out = $ENV{"out"};
-mkdir "$out", 0755 || die "error creating $out";
-
-
-my $symlinks = 0;
-
-my %priorities;
-
-
-# For each activated package, create symlinks.
-
-sub createLinks {
-    my $srcDir = shift;
-    my $dstDir = shift;
-    my $priority = shift;
-
-    my @srcFiles = glob("$srcDir/*");
-
-    foreach my $srcFile (@srcFiles) {
-        my $baseName = $srcFile;
-        $baseName =~ s/^.*\///g; # strip directory
-        my $dstFile = "$dstDir/$baseName";
-
-        # The files below are special-cased so that they don't show up
-        # in user profiles, either because they are useless, or
-        # because they would cause pointless collisions (e.g., each
-        # Python package brings its own
-        # `$out/lib/pythonX.Y/site-packages/easy-install.pth'.)
-        # Urgh, hacky...
-        if ($srcFile =~ /\/propagated-build-inputs$/ ||
-            $srcFile =~ /\/nix-support$/ ||
-            $srcFile =~ /\/perllocal.pod$/ ||
-            $srcFile =~ /\/info\/dir$/ ||
-            $srcFile =~ /\/log$/)
-        {
-            # Do nothing.
-        }
-
-        elsif (-d $srcFile) {
-
-            lstat $dstFile;
-
-            if (-d _) {
-                createLinks($srcFile, $dstFile, $priority);
-            }
-
-            elsif (-l _) {
-                my $target = readlink $dstFile or die;
-                if (!-d $target) {
-                    die "collision between directory ‘$srcFile’ and non-directory ‘$target’";
-                }
-                unlink $dstFile or die "error unlinking ‘$dstFile’: $!";
-                mkdir $dstFile, 0755 ||
-                    die "error creating directory ‘$dstFile’: $!";
-                createLinks($target, $dstFile, $priorities{$dstFile});
-                createLinks($srcFile, $dstFile, $priority);
-            }
-
-            else {
-                symlink($srcFile, $dstFile) ||
-                    die "error creating link ‘$dstFile’: $!";
-                $priorities{$dstFile} = $priority;
-                $symlinks++;
-            }
-        }
-
-        else {
-
-            if (-l $dstFile) {
-                my $target = readlink $dstFile;
-                my $prevPriority = $priorities{$dstFile};
-                die("collision between ‘$srcFile’ and ‘$target’; " .
-                    "use ‘nix-env --set-flag priority NUMBER PKGNAME’ " .
-                    "to change the priority of one of the conflicting packages\n")
-                    if $prevPriority == $priority;
-                next if $prevPriority < $priority;
-                unlink $dstFile or die;
-            }
-
-            symlink($srcFile, $dstFile) ||
-                die "error creating link ‘$dstFile’: $!";
-            $priorities{$dstFile} = $priority;
-            $symlinks++;
-        }
-    }
-}
-
-
-my %done;
-my %postponed;
-
-sub addPkg;
-sub addPkg {
-    my $pkgDir = shift;
-    my $priority = shift;
-
-    return if (defined $done{$pkgDir});
-    $done{$pkgDir} = 1;
-
-#    print "symlinking $pkgDir\n";
-    createLinks("$pkgDir", "$out", $priority);
-
-    my $propagatedFN = "$pkgDir/nix-support/propagated-user-env-packages";
-    if (-e $propagatedFN) {
-        open PROP, "<$propagatedFN" or die;
-        my $propagated = <PROP>;
-        close PROP;
-        my @propagated = split ' ', $propagated;
-        foreach my $p (@propagated) {
-            $postponed{$p} = 1 unless defined $done{$p};
-        }
-    }
-}
-
-
-# Convert the stuff we get from the environment back into a coherent
-# data type.
-my @pkgs;
-my @derivations = split ' ', $ENV{"derivations"};
-while (scalar @derivations) {
-    my $active = shift @derivations;
-    my $priority = shift @derivations;
-    my $outputs = shift @derivations;
-    for (my $n = 0; $n < $outputs; $n++) {
-        my $path = shift @derivations;
-        push @pkgs,
-            { path => $path
-            , active => $active ne "false"
-            , priority => int($priority) };
-    }
-}
-
-
-# Symlink to the packages that have been installed explicitly by the
-# user.  Process in priority order to reduce unnecessary
-# symlink/unlink steps.
-@pkgs = sort { $a->{priority} <=> $b->{priority} || $a->{path} cmp $b->{path} } @pkgs;
-foreach my $pkg (@pkgs) {
-    #print $pkg, " ", $pkgs{$pkg}->{priority}, "\n";
-    addPkg($pkg->{path}, $pkg->{priority}) if $pkg->{active};
-}
-
-
-# Symlink to the packages that have been "propagated" by packages
-# installed by the user (i.e., package X declares that it want Y
-# installed as well).  We do these later because they have a lower
-# priority in case of collisions.
-my $priorityCounter = 1000; # don't care about collisions
-while (scalar(keys %postponed) > 0) {
-    my @pkgDirs = keys %postponed;
-    %postponed = ();
-    foreach my $pkgDir (sort @pkgDirs) {
-        addPkg($pkgDir, $priorityCounter++);
-    }
-}
-
-
-print STDERR "created $symlinks symlinks in user environment\n";
-
-
-symlink($ENV{"manifest"}, "$out/manifest.nix") or die "cannot create manifest";
--- a/corepkgs/config.nix.in
+++ b/corepkgs/config.nix.in
@@ -3,7 +3,6 @@ let
    let val = builtins.getEnv var; in
    if val != "" then val else def;
 in rec {
-  perl = "@perl@";
  shell = "@bash@";
  coreutils = "@coreutils@";
  bzip2 = "@bzip2@";
@@ -14,6 +13,7 @@ in rec {
  tr = "@tr@";
  nixBinDir = fromEnv "NIX_BIN_DIR" "@bindir@";
  nixPrefix = "@prefix@";
+  nixLibexecDir = fromEnv "NIX_LIBEXEC_DIR" "@libexecdir@";

  # If Nix is installed in the Nix store, then automatically add it as
  # a dependency to the core packages. This ensures that they work
--- a/corepkgs/fetchurl.nix
+++ b/corepkgs/fetchurl.nix
@@ -1,12 +1,17 @@
-with import <nix/config.nix>;
-
-{system ? builtins.currentSystem, url, outputHash ? "", outputHashAlgo ? "", md5 ? "", sha1 ? "", sha256 ? "", executable ? false}:
+{ system ? builtins.currentSystem
+, url
+, outputHash ? ""
+, outputHashAlgo ? ""
+, md5 ? "", sha1 ? "", sha256 ? ""
+, executable ? false
+, unpack ? false
+, name ? baseNameOf (toString url)
+}:

 assert (outputHash != "" && outputHashAlgo != "")
    || md5 != "" || sha1 != "" || sha256 != "";

 derivation {
-  name = baseNameOf (toString url);
  builder = "builtin:fetchurl";

  # New-style output content requirements.
@@ -14,9 +19,9 @@ derivation {
      if sha256 != "" then "sha256" else if sha1 != "" then "sha1" else "md5";
  outputHash = if outputHash != "" then outputHash else
      if sha256 != "" then sha256 else if sha1 != "" then sha1 else md5;
-  outputHashMode = if executable then "recursive" else "flat";
+  outputHashMode = if unpack || executable then "recursive" else "flat";

-  inherit system url executable;
+  inherit name system url executable unpack;

  # No need to double the amount of network traffic
  preferLocalBuild = true;
@@ -28,4 +33,7 @@ derivation {
    # by definition pure.
    "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
  ];
+
+  # To make "nix-prefetch-url" work.
+  urls = [ url ];
 }
--- a/corepkgs/local.mk
+++ b/corepkgs/local.mk
@@ -1,4 +1,4 @@
-corepkgs_FILES = nar.nix buildenv.nix buildenv.pl unpack-channel.nix derivation.nix fetchurl.nix imported-drv-to-derivation.nix
+corepkgs_FILES = buildenv.nix unpack-channel.nix derivation.nix fetchurl.nix imported-drv-to-derivation.nix

 $(foreach file,config.nix $(corepkgs_FILES),$(eval $(call install-data-in,$(d)/$(file),$(datadir)/nix/corepkgs)))

--- a/corepkgs/nar.nix
+++ b/corepkgs/nar.nix
@@ -1,48 +0,0 @@
-with import <nix/config.nix>;
-
-let
-
-  builder = builtins.toFile "nar.sh"
-    ''
-      export PATH=${nixBinDir}:${coreutils}
-
-      if [ $compressionType = xz ]; then
-        ext=.xz
-        compressor="| ${xz} -7"
-      elif [ $compressionType = bzip2 ]; then
-        ext=.bz2
-        compressor="| ${bzip2}"
-      else
-        ext=
-        compressor=
-      fi
-
-      echo "packing ‘$storePath’..."
-      mkdir $out
-      dst=$out/tmp.nar$ext
-
-      set -o pipefail
-      eval "nix-store --dump \"$storePath\" $compressor > $dst"
-
-      hash=$(nix-hash --flat --type $hashAlgo --base32 $dst)
-      echo -n $hash > $out/nar-compressed-hash
-
-      mv $dst $out/$hash.nar$ext
-    '';
-
-in
-
-{ storePath, hashAlgo, compressionType }:
-
-derivation {
-  name = "nar";
-  system = builtins.currentSystem;
-  builder = shell;
-  args = [ "-e" builder ];
-  inherit storePath hashAlgo compressionType;
-
-  # Remote machines may not have ${nixBinDir} or ${coreutils} in the same prefixes
-  preferLocalBuild = true;
-
-  inherit chrootDeps;
-}
--- a/18
+++ b/18
@@ -1,18 +0,0 @@
-#!/usr/bin/env bash
-if [ -e tests/test-tmp ]; then
-    chmod -R u+w tests/test-tmp
-    rm -rf tests/test-tmp
-fi
-
-s=$(type -p nix-shell)
-exec $s release.nix -A tarball --command "
-    unset http_proxy
-    export NIX_REMOTE=$NIX_REMOTE
-    export NIX_PATH='$NIX_PATH'
-    export NIX_BUILD_SHELL=$(type -p bash)
-    export c=\$configureFlags
-    exec $s release.nix -A build.$(if [ $(uname -s) = Darwin ]; then echo x86_64-darwin; else echo x86_64-linux; fi) --exclude tarball --command '
-        configureFlags+=\" \$c --prefix=$(pwd)/inst --sysconfdir=$(pwd)/inst/etc\"
-        return
-    '" \
-    "$@"
--- a/doc/manual/advanced-topics/distributed-builds.xml
+++ b/doc/manual/advanced-topics/distributed-builds.xml
@@ -11,9 +11,9 @@ forward Nix builds to other machines over the network.  This allows
 multiple builds to be performed in parallel (thus improving
 performance) and allows Nix to perform multi-platform builds in a
 semi-transparent way.  For instance, if you perform a build for a
-<literal>powerpc-darwin</literal> on an <literal>i686-linux</literal>
+<literal>x86_64-darwin</literal> on an <literal>i686-linux</literal>
 machine, Nix can automatically forward the build to a
-<literal>powerpc-darwin</literal> machine, if available.</para>
+<literal>x86_64-darwin</literal> machine, if available.</para>

 <para>You can enable distributed builds by setting the environment
 variable <envar>NIX_BUILD_HOOK</envar> to point to a program that Nix
@@ -30,7 +30,7 @@ variable</link>.</para>
 <example xml:id='ex-remote-systems'><title>Remote machine configuration:
 <filename>remote-systems.conf</filename></title>
 <programlisting>
-nix@mcflurry.labs.cs.uu.nl  powerpc-darwin  /home/nix/.ssh/id_quarterpounder_auto  2
+nix@mcflurry.labs.cs.uu.nl  x86_64-darwin   /home/nix/.ssh/id_quarterpounder_auto  2
 nix@scratchy.labs.cs.uu.nl  i686-linux      /home/nix/.ssh/id_scratchy_auto        8 1 kvm
 nix@itchy.labs.cs.uu.nl     i686-linux      /home/nix/.ssh/id_scratchy_auto        8 2
 nix@poochie.labs.cs.uu.nl   i686-linux      /home/nix/.ssh/id_scratchy_auto        8 2 kvm perf
@@ -44,7 +44,8 @@ outputs and perform the remote build.  To use it, you should set
 <envar>NIX_BUILD_HOOK</envar> to
 <filename><replaceable>prefix</replaceable>/libexec/nix/build-remote.pl</filename>.
 You should also define a list of available build machines and point
-the environment variable <envar>NIX_REMOTE_SYSTEMS</envar> to it.  An
+the environment variable <envar>NIX_REMOTE_SYSTEMS</envar> to
+it. <envar>NIX_REMOTE_SYSTEMS</envar> must be an absolute path. An
 example configuration is shown in <xref linkend='ex-remote-systems'
 />.  Each line in the file specifies a machine, with the following
 bits of information:
@@ -58,7 +59,7 @@ bits of information:
  <filename>~/.ssh/config</filename>.</para></listitem>

  <listitem><para>A comma-separated list of Nix platform type
-  identifiers, such as <literal>powerpc-darwin</literal>.  It is
+  identifiers, such as <literal>x86_64-darwin</literal>.  It is
  possible for a machine to support multiple platform types, e.g.,
  <literal>i686-linux,x86_64-linux</literal>.</para></listitem>

--- a/doc/manual/command-ref/conf-file.xml
+++ b/doc/manual/command-ref/conf-file.xml
@@ -18,7 +18,8 @@
 <refsection><title>Description</title>

 <para>A number of persistent settings of Nix are stored in the file
-<filename><replaceable>sysconfdir</replaceable>/nix/nix.conf</filename>.
+<filename><replaceable>sysconfdir</replaceable>/nix/nix.conf</filename> or
+<filename>$NIX_CONF_DIR/nix.conf</filename> if <envar>NIX_CONF_DIR</envar> is set.
 This file is a list of <literal><replaceable>name</replaceable> =
 <replaceable>value</replaceable></literal> pairs, one per line.
 Comments start with a <literal>#</literal> character.  Here is an example
@@ -224,16 +225,16 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
  </varlistentry>


-  <varlistentry><term><literal>build-use-chroot</literal></term>
+  <varlistentry><term><literal>build-use-sandbox</literal></term>

    <listitem><para>If set to <literal>true</literal>, builds will be
-    performed in a <emphasis>chroot environment</emphasis>, i.e.,
+    performed in a <emphasis>sandboxed environment</emphasis>, i.e.,
    they’re isolated from the normal file system hierarchy and will
    only see their dependencies in the Nix store, the temporary build
    directory, private versions of <filename>/proc</filename>,
    <filename>/dev</filename>, <filename>/dev/shm</filename> and
-    <filename>/dev/pts</filename>, and the paths configured with the
-    <link linkend='conf-build-chroot-dirs'><literal>build-chroot-dirs</literal>
+    <filename>/dev/pts</filename> (on Linux), and the paths configured with the
+    <link linkend='conf-build-sandbox-paths'><literal>build-sandbox-paths</literal>
    option</link>. This is useful to prevent undeclared dependencies
    on files in directories such as <filename>/usr/bin</filename>. In
    addition, on Linux, builds run in private PID, mount, network, IPC
@@ -241,8 +242,8 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
    system (except that fixed-output derivations do not run in private
    network namespace to ensure they can access the network).</para>

-    <para>Currently, chroots only work on Linux and Mac OS X. The use
-    of a chroot requires that Nix is run as root (so you should use
+    <para>Currently, sandboxing only work on Linux and Mac OS X. The use
+    of a sandbox requires that Nix is run as root (so you should use
    the <link linkend='conf-build-users-group'>“build users”
    feature</link> to perform the actual builds under different users
    than root).</para>
@@ -250,7 +251,7 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
    <para>If this option is set to <literal>relaxed</literal>, then
    fixed-output derivations and derivations that have the
    <varname>__noChroot</varname> attribute set to
-    <literal>true</literal> do not run in chroots.</para>
+    <literal>true</literal> do not run in sandboxes.</para>

    <para>The default is <literal>false</literal>.</para>

@@ -259,17 +260,21 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
  </varlistentry>


-  <varlistentry xml:id="conf-build-chroot-dirs"><term><literal>build-chroot-dirs</literal></term>
+  <varlistentry xml:id="conf-build-sandbox-paths">
+    <term><literal>build-sandbox-paths</literal></term>

-    <listitem><para>A list of paths bind-mounted into Nix chroot
-    environments.  Contrary to what the name suggests, the specified
-    paths do not have to be directories; you can bind-mount other
-    types of files as well.  You can use the syntax
+    <listitem><para>A list of paths bind-mounted into Nix sandbox
+    environments. You can use the syntax
    <literal><replaceable>target</replaceable>=<replaceable>source</replaceable></literal>
-    to mount a path in a different location in the chroot; for
+    to mount a path in a different location in the sandbox; for
    instance, <literal>/bin=/nix-bin</literal> will mount the path
    <literal>/nix-bin</literal> as <literal>/bin</literal> inside the
-    chroot.</para>
+    sandbox. If <replaceable>source</replaceable> is followed by
+    <literal>?</literal>, then it is not an error if
+    <replaceable>source</replaceable> does not exist; for example,
+    <literal>/dev/nvidiactl?</literal> specifies that
+    <filename>/dev/nvidiactl</filename> will only be mounted in the
+    sandbox if it exists in the host filesystem.</para>

    <para>Depending on how Nix was built, the default value for this option
    may be empty or provide <filename>/bin/sh</filename> as a
@@ -278,10 +283,11 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
  </varlistentry>


-  <varlistentry xml:id="conf-build-extra-chroot-dirs"><term><literal>build-extra-chroot-dirs</literal></term>
+  <varlistentry xml:id="conf-build-extra-sandbox-paths">
+    <term><literal>build-extra-sandbox-paths</literal></term>

    <listitem><para>A list of additional paths appended to
-    <option>build-chroot-dirs</option>. Useful if you want to extend
+    <option>build-sandbox-paths</option>. Useful if you want to extend
    its default value.</para></listitem>

  </varlistentry>
@@ -306,21 +312,6 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
  </varlistentry>


-  <varlistentry><term><literal>build-cache-failure</literal></term>
-
-    <listitem><para>If set to <literal>true</literal>, Nix will
-    “cache” build failures, meaning that it will remember (in its
-    database) that a derivation previously failed.  If you then try to
-    build the derivation again, Nix will immediately fail rather than
-    perform the build again.  Failures in fixed-output derivations
-    (such as <function>fetchurl</function> calls) are never cached.
-    The “failed” status of a derivation can be cleared using
-    <command>nix-store --clear-failed-paths</command>.  By default,
-    failure caching is disabled.</para></listitem>
-
-  </varlistentry>
-
-
  <varlistentry><term><literal>build-keep-log</literal></term>

    <listitem><para>If set to <literal>true</literal> (the default),
@@ -423,10 +414,9 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>

  <varlistentry><term><literal>binary-caches-parallel-connections</literal></term>

-    <listitem><para>The maximum number of parallel HTTP connections
-    used by the binary cache substituter to get NAR info files.  This
-    number should be high to minimise latency.  It defaults to
-    150.</para></listitem>
+    <listitem><para>The maximum number of parallel TCP connections
+    used to fetch files from binary caches and by other downloads. It
+    defaults to 25. 0 means no limit.</para></listitem>

  </varlistentry>

@@ -440,32 +430,20 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
  </varlistentry>


-  <varlistentry><term><literal>force-manifest</literal></term>
-
-    <listitem><para>If this option is set to <literal>false</literal>
-    (default) and a Nix channel provides both a manifest and a binary
-    cache, only the binary cache will be used.  If set to
-    <literal>true</literal>, the manifest will be fetched as well.
-    This is useful if you want to use binary patches (which are
-    currently not supported by binary caches).</para></listitem>
-
-  </varlistentry>
-
-
  <varlistentry><term><literal>system</literal></term>

    <listitem><para>This option specifies the canonical Nix system
    name of the current installation, such as
    <literal>i686-linux</literal> or
-    <literal>powerpc-darwin</literal>.  Nix can only build derivations
+    <literal>x86_64-darwin</literal>.  Nix can only build derivations
    whose <literal>system</literal> attribute equals the value
    specified here.  In general, it never makes sense to modify this
    value from its default, since you can use it to ‘lie’ about the
    platform you are building on (e.g., perform a Mac OS build on a
    Linux machine; the result would obviously be wrong).  It only
    makes sense if the Nix binaries can run on multiple platforms,
-    e.g., ‘universal binaries’ that run on <literal>powerpc-darwin</literal> and
-    <literal>i686-darwin</literal>.</para>
+    e.g., ‘universal binaries’ that run on <literal>x86_64-linux</literal> and
+    <literal>i686-linux</literal>.</para>

    <para>It defaults to the canonical Nix system name detected by
    <filename>configure</filename> at build time.</para></listitem>
@@ -593,19 +571,21 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
      between different versions of the same system to be hard-coded into nix.
      </para>

-      <para>The hook is passed the derivation path and, if chroots are enabled,
-      the chroot directory. It can then modify the chroot and send a series of
+      <para>The hook is passed the derivation path and, if sandboxes are enabled,
+      the sandbox directory. It can then modify the sandbox and send a series of
      commands to modify various settings to stdout. The currently recognized
      commands are:</para>

      <variablelist>
-        <varlistentry xml:id="extra-chroot-dirs"><term><literal>extra-chroot-dirs</literal></term>
+        <varlistentry xml:id="extra-sandbox-paths">
+          <term><literal>extra-sandbox-paths</literal></term>

          <listitem>

            <para>Pass a list of files and directories to be included in the
-            chroot for this build. One entry per line, terminated by an empty
-            line. Entries have the same format as build-chroot-dirs.</para>
+            sandbox for this build. One entry per line, terminated by an empty
+            line. Entries have the same format as
+            <literal>build-sandbox-paths</literal>.</para>

          </listitem>

@@ -616,6 +596,31 @@ flag, e.g. <literal>--option gc-keep-outputs false</literal>.</para>
  </varlistentry>


+  <varlistentry xml:id="conf-build-repeat"><term><literal>build-repeat</literal></term>
+
+    <listitem><para>How many times to repeat builds to check whether
+    they are deterministic. The default value is 0. If the value is
+    non-zero, every build is repeated the specified number of
+    times. If the contents of any of the runs differs from the
+    previous ones, the build is rejected and the resulting store paths
+    are not registered as “valid” in Nix’s database.</para></listitem>
+
+  </varlistentry>
+
+
+  <varlistentry xml:id="conf-sandbox-dev-shm-size"><term><literal>sandbox-dev-shm-size</literal></term>
+
+    <listitem><para>This option determines the maximum size of the
+    <literal>tmpfs</literal> filesystem mounted on
+    <filename>/dev/shm</filename> in Linux sandboxes. For the format,
+    see the description of the <option>size</option> option of
+    <literal>tmpfs</literal> in
+    <citerefentry><refentrytitle>mount</refentrytitle><manvolnum>8</manvolnum></citerefentry>. The
+    default is <literal>50%</literal>.</para></listitem>
+
+  </varlistentry>
+
+
 </variablelist>

 </para>
--- a/doc/manual/command-ref/env-common.xml
+++ b/doc/manual/command-ref/env-common.xml
@@ -11,6 +11,12 @@

 <variablelist xml:id="env-common">

+<varlistentry><term><envar>IN_NIX_SHELL</envar></term>
+
+  <listitem><para>Indicator that tells if the current environment was set up by
+  <command>nix-shell</command>.</para></listitem>
+
+</varlistentry>

 <varlistentry xml:id="env-NIX_PATH"><term><envar>NIX_PATH</envar></term>

@@ -123,15 +129,6 @@ $ mount -o bind /mnt/otherdisk/nix /nix</screen>
 </varlistentry>


-<varlistentry><term><envar>NIX_DB_DIR</envar></term>
-
-  <listitem><para>Overrides the location of the Nix database (default
-  <filename><replaceable>$NIX_STATE_DIR</replaceable>/db</filename>, i.e.,
-  <filename><replaceable>prefix</replaceable>/var/nix/db</filename>).</para></listitem>
-
-</varlistentry>
-
-
 <varlistentry><term><envar>NIX_CONF_DIR</envar></term>

  <listitem><para>Overrides the location of the Nix configuration
--- a/doc/manual/command-ref/nix-channel.xml
+++ b/doc/manual/command-ref/nix-channel.xml
@@ -73,11 +73,10 @@ condition="manual">See also <xref linkend="sec-channels"

    <listitem><para>Downloads the Nix expressions of all subscribed
    channels (or only those included in
-    <replaceable>names</replaceable> if specified), makes them the
+    <replaceable>names</replaceable> if specified) and makes them the
    default for <command>nix-env</command> operations (by symlinking
-    them from the directory <filename>~/.nix-defexpr</filename>), and
-    performs a <command>nix-pull</command> on the manifests of all
-    channels to make pre-built binaries available.</para></listitem>
+    them from the directory
+    <filename>~/.nix-defexpr</filename>).</para></listitem>

  </varlistentry>

@@ -181,19 +180,7 @@ following files:</para>
    sufficient rights to add binary caches. For instance, in a
    multi-user Nix setup, the binary caches provided by the channels
    of the root user are used automatically, but caches corresponding
-    to the channels of non-root users are ignored. Binary caches can
-    be created and maintained using
-    <command>nix-push</command>.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><filename>MANIFEST.bz2</filename></term>
-
-    <listitem><para>(Deprecated in favour of binary caches.) A
-    manifest as created by <command>nix-push</command>. Only used if
-    <filename>binary-cache-url</filename> is not present or if the
-    <filename>nix.conf</filename> option
-    <option>force-manifest</option> is set.</para></listitem>
+    to the channels of non-root users are ignored.</para></listitem>

  </varlistentry>

--- a/doc/manual/command-ref/nix-collect-garbage.xml
+++ b/doc/manual/command-ref/nix-collect-garbage.xml
@@ -28,6 +28,7 @@
      <arg choice='plain'><option>--print-dead</option></arg>
      <arg choice='plain'><option>--delete</option></arg>
    </group>
+    <arg><option>--max-freed</option> <replaceable>bytes</replaceable></arg>
    <arg><option>--dry-run</option></arg>
  </cmdsynopsis>
 </refsynopsisdiv>
--- a/doc/manual/command-ref/nix-copy-closure.xml
+++ b/doc/manual/command-ref/nix-copy-closure.xml
@@ -22,7 +22,6 @@
      <arg choice='plain'><option>--to</option></arg>
      <arg choice='plain'><option>--from</option></arg>
    </group>
-    <arg><option>--sign</option></arg>
    <arg><option>--gzip</option></arg>
    <!--
    <arg><option>- -show-progress</option></arg>
@@ -43,7 +42,7 @@

 <para><command>nix-copy-closure</command> gives you an easy and
 efficient way to exchange software between machines.  Given one or
-more Nix store paths <replaceable>paths</replaceable> on the local
+more Nix store <replaceable>paths</replaceable> on the local
 machine, <command>nix-copy-closure</command> computes the closure of
 those paths (i.e. all their dependencies in the Nix store), and copies
 all paths in the closure to the remote machine via the
@@ -87,23 +86,6 @@ those paths.  If this bothers you, use

  </varlistentry>

-  <varlistentry><term><option>--sign</option></term>
-
-    <listitem><para>Let the sending machine cryptographically sign the
-    dump of each path with the key in
-    <filename><replaceable>sysconfdir</replaceable>/nix/signing-key.sec</filename>.
-    If the user on the target machine does not have direct access to
-    the Nix store (i.e., if the target machine has a multi-user Nix
-    installation), then the target machine will check the dump against
-    <filename><replaceable>sysconfdir</replaceable>/nix/signing-key.pub</filename>
-    before unpacking it in its Nix store.  This allows secure sharing
-    of store paths between untrusted users on two machines, provided
-    that there is a trust relation between the Nix installations on
-    both machines (namely, they have matching public/secret
-    keys).</para></listitem>
-
-  </varlistentry>
-
  <varlistentry><term><option>--gzip</option></term>

    <listitem><para>Enable compression of the SSH
--- a/doc/manual/command-ref/nix-env.xml
+++ b/doc/manual/command-ref/nix-env.xml
@@ -367,6 +367,10 @@ number of possible ways:
  linkend="rsec-nix-store-realise">realised</link> and
  installed.</para></listitem>

+  <listitem><para>By default all outputs are installed for each derivation.
+  That can be reduced by setting <literal>meta.outputsToInstall</literal>.
+  </para></listitem> <!-- TODO: link nixpkgs docs on the ability to override those. -->
+
 </itemizedlist>

 </para>
@@ -378,7 +382,7 @@ number of possible ways:

 <variablelist>

-  <varlistentry><term><option>--prebuild-only</option> / <option>-b</option></term>
+  <varlistentry><term><option>--prebuilt-only</option> / <option>-b</option></term>

    <listitem><para>Use only derivations for which a substitute is
    registered, i.e., there is a pre-built binary available that can
@@ -489,17 +493,11 @@ set returned by calling the function defined in
 source:

 <screen>
-$ nix-env -f pkgs/top-level/all-packages.nix -i f-spot --dry-run
+$ nix-env -f '&lt;nixpkgs>' -iA hello --dry-run
 (dry run; not doing anything)
-installing `f-spot-0.0.10'
-the following derivations will be built:
-  /nix/store/0g63jv9aagwbgci4nnzs2dkxqz84kdja-libgnomeprintui-2.12.1.tar.bz2.drv
-  /nix/store/0gfarvxq6sannsdw8a1ir40j1ys2mqb4-ORBit2-2.14.2.tar.bz2.drv
-  /nix/store/0i9gs5zc04668qiy60ga2rc16abkj7g8-sqlite-2.8.17.drv
-  <replaceable>...</replaceable>
-the following paths will be substituted:
-  /nix/store/8zbipvm4gp9jfqh9nnk1n3bary1a37gs-perl-XML-Parser-2.34
-  /nix/store/b8a2bg7gnyvvvjjibp4axg9x1hzkw36c-mono-1.1.4
+installing ‘hello-2.10’
+these paths will be fetched (0.04 MiB download, 0.19 MiB unpacked):
+  /nix/store/wkhdf9jinag5750mqlax6z2zbwhqb76n-hello-2.10
  <replaceable>...</replaceable></screen>

 </para>
@@ -1012,7 +1010,7 @@ user environment elements, etc. -->

  </varlistentry>

-  <varlistentry><term><option>--prebuild-only</option> / <option>-b</option></term>
+  <varlistentry><term><option>--prebuilt-only</option> / <option>-b</option></term>

    <listitem><para>Show only derivations for which a substitute is
    registered, i.e., there is a pre-built binary available that can
--- a/doc/manual/command-ref/nix-generate-patches.xml
+++ b/doc/manual/command-ref/nix-generate-patches.xml
@@ -1,44 +0,0 @@
-<refentry xmlns="http://docbook.org/ns/docbook"
-      xmlns:xlink="http://www.w3.org/1999/xlink"
-      xmlns:xi="http://www.w3.org/2001/XInclude"
-      version="5.0"
-      xml:id="sec-nix-generate-patches">
-
-<refmeta>
-  <refentrytitle>nix-generate-patches</refentrytitle>
-  <manvolnum>1</manvolnum>
-  <refmiscinfo class="source">Nix</refmiscinfo>
-  <refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
-</refmeta>
-
-<refnamediv>
-  <refname>nix-generate-patches</refname>
-  <refpurpose>generates binary patches between NAR files</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
-  <cmdsynopsis>
-    <command>nix-generate-patches</command>
-    <arg choice='plain'><replaceable>NAR-DIR</replaceable></arg>
-	<arg choice='plain'><replaceable>PATCH-DIR</replaceable></arg>
-	<arg choice='plain'><replaceable>PATCH-URI</replaceable></arg>
-	<arg choice='plain'><replaceable>OLD-MANIFEST</replaceable></arg>
-	<arg choice='plain'><replaceable>NEW-MANIFEST</replaceable></arg>
-  </cmdsynopsis>
-</refsynopsisdiv>
-
-
-<refsection><title>Description</title>
-
-<para>The command <command>nix-generate-patches</command> generates
-binary patches between NAR files listed in OLD-MANIFEST and NEW-MANIFEST.
-The patches are written to the directory PATCH-DIR, and the prefix
-PATCH-URI is used to generate URIs for the patches.  The patches are
-added to NEW-MANIFEST.  All NARs are required to exist in NAR-DIR.
-Patches are generated between succeeding versions of packages with
-the same name.</para>
-
-</refsection>
-
-
-</refentry>
--- a/doc/manual/command-ref/nix-install-package.xml
+++ b/doc/manual/command-ref/nix-install-package.xml
@@ -1,210 +0,0 @@
-<refentry xmlns="http://docbook.org/ns/docbook"
-      xmlns:xlink="http://www.w3.org/1999/xlink"
-      xmlns:xi="http://www.w3.org/2001/XInclude"
-      version="5.0"
-      xml:id="sec-nix-install-package">
-
-<refmeta>
-  <refentrytitle>nix-install-package</refentrytitle>
-  <manvolnum>1</manvolnum>
-  <refmiscinfo class="source">Nix</refmiscinfo>
-  <refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
-</refmeta>
-
-<refnamediv>
-  <refname>nix-install-package</refname>
-  <refpurpose>install a Nix Package file</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
-  <cmdsynopsis>
-    <command>nix-install-package</command>
-    <arg><option>--non-interactive</option></arg>
-    <arg>
-      <group choice='req'>
-        <arg choice='plain'><option>--profile</option></arg>
-        <arg choice='plain'><option>-p</option></arg>
-      </group>
-      <replaceable>path</replaceable>
-    </arg>
-    <arg><option>--set</option></arg>
-    <sbr />
-    <group choice='req'>
-      <arg choice='req'>
-        <option>--url</option>
-        <arg choice='plain'><replaceable>url</replaceable></arg>
-      </arg>
-      <arg choice='req'>
-        <arg choice='plain'><replaceable>file</replaceable></arg>
-      </arg>
-    </group>
-  </cmdsynopsis>
-</refsynopsisdiv>
-
-
-<refsection><title>Description</title>
-
-<para>The command <command>nix-install-package</command> interactively
-installs a Nix Package file (<filename>*.nixpkg</filename>), which is
-a small file that contains a store path to be installed along with the
-URL of a binary cache.  The Nix Package file is either
-<replaceable>file</replaceable>, or automatically downloaded from
-<replaceable>url</replaceable> if the <option>--url</option> switch is
-used.</para>
-
-<para><command>nix-install-package</command> is used in <link
-linkend="sec-one-click">one-click installs</link> to download and
-install pre-built binary packages with all necessary dependencies.
-<command>nix-install-package</command> is intended to be associated
-with the MIME type <literal>application/nix-package</literal> in a web
-browser so that it is invoked automatically when you click on
-<filename>*.nixpkg</filename> files.  When invoked, it restarts itself
-in a terminal window (since otherwise it would be invisible when run
-from a browser), asks the user to confirm whether to install the
-package, and if so downloads and installs the package into the user’s
-current profile.</para>
-
-<para>To obtain a window, <command>nix-install-package</command> tries
-to restart itself with <command>xterm</command>,
-<command>konsole</command> and
-<command>gnome-terminal</command>.</para>
-
-</refsection>
-
-
-<refsection><title>Options</title>
-
-<variablelist>
-
-  <varlistentry><term><option>--non-interactive</option></term>
-
-    <listitem><para>Do not open a new terminal window and do not ask
-    for confirmation.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--profile</option></term>
-    <term><option>-p</option></term>
-
-    <listitem><para>Install the package into the specified profile
-    rather than the user’s current profile.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--set</option></term>
-
-    <listitem><para>Install the package as the profile so that the
-    profile contains exactly the contents of the package.</para></listitem>
-
-  </varlistentry>
-
-</variablelist>
-
-</refsection>
-
-
-<refsection><title>Examples</title>
-
-<para>To install <filename>subversion-1.4.0.nixpkg</filename> into the
-user’s current profile, without any prompting:
-
-<screen>
-$ nix-install-package --non-interactive subversion-1.4.0.nixpkg</screen>
-
-</para>
-
-<para>To install the same package from some URL into a different
-profile:
-
-<screen>
-$ nix-install-package --non-interactive -p /nix/var/nix/profiles/eelco \
-    --url http://nix.cs.uu.nl/dist/nix/nixpkgs-0.10pre6622/pkgs/subversion-1.4.0-i686-linux.nixpkg</screen>
-
-</para>
-
-</refsection>
-
-
-<refsection><title>Format of <literal>nixpkg</literal> files</title>
-
-<para>A Nix Package file consists of a single line with the following
-format:
-
-<screen>
-NIXPKG1 <replaceable>manifestURL</replaceable> <replaceable>name</replaceable> <replaceable>system</replaceable> <replaceable>drvPath</replaceable> <replaceable>outPath</replaceable></screen>
-
-The elements are as follows:
-
-<variablelist>
-
-  <varlistentry><term><literal>NIXPKG1</literal></term>
-
-    <listitem><para>The version of the Nix Package
-    file.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><replaceable>manifestURL</replaceable></term>
-
-    <listitem><para>The manifest to be pulled by
-    <command>nix-pull</command>.  The manifest must contain
-    <replaceable>outPath</replaceable>.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><replaceable>name</replaceable></term>
-
-    <listitem><para>The symbolic name and version of the
-    package.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><replaceable>system</replaceable></term>
-
-    <listitem><para>The platform identifier of the platform for which
-    this binary package is intended.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><replaceable>drvPath</replaceable></term>
-
-    <listitem><para>The path in the Nix store of the derivation from
-    which <replaceable>outPath</replaceable> was built.  Not currently
-    used.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><replaceable>outPath</replaceable></term>
-
-    <listitem><para>The path in the Nix store of the
-    package.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><replaceable>binaryCacheURL</replaceable></term>
-
-    <listitem><para>The URL of a binary cache containing the closure
-    of <replaceable>outPath</replaceable>.</para></listitem>
-
-  </varlistentry>
-
-</variablelist>
-
-</para>
-
-<para>An example follows:
-
-<screen>
-NIXPKG1 http://.../nixpkgs-0.10pre6622/MANIFEST subversion-1.4.0 i686-darwin \
-  /nix/store/4kh60jkp...-subversion-1.4.0.drv \
-  /nix/store/nkw7wpgb...-subversion-1.4.0</screen>
-
-(The line breaks (<literal>\</literal>) are for presentation purposes
-and not part of the actual file.)
-
-</para>
-
-</refsection>
-
-
-</refentry>
--- a/doc/manual/command-ref/nix-prefetch-url.xml
+++ b/doc/manual/command-ref/nix-prefetch-url.xml
@@ -3,7 +3,7 @@
      xmlns:xi="http://www.w3.org/2001/XInclude"
      version="5.0"
      xml:id="sec-nix-prefetch-url">
-  
+
 <refmeta>
  <refentrytitle>nix-prefetch-url</refentrytitle>
  <manvolnum>1</manvolnum>
@@ -20,6 +20,7 @@
  <cmdsynopsis>
    <command>nix-prefetch-url</command>
    <arg><option>--type</option> <replaceable>hashAlgo</replaceable></arg>
+    <arg><option>--print-path</option></arg>
    <arg choice='plain'><replaceable>url</replaceable></arg>
    <arg><replaceable>hash</replaceable></arg>
  </cmdsynopsis>
@@ -54,8 +55,8 @@ error if signaled if the actual hash of the file does not match the
 specified hash.</para>

 <para>This command prints the hash on standard output.  Additionally,
-if the environment variable <envar>PRINT_PATH</envar> is set, the path
-of the downloaded file in the Nix store is also printed.</para>
+if the option <option>--print-path</option> is used, the path of the
+downloaded file in the Nix store is also printed.</para>

 </refsection>

@@ -63,7 +64,7 @@ of the downloaded file in the Nix store is also printed.</para>
 <refsection><title>Options</title>

 <variablelist>
-  
+
  <varlistentry><term><option>--type</option> <replaceable>hashAlgo</replaceable></term>

    <listitem><para>Use the specified cryptographic hash algorithm,
@@ -73,6 +74,35 @@ of the downloaded file in the Nix store is also printed.</para>

  </varlistentry>

+  <varlistentry><term><option>--print-path</option></term>
+
+    <listitem><para>Print the store path of the downloaded file on
+    standard output.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--unpack</option></term>
+
+    <listitem><para>Unpack the archive (which must be a tarball or zip
+    file) and add the result to the Nix store. The resulting hash can
+    be used with functions such as Nixpkgs’s
+    <varname>fetchzip</varname> or
+    <varname>fetchFromGitHub</varname>.</para></listitem>
+
+  </varlistentry>
+
+  <varlistentry><term><option>--name</option></term>
+
+    <listitem><para>Override the name of the file in the Nix store. By
+    default, this is
+    <literal><replaceable>hash</replaceable>-<replaceable>basename</replaceable></literal>,
+    where <replaceable>basename</replaceable> is the last component of
+    <replaceable>url</replaceable>. Overriding the name is necessary
+    when <replaceable>basename</replaceable> contains characters that
+    are not allowed in Nix store paths.</para></listitem>
+
+  </varlistentry>
+
 </variablelist>

 </refsection>
@@ -81,14 +111,19 @@ of the downloaded file in the Nix store is also printed.</para>
 <refsection><title>Examples</title>

 <screen>
-$ nix-prefetch-url ftp://ftp.nluug.nl/pub/gnu/make/make-3.80.tar.bz2
-0bbd1df101bc0294d440471e50feca71
+$ nix-prefetch-url ftp://ftp.gnu.org/pub/gnu/hello/hello-2.10.tar.gz
+0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i

-$ PRINT_PATH=1 nix-prefetch-url ftp://ftp.nluug.nl/pub/gnu/make/make-3.80.tar.bz2
-0bbd1df101bc0294d440471e50feca71
-/nix/store/wvyz8ifdn7wyz1p3pqyn0ra45ka2l492-make-3.80.tar.bz2</screen>
+$ nix-prefetch-url --print-path mirror://gnu/hello/hello-2.10.tar.gz
+0ssi1wpaf7plaswqqjwigppsg5fyh99vdlb9kzl7c9lng89ndq1i
+/nix/store/3x7dwzq014bblazs7kq20p9hyzz0qh8g-hello-2.10.tar.gz
+
+$ nix-prefetch-url --unpack --print-path https://github.com/NixOS/patchelf/archive/0.8.tar.gz
+079agjlv0hrv7fxnx9ngipx14gyncbkllxrp9cccnh3a50fxcmy7
+/nix/store/19zrmhm3m40xxaw81c8cqm6aljgrnwj2-0.8.tar.gz
+</screen>

 </refsection>

-    
+
 </refentry>
--- a/doc/manual/command-ref/nix-pull.xml
+++ b/doc/manual/command-ref/nix-pull.xml
@@ -1,54 +0,0 @@
-<refentry xmlns="http://docbook.org/ns/docbook"
-      xmlns:xlink="http://www.w3.org/1999/xlink"
-      xmlns:xi="http://www.w3.org/2001/XInclude"
-      version="5.0"
-      xml:id="sec-nix-pull">
-
-<refmeta>
-  <refentrytitle>nix-pull</refentrytitle>
-  <manvolnum>1</manvolnum>
-  <refmiscinfo class="source">Nix</refmiscinfo>
-  <refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
-</refmeta>
-
-<refnamediv>
-  <refname>nix-pull</refname>
-  <refpurpose>register availability of pre-built binaries (deprecated)</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
-  <cmdsynopsis>
-    <command>nix-pull</command>
-    <arg choice='plain'><replaceable>url</replaceable></arg>
-  </cmdsynopsis>
-</refsynopsisdiv>
-
-
-<refsection><title>Description</title>
-
-<note><para>This command and the use of manifests is deprecated. It is
-better to use binary caches.</para></note>
-
-<para>The command <command>nix-pull</command> obtains a list of
-pre-built store paths from the URL <replaceable>url</replaceable>, and
-for each of these store paths, registers a substitute derivation that
-downloads and unpacks it into the Nix store.  This is used to speed up
-installations: if you attempt to install something that has already
-been built and stored into the network cache, Nix can transparently
-re-use the pre-built store paths.</para>
-
-<para>The file at <replaceable>url</replaceable> must be compatible
-with the files created by <replaceable>nix-push</replaceable>.</para>
-
-</refsection>
-
-
-<refsection><title>Examples</title>
-
-<screen>
-$ nix-pull https://nixos.org/releases/nixpkgs/nixpkgs-15.05pre54468.69858d7/MANIFEST</screen>
-
-</refsection>
-
-
-</refentry>
--- a/doc/manual/command-ref/nix-push.xml
+++ b/doc/manual/command-ref/nix-push.xml
@@ -1,464 +0,0 @@
-<refentry xmlns="http://docbook.org/ns/docbook"
-      xmlns:xlink="http://www.w3.org/1999/xlink"
-      xmlns:xi="http://www.w3.org/2001/XInclude"
-      version="5.0"
-      xml:id="sec-nix-push">
-
-<refmeta>
-  <refentrytitle>nix-push</refentrytitle>
-  <manvolnum>1</manvolnum>
-  <refmiscinfo class="source">Nix</refmiscinfo>
-  <refmiscinfo class="version"><xi:include href="../version.txt" parse="text"/></refmiscinfo>
-</refmeta>
-
-<refnamediv>
-  <refname>nix-push</refname>
-  <refpurpose>generate a binary cache</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
-  <cmdsynopsis>
-    <command>nix-push</command>
-    <arg choice='plain'><option>--dest</option> <replaceable>dest-dir</replaceable></arg>
-    <arg><option>--bzip2</option></arg>
-    <arg><option>--none</option></arg>
-    <arg><option>--force</option></arg>
-    <arg><option>--link</option></arg>
-    <arg><option>--manifest</option></arg>
-    <arg><option>--manifest-path</option> <replaceable>filename</replaceable></arg>
-    <arg><option>--url-prefix</option> <replaceable>url</replaceable></arg>
-    <arg><option>--key-file</option> <replaceable>path</replaceable></arg>
-    <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
-  </cmdsynopsis>
-</refsynopsisdiv>
-
-
-<refsection><title>Description</title>
-
-<para>The command <command>nix-push</command> produces a
-<emphasis>binary cache</emphasis>, a directory containing compressed
-Nix archives (NARs) plus some metadata of the closure of the specified
-store paths.  This directory can then be made available through a web
-server to other Nix installations, allowing them to skip building from
-source and instead download binaries from the cache
-automatically.</para>
-
-<para><command>nix-push</command> performs the following actions.
-
-<orderedlist>
-
-  <listitem><para>Each path in <replaceable>paths</replaceable> is
-  built (using <link
-  linkend='rsec-nix-store-realise'><command>nix-store
-  --realise</command></link>).</para></listitem>
-
-  <listitem><para>All paths in the closure of
-  <replaceable>paths</replaceable> are determined (using
-  <command>nix-store --query --requisites
-  --include-outputs</command>).  Note that since the
-  <option>--include-outputs</option> flag is used, if
-  <replaceable>paths</replaceable> includes a store derivation, you
-  get a combined source/binary distribution (e.g., source tarballs
-  will be included).</para></listitem>
-
-  <listitem><para>All store paths determined in the previous step are
-  packaged into a NAR (using <command>nix-store --dump</command>) and
-  compressed using <command>xz</command> or <command>bzip2</command>.
-  The resulting files have the extension <filename>.nar.xz</filename>
-  or <filename>.nar.bz2</filename>.  Also for each store path, Nix
-  generates a file with extension <filename>.narinfo</filename>
-  containing metadata such as the references, cryptographic hash and
-  size of each path.</para></listitem>
-
-  <listitem><para>Optionally, a single <emphasis>manifest</emphasis>
-  file is created that contains the same metadata as the
-  <filename>.narinfo</filename> files.  This is for compatibility with
-  Nix versions prior to 1.2 (see <command>nix-pull</command> for
-  details).</para></listitem>
-
-  <listitem><para>A file named <option>nix-cache-info</option> is
-  placed in the destination directory.  The existence of this file
-  marks the directory as a binary cache.</para></listitem>
-
-</orderedlist>
-
-</para>
-
-</refsection>
-
-
-<refsection><title>Options</title>
-
-<variablelist>
-
-  <varlistentry><term><option>--dest</option> <replaceable>dest-dir</replaceable></term>
-
-    <listitem><para>Set the destination directory to
-    <replaceable>dir</replaceable>, which is created if it does not
-    exist.  This flag is required.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--bzip2</option></term>
-
-    <listitem><para>Compress NARs using <command>bzip2</command>
-    instead of <command>xz</command>.  The latter compresses about 30%
-    better on typical archives, decompresses about twice as fast, but
-    compresses a lot slower and is not supported by Nix prior to
-    version 1.2.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--none</option></term>
-
-    <listitem><para>Do not compress NARs.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--force</option></term>
-
-    <listitem><para>Overwrite <filename>.narinfo</filename> files if
-    they already exist.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--link</option></term>
-
-    <listitem><para>By default, NARs are generated in the Nix store
-    and then copied to <replaceable>dest-dir</replaceable>.  If this
-    option is given, hard links are used instead.  This only works if
-    <replaceable>dest-dir</replaceable> is on the same filesystem as
-    the Nix store.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--manifest</option></term>
-
-    <listitem><para>Force the generation of a manifest suitable for
-    use by <command>nix-pull</command>.  The manifest is stored as
-    <filename><replaceable>dest-dir</replaceable>/MANIFEST</filename>.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--manifest-path</option> <replaceable>filename</replaceable></term>
-
-    <listitem><para>Like <option>--manifest</option>, but store the
-    manifest in <replaceable>filename</replaceable>.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--url-prefix</option> <replaceable>url</replaceable></term>
-
-    <listitem><para>Manifests are expected to contain the absolute
-    URLs of NARs.  For generating these URLs, the prefix
-    <replaceable>url</replaceable> is used.  It defaults to
-    <uri>file://<replaceable>dest-dir</replaceable></uri>.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><option>--key-file</option> <replaceable>path</replaceable></term>
-
-    <listitem><para>Sign the binary cache using the secret key stored
-    in <replaceable>path</replaceable>. This secret key must have been
-    created using <command
-    linkend="rsec-nix-store-generate-binary-cache-key">nix-store
-    --generate-binary-cache-key</command>. Users of this binary cache
-    should add the corresponding public key to the option
-    <option>binary-cache-public-keys</option> in
-    <filename>nix.conf</filename>.</para></listitem>
-
-  </varlistentry>
-
-</variablelist>
-
-</refsection>
-
-
-<refsection><title>Examples</title>
-
-<para>To add the closure of Thunderbird to a binary cache:
-
-<screen>
-$ nix-push --dest /tmp/cache $(nix-build -A thunderbird)
-</screen>
-
-Assuming that <filename>/tmp/cache</filename> is exported by a web
-server as <uri>http://example.org/cache</uri>, you can then use this
-cache on another machine to speed up the installation of Thunderbird:
-
-<screen>
-$ nix-build -A thunderbird --option binary-caches http://example.org/cache
-</screen>
-
-Alternatively, you could add <literal>binary-caches =
-http://example.org/cache</literal> to
-<filename>nix.conf</filename>.</para>
-
-<para>To also include build-time dependencies (such as source
-tarballs):
-
-<screen>
-$ nix-push --dest /tmp/cache $(nix-instantiate -A thunderbird)
-</screen>
-
-</para>
-
-<para>To generate a manifest suitable for <command>nix-pull</command>:
-
-<screen>
-$ nix-push --dest /tmp/cache $(nix-build -A thunderbird) --manifest
-</screen>
-
-On another machine you can then do:
-
-<screen>
-$ nix-pull http://example.org/cache
-</screen>
-
-to cause the binaries to be used by subsequent Nix operations.</para>
-
-<para>To generate a signed binary cache, you must first generate a key
-pair, in this example called <literal>cache.example.org-1</literal>,
-storing the secret key in <filename>./sk</filename> and the public key
-in <filename>./pk</filename>:
-
-<screen>
-$ nix-store --generate-binary-cache-key cache.example.org-1 sk pk
-
-$ cat sk
-cache.example.org-1:jcMRQYFo8pQKzTtimpQLIPeHkMYZjfhB24hGfwF+u9PuX8H8FO7q564+X3G/JDlqqIqGar3OXRRwS9N3Wh3vbw==
-
-$ cat pk
-cache.example.org-1:7l/B/BTu6ueuPl9xvyQ5aqiKhmq9zl0UcEvTd1od728=
-</screen>
-
-You can then generate a binary cache signed with the secret key:
-
-<screen>
-$ nix-push --dest /tmp/cache --key-file ./sk $(type -p firefox)
-</screen>
-
-Users who wish to verify the integrity of binaries downloaded from
-your cache would add the following to their
-<filename>nix.conf</filename>:
-
-<programlisting>
-binary-caches = http://cache.example.org
-signed-binary-caches = *
-binary-cache-public-keys = cache.example.org-1:7l/B/BTu6ueuPl9xvyQ5aqiKhmq9zl0UcEvTd1od728=
-</programlisting>
-
-Nix will then ignore any binary that has a missing, incorrect or
-unrecognised signature.</para>
-
-</refsection>
-
-
-<refsection><title>Binary cache format and operation</title>
-
-<para>A binary cache with URL <replaceable>url</replaceable> only
-denotes a valid binary cache if the file
-<uri><replaceable>url</replaceable>/nix-cache-info</uri> exists.  If
-this file does not exist (or cannot be downloaded), the cache is
-ignored.  If it does exist, it must be a text file containing cache
-properties.  Here’s an example:
-
-<screen>
-StoreDir: /nix/store
-WantMassQuery: 1
-Priority: 10
-</screen>
-
-The properties that are currently supported are:
-
-<variablelist>
-
-  <varlistentry><term><literal>StoreDir</literal></term>
-
-    <listitem><para>The path of the Nix store to which this binary
-    cache applies.  Binaries are not relocatable — a binary built for
-    <filename>/nix/store</filename> won’t generally work in
-    <filename>/home/alice/store</filename> — so to prevent binaries
-    from being used in a wrong store, a binary cache is only used if
-    its <literal>StoreDir</literal> matches the local Nix
-    configuration.  The default is
-    <filename>/nix/store</filename>.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><literal>WantMassQuery</literal></term>
-
-    <listitem><para>Query operations such as <command>nix-env
-    -qas</command> can cause thousands of cache queries, and thus
-    thousands of HTTP requests, to determine which packages are
-    available in binary form.  While these requests are small, not
-    every server may appreciate a potential onslaught of queries.  If
-    <literal>WantMassQuery</literal> is set to <literal>0</literal>
-    (default), “mass queries” such as <command>nix-env -qas</command>
-    will skip this cache.  Thus a package may appear not to have a
-    binary substitute.  However, the binary will still be used when
-    you actually install the package.  If
-    <literal>WantMassQuery</literal> is set to <literal>1</literal>,
-    mass queries will use this cache.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><literal>Priority</literal></term>
-
-    <listitem><para>Each binary cache has a priority (defaulting to
-    50).  Binary caches are checked for binaries in order of ascending
-    priority; thus a higher number denotes a lower priority.  The
-    binary cache <uri>https://cache.nixos.org</uri> has priority
-    40.</para></listitem>
-
-  </varlistentry>
-
-</variablelist>
-
-</para>
-
-<para>Every time Nix needs to build some store path
-<replaceable>p</replaceable>, it will check each configured binary
-cache to see if it has a NAR file for <replaceable>p</replaceable>,
-until it finds one.  If no cache has a NAR, Nix will fall back to
-building the path from source (if applicable).  To see if a cache with
-URL <replaceable>url</replaceable> has a binary for
-<replaceable>p</replaceable>, Nix fetches
-<replaceable>url/h</replaceable>, where <replaceable>h</replaceable>
-is the hash part of <replaceable>p</replaceable>.  Thus, if we have a
-cache <uri>https://cache.nixos.org</uri> and we want to obtain the
-store path
-<screen>
-/nix/store/a8922c0h87iilxzzvwn2hmv8x210aqb9-glibc-2.7
-</screen>
-then Nix will attempt to fetch
-<screen>
-https://cache.nixos.org/a8922c0h87iilxzzvwn2hmv8x210aqb9.narinfo
-</screen>
-(Commands such as <command>nix-env -qas</command> will issue an HTTP
-HEAD request, since it only needs to know if the
-<filename>.narinfo</filename> file exists.)  The
-<filename>.narinfo</filename> file is a simple text file that looks
-like this:
-
-<screen>
-StorePath: /nix/store/a8922c0h87iilxzzvwn2hmv8x210aqb9-glibc-2.7
-URL: nar/0zzjpdz46mdn74v09m053yczlz4am038g8r74iy8w43gx8801h70.nar.bz2
-Compression: bzip2
-FileHash: sha256:0zzjpdz46mdn74v09m053yczlz4am038g8r74iy8w43gx8801h70
-FileSize: 24473768
-NarHash: sha256:0s491y1h9hxj5ghiizlxk7ax6jwbha00zwn7lpyd5xg5bhf60vzg
-NarSize: 109521136
-References: 2ma2k0ys8knh4an48n28vigcmc2z8773-linux-headers-2.6.23.16 ...
-Deriver: 7akyyc87ka32xwmqza9dvyg5pwx3j212-glibc-2.7.drv
-Sig: cache.example.org-1:WepnSp2UT0odDpR3NRjPVhJBHmdBgSBSTbHpdh4SCz92nGXwFY82bkPEmISoC0hGqBXDXEmB6y3Ohgna3mMgDg==
-</screen>
-
-The fields are as follows:
-
-<variablelist>
-
-  <varlistentry><term><literal>StorePath</literal></term>
-
-    <listitem><para>The full store path, including the name part
-    (e.g., <literal>glibc-2.7</literal>).  It must match the
-    requested store path.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><literal>URL</literal></term>
-
-    <listitem><para>The URL of the NAR, relative to the binary cache
-    URL.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><literal>Compression</literal></term>
-
-    <listitem><para>The compression method; either
-    <literal>xz</literal> or
-    <literal>bzip2</literal>.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><literal>FileHash</literal></term>
-
-    <listitem><para>The SHA-256 hash of the compressed
-    NAR.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><literal>FileSize</literal></term>
-
-    <listitem><para>The size of the compressed NAR.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><literal>NarHash</literal></term>
-
-    <listitem><para>The SHA-256 hash of the uncompressed NAR.  This is
-    equal to the hash of the store path as returned by
-    <command>nix-store -q --hash
-    <replaceable>p</replaceable></command>.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><literal>NarSize</literal></term>
-
-    <listitem><para>The size of the uncompressed NAR.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><literal>References</literal></term>
-
-    <listitem><para>The references of the store path, without the Nix
-    store prefix.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><literal>Deriver</literal></term>
-
-    <listitem><para>The deriver of the store path, without the Nix
-    store prefix.  This field is optional.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><literal>System</literal></term>
-
-    <listitem><para>The Nix platform type of this binary, if known.
-    This field is optional.</para></listitem>
-
-  </varlistentry>
-
-  <varlistentry><term><literal>Sig</literal></term>
-
-    <listitem><para>A signature of the the form
-    <literal><replaceable>key-name</replaceable>:<replaceable>sig</replaceable></literal>,
-    where <replaceable>key-name</replaceable> is the symbolic name of
-    the key pair used to sign and verify the cache
-    (e.g. <literal>cache.example.org-1</literal>), and
-    <replaceable>sig</replaceable> is the actual signature, computed
-    over the <varname>StorePath</varname>, <varname>NarHash</varname>,
-    <varname>NarSize</varname> and <varname>References</varname>
-    fields using the <link
-    xlink:href="http://ed25519.cr.yp.to/">Ed25519 public-key signature
-    system</link>.</para></listitem>
-
-  </varlistentry>
-
-</variablelist>
-
-</para>
-
-<para>Thus, in our example, after recursively ensuring that the
-references exist (e.g.,
-<filename>/nix/store/2ma2k0ys8knh4an48n28vigcmc2z8773-linux-headers-2.6.23.16</filename>),
-Nix will fetch <screen>
-https://cache.nixos.org/nar/0zzjpdz46mdn74v09m053yczlz4am038g8r74iy8w43gx8801h70.nar.bz2
-</screen> and decompress and unpack it to
-<filename>/nix/store/a8922c0h87iilxzzvwn2hmv8x210aqb9-glibc-2.7</filename>.</para>
-
-</refsection>
-
-
-</refentry>
--- a/doc/manual/command-ref/nix-shell.xml
+++ b/doc/manual/command-ref/nix-shell.xml
@@ -176,6 +176,22 @@ also <xref linkend="sec-common-options" />.</phrase></para>
 </refsection>


+<refsection><title>Environment variables</title>
+
+<variablelist>
+
+  <varlistentry><term><envar>NIX_BUILD_SHELL</envar></term>
+    
+    <listitem><para>Shell used to start the interactive environment. 
+    Defaults to the <command>bash</command> found in <envar>PATH</envar>.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
 <refsection><title>Examples</title>

 <para>To build the dependencies of the package Pan, and start an
@@ -251,9 +267,9 @@ dependencies in Nixpkgs.</para>

 <para>The lines starting with <literal>#! nix-shell</literal> specify
 <command>nix-shell</command> options (see above). Note that you cannot
-write <literal>#1 /usr/bin/env nix-shell -i ...</literal> because
-<command>/usr/bin/env</command> does not support passing options to
-the interpreter.</para>
+write <literal>#! /usr/bin/env nix-shell -i ...</literal> because
+many operating systems only allow one argument in
+<literal>#!</literal> lines.</para>

 <para>For example, here is a Python script that depends on Python and
 the <literal>prettytable</literal> package:
--- a/doc/manual/command-ref/nix-store.xml
+++ b/doc/manual/command-ref/nix-store.xml
@@ -194,6 +194,25 @@ printed.)</para>

  </varlistentry>

+  <varlistentry><term><option>--check</option></term>
+
+    <listitem><para>This option allows you to check whether a
+    derivation is deterministic. It rebuilds the specified derivation
+    and checks whether the result is bitwise-identical with the
+    existing outputs, printing an error if that’s not the case. The
+    outputs of the specified derivation must already exist. When used
+    with <option>-K</option>, if an output path is not identical to
+    the corresponding output from the previous build, the new output
+    path is left in
+    <filename>/nix/store/<replaceable>name</replaceable>-check.</filename></para>
+
+    <para>See also the <option>build-repeat</option> configuration
+    option, which repeats a derivation a number of times and prevents
+    its outputs from being registered as “valid” in the Nix store
+    unless they are identical.</para></listitem>
+
+  </varlistentry>
+
 </variablelist>

 </refsection>
@@ -212,6 +231,73 @@ $ nix-store -r $(nix-instantiate ./test.nix)
 This is essentially what <link
 linkend="sec-nix-build"><command>nix-build</command></link> does.</para>

+<para>To test whether a previously-built derivation is deterministic:
+
+<screen>
+$ nix-build -r '&lt;nixpkgs>' -A hello --check -K
+</screen>
+
+</para>
+
+</refsection>
+
+
+</refsection>
+
+
+
+<!--######################################################################-->
+
+<refsection xml:id='rsec-nix-store-serve'><title>Operation <option>--serve</option></title>
+
+<refsection><title>Synopsis</title>
+
+<cmdsynopsis>
+  <command>nix-store</command>
+  <arg choice='plain'><option>--serve</option></arg>
+  <arg><option>--write</option></arg>
+</cmdsynopsis>
+
+</refsection>
+
+<refsection><title>Description</title>
+
+<para>The operation <option>--serve</option> provides access to
+the Nix store over stdin and stdout, and is intended to be used
+as a means of providing Nix store access to a restricted ssh user.
+</para>
+
+<para>The following flags are available:</para>
+
+<variablelist>
+
+  <varlistentry><term><option>--write</option></term>
+
+    <listitem><para>Allow the connected client to request the realization
+    of derivations. In effect, this can be used to make the host act
+    as a build slave.</para></listitem>
+
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>To turn a host into a build server, the
+<filename>authorized_keys</filename> file can be used to provide build
+access to a given SSH public key:
+
+<screen>
+$ cat &lt;&lt;EOF >>/root/.ssh/authorized_keys
+command="nice -n20 nix-store --serve --write" ssh-rsa AAAAB3NzaC1yc2EAAAA...
+EOF
+</screen>
+
+</para>
+
 </refsection>


@@ -1029,17 +1115,17 @@ path).</para>
 <para>This command does not produce a <emphasis>closure</emphasis> of
 the specified paths, so if a store path references other store paths
 that are missing in the target Nix store, the import will fail.  To
-copy a whole closure, do something like
+copy a whole closure, do something like:

 <screen>
 $ nix-store --export $(nix-store -qR <replaceable>paths</replaceable>) > out</screen>

-</para>
+To import the whole closure again, run:

-<para>For an example of how <option>--export</option> and
-<option>--import</option> can be used, see the source of the <command
-linkend="sec-nix-copy-closure">nix-copy-closure</command>
-command.</para>
+<screen>
+$ nix-store --import &lt; out</screen>
+
+</para>

 </refsection>

@@ -1262,82 +1348,6 @@ export _args; _args='-e /nix/store/9krlzvny65gdc8s7kpb6lkx8cd02c25c-default-buil
 </refsection>


-<!--######################################################################-->
-
-<refsection><title>Operation <option>--query-failed-paths</option></title>
-
-<refsection>
-  <title>Synopsis</title>
-  <cmdsynopsis>
-    <command>nix-store</command>
-    <arg choice='plain'><option>--query-failed-paths</option></arg>
-  </cmdsynopsis>
-</refsection>
-
-<refsection><title>Description</title>
-
-<para>If build failure caching is enabled through the
-<literal>build-cache-failure</literal> configuration option, the
-operation <option>--query-failed-paths</option> will print out all
-store paths that have failed to build.</para>
-
-</refsection>
-
-<refsection><title>Example</title>
-
-<screen>
-$ nix-store --query-failed-paths
-/nix/store/000zi5dcla86l92jn1g997jb06sidm7x-perl-PerlMagick-6.59
-/nix/store/0011iy7sfwbc1qj5a1f6ifjnbcdail8a-haskell-gitit-ghc7.0.4-0.8.1
-/nix/store/001c0yn1hkh86gprvrb46cxnz3pki7q3-gamin-0.1.10
-<replaceable>…</replaceable>
-</screen>
-
-</refsection>
-
-</refsection>
-
-
-<!--######################################################################-->
-
-<refsection><title>Operation <option>--clear-failed-paths</option></title>
-
-<refsection>
-  <title>Synopsis</title>
-  <cmdsynopsis>
-    <command>nix-store</command>
-    <arg choice='plain'><option>--clear-failed-paths</option></arg>
-    <arg choice='plain' rep='repeat'><replaceable>paths</replaceable></arg>
-  </cmdsynopsis>
-</refsection>
-
-<refsection><title>Description</title>
-
-<para>If build failure caching is enabled through the
-<literal>build-cache-failure</literal> configuration option, the
-operation <option>--clear-failed-paths</option> clears the “failed”
-state of the given store paths, allowing them to be built again.  This
-is useful if the failure was actually transient (e.g. because the disk
-was full).</para>
-
-<para>If a path denotes a derivation, its output paths are cleared.
-You can provide the argument <literal>*</literal> to clear all store
-paths.</para>
-
-</refsection>
-
-<refsection><title>Example</title>
-
-<screen>
-$ nix-store --clear-failed-paths /nix/store/000zi5dcla86l92jn1g997jb06sidm7x-perl-PerlMagick-6.59
-$ nix-store --clear-failed-paths *
-</screen>
-
-</refsection>
-
-</refsection>
-
-
 <!--######################################################################-->

 <refsection xml:id='rsec-nix-store-generate-binary-cache-key'><title>Operation <option>--generate-binary-cache-key</option></title>
@@ -1380,8 +1390,7 @@ parameters:

 </orderedlist>

-For an example, see the manual page for <command
-linkend="sec-nix-push">nix-push</command>.</para>
+</para>

 </refsection>

--- a/doc/manual/command-ref/opt-common-syn.xml
+++ b/doc/manual/command-ref/opt-common-syn.xml
@@ -31,7 +31,6 @@
 <arg><option>-K</option></arg>
 <arg><option>--fallback</option></arg>
 <arg><option>--readonly-mode</option></arg>
-<arg><option>--log-type</option> <replaceable>type</replaceable></arg>
 <arg><option>--show-trace</option></arg>
 <arg>
  <option>-I</option>
--- a/doc/manual/command-ref/opt-common.xml
+++ b/doc/manual/command-ref/opt-common.xml
@@ -191,6 +191,23 @@

 </varlistentry>

+<varlistentry><term><option>--no-build-hook</option></term>
+
+  <listitem>
+
+  <para>Disables the build hook mechanism.  This allows to ignore remote
+  builders if they are setup on the machine.</para>
+
+  <para>It's useful in cases where the bandwidth between the client and the
+  remote builder is too low.  In that case it can take more time to upload the
+  sources to the remote builder and fetch back the result than to do the
+  computation locally.</para>
+
+  </listitem>
+
+</varlistentry>
+
+

 <varlistentry><term><option>--readonly-mode</option></term>

@@ -201,61 +218,6 @@
 </varlistentry>


-<varlistentry xml:id="opt-log-type"><term><option>--log-type</option>
-<replaceable>type</replaceable></term>
-
-  <listitem>
-
-  <para>This option determines how the output written to standard
-  error is formatted.  Nix’s diagnostic messages are typically
-  <emphasis>nested</emphasis>.  For instance, when tracing Nix
-  expression evaluation (<command>nix-env -vvvvv</command>, messages
-  from subexpressions are nested inside their parent expressions.  Nix
-  builder output is also often nested.  For instance, the Nix Packages
-  generic builder nests the various build tasks (unpack, configure,
-  compile, etc.), and the GNU Make in <literal>stdenv-linux</literal>
-  has been patched to provide nesting for recursive Make
-  invocations.</para>
-
-  <para><replaceable>type</replaceable> can be one of the
-  following:
-
-  <variablelist>
-
-    <varlistentry><term><literal>pretty</literal></term>
-
-      <listitem><para>Pretty-print the output, indicating different
-      nesting levels using spaces.  This is the
-      default.</para></listitem>
-
-    </varlistentry>
-
-    <varlistentry><term><literal>escapes</literal></term>
-
-      <listitem><para>Indicate nesting using escape codes that can be
-      interpreted by the <command>nix-log2xml</command> tool in the
-      Nix source distribution.  The resulting XML file can be fed into
-      the <command>log2html.xsl</command> stylesheet to create an HTML
-      file that can be browsed interactively, using JavaScript to
-      expand and collapse parts of the output.</para></listitem>
-
-    </varlistentry>
-
-    <varlistentry><term><literal>flat</literal></term>
-
-      <listitem><para>Remove all nesting.</para></listitem>
-
-    </varlistentry>
-
-  </variablelist>
-
-  </para>
-
-  </listitem>
-
-</varlistentry>
-
-
 <varlistentry><term><option>--arg</option> <replaceable>name</replaceable> <replaceable>value</replaceable></term>

  <listitem><para>This option is accepted by
@@ -273,9 +235,8 @@
  named <replaceable>name</replaceable>, it will call it with value
  <replaceable>value</replaceable>.</para>

-  <para>For instance, the file
-  <literal>pkgs/top-level/all-packages.nix</literal> in Nixpkgs is
-  actually a function:
+  <para>For instance, the top-level <literal>default.nix</literal> in
+  Nixpkgs is actually a function:

 <programlisting>
 { # The system (e.g., `i686-linux') for which to build the packages.
--- a/doc/manual/command-ref/utilities.xml
+++ b/doc/manual/command-ref/utilities.xml
@@ -13,14 +13,8 @@ work with Nix.</para>
 <xi:include href="nix-collect-garbage.xml" />
 <xi:include href="nix-copy-closure.xml" />
 <xi:include href="nix-daemon.xml" />
-<!--
-<xi:include href="nix-generate-patches.xml" />
-->
 <xi:include href="nix-hash.xml" />
-<xi:include href="nix-install-package.xml" />
 <xi:include href="nix-instantiate.xml" />
 <xi:include href="nix-prefetch-url.xml" />
-<xi:include href="nix-pull.xml" />
-<xi:include href="nix-push.xml" />

 </chapter>
--- a/doc/manual/expressions/builtins.xml
+++ b/doc/manual/expressions/builtins.xml
@@ -32,7 +32,7 @@ available as <function>builtins.derivation</function>.</para>
  <varlistentry><term><function>builtins.add</function>
  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>

-    <listitem><para>Return the sum of the integers
+    <listitem><para>Return the sum of the numbers
    <replaceable>e1</replaceable> and
    <replaceable>e2</replaceable>.</para></listitem>

@@ -142,7 +142,7 @@ if builtins ? getEnv then builtins.getEnv "PATH" else ""</programlisting>
    evaluates to the Nix platform identifier for the Nix installation
    on which the expression is being evaluated, such as
    <literal>"i686-linux"</literal> or
-    <literal>"powerpc-darwin"</literal>.</para></listitem>
+    <literal>"x86_64-darwin"</literal>.</para></listitem>

  </varlistentry>

@@ -204,12 +204,41 @@ if builtins ? getEnv then builtins.getEnv "PATH" else ""</programlisting>
  <varlistentry><term><function>builtins.div</function>
  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>

-    <listitem><para>Return the quotient of the integers
+    <listitem><para>Return the quotient of the numbers
    <replaceable>e1</replaceable> and
    <replaceable>e2</replaceable>.</para></listitem>

  </varlistentry>

+  <varlistentry><term><function>builtins.match</function>
+  <replaceable>regex</replaceable> <replaceable>str</replaceable></term>
+
+  <listitem><para>Returns a list if
+    <replaceable>regex</replaceable> matches
+    <replaceable>str</replaceable> precisely, otherwise returns <literal>null</literal>.
+    Each item in the list is a regex group.
+
+<programlisting>
+builtins.match "ab" "abc"
+</programlisting>
+
+Evaluates to <literal>null</literal>.
+
+<programlisting>
+builtins.match "abc" "abc"
+</programlisting>
+
+Evaluates to <literal>[ ]</literal>.
+
+<programlisting>
+builtins.match "a(b)(c)" "abc"
+</programlisting>
+
+Evaluates to <literal>[ "b" "c" ]</literal>.
+
+
+  </para></listitem>
+  </varlistentry>

  <varlistentry><term><function>builtins.elem</function>
  <replaceable>x</replaceable> <replaceable>xs</replaceable></term>
@@ -335,7 +364,7 @@ stdenv.mkDerivation {
  </varlistentry>


-  <varlistentry><term><function>builtins.foldl’</function> 
+  <varlistentry><term><function>builtins.foldl’</function>
    <replaceable>op</replaceable> <replaceable>nul</replaceable> <replaceable>list</replaceable></term>

    <listitem><para>Reduce a list by applying a binary operator, from
@@ -348,6 +377,24 @@ stdenv.mkDerivation {
  </varlistentry>


+  <varlistentry><term><function>builtins.functionArgs</function>
+    <replaceable>f</replaceable></term>
+
+    <listitem><para>
+    Return a set containing the names of the formal arguments expected
+    by the function <replaceable>f</replaceable>.
+    The value of each attribute is a Boolean denoting whether the corresponding
+    argument has a default value.  For instance,
+    <literal>functionArgs ({ x, y ? 123}: ...)  =  { x = false; y = true; }</literal>.
+    </para>
+
+    <para>"Formal argument" here refers to the attributes pattern-matched by
+    the function.  Plain lambdas are not included, e.g.
+    <literal>functionArgs (x: ...)  =  { }</literal>.
+    </para></listitem>
+  </varlistentry>
+
+
  <varlistentry><term><function>builtins.fromJSON</function> <replaceable>e</replaceable></term>

    <listitem><para>Convert a JSON string to a Nix
@@ -602,12 +649,12 @@ x: x + 456</programlisting>
  <varlistentry><term><function>builtins.lessThan</function>
  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>

-    <listitem><para>Return <literal>true</literal> if the integer
-    <replaceable>e1</replaceable> is less than the integer
+    <listitem><para>Return <literal>true</literal> if the number
+    <replaceable>e1</replaceable> is less than the number
    <replaceable>e2</replaceable>, and <literal>false</literal>
    otherwise.  Evaluation aborts if either
    <replaceable>e1</replaceable> or <replaceable>e2</replaceable>
-    does not evaluate to an integer.</para></listitem>
+    does not evaluate to a number.</para></listitem>

  </varlistentry>

@@ -658,7 +705,7 @@ map (x: "foo" + x) [ "bar" "bla" "abc" ]</programlisting>
  <varlistentry><term><function>builtins.mul</function>
  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>

-    <listitem><para>Return the product of the integers
+    <listitem><para>Return the product of the numbers
    <replaceable>e1</replaceable> and
    <replaceable>e2</replaceable>.</para></listitem>

@@ -815,7 +862,7 @@ builtins.sort builtins.lessThan [ 483 249 526 147 42 77 ]
  <varlistentry><term><function>builtins.sub</function>
  <replaceable>e1</replaceable> <replaceable>e2</replaceable></term>

-    <listitem><para>Return the difference between the integers
+    <listitem><para>Return the difference between the numbers
    <replaceable>e1</replaceable> and
    <replaceable>e2</replaceable>.</para></listitem>

@@ -835,7 +882,14 @@ builtins.sort builtins.lessThan [ 483 249 526 147 42 77 ]
    len</replaceable> lies beyond the end of the string, only the
    substring up to the end of the string is returned.
    <replaceable>start</replaceable> must be
-    non-negative.</para></listitem>
+    non-negative. For example,
+
+<programlisting>
+builtins.substring 0 3 "nixos"
+</programlisting>
+
+   evaluates to <literal>"nix"</literal>.
+   </para></listitem>

  </varlistentry>

@@ -942,7 +996,7 @@ in foo</programlisting>
  <varlistentry><term><function>builtins.toJSON</function> <replaceable>e</replaceable></term>

    <listitem><para>Return a string containing a JSON representation
-    of <replaceable>e</replaceable>.  Strings, integers, booleans,
+    of <replaceable>e</replaceable>.  Strings, integers, floats, booleans,
    nulls and lists are mapped to their JSON equivalents.  Sets
    (except derivations) are represented as objects.  Derivations are
    translated to a JSON string containing the derivation’s output
@@ -970,9 +1024,9 @@ in foo</programlisting>
    <listitem><para>Convert the expression
    <replaceable>e</replaceable> to a string.
    <replaceable>e</replaceable> can be a string (in which case
-    <function>toString</function> is a no-op) or a path (e.g.,
+    <function>toString</function> is a no-op), a path (e.g.,
    <literal>toString /foo/bar</literal> yields
-    <literal>"/foo/bar"</literal>.</para></listitem>
+    <literal>"/foo/bar"</literal> or a set containing <literal>{ __toString = self: ...; }</literal>.</para></listitem>

  </varlistentry>

--- a/doc/manual/expressions/derivations.xml
+++ b/doc/manual/expressions/derivations.xml
@@ -16,7 +16,7 @@ of which specify the inputs of the build.</para>
  <listitem xml:id="attr-system"><para>There must be an attribute named
  <varname>system</varname> whose value must be a string specifying a
  Nix platform identifier, such as <literal>"i686-linux"</literal> or
-  <literal>"powerpc-darwin"</literal><footnote><para>To figure out
+  <literal>"x86_64-darwin"</literal><footnote><para>To figure out
  your platform identifier, look at the line <quote>Checking for the
  canonical Nix system name</quote> in the output of Nix's
  <filename>configure</filename> script.</para></footnote> The build
@@ -43,7 +43,7 @@ of which specify the inputs of the build.</para>

    <itemizedlist>

-      <listitem><para>Strings and integers are just passed
+      <listitem><para>Strings and numbers are just passed
      verbatim.</para></listitem>

      <listitem><para>A <emphasis>path</emphasis> (e.g.,
--- a/doc/manual/expressions/language-constructs.xml
+++ b/doc/manual/expressions/language-constructs.xml
@@ -177,13 +177,19 @@ map (concat "foo") [ "bar" "bla" "abc" ]</programlisting>
  <listitem><para>An <literal>@</literal>-pattern provides a means of referring
  to the whole value being matched:

-<programlisting>
-args@{ x, y, z, ... }: z + y + x + args.a</programlisting>
+<programlisting> args@{ x, y, z, ... }: z + y + x + args.a</programlisting>
+
+but can also be written as:
+
+<programlisting> { x, y, z, ... } @ args: z + y + x + args.a</programlisting>

  Here <varname>args</varname> is bound to the entire argument, which
  is further matched against the pattern <literal>{ x, y, z,
-  ... }</literal>.</para></listitem>
-
+  ... }</literal>. <literal>@</literal>-pattern makes mainly sense with an 
+  ellipsis(<literal>...</literal>) as you can access attribute names as 
+  <literal>a</literal>, using <literal>args.a</literal>, which was given as an
+  additional attribute to the function.
+  </para></listitem>

 </itemizedlist>

@@ -196,24 +202,6 @@ in concat { x = "foo"; y = "bar"; }</programlisting>

 </para>

-<para>A set that has a <literal>__functor</literal> attribute whose value
-is callable (i.e. is itself a function or a set with a
-<literal>__functor</literal> attribute whose value is callable) can be
-applied as if it were a function, with the set itself passed in first
-, e.g.,
-
-<programlisting>
-let add = { __functor = self: x: x + self.x; };
-    inc = add // { x = 1; };
-in inc 1
-</programlisting>
-
-evaluates to <literal>2</literal>. This can be used to attach metadata to a
-function without the caller needing to treat it specially, or to implement
-a form of object-oriented programming, for example.
-
-</para>
-
 </simplesect>


@@ -359,4 +347,4 @@ character, or inline/multi-line, enclosed within <literal>/*
 </simplesect>


-</section>
+</section>
--- a/doc/manual/expressions/language-values.xml
+++ b/doc/manual/expressions/language-values.xml
@@ -140,8 +140,13 @@ stdenv.mkDerivation {

  </listitem>

-  <listitem><para><emphasis>Integers</emphasis>, e.g.,
-  <literal>123</literal>.</para></listitem>
+  <listitem><para>Numbers, which can be <emphasis>integers</emphasis> (like
+  <literal>123</literal>) or <emphasis>floating point</emphasis> (like
+  <literal>123.43</literal> or <literal>.27e13</literal>).</para>
+
+  <para>Numbers are type-compatible: pure integer operations will always
+  return integers, whereas any operation involving at least one floating point
+  number will have a floating point number as a result.</para></listitem>

  <listitem><para><emphasis>Paths</emphasis>, e.g.,
  <filename>/bin/sh</filename> or <filename>./builder.sh</filename>.
@@ -162,7 +167,16 @@ stdenv.mkDerivation {
  user's home directory. e.g. <filename>~/foo</filename> would be
  equivalent to <filename>/home/edolstra/foo</filename> for a user
  whose home directory is <filename>/home/edolstra</filename>.
-  </para></listitem>
+  </para>
+
+  <para>Paths can also be specified between angle brackets, e.g.
+  <literal>&lt;nixpkgs&gt;</literal>. This means that the directories
+  listed in the environment variable
+  <envar linkend="env-NIX_PATH">NIX_PATH</envar> will be searched
+  for the given file or directory name.
+  </para>
+
+  </listitem>

  <listitem><para><emphasis>Booleans</emphasis> with values
  <literal>true</literal> and
@@ -271,6 +285,23 @@ added to the set:
 This will evaluate to <literal>{}</literal> if <literal>foo</literal>
 evaluates to <literal>false</literal>.</para>

+<para>A set that has a <literal>__functor</literal> attribute whose value
+is callable (i.e. is itself a function or a set with a
+<literal>__functor</literal> attribute whose value is callable) can be
+applied as if it were a function, with the set itself passed in first
+, e.g.,
+
+<programlisting>
+let add = { __functor = self: x: x + self.x; };
+    inc = add // { x = 1; };
+in inc 1
+</programlisting>
+
+evaluates to <literal>2</literal>. This can be used to attach metadata to a
+function without the caller needing to treat it specially, or to implement
+a form of object-oriented programming, for example.
+
+</para>

 </simplesect>

--- a/doc/manual/expressions/simple-building-testing.xml
+++ b/doc/manual/expressions/simple-building-testing.xml
@@ -7,15 +7,14 @@
 <title>Building and Testing</title>

 <para>You can now try to build Hello.  Of course, you could do
-<literal>nix-env -f pkgs/top-level/all-packages.nix -i hello</literal>,
-but you may not want to install a possibly broken package just yet.
-The best way to test the package is by using the command <command
-linkend="sec-nix-build">nix-build</command>, which builds a Nix
-expression and creates a symlink named <filename>result</filename> in
-the current directory:
+<literal>nix-env -i hello</literal>, but you may not want to install a
+possibly broken package just yet.  The best way to test the package is by
+using the command <command linkend="sec-nix-build">nix-build</command>,
+which builds a Nix expression and creates a symlink named
+<filename>result</filename> in the current directory:

 <screen>
-$ nix-build pkgs/top-level/all-packages.nix -A hello
+$ nix-build -A hello
 building path `/nix/store/632d2b22514d...-hello-2.1.1'
 hello-2.1.1/
 hello-2.1.1/intl/
@@ -29,8 +28,7 @@ $ ./result/bin/hello
 Hello, world!</screen>

 The <link linkend='opt-attr'><option>-A</option></link> option selects
-the <literal>hello</literal> attribute from
-<filename>all-packages.nix</filename>.  This is faster than using the
+the <literal>hello</literal> attribute.  This is faster than using the
 symbolic package name specified by the <literal>name</literal>
 attribute (which also happens to be <literal>hello</literal>) and is
 unambiguous (there can be multiple packages with the symbolic name
@@ -69,7 +67,7 @@ block (or perform other derivations if available) until the build
 finishes:

 <screen>
-$ nix-build pkgs/top-level/all-packages.nix -A hello
+$ nix-build -A hello
 waiting for lock on `/nix/store/0h5b7hp8d4hqfrw8igvx97x1xawrjnac-hello-2.1.1x'</screen>

 So it is always safe to run multiple instances of Nix in parallel
--- a/doc/manual/hacking.xml
+++ b/doc/manual/hacking.xml
@@ -22,7 +22,7 @@ $ nix-build release.nix -A build.x86_64-linux
 environment variables are set up so that those dependencies can be
 found:
 <screen>
-$ ./dev-shell
+$ nix-shell
 </screen>
 To build Nix itself in this shell:
 <screen>
@@ -30,7 +30,7 @@ To build Nix itself in this shell:
 [nix-shell]$ configurePhase
 [nix-shell]$ make
 </screen>
-To test it:
+To install it in <literal>$(pwd)/nix</literal> and test it:
 <screen>
 [nix-shell]$ make install
 [nix-shell]$ make installcheck
--- a/doc/manual/installation/installing-binary.xml
+++ b/doc/manual/installation/installing-binary.xml
@@ -26,8 +26,17 @@ $ mkdir /nix
 $ chown alice /nix
 </screen>

+The install script will modify the first writable file from amongst
+<filename>.bash_profile</filename>, <filename>.bash_login</filename>
+and <filename>.profile</filename> to source
+<filename>~/.nix-profile/etc/profile.d/nix.sh</filename>. You can set
+the <command>NIX_INSTALLER_NO_MODIFY_PROFILE</command> environment
+variable before executing the install script to disable this
+behaviour.
+
 </para>

+<!--
 <para>You can also manually download and install a binary package.
 Binary packages of the latest stable release are available for Fedora,
 Debian, Ubuntu, Mac OS X and various other systems from the <link
@@ -52,13 +61,14 @@ install it like this:
 $ dpkg -i nix_1.8-1_amd64.deb</screen>

 </para>
+-->

-<para>For other platforms, including Mac OS X and other Linux
-distributions, you can download a binary tarball that contains Nix and
-all its dependencies.  (This is what the install script at
-<uri>https://nixos.org/nix/install</uri> uses.)  You should unpack it
-somewhere (e.g. in <filename>/tmp</filename>), and then run the script
-named <command>install</command> inside the binary tarball:
+<para>You can also download a binary tarball that contains Nix and all
+its dependencies.  (This is what the install script at
+<uri>https://nixos.org/nix/install</uri> does automatically.)  You
+should unpack it somewhere (e.g. in <filename>/tmp</filename>), and
+then run the script named <command>install</command> inside the binary
+tarball:

 <screen>
 alice$ cd /tmp
@@ -79,4 +89,12 @@ $ rm -rf /nix</screen>

 </para>

+<para>You can uninstall Nix simply by running:
+
+<screen>
+$ rm -rf /nix
+</screen>
+
+</para>
+
 </chapter>
--- a/doc/manual/installation/prerequisites-source.xml
+++ b/doc/manual/installation/prerequisites-source.xml
@@ -19,6 +19,10 @@
  it from <link
  xlink:href="http://www.freedesktop.org/wiki/Software/pkg-config"
  />.</para></listitem>
+  
+  <listitem><para>The OpenSSL library to calculate cryptographic hashes.
+  If your distribution does not provide it, you can get it from <link
+  xlink:href="https://www.openssl.org"/>.</para></listitem>

  <listitem><para>The bzip2 compressor program and the
  <literal>libbz2</literal> library.  Thus you must have bzip2
@@ -36,7 +40,7 @@
  distribution does not provide them.</para></listitem>

  <listitem><para>The <link
-  xlink:href="http://www.hpl.hp.com/personal/Hans_Boehm/gc/">Boehm
+  xlink:href="http://www.hboehm.info/gc/">Boehm
  garbage collector</link> to reduce the evaluator’s memory
  consumption (optional).  To enable it, install
  <literal>pkgconfig</literal> and the Boehm garbage collector, and
@@ -70,4 +74,4 @@

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/introduction/about-nix.xml
+++ b/doc/manual/introduction/about-nix.xml
@@ -62,9 +62,10 @@ directories such as
 so if a package builds correctly on your system, this is because you
 specified the dependency explicitly.</para>

-<para>Runtime dependencies are found by scanning binaries for the hash
-parts of Nix store paths (such as <literal>r8vvq9kq…</literal>).  This
-sounds risky, but it works extremely well.</para>
+<para>Once a package is built, runtime dependencies are found by
+scanning binaries for the hash parts of Nix store paths (such as
+<literal>r8vvq9kq…</literal>).  This sounds risky, but it works
+extremely well.</para>

 </simplesect>

--- a/doc/manual/introduction/quick-start.xml
+++ b/doc/manual/introduction/quick-start.xml
@@ -95,18 +95,6 @@ The latter command will upgrade each installed package for which there
 is a “newer” version (as determined by comparing the version
 numbers).</para></step>

-<!--
-<step><para>You can also install specific packages directly from
-your web browser.  For instance, you can go to <link
-xlink:href="http://hydra.nixos.org/jobset/nixpkgs/trunk/channel/latest"
-/> and click on any link for the individual packages for your
-platform.  Associate <literal>application/nix-package</literal> with
-the program <command>nix-install-package</command>.  A window should
-appear asking you whether it’s okay to install the package.  Say
-<literal>Y</literal>.  The package and all its dependencies will be
-installed.</para></step>
-->
-
 <step><para>If you're unhappy with the result of a
 <command>nix-env</command> action (e.g., an upgraded package turned
 out not to work properly), you can go back:
--- a/doc/manual/local.mk
+++ b/doc/manual/local.mk
@@ -1,3 +1,6 @@
+
+ifeq ($(doc_generate),yes)
+
 XSLTPROC = $(xsltproc) --nonet $(xmlflags) \
  --param section.autolabel 1 \
  --param section.label.includes.component.label 1 \
@@ -10,7 +13,7 @@ XSLTPROC = $(xsltproc) --nonet $(xmlflags) \
  --stringparam generate.toc "book toc" \
  --param keep.relative.image.uris 0

-docbookxsl = http://docbook.sourceforge.net/release/xsl-ns/1.78.1
+docbookxsl = http://docbook.sourceforge.net/release/xsl-ns/current
 docbookrng = http://docbook.org/xml/5.0/rng/docbook.rng

 MANUAL_SRCS := $(call rwildcard, $(d), *.xml)
@@ -39,9 +42,9 @@ dist-files += $(d)/manual.xmli $(d)/version.txt $(d)/manual.is-valid
 # Generate man pages.
 man-pages := $(foreach n, \
  nix-env.1 nix-build.1 nix-shell.1 nix-store.1 nix-instantiate.1 \
-  nix-collect-garbage.1 nix-push.1 nix-pull.1 \
+  nix-collect-garbage.1 \
  nix-prefetch-url.1 nix-channel.1 \
-  nix-install-package.1 nix-hash.1 nix-copy-closure.1 \
+  nix-hash.1 nix-copy-closure.1 \
  nix.conf.5 nix-daemon.8, \
  $(d)/$(n))

@@ -71,22 +74,14 @@ $(foreach file, $(wildcard $(d)/images/callouts/*.gif), $(eval $(call install-da

 $(eval $(call install-symlink, manual.html, $(docdir)/manual/index.html))

+
 all: $(d)/manual.html

+
+
 clean-files += $(d)/manual.html

 dist-files += $(d)/manual.html


-# Generate the PDF manual.
-$(d)/manual.pdf: $(d)/manual.xml $(MANUAL_SRCS) $(d)/manual.is-valid
-	$(trace-gen) if test "$(dblatex)" != ""; then \
-		cd doc/manual && $(XSLTPROC) --xinclude --stringparam profile.condition manual \
-		  $(docbookxsl)/profiling/profile.xsl manual.xml | \
-		  $(dblatex) -o $(notdir $@) $(dblatex_opts) -; \
-	else \
-		echo "Please install dblatex and rerun configure."; \
-		exit 1; \
-	fi
-
-clean-files += $(d)/manual.pdf
+endif
--- a/doc/manual/packages/one-click.xml
+++ b/doc/manual/packages/one-click.xml
@@ -1,37 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
-      xmlns:xlink="http://www.w3.org/1999/xlink"
-      xmlns:xi="http://www.w3.org/2001/XInclude"
-      version="5.0"
-      xml:id="sec-one-click">
-
-<title>One-Click Installation</title>
-
-<para>Often, when you want to install a specific package (e.g., from
-the <link
-xlink:href="http://nixos.org/nixpkgs/">Nix
-Packages collection</link>), subscribing to a channel is a bit
-cumbersome.  And channels don’t help you at all if you want to install
-an older version of a package than the one provided by the current
-contents of the channel, or a package that has been removed from the
-channel.  That’s when <emphasis>one-click installs</emphasis> come in
-handy: you can just go to the web page that contains the package,
-click on it, and it will be installed with all the necessary
-dependencies.</para>
-
-<para>For instance, you can go to <link
-xlink:href="http://hydra.nixos.org/jobset/nixpkgs/trunk/channel/latest"
-/> and click on any link for the individual packages for your
-platform.  The first time you do this, your browser will ask what to
-do with <literal>application/nix-package</literal> files.  You should
-open them with <filename>/nix/bin/nix-install-package</filename>.
-This will open a window that asks you to confirm that you want to
-install the package.  When you answer <literal>Y</literal>, the
-package and all its dependencies will be installed.  This is a binary
-deployment mechanism — you get packages pre-compiled for the selected
-platform type.</para>
-
-<para>You can also install <literal>application/nix-package</literal>
-files from the command line directly.  See <xref
-linkend='sec-nix-install-package' /> for details.</para>
-
-</chapter>
--- a/doc/manual/packages/package-management.xml
+++ b/doc/manual/packages/package-management.xml
@@ -18,7 +18,6 @@ who want to <emphasis>create</emphasis> packages should consult
 <xi:include href="profiles.xml" />
 <xi:include href="garbage-collection.xml" />
 <xi:include href="channels.xml" />
-<xi:include href="one-click.xml" />
 <xi:include href="sharing-packages.xml" />

 </part>
--- a/doc/manual/release-notes/release-notes.xml
+++ b/doc/manual/release-notes/release-notes.xml
@@ -12,6 +12,8 @@
 </partintro>
 -->

+<xi:include href="rl-1.12.xml" />
+<xi:include href="rl-1.11.xml" />
 <xi:include href="rl-1.10.xml" />
 <xi:include href="rl-1.9.xml" />
 <xi:include href="rl-1.8.xml" />
--- a/doc/manual/release-notes/rl-0.10.1.xml
+++ b/doc/manual/release-notes/rl-0.10.1.xml
@@ -4,10 +4,10 @@
      version="5.0"
      xml:id="ch-relnotes-0.10.1">

-<title>Release 0.10.1 (October 11, 2006)</title>
+<title>Release 0.10.1 (2006-10-11)</title>

 <para>This release fixes two somewhat obscure bugs that occur when
 evaluating Nix expressions that are stored inside the Nix store
 (<literal>NIX-67</literal>).  These do not affect most users.</para>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.10.xml
+++ b/doc/manual/release-notes/rl-0.10.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ch-relnotes-0.10">

-<title>Release 0.10 (October 6, 2006)</title>
+<title>Release 0.10 (2006-10-06)</title>

 <note><para>This version of Nix uses Berkeley DB 4.4 instead of 4.3.
 The database is upgraded automatically, but you should be careful not
@@ -320,4 +320,4 @@ irreversible.</para></warning>

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.11.xml
+++ b/doc/manual/release-notes/rl-0.11.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-0.11">

-<title>Release 0.11 (December 31, 2007)</title>
+<title>Release 0.11 (2007-12-31)</title>

 <para>Nix 0.11 has many improvements over the previous stable release.
 The most important improvement is secure multi-user support.  It also
@@ -258,4 +258,4 @@ on Nix.  Here is an (incomplete) list:</para>

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.12.xml
+++ b/doc/manual/release-notes/rl-0.12.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-0.12">

-<title>Release 0.12 (November 20, 2008)</title>
+<title>Release 0.12 (2008-11-20)</title>

 <itemizedlist>

@@ -172,4 +172,4 @@ the following paths will be downloaded/copied (30.02 MiB):

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.13.xml
+++ b/doc/manual/release-notes/rl-0.13.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-0.13">

-<title>Release 0.13 (November 5, 2009)</title>
+<title>Release 0.13 (2009-11-05)</title>

 <para>This is primarily a bug fix release.  It has some new
 features:</para>
@@ -103,4 +103,4 @@ features:</para>

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.14.xml
+++ b/doc/manual/release-notes/rl-0.14.xml
@@ -2,7 +2,9 @@
      xmlns:xlink="http://www.w3.org/1999/xlink"
      xmlns:xi="http://www.w3.org/2001/XInclude"
      version="5.0"
-      xml:id="ssec-relnotes-0.14"><title>Release 0.14 (February 4, 2010)</title>
+      xml:id="ssec-relnotes-0.14">
+
+<title>Release 0.14 (2010-02-04)</title>

 <para>This release has the following improvements:</para>

@@ -41,4 +43,4 @@

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.15.xml
+++ b/doc/manual/release-notes/rl-0.15.xml
@@ -4,11 +4,11 @@
      version="5.0"
      xml:id="ssec-relnotes-0.15">

-<title>Release 0.15 (March 17, 2010)</title>
+<title>Release 0.15 (2010-03-17)</title>

 <para>This is a bug-fix release.  Among other things, it fixes
 building on Mac OS X (Snow Leopard), and improves the contents of
 <filename>/etc/passwd</filename> and <filename>/etc/group</filename>
 in <literal>chroot</literal> builds.</para>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.16.xml
+++ b/doc/manual/release-notes/rl-0.16.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-0.16">

-<title>Release 0.16 (August 17, 2010)</title>
+<title>Release 0.16 (2010-08-17)</title>

 <para>This release has the following improvements:</para>

@@ -52,4 +52,4 @@

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.6.xml
+++ b/doc/manual/release-notes/rl-0.6.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ch-relnotes-0.6">

-<title>Release 0.6 (November 14, 2004)</title>
+<title>Release 0.6 (2004-11-14)</title>

 <itemizedlist>

@@ -119,4 +119,4 @@

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.7.xml
+++ b/doc/manual/release-notes/rl-0.7.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ch-relnotes-0.7">

-<title>Release 0.7 (January 12, 2005)</title>
+<title>Release 0.7 (2005-01-12)</title>

 <itemizedlist>

@@ -32,4 +32,4 @@

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.8.1.xml
+++ b/doc/manual/release-notes/rl-0.8.1.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ch-relnotes-0.8.1">

-<title>Release 0.8.1 (April 13, 2005)</title>
+<title>Release 0.8.1 (2005-04-13)</title>

 <para>This is a bug fix release.</para>

@@ -18,4 +18,4 @@

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.8.xml
+++ b/doc/manual/release-notes/rl-0.8.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ch-relnotes-0.8">

-<title>Release 0.8 (April 11, 2005)</title>
+<title>Release 0.8 (2005-04-11)</title>

 <para>NOTE: the hashing scheme in Nix 0.8 changed (as detailed below).
 As a result, <command>nix-pull</command> manifests and channels built
@@ -243,4 +243,4 @@ $ nix-env -f .../i686-linux.nix -i -E 'x: x.firefoxWrapper'</screen>

 </para>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.9.1.xml
+++ b/doc/manual/release-notes/rl-0.9.1.xml
@@ -4,10 +4,10 @@
      version="5.0"
      xml:id="ch-relnotes-0.9.1">

-<title>Release 0.9.1 (September 20, 2005)</title>
+<title>Release 0.9.1 (2005-09-20)</title>

 <para>This bug fix release addresses a problem with the ATerm library
 when the <option>--with-aterm</option> flag in
 <command>configure</command> was <emphasis>not</emphasis> used.</para>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.9.2.xml
+++ b/doc/manual/release-notes/rl-0.9.2.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ch-relnotes-0.9.2">

-<title>Release 0.9.2 (September 21, 2005)</title>
+<title>Release 0.9.2 (2005-09-21)</title>

 <para>This bug fix release fixes two problems on Mac OS X:

@@ -25,4 +25,4 @@

 </para>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-0.9.xml
+++ b/doc/manual/release-notes/rl-0.9.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ch-relnotes-0.9">

-<title>Release 0.9 (September 16, 2005)</title>
+<title>Release 0.9 (2005-09-16)</title>

 <para>NOTE: this version of Nix uses Berkeley DB 4.3 instead of 4.2.
 The database is upgraded automatically, but you should be careful not
@@ -95,4 +95,4 @@ svnService = derivation {

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-1.0.xml
+++ b/doc/manual/release-notes/rl-1.0.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-1.0">

-<title>Release 1.0 (May 11, 2012)</title>
+<title>Release 1.0 (2012-05-11)</title>

 <para>There have been numerous improvements and bug fixes since the
 previous release.  Here are the most significant:</para>
@@ -116,4 +116,4 @@ previous release.  Here are the most significant:</para>

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-1.1.xml
+++ b/doc/manual/release-notes/rl-1.1.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-1.1">

-<title>Release 1.1 (July 18, 2012)</title>
+<title>Release 1.1 (2012-07-18)</title>

 <para>This release has the following improvements:</para>

@@ -97,4 +97,4 @@

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-1.10.xml
+++ b/doc/manual/release-notes/rl-1.10.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-1.10">

-<title>Release 1.10 (September 3, 2015)</title>
+<title>Release 1.10 (2015-09-03)</title>

 <para>This is primarily a bug fix release. It also has a number of new
 features:</para>
--- a/doc/manual/release-notes/rl-1.11.xml
+++ b/doc/manual/release-notes/rl-1.11.xml
@@ -0,0 +1,148 @@
+<section xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="ssec-relnotes-1.11">
+
+<title>Release 1.11 (2016-01-19)</title>
+
+<para>This is primarily a bug fix release. It also has a number of new
+features:</para>
+
+<itemizedlist>
+
+  <listitem>
+    <para><command>nix-prefetch-url</command> can now download URLs
+    specified in a Nix expression. For example,
+
+<screen>
+$ nix-prefetch-url -A hello.src
+</screen>
+
+    will prefetch the file specified by the
+    <function>fetchurl</function> call in the attribute
+    <literal>hello.src</literal> from the Nix expression in the
+    current directory, and print the cryptographic hash of the
+    resulting file on stdout. This differs from <literal>nix-build -A
+    hello.src</literal> in that it doesn't verify the hash, and is
+    thus useful when you’re updating a Nix expression.</para>
+
+    <para>You can also prefetch the result of functions that unpack a
+    tarball, such as <function>fetchFromGitHub</function>. For example:
+
+<screen>
+$ nix-prefetch-url --unpack https://github.com/NixOS/patchelf/archive/0.8.tar.gz
+</screen>
+
+    or from a Nix expression:
+
+<screen>
+$ nix-prefetch-url -A nix-repl.src
+</screen>
+
+    </para>
+
+  </listitem>
+
+  <listitem>
+    <para>The builtin function
+    <function>&lt;nix/fetchurl.nix></function> now supports
+    downloading and unpacking NARs. This removes the need to have
+    multiple downloads in the Nixpkgs stdenv bootstrap process (like a
+    separate busybox binary for Linux, or curl/mkdir/sh/bzip2 for
+    Darwin). Now all those files can be combined into a single NAR,
+    optionally compressed using <command>xz</command>.</para>
+  </listitem>
+
+  <listitem>
+    <para>Nix now supports SHA-512 hashes for verifying fixed-output
+    derivations, and in <function>builtins.hashString</function>.</para>
+  </listitem>
+
+  <listitem>
+    <para>
+      The new flag <option>--option build-repeat
+      <replaceable>N</replaceable></option> will cause every build to
+      be executed <replaceable>N</replaceable>+1 times. If the build
+      output differs between any round, the build is rejected, and the
+      output paths are not registered as valid. This is primarily
+      useful to verify build determinism. (We already had a
+      <option>--check</option> option to repeat a previously succeeded
+      build. However, with <option>--check</option>, non-deterministic
+      builds are registered in the DB. Preventing that is useful for
+      Hydra to ensure that non-deterministic builds don't end up
+      getting published to the binary cache.)
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>
+      The options <option>--check</option> and <option>--option
+      build-repeat <replaceable>N</replaceable></option>, if they
+      detect a difference between two runs of the same derivation and
+      <option>-K</option> is given, will make the output of the other
+      run available under
+      <filename><replaceable>store-path</replaceable>-check</filename>. This
+      makes it easier to investigate the non-determinism using tools
+      like <command>diffoscope</command>, e.g.,
+
+<screen>
+$ nix-build pkgs/stdenv/linux -A stage1.pkgs.zlib --check -K
+error: derivation ‘/nix/store/l54i8wlw2265…-zlib-1.2.8.drv’ may not
+be deterministic: output ‘/nix/store/11a27shh6n2i…-zlib-1.2.8’
+differs from ‘/nix/store/11a27shh6n2i…-zlib-1.2.8-check’
+
+$ diffoscope /nix/store/11a27shh6n2i…-zlib-1.2.8 /nix/store/11a27shh6n2i…-zlib-1.2.8-check
+…
+├── lib/libz.a
+│   ├── metadata
+│   │ @@ -1,15 +1,15 @@
+│   │ -rw-r--r-- 30001/30000   3096 Jan 12 15:20 2016 adler32.o
+…
+│   │ +rw-r--r-- 30001/30000   3096 Jan 12 15:28 2016 adler32.o
+…
+</screen>
+
+    </para></listitem>
+
+  <listitem>
+    <para>Improved FreeBSD support.</para>
+  </listitem>
+
+  <listitem>
+    <para><command>nix-env -qa --xml --meta</command> now prints
+    license information.</para>
+  </listitem>
+
+  <listitem>
+    <para>The maximum number of parallel TCP connections that the
+    binary cache substituter will use has been decreased from 150 to
+    25. This should prevent upsetting some broken NAT routers, and
+    also improves performance.</para>
+  </listitem>
+
+  <listitem>
+    <para>The Nix language now supports floating point numbers. They are
+    based on regular C++ <literal>float</literal> and compatible with
+    existing integers and number-related operations. Export and import to and
+    from JSON and XML works, too.
+  </para>
+  </listitem>
+  <listitem>
+    <para>All "chroot"-containing strings got renamed to "sandbox".
+      In particular, some Nix options got renamed, but the old names
+      are still accepted as lower-priority aliases.
+    </para>
+  </listitem>
+
+</itemizedlist>
+
+<para>This release has contributions from Anders Claesson, Anthony
+Cowley, Bjørn Forsman, Brian McKenna, Danny Wilson, davidak, Eelco Dolstra,
+Fabian Schmitthenner, FrankHB, Ilya Novoselov, janus, Jim Garrison, John
+Ericson, Jude Taylor, Ludovic Courtès, Manuel Jacob, Mathnerd314,
+Pascal Wittmann, Peter Simons, Philip Potter, Preston Bennes, Rommel
+M. Martinez, Sander van der Burg, Shea Levy, Tim Cuthbertson, Tuomas
+Tynkkynen, Utku Demir and Vladimír Čunát.</para>
+
+</section>
--- a/doc/manual/release-notes/rl-1.12.xml
+++ b/doc/manual/release-notes/rl-1.12.xml
@@ -0,0 +1,24 @@
+<section xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude"
+      version="5.0"
+      xml:id="ssec-relnotes-1.12">
+
+<title>Release 1.12 (TBA)</title>
+
+<para>This release has the following new features:</para>
+
+<itemizedlist>
+
+  <listitem>
+    <para>It is no longer necessary to set the
+    <envar>NIX_REMOTE</envar> environment variable if you need to use
+    the Nix daemon. Nix will use the daemon automatically if you don’t
+    have write access to the Nix database.</para>
+  </listitem>
+
+</itemizedlist>
+
+<para>This release has contributions from TBD.</para>
+
+</section>
--- a/doc/manual/release-notes/rl-1.2.xml
+++ b/doc/manual/release-notes/rl-1.2.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-1.2">

-<title>Release 1.2 (December 6, 2012)</title>
+<title>Release 1.2 (2012-12-06)</title>

 <para>This release has the following improvements and changes:</para>

@@ -154,4 +154,4 @@ $ mount -o remount,ro,bind /nix/store
 <para>This release has contributions from Eelco Dolstra, Florian
 Friesdorf, Mats Erik Andersson and Shea Levy.</para>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-1.3.xml
+++ b/doc/manual/release-notes/rl-1.3.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-1.3">

-<title>Release 1.3 (January 4, 2013)</title>
+<title>Release 1.3 (2013-01-04)</title>

 <para>This is primarily a bug fix release.  When this version is first
 run on Linux, it removes any immutable bits from the Nix store and
@@ -16,4 +16,4 @@ efficient.)</para>
 <para>This release has contributions from Eelco Dolstra and Stuart
 Pernsteiner.</para>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-1.4.xml
+++ b/doc/manual/release-notes/rl-1.4.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-1.4">

-<title>Release 1.4 (February 26, 2013)</title>
+<title>Release 1.4 (2013-02-26)</title>

 <para>This release fixes a security bug in multi-user operation.  It
 was possible for derivations to cause the mode of files outside of the
@@ -36,4 +36,4 @@ xlink:href="https://github.com/NixOS/nix/commit/5526a282b5b44e9296e61e07d7d2626a

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-1.5.1.xml
+++ b/doc/manual/release-notes/rl-1.5.1.xml
@@ -4,9 +4,9 @@
      version="5.0"
      xml:id="ssec-relnotes-1.5.1">

-<title>Release 1.5.1 (February 28, 2013)</title>
+<title>Release 1.5.1 (2013-02-28)</title>

 <para>The bug fix to the bug fix had a bug itself, of course.  But
 this time it will work for sure!</para>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-1.5.2.xml
+++ b/doc/manual/release-notes/rl-1.5.2.xml
@@ -4,9 +4,9 @@
      version="5.0"
      xml:id="ssec-relnotes-1.5.2">

-<title>Release 1.5.2 (May 13, 2013)</title>
+<title>Release 1.5.2 (2013-05-13)</title>

 <para>This is primarily a bug fix release.  It has contributions from
 Eelco Dolstra, Lluís Batlle i Rossell and Shea Levy.</para>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-1.5.xml
+++ b/doc/manual/release-notes/rl-1.5.xml
@@ -4,9 +4,9 @@
      version="5.0"
      xml:id="ssec-relnotes-1.5">

-<title>Release 1.5 (February 27, 2013)</title>
+<title>Release 1.5 (2013-02-27)</title>

 <para>This is a brown paper bag release to fix a regression introduced
 by the hard link security fix in 1.4.</para>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-1.6.1.xml
+++ b/doc/manual/release-notes/rl-1.6.1.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-1.6.1">

-<title>Release 1.6.1 (October 28, 2013)</title>
+<title>Release 1.6.1 (2013-10-28)</title>

 <para>This is primarily a bug fix release.  Changes of interest
 are:</para>
@@ -66,4 +66,4 @@ are:</para>

 </itemizedlist>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-1.6.xml
+++ b/doc/manual/release-notes/rl-1.6.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-1.6.0">

-<title>Release 1.6 (September 10, 2013)</title>
+<title>Release 1.6 (2013-09-10)</title>

 <para>In addition to the usual bug fixes, this release has several new
 features:</para>
@@ -124,4 +124,4 @@ in pkgs.bar
 Florian Friesdorf, Gergely Risko, Ivan Kozik, Ludovic Courtès and Shea
 Levy.</para>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-1.7.xml
+++ b/doc/manual/release-notes/rl-1.7.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-1.7">

-<title>Release 1.7 (April 11, 2014)</title>
+<title>Release 1.7 (2014-04-11)</title>

 <para>In addition to the usual bug fixes, this release has the
 following new features:</para>
@@ -260,4 +260,4 @@ error: attribute `nixUnstabl' missing, at /etc/nixos/configurations/misc/eelco/m
 Eelco Dolstra, Ian-Woo Kim, Ludovic Courtès, Maxim Ivanov, Petr
 Rockai, Ricardo M. Correia and Shea Levy.</para>

-</section>
+</section>
--- a/doc/manual/release-notes/rl-1.8.xml
+++ b/doc/manual/release-notes/rl-1.8.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-1.8">

-<title>Release 1.8 (December 14, 2014)</title>
+<title>Release 1.8 (2014-12-14)</title>

 <itemizedlist>

@@ -60,7 +60,7 @@ $ nix-store -l $(which xterm)
  <listitem><para><command>nix-copy-closure</command> now uses
  <command>nix-store --serve</command> on the remote side to send or
  receive closures. This fixes a race condition between
-  <command>nix-copy-closureE</command> and the garbage
+  <command>nix-copy-closure</command> and the garbage
  collector.</para></listitem>

  <listitem><para>Derivations can specify the new special attribute
--- a/doc/manual/release-notes/rl-1.9.xml
+++ b/doc/manual/release-notes/rl-1.9.xml
@@ -4,7 +4,7 @@
      version="5.0"
      xml:id="ssec-relnotes-1.9">

-<title>Release 1.9 (June 12, 2015)</title>
+<title>Release 1.9 (2015-06-12)</title>

 <para>In addition to the usual bug fixes, this release has the
 following new features:</para>
--- a/doc/signing.txt
+++ b/doc/signing.txt
@@ -1,24 +0,0 @@
-Generate a private key:
-
-$ (umask 277 && openssl genrsa -out /etc/nix/signing-key.sec 2048)
-
-The private key should be kept secret (only readable to the Nix daemon
-user).
-
-
-Generate the corresponding public key:
-
-$ openssl rsa -in /etc/nix/signing-key.sec -pubout > /etc/nix/signing-key.pub
-
-The public key should be copied to all machines to which you want to
-export store paths.
-
-
-Signing:
-
-$ nix-hash --type sha256 --flat svn.nar | openssl rsautl -sign -inkey mykey.sec > svn.nar.sign
-
-
-Verifying a signature:
-
-$ test "$(nix-hash --type sha256 --flat svn.nar)" = "$(openssl rsautl -verify -inkey mykey.pub -pubin -in svn.nar.sign)"
--- a/local.mk
+++ b/local.mk
@@ -1,12 +1,14 @@
 ifeq ($(MAKECMDGOALS), dist)
-  dist-files += $(shell git ls-files)
+  # Make sure we are in repo root with `--git-dir`
+  dist-files += $(shell git --git-dir=.git ls-files || find * -type f)
 endif

 dist-files += configure config.h.in nix.spec

 clean-files += Makefile.config

-GLOBAL_CXXFLAGS += -I . -I src -I src/libutil -I src/libstore -I src/libmain -I src/libexpr
+GLOBAL_CXXFLAGS += -I . -I src -I src/libutil -I src/libstore -I src/libmain -I src/libexpr \
+  -Wno-unneeded-internal-declaration

 $(foreach i, config.h $(call rwildcard, src/lib*, *.hh) src/nix-store/serve-protocol.hh, \
  $(eval $(call install-file-in, $(i), $(includedir)/nix, 0644)))
--- a/maintainers/upload-release.pl
+++ b/maintainers/upload-release.pl
@@ -0,0 +1,152 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -i perl -p perl perlPackages.LWPUserAgent perlPackages.LWPProtocolHttps perlPackages.FileSlurp gnupg1
+
+use strict;
+use Data::Dumper;
+use File::Basename;
+use File::Path;
+use File::Slurp;
+use JSON::PP;
+use LWP::UserAgent;
+
+my $evalId = $ARGV[0] or die "Usage: $0 EVAL-ID\n";
+
+my $releasesDir = "/home/eelco/mnt/releases";
+my $nixpkgsDir = "/home/eelco/Dev/nixpkgs-pristine";
+
+# FIXME: cut&paste from nixos-channel-scripts.
+sub fetch {
+    my ($url, $type) = @_;
+
+    my $ua = LWP::UserAgent->new;
+    $ua->default_header('Accept', $type) if defined $type;
+
+    my $response = $ua->get($url);
+    die "could not download $url: ", $response->status_line, "\n" unless $response->is_success;
+
+    return $response->decoded_content;
+}
+
+my $evalUrl = "https://hydra.nixos.org/eval/$evalId";
+my $evalInfo = decode_json(fetch($evalUrl, 'application/json'));
+#print Dumper($evalInfo);
+
+my $nixRev = $evalInfo->{jobsetevalinputs}->{nix}->{revision} or die;
+
+my $tarballInfo = decode_json(fetch("$evalUrl/job/tarball", 'application/json'));
+
+my $releaseName = $tarballInfo->{releasename};
+$releaseName =~ /nix-(.*)$/ or die;
+my $version = $1;
+
+print STDERR "Nix revision is $nixRev, version is $version\n";
+
+File::Path::make_path($releasesDir);
+if (system("mountpoint -q $releasesDir") != 0) {
+    system("sshfs hydra-mirror:/releases $releasesDir") == 0 or die;
+}
+
+my $releaseDir = "$releasesDir/nix/$releaseName";
+File::Path::make_path($releaseDir);
+
+sub downloadFile {
+    my ($jobName, $productNr, $dstName) = @_;
+
+    my $buildInfo = decode_json(fetch("$evalUrl/job/$jobName", 'application/json'));
+
+    my $srcFile = $buildInfo->{buildproducts}->{$productNr}->{path} or die;
+    $dstName //= basename($srcFile);
+    my $dstFile = "$releaseDir/" . $dstName;
+
+    if (! -e $dstFile) {
+        print STDERR "downloading $srcFile to $dstFile...\n";
+        system("NIX_REMOTE=https://cache.nixos.org/ nix cat-store '$srcFile' > '$dstFile.tmp'") == 0
+            or die "unable to fetch $srcFile\n";
+        rename("$dstFile.tmp", $dstFile) or die;
+    }
+
+    my $sha256_expected = $buildInfo->{buildproducts}->{$productNr}->{sha256hash} or die;
+    my $sha256_actual = `nix hash-file --type sha256 '$dstFile'`;
+    chomp $sha256_actual;
+    if ($sha256_expected ne $sha256_actual) {
+        print STDERR "file $dstFile is corrupt\n";
+        exit 1;
+    }
+
+    write_file("$dstFile.sha256", $sha256_expected);
+
+    return ($dstFile, $sha256_expected);
+}
+
+downloadFile("tarball", "2"); # PDF
+downloadFile("tarball", "3"); # .tar.bz2
+my ($tarball, $tarballHash) = downloadFile("tarball", "4"); # .tar.xz
+my ($tarball_i686_linux, $tarball_i686_linux_hash) = downloadFile("binaryTarball.i686-linux", "1");
+my ($tarball_x86_64_linux, $tarball_x86_64_linux_hash) = downloadFile("binaryTarball.x86_64-linux", "1");
+my ($tarball_x86_64_darwin, $tarball_x86_64_darwin_hash) = downloadFile("binaryTarball.x86_64-darwin", "1");
+
+# Update Nixpkgs in a very hacky way.
+system("cd $nixpkgsDir && git pull") == 0 or die;
+my $oldName = `nix-instantiate --eval $nixpkgsDir -A nix.name`; chomp $oldName;
+my $oldHash = `nix-instantiate --eval $nixpkgsDir -A nix.src.outputHash`; chomp $oldHash;
+print STDERR "old stable version in Nixpkgs = $oldName / $oldHash\n";
+
+my $fn = "$nixpkgsDir/pkgs/tools/package-management/nix/default.nix";
+my $oldFile = read_file($fn);
+$oldFile =~ s/$oldName/"$releaseName"/g;
+$oldFile =~ s/$oldHash/"$tarballHash"/g;
+write_file($fn, $oldFile);
+
+$oldName =~ s/nix-//g;
+$oldName =~ s/"//g;
+
+sub getStorePath {
+    my ($jobName) = @_;
+    my $buildInfo = decode_json(fetch("$evalUrl/job/$jobName", 'application/json'));
+    die unless $buildInfo->{buildproducts}->{1}->{type} eq "nix-build";
+    return $buildInfo->{buildproducts}->{1}->{path};
+}
+
+write_file("$nixpkgsDir/nixos/modules/installer/tools/nix-fallback-paths.nix",
+           "{\n" .
+           "  x86_64-linux = \"" . getStorePath("build.x86_64-linux") . "\";\n" .
+           "  i686-linux = \"" . getStorePath("build.i686-linux") . "\";\n" .
+           "  x86_64-darwin = \"" . getStorePath("build.x86_64-darwin") . "\";\n" .
+           "}\n");
+
+system("cd $nixpkgsDir && git commit -a -m 'nix: $oldName -> $version'") == 0 or die;
+
+# Extract the HTML manual.
+File::Path::make_path("$releaseDir/manual");
+
+system("tar xvf $tarball --strip-components=3 -C $releaseDir/manual --wildcards '*/doc/manual/*.html' '*/doc/manual/*.css' '*/doc/manual/*.gif' '*/doc/manual/*.png'") == 0 or die;
+
+if (! -e "$releaseDir/manual/index.html") {
+    symlink("manual.html", "$releaseDir/manual/index.html") or die;
+}
+
+# Update the "latest" symlink.
+symlink("$releaseName", "$releasesDir/nix/latest-tmp") or die;
+rename("$releasesDir/nix/latest-tmp", "$releasesDir/nix/latest") or die;
+
+# Tag the release in Git.
+chdir("/home/eelco/Dev/nix-pristine") or die;
+system("git remote update origin") == 0 or die;
+system("git tag --force --sign $version $nixRev -m 'Tagging release $version'") == 0 or die;
+
+# Update the website.
+my $siteDir = "/home/eelco/Dev/nixos-homepage-pristine";
+
+system("cd $siteDir && git pull") == 0 or die;
+
+write_file("$siteDir/nix-release.tt",
+           "[%-\n" .
+           "latestNixVersion = \"$version\"\n" .
+           "nix_hash_i686_linux = \"$tarball_i686_linux_hash\"\n" .
+           "nix_hash_x86_64_linux = \"$tarball_x86_64_linux_hash\"\n" .
+           "nix_hash_x86_64_darwin = \"$tarball_x86_64_darwin_hash\"\n" .
+           "-%]\n");
+
+system("cd $siteDir && nix-shell --run 'make nix/install nix/install.sig'") == 0 or die;
+
+system("cd $siteDir && git commit -a -m 'Nix $version released'") == 0 or die;
--- a/misc/docker/Dockerfile
+++ b/misc/docker/Dockerfile
@@ -1,23 +1,23 @@
-FROM busybox
+FROM alpine

-RUN set -x \
-    && wget -O- http://nixos.org/releases/nix/nix-1.9/nix-1.9-x86_64-linux.tar.bz2 | \
-        bzcat - | tar xf - \
-    && echo "nixbld:x:30000:nixbld1,nixbld10,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9" >> /etc/group \
-    && for i in $(seq 1 9); do echo "nixbld$i:x:3000$i:30000:::" >> /etc/passwd; done \
-    && sed -i 's/\$HOME\/\.nix-profile\/etc\/ssl\/certs\/ca-bundle\.crt/\$HOME\/\.nix-profile\/etc\/ca-bundle\.crt/g' nix-1.9-x86_64-linux/install \
-    && mkdir -m 0755 /nix && USER=root sh nix-1.9-x86_64-linux/install \
+RUN wget -O- http://nixos.org/releases/nix/nix-1.11.2/nix-1.11.2-x86_64-linux.tar.bz2 | bzcat - | tar xf - \
+    && echo "nixbld:x:30000:nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9,nixbld10,nixbld11,nixbld12,nixbld13,nixbld14,nixbld15,nixbld16,nixbld17,nixbld18,nixbld19,nixbld20,nixbld21,nixbld22,nixbld23,nixbld24,nixbld25,nixbld26,nixbld27,nixbld28,nixbld29,nixbld30" >> /etc/group \
+    && for i in $(seq 1 30); do echo "nixbld$i:x:$((30000 + $i)):30000:::" >> /etc/passwd; done \
+    && mkdir -m 0755 /nix && USER=root sh nix-*-x86_64-linux/install \
    && echo ". /root/.nix-profile/etc/profile.d/nix.sh" >> /etc/profile \
-    && rm -r /nix-1.9-x86_64-linux
+    && rm -r /nix-*-x86_64-linux \
+    && apk --update add bash tar \
+    && rm -rf /var/cache/apk/*

 ONBUILD ENV \
    ENV=/etc/profile \
    PATH=/root/.nix-profile/bin:/root/.nix-profile/sbin:/bin:/sbin:/usr/bin:/usr/sbin \
-    GIT_SSL_CAINFO=/root/.nix-profile/etc/ca-bundle.crt \
-    SSL_CERT_FILE=/root/.nix-profile/etc/ca-bundle.crt
+    GIT_SSL_CAINFO=/root/.nix-profile/etc/ssl/certs/ca-bundle.crt \
+    NIX_SSL_CERT_FILE=/root/.nix-profile/etc/ssl/certs/ca-bundle.crt

 ENV \
    ENV=/etc/profile \
    PATH=/root/.nix-profile/bin:/root/.nix-profile/sbin:/bin:/sbin:/usr/bin:/usr/sbin \
-    GIT_SSL_CAINFO=/root/.nix-profile/etc/ca-bundle.crt \
-    SSL_CERT_FILE=/root/.nix-profile/etc/ca-bundle.crt
+    GIT_SSL_CAINFO=/root/.nix-profile/etc/ssl/certs/ca-bundle.crt \
+    NIX_SSL_CERT_FILE=/root/.nix-profile/etc/ssl/certs/ca-bundle.crt \
+    NIX_PATH=/nix/var/nix/profiles/per-user/root/channels/
--- a/misc/emacs/nix-mode.el
+++ b/misc/emacs/nix-mode.el
@@ -8,17 +8,31 @@

 ;;; Code:

+(defun nix-syntax-match-antiquote (limit)
+  (let ((pos (next-single-char-property-change (point) 'nix-syntax-antiquote
+                                               nil limit)))
+    (when (and pos (> pos (point)))
+      (goto-char pos)
+      (let ((char (char-after pos)))
+        (pcase char
+          (`?$
+           (forward-char 2))
+          (`?}
+           (forward-char 1)))
+        (set-match-data (list pos (point)))
+        t))))
+
 (defconst nix-font-lock-keywords
-  '("\\<if\\>" "\\<then\\>" "\\<else\\>" "\\<assert\\>" "\\<with\\>"
-    "\\<let\\>" "\\<in\\>" "\\<rec\\>" "\\<inherit\\>" "\\<or\\>"
-    ("\\<true\\>" . font-lock-builtin-face)
-    ("\\<false\\>" . font-lock-builtin-face)
-    ("\\<null\\>" . font-lock-builtin-face)
-    ("\\<import\\>" . font-lock-builtin-face)
-    ("\\<derivation\\>" . font-lock-builtin-face)
-    ("\\<baseNameOf\\>" . font-lock-builtin-face)
-    ("\\<toString\\>" . font-lock-builtin-face)
-    ("\\<isNull\\>" . font-lock-builtin-face)
+  '("\\_<if\\_>" "\\_<then\\_>" "\\_<else\\_>" "\\_<assert\\_>" "\\_<with\\_>"
+    "\\_<let\\_>" "\\_<in\\_>" "\\_<rec\\_>" "\\_<inherit\\_>" "\\_<or\\_>"
+    ("\\_<true\\_>" . font-lock-builtin-face)
+    ("\\_<false\\_>" . font-lock-builtin-face)
+    ("\\_<null\\_>" . font-lock-builtin-face)
+    ("\\_<import\\_>" . font-lock-builtin-face)
+    ("\\_<derivation\\_>" . font-lock-builtin-face)
+    ("\\_<baseNameOf\\_>" . font-lock-builtin-face)
+    ("\\_<toString\\_>" . font-lock-builtin-face)
+    ("\\_<isNull\\_>" . font-lock-builtin-face)
    ("[a-zA-Z][a-zA-Z0-9\\+-\\.]*:[a-zA-Z0-9%/\\?:@&=\\+\\$,_\\.!~\\*'-]+"
     . font-lock-constant-face)
    ("\\<\\([a-zA-Z_][a-zA-Z0-9_'\-\.]*\\)[ \t]*="
@@ -26,7 +40,8 @@
    ("<[a-zA-Z0-9._\\+-]+\\(/[a-zA-Z0-9._\\+-]+\\)*>"
     . font-lock-constant-face)
    ("[a-zA-Z0-9._\\+-]*\\(/[a-zA-Z0-9._\\+-]+\\)+"
-     . font-lock-constant-face))
+     . font-lock-constant-face)
+    (nix-syntax-match-antiquote 0 font-lock-preprocessor-face t))
  "Font lock keywords for nix.")

 (defvar nix-mode-syntax-table
@@ -38,6 +53,67 @@
    table)
  "Syntax table for Nix mode.")

+(defun nix-syntax-propertize-escaped-antiquote ()
+  "Set syntax properies for escaped antiquote marks."
+  nil)
+
+(defun nix-syntax-propertize-multiline-string ()
+  "Set syntax properies for multiline string delimiters."
+  (let* ((start (match-beginning 0))
+         (end (match-end 0))
+         (context (save-excursion (save-match-data (syntax-ppss start))))
+         (string-type (nth 3 context)))
+    (pcase string-type
+      (`t
+       ;; inside a multiline string
+       ;; ending multi-line string delimiter
+       (put-text-property (1- end) end
+                          'syntax-table (string-to-syntax "|")))
+      (`nil
+       ;; beginning multi-line string delimiter
+       (put-text-property start (1+ start)
+                          'syntax-table (string-to-syntax "|"))))))
+
+(defun nix-syntax-propertize-antiquote ()
+  "Set syntax properties for antiquote marks."
+  (let* ((start (match-beginning 0)))
+    (put-text-property start (1+ start)
+                       'syntax-table (string-to-syntax "|"))
+    (put-text-property start (+ start 2)
+                       'nix-syntax-antiquote t)))
+
+(defun nix-syntax-propertize-close-brace ()
+  "Set syntax properties for close braces.
+If a close brace `}' ends an antiquote, the next character begins a string."
+  (let* ((start (match-beginning 0))
+         (end (match-end 0))
+         (context (save-excursion (save-match-data (syntax-ppss start))))
+         (open (nth 1 context)))
+    (when open ;; a corresponding open-brace was found
+      (let* ((antiquote (get-text-property open 'nix-syntax-antiquote)))
+        (when antiquote
+          (put-text-property (+ start 1) (+ start 2)
+                             'syntax-table (string-to-syntax "|"))
+          (put-text-property start (1+ start)
+                             'nix-syntax-antiquote t))))))
+
+(defun nix-syntax-propertize (start end)
+  "Special syntax properties for Nix."
+  ;; search for multi-line string delimiters
+  (goto-char start)
+  (remove-text-properties start end '(syntax-table nil nix-syntax-antiquote nil))
+  (funcall
+   (syntax-propertize-rules
+    ("''\\${"
+     (0 (ignore (nix-syntax-propertize-escaped-antiquote))))
+    ("''"
+     (0 (ignore (nix-syntax-propertize-multiline-string))))
+    ("\\${"
+     (0 (ignore (nix-syntax-propertize-antiquote))))
+    ("}"
+     (0 (ignore (nix-syntax-propertize-close-brace)))))
+   start end))
+
 (defun nix-indent-line ()
  "Indent current line in a Nix expression."
  (interactive)
@@ -69,7 +145,13 @@ The hook `nix-mode-hook' is run when Nix mode is started.
  (set-syntax-table nix-mode-syntax-table)

  ;; Font lock support.
-  (setq font-lock-defaults '(nix-font-lock-keywords nil nil nil nil))
+  (setq-local font-lock-defaults '(nix-font-lock-keywords nil nil nil nil))
+
+  ;; Special syntax properties for Nix
+  (setq-local syntax-propertize-function 'nix-syntax-propertize)
+
+  ;; Look at text properties when parsing
+  (setq-local parse-sexp-lookup-properties t)

  ;; Automatic indentation [C-j].
  (set (make-local-variable 'indent-line-function) 'nix-indent-line)
--- a/misc/launchd/org.nixos.nix-daemon.plist.in
+++ b/misc/launchd/org.nixos.nix-daemon.plist.in
@@ -12,5 +12,10 @@
    <string>/var/log/nix-daemon.log</string>
    <key>StandardOutPath</key>
    <string>/dev/null</string>
+    <key>EnvironmentVariables</key>
+    <dict>
+      <key>NIX_SSL_CERT_FILE</key>
+      <string>/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt</string>
+    </dict>
  </dict>
 </plist>
--- a/misc/systemd/nix-daemon.service.in
+++ b/misc/systemd/nix-daemon.service.in
@@ -7,3 +7,4 @@ ConditionPathIsReadWrite=@localstatedir@/nix/daemon-socket
 [Service]
 ExecStart=@@bindir@/nix-daemon nix-daemon --daemon
 KillMode=process
+Environment=XDG_CACHE_HOME=/root/.cache
--- a/misc/systemv/nix-daemon
+++ b/misc/systemv/nix-daemon
@@ -0,0 +1,113 @@
+#!/bin/sh
+#
+# nix-daemon: Starts the nix package manager daemon
+#
+# chkconfig:   345 24 02
+# description: This is a daemon which enable the multi-user mode 
+#               of the nix package manager.
+# processname: nix-daemon
+# pidfile:     /var/run/nix/nix-daemon.pid
+
+### BEGIN INIT INFO
+# Required-Start:    
+# Required-Stop:     
+# Should-Start:      
+# Should-Stop:       
+# Default-Start:     3 4 5
+# Default-Stop:      0 1 2 6
+# Short-Description: Starts the nix daemon
+# Description:       This is a daemon which enable the multi-user mode 
+#                     of the nix package manager.
+### END INIT INFO
+
+NIX_DAEMON_BIN=/usr/bin/nix-daemon
+#NIX_DAEMON_USER="root"
+NIX_DAEMON_USER="nix-daemon"
+NIX_DAEMON_OPTS="--daemon"
+
+umask 0022
+
+if [ "$1" = 'status' ]; then
+    test -x $NIX_DAEMON_BIN || exit 4
+else
+    test -x $NIX_DAEMON_BIN || exit 5
+fi
+
+# Source function library.
+. /etc/init.d/functions
+
+LOCKFILE=/var/lock/subsys/nix-daemon
+RUNDIR=/var/run/nix
+PIDFILE=${RUNDIR}/nix-daemon.pid
+RETVAL=0
+
+base=${0##*/}
+
+start() {
+
+    mkdir -p ${RUNDIR}
+    chown ${NIX_DAEMON_USER}:${NIX_DAEMON_USER} ${RUNDIR}
+
+    echo -n $"Starting nix daemon... "
+
+    daemonize -u $NIX_DAEMON_USER -p ${PIDFILE} $NIX_DAEMON_BIN $NIX_DAEMON_OPTS
+    RETVAL=$?
+    echo
+    [ $RETVAL -eq 0 ] && touch ${LOCKFILE}
+    return $RETVAL
+}
+
+stop() {
+    echo -n $"Shutting down nix daemon: "
+    killproc -p ${PIDFILE} $NIX_DAEMON_BIN
+    RETVAL=$?
+    [ $RETVAL -eq 0 ] && rm -f ${LOCKFILE} ${PIDFILE}
+    echo
+    return $RETVAL
+}
+
+reload() {
+    echo -n $"Reloading nix daemon... "
+    killproc -p ${PIDFILE} $NIX_DAEMON_BIN -HUP
+    RETVAL=$?
+    echo
+    return $RETVAL
+}
+
+restart() {
+    stop
+    start
+}
+
+RETVAL=0
+
+# caller switch
+case "$1" in
+  start)
+        start
+    ;;
+  stop)
+        stop
+    ;;
+  status)
+        status -p ${PIDFILE} $NIX_DAEMON_BIN
+            RETVAL=$?
+    ;;
+  restart)
+        restart
+    ;;
+  reload)
+        reload
+    ;;
+  condrestart)
+        if [ -f $LOCKFILE ]; then
+            restart
+        fi
+    ;;
+  *)
+        echo $"Usage: $0 {start|stop|status|restart|condrestart}"
+        exit 2
+    ;;
+esac
+
+exit $RETVAL
--- a/mk/lib.mk
+++ b/mk/lib.mk
@@ -61,7 +61,9 @@ ifeq ($(BUILD_SHARED_LIBS), 1)
  endif
  ifneq ($(OS), Darwin)
   ifneq ($(OS), SunOS)
-    GLOBAL_LDFLAGS += -Wl,--no-copy-dt-needed-entries
+    ifneq ($(OS), FreeBSD)
+     GLOBAL_LDFLAGS += -Wl,--no-copy-dt-needed-entries
+    endif
   endif
  endif
  SET_RPATH_TO_LIBS ?= 1
--- a/nix.spec.in
+++ b/nix.spec.in
@@ -1,12 +1,12 @@
 %global nixbld_user "nix-builder-"
-%global nixbld_group "nix-builders"
+%global nixbld_group "nixbld"

 Summary: The Nix software deployment system
 Name: nix
 Version: @PACKAGE_VERSION@
 Release: 2%{?dist}
 License: LGPLv2+
-%if 0%{?rhel}
+%if 0%{?rhel} && 0%{?rhel} < 7
 Group: Applications/System
 %endif
 URL: http://nixos.org/
@@ -16,7 +16,6 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 %endif
 BuildRequires: perl(DBD::SQLite)
 BuildRequires: perl(DBI)
-BuildRequires: perl(WWW::Curl)
 BuildRequires: perl(ExtUtils::ParseXS)
 Requires: /usr/bin/perl
 Requires: curl
@@ -26,6 +25,7 @@ Requires: gzip
 Requires: xz
 BuildRequires: bzip2-devel
 BuildRequires: sqlite-devel
+BuildRequires: libcurl-devel

 # Hack to make that shitty RPM scanning hack shut up.
 Provides: perl(Nix::SSH)
@@ -40,7 +40,7 @@ it can be used equally well under other Unix systems.

 %package        devel
 Summary:        Development files for %{name}
-%if 0%{?rhel}
+%if 0%{?rhel} && 0%{?rhel} < 7
 Group:          Development/Libraries
 %endif
 Requires:       %{name}%{?_isa} = %{version}-%{release}
@@ -52,7 +52,7 @@ developing applications that use %{name}.

 %package doc
 Summary:        Documentation files for %{name}
-%if 0%{?rhel}
+%if 0%{?rhel} && 0%{?rhel} < 7
 Group:          Documentation
 %endif
 BuildArch:      noarch
@@ -64,7 +64,7 @@ The %{name}-doc package contains documentation files for %{name}.

 %package -n emacs-%{name}
 Summary:        Nix mode for Emacs
-%if 0%{?rhel}
+%if 0%{?rhel} && 0%{?rhel} < 7
 Group:          Applications/Editors
 %endif
 BuildArch:      noarch
@@ -76,7 +76,7 @@ This package provides a major mode for editing Nix expressions.

 %package -n emacs-%{name}-el
 Summary:        Elisp source files for emacs-%{name}
-%if 0%{?rhel}
+%if 0%{?rhel} && 0%{?rhel} < 7
 Group:          Applications/Editors
 %endif
 BuildArch:      noarch
@@ -117,6 +117,10 @@ make DESTDIR=$RPM_BUILD_ROOT install

 find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'

+# make the store
+mkdir -p $RPM_BUILD_ROOT/nix/store
+chmod 1775 $RPM_BUILD_ROOT/nix/store
+
 # make per-user directories
 for d in profiles gcroots;
 do
@@ -154,20 +158,19 @@ done

 %post
 chgrp %{nixbld_group} /nix/store
-chmod 1775 /nix/store
-%if ! 0%{?rhel}
+%if ! 0%{?rhel} || 0%{?rhel} >= 7
 # Enable and start Nix worker
 systemctl enable nix-daemon.socket nix-daemon.service
 systemctl start  nix-daemon.socket
 %endif

 %files
-%{_bindir}/nix-*
+%{_bindir}/nix*
 %{_libdir}/*.so
 %{perl_vendorarch}/*
 %exclude %dir %{perl_vendorarch}/auto/
 %{_prefix}/libexec/*
-%if ! 0%{?rhel}
+%if ! 0%{?rhel} || 0%{?rhel} >= 7
 %{_prefix}/lib/systemd/system/nix-daemon.socket
 %{_prefix}/lib/systemd/system/nix-daemon.service
 %endif
--- a/perl/lib/Nix/Config.pm.in
+++ b/perl/lib/Nix/Config.pm.in
@@ -7,7 +7,6 @@ $version = "@PACKAGE_VERSION@";
 $binDir = $ENV{"NIX_BIN_DIR"} || "@bindir@";
 $libexecDir = $ENV{"NIX_LIBEXEC_DIR"} || "@libexecdir@";
 $stateDir = $ENV{"NIX_STATE_DIR"} || "@localstatedir@/nix";
-$manifestDir = $ENV{"NIX_MANIFESTS_DIR"} || "@localstatedir@/nix/manifests";
 $logDir = $ENV{"NIX_LOG_DIR"} || "@localstatedir@/log/nix";
 $confDir = $ENV{"NIX_CONF_DIR"} || "@sysconfdir@/nix";
 $storeDir = $ENV{"NIX_STORE_DIR"} || "@storedir@";
@@ -15,7 +14,6 @@ $storeDir = $ENV{"NIX_STORE_DIR"} || "@storedir@";
 $bzip2 = "@bzip2@";
 $xz = "@xz@";
 $curl = "@curl@";
-$openssl = "@openssl@";

 $useBindings = "@perlbindings@" eq "yes";

--- a/perl/lib/Nix/CopyClosure.pm
+++ b/perl/lib/Nix/CopyClosure.pm
@@ -10,7 +10,7 @@ use IPC::Open2;


 sub copyToOpen {
-    my ($from, $to, $sshHost, $storePaths, $includeOutputs, $dryRun, $sign, $useSubstitutes) = @_;
+    my ($from, $to, $sshHost, $storePaths, $includeOutputs, $dryRun, $useSubstitutes) = @_;

    $useSubstitutes = 0 if $dryRun || !defined $useSubstitutes;

@@ -41,75 +41,21 @@ sub copyToOpen {

    # Send the "import paths" command.
    syswrite($to, pack("L<x4", 4)) or die;
-    exportPaths(fileno($to), $sign, @missing);
+    exportPaths(fileno($to), @missing);
    readInt($from) == 1 or die "remote machine ‘$sshHost’ failed to import closure\n";
 }


 sub copyTo {
-    my ($sshHost, $storePaths, $includeOutputs, $dryRun, $sign, $useSubstitutes) = @_;
+    my ($sshHost, $storePaths, $includeOutputs, $dryRun, $useSubstitutes) = @_;

    # Connect to the remote host.
-    my ($from, $to);
-    eval {
-        ($from, $to) = connectToRemoteNix($sshHost, []);
-    };
-    if ($@) {
-        chomp $@;
-        warn "$@; falling back to old closure copying method\n";
-        $@ = "";
-        return oldCopyTo(@_);
-    }
+    my ($from, $to) = connectToRemoteNix($sshHost, []);

-    copyToOpen($from, $to, $sshHost, $storePaths, $includeOutputs, $dryRun, $sign, $useSubstitutes);
+    copyToOpen($from, $to, $sshHost, $storePaths, $includeOutputs, $dryRun, $useSubstitutes);

    close $to;
 }


-# For backwards compatibility with Nix <= 1.7. Will be removed
-# eventually.
-sub oldCopyTo {
-    my ($sshHost, $storePaths, $includeOutputs, $dryRun, $sign, $useSubstitutes) = @_;
-
-    # Get the closure of this path.
-    my @closure = reverse(topoSortPaths(computeFSClosure(0, $includeOutputs,
-        map { followLinksToStorePath $_ } @{$storePaths})));
-
-    # Optionally use substitutes on the remote host.
-    if (!$dryRun && $useSubstitutes) {
-        system "ssh $sshHost @globalSshOpts nix-store -r --ignore-unknown @closure";
-        # Ignore exit status because this is just an optimisation.
-    }
-
-    # Ask the remote host which paths are invalid.  Because of limits
-    # to the command line length, do this in chunks.  Eventually,
-    # we'll want to use ‘--from-stdin’, but we can't rely on the
-    # target having this option yet.
-    my @missing;
-    my $missingSize = 0;
-    while (scalar(@closure) > 0) {
-        my @ps = splice(@closure, 0, 1500);
-        open(READ, "set -f; ssh $sshHost @globalSshOpts nix-store --check-validity --print-invalid @ps|");
-        while (<READ>) {
-            chomp;
-            push @missing, $_;
-            my ($deriver, $narHash, $time, $narSize, $refs) = queryPathInfo($_, 1);
-            $missingSize += $narSize;
-        }
-        close READ or die;
-    }
-
-    # Export the store paths and import them on the remote machine.
-    if (scalar @missing > 0) {
-        print STDERR "copying ", scalar @missing, " missing paths to ‘$sshHost’...\n";
-        unless ($dryRun) {
-            open SSH, "| ssh $sshHost @globalSshOpts 'nix-store --import' > /dev/null" or die;
-            exportPaths(fileno(SSH), $sign, @missing);
-            close SSH or die "copying store paths to remote machine ‘$sshHost’ failed: $?";
-        }
-    }
-}
-
-
 1;
--- a/perl/lib/Nix/GeneratePatches.pm
+++ b/perl/lib/Nix/GeneratePatches.pm
@@ -1,340 +0,0 @@
-package Nix::GeneratePatches;
-
-use strict;
-use File::Temp qw(tempdir);
-use File::stat;
-use Nix::Config;
-use Nix::Manifest;
-
-our @ISA = qw(Exporter);
-our @EXPORT = qw(generatePatches propagatePatches copyPatches);
-
-
-# Some patch generations options.
-
-# Max size of NAR archives to generate patches for.
-my $maxNarSize = $ENV{"NIX_MAX_NAR_SIZE"};
-$maxNarSize = 160 * 1024 * 1024 if !defined $maxNarSize;
-
-# If patch is bigger than this fraction of full archive, reject.
-my $maxPatchFraction = $ENV{"NIX_PATCH_FRACTION"};
-$maxPatchFraction = 0.60 if !defined $maxPatchFraction;
-
-my $timeLimit = $ENV{"NIX_BSDIFF_TIME_LIMIT"};
-$timeLimit = 180 if !defined $timeLimit;
-
-my $hashAlgo = "sha256";
-
-
-sub findOutputPaths {
-    my $narFiles = shift;
-
-    my %outPaths;
-    
-    foreach my $p (keys %{$narFiles}) {
-
-        # Ignore derivations.
-        next if ($p =~ /\.drv$/);
-        
-        # Ignore builders (too much ambiguity -- they're all called
-        # `builder.sh').
-        next if ($p =~ /\.sh$/);
-        next if ($p =~ /\.patch$/);
-        
-        # Don't bother including tar files etc.
-        next if ($p =~ /\.tar$/ || $p =~ /\.tar\.(gz|bz2|Z|lzma|xz)$/ || $p =~ /\.zip$/ || $p =~ /\.bin$/ || $p =~ /\.tgz$/ || $p =~ /\.rpm$/ || $p =~ /cvs-export$/ || $p =~ /fetchhg$/);
-
-        $outPaths{$p} = 1;
-    }
-
-    return %outPaths;
-}
-
-
-sub getNameVersion {
-    my $p = shift;
-    $p =~ /\/[0-9a-z]+((?:-[a-zA-Z][^\/-]*)+)([^\/]*)$/;
-    my $name = $1;
-    my $version = $2;
-    return undef unless defined $name && defined $version;
-    $name =~ s/^-//;
-    $version =~ s/^-//;
-    return ($name, $version);
-}
-
-
-# A quick hack to get a measure of the `distance' between two
-# versions: it's just the position of the first character that differs
-# (or 999 if they are the same).
-sub versionDiff {
-    my $s = shift;
-    my $t = shift;
-    my $i;
-    return 999 if $s eq $t;
-    for ($i = 0; $i < length $s; $i++) {
-        return $i if $i >= length $t or
-            substr($s, $i, 1) ne substr($t, $i, 1);
-    }
-    return $i;
-}
-
-
-sub getNarBz2 {
-    my $narPath = shift;
-    my $narFiles = shift;
-    my $storePath = shift;
-    
-    my $narFileList = $$narFiles{$storePath};
-    die "missing path $storePath" unless defined $narFileList;
-
-    my $narFile = @{$narFileList}[0];
-    die unless defined $narFile;
-
-    $narFile->{url} =~ /\/([^\/]+)$/;
-    die unless defined $1;
-    return "$narPath/$1";
-}
-
-
-sub containsPatch {
-    my $patches = shift;
-    my $storePath = shift;
-    my $basePath = shift;
-    my $patchList = $$patches{$storePath};
-    return 0 if !defined $patchList;
-    my $found = 0;
-    foreach my $patch (@{$patchList}) {
-        # !!! baseHash might differ
-        return 1 if $patch->{basePath} eq $basePath;
-    }
-    return 0;
-}
-
-
-sub generatePatches {
-    my ($srcNarFiles, $dstNarFiles, $srcPatches, $dstPatches, $narPath, $patchesPath, $patchesURL, $tmpDir) = @_;
-
-    my %srcOutPaths = findOutputPaths $srcNarFiles;
-    my %dstOutPaths = findOutputPaths $dstNarFiles;
-
-    # For each output path in the destination, see if we need to / can
-    # create a patch.
-
-    print STDERR "creating patches...\n";
-
-    foreach my $p (keys %dstOutPaths) {
-
-        # If exactly the same path already exists in the source, skip it.
-        next if defined $srcOutPaths{$p};
-    
-        print "  $p\n";
-
-        # If not, then we should find the paths in the source that are
-        # `most' likely to be present on a system that wants to
-        # install this path.
-
-        (my $name, my $version) = getNameVersion $p;
-        next unless defined $name && defined $version;
-
-        my @closest = ();
-        my $closestVersion;
-        my $minDist = -1; # actually, larger means closer
-
-        # Find all source paths with the same name.
-
-        foreach my $q (keys %srcOutPaths) {
-            (my $name2, my $version2) = getNameVersion $q;
-            next unless defined $name2 && defined $version2;
-
-            if ($name eq $name2) {
-
-                my $srcSystem = @{$$dstNarFiles{$p}}[0]->{system};
-                my $dstSystem = @{$$srcNarFiles{$q}}[0]->{system};
-                if (defined $srcSystem && defined $dstSystem && $srcSystem ne $dstSystem) {
-                    print "    SKIPPING $q due to different systems ($srcSystem vs. $dstSystem)\n";
-                    next;
-                }
-
-                # If the sizes differ too much, then skip.  This
-                # disambiguates between, e.g., a real component and a
-                # wrapper component (cf. Firefox in Nixpkgs).
-                my $srcSize = @{$$srcNarFiles{$q}}[0]->{size};
-                my $dstSize = @{$$dstNarFiles{$p}}[0]->{size};
-                my $ratio = $srcSize / $dstSize;
-                $ratio = 1 / $ratio if $ratio < 1;
-                # print "  SIZE $srcSize $dstSize $ratio $q\n";
-
-                if ($ratio >= 3) {
-                    print "    SKIPPING $q due to size ratio $ratio ($srcSize vs. $dstSize)\n";
-                    next;
-                }
-
-                # If there are multiple matching names, include the
-                # ones with the closest version numbers.
-                my $dist = versionDiff $version, $version2;
-                if ($dist > $minDist) {
-                    $minDist = $dist;
-                    @closest = ($q);
-                    $closestVersion = $version2;
-                } elsif ($dist == $minDist) {
-                    push @closest, $q;
-                }
-            }
-        }
-
-        if (scalar(@closest) == 0) {
-            print "    NO BASE: $p\n";
-            next;
-        }
-
-        foreach my $closest (@closest) {
-
-            # Generate a patch between $closest and $p.
-            print STDERR "  $p <- $closest\n";
-
-            # If the patch already exists, skip it.
-            if (containsPatch($srcPatches, $p, $closest) ||
-                containsPatch($dstPatches, $p, $closest))
-            {
-                print "    skipping, already exists\n";
-                next;
-            }
-
-            my $srcNarBz2 = getNarBz2 $narPath, $srcNarFiles, $closest;
-            my $dstNarBz2 = getNarBz2 $narPath, $dstNarFiles, $p;
-
-            if (! -f $srcNarBz2) {
-                warn "patch source archive $srcNarBz2 is missing\n";
-                next;
-            }
-
-            system("$Nix::Config::bzip2 -d < $srcNarBz2 > $tmpDir/A") == 0
-                or die "cannot unpack $srcNarBz2";
-
-            if (stat("$tmpDir/A")->size >= $maxNarSize) {
-                print "    skipping, source is too large\n";
-                next;
-            }
-        
-            system("$Nix::Config::bzip2 -d < $dstNarBz2 > $tmpDir/B") == 0
-                or die "cannot unpack $dstNarBz2";
-
-            if (stat("$tmpDir/B")->size >= $maxNarSize) {
-                print "    skipping, destination is too large\n";
-                next;
-            }
-        
-            my $time1 = time();
-            my $res = system("ulimit -t $timeLimit; $Nix::Config::libexecDir/nix/bsdiff $tmpDir/A $tmpDir/B $tmpDir/DIFF");
-            my $time2 = time();
-            if ($res) {
-                warn "binary diff computation aborted after ", $time2 - $time1, " seconds\n";
-                next;
-            }
-
-            my $baseHash = `$Nix::Config::binDir/nix-hash --flat --type $hashAlgo --base32 $tmpDir/A` or die;
-            chomp $baseHash;
-
-            my $narHash = `$Nix::Config::binDir/nix-hash --flat --type $hashAlgo --base32 $tmpDir/B` or die;
-            chomp $narHash;
-
-            my $narDiffHash = `$Nix::Config::binDir/nix-hash --flat --type $hashAlgo --base32 $tmpDir/DIFF` or die;
-            chomp $narDiffHash;
-
-            my $narDiffSize = stat("$tmpDir/DIFF")->size;
-            my $dstNarBz2Size = stat($dstNarBz2)->size;
-
-            print "    size $narDiffSize; full size $dstNarBz2Size; ", $time2 - $time1, " seconds\n";
-        
-            if ($narDiffSize >= $dstNarBz2Size) {
-                print "    rejecting; patch bigger than full archive\n";
-                next;
-            }
-    
-            if ($narDiffSize / $dstNarBz2Size >= $maxPatchFraction) {
-                print "    rejecting; patch too large relative to full archive\n";
-                next;
-            }
-    
-            my $finalName = "$narDiffHash.nar-bsdiff";
-
-            if (-e "$patchesPath/$finalName") {
-                print "    not copying, already exists\n";
-            }
-
-            else {
-                system("cp '$tmpDir/DIFF' '$patchesPath/$finalName.tmp'") == 0
-                    or die "cannot copy diff";
-                rename("$patchesPath/$finalName.tmp", "$patchesPath/$finalName")
-                    or die "cannot rename $patchesPath/$finalName.tmp";
-            }
-        
-            # Add the patch to the manifest.
-            addPatch $dstPatches, $p,
-                { url => "$patchesURL/$finalName", hash => "$hashAlgo:$narDiffHash"
-                , size => $narDiffSize, basePath => $closest, baseHash => "$hashAlgo:$baseHash"
-                , narHash => "$hashAlgo:$narHash", patchType => "nar-bsdiff"
-                };
-        }
-    }
-}
-
-
-# Propagate useful patches from $srcPatches to $dstPatches.  A patch
-# is useful if it produces either paths in the $dstNarFiles or paths
-# that can be used as the base for other useful patches.
-sub propagatePatches {
-    my ($srcPatches, $dstNarFiles, $dstPatches) = @_;
-
-    print STDERR "propagating patches...\n";
-
-    my $changed;
-    do {
-        # !!! we repeat this to reach the transitive closure; inefficient
-        $changed = 0;
-
-        print STDERR "loop\n";
-
-        my %dstBasePaths;
-        foreach my $q (keys %{$dstPatches}) {
-            foreach my $patch (@{$$dstPatches{$q}}) {
-                $dstBasePaths{$patch->{basePath}} = 1;
-            }
-        }
-
-        foreach my $p (keys %{$srcPatches}) {
-            my $patchList = $$srcPatches{$p};
-
-            my $include = 0;
-
-            # Is path $p included in the destination?  If so, include
-            # patches that produce it.
-            $include = 1 if defined $$dstNarFiles{$p};
-
-            # Is path $p a path that serves as a base for paths in the
-            # destination?  If so, include patches that produce it.
-            # !!! check baseHash
-            $include = 1 if defined $dstBasePaths{$p};
-
-            if ($include) {
-                foreach my $patch (@{$patchList}) {
-                    $changed = 1 if addPatch $dstPatches, $p, $patch;
-                }
-            }
-        
-        }
-    
-    } while $changed;
-}
-
-
-# Add all new patches in $srcPatches to $dstPatches.
-sub copyPatches {
-    my ($srcPatches, $dstPatches) = @_;
-    foreach my $p (keys %{$srcPatches}) {
-        addPatch $dstPatches, $p, $_ foreach @{$$srcPatches{$p}};
-    }
-}
-
-
-return 1;
--- a/perl/lib/Nix/Manifest.pm
+++ b/perl/lib/Nix/Manifest.pm
@@ -13,7 +13,7 @@ use Nix::Config;
 use Nix::Store;

 our @ISA = qw(Exporter);
-our @EXPORT = qw(readManifest writeManifest updateManifestDB addPatch deleteOldManifests parseNARInfo fingerprintPath);
+our @EXPORT = qw(readManifest writeManifest addPatch parseNARInfo fingerprintPath);


 sub addNAR {
@@ -228,172 +228,6 @@ sub writeManifest {
 }


-sub updateManifestDB {
-    my $manifestDir = $Nix::Config::manifestDir;
-
-    my @manifests = glob "$manifestDir/*.nixmanifest";
-    return undef if scalar @manifests == 0;
-
-    mkpath($manifestDir);
-
-    unlink "$manifestDir/cache.sqlite"; # remove obsolete cache
-    my $dbPath = "$manifestDir/cache-v2.sqlite";
-
-    # Open/create the database.
-    our $dbh = DBI->connect("dbi:SQLite:dbname=$dbPath", "", "")
-        or die "cannot open database ‘$dbPath’";
-    $dbh->{RaiseError} = 1;
-    $dbh->{PrintError} = 0;
-
-    $dbh->do("pragma foreign_keys = on");
-    $dbh->do("pragma synchronous = off"); # we can always reproduce the cache
-    $dbh->do("pragma journal_mode = truncate");
-
-    # Initialise the database schema, if necessary.
-    $dbh->do(<<EOF);
-        create table if not exists Manifests (
-            id        integer primary key autoincrement not null,
-            path      text unique not null,
-            timestamp integer not null
-        );
-EOF
-
-    $dbh->do(<<EOF);
-        create table if not exists NARs (
-            id               integer primary key autoincrement not null,
-            manifest         integer not null,
-            storePath        text not null,
-            url              text not null,
-            compressionType  text not null,
-            hash             text,
-            size             integer,
-            narHash          text,
-            narSize          integer,
-            refs             text,
-            deriver          text,
-            system           text,
-            foreign key (manifest) references Manifests(id) on delete cascade
-        );
-EOF
-
-    $dbh->do("create index if not exists NARs_storePath on NARs(storePath)");
-
-    $dbh->do(<<EOF);
-        create table if not exists Patches (
-            id               integer primary key autoincrement not null,
-            manifest         integer not null,
-            storePath        text not null,
-            basePath         text not null,
-            baseHash         text not null,
-            url              text not null,
-            hash             text,
-            size             integer,
-            narHash          text,
-            narSize          integer,
-            patchType        text not null,
-            foreign key (manifest) references Manifests(id) on delete cascade
-        );
-EOF
-
-    $dbh->do("create index if not exists Patches_storePath on Patches(storePath)");
-
-    # Acquire an exclusive lock to ensure that only one process
-    # updates the DB at the same time.  This isn't really necessary,
-    # but it prevents work duplication and lock contention in SQLite.
-    my $lockFile = "$manifestDir/cache.lock";
-    open MAINLOCK, ">>$lockFile" or die "unable to acquire lock ‘$lockFile’: $!\n";
-    flock(MAINLOCK, LOCK_EX) or die;
-
-    our $insertNAR = $dbh->prepare(
-        "insert into NARs(manifest, storePath, url, compressionType, hash, size, narHash, " .
-        "narSize, refs, deriver, system) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)") or die;
-
-    our $insertPatch = $dbh->prepare(
-        "insert into Patches(manifest, storePath, basePath, baseHash, url, hash, " .
-        "size, narHash, narSize, patchType) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
-
-    $dbh->begin_work;
-
-    # Read each manifest in $manifestDir and add it to the database,
-    # unless we've already done so on a previous run.
-    my %seen;
-
-    for my $manifestLink (@manifests) {
-        my $manifest = Cwd::abs_path($manifestLink);
-        next unless -f $manifest;
-        my $timestamp = lstat($manifest)->mtime;
-        $seen{$manifest} = 1;
-
-        next if scalar @{$dbh->selectcol_arrayref(
-            "select 1 from Manifests where path = ? and timestamp = ?",
-            {}, $manifest, $timestamp)} == 1;
-
-        print STDERR "caching $manifest...\n";
-
-        $dbh->do("delete from Manifests where path = ?", {}, $manifest);
-
-        $dbh->do("insert into Manifests(path, timestamp) values (?, ?)",
-                 {}, $manifest, $timestamp);
-
-        our $id = $dbh->last_insert_id("", "", "", "");
-
-        sub addNARToDB {
-            my ($storePath, $narFile) = @_;
-            $insertNAR->execute(
-                $id, $storePath, $narFile->{url}, $narFile->{compressionType}, $narFile->{hash},
-                $narFile->{size}, $narFile->{narHash}, $narFile->{narSize}, $narFile->{references},
-                $narFile->{deriver}, $narFile->{system});
-        };
-
-        sub addPatchToDB {
-            my ($storePath, $patch) = @_;
-            $insertPatch->execute(
-                $id, $storePath, $patch->{basePath}, $patch->{baseHash}, $patch->{url},
-                $patch->{hash}, $patch->{size}, $patch->{narHash}, $patch->{narSize},
-                $patch->{patchType});
-        };
-
-        my $version = readManifest_($manifest, \&addNARToDB, \&addPatchToDB);
-
-        if ($version < 3) {
-            die "you have an old-style or corrupt manifest ‘$manifestLink’; please delete it\n";
-        }
-        if ($version >= 10) {
-            die "manifest ‘$manifestLink’ is too new; please delete it or upgrade Nix\n";
-        }
-    }
-
-    # Removed cached information for removed manifests from the DB.
-    foreach my $manifest (@{$dbh->selectcol_arrayref("select path from Manifests")}) {
-        next if defined $seen{$manifest};
-        $dbh->do("delete from Manifests where path = ?", {}, $manifest);
-    }
-
-    $dbh->commit;
-
-    close MAINLOCK;
-
-    return $dbh;
-}
-
-
-# Delete all old manifests downloaded from a given URL.
-sub deleteOldManifests {
-    my ($url, $curUrlFile) = @_;
-    for my $urlFile (glob "$Nix::Config::manifestDir/*.url") {
-        next if defined $curUrlFile && $urlFile eq $curUrlFile;
-        open URL, "<$urlFile" or die;
-        my $url2 = <URL>;
-        chomp $url2;
-        close URL;
-        next unless $url eq $url2;
-        my $base = $urlFile; $base =~ s/.url$//;
-        unlink "${base}.url";
-        unlink "${base}.nixmanifest";
-    }
-}
-
-
 # Return a fingerprint of a store path to be used in binary cache
 # signatures. It contains the store path, the base-32 SHA-256 hash of
 # the contents of the path, and the references.
--- a/perl/lib/Nix/Store.pm
+++ b/perl/lib/Nix/Store.pm
@@ -21,6 +21,7 @@ our @EXPORT = qw(
    signString checkSignature
    addToStore makeFixedOutputPath
    derivationFromPath
+    addTempRoot
 );

 our $VERSION = '0.15';
--- a/perl/lib/Nix/Store.xs
+++ b/perl/lib/Nix/Store.xs
@@ -6,10 +6,11 @@
 #undef do_open
 #undef do_close

-#include <store-api.hh>
-#include <globals.hh>
-#include <misc.hh>
-#include <util.hh>
+#include "derivations.hh"
+#include "globals.hh"
+#include "store-api.hh"
+#include "util.hh"
+#include "crypto.hh"

 #if HAVE_SODIUM
 #include <sodium.h>
@@ -19,19 +20,22 @@
 using namespace nix;


-void doInit()
+static ref<Store> store()
 {
-    if (!store) {
+    static std::shared_ptr<Store> _store;
+    if (!_store) {
        try {
+            logger = makeDefaultLogger();
            settings.processEnvironment();
            settings.loadConfFile();
            settings.update();
            settings.lockCPU = false;
-            store = openStore();
+            _store = openStore();
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }
    }
+    return ref<Store>(_store);
 }


@@ -45,7 +49,7 @@ PROTOTYPES: ENABLE

 void init()
    CODE:
-        doInit();
+        store();


 void setVerbosity(int level)
@@ -56,10 +60,9 @@ void setVerbosity(int level)
 int isValidPath(char * path)
    CODE:
        try {
-            doInit();
-            RETVAL = store->isValidPath(path);
+            RETVAL = store()->isValidPath(path);
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }
    OUTPUT:
        RETVAL
@@ -68,134 +71,123 @@ int isValidPath(char * path)
 SV * queryReferences(char * path)
    PPCODE:
        try {
-            doInit();
-            PathSet paths;
-            store->queryReferences(path, paths);
+            PathSet paths = store()->queryPathInfo(path)->references;
            for (PathSet::iterator i = paths.begin(); i != paths.end(); ++i)
                XPUSHs(sv_2mortal(newSVpv(i->c_str(), 0)));
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


 SV * queryPathHash(char * path)
    PPCODE:
        try {
-            doInit();
-            Hash hash = store->queryPathHash(path);
+            auto hash = store()->queryPathInfo(path)->narHash;
            string s = "sha256:" + printHash32(hash);
            XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


 SV * queryDeriver(char * path)
    PPCODE:
        try {
-            doInit();
-            Path deriver = store->queryDeriver(path);
+            auto deriver = store()->queryPathInfo(path)->deriver;
            if (deriver == "") XSRETURN_UNDEF;
            XPUSHs(sv_2mortal(newSVpv(deriver.c_str(), 0)));
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


 SV * queryPathInfo(char * path, int base32)
    PPCODE:
        try {
-            doInit();
-            ValidPathInfo info = store->queryPathInfo(path);
-            if (info.deriver == "")
+            auto info = store()->queryPathInfo(path);
+            if (info->deriver == "")
                XPUSHs(&PL_sv_undef);
            else
-                XPUSHs(sv_2mortal(newSVpv(info.deriver.c_str(), 0)));
-            string s = "sha256:" + (base32 ? printHash32(info.hash) : printHash(info.hash));
+                XPUSHs(sv_2mortal(newSVpv(info->deriver.c_str(), 0)));
+            string s = "sha256:" + (base32 ? printHash32(info->narHash) : printHash(info->narHash));
            XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
-            mXPUSHi(info.registrationTime);
-            mXPUSHi(info.narSize);
+            mXPUSHi(info->registrationTime);
+            mXPUSHi(info->narSize);
            AV * arr = newAV();
-            for (PathSet::iterator i = info.references.begin(); i != info.references.end(); ++i)
+            for (PathSet::iterator i = info->references.begin(); i != info->references.end(); ++i)
                av_push(arr, newSVpv(i->c_str(), 0));
            XPUSHs(sv_2mortal(newRV((SV *) arr)));
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


 SV * queryPathFromHashPart(char * hashPart)
    PPCODE:
        try {
-            doInit();
-            Path path = store->queryPathFromHashPart(hashPart);
+            Path path = store()->queryPathFromHashPart(hashPart);
            XPUSHs(sv_2mortal(newSVpv(path.c_str(), 0)));
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


 SV * computeFSClosure(int flipDirection, int includeOutputs, ...)
    PPCODE:
        try {
-            doInit();
            PathSet paths;
            for (int n = 2; n < items; ++n)
-                computeFSClosure(*store, SvPV_nolen(ST(n)), paths, flipDirection, includeOutputs);
+                store()->computeFSClosure(SvPV_nolen(ST(n)), paths, flipDirection, includeOutputs);
            for (PathSet::iterator i = paths.begin(); i != paths.end(); ++i)
                XPUSHs(sv_2mortal(newSVpv(i->c_str(), 0)));
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


 SV * topoSortPaths(...)
    PPCODE:
        try {
-            doInit();
            PathSet paths;
            for (int n = 0; n < items; ++n) paths.insert(SvPV_nolen(ST(n)));
-            Paths sorted = topoSortPaths(*store, paths);
+            Paths sorted = store()->topoSortPaths(paths);
            for (Paths::iterator i = sorted.begin(); i != sorted.end(); ++i)
                XPUSHs(sv_2mortal(newSVpv(i->c_str(), 0)));
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


 SV * followLinksToStorePath(char * path)
    CODE:
        try {
-            doInit();
-            RETVAL = newSVpv(followLinksToStorePath(path).c_str(), 0);
+            RETVAL = newSVpv(store()->followLinksToStorePath(path).c_str(), 0);
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }
    OUTPUT:
        RETVAL


-void exportPaths(int fd, int sign, ...)
+void exportPaths(int fd, ...)
    PPCODE:
        try {
-            doInit();
            Paths paths;
-            for (int n = 2; n < items; ++n) paths.push_back(SvPV_nolen(ST(n)));
+            for (int n = 1; n < items; ++n) paths.push_back(SvPV_nolen(ST(n)));
            FdSink sink(fd);
-            exportPaths(*store, paths, sign, sink);
+            store()->exportPaths(paths, sink);
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


-void importPaths(int fd)
+void importPaths(int fd, int dontCheckSigs)
    PPCODE:
        try {
-            doInit();
            FdSource source(fd);
-            store->importPaths(false, source);
+            store()->importPaths(source, 0, dontCheckSigs);
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


@@ -206,7 +198,7 @@ SV * hashPath(char * algo, int base32, char * path)
            string s = base32 ? printHash32(h) : printHash(h);
            XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


@@ -217,7 +209,7 @@ SV * hashFile(char * algo, int base32, char * path)
            string s = base32 ? printHash32(h) : printHash(h);
            XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


@@ -228,7 +220,7 @@ SV * hashString(char * algo, int base32, char * s)
            string s = base32 ? printHash32(h) : printHash(h);
            XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


@@ -239,28 +231,21 @@ SV * convertHash(char * algo, char * s, int toBase32)
            string s = toBase32 ? printHash32(h) : printHash(h);
            XPUSHs(sv_2mortal(newSVpv(s.c_str(), 0)));
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


-SV * signString(SV * secretKey_, char * msg)
+SV * signString(char * secretKey_, char * msg)
    PPCODE:
        try {
 #if HAVE_SODIUM
-            STRLEN secretKeyLen;
-            unsigned char * secretKey = (unsigned char *) SvPV(secretKey_, secretKeyLen);
-            if (secretKeyLen != crypto_sign_SECRETKEYBYTES)
-                throw Error("secret key is not valid");
-
-            unsigned char sig[crypto_sign_BYTES];
-            unsigned long long sigLen;
-            crypto_sign_detached(sig, &sigLen, (unsigned char *) msg, strlen(msg), secretKey);
-            XPUSHs(sv_2mortal(newSVpv((char *) sig, sigLen)));
+            auto sig = SecretKey(secretKey_).signDetached(msg);
+            XPUSHs(sv_2mortal(newSVpv(sig.c_str(), sig.size())));
 #else
            throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
 #endif
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


@@ -283,7 +268,7 @@ int checkSignature(SV * publicKey_, SV * sig_, char * msg)
            throw Error("Nix was not compiled with libsodium, required for signed binary cache support");
 #endif
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }
    OUTPUT:
        RETVAL
@@ -292,24 +277,22 @@ int checkSignature(SV * publicKey_, SV * sig_, char * msg)
 SV * addToStore(char * srcPath, int recursive, char * algo)
    PPCODE:
        try {
-            doInit();
-            Path path = store->addToStore(baseNameOf(srcPath), srcPath, recursive, parseHashType(algo));
+            Path path = store()->addToStore(baseNameOf(srcPath), srcPath, recursive, parseHashType(algo));
            XPUSHs(sv_2mortal(newSVpv(path.c_str(), 0)));
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


 SV * makeFixedOutputPath(int recursive, char * algo, char * hash, char * name)
    PPCODE:
        try {
-            doInit();
            HashType ht = parseHashType(algo);
-            Path path = makeFixedOutputPath(recursive, ht,
-                parseHash16or32(ht, hash), name);
+            Hash h = parseHash16or32(ht, hash);
+            Path path = store()->makeFixedOutputPath(recursive, h, name);
            XPUSHs(sv_2mortal(newSVpv(path.c_str(), 0)));
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }


@@ -318,8 +301,7 @@ SV * derivationFromPath(char * drvPath)
        HV *hash;
    CODE:
        try {
-            doInit();
-            Derivation drv = derivationFromPath(*store, drvPath);
+            Derivation drv = store()->derivationFromPath(drvPath);
            hash = newHV();

            HV * outputs = newHV();
@@ -352,7 +334,16 @@ SV * derivationFromPath(char * drvPath)

            RETVAL = newRV_noinc((SV *)hash);
        } catch (Error & e) {
-            croak(e.what());
+            croak("%s", e.what());
        }
    OUTPUT:
        RETVAL
+
+
+void addTempRoot(char * storePath)
+    PPCODE:
+        try {
+            store()->addTempRoot(storePath);
+        } catch (Error & e) {
+            croak("%s", e.what());
+        }
--- a/perl/local.mk
+++ b/perl/local.mk
@@ -1,7 +1,6 @@
 nix_perl_sources := \
  $(d)/lib/Nix/Store.pm \
  $(d)/lib/Nix/Manifest.pm \
-  $(d)/lib/Nix/GeneratePatches.pm \
  $(d)/lib/Nix/SSH.pm \
  $(d)/lib/Nix/CopyClosure.pm \
  $(d)/lib/Nix/Config.pm.in \
@@ -24,7 +23,9 @@ ifeq ($(perlbindings), yes)

  Store_CXXFLAGS = \
    -I$(shell $(perl) -e 'use Config; print $$Config{archlibexp};')/CORE \
-    -D_FILE_OFFSET_BITS=64 -Wno-unused-variable -Wno-literal-suffix -Wno-reserved-user-defined-literal
+    -D_FILE_OFFSET_BITS=64 \
+    -Wno-unknown-warning-option -Wno-unused-variable -Wno-literal-suffix \
+    -Wno-reserved-user-defined-literal -Wno-duplicate-decl-specifier -Wno-pointer-bool-conversion

  Store_LIBS = libstore libutil

--- a/release.nix
+++ b/release.nix
@@ -1,4 +1,5 @@
 { nix ? { outPath = ./.; revCount = 1234; shortRev = "abcdef"; }
+, nixpkgs ? { outPath = <nixpkgs>; revCount = 1234; shortRev = "abcdef"; }
 , officialRelease ? false
 }:

@@ -23,20 +24,23 @@ let
        inherit officialRelease;

        buildInputs =
-          [ curl bison flex perl libxml2 libxslt bzip2
-            tetex dblatex nukeReferences pkgconfig sqlite libsodium
+          [ curl bison flex perl libxml2 libxslt bzip2 xz
+            pkgconfig sqlite libsodium boehmgc
            docbook5 docbook5_xsl
+            autoconf-archive
          ] ++ lib.optional (!lib.inNixShell) git;

        configureFlags = ''
          --with-dbi=${perlPackages.DBI}/${perl.libPrefix}
          --with-dbd-sqlite=${perlPackages.DBDSQLite}/${perl.libPrefix}
-          --with-www-curl=${perlPackages.WWWCurl}/${perl.libPrefix}
+          --enable-gc
        '';

        postUnpack = ''
          # Clean up when building from a working tree.
-          (cd $sourceRoot && (git ls-files -o | xargs -r rm -v))
+          if [[ -d $sourceRoot/.git ]]; then
+            git -C $sourceRoot clean -fd
+          fi
        '';

        preConfigure = ''
@@ -54,20 +58,7 @@ let

        preDist = ''
          make install docdir=$out/share/doc/nix makefiles=doc/manual/local.mk
-
-          make doc/manual/manual.pdf
-          cp doc/manual/manual.pdf $out/manual.pdf
-
-          # The PDF containes filenames of included graphics (see
-          # http://www.tug.org/pipermail/pdftex/2007-August/007290.html).
-          # This causes a retained dependency on dblatex, which Hydra
-          # doesn't like (the output of the tarball job is distributed
-          # to Windows and Macs, so there should be no Linux binaries
-          # in the closure).
-          nuke-refs $out/manual.pdf
-
          echo "doc manual $out/share/doc/nix/manual" >> $out/nix-support/hydra-build-products
-          echo "doc-pdf manual $out/manual.pdf" >> $out/nix-support/hydra-build-products
        '';
      };

@@ -81,14 +72,18 @@ let
        src = tarball;

        buildInputs =
-          [ curl perl bzip2 openssl pkgconfig sqlite boehmgc ]
-          ++ lib.optional stdenv.isLinux libsodium;
+          [ curl perl bzip2 xz openssl pkgconfig sqlite boehmgc ]
+          ++ lib.optional stdenv.isLinux libsodium
+          ++ lib.optional stdenv.isLinux
+            (aws-sdk-cpp.override {
+              apis = ["s3"];
+              customMemoryManagement = false;
+            });

        configureFlags = ''
          --disable-init-state
          --with-dbi=${perlPackages.DBI}/${perl.libPrefix}
          --with-dbd-sqlite=${perlPackages.DBDSQLite}/${perl.libPrefix}
-          --with-www-curl=${perlPackages.WWWCurl}/${perl.libPrefix}
          --enable-gc
          --sysconfdir=/etc
        '';
@@ -108,6 +103,7 @@ let

    binaryTarball = pkgs.lib.genAttrs systems (system:

+      # FIXME: temporarily use a different branch for the Darwin build.
      with import <nixpkgs> { inherit system; };

      let
@@ -150,7 +146,7 @@ let
        src = tarball;

        buildInputs =
-          [ curl perl bzip2 openssl pkgconfig sqlite
+          [ curl perl bzip2 openssl pkgconfig sqlite xz libsodium
            # These are for "make check" only:
            graphviz libxml2 libxslt
          ];
@@ -159,7 +155,6 @@ let
          --disable-init-state
          --with-dbi=${perlPackages.DBI}/${perl.libPrefix}
          --with-dbd-sqlite=${perlPackages.DBDSQLite}/${perl.libPrefix}
-          --with-www-curl=${perlPackages.WWWCurl}/${perl.libPrefix}
        '';

        dontInstall = false;
@@ -175,33 +170,21 @@ let
      };


-    rpm_fedora18i386 = makeRPM_i686 (diskImageFuns: diskImageFuns.fedora18i386) [];
-    rpm_fedora18x86_64 = makeRPM_x86_64 (diskImageFunsFun: diskImageFunsFun.fedora18x86_64) [];
-    rpm_fedora19i386 = makeRPM_i686 (diskImageFuns: diskImageFuns.fedora19i386) [];
-    rpm_fedora19x86_64 = makeRPM_x86_64 (diskImageFunsFun: diskImageFunsFun.fedora19x86_64) [];
-    rpm_fedora20i386 = makeRPM_i686 (diskImageFuns: diskImageFuns.fedora20i386) [];
-    rpm_fedora20x86_64 = makeRPM_x86_64 (diskImageFunsFun: diskImageFunsFun.fedora20x86_64) [];
    rpm_fedora21i386 = makeRPM_i686 (diskImageFuns: diskImageFuns.fedora21i386) [ "libsodium-devel" ];
    rpm_fedora21x86_64 = makeRPM_x86_64 (diskImageFunsFun: diskImageFunsFun.fedora21x86_64) [ "libsodium-devel" ];


-    deb_debian7i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.debian7i386) [];
-    deb_debian7x86_64 = makeDeb_x86_64 (diskImageFunsFun: diskImageFunsFun.debian7x86_64) [];
-    deb_debian8i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.debian8i386) [ "libsodium-dev" ];
-    deb_debian8x86_64 = makeDeb_x86_64 (diskImageFunsFun: diskImageFunsFun.debian8x86_64) [ "libsodium-dev" ];
+    deb_debian8i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.debian8i386) [ "libsodium-dev" ] [ "libsodium13" ];
+    deb_debian8x86_64 = makeDeb_x86_64 (diskImageFunsFun: diskImageFunsFun.debian8x86_64) [ "libsodium-dev" ] [ "libsodium13" ];

-    deb_ubuntu1210i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1210i386) [];
-    deb_ubuntu1210x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1210x86_64) [];
-    deb_ubuntu1304i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1304i386) [];
-    deb_ubuntu1304x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1304x86_64) [];
-    deb_ubuntu1310i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1310i386) [];
-    deb_ubuntu1310x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1310x86_64) [];
-    deb_ubuntu1404i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1404i386) [];
-    deb_ubuntu1404x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1404x86_64) [];
-    deb_ubuntu1410i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1410i386) [];
-    deb_ubuntu1410x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1410x86_64) [];
-    deb_ubuntu1504i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1504i386) [ "libsodium-dev" ];
-    deb_ubuntu1504x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1504x86_64) [ "libsodium-dev" ];
+    deb_ubuntu1410i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1410i386) [] [];
+    deb_ubuntu1410x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1410x86_64) [] [];
+    deb_ubuntu1504i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1504i386) [ "libsodium-dev" ] [ "libsodium13" ];
+    deb_ubuntu1504x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1504x86_64) [ "libsodium-dev" ] [ "libsodium13" ];
+    deb_ubuntu1510i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1510i386) [ "libsodium-dev" ] [ "libsodium13"];
+    deb_ubuntu1510x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1510x86_64) [ "libsodium-dev" ] [ "libsodium13" ];
+    deb_ubuntu1604i386 = makeDeb_i686 (diskImageFuns: diskImageFuns.ubuntu1604i386) [ "libsodium-dev" ] [ "libsodium18" ];
+    deb_ubuntu1604x86_64 = makeDeb_x86_64 (diskImageFuns: diskImageFuns.ubuntu1604x86_64) [ "libsodium-dev" ] [ "libsodium18" ];


    # System tests.
@@ -221,15 +204,36 @@ let
        ''
          useradd -m alice
          su - alice -c 'tar xf ${binaryTarball.x86_64-linux}/*.tar.*'
-          mount -t tmpfs none /nix # Provide a writable /nix.
+          mkdir /dest-nix
+          mount -o bind /dest-nix /nix # Provide a writable /nix.
          chown alice /nix
          su - alice -c '_NIX_INSTALLER_TEST=1 ./nix-*/install'
          su - alice -c 'nix-store --verify'
-          su - alice -c 'nix-store -qR ${build.x86_64-linux}'
+          su - alice -c 'PAGER= nix-store -qR ${build.x86_64-linux}'
          mkdir -p $out/nix-support
          touch $out/nix-support/hydra-build-products
+          umount /nix
        ''); # */

+    tests.evalNixpkgs =
+      import <nixpkgs/pkgs/top-level/make-tarball.nix> {
+        inherit nixpkgs;
+        inherit pkgs;
+        nix = build.x86_64-linux;
+        officialRelease = false;
+      };
+
+    tests.evalNixOS =
+      pkgs.runCommand "eval-nixos" { buildInputs = [ build.x86_64-linux ]; }
+        ''
+          export NIX_STATE_DIR=$TMPDIR
+          nix-store --init
+
+          nix-instantiate ${nixpkgs}/nixos/release-combined.nix -A tested --dry-run
+
+          touch $out
+        '';
+

    # Aggregate job containing the release-critical jobs.
    release = pkgs.releaseTools.aggregate {
@@ -247,19 +251,17 @@ let
          binaryTarball.x86_64-darwin
          #binaryTarball.x86_64-freebsd
          binaryTarball.x86_64-linux
-          deb_debian7i386
-          deb_debian7x86_64
-          deb_ubuntu1404i386 # LTS
-          deb_ubuntu1404x86_64 # LTS
+          deb_debian8i386
+          deb_debian8x86_64
          deb_ubuntu1504i386
          deb_ubuntu1504x86_64
-          rpm_fedora20i386
-          rpm_fedora20x86_64
          rpm_fedora21i386
          rpm_fedora21x86_64
          tests.remoteBuilds
          tests.nix-copy-closure
          tests.binaryTarball
+          tests.evalNixpkgs
+          tests.evalNixOS
        ];
    };

@@ -279,7 +281,7 @@ let
      src = jobs.tarball;
      diskImage = (diskImageFun vmTools.diskImageFuns)
        { extraPackages =
-            [ "perl-DBD-SQLite" "perl-devel" "sqlite" "sqlite-devel" "bzip2-devel" "emacs" "perl-WWW-Curl" "libcurl-devel" ]
+            [ "perl-DBD-SQLite" "perl-devel" "sqlite" "sqlite-devel" "bzip2-devel" "emacs" "libcurl-devel" "openssl-devel" "xz-devel" ]
            ++ extraPackages; };
      memSize = 1024;
      meta.schedulingPriority = 50;
@@ -291,7 +293,7 @@ let
  makeDeb_x86_64 = makeDeb "x86_64-linux";

  makeDeb =
-    system: diskImageFun: extraPackages:
+    system: diskImageFun: extraPackages: extraDebPackages:

    with import <nixpkgs> { inherit system; };

@@ -300,14 +302,15 @@ let
      src = jobs.tarball;
      diskImage = (diskImageFun vmTools.diskImageFuns)
        { extraPackages =
-            [ "libdbd-sqlite3-perl" "libsqlite3-dev" "libbz2-dev" "libwww-curl-perl" "libcurl-dev" ]
+            [ "libdbd-sqlite3-perl" "libsqlite3-dev" "libbz2-dev" "libwww-curl-perl" "libcurl-dev" "libcurl3-nss" "libssl-dev" "liblzma-dev" ]
            ++ extraPackages; };
      memSize = 1024;
      meta.schedulingPriority = 50;
+      postInstall = "make installcheck";
      configureFlags = "--sysconfdir=/etc";
      debRequires =
-        [ "curl" "libdbd-sqlite3-perl" "libsqlite3-0" "libbz2-1.0" "bzip2" "xz-utils" "libwww-curl-perl" ]
-        ++ lib.optionals (lib.elem "libsodium-dev" extraPackages) [ "libsodium13" ] ;
+        [ "curl" "libdbd-sqlite3-perl" "libsqlite3-0" "libbz2-1.0" "bzip2" "xz-utils" "libwww-curl-perl" "libssl1.0.0" "liblzma5" ]
+        ++ extraDebPackages;
      debMaintainer = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
      doInstallCheck = true;
    };
--- a/scripts/build-remote.pl.in
+++ b/scripts/build-remote.pl.in
@@ -53,7 +53,7 @@ sub all { $_ || return 0 for @_; 1 }
 # Initialisation.
 my $loadIncreased = 0;

-my ($localSystem, $maxSilentTime, $printBuildTrace, $buildTimeout) = @ARGV;
+my ($localSystem, $maxSilentTime, $buildTimeout) = @ARGV;

 my $currentLoad = $ENV{"NIX_CURRENT_LOAD"} // "/run/nix/current-load";
 my $conf = $ENV{"NIX_REMOTE_SYSTEMS"} // "@sysconfdir@/nix/machines";
@@ -223,13 +223,6 @@ my @inputs = split /\s/, readline(STDIN);
 my @outputs = split /\s/, readline(STDIN);


-print STDERR "@ build-remote $drvPath $hostName\n" if $printBuildTrace;
-
-
-my $maybeSign = "";
-$maybeSign = "--sign" if -e "$Nix::Config::confDir/signing-key.sec";
-
-
 # Copy the derivation and its dependencies to the build machine.  This
 # is guarded by an exclusive lock per machine to prevent multiple
 # build-remote instances from copying to a machine simultaneously.
@@ -253,19 +246,17 @@ if ($@) {
    print STDERR "somebody is hogging $uploadLock, continuing...\n";
    unlink $uploadLock;
 }
-Nix::CopyClosure::copyToOpen($from, $to, $hostName, [ $drvPath, @inputs ], 0, 0, $maybeSign ne "");
+Nix::CopyClosure::copyToOpen($from, $to, $hostName, [ $drvPath, @inputs ], 0, 0);
 close UPLOADLOCK;


 # Perform the build.
 print STDERR "building ‘$drvPath’ on ‘$hostName’\n";
-print STDERR "@ build-remote-start $drvPath $hostName\n" if $printBuildTrace;
 writeInt(6, $to) or die; # == cmdBuildPaths
 writeStrings([$drvPath], $to);
 writeInt($maxSilentTime, $to);
 writeInt($buildTimeout, $to);
 my $res = readInt($from);
-print STDERR "@ build-remote-done $drvPath $hostName\n" if $printBuildTrace;
 if ($res != 0) {
    my $msg = decode("utf-8", readString($from));
    print STDERR "error: $msg on ‘$hostName’\n";
@@ -280,5 +271,5 @@ if (scalar @outputs2 > 0) {
    writeInt(0, $to); # don't sign
    writeStrings(\@outputs2, $to);
    $ENV{'NIX_HELD_LOCKS'} = "@outputs2"; # FIXME: ugly
-    importPaths(fileno($from));
+    importPaths(fileno($from), 1);
 }
--- a/scripts/copy-from-other-stores.pl.in
+++ b/scripts/copy-from-other-stores.pl.in
@@ -1,103 +0,0 @@
-#! @perl@ -w @perlFlags@
-
-use utf8;
-use strict;
-use File::Basename;
-use IO::Handle;
-
-my $binDir = $ENV{"NIX_BIN_DIR"} || "@bindir@";
-
-
-STDOUT->autoflush(1);
-binmode STDERR, ":encoding(utf8)";
-
-my @remoteStoresAll = split ':', ($ENV{"NIX_OTHER_STORES"} or "");
-
-my @remoteStores;
-foreach my $dir (@remoteStoresAll) {
-    push @remoteStores, glob($dir);
-}
-
-exit if scalar @remoteStores == 0;
-print "\n";
-
-
-$ENV{"NIX_REMOTE"} = "";
-
-
-sub findStorePath {
-    my $storePath = shift;
-    foreach my $store (@remoteStores) {
-        my $sourcePath = "$store/store/" . basename $storePath;
-        next unless -e $sourcePath || -l $sourcePath;
-        $ENV{"NIX_DB_DIR"} = "$store/var/nix/db";
-        return ($store, $sourcePath) if
-            system("$binDir/nix-store --check-validity $storePath") == 0;
-    }
-    return undef;
-}
-
-
-if ($ARGV[0] eq "--query") {
-
-    while (<STDIN>) {
-        chomp;
-        my ($cmd, @args) = split " ", $_;
-
-        if ($cmd eq "have") {
-            foreach my $storePath (@args) {
-                print "$storePath\n" if defined findStorePath($storePath);
-            }
-            print "\n";
-        }
-
-        elsif ($cmd eq "info") {
-            foreach my $storePath (@args) {
-                my ($store, $sourcePath) = findStorePath($storePath);
-                next unless defined $store;
-
-                $ENV{"NIX_DB_DIR"} = "$store/var/nix/db";
-
-                my $deriver = `$binDir/nix-store --query --deriver $storePath`;
-                die "cannot query deriver of ‘$storePath’" if $? != 0;
-                chomp $deriver;
-                $deriver = "" if $deriver eq "unknown-deriver";
-
-                my @references = split "\n",
-                    `$binDir/nix-store --query --references $storePath`;
-                die "cannot query references of ‘$storePath’" if $? != 0;
-
-                my $narSize = `$binDir/nix-store --query --size $storePath`;
-                die "cannot query size of ‘$storePath’" if $? != 0;
-                chomp $narSize;
-
-                print "$storePath\n";
-                print "$deriver\n";
-                print scalar @references, "\n";
-                print "$_\n" foreach @references;
-                print "0\n";
-                print "$narSize\n";
-            }
-
-            print "\n";
-        }
-
-        else { die "unknown command ‘$cmd’"; }
-    }
-}
-
-
-elsif ($ARGV[0] eq "--substitute") {
-    die unless scalar @ARGV == 3;
-    my $storePath = $ARGV[1];
-    my $destPath = $ARGV[2];
-    my ($store, $sourcePath) = findStorePath $storePath;
-    die unless $store;
-    print STDERR "\n*** Copying ‘$storePath’ from ‘$sourcePath’\n\n";
-    system("@coreutils@/cp", "-rpd", $sourcePath, $destPath) == 0
-        or die "cannot copy ‘$sourcePath’ to ‘$storePath’";
-    print "\n"; # no hash to verify
-}
-
-
-else { die; }
--- a/scripts/download-from-binary-cache.pl.in
+++ b/scripts/download-from-binary-cache.pl.in
@@ -1,627 +0,0 @@
-#! @perl@ -w @perlFlags@
-
-use utf8;
-use DBI;
-use DBD::SQLite;
-use File::Basename;
-use IO::Select;
-use Nix::Config;
-use Nix::Store;
-use Nix::Utils;
-use Nix::Manifest;
-use WWW::Curl::Easy;
-use WWW::Curl::Multi;
-use strict;
-
-STDERR->autoflush(1);
-binmode STDERR, ":encoding(utf8)";
-
-Nix::Config::readConfig;
-
-my @caches;
-my $gotCaches = 0;
-
-my $maxParallelRequests = int($Nix::Config::config{"binary-caches-parallel-connections"} // 150);
-$maxParallelRequests = 1 if $maxParallelRequests < 1;
-
-my $ttlNegative = 24 * 3600; # when to purge negative lookups from the database
-my $ttlNegativeUse = 3600; # how long negative lookups are valid for non-"have" lookups
-my $didExpiration = 0;
-
-my $showAfter = 5; # show that we're waiting for a request after this many seconds
-
-my $debug = ($Nix::Config::config{"debug-subst"} // "") eq 1 || ($Nix::Config::config{"untrusted-debug-subst"} // "") eq 1;
-
-my $cacheFileURLs = ($ENV{"_NIX_CACHE_FILE_URLS"} // "") eq 1; # for testing
-
-my ($dbh, $queryCache, $insertNAR, $queryNAR, $insertNARExistence, $queryNARExistence, $expireNARExistence);
-
-my $curlm = WWW::Curl::Multi->new;
-my $activeRequests = 0;
-my $curlIdCount = 1;
-my %requests;
-my %scheduled;
-my $caBundle = $ENV{"SSL_CERT_FILE"} // $ENV{"CURL_CA_BUNDLE"} // $ENV{"OPENSSL_X509_CERT_FILE"};
-$caBundle = "/etc/ssl/certs/ca-bundle.crt" if !$caBundle && -f "/etc/ssl/certs/ca-bundle.crt";
-$caBundle = "/etc/ssl/certs/ca-certificates.crt" if !$caBundle && -f "/etc/ssl/certs/ca-certificates.crt";
-
-my $userName = getpwuid($<) || $ENV{"USER"} or die "cannot figure out user name";
-
-my $userAgent = "Nix/$Nix::Config::version";
-
-sub isTrue {
-    my ($x) = @_;
-    return $x eq "true" || $x eq "1";
-}
-
-# FIXME: this should be cache URLs required to have valid signatures,
-# or "*" to require signatures on all binary caches.
-# FIXME: should binary caches using a key in
-# ‘binary-cache-public-keys’ be trusted by default?
-my $requireSignedBinaryCaches = ($Nix::Config::config{"signed-binary-caches"} // "0") ne "0";
-
-my $curlConnectTimeout = int(
-    $Nix::Config::config{"untrusted-connect-timeout"} //
-    $Nix::Config::config{"connect-timeout"} //
-    $ENV{"NIX_CONNECT_TIMEOUT"} // 0);
-
-
-sub addRequest {
-    my ($storePath, $url, $head) = @_;
-
-    my $curl = WWW::Curl::Easy->new;
-    my $curlId = $curlIdCount++;
-    $requests{$curlId} = { storePath => $storePath, url => $url, handle => $curl, content => "", type => $head ? "HEAD" : "GET"
-                         , shown => 0, started => time() };
-
-    $curl->setopt(CURLOPT_PRIVATE, $curlId);
-    $curl->setopt(CURLOPT_URL, $url);
-    open (my $fh, ">", \$requests{$curlId}->{content});
-    $curl->setopt(CURLOPT_WRITEDATA, $fh);
-    $curl->setopt(CURLOPT_FOLLOWLOCATION, 1);
-    $curl->setopt(CURLOPT_CAINFO, $caBundle) if defined $caBundle;
-    $curl->setopt(CURLOPT_SSL_VERIFYPEER, 0) unless isTrue($Nix::Config::config{"verify-https-binary-caches"} // "1");
-    $curl->setopt(CURLOPT_USERAGENT, $userAgent);
-    $curl->setopt(CURLOPT_NOBODY, 1) if $head;
-    $curl->setopt(CURLOPT_FAILONERROR, 1);
-    $curl->setopt(CURLOPT_CONNECTTIMEOUT, $curlConnectTimeout);
-    $curl->setopt(CURLOPT_TIMEOUT, 20 * 60);
-
-    if ($activeRequests >= $maxParallelRequests) {
-        $scheduled{$curlId} = 1;
-    } else {
-        $curlm->add_handle($curl);
-        $activeRequests++;
-    }
-
-    return $requests{$curlId};
-}
-
-
-sub processRequests {
-    while ($activeRequests) {
-        my ($rfds, $wfds, $efds) = $curlm->fdset();
-        #print STDERR "R = @{$rfds}, W = @{$wfds}, E = @{$efds}\n";
-
-        # Sleep until we can read or write some data.
-        if (scalar @{$rfds} + scalar @{$wfds} + scalar @{$efds} > 0) {
-            IO::Select->select(IO::Select->new(@{$rfds}), IO::Select->new(@{$wfds}), IO::Select->new(@{$efds}), 1.0);
-        }
-
-        if ($curlm->perform() != $activeRequests) {
-            while (my ($id, $result) = $curlm->info_read) {
-                if ($id) {
-                    my $request = $requests{$id} or die;
-                    my $handle = $request->{handle};
-                    $request->{result} = $result;
-                    $request->{httpStatus} = $handle->getinfo(CURLINFO_RESPONSE_CODE);
-
-                    print STDERR "$request->{type} on $request->{url} [$request->{result}, $request->{httpStatus}]\n" if $debug;
-
-                    $activeRequests--;
-                    delete $request->{handle};
-
-                    if (scalar(keys %scheduled) > 0) {
-                        my $id2 = (keys %scheduled)[0];
-                        $curlm->add_handle($requests{$id2}->{handle});
-                        $activeRequests++;
-                        delete $scheduled{$id2};
-                    }
-                }
-            }
-        }
-
-        my $time = time();
-        while (my ($key, $request) = each %requests) {
-            next unless defined $request->{handle};
-            next if $request->{shown};
-            if ($time > $request->{started} + $showAfter) {
-                print STDERR "still waiting for ‘$request->{url}’ after $showAfter seconds...\n";
-                $request->{shown} = 1;
-            }
-        }
-    }
-}
-
-
-sub initCache {
-    my $dbPath = "$Nix::Config::stateDir/binary-cache-v3.sqlite";
-
-    unlink "$Nix::Config::stateDir/binary-cache-v1.sqlite";
-    unlink "$Nix::Config::stateDir/binary-cache-v2.sqlite";
-
-    # Open/create the database.
-    $dbh = DBI->connect("dbi:SQLite:dbname=$dbPath", "", "")
-        or die "cannot open database ‘$dbPath’";
-    $dbh->{RaiseError} = 1;
-    $dbh->{PrintError} = 0;
-
-    $dbh->sqlite_busy_timeout(60 * 60 * 1000);
-
-    $dbh->do("pragma synchronous = off"); # we can always reproduce the cache
-    $dbh->do("pragma journal_mode = truncate");
-
-    # Initialise the database schema, if necessary.
-    $dbh->do(<<EOF);
-        create table if not exists BinaryCaches (
-            id        integer primary key autoincrement not null,
-            url       text unique not null,
-            timestamp integer not null,
-            storeDir  text not null,
-            wantMassQuery integer not null,
-            priority  integer not null
-        );
-EOF
-
-    $dbh->do(<<EOF);
-        create table if not exists NARs (
-            cache            integer not null,
-            storePath        text not null,
-            url              text not null,
-            compression      text not null,
-            fileHash         text,
-            fileSize         integer,
-            narHash          text,
-            narSize          integer,
-            refs             text,
-            deriver          text,
-            signedBy         text,
-            timestamp        integer not null,
-            primary key (cache, storePath),
-            foreign key (cache) references BinaryCaches(id) on delete cascade
-        );
-EOF
-
-    $dbh->do(<<EOF);
-        create table if not exists NARExistence (
-            cache            integer not null,
-            storePath        text not null,
-            exist            integer not null,
-            timestamp        integer not null,
-            primary key (cache, storePath),
-            foreign key (cache) references BinaryCaches(id) on delete cascade
-        );
-EOF
-
-    $dbh->do("create index if not exists NARExistenceByExistTimestamp on NARExistence (exist, timestamp)");
-
-    $queryCache = $dbh->prepare("select id, storeDir, wantMassQuery, priority from BinaryCaches where url = ?") or die;
-
-    $insertNAR = $dbh->prepare(
-        "insert or replace into NARs(cache, storePath, url, compression, fileHash, fileSize, narHash, " .
-        "narSize, refs, deriver, signedBy, timestamp) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)") or die;
-
-    $queryNAR = $dbh->prepare("select * from NARs where cache = ? and storePath = ?") or die;
-
-    $insertNARExistence = $dbh->prepare(
-        "insert or replace into NARExistence(cache, storePath, exist, timestamp) values (?, ?, ?, ?)") or die;
-
-    $queryNARExistence = $dbh->prepare("select exist, timestamp from NARExistence where cache = ? and storePath = ?") or die;
-
-    $expireNARExistence = $dbh->prepare("delete from NARExistence where exist = ? and timestamp < ?") or die;
-}
-
-
-sub getAvailableCaches {
-    return if $gotCaches;
-    $gotCaches = 1;
-
-    sub strToList {
-        my ($s) = @_;
-        return map { s/\/+$//; $_ } split(/ /, $s);
-    }
-
-    my @urls = strToList($Nix::Config::config{"binary-caches"} //
-        ($Nix::Config::storeDir eq "/nix/store" ? "https://cache.nixos.org" : ""));
-
-    my $urlsFiles = $Nix::Config::config{"binary-cache-files"}
-        // "$Nix::Config::stateDir/profiles/per-user/$userName/channels/binary-caches/*";
-    foreach my $urlFile (glob $urlsFiles) {
-        next unless -f $urlFile;
-        open FILE, "<$urlFile" or die "cannot open ‘$urlFile’\n";
-        my $url = <FILE>; chomp $url;
-        close FILE;
-        push @urls, strToList($url);
-    }
-
-    push @urls, strToList($Nix::Config::config{"extra-binary-caches"} // "");
-
-    # Allow Nix daemon users to override the binary caches to a subset
-    # of those listed in the config file.  Note that ‘untrusted-*’
-    # denotes options passed by the client.
-    my @trustedUrls = uniq(@urls, strToList($Nix::Config::config{"trusted-binary-caches"} // ""));
-
-    if (defined $Nix::Config::config{"untrusted-binary-caches"}) {
-        my @untrustedUrls = strToList $Nix::Config::config{"untrusted-binary-caches"};
-        @urls = ();
-        foreach my $url (@untrustedUrls) {
-            die "binary cache ‘$url’ is not trusted (please add it to ‘trusted-binary-caches’ in $Nix::Config::confDir/nix.conf)\n"
-                unless scalar(grep { $url eq $_ } @trustedUrls) > 0;
-            push @urls, $url;
-        }
-    }
-
-    my @untrustedUrls = strToList $Nix::Config::config{"untrusted-extra-binary-caches"} // "";
-    foreach my $url (@untrustedUrls) {
-        unless (scalar(grep { $url eq $_ } @trustedUrls) > 0) {
-            warn "binary cache ‘$url’ is not trusted (please add it to ‘trusted-binary-caches’ in $Nix::Config::confDir/nix.conf)\n";
-            next;
-        }
-        push @urls, $url;
-    }
-
-    foreach my $url (uniq @urls) {
-
-        # FIXME: not atomic.
-        $queryCache->execute($url);
-        my $res = $queryCache->fetchrow_hashref();
-        if (defined $res) {
-            next if $res->{storeDir} ne $Nix::Config::storeDir;
-            push @caches, { id => $res->{id}, url => $url, wantMassQuery => $res->{wantMassQuery}, priority => $res->{priority} };
-            next;
-        }
-
-        # Get the cache info file.
-        my $request = addRequest(undef, $url . "/nix-cache-info");
-        processRequests;
-
-        if ($request->{result} != 0) {
-            print STDERR "could not download ‘$request->{url}’ (" .
-                ($request->{result} != 0 ? "Curl error $request->{result}" : "HTTP status $request->{httpStatus}") . ")\n";
-            next;
-        }
-
-        my $storeDir = "/nix/store";
-        my $wantMassQuery = 0;
-        my $priority = 50;
-        foreach my $line (split "\n", $request->{content}) {
-            unless ($line =~ /^(.*): (.*)$/) {
-                print STDERR "bad cache info file ‘$request->{url}’\n";
-                return undef;
-            }
-            if ($1 eq "StoreDir") { $storeDir = $2; }
-            elsif ($1 eq "WantMassQuery") { $wantMassQuery = int($2); }
-            elsif ($1 eq "Priority") { $priority = int($2); }
-        }
-
-        $dbh->do("insert or replace into BinaryCaches(url, timestamp, storeDir, wantMassQuery, priority) values (?, ?, ?, ?, ?)",
-                 {}, $url, time(), $storeDir, $wantMassQuery, $priority);
-        $queryCache->execute($url);
-        $res = $queryCache->fetchrow_hashref() or die;
-        next if $storeDir ne $Nix::Config::storeDir;
-        push @caches, { id => $res->{id}, url => $url, wantMassQuery => $wantMassQuery, priority => $priority };
-    }
-
-    @caches = sort { $a->{priority} <=> $b->{priority} } @caches;
-
-    expireNegative();
-}
-
-
-sub shouldCache {
-    my ($url) = @_;
-    return $cacheFileURLs || $url !~ /^file:/;
-}
-
-
-sub processNARInfo {
-    my ($storePath, $cache, $request) = @_;
-
-    if ($request->{result} != 0) {
-        if ($request->{result} != 37 && $request->{httpStatus} != 404 && $request->{httpStatus} != 403) {
-            print STDERR "could not download ‘$request->{url}’ (" .
-                ($request->{result} != 0 ? "Curl error $request->{result}" : "HTTP status $request->{httpStatus}") . ")\n";
-        } else {
-            $insertNARExistence->execute($cache->{id}, basename($storePath), 0, time())
-                if shouldCache $request->{url};
-        }
-        return undef;
-    }
-
-    my $narInfo = parseNARInfo($storePath, $request->{content}, $requireSignedBinaryCaches, $request->{url});
-    return undef unless defined $narInfo;
-
-    die if $requireSignedBinaryCaches && !defined $narInfo->{signedBy};
-
-    # Cache the result.
-    $insertNAR->execute(
-        $cache->{id}, basename($storePath), $narInfo->{url}, $narInfo->{compression},
-        $narInfo->{fileHash}, $narInfo->{fileSize}, $narInfo->{narHash}, $narInfo->{narSize},
-        join(" ", @{$narInfo->{refs}}), $narInfo->{deriver}, $narInfo->{signedBy}, time())
-        if shouldCache $request->{url};
-
-    return $narInfo;
-}
-
-
-sub getCachedInfoFrom {
-    my ($storePath, $cache) = @_;
-
-    $queryNAR->execute($cache->{id}, basename($storePath));
-    my $res = $queryNAR->fetchrow_hashref();
-    return undef unless defined $res;
-
-    # We may previously have cached this info when signature checking
-    # was disabled.  In that case, ignore the cached info.
-    return undef if $requireSignedBinaryCaches && !defined $res->{signedBy};
-
-    return
-        { url => $res->{url}
-        , compression => $res->{compression}
-        , fileHash => $res->{fileHash}
-        , fileSize => $res->{fileSize}
-        , narHash => $res->{narHash}
-        , narSize => $res->{narSize}
-        , refs => [ split " ", $res->{refs} ]
-        , deriver => $res->{deriver}
-        , signedBy => $res->{signedBy}
-        } if defined $res;
-}
-
-
-sub negativeHit {
-    my ($storePath, $cache) = @_;
-    $queryNARExistence->execute($cache->{id}, basename($storePath));
-    my $res = $queryNARExistence->fetchrow_hashref();
-    return defined $res && $res->{exist} == 0 && time() - $res->{timestamp} < $ttlNegativeUse;
-}
-
-
-sub positiveHit {
-    my ($storePath, $cache) = @_;
-    return 1 if defined getCachedInfoFrom($storePath, $cache);
-    $queryNARExistence->execute($cache->{id}, basename($storePath));
-    my $res = $queryNARExistence->fetchrow_hashref();
-    return defined $res && $res->{exist} == 1;
-}
-
-
-sub expireNegative {
-    return if $didExpiration;
-    $didExpiration = 1;
-    my $time = time();
-    # Round up to the next multiple of the TTL to ensure that we do
-    # expiration only once per time interval.  E.g. if $ttlNegative ==
-    # 3600, we expire entries at most once per hour.  This is
-    # presumably faster than expiring a few entries per request (and
-    # thus doing a transaction).
-    my $limit = (int($time / $ttlNegative) - 1) * $ttlNegative;
-    $expireNARExistence->execute($limit, 0);
-    print STDERR "expired ", $expireNARExistence->rows, " negative entries\n" if $debug;
-}
-
-
-sub printInfo {
-    my ($storePath, $info) = @_;
-    print "$storePath\n";
-    print $info->{deriver} ? "$Nix::Config::storeDir/$info->{deriver}" : "", "\n";
-    print scalar @{$info->{refs}}, "\n";
-    print "$Nix::Config::storeDir/$_\n" foreach @{$info->{refs}};
-    print $info->{fileSize} || 0, "\n";
-    print $info->{narSize} || 0, "\n";
-}
-
-
-sub infoUrl {
-    my ($binaryCacheUrl, $storePath) = @_;
-    my $pathHash = substr(basename($storePath), 0, 32);
-    my $infoUrl = "$binaryCacheUrl/$pathHash.narinfo";
-}
-
-
-sub printInfoParallel {
-    my @paths = @_;
-
-    # First print all paths for which we have cached info.
-    my @left;
-    foreach my $storePath (@paths) {
-        my $found = 0;
-        foreach my $cache (@caches) {
-            my $info = getCachedInfoFrom($storePath, $cache);
-            if (defined $info) {
-                printInfo($storePath, $info);
-                $found = 1;
-                last;
-            }
-        }
-        push @left, $storePath if !$found;
-    }
-
-    return if scalar @left == 0;
-
-    foreach my $cache (@caches) {
-
-        my @left2;
-        %requests = ();
-        foreach my $storePath (@left) {
-            if (negativeHit($storePath, $cache)) {
-                push @left2, $storePath;
-                next;
-            }
-            addRequest($storePath, infoUrl($cache->{url}, $storePath));
-        }
-
-        processRequests;
-
-        foreach my $request (values %requests) {
-            my $info = processNARInfo($request->{storePath}, $cache, $request);
-            if (defined $info) {
-                printInfo($request->{storePath}, $info);
-            } else {
-                push @left2, $request->{storePath};
-            }
-        }
-
-        @left = @left2;
-    }
-}
-
-
-sub printSubstitutablePaths {
-    my @paths = @_;
-
-    # First look for paths that have cached info.
-    my @left;
-    foreach my $storePath (@paths) {
-        my $found = 0;
-        foreach my $cache (@caches) {
-            next unless $cache->{wantMassQuery};
-            if (positiveHit($storePath, $cache)) {
-                print "$storePath\n";
-                $found = 1;
-                last;
-            }
-        }
-        push @left, $storePath if !$found;
-    }
-
-    return if scalar @left == 0;
-
-    # For remaining paths, do HEAD requests.
-    foreach my $cache (@caches) {
-        next unless $cache->{wantMassQuery};
-        my @left2;
-        %requests = ();
-        foreach my $storePath (@left) {
-            if (negativeHit($storePath, $cache)) {
-                push @left2, $storePath;
-                next;
-            }
-            addRequest($storePath, infoUrl($cache->{url}, $storePath), 1);
-        }
-
-        processRequests;
-
-        foreach my $request (values %requests) {
-            if ($request->{result} != 0) {
-                if ($request->{result} != 37 && $request->{httpStatus} != 404 && $request->{httpStatus} != 403) {
-                    print STDERR "could not check ‘$request->{url}’ (" .
-                        ($request->{result} != 0 ? "Curl error $request->{result}" : "HTTP status $request->{httpStatus}") . ")\n";
-                } else {
-                    $insertNARExistence->execute($cache->{id}, basename($request->{storePath}), 0, time())
-                        if shouldCache $request->{url};
-                }
-                push @left2, $request->{storePath};
-            } else {
-                $insertNARExistence->execute($cache->{id}, basename($request->{storePath}), 1, time())
-                    if shouldCache $request->{url};
-                print "$request->{storePath}\n";
-            }
-        }
-
-        @left = @left2;
-    }
-}
-
-
-sub downloadBinary {
-    my ($storePath, $destPath) = @_;
-
-    foreach my $cache (@caches) {
-        my $info = getCachedInfoFrom($storePath, $cache);
-
-        unless (defined $info) {
-            next if negativeHit($storePath, $cache);
-            my $request = addRequest($storePath, infoUrl($cache->{url}, $storePath));
-            processRequests;
-            $info = processNARInfo($storePath, $cache, $request);
-        }
-
-        next unless defined $info;
-
-        my $decompressor;
-        if ($info->{compression} eq "bzip2") { $decompressor = "| $Nix::Config::bzip2 -d"; }
-        elsif ($info->{compression} eq "xz") { $decompressor = "| $Nix::Config::xz -d"; }
-        elsif ($info->{compression} eq "none") { $decompressor = ""; }
-        else {
-            print STDERR "unknown compression method ‘$info->{compression}’\n";
-            next;
-        }
-        my $url = "$cache->{url}/$info->{url}"; # FIXME: handle non-relative URLs
-        die if $requireSignedBinaryCaches && !defined $info->{signedBy};
-        print STDERR "\n*** Downloading ‘$url’ ", ($requireSignedBinaryCaches ? "(signed by ‘$info->{signedBy}’) " : ""), "to ‘$storePath’...\n";
-        checkURL $url;
-        if (system("$Nix::Config::curl --fail --location --insecure --connect-timeout $curlConnectTimeout -A '$userAgent' '$url' $decompressor | $Nix::Config::binDir/nix-store --restore $destPath") != 0) {
-            warn "download of ‘$url’ failed" . ($! ? ": $!" : "") . "\n";
-            next;
-        }
-
-        # Tell Nix about the expected hash so it can verify it.
-        die unless defined $info->{narHash} && $info->{narHash} ne "";
-        print "$info->{narHash}\n";
-
-        print STDERR "\n";
-        return;
-    }
-
-    print STDERR "could not download ‘$storePath’ from any binary cache\n";
-    exit 1;
-}
-
-
-# Bail out right away if binary caches are disabled.
-exit 0 if
-    ($Nix::Config::config{"use-binary-caches"} // "true") eq "false" ||
-    ($Nix::Config::config{"untrusted-use-binary-caches"} // "true") eq "false";
-print "\n";
-flush STDOUT;
-
-initCache();
-
-
-if ($ARGV[0] eq "--query") {
-
-    while (<STDIN>) {
-        getAvailableCaches;
-        chomp;
-        my ($cmd, @args) = split " ", $_;
-
-        if ($cmd eq "have") {
-            print STDERR "checking binary caches for existence of @args\n" if $debug;
-            printSubstitutablePaths(@args);
-            print "\n";
-        }
-
-        elsif ($cmd eq "info") {
-            print STDERR "checking binary caches for info on @args\n" if $debug;
-            printInfoParallel(@args);
-            print "\n";
-        }
-
-        else { die "unknown command ‘$cmd’"; }
-
-        flush STDOUT;
-    }
-
-}
-
-elsif ($ARGV[0] eq "--substitute") {
-    my $storePath = $ARGV[1] or die;
-    my $destPath = $ARGV[2] or die;
-    getAvailableCaches;
-    downloadBinary($storePath, $destPath);
-}
-
-else {
-    die;
-}
--- a/scripts/download-using-manifests.pl.in
+++ b/scripts/download-using-manifests.pl.in
@@ -1,377 +0,0 @@
-#! @perl@ -w @perlFlags@
-
-use utf8;
-use strict;
-use Nix::Config;
-use Nix::Manifest;
-use Nix::Store;
-use Nix::Utils;
-use POSIX qw(strftime);
-
-STDOUT->autoflush(1);
-binmode STDERR, ":encoding(utf8)";
-
-my $logFile = "$Nix::Config::logDir/downloads";
-
-# For queries, skip expensive calls to nix-hash etc.  We're just
-# estimating the expected download size.
-my $fast = 1;
-
-# ‘--insecure’ is fine because Nix verifies the hash of the result.
-my $curl = "$Nix::Config::curl --fail --location --insecure";
-
-
-# Open the manifest cache and update it if necessary.
-my $dbh = updateManifestDB();
-exit 0 unless defined $dbh; # exit if there are no manifests
-print "\n";
-
-
-# $hashCache->{$algo}->{$path} yields the $algo-hash of $path.
-my $hashCache;
-
-
-sub parseHash {
-    my $hash = shift;
-    if ($hash =~ /^(.+):(.+)$/) {
-        return ($1, $2);
-    } else {
-        return ("md5", $hash);
-    }
-}
-
-
-# Compute the most efficient sequence of downloads to produce the
-# given path.
-sub computeSmallestDownload {
-    my $targetPath = shift;
-
-    # Build a graph of all store paths that might contribute to the
-    # construction of $targetPath, and the special node "start".  The
-    # edges are either patch operations, or downloads of full NAR
-    # files.  The latter edges only occur between "start" and a store
-    # path.
-    my %graph;
-
-    $graph{"start"} = {d => 0, pred => undef, edges => []};
-
-    my @queue = ();
-    my $queueFront = 0;
-    my %done;
-
-    sub addNode {
-        my $graph = shift;
-        my $u = shift;
-        $$graph{$u} = {d => 999999999999, pred => undef, edges => []}
-            unless defined $$graph{$u};
-    }
-
-    sub addEdge {
-        my $graph = shift;
-        my $u = shift;
-        my $v = shift;
-        my $w = shift;
-        my $type = shift;
-        my $info = shift;
-        addNode $graph, $u;
-        push @{$$graph{$u}->{edges}},
-            {weight => $w, start => $u, end => $v, type => $type, info => $info};
-        my $n = scalar @{$$graph{$u}->{edges}};
-    }
-
-    push @queue, $targetPath;
-
-    while ($queueFront < scalar @queue) {
-        my $u = $queue[$queueFront++];
-        next if defined $done{$u};
-        $done{$u} = 1;
-
-        addNode \%graph, $u;
-
-        # If the path already exists, it has distance 0 from the
-        # "start" node.
-        if (isValidPath($u)) {
-            addEdge \%graph, "start", $u, 0, "present", undef;
-        }
-
-        else {
-
-            # Add patch edges.
-            my $patchList = $dbh->selectall_arrayref(
-                "select * from Patches where storePath = ?",
-                { Slice => {} }, $u);
-
-            foreach my $patch (@{$patchList}) {
-                if (isValidPath($patch->{basePath})) {
-                    my ($baseHashAlgo, $baseHash) = parseHash $patch->{baseHash};
-
-                    my $hash = $hashCache->{$baseHashAlgo}->{$patch->{basePath}};
-                    if (!defined $hash) {
-                        $hash = $fast && $baseHashAlgo eq "sha256"
-                            ? queryPathHash($patch->{basePath})
-                            : hashPath($baseHashAlgo, $baseHashAlgo ne "md5", $patch->{basePath});
-                        $hash =~ s/.*://;
-                        $hashCache->{$baseHashAlgo}->{$patch->{basePath}} = $hash;
-                    }
-
-                    next if $hash ne $baseHash;
-                }
-                push @queue, $patch->{basePath};
-                addEdge \%graph, $patch->{basePath}, $u, $patch->{size}, "patch", $patch;
-            }
-
-            # Add NAR file edges to the start node.
-            my $narFileList = $dbh->selectall_arrayref(
-                "select * from NARs where storePath = ?",
-                { Slice => {} }, $u);
-
-            foreach my $narFile (@{$narFileList}) {
-                # !!! how to handle files whose size is not known in advance?
-                # For now, assume some arbitrary size (1 GB).
-                # This has the side-effect of preferring non-Hydra downloads.
-                addEdge \%graph, "start", $u, ($narFile->{size} || 1000000000), "narfile", $narFile;
-            }
-        }
-    }
-
-
-    # Run Dijkstra's shortest path algorithm to determine the shortest
-    # sequence of download and/or patch actions that will produce
-    # $targetPath.
-
-    my @todo = keys %graph;
-
-    while (scalar @todo > 0) {
-
-        # Remove the closest element from the todo list.
-        # !!! inefficient, use a priority queue
-        @todo = sort { -($graph{$a}->{d} <=> $graph{$b}->{d}) } @todo;
-        my $u = pop @todo;
-
-        my $u_ = $graph{$u};
-
-        foreach my $edge (@{$u_->{edges}}) {
-            my $v_ = $graph{$edge->{end}};
-            if ($v_->{d} > $u_->{d} + $edge->{weight}) {
-                $v_->{d} = $u_->{d} + $edge->{weight};
-                # Store the edge; to edge->start is actually the
-                # predecessor.
-                $v_->{pred} = $edge;
-            }
-        }
-    }
-
-
-    # Retrieve the shortest path from "start" to $targetPath.
-    my @path = ();
-    my $cur = $targetPath;
-    return () unless defined $graph{$targetPath}->{pred};
-    while ($cur ne "start") {
-        push @path, $graph{$cur}->{pred};
-        $cur = $graph{$cur}->{pred}->{start};
-    }
-
-    return @path;
-}
-
-
-# Parse the arguments.
-
-if ($ARGV[0] eq "--query") {
-
-    while (<STDIN>) {
-        chomp;
-        my ($cmd, @args) = split " ", $_;
-
-        if ($cmd eq "have") {
-            foreach my $storePath (@args) {
-                print "$storePath\n" if scalar @{$dbh->selectcol_arrayref("select 1 from NARs where storePath = ?", {}, $storePath)} > 0;
-            }
-            print "\n";
-        }
-
-        elsif ($cmd eq "info") {
-            foreach my $storePath (@args) {
-
-                my $infos = $dbh->selectall_arrayref(
-                    "select * from NARs where storePath = ?",
-                    { Slice => {} }, $storePath);
-
-                next unless scalar @{$infos} > 0;
-                my $info = @{$infos}[0];
-
-                print "$storePath\n";
-                print "$info->{deriver}\n";
-                my @references = split " ", $info->{refs};
-                print scalar @references, "\n";
-                print "$_\n" foreach @references;
-
-                my @path = computeSmallestDownload $storePath;
-
-                my $downloadSize = 0;
-                while (scalar @path > 0) {
-                    my $edge = pop @path;
-                    my $u = $edge->{start};
-                    my $v = $edge->{end};
-                    if ($edge->{type} eq "patch") {
-                        $downloadSize += $edge->{info}->{size} || 0;
-                    }
-                    elsif ($edge->{type} eq "narfile") {
-                        $downloadSize += $edge->{info}->{size} || 0;
-                    }
-                }
-
-                print "$downloadSize\n";
-
-                my $narSize = $info->{narSize} || 0;
-                print "$narSize\n";
-            }
-
-            print "\n";
-        }
-
-        else { die "unknown command ‘$cmd’"; }
-    }
-
-    exit 0;
-}
-
-elsif ($ARGV[0] ne "--substitute") {
-    die;
-}
-
-
-die unless scalar @ARGV == 3;
-my $targetPath = $ARGV[1];
-my $destPath = $ARGV[2];
-$fast = 0;
-
-
-# Create a temporary directory.
-my $tmpDir = mkTempDir("nix-download");
-
-my $tmpNar = "$tmpDir/nar";
-my $tmpNar2 = "$tmpDir/nar2";
-
-
-open LOGFILE, ">>$logFile" or die "cannot open log file $logFile";
-
-my $date = strftime ("%F %H:%M:%S UTC", gmtime (time));
-print LOGFILE "$$ get $targetPath $date\n";
-
-print STDERR "\n*** Trying to download/patch ‘$targetPath’\n";
-
-
-# Compute the shortest path.
-my @path = computeSmallestDownload $targetPath;
-die "don't know how to produce $targetPath\n" if scalar @path == 0;
-
-
-# We don't need the manifest anymore, so close it as an optimisation:
-# if we still have SQLite locks blocking other processes (we
-# shouldn't), this gets rid of them.
-$dbh->disconnect;
-
-
-# Traverse the shortest path, perform the actions described by the
-# edges.
-my $curStep = 1;
-my $maxStep = scalar @path;
-
-my $finalNarHash;
-
-while (scalar @path > 0) {
-    my $edge = pop @path;
-    my $u = $edge->{start};
-    my $v = $edge->{end};
-
-    print STDERR "\n*** Step $curStep/$maxStep: ";
-
-    if ($edge->{type} eq "present") {
-        print STDERR "using already present path ‘$v’\n";
-        print LOGFILE "$$ present $v\n";
-
-        if ($curStep < $maxStep) {
-            # Since this is not the last step, the path will be used
-            # as a base to one or more patches.  So turn the base path
-            # into a NAR archive, to which we can apply the patch.
-            print STDERR "  packing base path...\n";
-            system("$Nix::Config::binDir/nix-store --dump $v > $tmpNar") == 0
-                or die "cannot dump ‘$v’";
-        }
-    }
-
-    elsif ($edge->{type} eq "patch") {
-        my $patch = $edge->{info};
-        print STDERR "applying patch ‘$patch->{url}’ to ‘$u’ to create ‘$v’\n";
-
-        print LOGFILE "$$ patch $patch->{url} $patch->{size} $patch->{baseHash} $u $v\n";
-
-        # Download the patch.
-        print STDERR "  downloading patch...\n";
-        my $patchPath = "$tmpDir/patch";
-        checkURL $patch->{url};
-        system("$curl '$patch->{url}' -o $patchPath") == 0
-            or die "cannot download patch ‘$patch->{url}’\n";
-
-        # Apply the patch to the NAR archive produced in step 1 (for
-        # the already present path) or a later step (for patch sequences).
-        print STDERR "  applying patch...\n";
-        system("$Nix::Config::libexecDir/nix/bspatch $tmpNar $tmpNar2 $patchPath") == 0
-            or die "cannot apply patch ‘$patchPath’ to $tmpNar\n";
-
-        if ($curStep < $maxStep) {
-            # The archive will be used as the base of the next patch.
-            rename "$tmpNar2", "$tmpNar" or die "cannot rename NAR archive: $!";
-        } else {
-            # This was the last patch.  Unpack the final NAR archive
-            # into the target path.
-            print STDERR "  unpacking patched archive...\n";
-            system("$Nix::Config::binDir/nix-store --restore $destPath < $tmpNar2") == 0
-                or die "cannot unpack $tmpNar2 to ‘$v’\n";
-        }
-
-        $finalNarHash = $patch->{narHash};
-    }
-
-    elsif ($edge->{type} eq "narfile") {
-        my $narFile = $edge->{info};
-        print STDERR "downloading ‘$narFile->{url}’ to ‘$v’\n";
-
-        my $size = $narFile->{size} || -1;
-        print LOGFILE "$$ narfile $narFile->{url} $size $v\n";
-
-        checkURL $narFile->{url};
-
-        my $decompressor =
-            $narFile->{compressionType} eq "bzip2" ? "| $Nix::Config::bzip2 -d" :
-            $narFile->{compressionType} eq "xz" ? "| $Nix::Config::xz -d" :
-            $narFile->{compressionType} eq "none" ? "" :
-            die "unknown compression type ‘$narFile->{compressionType}’";
-
-        if ($curStep < $maxStep) {
-            # The archive will be used a base to a patch.
-            system("$curl '$narFile->{url}' $decompressor > $tmpNar") == 0
-                or die "cannot download and unpack ‘$narFile->{url}’ to ‘$v’\n";
-        } else {
-            # Unpack the archive to the target path.
-            system("$curl '$narFile->{url}' $decompressor | $Nix::Config::binDir/nix-store --restore '$destPath'") == 0
-                or die "cannot download and unpack ‘$narFile->{url}’ to ‘$v’\n";
-        }
-
-        $finalNarHash = $narFile->{narHash};
-    }
-
-    $curStep++;
-}
-
-
-# Tell Nix about the expected hash so it can verify it.
-die "cannot check integrity of the downloaded path since its hash is not known\n"
-    unless defined $finalNarHash;
-print "$finalNarHash\n";
-
-
-print STDERR "\n";
-print LOGFILE "$$ success\n";
-close LOGFILE;
--- a/scripts/find-runtime-roots.pl.in
+++ b/scripts/find-runtime-roots.pl.in
@@ -1,79 +0,0 @@
-#! @perl@ -w @perlFlags@
-
-use strict;
-use Nix::Utils;
-use Nix::Config;
-
-
-sub readProc {
-    return unless -d "/proc";
-
-    opendir DIR, "/proc" or return;
-
-    foreach my $name (readdir DIR) {
-        next unless $name =~ /^\d+$/;
-
-        my $process = "/proc/$name";
-
-        #print STDERR "=== $process\n";
-
-        my $target;
-        print "$target\n" if $target = readlink "$process/exe";
-        print "$target\n" if $target = readlink "$process/cwd";
-
-        if (opendir FDS, "$process/fd") {
-            foreach my $name (readdir FDS) {
-                $target = readlink "$process/fd/$name";
-                print "$target\n" if $target && substr($target, 0, 1) eq "/";
-            }
-            closedir FDS;
-        }
-
-        if (open MAP, "<$process/maps") {
-            while (<MAP>) {
-                next unless /^ \s* \S+ \s+ \S+ \s+ \S+ \s+ \S+ \s+ \S+ \s+ (\/\S+) \s* $/x;
-                print "$1\n";
-            }
-            close MAP;
-        }
-
-        # Get all store paths that appear in the environment of this process.
-        eval {
-            my $env = Nix::Utils::readFile "$process/environ";
-            my @matches = $env =~ /\Q$Nix::Config::storeDir\E\/[0-9a-z]+[0-9a-zA-Z\+\-\._\?=]*/g;
-            print "$_\n" foreach @matches;
-        }
-    }
-
-    closedir DIR;
-}
-
-
-sub lsof {
-    return unless open LSOF, "lsof -n -w -F n 2> /dev/null |";
-
-    while (<LSOF>) {
-        next unless /^n (\/ .*)$/x;
-        print $1, "\n";
-    }
-
-    close LSOF;
-}
-
-
-readProc;
-lsof;
-
-
-sub printFile {
-    my ($fn) = @_;
-    if (-e $fn) {
-        print Nix::Utils::readFile($fn), "\n";
-    }
-}
-
-
-# This is rather NixOS-specific, so it probably shouldn't be here.
-printFile "/proc/sys/kernel/modprobe";
-printFile "/proc/sys/kernel/fbsplash";
-printFile "/proc/sys/kernel/poweroff_cmd";
--- a/Show More
+++ b/Show More