Merge branch 'master' (reformat)

.coderabbit.yaml

@@ -1,14 +0,0 @@
-# Disable CodeRabbit auto-review to prevent verbose comments on PRs.
-# When enabled: false, CodeRabbit won't attempt reviews and won't post
-# "Review skipped" or other automated comments.
-reviews:
-  auto_review:
-    enabled: false
-  review_status: false
-  high_level_summary: false
-  poem: false
-  sequence_diagrams: false
-  changed_files_summary: false
-  tools:
-    github-checks:
-      enabled: false

.git-blame-ignore-revs

@@ -1,6 +1,2 @@
 # bulk initial re-formatting with clang-format
 e4f62e46088919428a68bd8014201dc8e379fed7 # !autorebase ./maintainers/format.sh --until-stable
-# meson re-formatting
-385e2c3542c707d95e3784f7f6d623f67e77ab61 # !autorebase ./maintainers/format.sh --until-stable
-# nixfmt 1.0.0
-1d943f581908f35075a84a3d89c2eba3ff35067f # !autorebase ./maintainers/format.sh --until-stable

.github/ISSUE_TEMPLATE/bug_report.md

@@ -45,7 +45,7 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open bug issues and pull requests] for possible duplicates
 
-[latest Nix manual]: https://nix.dev/manual/nix/development/
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
 [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
 [open bug issues and pull requests]: https://github.com/NixOS/nix/labels/bug
 

.github/ISSUE_TEMPLATE/feature_request.md

@@ -30,7 +30,7 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open feature issues and pull requests] for possible duplicates
 
-[latest Nix manual]: https://nix.dev/manual/nix/development/
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
 [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
 [open feature issues and pull requests]: https://github.com/NixOS/nix/labels/feature
 

.github/ISSUE_TEMPLATE/installer.md

@@ -38,7 +38,7 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open installer issues and pull requests] for possible duplicates
 
-[latest Nix manual]: https://nix.dev/manual/nix/development/
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
 [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
 [open installer issues and pull requests]: https://github.com/NixOS/nix/labels/installer
 

.github/ISSUE_TEMPLATE/missing_documentation.md

@@ -22,7 +22,7 @@ assignees: ''
 - [ ] checked [latest Nix manual] \([source])
 - [ ] checked [open documentation issues and pull requests] for possible duplicates
 
-[latest Nix manual]: https://nix.dev/manual/nix/development/
+[latest Nix manual]: https://nixos.org/manual/nix/unstable/
 [source]: https://github.com/NixOS/nix/tree/master/doc/manual/source
 [open documentation issues and pull requests]: https://github.com/NixOS/nix/labels/documentation
 

.github/PULL_REQUEST_TEMPLATE.md

@@ -15,10 +15,6 @@ so you understand the process and the expectations.
 - volunteering contributions effectively
 - how to get help and our review process.
 
-PR stuck in review? We have two Nix team meetings per week online that are open for everyone in a jitsi conference:
-
-- https://calendar.google.com/calendar/u/0/embed?src=b9o52fobqjak8oq8lfkhg3t0qg@group.calendar.google.com
-
 -->
 
 ## Motivation

.github/actions/install-nix-action/action.yaml

@@ -4,36 +4,22 @@ inputs:
   dogfood:
     description: "Whether to use Nix installed from the latest artifact from master branch"
     required: true # Be explicit about the fact that we are using unreleased artifacts
-  experimental-installer:
-    description: "Whether to use the experimental installer to install Nix"
-    default: false
-  experimental-installer-version:
-    description: "Version of the experimental installer to use. If `latest`, the newest artifact from the default branch is used."
-    # TODO: This should probably be pinned to a release after https://github.com/NixOS/experimental-nix-installer/pull/49 lands in one
-    default: "latest"
   extra_nix_config:
     description: "Gets appended to `/etc/nix/nix.conf` if passed."
   install_url:
     description: "URL of the Nix installer"
     required: false
-    default: "https://releases.nixos.org/nix/nix-2.32.1/install"
-  tarball_url:
-    description: "URL of the Nix tarball to use with the experimental installer"
-    required: false
+    default: "https://releases.nixos.org/nix/nix-2.30.1/install"
   github_token:
     description: "Github token"
     required: true
-  use_cache:
-    description: "Whether to setup magic-nix-cache"
-    default: true
-    required: false
 runs:
   using: "composite"
   steps:
     - name: "Download nix install artifact from master"
       shell: bash
       id: download-nix-installer
-      if: inputs.dogfood == 'true'
+      if: ${{ inputs.dogfood }}
       run: |
         RUN_ID=$(gh run list --repo "$DOGFOOD_REPO" --workflow ci.yml --branch master --status success --json databaseId --jq ".[0].databaseId")
 
@@ -51,81 +37,14 @@ runs:
 
         gh run download "$RUN_ID" --repo "$DOGFOOD_REPO" -n "$INSTALLER_ARTIFACT" -D "$INSTALLER_DOWNLOAD_DIR"
         echo "installer-path=file://$INSTALLER_DOWNLOAD_DIR" >> "$GITHUB_OUTPUT"
-        TARBALL_PATH="$(find "$INSTALLER_DOWNLOAD_DIR" -name 'nix*.tar.xz' -print | head -n 1)"
-        echo "tarball-path=file://$TARBALL_PATH" >> "$GITHUB_OUTPUT"
 
         echo "::notice ::Dogfooding Nix installer from master (https://github.com/$DOGFOOD_REPO/actions/runs/$RUN_ID)"
       env:
         GH_TOKEN: ${{ inputs.github_token }}
         DOGFOOD_REPO: "NixOS/nix"
-    - name: "Gather system info for experimental installer"
-      shell: bash
-      if: ${{ inputs.experimental-installer == 'true' }}
-      run: |
-        echo "::notice Using experimental installer from $EXPERIMENTAL_INSTALLER_REPO (https://github.com/$EXPERIMENTAL_INSTALLER_REPO)"
-
-        if [ "$RUNNER_OS" == "Linux" ]; then
-          EXPERIMENTAL_INSTALLER_SYSTEM="linux"
-          echo "EXPERIMENTAL_INSTALLER_SYSTEM=$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV"
-        elif [ "$RUNNER_OS" == "macOS" ]; then
-          EXPERIMENTAL_INSTALLER_SYSTEM="darwin"
-          echo "EXPERIMENTAL_INSTALLER_SYSTEM=$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV"
-        else
-          echo "::error ::Unsupported RUNNER_OS: $RUNNER_OS"
-          exit 1
-        fi
-
-        if [ "$RUNNER_ARCH" == "X64" ]; then
-          EXPERIMENTAL_INSTALLER_ARCH=x86_64
-          echo "EXPERIMENTAL_INSTALLER_ARCH=$EXPERIMENTAL_INSTALLER_ARCH" >> "$GITHUB_ENV"
-        elif [ "$RUNNER_ARCH" == "ARM64" ]; then
-          EXPERIMENTAL_INSTALLER_ARCH=aarch64
-          echo "EXPERIMENTAL_INSTALLER_ARCH=$EXPERIMENTAL_INSTALLER_ARCH" >> "$GITHUB_ENV"
-        else
-          echo "::error ::Unsupported RUNNER_ARCH: $RUNNER_ARCH"
-          exit 1
-        fi
-
-        echo "EXPERIMENTAL_INSTALLER_ARTIFACT=nix-installer-$EXPERIMENTAL_INSTALLER_ARCH-$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV"
-      env:
-        EXPERIMENTAL_INSTALLER_REPO: "NixOS/experimental-nix-installer"
-    - name: "Download latest experimental installer"
-      shell: bash
-      id: download-latest-experimental-installer
-      if: ${{ inputs.experimental-installer == 'true' && inputs.experimental-installer-version == 'latest' }}
-      run: |
-        RUN_ID=$(gh run list --repo "$EXPERIMENTAL_INSTALLER_REPO" --workflow ci.yml --branch main --status success --json databaseId --jq ".[0].databaseId")
-
-        EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR="$GITHUB_WORKSPACE/$EXPERIMENTAL_INSTALLER_ARTIFACT"
-        mkdir -p "$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR"
-
-        gh run download "$RUN_ID" --repo "$EXPERIMENTAL_INSTALLER_REPO" -n "$EXPERIMENTAL_INSTALLER_ARTIFACT" -D "$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR"
-        # Executable permissions are lost in artifacts
-        find $EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR -type f -exec chmod +x {} +
-        echo "installer-path=$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR" >> "$GITHUB_OUTPUT"
-      env:
-        GH_TOKEN: ${{ inputs.github_token }}
-        EXPERIMENTAL_INSTALLER_REPO: "NixOS/experimental-nix-installer"
     - uses: cachix/install-nix-action@c134e4c9e34bac6cab09cf239815f9339aaaf84e # v31.5.1
-      if: ${{ inputs.experimental-installer != 'true' }}
       with:
         # Ternary operator in GHA: https://www.github.com/actions/runner/issues/409#issuecomment-752775072
-        install_url: ${{ inputs.dogfood == 'true' && format('{0}/install', steps.download-nix-installer.outputs.installer-path) || inputs.install_url }}
-        install_options: ${{ inputs.dogfood == 'true' && format('--tarball-url-prefix {0}', steps.download-nix-installer.outputs.installer-path) || '' }}
+        install_url: ${{ inputs.dogfood && format('{0}/install', steps.download-nix-installer.outputs.installer-path) || inputs.install_url }}
+        install_options: ${{ inputs.dogfood && format('--tarball-url-prefix {0}', steps.download-nix-installer.outputs.installer-path) || '' }}
         extra_nix_config: ${{ inputs.extra_nix_config }}
-    - uses: DeterminateSystems/nix-installer-action@786fff0690178f1234e4e1fe9b536e94f5433196 # v20
-      if: ${{ inputs.experimental-installer == 'true' }}
-      with:
-        diagnostic-endpoint: ""
-        # TODO: It'd be nice to use `artifacts.nixos.org` for both of these, maybe through an `/experimental-installer/latest` endpoint? or `/commit/<hash>`?
-        local-root: ${{ inputs.experimental-installer-version == 'latest' && steps.download-latest-experimental-installer.outputs.installer-path || '' }}
-        source-url: ${{ inputs.experimental-installer-version != 'latest' && 'https://artifacts.nixos.org/experimental-installer/tag/${{ inputs.experimental-installer-version }}/${{ env.EXPERIMENTAL_INSTALLER_ARTIFACT }}' || '' }}
-        nix-package-url: ${{ inputs.dogfood == 'true' && steps.download-nix-installer.outputs.tarball-path || (inputs.tarball_url || '') }}
-        extra-conf: ${{ inputs.extra_nix_config }}
-    - uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13
-      if: ${{ inputs.use_cache == 'true' }}
-      with:
-        diagnostic-endpoint: ''
-        use-flakehub: false
-        use-gha-cache: true
-        source-revision: 92d9581367be2233c2d5714a2640e1339f4087d8 # main

.github/workflows/backport.yml

@@ -1,37 +0,0 @@
-name: Backport
-on:
-  pull_request_target:
-    types: [closed, labeled]
-permissions:
-  contents: read
-jobs:
-  backport:
-    name: Backport Pull Request
-    permissions:
-      # for korthout/backport-action
-      contents: write
-      pull-requests: write
-    if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
-    runs-on: ubuntu-24.04-arm
-    steps:
-      - name: Generate GitHub App token
-        id: generate-token
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ vars.CI_APP_ID }}
-          private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
-      - uses: actions/checkout@v5
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-          # required to find all branches
-          fetch-depth: 0
-      - name: Create backport PRs
-        uses: korthout/backport-action@d07416681cab29bf2661702f925f020aaa962997 # v3.4.1
-        id: backport
-        with:
-          # Config README: https://github.com/korthout/backport-action#backport-action
-          github_token: ${{ steps.generate-token.outputs.token }}
-          github_workspace: ${{ github.workspace }}
-          auto_merge_enabled: true
-          pull_description: |-
-            Automatic backport to `${target_branch}`, triggered by a label in #${pull_number}.

.github/workflows/ci.yml

@@ -2,21 +2,7 @@ name: "CI"
 
 on:
   pull_request:
-  merge_group:
   push:
-    branches:
-      - master
-  workflow_dispatch:
-    inputs:
-      dogfood:
-        description: 'Use dogfood Nix build'
-        required: false
-        default: true
-        type: boolean
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
-  cancel-in-progress: true
 
 permissions: read-all
 
@@ -24,43 +10,18 @@ jobs:
   eval:
     runs-on: ubuntu-24.04
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
     - uses: ./.github/actions/install-nix-action
       with:
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
+        dogfood: true
         extra_nix_config:
           experimental-features = nix-command flakes
         github_token: ${{ secrets.GITHUB_TOKEN }}
-        use_cache: false
     - run: nix flake show --all-systems --json
 
-  pre-commit-checks:
-    name: pre-commit checks
-    runs-on: ubuntu-24.04
-    steps:
-      - uses: actions/checkout@v5
-      - uses: ./.github/actions/install-nix-action
-        with:
-          dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-          extra_nix_config: experimental-features = nix-command flakes
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - run: ./ci/gha/tests/pre-commit-checks
-
-  basic-checks:
-    name: aggregate basic checks
-    if: ${{ always() }}
-    runs-on: ubuntu-24.04
-    needs: [pre-commit-checks, eval]
-    steps:
-      - name: Exit with any errors
-        if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
-        run: |
-          exit 1
-
   tests:
-    needs: basic-checks
     strategy:
       fail-fast: false
       matrix:
@@ -68,74 +29,36 @@ jobs:
           - scenario: on ubuntu
             runs-on: ubuntu-24.04
             os: linux
-            instrumented: false
-            primary: true
-            stdenv: stdenv
           - scenario: on macos
             runs-on: macos-14
             os: darwin
-            instrumented: false
-            primary: true
-            stdenv: stdenv
-          - scenario: on ubuntu (with sanitizers / coverage)
-            runs-on: ubuntu-24.04
-            os: linux
-            instrumented: true
-            primary: false
-            stdenv: clangStdenv
     name: tests ${{ matrix.scenario }}
     runs-on: ${{ matrix.runs-on }}
     timeout-minutes: 60
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
     - uses: ./.github/actions/install-nix-action
       with:
         github_token: ${{ secrets.GITHUB_TOKEN }}
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
+        dogfood: true
         # The sandbox would otherwise be disabled by default on Darwin
-        extra_nix_config: "sandbox = true"
+        extra_nix_config: |
+          sandbox = true
+          max-jobs = 1
+    - uses: DeterminateSystems/magic-nix-cache-action@main
     # Since ubuntu 22.30, unprivileged usernamespaces are no longer allowed to map to the root user:
     # https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
     - run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
       if: matrix.os == 'linux'
-    - name: Run component tests
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix componentTests -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}"
-    - name: Run VM tests
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix vmTests -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}"
-      if: ${{ matrix.os == 'linux' }}
-    - name: Run flake checks and prepare the installer tarball
-      run: |
-        ci/gha/tests/build-checks
-        ci/gha/tests/prepare-installer-for-github-actions
-      if: ${{ matrix.primary }}
-    - name: Collect code coverage
-      run: |
-        nix build --file ci/gha/tests/wrapper.nix codeCoverage.coverageReports -L \
-          --arg withInstrumentation ${{ matrix.instrumented }} \
-          --argstr stdenv "${{ matrix.stdenv }}" \
-          --out-link coverage-reports
-        cat coverage-reports/index.txt >> $GITHUB_STEP_SUMMARY
-      if: ${{ matrix.instrumented }}
-    - name: Upload coverage reports
-      uses: actions/upload-artifact@v4
-      with:
-        name: coverage-reports
-        path: coverage-reports/
-      if: ${{ matrix.instrumented }}
+    - run: scripts/build-checks
+    - run: scripts/prepare-installer-for-github-actions
     - name: Upload installer tarball
       uses: actions/upload-artifact@v4
       with:
         name: installer-${{matrix.os}}
         path: out/*
-      if: ${{ matrix.primary }}
 
   installer_test:
     needs: [tests]
@@ -146,46 +69,25 @@ jobs:
           - scenario: on ubuntu
             runs-on: ubuntu-24.04
             os: linux
-            experimental-installer: false
           - scenario: on macos
             runs-on: macos-14
             os: darwin
-            experimental-installer: false
-          - scenario: on ubuntu (experimental)
-            runs-on: ubuntu-24.04
-            os: linux
-            experimental-installer: true
-          - scenario: on macos (experimental)
-            runs-on: macos-14
-            os: darwin
-            experimental-installer: true
     name: installer test ${{ matrix.scenario }}
     runs-on: ${{ matrix.runs-on }}
     steps:
-    - uses: actions/checkout@v5
+    - uses: actions/checkout@v4
     - name: Download installer tarball
-      uses: actions/download-artifact@v5
+      uses: actions/download-artifact@v4
       with:
         name: installer-${{matrix.os}}
         path: out
-    - name: Looking up the installer tarball URL
-      id: installer-tarball-url
-      run: |
-        echo "installer-url=file://$GITHUB_WORKSPACE/out" >> "$GITHUB_OUTPUT"
-        TARBALL_PATH="$(find "$GITHUB_WORKSPACE/out" -name 'nix*.tar.xz' -print | head -n 1)"
-        echo "tarball-path=file://$TARBALL_PATH" >> "$GITHUB_OUTPUT"
-    - uses: cachix/install-nix-action@c134e4c9e34bac6cab09cf239815f9339aaaf84e # v31.5.1
-      if: ${{ !matrix.experimental-installer }}
+    - name: Serving installer
+      id: serving_installer
+      run: ./scripts/serve-installer-for-github-actions
+    - uses: cachix/install-nix-action@v31
       with:
-        install_url: ${{ format('{0}/install', steps.installer-tarball-url.outputs.installer-url) }}
-        install_options: ${{ format('--tarball-url-prefix {0}', steps.installer-tarball-url.outputs.installer-url) }}
-    - uses: ./.github/actions/install-nix-action
-      if: ${{ matrix.experimental-installer }}
-      with:
-        dogfood: false
-        experimental-installer: true
-        tarball_url: ${{ steps.installer-tarball-url.outputs.tarball-path }}
-        github_token: ${{ secrets.GITHUB_TOKEN }}
+        install_url: 'http://localhost:8126/install'
+        install_options: "--tarball-url-prefix http://localhost:8126/"
     - run: sudo apt install fish zsh
       if: matrix.os == 'linux'
     - run: brew install fish
@@ -204,20 +106,20 @@ jobs:
   check_secrets:
     permissions:
       contents: none
-    name: Check presence of secrets
+    name: Check Docker secrets present for installer tests
     runs-on: ubuntu-24.04
     outputs:
       docker: ${{ steps.secret.outputs.docker }}
     steps:
-      - name: Check for DockerHub secrets
+      - name: Check for secrets
         id: secret
         env:
           _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
         run: |
-          echo "docker=${{ env._DOCKER_SECRETS != '' }}" >> $GITHUB_OUTPUT
+          echo "::set-output name=docker::${{ env._DOCKER_SECRETS != '' }}"
 
   docker_push_image:
-    needs: [tests, check_secrets]
+    needs: [tests, vm_tests, check_secrets]
     permissions:
       contents: read
       packages: write
@@ -227,16 +129,21 @@ jobs:
       github.ref_name == 'master'
     runs-on: ubuntu-24.04
     steps:
-    - uses: actions/checkout@v5
+    - name: Check for secrets
+      id: secret
+      env:
+        _DOCKER_SECRETS: ${{ secrets.DOCKERHUB_USERNAME }}${{ secrets.DOCKERHUB_TOKEN }}
+      run: |
+        echo "::set-output name=docker::${{ env._DOCKER_SECRETS != '' }}"
+    - uses: actions/checkout@v4
       with:
         fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
+    - uses: cachix/install-nix-action@v31
       with:
-        dogfood: false
-        extra_nix_config: |
-          experimental-features = flakes nix-command
-    - run: echo NIX_VERSION="$(nix eval .\#nix.version | tr -d \")" >> $GITHUB_ENV
-    - run: nix build .#dockerImage -L
+        install_url: https://releases.nixos.org/nix/nix-2.20.3/install
+    - uses: DeterminateSystems/magic-nix-cache-action@main
+    - run: echo NIX_VERSION="$(nix --experimental-features 'nix-command flakes' eval .\#nix.version | tr -d \")" >> $GITHUB_ENV
+    - run: nix --experimental-features 'nix-command flakes' build .#dockerImage -L
     - run: docker load -i ./result/image.tar.gz
     - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
     - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
@@ -271,48 +178,46 @@ jobs:
         docker tag nix:$NIX_VERSION $IMAGE_ID:master
         docker push $IMAGE_ID:master
 
+  vm_tests:
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/install-nix-action
+        with:
+          dogfood: true
+          extra_nix_config:
+            experimental-features = nix-command flakes
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - run: |
+          nix build -L \
+            .#hydraJobs.tests.functional_user \
+            .#hydraJobs.tests.githubFlakes \
+            .#hydraJobs.tests.nix-docker \
+            .#hydraJobs.tests.tarballFlakes \
+            ;
+
   flake_regressions:
-    needs: tests
+    needs: vm_tests
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout nix
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
       - name: Checkout flake-regressions
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
         with:
           repository: NixOS/flake-regressions
           path: flake-regressions
       - name: Checkout flake-regressions-data
-        uses: actions/checkout@v5
+        uses: actions/checkout@v4
         with:
           repository: NixOS/flake-regressions-data
           path: flake-regressions/tests
       - uses: ./.github/actions/install-nix-action
         with:
-          dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
+          dogfood: true
           extra_nix_config:
             experimental-features = nix-command flakes
           github_token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: DeterminateSystems/magic-nix-cache-action@main
       - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH MAX_FLAKES=25 flake-regressions/eval-all.sh
-
-  profile_build:
-    needs: tests
-    runs-on: ubuntu-24.04
-    timeout-minutes: 60
-    if: >-
-      github.event_name == 'push' &&
-      github.ref_name == 'master'
-    steps:
-    - uses: actions/checkout@v5
-      with:
-        fetch-depth: 0
-    - uses: ./.github/actions/install-nix-action
-      with:
-        github_token: ${{ secrets.GITHUB_TOKEN }}
-        dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
-        extra_nix_config: |
-          experimental-features = flakes nix-command ca-derivations impure-derivations
-          max-jobs = 1
-    - run: |
-        nix build -L --file ./ci/gha/profile-build buildTimeReport --out-link build-time-report.md
-        cat build-time-report.md >> $GITHUB_STEP_SUMMARY

.github/workflows/labels.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-24.04
     if: github.repository_owner == 'NixOS'
     steps:
-    - uses: actions/labeler@v6
+    - uses: actions/labeler@v5
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         sync-labels: false

.mergify.yml

@@ -0,0 +1,163 @@
+queue_rules:
+  - name: default
+    # all required tests need to go here
+    merge_conditions:
+      - check-success=tests on macos
+      - check-success=tests on ubuntu
+      - check-success=installer test on macos
+      - check-success=installer test on ubuntu
+      - check-success=vm_tests
+    batch_size: 5
+
+pull_request_rules:
+  - name: merge using the merge queue
+    conditions:
+      - base~=master|.+-maintenance
+      - label~=merge-queue|dependencies
+    actions:
+      queue: {}
+
+# The rules below will first create backport pull requests and put those in a merge queue.
+
+  - name: backport patches to 2.18
+    conditions:
+      - label=backport 2.18-maintenance
+    actions:
+      backport:
+        branches:
+          - 2.18-maintenance
+        labels:
+          - automatic backport
+          - merge-queue
+
+  - name: backport patches to 2.19
+    conditions:
+      - label=backport 2.19-maintenance
+    actions:
+      backport:
+        branches:
+          - 2.19-maintenance
+        labels:
+          - automatic backport
+          - merge-queue
+
+  - name: backport patches to 2.20
+    conditions:
+      - label=backport 2.20-maintenance
+    actions:
+      backport:
+        branches:
+          - 2.20-maintenance
+        labels:
+          - automatic backport
+          - merge-queue
+
+  - name: backport patches to 2.21
+    conditions:
+      - label=backport 2.21-maintenance
+    actions:
+      backport:
+        branches:
+          - 2.21-maintenance
+        labels:
+          - automatic backport
+          - merge-queue
+
+  - name: backport patches to 2.22
+    conditions:
+      - label=backport 2.22-maintenance
+    actions:
+      backport:
+        branches:
+          - 2.22-maintenance
+        labels:
+          - automatic backport
+          - merge-queue
+
+  - name: backport patches to 2.23
+    conditions:
+      - label=backport 2.23-maintenance
+    actions:
+      backport:
+        branches:
+          - 2.23-maintenance
+        labels:
+          - automatic backport
+          - merge-queue
+
+  - name: backport patches to 2.24
+    conditions:
+      - label=backport 2.24-maintenance
+    actions:
+      backport:
+        branches:
+          - "2.24-maintenance"
+        labels:
+          - automatic backport
+          - merge-queue
+
+  - name: backport patches to 2.25
+    conditions:
+      - label=backport 2.25-maintenance
+    actions:
+      backport:
+        branches:
+          - "2.25-maintenance"
+        labels:
+          - automatic backport
+          - merge-queue
+
+  - name: backport patches to 2.26
+    conditions:
+      - label=backport 2.26-maintenance
+    actions:
+      backport:
+        branches:
+          - "2.26-maintenance"
+        labels:
+          - automatic backport
+          - merge-queue
+
+  - name: backport patches to 2.27
+    conditions:
+      - label=backport 2.27-maintenance
+    actions:
+      backport:
+        branches:
+          - "2.27-maintenance"
+        labels:
+          - automatic backport
+          - merge-queue
+
+  - name: backport patches to 2.28
+    conditions:
+      - label=backport 2.28-maintenance
+    actions:
+      backport:
+        branches:
+          - "2.28-maintenance"
+        labels:
+          - automatic backport
+          - merge-queue
+
+  - name: backport patches to 2.29
+    conditions:
+      - label=backport 2.29-maintenance
+    actions:
+      backport:
+        branches:
+          - "2.29-maintenance"
+        labels:
+          - automatic backport
+          - merge-queue
+
+  - name: backport patches to 2.30
+    conditions:
+      - label=backport 2.30-maintenance
+    actions:
+      backport:
+        branches:
+          - "2.30-maintenance"
+        labels:
+          - automatic backport
+          - merge-queue

.version

@@ -1 +1 @@
-2.33.0
+2.31.0

CONTRIBUTING.md

@@ -89,7 +89,7 @@ Check out the [security policy](https://github.com/NixOS/nix/security/policy).
 
 ## Making changes to the Nix manual
 
-The Nix reference manual is hosted on https://nix.dev/manual/nix.
+The Nix reference manual is hosted on https://nixos.org/manual/nix.
 The underlying source files are located in [`doc/manual/source`](./doc/manual/source).
 For small changes you can [use GitHub to edit these files](https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files)
 For larger changes see the [Nix reference manual](https://nix.dev/manual/nix/development/development/contributing.html).

COPYING

@@ -1,8 +1,8 @@
-                  GNU LESSER GENERAL PUBLIC LICENSE
-                       Version 2.1, February 1999
+		  GNU LESSER GENERAL PUBLIC LICENSE
+		       Version 2.1, February 1999
 
  Copyright (C) 1991, 1999 Free Software Foundation, Inc.
- <https://fsf.org/>
+ 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
@@ -10,7 +10,7 @@
  as the successor of the GNU Library Public License, version 2, hence
  the version number 2.1.]
 
-                            Preamble
+			    Preamble
 
   The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -112,7 +112,7 @@ modification follow.  Pay close attention to the difference between a
 former contains code derived from the library, whereas the latter must
 be combined with the library in order to run.
 
-                  GNU LESSER GENERAL PUBLIC LICENSE
+		  GNU LESSER GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
   0. This License Agreement applies to any software library or other
@@ -146,7 +146,7 @@ such a program is covered only if its contents constitute a work based
 on the Library (independent of the use of the Library in a tool for
 writing it).  Whether that is true depends on what the Library does
 and what the program that uses the Library does.
-
+  
   1. You may copy and distribute verbatim copies of the Library's
 complete source code as you receive it, in any medium, provided that
 you conspicuously and appropriately publish on each copy an
@@ -432,7 +432,7 @@ decision will be guided by the two goals of preserving the free status
 of all derivatives of our free software and of promoting the sharing
 and reuse of software generally.
 
-                            NO WARRANTY
+			    NO WARRANTY
 
   15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
 WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
@@ -455,7 +455,7 @@ FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
 SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
 DAMAGES.
 
-                     END OF TERMS AND CONDITIONS
+		     END OF TERMS AND CONDITIONS
 
            How to Apply These Terms to Your New Libraries
 
@@ -484,7 +484,8 @@ convey the exclusion of warranty; and each file should have at least the
     Lesser General Public License for more details.
 
     You should have received a copy of the GNU Lesser General Public
-    License along with this library; if not, see <https://www.gnu.org/licenses/>.
+    License along with this library; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 Also add information on how to contact you by electronic and paper mail.
 
@@ -495,7 +496,9 @@ necessary.  Here is a sample; alter the names:
   Yoyodyne, Inc., hereby disclaims all copyright interest in the
   library `Frob' (a library for tweaking knobs) written by James Random Hacker.
 
-  <signature of Moe Ghoul>, 1 April 1990
-  Moe Ghoul, President of Vice
+  <signature of Ty Coon>, 1 April 1990
+  Ty Coon, President of Vice
 
 That's all there is to it!
+
+

ci/gha/profile-build/default.nix

@@ -1,101 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-}:
-
-let
-  inherit (pkgs) lib;
-
-  nixComponentsInstrumented =
-    (nixFlake.lib.makeComponents {
-      inherit pkgs;
-      getStdenv = p: p.clangStdenv;
-    }).overrideScope
-      (
-        _: _: {
-          mesonComponentOverrides = finalAttrs: prevAttrs: {
-            outputs = (prevAttrs.outputs or [ "out" ]) ++ [ "buildprofile" ];
-            nativeBuildInputs = [ pkgs.clangbuildanalyzer ] ++ prevAttrs.nativeBuildInputs or [ ];
-            __impure = true;
-
-            env = {
-              CFLAGS = "-ftime-trace";
-              CXXFLAGS = "-ftime-trace";
-            };
-
-            preBuild = ''
-              ClangBuildAnalyzer --start $PWD
-            '';
-
-            postBuild = ''
-              ClangBuildAnalyzer --stop $PWD $buildprofile
-            '';
-          };
-        }
-      );
-
-  componentsToProfile = {
-    "nix-util" = { };
-    "nix-util-c" = { };
-    "nix-util-test-support" = { };
-    "nix-util-tests" = { };
-    "nix-store" = { };
-    "nix-store-c" = { };
-    "nix-store-test-support" = { };
-    "nix-store-tests" = { };
-    "nix-fetchers" = { };
-    "nix-fetchers-c" = { };
-    "nix-fetchers-tests" = { };
-    "nix-expr" = { };
-    "nix-expr-c" = { };
-    "nix-expr-test-support" = { };
-    "nix-expr-tests" = { };
-    "nix-flake" = { };
-    "nix-flake-c" = { };
-    "nix-flake-tests" = { };
-    "nix-main" = { };
-    "nix-main-c" = { };
-    "nix-cmd" = { };
-    "nix-cli" = { };
-  };
-
-  componentDerivationsToProfile = builtins.intersectAttrs componentsToProfile nixComponentsInstrumented;
-  componentBuildProfiles = lib.mapAttrs (
-    n: v: lib.getOutput "buildprofile" v
-  ) componentDerivationsToProfile;
-
-  buildTimeReport =
-    pkgs.runCommand "build-time-report"
-      {
-        __impure = true;
-        __structuredAttrs = true;
-        nativeBuildInputs = [ pkgs.clangbuildanalyzer ];
-        inherit componentBuildProfiles;
-      }
-      ''
-        {
-          echo "# Build time performance profile for components:"
-          echo
-          echo "This reports the build profile collected via \`-ftime-trace\` for each component."
-          echo
-        } >> $out
-
-        for name in "''\${!componentBuildProfiles[@]}"; do
-          {
-            echo "<details><summary><strong>$name</strong></summary>"
-            echo
-            echo '````'
-            ClangBuildAnalyzer --analyze "''\${componentBuildProfiles[$name]}"
-            echo '````'
-            echo
-            echo "</details>"
-          } >> $out
-        done
-      '';
-in
-
-{
-  inherit buildTimeReport;
-  inherit componentDerivationsToProfile;
-}

ci/gha/tests/default.nix

@@ -1,240 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-  nixComponents ? (
-    nixFlake.lib.makeComponents {
-      inherit pkgs;
-      inherit getStdenv;
-    }
-  ),
-  getStdenv ? p: p.stdenv,
-  componentTestsPrefix ? "",
-  withSanitizers ? false,
-  withCoverage ? false,
-  ...
-}:
-
-let
-  inherit (pkgs) lib;
-  hydraJobs = nixFlake.hydraJobs;
-  packages' = nixFlake.packages.${system};
-  stdenv = (getStdenv pkgs);
-
-  collectCoverageLayer = finalAttrs: prevAttrs: {
-    env =
-      let
-        # https://clang.llvm.org/docs/SourceBasedCodeCoverage.html#the-code-coverage-workflow
-        coverageFlags = [
-          "-fprofile-instr-generate"
-          "-fcoverage-mapping"
-        ];
-      in
-      {
-        CFLAGS = toString coverageFlags;
-        CXXFLAGS = toString coverageFlags;
-      };
-
-    # Done in a pre-configure hook, because $NIX_BUILD_TOP needs to be substituted.
-    preConfigure = prevAttrs.preConfigure or "" + ''
-      mappingFlag=" -fcoverage-prefix-map=$NIX_BUILD_TOP/${finalAttrs.src.name}=${finalAttrs.src}"
-      CFLAGS+="$mappingFlag"
-      CXXFLAGS+="$mappingFlag"
-    '';
-  };
-
-  componentOverrides = (lib.optional withCoverage collectCoverageLayer);
-in
-
-rec {
-  nixComponentsInstrumented = nixComponents.overrideScope (
-    final: prev: {
-      withASan = withSanitizers;
-      withUBSan = withSanitizers;
-
-      nix-store-tests = prev.nix-store-tests.override { withBenchmarks = true; };
-      # Boehm is incompatible with ASAN.
-      nix-expr = prev.nix-expr.override { enableGC = !withSanitizers; };
-
-      mesonComponentOverrides = lib.composeManyExtensions componentOverrides;
-      # Unclear how to make Perl bindings work with a dynamically linked ASAN.
-      nix-perl-bindings = if withSanitizers then null else prev.nix-perl-bindings;
-    }
-  );
-
-  # Import NixOS tests using the instrumented components
-  nixosTests = import ../../../tests/nixos {
-    inherit lib pkgs;
-    nixComponents = nixComponentsInstrumented;
-    nixpkgs = nixFlake.inputs.nixpkgs;
-    inherit (nixFlake.inputs) nixpkgs-23-11;
-  };
-
-  /**
-    Top-level tests for the flake outputs, as they would be built by hydra.
-    These tests generally can't be overridden to run with sanitizers.
-  */
-  topLevel = {
-    installerScriptForGHA = hydraJobs.installerScriptForGHA.${system};
-    installTests = hydraJobs.installTests.${system};
-    nixpkgsLibTests = hydraJobs.tests.nixpkgsLibTests.${system};
-    rl-next = pkgs.buildPackages.runCommand "test-rl-next-release-notes" { } ''
-      LANG=C.UTF-8 ${pkgs.changelog-d}/bin/changelog-d ${../../../doc/manual/rl-next} >$out
-    '';
-    repl-completion = pkgs.callPackage ../../../tests/repl-completion.nix { inherit (packages') nix; };
-
-    /**
-      Checks for our packaging expressions.
-      This shouldn't build anything significant; just check that things
-      (including derivations) are _set up_ correctly.
-    */
-    packaging-overriding =
-      let
-        nix = packages'.nix;
-      in
-      assert (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src.patches == [ pkgs.emptyFile ];
-      if pkgs.stdenv.buildPlatform.isDarwin then
-        lib.warn "packaging-overriding check currently disabled because of a permissions issue on macOS" pkgs.emptyFile
-      else
-        # If this fails, something might be wrong with how we've wired the scope,
-        # or something could be broken in Nixpkgs.
-        pkgs.testers.testEqualContents {
-          assertion = "trivial patch does not change source contents";
-          expected = "${../../..}";
-          actual =
-            # Same for all components; nix-util is an arbitrary pick
-            (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src;
-        };
-  };
-
-  componentTests =
-    (lib.concatMapAttrs (
-      pkgName: pkg:
-      lib.concatMapAttrs (testName: test: {
-        "${componentTestsPrefix}${pkgName}-${testName}" = test;
-      }) (pkg.tests or { })
-    ) nixComponentsInstrumented)
-    // lib.optionalAttrs (pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) {
-      "${componentTestsPrefix}nix-functional-tests" = nixComponentsInstrumented.nix-functional-tests;
-      "${componentTestsPrefix}nix-json-schema-checks" = nixComponentsInstrumented.nix-json-schema-checks;
-    };
-
-  codeCoverage =
-    let
-      componentsTestsToProfile =
-        (builtins.mapAttrs (n: v: nixComponentsInstrumented.${n}.tests.run) {
-          "nix-util-tests" = { };
-          "nix-store-tests" = { };
-          "nix-fetchers-tests" = { };
-          "nix-expr-tests" = { };
-          "nix-flake-tests" = { };
-        })
-        // {
-          inherit (nixComponentsInstrumented) nix-functional-tests;
-        };
-
-      coverageProfileDrvs = lib.mapAttrs (
-        n: v:
-        v.overrideAttrs (
-          finalAttrs: prevAttrs: {
-            outputs = (prevAttrs.outputs or [ "out" ]) ++ [ "profraw" ];
-            env = {
-              LLVM_PROFILE_FILE = "${placeholder "profraw"}/%m";
-            };
-          }
-        )
-      ) componentsTestsToProfile;
-
-      coverageProfiles = lib.mapAttrsToList (n: v: lib.getOutput "profraw" v) coverageProfileDrvs;
-
-      mergedProfdata =
-        pkgs.runCommand "merged-profdata"
-          {
-            __structuredAttrs = true;
-            nativeBuildInputs = [ pkgs.llvmPackages.libllvm ];
-            inherit coverageProfiles;
-          }
-          ''
-            rawProfiles=()
-            for dir in "''\${coverageProfiles[@]}"; do
-              rawProfiles+=($dir/*)
-            done
-            llvm-profdata merge -sparse -output $out "''\${rawProfiles[@]}"
-          '';
-
-      coverageReports =
-        let
-          nixComponentDrvs = lib.filter (lib.isDerivation) (lib.attrValues nixComponentsInstrumented);
-        in
-        pkgs.runCommand "code-coverage-report"
-          {
-            nativeBuildInputs = [
-              pkgs.llvmPackages.libllvm
-              pkgs.jq
-            ];
-            __structuredAttrs = true;
-            nixComponents = nixComponentDrvs;
-          }
-          ''
-            # ${toString (lib.map (v: v.src) nixComponentDrvs)}
-
-            binaryFiles=()
-            for dir in "''\${nixComponents[@]}"; do
-              readarray -t filesInDir < <(find "$dir" -type f -executable)
-              binaryFiles+=("''\${filesInDir[@]}")
-            done
-
-            arguments=$(concatStringsSep " -object " binaryFiles)
-            llvm-cov show $arguments -instr-profile ${mergedProfdata} -output-dir $out -format=html
-
-            {
-              echo "# Code coverage summary (generated via \`llvm-cov\`):"
-              echo
-              echo '```'
-              llvm-cov report $arguments -instr-profile ${mergedProfdata} -format=text -use-color=false
-              echo '```'
-              echo
-            } >> $out/index.txt
-
-            llvm-cov export $arguments -instr-profile ${mergedProfdata} -format=text > $out/coverage.json
-
-            mkdir -p $out/nix-support
-
-            coverageTotals=$(jq ".data[0].totals" $out/coverage.json)
-
-            # Mostly inline from pkgs/build-support/setup-hooks/make-coverage-analysis-report.sh [1],
-            # which we can't use here, because we rely on LLVM's infra for source code coverage collection.
-            # [1]: https://github.com/NixOS/nixpkgs/blob/67bb48c4c8e327417d6d5aa7e538244b209e852b/pkgs/build-support/setup-hooks/make-coverage-analysis-report.sh#L16
-            declare -A metricsArray=(["lineCoverage"]="lines" ["functionCoverage"]="functions" ["branchCoverage"]="branches")
-
-            for metricName in "''\${!metricsArray[@]}"; do
-              key="''\${metricsArray[$metricName]}"
-              metric=$(echo "$coverageTotals" | jq ".$key.percent * 10 | round / 10")
-              echo "$metricName $metric %" >> $out/nix-support/hydra-metrics
-            done
-
-            echo "report coverage $out" >> $out/nix-support/hydra-build-products
-          '';
-    in
-    assert withCoverage;
-    assert stdenv.cc.isClang;
-    {
-      inherit coverageProfileDrvs mergedProfdata coverageReports;
-    };
-
-  vmTests = {
-    inherit (nixosTests) s3-binary-cache-store;
-  }
-  // lib.optionalAttrs (!withSanitizers && !withCoverage) {
-    # evalNixpkgs uses non-instrumented components from hydraJobs, so only run it
-    # when not testing with sanitizers to avoid rebuilding nix
-    inherit (hydraJobs.tests) evalNixpkgs;
-    # FIXME: CI times out when building vm tests instrumented
-    inherit (nixosTests)
-      functional_user
-      githubFlakes
-      nix-docker
-      tarballFlakes
-      ;
-  };
-}

ci/gha/tests/pre-commit-checks

@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-system=$(nix eval --raw --impure --expr builtins.currentSystem)
-
-echo "::group::Running pre-commit checks"
-
-if nix build ".#checks.$system.pre-commit" -L; then
-    echo "::endgroup::"
-    exit 0
-fi
-
-echo "::error ::Changes do not pass pre-commit checks"
-
-cat <<EOF
-The code isn't formatted or doesn't pass lints. You can run pre-commit locally with:
-
-    nix develop -c ./maintainers/format.sh
-EOF
-
-echo "::endgroup::"
-
-exit 1

ci/gha/tests/wrapper.nix

@@ -1,16 +0,0 @@
-{
-  nixFlake ? builtins.getFlake ("git+file://" + toString ../../..),
-  system ? builtins.currentSystem,
-  pkgs ? nixFlake.inputs.nixpkgs.legacyPackages.${system},
-  stdenv ? "stdenv",
-  componentTestsPrefix ? "",
-  withInstrumentation ? false,
-}@args:
-import ./. (
-  args
-  // {
-    getStdenv = p: p.${stdenv};
-    withSanitizers = withInstrumentation;
-    withCoverage = withInstrumentation;
-  }
-)

doc/manual/meson.build

@@ -1,5 +1,4 @@
-project(
-  'nix-manual',
+project('nix-manual',
   version : files('.version'),
   meson_version : '>= 1.1',
   license : 'LGPL-2.1-or-later',
@@ -9,45 +8,44 @@ nix = find_program('nix', native : true)
 
 mdbook = find_program('mdbook', native : true)
 bash = find_program('bash', native : true)
-rsync = find_program('rsync', required : true, native : true)
+rsync = find_program('rsync', required: true, native: true)
 
 pymod = import('python')
 python = pymod.find_installation('python3')
 
 nix_env_for_docs = {
-  'HOME' : '/dummy',
-  'NIX_CONF_DIR' : '/dummy',
-  'NIX_SSL_CERT_FILE' : '/dummy/no-ca-bundle.crt',
-  'NIX_STATE_DIR' : '/dummy',
-  'NIX_CONFIG' : 'cores = 0',
+  'HOME': '/dummy',
+  'NIX_CONF_DIR': '/dummy',
+  'NIX_SSL_CERT_FILE': '/dummy/no-ca-bundle.crt',
+  'NIX_STATE_DIR': '/dummy',
+  'NIX_CONFIG': 'cores = 0',
 }
 
-nix_for_docs = [ nix, '--experimental-features', 'nix-command' ]
+nix_for_docs = [nix, '--experimental-features', 'nix-command']
 nix_eval_for_docs_common = nix_for_docs + [
   'eval',
-  '-I',
-  'nix=' + meson.current_source_dir(),
+  '-I', 'nix=' + meson.current_source_dir(),
   '--store', 'dummy://',
   '--impure',
 ]
 nix_eval_for_docs = nix_eval_for_docs_common + '--raw'
 
 conf_file_json = custom_target(
-  command : nix_for_docs + [ 'config', 'show', '--json' ],
+  command : nix_for_docs + ['config', 'show', '--json'],
   capture : true,
   output : 'conf-file.json',
   env : nix_env_for_docs,
 )
 
 language_json = custom_target(
-  command : [ nix, '__dump-language' ],
+  command: [nix, '__dump-language'],
   output : 'language.json',
   capture : true,
   env : nix_env_for_docs,
 )
 
 nix3_cli_json = custom_target(
-  command : [ nix, '__dump-cli' ],
+  command : [nix, '__dump-cli'],
   capture : true,
   output : 'nix.json',
   env : nix_env_for_docs,
@@ -81,14 +79,13 @@ manual = custom_target(
   'manual',
   command : [
     bash,
-    '-euo',
-    'pipefail',
+    '-euo', 'pipefail',
     '-c',
     '''
         @0@ @INPUT0@ @CURRENT_SOURCE_DIR@ > @DEPFILE@
         @0@ @INPUT1@ summary @2@ < @CURRENT_SOURCE_DIR@/source/SUMMARY.md.in > @2@/source/SUMMARY.md
         sed -e 's|@version@|@3@|g' < @INPUT2@ > @2@/book.toml
-        @4@ -r -L --include='*.md' @CURRENT_SOURCE_DIR@/ @2@/
+        @4@ -r --include='*.md' @CURRENT_SOURCE_DIR@/ @2@/
         (cd @2@; RUST_LOG=warn @1@ build -d @2@ 3>&2 2>&1 1>&3) | { grep -Fv "because fragment resolution isn't implemented" || :; } 3>&2 2>&1 1>&3
         rm -rf @2@/manual
         mv @2@/html @2@/manual
@@ -115,7 +112,6 @@ manual = custom_target(
     builtins_md,
     rl_next_generated,
     summary_rl_next,
-    json_schema_generated_files,
     nix_input,
   ],
   output : [
@@ -124,8 +120,8 @@ manual = custom_target(
   ],
   depfile : 'manual.d',
   env : {
-    'RUST_LOG' : 'info',
-    'MDBOOK_SUBSTITUTE_SEARCH' : meson.current_build_dir() / 'source',
+    'RUST_LOG': 'info',
+    'MDBOOK_SUBSTITUTE_SEARCH': meson.current_build_dir() / 'source',
   },
 )
 manual_html = manual[0]
@@ -137,8 +133,7 @@ install_subdir(
 )
 
 nix_nested_manpages = [
-  [
-    'nix-env',
+  [ 'nix-env',
     [
       'delete-generations',
       'install',
@@ -153,8 +148,7 @@ nix_nested_manpages = [
       'upgrade',
     ],
   ],
-  [
-    'nix-store',
+  [ 'nix-store',
     [
       'add-fixed',
       'add',

doc/manual/package.nix

@@ -12,7 +12,6 @@
   rsync,
   nix-cli,
   changelog-d,
-  json-schema-for-humans,
   officialRelease,
 
   # Configuration Options
@@ -33,13 +32,6 @@ mkMesonDerivation (finalAttrs: {
     fileset.difference
       (fileset.unions [
         ../../.version
-        # For example JSON
-        ../../src/libutil-tests/data/hash
-        ../../src/libstore-tests/data/content-address
-        ../../src/libstore-tests/data/store-path
-        ../../src/libstore-tests/data/derived-path
-        ../../src/libstore-tests/data/path-info
-        ../../src/libstore-tests/data/nar-info
         # Too many different types of files to filter for now
         ../../doc/manual
         ./.
@@ -54,24 +46,24 @@ mkMesonDerivation (finalAttrs: {
   ];
 
   # Hack for sake of the dev shell
-  passthru.externalNativeBuildInputs = [
-    meson
-    ninja
-    (lib.getBin lowdown-unsandboxed)
-    mdbook
-    mdbook-linkcheck
-    jq
-    python3
-    rsync
-    json-schema-for-humans
-    changelog-d
-  ]
-  ++ lib.optionals (!officialRelease) [
-    # When not an official release, we likely have changelog entries that have
-    # yet to be rendered.
-    # When released, these are rendered into a committed file to save a dependency.
-    changelog-d
-  ];
+  passthru.externalNativeBuildInputs =
+    [
+      meson
+      ninja
+      (lib.getBin lowdown-unsandboxed)
+      mdbook
+      mdbook-linkcheck
+      jq
+      python3
+      rsync
+      changelog-d
+    ]
+    ++ lib.optionals (!officialRelease) [
+      # When not an official release, we likely have changelog entries that have
+      # yet to be rendered.
+      # When released, these are rendered into a committed file to save a dependency.
+      changelog-d
+    ];
 
   nativeBuildInputs = finalAttrs.passthru.externalNativeBuildInputs ++ [
     nix-cli

doc/manual/rl-next/build-cores-auto-detect.md

@@ -0,0 +1,6 @@
+---
+synopsis: "`build-cores = 0` now auto-detects CPU cores"
+prs: [13402]
+---
+
+When `build-cores` is set to `0`, nix now automatically detects the number of available CPU cores and passes this value via `NIX_BUILD_CORES`, instead of passing `0` directly. This matches the behavior when `build-cores` is unset. This prevents the builder from having to detect the number of cores.

doc/manual/rl-next/s3-curl-implementation.md

@@ -1,26 +0,0 @@
----
-synopsis: "Improved S3 binary cache support via HTTP"
-prs: [13823, 14026, 14120, 14131, 14135, 14144, 14170, 14190, 14198, 14206, 14209, 14222, 14223, 13752]
-issues: [13084, 12671, 11748, 12403]
----
-
-S3 binary cache operations now happen via HTTP, leveraging `libcurl`'s native
-AWS SigV4 authentication instead of the AWS C++ SDK, providing significant
-improvements:
-
-- **Reduced memory usage**: Eliminates memory buffering issues that caused
-  segfaults with large files
-- **Fixed upload reliability**: Resolves AWS SDK chunking errors
-  (`InvalidChunkSizeError`)
-- **Lighter dependencies**: Uses lightweight `aws-crt-cpp` instead of full
-  `aws-cpp-sdk`, reducing build complexity
-
-The new implementation requires curl >= 7.75.0 and `aws-crt-cpp` for credential
-management.
-
-All existing S3 URL formats and parameters remain supported, with the notable
-exception of multi-part uploads, which are no longer supported.
-
-Note that this change also means Nix now supports S3 binary cache stores even
-if build without `aws-crt-cpp`, but only for public buckets which do not
-require auth.

doc/manual/rl-next/s3-object-versioning.md

@@ -1,14 +0,0 @@
----
-synopsis: "S3 URLs now support object versioning via versionId parameter"
-prs: [14274]
-issues: [13955]
----
-
-S3 URLs now support a `versionId` query parameter to fetch specific versions
-of objects from S3 buckets with versioning enabled. This allows pinning to
-exact object versions for reproducibility and protection against unexpected
-changes:
-
-```
-s3://bucket/key?region=us-east-1&versionId=abc123def456
-```

doc/manual/source/SUMMARY.md.in

@@ -117,12 +117,8 @@
 - [Architecture and Design](architecture/architecture.md)
 - [Formats and Protocols](protocols/index.md)
   - [JSON Formats](protocols/json/index.md)
-    - [Hash](protocols/json/hash.md)
-    - [Content Address](protocols/json/content-address.md)
-    - [Store Path](protocols/json/store-path.md)
     - [Store Object Info](protocols/json/store-object-info.md)
     - [Derivation](protocols/json/derivation.md)
-    - [Deriving Path](protocols/json/deriving-path.md)
   - [Serving Tarball Flakes](protocols/tarball-fetcher.md)
   - [Store Path Specification](protocols/store-path.md)
   - [Nix Archive (NAR) Format](protocols/nix-archive.md)
@@ -132,7 +128,6 @@
 - [Development](development/index.md)
   - [Building](development/building.md)
   - [Testing](development/testing.md)
-  - [Benchmarking](development/benchmarking.md)
   - [Debugging](development/debugging.md)
   - [Documentation](development/documentation.md)
   - [CLI guideline](development/cli-guideline.md)
@@ -142,8 +137,6 @@
   - [Contributing](development/contributing.md)
 - [Releases](release-notes/index.md)
 {{#include ./SUMMARY-rl-next.md}}
-  - [Release 2.32 (2025-10-06)](release-notes/rl-2.32.md)
-  - [Release 2.31 (2025-08-21)](release-notes/rl-2.31.md)
   - [Release 2.30 (2025-07-07)](release-notes/rl-2.30.md)
   - [Release 2.29 (2025-05-14)](release-notes/rl-2.29.md)
   - [Release 2.28 (2025-04-02)](release-notes/rl-2.28.md)

doc/manual/source/command-ref/env-common.md

@@ -75,7 +75,7 @@ Most Nix commands interpret the following environment variables:
 - <span id="env-NIX_CONF_DIR">[`NIX_CONF_DIR`](#env-NIX_CONF_DIR)</span>
 
   Overrides the location of the system Nix configuration directory
-  (default `sysconfdir/nix`, i.e. `/etc/nix` on most systems).
+  (default `prefix/etc/nix`).
 
 - <span id="env-NIX_CONFIG">[`NIX_CONFIG`](#env-NIX_CONFIG)</span>
 

doc/manual/source/command-ref/meson.build

@@ -1,13 +1,13 @@
 xp_features_json = custom_target(
-  command : [ nix, '__dump-xp-features' ],
+  command : [nix, '__dump-xp-features'],
   capture : true,
   output : 'xp-features.json',
-  env : nix_env_for_docs,
 )
 
 experimental_features_shortlist_md = custom_target(
   command : nix_eval_for_docs + [
-    '--expr', 'import @INPUT0@ (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
+    '--expr',
+    'import @INPUT0@ (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
   ],
   input : [
     '../../generate-xp-features-shortlist.nix',
@@ -19,8 +19,14 @@ experimental_features_shortlist_md = custom_target(
 )
 
 nix3_cli_files = custom_target(
-  command : [ python.full_path(), '@INPUT0@', '@OUTPUT@', '--' ] + nix_eval_for_docs + [
-    '--expr', 'import @INPUT1@ true (builtins.readFile ./@INPUT2@)',
+  command : [
+    python.full_path(),
+    '@INPUT0@',
+    '@OUTPUT@',
+    '--'
+  ] + nix_eval_for_docs + [
+    '--expr',
+    'import @INPUT1@ true (builtins.readFile ./@INPUT2@)',
   ],
   input : [
     '../../remove_before_wrapper.py',
@@ -34,7 +40,8 @@ nix3_cli_files = custom_target(
 conf_file_md_body = custom_target(
   command : [
     nix_eval_for_docs,
-    '--expr', 'import @INPUT0@ { prefix = "conf"; } (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
+    '--expr',
+    'import @INPUT0@ { prefix = "conf"; } (builtins.fromJSON (builtins.readFile ./@INPUT1@))',
   ],
   capture : true,
   input : [

doc/manual/source/command-ref/nix-store/gc.md

@@ -48,7 +48,8 @@ The behaviour of the collector is also influenced by the
 configuration file.
 
 By default, the collector prints the total number of freed bytes when it
-finishes (or when it is interrupted).
+finishes (or when it is interrupted). With `--print-dead`, it prints the
+number of bytes that would be freed.
 
 {{#include ./opt-common.md}}
 

doc/manual/source/development/benchmarking.md

@@ -1,187 +0,0 @@
-# Running Benchmarks
-
-This guide explains how to build and run performance benchmarks in the Nix codebase.
-
-## Overview
-
-Nix uses the [Google Benchmark](https://github.com/google/benchmark) framework for performance testing. Benchmarks help measure and track the performance of critical operations like derivation parsing.
-
-## Building Benchmarks
-
-Benchmarks are disabled by default and must be explicitly enabled during the build configuration. For accurate results, use a debug-optimized release build.
-
-### Development Environment Setup
-
-First, enter the development shell which includes the necessary dependencies:
-
-```bash
-nix develop .#native-ccacheStdenv
-```
-
-### Configure Build with Benchmarks
-
-From the project root, configure the build with benchmarks enabled and optimization:
-
-```bash
-cd build
-meson configure -Dbenchmarks=true -Dbuildtype=debugoptimized
-```
-
-The `debugoptimized` build type provides:
-- Compiler optimizations for realistic performance measurements
-- Debug symbols for profiling and analysis
-- Balance between performance and debuggability
-
-### Build the Benchmarks
-
-Build the project including benchmarks:
-
-```bash
-ninja
-```
-
-This will create benchmark executables in the build directory. Currently available:
-- `build/src/libstore-tests/nix-store-benchmarks` - Store-related performance benchmarks
-
-Additional benchmark executables will be created as more benchmarks are added to the codebase.
-
-## Running Benchmarks
-
-### Basic Usage
-
-Run benchmark executables directly. For example, to run store benchmarks:
-
-```bash
-./build/src/libstore-tests/nix-store-benchmarks
-```
-
-As more benchmark executables are added, run them similarly from their respective build directories.
-
-### Filtering Benchmarks
-
-Run specific benchmarks using regex patterns:
-
-```bash
-# Run only derivation parser benchmarks
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_filter="derivation.*"
-
-# Run only benchmarks for hello.drv
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_filter=".*hello.*"
-```
-
-### Output Formats
-
-Generate benchmark results in different formats:
-
-```bash
-# JSON output
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=json > results.json
-
-# CSV output
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=csv > results.csv
-```
-
-### Advanced Options
-
-```bash
-# Run benchmarks multiple times for better statistics
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_repetitions=10
-
-# Set minimum benchmark time (useful for micro-benchmarks)
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_min_time=2
-
-# Compare against baseline
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_baseline=baseline.json
-
-# Display time in custom units
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_time_unit=ms
-```
-
-## Writing New Benchmarks
-
-To add new benchmarks:
-
-1. Create a new `.cc` file in the appropriate `*-tests` directory
-2. Include the benchmark header:
-   ```cpp
-   #include <benchmark/benchmark.h>
-   ```
-
-3. Write benchmark functions:
-   ```cpp
-   static void BM_YourBenchmark(benchmark::State & state)
-   {
-       // Setup code here
-
-       for (auto _ : state) {
-           // Code to benchmark
-       }
-   }
-   BENCHMARK(BM_YourBenchmark);
-   ```
-
-4. Add the file to the corresponding `meson.build`:
-   ```meson
-   benchmarks_sources = files(
-       'your-benchmark.cc',
-       # existing benchmarks...
-   )
-   ```
-
-## Profiling with Benchmarks
-
-For deeper performance analysis, combine benchmarks with profiling tools:
-
-```bash
-# Using Linux perf
-perf record ./build/src/libstore-tests/nix-store-benchmarks
-perf report
-```
-
-### Using Valgrind Callgrind
-
-Valgrind's callgrind tool provides detailed profiling information that can be visualized with kcachegrind:
-
-```bash
-# Profile with callgrind
-valgrind --tool=callgrind ./build/src/libstore-tests/nix-store-benchmarks
-
-# Visualize the results with kcachegrind
-kcachegrind callgrind.out.*
-```
-
-This provides:
-- Function call graphs
-- Instruction-level profiling
-- Source code annotation
-- Interactive visualization of performance bottlenecks
-
-## Continuous Performance Testing
-
-```bash
-# Save baseline results
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_format=json > baseline.json
-
-# Compare against baseline in CI
-./build/src/libstore-tests/nix-store-benchmarks --benchmark_baseline=baseline.json
-```
-
-## Troubleshooting
-
-### Benchmarks not building
-
-Ensure benchmarks are enabled:
-```bash
-meson configure build | grep benchmarks
-# Should show: benchmarks true
-```
-
-### Inconsistent results
-
-- Ensure your system is not under heavy load
-- Disable CPU frequency scaling for consistent results
-- Run benchmarks multiple times with `--benchmark_repetitions`
-
-## See Also
-
-- [Google Benchmark documentation](https://github.com/google/benchmark/blob/main/docs/user_guide.md)

doc/manual/source/development/building.md

@@ -23,7 +23,7 @@ $ nix-shell
 To get a shell with one of the other [supported compilation environments](#compilation-environments):
 
 ```console
-$ nix-shell --attr devShells.x86_64-linux.native-clangStdenv
+$ nix-shell --attr devShells.x86_64-linux.native-clangStdenvPackages
 ```
 
 > **Note**
@@ -34,7 +34,7 @@ $ nix-shell --attr devShells.x86_64-linux.native-clangStdenv
 To build Nix itself in this shell:
 
 ```console
-[nix-shell]$ out="$(pwd)/outputs/out" dev=$out debug=$out mesonFlags+=" --prefix=${out}"
+[nix-shell]$ mesonFlags+=" --prefix=$(pwd)/outputs/out"
 [nix-shell]$ dontAddPrefix=1 configurePhase
 [nix-shell]$ buildPhase
 ```
@@ -215,18 +215,14 @@ nix build .#nix-everything-x86_64-w64-mingw32
 
 For historic reasons and backward-compatibility, some CPU and OS identifiers are translated as follows:
 
-| `host_machine.cpu_family()` | `host_machine.endian()` | Nix                 |
-|-----------------------------|-------------------------|---------------------|
-| `x86`                       |                         | `i686`              |
-| `arm`                       |                         | `host_machine.cpu()`|
-| `ppc`                       | `little`                | `powerpcle`         |
-| `ppc64`                     | `little`                | `powerpc64le`       |
-| `ppc`                       | `big`                   | `powerpc`           |
-| `ppc64`                     | `big`                   | `powerpc64`         |
-| `mips`                      | `little`                | `mipsel`            |
-| `mips64`                    | `little`                | `mips64el`          |
-| `mips`                      | `big`                   | `mips`              |
-| `mips64`                    | `big`                   | `mips64`            |
+| `config.guess`             | Nix                 |
+|----------------------------|---------------------|
+| `amd64`                    | `x86_64`            |
+| `i*86`                     | `i686`              |
+| `arm6`                     | `arm6l`             |
+| `arm7`                     | `arm7l`             |
+| `linux-gnu*`               | `linux`             |
+| `linux-musl*`              | `linux`             |
 
 ## Compilation environments
 

doc/manual/source/development/debugging.md

@@ -24,19 +24,6 @@ It is also possible to build without debugging for faster build:
 
 (The first line is needed because `fortify` hardening requires at least some optimization.)
 
-## Building Nix with sanitizers
-
-Nix can be built with [Address](https://clang.llvm.org/docs/AddressSanitizer.html) and
-[UB](https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html) sanitizers using LLVM
-or GCC. This is useful when debugging memory corruption issues.
-
-```console
-[nix-shell]$ export mesonBuildType=debugoptimized
-[nix-shell]$ appendToVar mesonFlags "-Dlibexpr:gc=disabled" # Disable Boehm
-[nix-shell]$ appendToVar mesonFlags "-Dbindings=false" # Disable nix-perl
-[nix-shell]$ appendToVar mesonFlags "-Db_sanitize=address,undefined"
-```
-
 ## Debugging the Nix Binary
 
 Obtain your preferred debugger within the development shell:

doc/manual/source/development/documentation.md

@@ -25,31 +25,20 @@ nix build .#nix-manual
 and open `./result/share/doc/nix/manual/index.html`.
 
 
-To build the manual incrementally, [enter the development shell](./building.md) and configure with `doc-gen` enabled:
-
-**If using interactive `nix develop`:**
+To build the manual incrementally, [enter the development shell](./building.md) and run:
 
 ```console
-$ nix develop
-$ mesonFlags="$mesonFlags -Ddoc-gen=true" mesonConfigurePhase
+make manual-html-open -j $NIX_BUILD_CORES
 ```
 
-**If using direnv:**
+In order to reflect changes to the [Makefile for the manual], clear all generated files before re-building:
+
+[Makefile for the manual]: https://github.com/NixOS/nix/blob/master/doc/manual/local.mk
 
 ```console
-$ direnv allow
-$ bash -c 'source $stdenv/setup && mesonFlags="$mesonFlags -Ddoc-gen=true" mesonConfigurePhase'
+rm $(git ls-files doc/manual/ -o | grep -F '.md') && rmdir doc/manual/source/command-ref/new-cli && make manual-html -j $NIX_BUILD_CORES
 ```
 
-Then build the manual:
-
-```console
-$ cd build
-$ meson compile manual
-```
-
-The HTML manual will be generated at `build/src/nix-manual/manual/index.html`.
-
 ## Style guide
 
 The goal of this style guide is to make it such that
@@ -240,9 +229,3 @@ $ configurePhase
 $ ninja src/external-api-docs/html
 $ xdg-open src/external-api-docs/html/index.html
 ```
-
-If you use direnv, or otherwise want to run `configurePhase` in a transient shell, use:
-
-```bash
-nix-shell -A devShells.x86_64-linux.native-clangStdenv --command 'appendToVar mesonFlags "-Ddoc-gen=true"; mesonConfigurePhase'
-```

doc/manual/source/development/meson.build

@@ -1,12 +1,12 @@
 experimental_feature_descriptions_md = custom_target(
   command : nix_eval_for_docs + [
-    '--expr', 'import @INPUT0@ (builtins.fromJSON (builtins.readFile @INPUT1@))',
+    '--expr',
+    'import @INPUT0@ (builtins.fromJSON (builtins.readFile @INPUT1@))',
   ],
   input : [
     '../../generate-xp-features.nix',
     xp_features_json,
   ],
   capture : true,
-  env : nix_env_for_docs,
   output : 'experimental-feature-descriptions.md',
 )

doc/manual/source/installation/installing-docker.md

@@ -3,21 +3,19 @@
 To run the latest stable release of Nix with Docker run the following command:
 
 ```console
-$ docker run -ti docker.io/nixos/nix
-Unable to find image 'docker.io/nixos/nix:latest' locally
-latest: Pulling from docker.io/nixos/nix
+$ docker run -ti ghcr.io/nixos/nix
+Unable to find image 'ghcr.io/nixos/nix:latest' locally
+latest: Pulling from ghcr.io/nixos/nix
 5843afab3874: Pull complete
 b52bf13f109c: Pull complete
 1e2415612aa3: Pull complete
 Digest: sha256:27f6e7f60227e959ee7ece361f75d4844a40e1cc6878b6868fe30140420031ff
-Status: Downloaded newer image for docker.io/nixos/nix:latest
+Status: Downloaded newer image for ghcr.io/nixos/nix:latest
 35ca4ada6e96:/# nix --version
 nix (Nix) 2.3.12
 35ca4ada6e96:/# exit
 ```
 
-> If you want the latest pre-release you can use ghcr.io/nixos/nix and view them at https://github.com/nixos/nix/pkgs/container/nix
-
 # What is included in Nix's Docker image?
 
 The official Docker image is created using `pkgs.dockerTools.buildLayeredImage`

doc/manual/source/installation/prerequisites-source.md

@@ -10,7 +10,7 @@
   - Bash Shell. The `./configure` script relies on bashisms, so Bash is
     required.
 
-  - A version of GCC or Clang that supports C++23.
+  - A version of GCC or Clang that supports C++20.
 
   - `pkg-config` to locate dependencies. If your distribution does not
     provide it, you can get it from

doc/manual/source/installation/uninstall.md

@@ -41,38 +41,6 @@ There may also be references to Nix in
 
 which you may remove.
 
-### FreeBSD
-
-1. Stop and remove the Nix daemon service:
-
-   ```console
-   sudo service nix-daemon stop
-   sudo rm -f /usr/local/etc/rc.d/nix-daemon
-   sudo sysrc -x nix_daemon_enable
-   ```
-
-2. Remove files created by Nix:
-
-   ```console
-   sudo rm -rf /etc/nix /usr/local/etc/profile.d/nix.sh /nix ~root/.nix-channels ~root/.nix-defexpr ~root/.nix-profile ~root/.cache/nix
-   ```
-
-3. Remove build users and their group:
-
-   ```console
-   for i in $(seq 1 32); do
-     sudo pw userdel nixbld$i
-   done
-   sudo pw groupdel nixbld
-   ```
-
-4. There may also be references to Nix in:
-   - `/usr/local/etc/bashrc`
-   - `/usr/local/etc/zshrc`
-   - Shell configuration files in users' home directories
-
-   which you may remove.
-
 ### macOS
 
 > **Updating to macOS 15 Sequoia**

doc/manual/source/language/advanced-attributes.md

@@ -160,6 +160,7 @@ See the [corresponding section in the derivation output page](@docroot@/store/de
 ## Other output modifications
 
   - [`unsafeDiscardReferences`]{#adv-attr-unsafeDiscardReferences}\
+
     When using [structured attributes](#adv-attr-structuredAttrs), the
     attribute `unsafeDiscardReferences` is an attribute set with a boolean value for each output name.
     If set to `true`, it disables scanning the output for runtime dependencies.
@@ -194,6 +195,7 @@ See the [corresponding section in the derivation output page](@docroot@/store/de
     [`builder`]: ./derivations.md#attr-builder
 
 - [`requiredSystemFeatures`]{#adv-attr-requiredSystemFeatures}\
+
   If a derivation has the `requiredSystemFeatures` attribute, then Nix will only build it on a machine that has the corresponding features set in its [`system-features` configuration](@docroot@/command-ref/conf-file.md#conf-system-features).
 
   For example, setting

doc/manual/source/language/builtins-prefix.md

@@ -5,28 +5,12 @@ All built-ins are available through the global [`builtins`](#builtins-builtins)
 
 Some built-ins are also exposed directly in the global scope:
 
+<!-- TODO(@rhendric, #10970): this list is incomplete -->
+
 - [`derivation`](#builtins-derivation)
-- `derivationStrict`
-- [`abort`](#builtins-abort)
-- [`baseNameOf`](#builtins-baseNameOf)
-- [`break`](#builtins-break)
-- [`dirOf`](#builtins-dirOf)
-- [`false`](#builtins-false)
-- [`fetchGit`](#builtins-fetchGit)
-- `fetchMercurial`
-- [`fetchTarball`](#builtins-fetchTarball)
-- [`fetchTree`](#builtins-fetchTree)
-- [`fromTOML`](#builtins-fromTOML)
 - [`import`](#builtins-import)
-- [`isNull`](#builtins-isNull)
-- [`map`](#builtins-map)
-- [`null`](#builtins-null)
-- [`placeholder`](#builtins-placeholder)
-- [`removeAttrs`](#builtins-removeAttrs)
-- `scopedImport`
+- [`abort`](#builtins-abort)
 - [`throw`](#builtins-throw)
-- [`toString`](#builtins-toString)
-- [`true`](#builtins-true)
 
 <dl>
   <dt id="builtins-derivation"><a href="#builtins-derivation"><code>derivation <var>attrs</var></code></a></dt>

doc/manual/source/language/meson.build

@@ -1,13 +1,19 @@
 builtins_md = custom_target(
-  command : [ python.full_path(), '@INPUT0@', '@OUTPUT@', '--' ] + nix_eval_for_docs + [
-    '--expr', '(builtins.readFile @INPUT3@) + import @INPUT1@ (builtins.fromJSON (builtins.readFile ./@INPUT2@)) + (builtins.readFile @INPUT4@)',
+  command : [
+    python.full_path(),
+    '@INPUT0@',
+    '@OUTPUT@',
+    '--'
+  ] + nix_eval_for_docs + [
+    '--expr',
+    '(builtins.readFile @INPUT3@) + import @INPUT1@ (builtins.fromJSON (builtins.readFile ./@INPUT2@)) + (builtins.readFile @INPUT4@)',
   ],
   input : [
     '../../remove_before_wrapper.py',
     '../../generate-builtins.nix',
     language_json,
     'builtins-prefix.md',
-    'builtins-suffix.md',
+    'builtins-suffix.md'
   ],
   output : 'builtins.md',
   env : nix_env_for_docs,

doc/manual/source/meson.build

@@ -1,11 +1,7 @@
-# Process JSON schema documentation
-subdir('protocols')
-
 summary_rl_next = custom_target(
   command : [
     bash,
-    '-euo',
-    'pipefail',
+    '-euo', 'pipefail',
     '-c',
     '''
       if [ -e "@INPUT@" ]; then
@@ -16,6 +12,6 @@ summary_rl_next = custom_target(
   input : [
     rl_next_generated,
   ],
-  capture : true,
+  capture: true,
   output : 'SUMMARY-rl-next.md',
 )

doc/manual/source/protocols/json/content-address.md

@@ -1,21 +0,0 @@
-{{#include content-address-v1-fixed.md}}
-
-## Examples
-
-### [Text](@docroot@/store/store-object/content-address.html#method-text) method
-
-```json
-{{#include schema/content-address-v1/text.json}}
-```
-
-### [Nix Archive](@docroot@/store/store-object/content-address.html#method-nix-archive) method
-
-```json
-{{#include schema/content-address-v1/nar.json}}
-```
-
-<!-- need to convert YAML to JSON first
-## Raw Schema
-
-[JSON Schema for Hash v1](schema/content-address-v1.json)
--->

doc/manual/source/protocols/json/derivation.md

@@ -1,7 +1,97 @@
-{{#include derivation-v3-fixed.md}}
+# Derivation JSON Format
 
-<!-- need to convert YAML to JSON first
-## Raw Schema
+> **Warning**
+>
+> This JSON format is currently
+> [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
+> and subject to change.
 
-[JSON Schema for Derivation v3](schema/derivation-v3.json)
--->
+The JSON serialization of a
+[derivations](@docroot@/glossary.md#gloss-store-derivation)
+is a JSON object with the following fields:
+
+* `name`:
+  The name of the derivation.
+  This is used when calculating the store paths of the derivation's outputs.
+
+* `outputs`:
+  Information about the output paths of the derivation.
+  This is a JSON object with one member per output, where the key is the output name and the value is a JSON object with these fields:
+
+  * `path`:
+    The output path, if it is known in advanced.
+    Otherwise, `null`.
+
+
+  * `method`:
+    For an output which will be [content addressed], a string representing the [method](@docroot@/store/store-object/content-address.md) of content addressing that is chosen.
+    Valid method strings are:
+
+    - [`flat`](@docroot@/store/store-object/content-address.md#method-flat)
+    - [`nar`](@docroot@/store/store-object/content-address.md#method-nix-archive)
+    - [`text`](@docroot@/store/store-object/content-address.md#method-text)
+    - [`git`](@docroot@/store/store-object/content-address.md#method-git)
+
+    Otherwise, `null`.
+
+  * `hashAlgo`:
+    For an output which will be [content addressed], the name of the hash algorithm used.
+    Valid algorithm strings are:
+
+    - `blake3`
+    - `md5`
+    - `sha1`
+    - `sha256`
+    - `sha512`
+
+  * `hash`:
+    For fixed-output derivations, the expected content hash in base-16.
+
+  > **Example**
+  >
+  > ```json
+  > "outputs": {
+  >   "out": {
+  >     "path": "/nix/store/2543j7c6jn75blc3drf4g5vhb1rhdq29-source",
+  >     "method": "nar",
+  >     "hashAlgo": "sha256",
+  >     "hash": "6fc80dcc62179dbc12fc0b5881275898f93444833d21b89dfe5f7fbcbb1d0d62"
+  >   }
+  > }
+  > ```
+
+* `inputSrcs`:
+  A list of store paths on which this derivation depends.
+
+* `inputDrvs`:
+  A JSON object specifying the derivations on which this derivation depends, and what outputs of those derivations.
+
+  > **Example**
+  >
+  > ```json
+  > "inputDrvs": {
+  >   "/nix/store/6lkh5yi7nlb7l6dr8fljlli5zfd9hq58-curl-7.73.0.drv": ["dev"],
+  >   "/nix/store/fn3kgnfzl5dzym26j8g907gq3kbm8bfh-unzip-6.0.drv": ["out"]
+  > }
+  > ```
+
+  specifies that this derivation depends on the `dev` output of `curl`, and the `out` output of `unzip`.
+
+* `system`:
+  The system type on which this derivation is to be built
+  (e.g. `x86_64-linux`).
+
+* `builder`:
+  The absolute path of the program to be executed to run the build.
+  Typically this is the `bash` shell
+  (e.g. `/nix/store/r3j288vpmczbl500w6zz89gyfa4nr0b1-bash-4.4-p23/bin/bash`).
+
+* `args`:
+  The command-line arguments passed to the `builder`.
+
+* `env`:
+  The environment passed to the `builder`.
+
+* `structuredAttrs`:
+  [Strucutured Attributes](@docroot@/store/derivation/index.md#structured-attrs), only defined if the derivation contains them.
+  Structured attributes are JSON, and thus embedded as-is.

doc/manual/source/protocols/json/deriving-path.md

@@ -1,21 +0,0 @@
-{{#include deriving-path-v1-fixed.md}}
-
-## Examples
-
-### Constant
-
-```json
-{{#include schema/deriving-path-v1/single_opaque.json}}
-```
-
-### Output of static derivation
-
-```json
-{{#include schema/deriving-path-v1/single_built.json}}
-```
-
-### Output of dynamic derivation
-
-```json
-{{#include schema/deriving-path-v1/single_built_built.json}}
-```

doc/manual/source/protocols/json/fixup-json-schema-generated-doc.sed

@@ -1,17 +0,0 @@
-# For some reason, backticks in the JSON schema are being escaped rather
-# than being kept as intentional code spans. This removes all backtick
-# escaping, which is an ugly solution, but one that is fine, because we
-# are not using backticks for any other purpose.
-s/\\`/`/g
-
-# The way that semi-external references are rendered (i.e. ones to
-# sibling schema files, as opposed to separate website ones, is not nice
-# for humans. Replace it with a nice relative link within the manual
-# instead.
-#
-# As we have more such relative links, more replacements of this nature
-# should appear below.
-s^\(./hash-v1.yaml\)\?#/$defs/algorithm^[JSON format for `Hash`](./hash.html#algorithm)^g
-s^\(./hash-v1.yaml\)^[JSON format for `Hash`](./hash.html)^g
-s^\(./content-address-v1.yaml\)\?#/$defs/method^[JSON format for `ContentAddress`](./content-address.html#method)^g
-s^\(./content-address-v1.yaml\)^[JSON format for `ContentAddress`](./content-address.html)^g

doc/manual/source/protocols/json/hash.md

@@ -1,33 +0,0 @@
-{{#include hash-v1-fixed.md}}
-
-## Examples
-
-### SHA-256 with Base64 encoding
-
-```json
-{{#include schema/hash-v1/sha256-base64.json}}
-```
-
-### SHA-256 with Base16 (hexadecimal) encoding
-
-```json
-{{#include schema/hash-v1/sha256-base16.json}}
-```
-
-### SHA-256 with Nix32 encoding
-
-```json
-{{#include schema/hash-v1/sha256-nix32.json}}
-```
-
-### BLAKE3 with Base64 encoding
-
-```json
-{{#include schema/hash-v1/blake3-base64.json}}
-```
-
-<!-- need to convert YAML to JSON first
-## Raw Schema
-
-[JSON Schema for Hash v1](schema/hash-v1.json)
--->

doc/manual/source/protocols/json/json-schema-for-humans-config.yaml

@@ -1,17 +0,0 @@
-# Configuration file for json-schema-for-humans
-#
-# https://github.com/coveooss/json-schema-for-humans/blob/main/docs/examples/examples_md_default/Configuration.md
-
-template_name: md
-show_toc: true
-# impure timestamp and distracting
-with_footer: false
-recursive_detection_depth: 3
-show_breadcrumbs: false
-description_is_markdown: true
-template_md_options:
-  properties_table_columns:
-    - Property
-    - Type
-    - Pattern
-    - Title/Description

doc/manual/source/protocols/json/meson.build

@@ -1,78 +0,0 @@
-# Tests in: ../../../../src/json-schema-checks
-
-fs = import('fs')
-
-# Find json-schema-for-humans if available
-json_schema_for_humans = find_program('generate-schema-doc', required : false)
-
-# Configuration for json-schema-for-humans
-json_schema_config = files('json-schema-for-humans-config.yaml')
-
-schemas = [
-  'hash-v1',
-  'content-address-v1',
-  'store-path-v1',
-  'store-object-info-v1',
-  'derivation-v3',
-  'deriving-path-v1',
-]
-
-schema_files = files()
-foreach schema_name : schemas
-  schema_files += files('schema' / schema_name + '.yaml')
-endforeach
-
-
-schema_outputs = []
-foreach schema_name : schemas
-  schema_outputs += schema_name + '.md'
-endforeach
-
-json_schema_generated_files = []
-
-# Generate markdown documentation from JSON schema
-# Note: output must be just a filename, not a path
-gen_file = custom_target(
-  schema_name + '-schema-docs.tmp',
-  command : [
-    json_schema_for_humans,
-    '--config-file',
-    json_schema_config,
-    meson.current_source_dir() / 'schema',
-    meson.current_build_dir(),
-  ],
-  input : schema_files + [
-    json_schema_config,
-  ],
-  output : schema_outputs,
-  capture : false,
-  build_by_default : true,
-)
-
-idx = 0
-if json_schema_for_humans.found()
-  foreach schema_name : schemas
-    #schema_file = 'schema' / schema_name + '.yaml'
-
-    # There is one so-so hack, and one horrible hack being done here.
-    sedded_file = custom_target(
-      schema_name + '-schema-docs',
-      command : [
-        'sed',
-        '-f',
-        # Out of line to avoid https://github.com/mesonbuild/meson/issues/1564
-        files('fixup-json-schema-generated-doc.sed'),
-        '@INPUT@',
-      ],
-      capture : true,
-      input : gen_file[idx],
-      output : schema_name + '-fixed.md',
-    )
-    idx += 1
-    json_schema_generated_files += [ sedded_file ]
-  endforeach
-else
-  warning(
-    'json-schema-for-humans not found, skipping JSON schema documentation generation',
-  )
-endif

doc/manual/source/protocols/json/schema/content-address-v1

@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/content-address

doc/manual/source/protocols/json/schema/content-address-v1.yaml

@@ -1,55 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/content-address-v1.json"
-title: Content Address
-description: |
-  This schema describes the JSON representation of Nix's `ContentAddress` type, which conveys information about [content-addressing store objects](@docroot@/store/store-object/content-address.md).
-
-  > **Note**
-  >
-  > For current methods of content addressing, this data type is a bit suspicious, because it is neither simply a content address of a file system object (the `method` is richer), nor simply a content address of a store object (the `hash` doesn't account for the references).
-  > It should thus only be used in contexts where the references are also known / otherwise made tamper-resistant.
-
-  <!--
-  TODO currently `ContentAddress` is used in both of these, and so same rationale applies, but actually in both cases the JSON is currently ad-hoc.
-  That will be fixed, and as each is fixed, the example (along with a more precise link to the field in question) should be become part of the above note, so what is is saying is more clear.
-
-  > For example:
-
-  > - Fixed outputs of derivations are not allowed to have any references, so an empty reference set is statically known by assumption.
-
-  > - [Store object info](./store-object-info.md) includes the set of references along side the (optional) content address.
-
-  > This data type is thus safely used in both of these contexts.
-
-  -->
-
-type: object
-properties:
-  method:
-    "$ref": "#/$defs/method"
-  hash:
-    title: Content Address
-    description: |
-      This would be the content-address itself.
-
-      For all current methods, this is just a content address of the file system object of the store object, [as described in the store chapter](@docroot@/store/file-system-object/content-address.md), and not of the store object as a whole.
-      In particular, the references of the store object are *not* taken into account with this hash (and currently-supported methods).
-    "$ref": "./hash-v1.yaml"
-required:
-- method
-- hash
-additionalProperties: false
-"$defs":
-  method:
-    type: string
-    enum: [flat, nar, text, git]
-    title: Content-Addressing Method
-    description: |
-      A string representing the [method](@docroot@/store/store-object/content-address.md) of content addressing that is chosen.
-
-      Valid method strings are:
-
-      - [`flat`](@docroot@/store/store-object/content-address.md#method-flat) (provided the contents are a single file)
-      - [`nar`](@docroot@/store/store-object/content-address.md#method-nix-archive)
-      - [`text`](@docroot@/store/store-object/content-address.md#method-text)
-      - [`git`](@docroot@/store/store-object/content-address.md#method-git)

doc/manual/source/protocols/json/schema/derivation-v3.yaml

@@ -1,203 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/derivation-v3.json"
-title: Derivation
-description: |
-  Experimental JSON representation of a Nix derivation (version 3).
-
-  This schema describes the JSON representation of Nix's `Derivation` type.
-
-  > **Warning**
-  >
-  > This JSON format is currently
-  > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
-  > and subject to change.
-
-type: object
-required:
-  - name
-  - version
-  - outputs
-  - inputSrcs
-  - inputDrvs
-  - system
-  - builder
-  - args
-  - env
-properties:
-  name:
-    type: string
-    title: Derivation name
-    description: |
-      The name of the derivation.
-      Used when calculating store paths for the derivation’s outputs.
-
-  version:
-    const: 3
-    title: Format version (must be 3)
-    description: |
-      Must be `3`.
-      This is a guard that allows us to continue evolving this format.
-      The choice of `3` is fairly arbitrary, but corresponds to this informal version:
-
-      - Version 0: A-Term format
-
-      - Version 1: Original JSON format, with ugly `"r:sha256"` inherited from A-Term format.
-
-      - Version 2: Separate `method` and `hashAlgo` fields in output specs
-
-      - Version 3: Drop store dir from store paths, just include base name.
-
-      Note that while this format is experimental, the maintenance of versions is best-effort, and not promised to identify every change.
-
-  outputs:
-    type: object
-    title: Output specifications
-    description: |
-     Information about the output paths of the derivation.
-     This is a JSON object with one member per output, where the key is the output name and the value is a JSON object as described.
-
-      > **Example**
-      >
-      > ```json
-      > "outputs": {
-      >   "out": {
-      >     "method": "nar",
-      >     "hashAlgo": "sha256",
-      >     "hash": "6fc80dcc62179dbc12fc0b5881275898f93444833d21b89dfe5f7fbcbb1d0d62"
-      >   }
-      > }
-      > ```
-    additionalProperties:
-      "$ref": "#/$defs/output"
-
-  inputSrcs:
-    type: array
-    title: Input source paths
-    description: |
-      List of store paths on which this derivation depends.
-
-      > **Example**
-      >
-      > ```json
-      > "inputSrcs": [
-      >   "47y241wqdhac3jm5l7nv0x4975mb1975-separate-debug-info.sh",
-      >   "56d0w71pjj9bdr363ym3wj1zkwyqq97j-fix-pop-var-context-error.patch"
-      > ]
-      > ```
-    items:
-      $ref: "store-path-v1.yaml"
-
-  inputDrvs:
-    type: object
-    title: Input derivations
-    description: |
-      Mapping of derivation paths to lists of output names they provide.
-
-      > **Example**
-      >
-      > ```json
-      > "inputDrvs": {
-      >   "6lkh5yi7nlb7l6dr8fljlli5zfd9hq58-curl-7.73.0.drv": ["dev"],
-      >   "fn3kgnfzl5dzym26j8g907gq3kbm8bfh-unzip-6.0.drv": ["out"]
-      > }
-      > ```
-      >
-      > specifies that this derivation depends on the `dev` output of `curl`, and the `out` output of `unzip`.
-    patternProperties:
-      "^[0123456789abcdfghijklmnpqrsvwxyz]{32}-.+\\.drv$":
-        title: Store Path
-        description: |
-          A store path to a derivation, mapped to the outputs of that derivation.
-        oneOf:
-        - "$ref": "#/$defs/outputNames"
-        - "$ref": "#/$defs/dynamicOutputs"
-    additionalProperties: false
-
-  system:
-    type: string
-    title: Build system type
-    description: |
-      The system type on which this derivation is to be built
-      (e.g. `x86_64-linux`).
-
-  builder:
-    type: string
-    title: Build program path
-    description: |
-      Absolute path of the program used to perform the build.
-      Typically this is the `bash` shell
-      (e.g. `/nix/store/r3j288vpmczbl500w6zz89gyfa4nr0b1-bash-4.4-p23/bin/bash`).
-
-  args:
-    type: array
-    title: Builder arguments
-    description: |
-      Command-line arguments passed to the `builder`.
-    items:
-      type: string
-
-  env:
-    type: object
-    title: Environment variables
-    description: |
-      Environment variables passed to the `builder`.
-    additionalProperties:
-      type: string
-
-  structuredAttrs:
-    title: Structured attributes
-    description: |
-      [Structured Attributes](@docroot@/store/derivation/index.md#structured-attrs), only defined if the derivation contains them.
-      Structured attributes are JSON, and thus embedded as-is.
-    type: object
-    additionalProperties: true
-
-"$defs":
-  output:
-    type: object
-    properties:
-      path:
-        $ref: "store-path-v1.yaml"
-        title: Output path
-        description: |
-          The output path, if known in advance.
-
-      method:
-        "$ref": "./content-address-v1.yaml#/$defs/method"
-        description: |
-          For an output which will be [content addressed](@docroot@/store/derivation/outputs/content-address.md), a string representing the [method](@docroot@/store/store-object/content-address.md) of content addressing that is chosen.
-          See the linked original definition for further details.
-      hashAlgo:
-        title: Hash algorithm
-        "$ref": "./hash-v1.yaml#/$defs/algorithm"
-
-      hash:
-        type: string
-        title: Expected hash value
-        description: |
-          For fixed-output derivations, the expected content hash in base-16.
-
-  outputName:
-    type: string
-    title: Output name
-    description: Name of the derivation output to depend on
-
-  outputNames:
-    type: array
-    title: Output Names
-    description: Set of names of derivation outputs to depend on
-    items:
-      "$ref": "#/$defs/outputName"
-
-  dynamicOutputs:
-    type: object
-    title: Dynamic Outputs
-    description: |
-      **Experimental feature**: [`dynamic-derivations`](@docroot@/development/experimental-features.md#xp-feature-dynamic-derivations)
-
-      This recursive data type allows for depending on outputs of outputs.
-    properties:
-      outputs:
-        "$ref": "#/$defs/outputNames"
-      dynamicOutputs:
-          "$ref": "#/$defs/dynamicOutputs"

doc/manual/source/protocols/json/schema/deriving-path-v1

@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/derived-path

doc/manual/source/protocols/json/schema/deriving-path-v1.yaml

@@ -1,27 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/deriving-path-v1.json"
-title: Deriving Path
-description: |
-  This schema describes the JSON representation of Nix's [Deriving Path](@docroot@/store/derivation/index.md#deriving-path).
-oneOf:
-  - title: Constant
-    description: |
-      See [Constant](@docroot@/store/derivation/index.md#deriving-path-constant) deriving path.
-    $ref: "store-path-v1.yaml"
-  - title: Output
-    description: |
-      See [Output](@docroot@/store/derivation/index.md#deriving-path-output) deriving path.
-    type: object
-    properties:
-      drvPath:
-        "$ref": "#"
-        description: |
-          A deriving path to a [Derivation](@docroot@/store/derivation/index.md#store-derivation), whose output is being referred to.
-      output:
-        type: string
-        description: |
-          The name of an output produced by that derivation (e.g. "out", "doc", etc.).
-    required:
-      - drvPath
-      - output
-    additionalProperties: false

doc/manual/source/protocols/json/schema/hash-v1

@@ -1 +0,0 @@
-../../../../../../src/libutil-tests/data/hash/

doc/manual/source/protocols/json/schema/hash-v1.yaml

@@ -1,54 +0,0 @@
-"$schema": "http://json-schema.org/draft-04/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/hash-v1.json"
-title: Hash
-description: |
-  A cryptographic hash value used throughout Nix for content addressing and integrity verification.
-
-  This schema describes the JSON representation of Nix's `Hash` type.
-type: object
-properties:
-  algorithm:
-    "$ref": "#/$defs/algorithm"
-  format:
-    type: string
-    enum:
-    - base64
-    - nix32
-    - base16
-    - sri
-    title: Hash format
-    description: |
-      The encoding format of the hash value.
-
-      - `base64` uses standard Base64 encoding [RFC 4648, section 4](https://datatracker.ietf.org/doc/html/rfc4648#section-4)
-      - `nix32` is Nix-specific base-32 encoding
-      - `base16` is lowercase hexadecimal
-      - `sri` is the [Subresource Integrity format](https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity).
-  hash:
-    type: string
-    title: Hash
-    description: |
-      The encoded hash value, itself.
-
-      It is specified in the format specified by the `format` field.
-      It must be the right length for the hash algorithm specified in the `algorithm` field, also.
-      The hash value does not include any algorithm prefix.
-required:
-- algorithm
-- format
-- hash
-additionalProperties: false
-"$defs":
-  algorithm:
-    type: string
-    enum:
-    - blake3
-    - md5
-    - sha1
-    - sha256
-    - sha512
-    title: Hash algorithm
-    description: |
-      The hash algorithm used to compute the hash value.
-
-      `blake3` is currently experimental and requires the [`blake-hashing`](@docroot@/development/experimental-features.md#xp-feature-blake-hashing) experimental feature.

doc/manual/source/protocols/json/schema/nar-info-v1

@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/nar-info

doc/manual/source/protocols/json/schema/store-object-info-v1

@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/path-info

doc/manual/source/protocols/json/schema/store-object-info-v1.yaml

@@ -1,235 +0,0 @@
-"$schema": "http://json-schema.org/draft-07/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/store-object-info-v1.json"
-title: Store Object Info
-description: |
-  Information about a [store object](@docroot@/store/store-object.md).
-
-  This schema describes the JSON representation of store object metadata as returned by commands like [`nix path-info --json`](@docroot@/command-ref/new-cli/nix3-path-info.md).
-
-  > **Warning**
-  >
-  > This JSON format is currently
-  > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
-  > and subject to change.
-
-  ### Field Categories
-
-  Store object information can come in a few different variations.
-
-  Firstly, "impure" fields, which contain non-intrinsic information about the store object, may or may not be included.
-
-  Second, binary cache stores have extra non-intrinsic infomation about the store objects they contain.
-
-  Thirdly, [`nix path-info --json --closure-size`](@docroot@/command-ref/new-cli/nix3-path-info.html#opt-closure-size) can compute some extra information about not just the single store object in question, but the store object and its [closure](@docroot@/glossary.md#gloss-closure).
-
-  The impure and NAR fields are grouped into separate variants below.
-  See their descriptions for additional information.
-  The closure fields however as just included as optional fields, to avoid a combinatorial explosion of variants.
-
-oneOf:
-  - $ref: "#/$defs/base"
-
-  - $ref: "#/$defs/impure"
-
-  - $ref: "#/$defs/narInfo"
-
-$defs:
-  base:
-    title: Store Object Info
-    description: |
-      Basic store object metadata containing only intrinsic properties.
-      This is the minimal set of fields that describe what a store object contains.
-    type: object
-    required:
-      - narHash
-      - narSize
-      - references
-      - ca
-    properties:
-      path:
-        type: string
-        title: Store Path
-        description: |
-          [Store path](@docroot@/store/store-path.md) to the given store object.
-
-          Note: This field may not be present in all contexts, such as when the path is used as the key and the the store object info the value in map.
-
-      narHash:
-        type: string
-        title: NAR Hash
-        description: |
-          Hash of the [file system object](@docroot@/store/file-system-object.md) part of the store object when serialized as a [Nix Archive](@docroot@/store/file-system-object/content-address.md#serial-nix-archive).
-
-      narSize:
-        type: integer
-        minimum: 0
-        title: NAR Size
-        description: |
-          Size of the [file system object](@docroot@/store/file-system-object.md) part of the store object when serialized as a [Nix Archive](@docroot@/store/file-system-object/content-address.md#serial-nix-archive).
-
-      references:
-        type: array
-        title: References
-        description: |
-          An array of [store paths](@docroot@/store/store-path.md), possibly including this one.
-        items:
-          type: string
-
-      ca:
-        type: ["string", "null"]
-        title: Content Address
-        description: |
-          If the store object is [content-addressed](@docroot@/store/store-object/content-address.md),
-          this is the content address of this store object's file system object, used to compute its store path.
-          Otherwise (i.e. if it is [input-addressed](@docroot@/glossary.md#gloss-input-addressed-store-object)), this is `null`.
-    additionalProperties: false
-
-  impure:
-    title: Store Object Info with Impure Fields
-    description: |
-      Store object metadata including impure fields that are not *intrinsic* properties.
-      In other words, the same store object in different stores could have different values for these impure fields.
-    type: object
-    required:
-      - narHash
-      - narSize
-      - references
-      - ca
-      # impure
-      - deriver
-      - registrationTime
-      - ultimate
-      - signatures
-    properties:
-      path: { $ref: "#/$defs/base/properties/path" }
-      narHash: { $ref: "#/$defs/base/properties/narHash" }
-      narSize: { $ref: "#/$defs/base/properties/narSize" }
-      references: { $ref: "#/$defs/base/properties/references" }
-      ca: { $ref: "#/$defs/base/properties/ca" }
-      deriver:
-        type: ["string", "null"]
-        title: Deriver
-        description: |
-          If known, the path to the [store derivation](@docroot@/glossary.md#gloss-store-derivation) from which this store object was produced.
-          Otherwise `null`.
-
-          > This is an "impure" field that may not be included in certain contexts.
-
-      registrationTime:
-        type: ["integer", "null"]
-        title: Registration Time
-        description: |
-          If known, when this derivation was added to the store (Unix timestamp).
-          Otherwise `null`.
-
-          > This is an "impure" field that may not be included in certain contexts.
-
-      ultimate:
-        type: boolean
-        title: Ultimate
-        description: |
-          Whether this store object is trusted because we built it ourselves, rather than substituted a build product from elsewhere.
-
-          > This is an "impure" field that may not be included in certain contexts.
-
-      signatures:
-        type: array
-        title: Signatures
-        description: |
-          Signatures claiming that this store object is what it claims to be.
-          Not relevant for [content-addressed](@docroot@/store/store-object/content-address.md) store objects,
-          but useful for [input-addressed](@docroot@/glossary.md#gloss-input-addressed-store-object) store objects.
-
-          > This is an "impure" field that may not be included in certain contexts.
-        items:
-          type: string
-
-      # Computed closure fields
-      closureSize:
-        type: integer
-        minimum: 0
-        title: Closure Size
-        description: |
-          The total size of this store object and every other object in its [closure](@docroot@/glossary.md#gloss-closure).
-
-          > This field is not stored at all, but computed by traversing the other fields across all the store objects in a closure.
-    additionalProperties: false
-
-  narInfo:
-    title: Store Object Info with Impure fields and NAR Info
-    description: |
-      The store object info in the "binary cache" family of Nix store type contain extra information pertaining to *downloads* of the store object in question.
-      (This store info is called "NAR info", since the downloads take the form of [Nix Archives](@docroot@/store/file-system-object/content-address.md#serial-nix-archive, and the metadata is served in a file with a `.narinfo` extension.)
-
-      This download information, being specific to how the store object happens to be stored and transferred, is also considered to be non-intrinsic / impure.
-    type: object
-    required:
-      - narHash
-      - narSize
-      - references
-      - ca
-      # impure
-      - deriver
-      - registrationTime
-      - ultimate
-      - signatures
-      # nar
-      - url
-      - compression
-      - downloadHash
-      - downloadSize
-    properties:
-      path: { $ref: "#/$defs/base/properties/path" }
-      narHash: { $ref: "#/$defs/base/properties/narHash" }
-      narSize: { $ref: "#/$defs/base/properties/narSize" }
-      references: { $ref: "#/$defs/base/properties/references" }
-      ca: { $ref: "#/$defs/base/properties/ca" }
-      deriver: { $ref: "#/$defs/impure/properties/deriver" }
-      registrationTime: { $ref: "#/$defs/impure/properties/registrationTime" }
-      ultimate: { $ref: "#/$defs/impure/properties/ultimate" }
-      signatures: { $ref: "#/$defs/impure/properties/signatures" }
-      closureSize: { $ref: "#/$defs/impure/properties/closureSize" }
-      url:
-        type: string
-        title: URL
-        description: |
-          Where to download a compressed archive of the file system objects of this store object.
-
-          > This is an impure "`.narinfo`" field that may not be included in certain contexts.
-
-      compression:
-        type: string
-        title: Compression
-        description: |
-          The compression format that the archive is in.
-
-          > This is an impure "`.narinfo`" field that may not be included in certain contexts.
-
-      downloadHash:
-        type: string
-        title: Download Hash
-        description: |
-          A digest for the compressed archive itself, as opposed to the data contained within.
-
-          > This is an impure "`.narinfo`" field that may not be included in certain contexts.
-
-      downloadSize:
-        type: integer
-        minimum: 0
-        title: Download Size
-        description: |
-          The size of the compressed archive itself.
-
-          > This is an impure "`.narinfo`" field that may not be included in certain contexts.
-
-      closureDownloadSize:
-        type: integer
-        minimum: 0
-        title: Closure Download Size
-        description: |
-          The total size of the compressed archive itself for this object, and the compressed archive of every object in this object's [closure](@docroot@/glossary.md#gloss-closure).
-
-          > This is an impure "`.narinfo`" field that may not be included in certain contexts.
-
-          > This field is not stored at all, but computed by traversing the other fields across all the store objects in a closure.
-    additionalProperties: false

doc/manual/source/protocols/json/schema/store-path-v1

@@ -1 +0,0 @@
-../../../../../../src/libstore-tests/data/store-path

doc/manual/source/protocols/json/schema/store-path-v1.yaml

@@ -1,32 +0,0 @@
-"$schema": "http://json-schema.org/draft-07/schema"
-"$id": "https://nix.dev/manual/nix/latest/protocols/json/schema/store-path-v1.json"
-title: Store Path
-description: |
-  A [store path](@docroot@/store/store-path.md) identifying a store object.
-
-  This schema describes the JSON representation of store paths as used in various Nix JSON APIs.
-
-  > **Warning**
-  >
-  > This JSON format is currently
-  > [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
-  > and subject to change.
-
-  ## Format
-
-  Store paths in JSON are represented as strings containing just the hash and name portion, without the store directory prefix.
-
-  For example: `"g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-foo.drv"`
-
-  (If the store dir is `/nix/store`, then this corresponds to the path `/nix/store/g1w7hy3qg1w7hy3qg1w7hy3qg1w7hy3q-foo.drv`.)
-
-  ## Structure
-
-  The format follows this pattern: `${digest}-${name}`
-
-  - **hash**: Digest rendered in a custom variant of [Base32](https://en.wikipedia.org/wiki/Base32) (20 arbitrary bytes become 32 ASCII characters)
-  - **name**: The package name and optional version/suffix information
-
-type: string
-pattern: "^[0123456789abcdfghijklmnpqrsvwxyz]{32}-.+$"
-minLength: 34

doc/manual/source/protocols/json/store-object-info.md

@@ -1,45 +1,102 @@
-{{#include store-object-info-v1-fixed.md}}
+# Store object info JSON format
 
-## Examples
+> **Warning**
+>
+> This JSON format is currently
+> [**experimental**](@docroot@/development/experimental-features.md#xp-feature-nix-command)
+> and subject to change.
 
-### Minimal store object (content-addressed)
+Info about a [store object].
 
-```json
-{{#include schema/store-object-info-v1/pure.json}}
-```
+* `path`:
 
-### Store object with impure fields
+  [Store path][store path] to the given store object.
 
-```json
-{{#include schema/store-object-info-v1/impure.json}}
-```
+* `narHash`:
 
-### Minimal store object (empty)
+  Hash of the [file system object] part of the store object when serialized as a [Nix Archive].
 
-```json
-{{#include schema/store-object-info-v1/empty_pure.json}}
-```
+* `narSize`:
 
-### Store object with all impure fields
+  Size of the [file system object] part of the store object when serialized as a [Nix Archive].
 
-```json
-{{#include schema/store-object-info-v1/empty_impure.json}}
-```
+* `references`:
 
-### NAR info (minimal)
+  An array of [store paths][store path], possibly including this one.
 
-```json
-{{#include schema/nar-info-v1/pure.json}}
-```
+* `ca`:
 
-### NAR info (with binary cache fields)
+  If the store object is [content-addressed],
+  this is the content address of this store object's file system object, used to compute its store path.
+  Otherwise (i.e. if it is [input-addressed]), this is `null`.
 
-```json
-{{#include schema/nar-info-v1/impure.json}}
-```
+[store path]: @docroot@/store/store-path.md
+[file system object]: @docroot@/store/file-system-object.md
+[Nix Archive]: @docroot@/store/file-system-object/content-address.md#serial-nix-archive
 
-<!-- need to convert YAML to JSON first
-## Raw Schema
+## Impure fields
 
-[JSON Schema for Store Object Info v1](schema/store-object-info-v1.json)
--->
+These are not intrinsic properties of the store object.
+In other words, the same store object residing in different store could have different values for these properties.
+
+* `deriver`:
+
+  If known, the path to the [store derivation] from which this store object was produced.
+  Otherwise `null`.
+
+  [store derivation]: @docroot@/glossary.md#gloss-store-derivation
+
+* `registrationTime` (optional):
+
+  If known, when this derivation was added to the store.
+  Otherwise `null`.
+
+* `ultimate`:
+
+  Whether this store object is trusted because we built it ourselves, rather than substituted a build product from elsewhere.
+
+* `signatures`:
+
+  Signatures claiming that this store object is what it claims to be.
+  Not relevant for [content-addressed] store objects,
+  but useful for [input-addressed] store objects.
+
+[content-addressed]: @docroot@/store/store-object/content-address.md
+[input-addressed]: @docroot@/glossary.md#gloss-input-addressed-store-object
+
+### `.narinfo` extra fields
+
+This meta data is specific to the "binary cache" family of Nix store types.
+This information is not intrinsic to the store object, but about how it is stored.
+
+* `url`:
+
+  Where to download a compressed archive of the file system objects of this store object.
+
+* `compression`:
+
+  The compression format that the archive is in.
+
+* `fileHash`:
+
+  A digest for the compressed archive itself, as opposed to the data contained within.
+
+* `fileSize`:
+
+  The size of the compressed archive itself.
+
+## Computed closure fields
+
+These fields are not stored at all, but computed by traversing the other fields across all the store objects in a [closure].
+
+* `closureSize`:
+
+  The total size of the compressed archive itself for this object, and the compressed archive of every object in this object's [closure].
+
+### `.narinfo` extra fields
+
+* `closureSize`:
+
+  The total size of this store object and every other object in its [closure].
+
+[closure]: @docroot@/glossary.md#gloss-closure

doc/manual/source/protocols/json/store-path.md

@@ -1,15 +0,0 @@
-{{#include store-path-v1-fixed.md}}
-
-## Examples
-
-### Simple store path
-
-```json
-{{#include schema/store-path-v1/simple.json}}
-```
-
-<!-- need to convert YAML to JSON first
-## Raw Schema
-
-[JSON Schema for Store Path v1](schema/store-path-v1.json)
--->

doc/manual/source/protocols/meson.build

@@ -1,2 +0,0 @@
-# Process JSON schema documentation
-subdir('json')

doc/manual/source/protocols/nix-archive.md

@@ -24,7 +24,7 @@ nar-obj-inner
   | str("type"), str("directory") directory
   ;
 
-regular = [ str("executable") ], str("contents"), str(contents);
+regular = [ str("executable"), str("") ], str("contents"), str(contents);
 
 symlink = str("target"), str(target);
 

doc/manual/source/release-notes/rl-2.31.md

@@ -1,96 +0,0 @@
-# Release 2.31.0 (2025-08-21)
-
-- `build-cores = 0` now auto-detects CPU cores [#13402](https://github.com/NixOS/nix/pull/13402)
-
-  When `build-cores` is set to `0`, Nix now automatically detects the number of available CPU cores and passes this value via `NIX_BUILD_CORES`, instead of passing `0` directly. This matches the behavior when `build-cores` is unset. This prevents the builder from having to detect the number of cores.
-
-- Fix Git LFS SSH issues [#13337](https://github.com/NixOS/nix/issues/13337) [#13743](https://github.com/NixOS/nix/pull/13743)
-
-  Fixed some outstanding issues with Git LFS and SSH.
-
-  * Added support for `NIX_SSHOPTS`.
-  * Properly use the parsed port from URL.
-  * Better use of the response of `git-lfs-authenticate` to determine API endpoint when the API is not exposed on port 443.
-
-- Add support for `user@address:port` syntax in store URIs [#7044](https://github.com/NixOS/nix/issues/7044) [#3425](https://github.com/NixOS/nix/pull/3425)
-
-  It's now possible to specify the port used for SSH stores directly in the store URL in accordance with [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986). Previously the only way to specify custom ports was via `ssh_config` or the `NIX_SSHOPTS` environment variable, because Nix incorrectly passed the port number together with the host name to the SSH executable.
-
-  This change affects [store references](@docroot@/store/types/index.md#store-url-format) passed via the `--store` and similar flags in CLI as well as in the configuration for [remote builders](@docroot@/command-ref/conf-file.md#conf-builders). For example, the following store URIs now work:
-
-  - `ssh://127.0.0.1:2222`
-  - `ssh://[b573:6a48:e224:840b:6007:6275:f8f7:ebf3]:22`
-  - `ssh-ng://[b573:6a48:e224:840b:6007:6275:f8f7:ebf3]:22`
-
-- Represent IPv6 RFC4007 ZoneId literals in conformance with RFC6874 [#13445](https://github.com/NixOS/nix/pull/13445)
-
-  Prior versions of Nix since [#4646](https://github.com/NixOS/nix/pull/4646) accepted [IPv6 scoped addresses](https://datatracker.ietf.org/doc/html/rfc4007) in URIs like [store references](@docroot@/store/types/index.md#store-url-format) in the textual representation with a literal percent character: `[fe80::1%18]`. This was ambiguous, because the the percent literal `%` is reserved by [RFC3986](https://datatracker.ietf.org/doc/html/rfc3986), since it's used to indicate percent encoding. Nix now requires that the percent `%` symbol is percent-encoded as `%25`. This implements [RFC6874](https://datatracker.ietf.org/doc/html/rfc6874), which defines the representation of zone identifiers in URIs. The example from above now has to be specified as `[fe80::1%2518]`.
-
-- Use WAL mode for SQLite cache databases [#13800](https://github.com/NixOS/nix/pull/13800)
-
-  Previously, Nix used SQLite's "truncate" mode for caches. However, this could cause a Nix process to block if another process was updating the cache. This was a problem for the flake evaluation cache in particular, since it uses long-running transactions. Thus, concurrent Nix commands operating on the same flake could be blocked for an unbounded amount of time. WAL mode avoids this problem.
-
-  This change required updating the versions of the SQLite caches. For instance, `eval-cache-v5.sqlite` is now `eval-cache-v6.sqlite`.
-
-- Enable parallel marking in bdwgc [#13708](https://github.com/NixOS/nix/pull/13708)
-
-  Previously marking was done by only one thread, which takes a long time if the heap gets big. Enabling parallel marking speeds up evaluation a lot, for example (on a Ryzen 9 5900X 12-Core):
-
-  * `nix search nixpkgs` from 24.3s to 18.9s.
-  * Evaluating the `NixOS/nix/2.21.2` flake regression test from 86.1s to 71.2s.
-
-- New command `nix flake prefetch-inputs` [#13565](https://github.com/NixOS/nix/pull/13565)
-
-  This command fetches all inputs of a flake in parallel. This can be a lot faster than the serialized on-demand fetching during regular flake evaluation. The downside is that it may fetch inputs that aren't normally used.
-
-- Add `warn-short-path-literals` setting [#13489](https://github.com/NixOS/nix/pull/13489)
-
-  This setting, when enabled, causes Nix to emit warnings when encountering relative path literals that don't start with `.` or `/`, for instance suggesting that `foo/bar` should be rewritten to `./foo/bar`.
-
-- When updating a lock, respect the input's lock file [#13437](https://github.com/NixOS/nix/pull/13437)
-
-  For example, if a flake has a lock for `a` and `a/b`, and we change the flakeref for `a`, previously Nix would fetch the latest version of `b` rather than using the lock for `b` from `a`.
-
-- Implement support for Git hashing with SHA-256 [#13543](https://github.com/NixOS/nix/pull/13543)
-
-  The experimental support for [Git-hashing](@docroot@/development/experimental-features.md#xp-feature-git-hashing) store objects now also includes support for SHA-256, not just SHA-1, in line with upstream Git.
-
-## Contributors
-
-This release was made possible by the following 34 contributors:
-
-- John Soo [**(@jsoo1)**](https://github.com/jsoo1)
-- Alan Urmancheev [**(@alurm)**](https://github.com/alurm)
-- Manse [**(@PedroManse)**](https://github.com/PedroManse)
-- Pol Dellaiera [**(@drupol)**](https://github.com/drupol)
-- DavHau [**(@DavHau)**](https://github.com/DavHau)
-- Leandro Emmanuel Reina Kiperman [**(@kip93)**](https://github.com/kip93)
-- h0nIg [**(@h0nIg)**](https://github.com/h0nIg)
-- Philip Taron [**(@philiptaron)**](https://github.com/philiptaron)
-- Eelco Dolstra [**(@edolstra)**](https://github.com/edolstra)
-- Connor Baker [**(@ConnorBaker)**](https://github.com/ConnorBaker)
-- kenji [**(@a-kenji)**](https://github.com/a-kenji)
-- Oleksandr Knyshuk [**(@k1gen)**](https://github.com/k1gen)
-- Maciej Krüger [**(@mkg20001)**](https://github.com/mkg20001)
-- Justin Bailey [**(@jgbailey-well)**](https://github.com/jgbailey-well)
-- Emily [**(@emilazy)**](https://github.com/emilazy)
-- Volker Diels-Grabsch [**(@vog)**](https://github.com/vog)
-- gustavderdrache [**(@gustavderdrache)**](https://github.com/gustavderdrache)
-- Elliot Cameron [**(@de11n)**](https://github.com/de11n)
-- Alexander V. Nikolaev [**(@avnik)**](https://github.com/avnik)
-- tomberek [**(@tomberek)**](https://github.com/tomberek)
-- Matthew Kenigsberg [**(@mkenigs)**](https://github.com/mkenigs)
-- Sergei Zimmerman [**(@xokdvium)**](https://github.com/xokdvium)
-- Cosima Neidahl [**(@OPNA2608)**](https://github.com/OPNA2608)
-- John Ericson [**(@Ericson2314)**](https://github.com/Ericson2314)
-- m4dc4p [**(@m4dc4p)**](https://github.com/m4dc4p)
-- Graham Christensen [**(@grahamc)**](https://github.com/grahamc)
-- Jason Yundt [**(@Jayman2000)**](https://github.com/Jayman2000)
-- Jens Petersen [**(@juhp)**](https://github.com/juhp)
-- the-sun-will-rise-tomorrow [**(@the-sun-will-rise-tomorrow)**](https://github.com/the-sun-will-rise-tomorrow)
-- Farid Zakaria [**(@fzakaria)**](https://github.com/fzakaria)
-- AGawas [**(@aln730)**](https://github.com/aln730)
-- Robert Hensing [**(@roberth)**](https://github.com/roberth)
-- Dmitry Bogatov [**(@KAction)**](https://github.com/KAction)
-- Jörg Thalheim [**(@Mic92)**](https://github.com/Mic92)
-- Philipp Otterbein

doc/manual/source/release-notes/rl-2.32.md

@@ -1,130 +0,0 @@
-# Release 2.32.0 (2025-10-06)
-
-## Incompatible changes
-
-- Removed support for daemons and clients older than Nix 2.0 [#13951](https://github.com/NixOS/nix/pull/13951)
-
-  We have dropped support in the daemon worker protocol for daemons and clients that don't speak at least version 18 of the protocol. This first Nix release that supports this version is Nix 2.0, released in February 2018.
-
-- Derivation JSON format now uses store path basenames only [#13570](https://github.com/NixOS/nix/issues/13570) [#13980](https://github.com/NixOS/nix/pull/13980)
-
-  Experience with many JSON frameworks (e.g. nlohmann/json in C++, Serde in Rust, and Aeson in Haskell) has shown that the use of the store directory in JSON formats is an impediment to systematic JSON formats, because it requires the serializer/deserializer to take an extra paramater (the store directory).
-
-  We ultimately want to rectify this issue with all JSON formats to the extent allowed by our stability promises. To start with, we are changing the JSON format for derivations because the `nix derivation` commands are — in addition to being formally unstable — less widely used than other unstable commands.
-
-  See the documentation on the [JSON format for derivations](@docroot@/protocols/json/derivation.md) for further details.
-
-- C API: `nix_get_attr_name_byidx`, `nix_get_attr_byidx` take a `nix_value *` instead of `const nix_value *` [#13987](https://github.com/NixOS/nix/pull/13987)
-
-  In order to accommodate a more optimized internal representation of attribute set merges these functions require
-  a mutable `nix_value *` that might be modified on access. This does *not* break the ABI of these functions.
-
-## New features
-
-- C API: Add lazy attribute and list item accessors [#14030](https://github.com/NixOS/nix/pull/14030)
-
-  The C API now includes lazy accessor functions for retrieving values from lists and attribute sets without forcing evaluation:
-
-  - `nix_get_list_byidx_lazy()` - Get a list element without forcing its evaluation
-  - `nix_get_attr_byname_lazy()` - Get an attribute value by name without forcing evaluation
-  - `nix_get_attr_byidx_lazy()` - Get an attribute by index without forcing evaluation
-
-  These functions are useful when forwarding unevaluated sub-values to other lists, attribute sets, or function calls. They allow more efficient handling of Nix values by deferring evaluation until actually needed.
-
-  Additionally, bounds checking has been improved for all `_byidx` functions to properly validate indices before access, preventing potential out-of-bounds errors.
-
-  The documentation for `NIX_ERR_KEY` error handling has also been clarified to specify when this error code is returned.
-
-- HTTP binary caches now support transparent compression for metadata
-
-  HTTP binary cache stores can now compress `.narinfo`, `.ls`, and build log files before uploading them,
-  reducing bandwidth usage and storage requirements. The compression is applied transparently using the
-  `Content-Encoding` header, allowing compatible clients to automatically decompress the files.
-
-  Three new configuration options control this behavior:
-  - `narinfo-compression`: Compression method for `.narinfo` files
-  - `ls-compression`: Compression method for `.ls` files
-  - `log-compression`: Compression method for build logs in `log/` directory
-
-  Example usage:
-  ```
-  nix copy --to 'http://cache.example.com?narinfo-compression=gzip&ls-compression=gzip' /nix/store/...
-  nix store copy-log --to 'http://cache.example.com?log-compression=br' /nix/store/...
-  ```
-
-- Temporary build directories no longer include derivation names [#13839](https://github.com/NixOS/nix/pull/13839)
-
-  Temporary build directories created during derivation builds no longer include the derivation name in their path to avoid build failures when the derivation name is too long. This change ensures predictable prefix lengths for build directories under `/nix/var/nix/builds`.
-
-- External derivation builders [#14145](https://github.com/NixOS/nix/pull/14145)
-
-  These are helper programs that Nix calls to perform derivations for specified system types, e.g. by using QEMU to emulate a different type of platform. For more information, see the [`external-builders` setting](../command-ref/conf-file.md#conf-external-builders).
-
-  This is currently an experimental feature.
-
-## Performance improvements
-
-- Optimize memory usage of attribute set merges [#13987](https://github.com/NixOS/nix/pull/13987)
-
-  [Attribute set update operations](@docroot@/language/operators.md#update) have been optimized to
-  reduce reallocations in cases when the second operand is small.
-
-  For typical evaluations of nixpkgs this optimization leads to ~20% less memory allocated in total
-  without significantly affecting evaluation performance.
-
-  See [eval-attrset-update-layer-rhs-threshold](@docroot@/command-ref/conf-file.md#conf-eval-attrset-update-layer-rhs-threshold)
-
-- Substituted flake inputs are no longer re-copied to the store [#14041](https://github.com/NixOS/nix/pull/14041)
-
-  Since 2.25, Nix would fail to store a cache entry for substituted flake inputs, which in turn would cause them to be re-copied to the store on initial evaluation. Caching these inputs results in a near doubling of performance in some cases — especially on I/O-bound machines and when using commands that fetch many inputs, like `nix flake [archive|prefetch-inputs]`.
-
-- `nix flake check` now skips derivations that can be substituted [#13574](https://github.com/NixOS/nix/pull/13574)
-
-  Previously, `nix flake check` would evaluate and build/substitute all
-  derivations. Now, it will skip downloading derivations that can be substituted.
-  This can drastically decrease the time invocations take in environments where
-  checks may already be cached (like in CI).
-
-- `fetchTarball` and `fetchurl` now correctly substitute (#14138)
-
-  At some point we stopped substituting calls to `fetchTarball` and `fetchurl` with a set `narHash` to avoid incorrectly substituting things in `fetchTree`, even though it would be safe to substitute when calling the legacy `fetch{Tarball,url}`. This fixes that regression where it is safe.
-- Started moving AST allocations into a bump allocator [#14088](https://github.com/NixOS/nix/issues/14088)
-
-  This leaves smaller, immutable structures in the AST. So far this saves about 2% memory on a NixOS config evaluation.
-## Contributors
-
-This release was made possible by the following 32 contributors:
-
-- Farid Zakaria [**(@fzakaria)**](https://github.com/fzakaria)
-- dram [**(@dramforever)**](https://github.com/dramforever)
-- Ephraim Siegfried [**(@EphraimSiegfried)**](https://github.com/EphraimSiegfried)
-- Robert Hensing [**(@roberth)**](https://github.com/roberth)
-- Taeer Bar-Yam [**(@Radvendii)**](https://github.com/Radvendii)
-- Emily [**(@emilazy)**](https://github.com/emilazy)
-- Jens Petersen [**(@juhp)**](https://github.com/juhp)
-- Bernardo Meurer [**(@lovesegfault)**](https://github.com/lovesegfault)
-- Jörg Thalheim [**(@Mic92)**](https://github.com/Mic92)
-- Leandro Emmanuel Reina Kiperman [**(@kip93)**](https://github.com/kip93)
-- Marie [**(@NyCodeGHG)**](https://github.com/NyCodeGHG)
-- Ethan Evans [**(@ethanavatar)**](https://github.com/ethanavatar)
-- Yaroslav Bolyukin [**(@CertainLach)**](https://github.com/CertainLach)
-- Matej Urbas [**(@urbas)**](https://github.com/urbas)
-- Jami Kettunen [**(@JamiKettunen)**](https://github.com/JamiKettunen)
-- Clayton [**(@netadr)**](https://github.com/netadr)
-- Grégory Marti [**(@gmarti)**](https://github.com/gmarti)
-- Eelco Dolstra [**(@edolstra)**](https://github.com/edolstra)
-- rszyma [**(@rszyma)**](https://github.com/rszyma)
-- Philip Wilk [**(@philipwilk)**](https://github.com/philipwilk)
-- John Ericson [**(@Ericson2314)**](https://github.com/Ericson2314)
-- Tom Westerhout [**(@twesterhout)**](https://github.com/twesterhout)
-- Tristan Ross [**(@RossComputerGuy)**](https://github.com/RossComputerGuy)
-- Sergei Zimmerman [**(@xokdvium)**](https://github.com/xokdvium)
-- Jean-François Roche [**(@jfroche)**](https://github.com/jfroche)
-- Seth Flynn [**(@getchoo)**](https://github.com/getchoo)
-- éclairevoyant [**(@eclairevoyant)**](https://github.com/eclairevoyant)
-- Glen Huang [**(@hgl)**](https://github.com/hgl)
-- osman - オスマン [**(@osbm)**](https://github.com/osbm)
-- David McFarland [**(@corngood)**](https://github.com/corngood)
-- Cole Helbling [**(@cole-h)**](https://github.com/cole-h)
-- Sinan Mohd [**(@sinanmohd)**](https://github.com/sinanmohd)
-- Philipp Otterbein

doc/manual/source/release-notes/rl-2.8.md

@@ -48,6 +48,6 @@
 
 * `nix run` is now stricter in what it accepts: members of the `apps`
   flake output are now required to be apps (as defined in [the
-  manual](https://nix.dev/manual/nix/stable/command-ref/new-cli/nix3-run.html#apps)),
+  manual](https://nixos.org/manual/nix/stable/command-ref/new-cli/nix3-run.html#apps)),
   and members of `packages` or `legacyPackages` must be derivations
   (not apps).

doc/manual/source/store/derivation/index.md

@@ -9,7 +9,7 @@ This is where Nix distinguishes itself.
 
 ## Store Derivation {#store-derivation}
 
-A derivation is a specification for running an executable on precisely defined input to produce one or more [store objects][store object].
+A derivation is a specification for running an executable on precisely defined input to produce on more [store objects][store object].
 These store objects are known as the derivation's *outputs*.
 
 Derivations are *built*, in which case the process is spawned according to the spec, and when it exits, required to leave behind files which will (after post-processing) become the outputs of the derivation.
@@ -106,7 +106,7 @@ The system type on which the [`builder`](#attr-builder) executable is meant to b
 
 A necessary condition for Nix to schedule a given derivation on some [Nix instance] is for the "system" of that derivation to match that instance's [`system` configuration option] or [`extra-platforms` configuration option].
 
-By putting the `system` in each derivation, Nix allows *heterogeneous* build plans, where not all steps can be run on the same machine or same sort of machine.
+By putting the `system` in each derivation, Nix allows *heterogenous* build plans, where not all steps can be run on the same machine or same sort of machine.
 Nix can schedule builds such that it automatically builds on other platforms by [forwarding build requests](@docroot@/advanced-topics/distributed-builds.md) to other Nix instances.
 
 [`system` configuration option]: @docroot@/command-ref/conf-file.md#conf-system

doc/manual/source/store/meson.build

@@ -1,6 +1,12 @@
 types_dir = custom_target(
-  command : [ python.full_path(), '@INPUT0@', '@OUTPUT@', '--' ] + nix_eval_for_docs + [
-    '--expr', 'import @INPUT1@ (builtins.fromJSON (builtins.readFile ./@INPUT2@)).stores',
+  command : [
+    python.full_path(),
+    '@INPUT0@',
+    '@OUTPUT@',
+    '--'
+  ] + nix_eval_for_docs + [
+    '--expr',
+    'import @INPUT1@ (builtins.fromJSON (builtins.readFile ./@INPUT2@)).stores',
   ],
   input : [
     '../../remove_before_wrapper.py',

doc/manual/source/store/store-object.md

@@ -20,8 +20,7 @@ The graph of references excluding self-references thus forms a [directed acyclic
 
 [directed acyclic graph]: @docroot@/glossary.md#gloss-directed-acyclic-graph
 
-We can take the [transitive closure] of the references graph, in which any pair of store objects have an edge if a *path* of one or more references exists from the first to the second object.
-(A single reference always forms a path which is one reference long, but longer paths may connect objects which have no direct reference between them.)
+We can take the [transitive closure] of the references graph, which any pair of store objects have an edge not if there is a single reference from the first to the second, but a path of one or more references from the first to the second.
 The *requisites* of a store object are all store objects reachable by paths of references which start with given store object's references.
 
 [transitive closure]: https://en.wikipedia.org/wiki/Transitive_closure

docker.nix

@@ -65,60 +65,61 @@ let
     iana-etc
     gitMinimal
     openssh
-  ]
-  ++ extraPkgs;
+  ] ++ extraPkgs;
 
-  users = {
+  users =
+    {
 
-    root = {
-      uid = 0;
-      shell = lib.getExe bashInteractive;
-      home = "/root";
-      gid = 0;
-      groups = [ "root" ];
-      description = "System administrator";
-    };
-
-    nobody = {
-      uid = 65534;
-      shell = lib.getExe' shadow "nologin";
-      home = "/var/empty";
-      gid = 65534;
-      groups = [ "nobody" ];
-      description = "Unprivileged account (don't use!)";
-    };
-
-  }
-  // lib.optionalAttrs (uid != 0) {
-    "${uname}" = {
-      uid = uid;
-      shell = lib.getExe bashInteractive;
-      home = "/home/${uname}";
-      gid = gid;
-      groups = [ "${gname}" ];
-      description = "Nix user";
-    };
-  }
-  // lib.listToAttrs (
-    map (n: {
-      name = "nixbld${toString n}";
-      value = {
-        uid = 30000 + n;
-        gid = 30000;
-        groups = [ "nixbld" ];
-        description = "Nix build user ${toString n}";
+      root = {
+        uid = 0;
+        shell = lib.getExe bashInteractive;
+        home = "/root";
+        gid = 0;
+        groups = [ "root" ];
+        description = "System administrator";
       };
-    }) (lib.lists.range 1 32)
-  );
 
-  groups = {
-    root.gid = 0;
-    nixbld.gid = 30000;
-    nobody.gid = 65534;
-  }
-  // lib.optionalAttrs (gid != 0) {
-    "${gname}".gid = gid;
-  };
+      nobody = {
+        uid = 65534;
+        shell = lib.getExe' shadow "nologin";
+        home = "/var/empty";
+        gid = 65534;
+        groups = [ "nobody" ];
+        description = "Unprivileged account (don't use!)";
+      };
+
+    }
+    // lib.optionalAttrs (uid != 0) {
+      "${uname}" = {
+        uid = uid;
+        shell = lib.getExe bashInteractive;
+        home = "/home/${uname}";
+        gid = gid;
+        groups = [ "${gname}" ];
+        description = "Nix user";
+      };
+    }
+    // lib.listToAttrs (
+      map (n: {
+        name = "nixbld${toString n}";
+        value = {
+          uid = 30000 + n;
+          gid = 30000;
+          groups = [ "nixbld" ];
+          description = "Nix build user ${toString n}";
+        };
+      }) (lib.lists.range 1 32)
+    );
+
+  groups =
+    {
+      root.gid = 0;
+      nixbld.gid = 30000;
+      nobody.gid = 65534;
+    }
+    // lib.optionalAttrs (gid != 0) {
+      "${gname}".gid = gid;
+    };
 
   userToPasswd = (
     k:
@@ -281,10 +282,7 @@ let
 
           # may get replaced by pkgs.dockerTools.caCertificates
           mkdir -p $out/etc/ssl/certs
-          # Old NixOS compatibility.
           ln -s /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt $out/etc/ssl/certs
-          # NixOS canonical location
-          ln -s /nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt $out/etc/ssl/certs/ca-certificates.crt
 
           cat $passwdContentsPath > $out/etc/passwd
           echo "" >> $out/etc/passwd
@@ -313,7 +311,6 @@ let
           # see doc/manual/source/command-ref/files/profiles.md
           ln -s ${profile} $out/nix/var/nix/profiles/default-1-link
           ln -s /nix/var/nix/profiles/default-1-link $out/nix/var/nix/profiles/default
-          ln -s /nix/var/nix/profiles/default $out${userHome}/.nix-profile
 
           # see doc/manual/source/command-ref/files/channels.md
           ln -s ${channel} $out/nix/var/nix/profiles/per-user/${uname}/channels-1-link

flake.lock

@@ -63,16 +63,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1756178832,
-        "narHash": "sha256-O2CIn7HjZwEGqBrwu9EU76zlmA5dbmna7jL1XUmAId8=",
+        "lastModified": 1747179050,
+        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d98ce345cdab58477ca61855540999c86577d19d",
+        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-25.05-small",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }

flake.nix

@@ -1,7 +1,7 @@
 {
   description = "The purely functional package manager";
 
-  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05-small";
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
 
   inputs.nixpkgs-regression.url = "github:NixOS/nixpkgs/215d4d0fd80ca5163643b03a33fde804a29cc1e2";
   inputs.nixpkgs-23-11.url = "github:NixOS/nixpkgs/a62e6edd6d5e1fa0329b8653c801147986f8d446";
@@ -131,107 +131,31 @@
         }
       );
 
-      /**
-        Produce the `nixComponents` and `nixDependencies` package sets (scopes) for
-        a given `pkgs` and `getStdenv`.
-      */
-      packageSetsFor =
+      overlayFor =
+        getStdenv: final: prev:
         let
-          /**
-            Removes a prefix from the attribute names of a set of splices.
-            This is a completely uninteresting and exists for compatibility only.
-
-            Example:
-            ```nix
-            renameSplicesFrom "pkgs" { pkgsBuildBuild = ...; ... }
-            => { buildBuild = ...; ... }
-            ```
-          */
-          renameSplicesFrom = prefix: x: {
-            buildBuild = x."${prefix}BuildBuild";
-            buildHost = x."${prefix}BuildHost";
-            buildTarget = x."${prefix}BuildTarget";
-            hostHost = x."${prefix}HostHost";
-            hostTarget = x."${prefix}HostTarget";
-            targetTarget = x."${prefix}TargetTarget";
-          };
-
-          /**
-            Adds a prefix to the attribute names of a set of splices.
-            This is a completely uninteresting and exists for compatibility only.
-
-            Example:
-            ```nix
-            renameSplicesTo "self" { buildBuild = ...; ... }
-            => { selfBuildBuild = ...; ... }
-            ```
-          */
-          renameSplicesTo = prefix: x: {
-            "${prefix}BuildBuild" = x.buildBuild;
-            "${prefix}BuildHost" = x.buildHost;
-            "${prefix}BuildTarget" = x.buildTarget;
-            "${prefix}HostHost" = x.hostHost;
-            "${prefix}HostTarget" = x.hostTarget;
-            "${prefix}TargetTarget" = x.targetTarget;
-          };
-
-          /**
-            Takes a function `f` and returns a function that applies `f` pointwise to each splice.
-
-            Example:
-            ```nix
-            mapSplices (x: x * 10) { buildBuild = 1; buildHost = 2; ... }
-            => { buildBuild = 10; buildHost = 20; ... }
-            ```
-          */
-          mapSplices =
-            f:
-            {
-              buildBuild,
-              buildHost,
-              buildTarget,
-              hostHost,
-              hostTarget,
-              targetTarget,
-            }:
-            {
-              buildBuild = f buildBuild;
-              buildHost = f buildHost;
-              buildTarget = f buildTarget;
-              hostHost = f hostHost;
-              hostTarget = f hostTarget;
-              targetTarget = f targetTarget;
-            };
-
+          stdenv = getStdenv final;
         in
-        args@{
-          pkgs,
-          getStdenv ? pkgs: pkgs.stdenv,
-        }:
-        let
-          nixComponentsSplices = mapSplices (
-            pkgs': (packageSetsFor (args // { pkgs = pkgs'; })).nixComponents
-          ) (renameSplicesFrom "pkgs" pkgs);
-          nixDependenciesSplices = mapSplices (
-            pkgs': (packageSetsFor (args // { pkgs = pkgs'; })).nixDependencies
-          ) (renameSplicesFrom "pkgs" pkgs);
+        {
+          nixStable = prev.nix;
 
           # A new scope, so that we can use `callPackage` to inject our own interdependencies
           # without "polluting" the top level "`pkgs`" attrset.
           # This also has the benefit of providing us with a distinct set of packages
           # we can iterate over.
-          nixComponents =
+          # The `2` suffix is here because otherwise it interferes with `nixVersions.latest`, which is used in daemon compat tests.
+          nixComponents2 =
             lib.makeScopeWithSplicing'
               {
-                inherit (pkgs) splicePackages;
-                inherit (nixDependencies) newScope;
+                inherit (final) splicePackages;
+                inherit (final.nixDependencies2) newScope;
               }
               {
-                otherSplices = renameSplicesTo "self" nixComponentsSplices;
+                otherSplices = final.generateSplicesForMkScope "nixComponents2";
                 f = import ./packaging/components.nix {
-                  inherit (pkgs) lib;
+                  inherit (final) lib;
                   inherit officialRelease;
-                  inherit pkgs;
+                  pkgs = final;
                   src = self;
                   maintainers = [ ];
                 };
@@ -239,71 +163,29 @@
 
           # The dependencies are in their own scope, so that they don't have to be
           # in Nixpkgs top level `pkgs` or `nixComponents2`.
-          nixDependencies =
+          # The `2` suffix is here because otherwise it interferes with `nixVersions.latest`, which is used in daemon compat tests.
+          nixDependencies2 =
             lib.makeScopeWithSplicing'
               {
-                inherit (pkgs) splicePackages;
-                inherit (pkgs) newScope; # layered directly on pkgs, unlike nixComponents2 above
+                inherit (final) splicePackages;
+                inherit (final) newScope; # layered directly on pkgs, unlike nixComponents2 above
               }
               {
-                otherSplices = renameSplicesTo "self" nixDependenciesSplices;
+                otherSplices = final.generateSplicesForMkScope "nixDependencies2";
                 f = import ./packaging/dependencies.nix {
-                  inherit inputs pkgs;
-                  stdenv = getStdenv pkgs;
+                  inherit inputs stdenv;
+                  pkgs = final;
                 };
               };
 
-          # If the package set is largely empty, we should(?) return empty sets
-          # This is what most package sets in Nixpkgs do. Otherwise, we get
-          # an error message that indicates that some stdenv attribute is missing,
-          # and indeed it will be missing, as seemingly `pkgsTargetTarget` is
-          # very incomplete.
-          fixup = lib.mapAttrs (k: v: if !(pkgs ? nix) then { } else v);
-        in
-        fixup {
-          inherit nixDependencies;
-          inherit nixComponents;
-        };
-
-      overlayFor =
-        getStdenv: final: prev:
-        let
-          packageSets = packageSetsFor {
-            inherit getStdenv;
-            pkgs = final;
-          };
-        in
-        {
-          nixStable = prev.nix;
-
-          # The `2` suffix is here because otherwise it interferes with `nixVersions.latest`, which is used in daemon compat tests.
-          nixComponents2 = packageSets.nixComponents;
-
-          # The dependencies are in their own scope, so that they don't have to be
-          # in Nixpkgs top level `pkgs` or `nixComponents2`.
-          # The `2` suffix is here because otherwise it interferes with `nixVersions.latest`, which is used in daemon compat tests.
-          nixDependencies2 = packageSets.nixDependencies;
-
           nix = final.nixComponents2.nix-cli;
         };
 
     in
     {
-      overlays.internal = overlayFor (p: p.stdenv);
-
-      /**
-        A Nixpkgs overlay that sets `nix` to something like `packages.<system>.nix-everything`,
-        except dependencies aren't taken from (flake) `nix.inputs.nixpkgs`, but from the Nixpkgs packages
-        where the overlay is used.
-      */
-      overlays.default =
-        final: prev:
-        let
-          packageSets = packageSetsFor { pkgs = final; };
-        in
-        {
-          nix = packageSets.nixComponents.nix-everything;
-        };
+      # A Nixpkgs overlay that overrides the 'nix' and
+      # 'nix-perl-bindings' packages.
+      overlays.default = overlayFor (p: p.stdenv);
 
       hydraJobs = import ./packaging/hydra.nix {
         inherit
@@ -320,11 +202,43 @@
 
       checks = forAllSystems (
         system:
-        (import ./ci/gha/tests {
-          inherit system;
-          pkgs = nixpkgsFor.${system}.native;
-          nixFlake = self;
-        }).topLevel
+        {
+          installerScriptForGHA = self.hydraJobs.installerScriptForGHA.${system};
+          installTests = self.hydraJobs.installTests.${system};
+          nixpkgsLibTests = self.hydraJobs.tests.nixpkgsLibTests.${system};
+          rl-next =
+            let
+              pkgs = nixpkgsFor.${system}.native;
+            in
+            pkgs.buildPackages.runCommand "test-rl-next-release-notes" { } ''
+              LANG=C.UTF-8 ${pkgs.changelog-d}/bin/changelog-d ${./doc/manual/rl-next} >$out
+            '';
+          repl-completion = nixpkgsFor.${system}.native.callPackage ./tests/repl-completion.nix { };
+
+          /**
+            Checks for our packaging expressions.
+            This shouldn't build anything significant; just check that things
+            (including derivations) are _set up_ correctly.
+          */
+          packaging-overriding =
+            let
+              pkgs = nixpkgsFor.${system}.native;
+              nix = self.packages.${system}.nix;
+            in
+            assert (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src.patches == [ pkgs.emptyFile ];
+            if pkgs.stdenv.buildPlatform.isDarwin then
+              lib.warn "packaging-overriding check currently disabled because of a permissions issue on macOS" pkgs.emptyFile
+            else
+              # If this fails, something might be wrong with how we've wired the scope,
+              # or something could be broken in Nixpkgs.
+              pkgs.testers.testEqualContents {
+                assertion = "trivial patch does not change source contents";
+                expected = "${./.}";
+                actual =
+                  # Same for all components; nix-util is an arbitrary pick
+                  (nix.appendPatches [ pkgs.emptyFile ]).libs.nix-util.src;
+              };
+        }
         // (lib.optionalAttrs (builtins.elem system linux64BitSystems)) {
           dockerImage = self.hydraJobs.dockerImage.${system};
         }
@@ -337,20 +251,58 @@
         # Add "passthru" tests
         //
           flatMapAttrs
-            {
-              "" = {
-                pkgs = nixpkgsFor.${system}.native;
-              };
-            }
             (
-              nixpkgsPrefix: args:
-              (import ./ci/gha/tests (
-                args
-                // {
-                  nixFlake = self;
-                  componentTestsPrefix = nixpkgsPrefix;
-                }
-              )).componentTests
+              {
+                # Run all tests with UBSAN enabled. Running both with ubsan and
+                # without doesn't seem to have much immediate benefit for doubling
+                # the GHA CI workaround.
+                #
+                # TODO: Work toward enabling "address,undefined" if it seems feasible.
+                # This would maybe require dropping Boost coroutines and ignoring intentional
+                # memory leaks with detect_leaks=0.
+                "" = rec {
+                  nixpkgs = nixpkgsFor.${system}.native;
+                  nixComponents = nixpkgs.nixComponents2.overrideScope (
+                    nixCompFinal: nixCompPrev: {
+                      mesonComponentOverrides = _finalAttrs: prevAttrs: {
+                        mesonFlags =
+                          (prevAttrs.mesonFlags or [ ])
+                          # TODO: Macos builds instrumented with ubsan take very long
+                          # to run functional tests.
+                          ++ lib.optionals (!nixpkgs.stdenv.hostPlatform.isDarwin) [
+                            (lib.mesonOption "b_sanitize" "undefined")
+                          ];
+                      };
+                    }
+                  );
+                };
+              }
+              // lib.optionalAttrs (!nixpkgsFor.${system}.native.stdenv.hostPlatform.isDarwin) {
+                # TODO: enable static builds for darwin, blocked on:
+                #       https://github.com/NixOS/nixpkgs/issues/320448
+                # TODO: disabled to speed up GHA CI.
+                # "static-" = {
+                #   nixpkgs = nixpkgsFor.${system}.native.pkgsStatic;
+                # };
+              }
+            )
+            (
+              nixpkgsPrefix:
+              {
+                nixpkgs,
+                nixComponents ? nixpkgs.nixComponents2,
+              }:
+              flatMapAttrs nixComponents (
+                pkgName: pkg:
+                flatMapAttrs pkg.tests or { } (
+                  testName: test: {
+                    "${nixpkgsPrefix}${pkgName}-${testName}" = test;
+                  }
+                )
+              )
+              // lib.optionalAttrs (nixpkgs.stdenv.hostPlatform == nixpkgs.stdenv.buildPlatform) {
+                "${nixpkgsPrefix}nix-functional-tests" = nixComponents.nix-functional-tests;
+              }
             )
         // devFlake.checks.${system} or { }
       );
@@ -413,10 +365,6 @@
                 supportsCross = false;
               };
 
-              "nix-json-schema-checks" = {
-                supportsCross = false;
-              };
-
               "nix-perl-bindings" = {
                 supportsCross = false;
               };
@@ -471,27 +419,6 @@
         }
       );
 
-      apps = forAllSystems (
-        system:
-        let
-          pkgs = nixpkgsFor.${system}.native;
-          opener = if pkgs.stdenv.isDarwin then "open" else "xdg-open";
-        in
-        {
-          open-manual = {
-            type = "app";
-            program = "${pkgs.writeShellScript "open-nix-manual" ''
-              manual_path="${self.packages.${system}.nix-manual}/share/doc/nix/manual/index.html"
-              if ! ${opener} "$manual_path"; then
-                echo "Failed to open manual with ${opener}. Manual is located at:"
-                echo "$manual_path"
-              fi
-            ''}";
-            meta.description = "Open the Nix manual in your browser";
-          };
-        }
-      );
-
       devShells =
         let
           makeShell = import ./packaging/dev-shell.nix { inherit lib devFlake; };
@@ -538,53 +465,5 @@
             default = self.devShells.${system}.native;
           }
         );
-
-      lib = {
-        /**
-          Creates a package set for a given Nixpkgs instance and stdenv.
-
-          # Inputs
-
-          - `pkgs`: The Nixpkgs instance to use.
-
-          - `getStdenv`: _Optional_ A function that takes a package set and returns the stdenv to use.
-            This needs to be a function in order to support cross compilation - the `pkgs` passed to `getStdenv` can be `pkgsBuildHost` or any other variation needed.
-
-          # Outputs
-
-          The return value is a fresh Nixpkgs scope containing all the packages that are defined in the Nix repository,
-          as well as some internals and parameters, which may be subject to change.
-
-          # Example
-
-          ```console
-          nix repl> :lf NixOS/nix
-          nix-repl> ps = lib.makeComponents { pkgs = import inputs.nixpkgs { crossSystem = "riscv64-linux"; }; }
-          nix-repl> ps
-          {
-            appendPatches = «lambda appendPatches @ ...»;
-            callPackage = «lambda callPackageWith @ ...»;
-            overrideAllMesonComponents = «lambda overrideSource @ ...»;
-            overrideSource = «lambda overrideSource @ ...»;
-            # ...
-            nix-everything
-            # ...
-            nix-store
-            nix-store-c
-            # ...
-          }
-          ```
-        */
-        makeComponents =
-          {
-            pkgs,
-            getStdenv ? pkgs: pkgs.stdenv,
-          }:
-
-          let
-            packageSets = packageSetsFor { inherit getStdenv pkgs; };
-          in
-          packageSets.nixComponents;
-      };
     };
 }

maintainers/README.md

@@ -46,7 +46,7 @@ The team meets twice a week (times are denoted in the [Europe/Amsterdam](https:/
        - mark it as draft if it is blocked on the contributor
        - escalate it back to the team by moving it to To discuss, and leaving a comment as to why the issue needs to be discussed again.
 
-- Work meeting: Mondays 18:00-20:00 Europe/Amsterdam; see [calendar](https://calendar.google.com/calendar/u/0/embed?src=b9o52fobqjak8oq8lfkhg3t0qg@group.calendar.google.com).
+- Work meeting: Mondays 14:00-16:00 Europe/Amsterdam see [calendar](https://calendar.google.com/calendar/u/0/embed?src=b9o52fobqjak8oq8lfkhg3t0qg@group.calendar.google.com).
 
   1. Code review on pull requests from [In review](#in-review).
   2. Other chores and tasks.

maintainers/data/release-credits-email-to-handle.json

@@ -185,44 +185,5 @@
     "gwenn.lebihan7@gmail.com": "gwennlbh",
     "hey@ewen.works": "gwennlbh",
     "matt@sturgeon.me.uk": "MattSturgeon",
-    "pbsds@hotmail.com": "pbsds",
-    "sergei@zimmerman.foo": "xokdvium",
-    "v@njh.eu": "vog",
-    "pedro.manse@dmk3.com.br": "PedroManse",
-    "arnavgawas707@gmail.com": "aln730",
-    "mkg20001@gmail.com": "mkg20001",
-    "avn@avnik.info": "avnik",
-    "olk@disr.it": "k1gen",
-    "108410815+alurm@users.noreply.github.com": "alurm",
-    "kaction.cc@gmail.com": "KAction",
-    "juhpetersen@gmail.com": "juhp",
-    "opna2608@protonmail.com": "OPNA2608",
-    "jgbailey@gmail.com": "m4dc4p",
-    "justin.bailey@well.co": "jgbailey-well",
-    "130508846+de11n@users.noreply.github.com": "de11n",
-    "ConnorBaker01@Gmail.com": "ConnorBaker",
-    "jsoo1@asu.edu": "jsoo1",
-    "hsngrmpf+github@gmail.com": "DavHau",
-    "matthew@floxdev.com": "mkenigs",
-    "taeer@bar-yam.me": "Radvendii",
-    "beme@anthropic.com": "lovesegfault",
-    "osbm@osbm.dev": "osbm",
-    "jami.kettunen@protonmail.com": "JamiKettunen",
-    "ephraim.siegfried@hotmail.com": "EphraimSiegfried",
-    "rszyma.dev@gmail.com": "rszyma",
-    "tristan.ross@determinate.systems": "RossComputerGuy",
-    "corngood@gmail.com": "corngood",
-    "jfroche@pyxel.be": "jfroche",
-    "848000+eclairevoyant@users.noreply.github.com": "eclairevoyant",
-    "petersen@redhat.com": "juhp",
-    "dramforever@live.com": "dramforever",
-    "me@glenhuang.com": "hgl",
-    "philip.wilk@fivium.co.uk": "philipwilk",
-    "me@nycode.dev": "NyCodeGHG",
-    "14264576+twesterhout@users.noreply.github.com": "twesterhout",
-    "sinan@sinanmohd.com": "sinanmohd",
-    "42688647+netadr@users.noreply.github.com": "netadr",
-    "matej.urbas@gmail.com": "urbas",
-    "ethanalexevans@gmail.com": "ethanavatar",
-    "greg.marti@gmail.com": "gmarti"
+    "pbsds@hotmail.com": "pbsds"
 }

maintainers/data/release-credits-handle-to-name.json

@@ -162,39 +162,5 @@
     "pbsds": "Peder Bergebakken Sundt",
     "egorkonovalov": "Egor Konovalov",
     "jayeshv": "jayeshv",
-    "vcunat": "Vladim\u00edr \u010cun\u00e1t",
-    "mkenigs": "Matthew Kenigsberg",
-    "alurm": "Alan Urmancheev",
-    "jgbailey-well": "Justin Bailey",
-    "k1gen": "Oleksandr Knyshuk",
-    "juhp": "Jens Petersen",
-    "de11n": "Elliot Cameron",
-    "jsoo1": "John Soo",
-    "m4dc4p": null,
-    "PedroManse": "Manse",
-    "OPNA2608": "Cosima Neidahl",
-    "mkg20001": "Maciej Kr\u00fcger",
-    "avnik": "Alexander V. Nikolaev",
-    "DavHau": null,
-    "aln730": "AGawas",
-    "vog": "Volker Diels-Grabsch",
-    "corngood": "David McFarland",
-    "twesterhout": "Tom Westerhout",
-    "JamiKettunen": "Jami Kettunen",
-    "dramforever": "dram",
-    "philipwilk": "Philip Wilk",
-    "netadr": "Clayton",
-    "NyCodeGHG": "Marie",
-    "jfroche": "Jean-Fran\u00e7ois Roche",
-    "urbas": "Matej Urbas",
-    "osbm": "osman - \u30aa\u30b9\u30de\u30f3",
-    "rszyma": null,
-    "eclairevoyant": "\u00e9clairevoyant",
-    "Radvendii": "Taeer Bar-Yam",
-    "sinanmohd": "Sinan Mohd",
-    "ethanavatar": "Ethan Evans",
-    "gmarti": "Gr\u00e9gory Marti",
-    "lovesegfault": "Bernardo Meurer",
-    "EphraimSiegfried": "Ephraim Siegfried",
-    "hgl": "Glen Huang"
+    "vcunat": "Vladim\u00edr \u010cun\u00e1t"
 }

maintainers/flake-module.nix

@@ -37,29 +37,118 @@
               fi
             ''}";
           };
-          meson-format =
-            let
-              meson = pkgs.meson.overrideAttrs {
-                doCheck = false;
-                doInstallCheck = false;
-                patches = [
-                  (pkgs.fetchpatch {
-                    url = "https://github.com/mesonbuild/meson/commit/38d29b4dd19698d5cad7b599add2a69b243fd88a.patch";
-                    hash = "sha256-PgPBvGtCISKn1qQQhzBW5XfknUe91i5XGGBcaUK4yeE=";
-                  })
-                ];
-              };
-            in
-            {
-              enable = true;
-              files = "(meson.build|meson.options)$";
-              entry = "${pkgs.writeScript "format-meson" ''
-                #!${pkgs.runtimeShell}
-                for file in "$@"; do
-                  ${lib.getExe meson} format -ic ${../meson.format} "$file"
-                done
-              ''}";
-            };
+          meson-format = {
+            enable = true;
+            files = "(meson.build|meson.options)$";
+            entry = "${pkgs.writeScript "format-meson" ''
+              #!${pkgs.runtimeShell}
+              for file in "$@"; do
+                ${lib.getExe pkgs.meson} format -ic ${../meson.format} "$file"
+              done
+            ''}";
+            excludes = [
+              # We haven't applied formatting to these files yet
+              ''^doc/manual/meson.build$''
+              ''^doc/manual/source/command-ref/meson.build$''
+              ''^doc/manual/source/development/meson.build$''
+              ''^doc/manual/source/language/meson.build$''
+              ''^doc/manual/source/meson.build$''
+              ''^doc/manual/source/release-notes/meson.build$''
+              ''^doc/manual/source/store/meson.build$''
+              ''^misc/bash/meson.build$''
+              ''^misc/fish/meson.build$''
+              ''^misc/launchd/meson.build$''
+              ''^misc/meson.build$''
+              ''^misc/systemd/meson.build$''
+              ''^misc/zsh/meson.build$''
+              ''^nix-meson-build-support/$''
+              ''^nix-meson-build-support/big-objs/meson.build$''
+              ''^nix-meson-build-support/common/meson.build$''
+              ''^nix-meson-build-support/deps-lists/meson.build$''
+              ''^nix-meson-build-support/export/meson.build$''
+              ''^nix-meson-build-support/export-all-symbols/meson.build$''
+              ''^nix-meson-build-support/generate-header/meson.build$''
+              ''^nix-meson-build-support/libatomic/meson.build$''
+              ''^nix-meson-build-support/subprojects/meson.build$''
+              ''^scripts/meson.build$''
+              ''^src/external-api-docs/meson.build$''
+              ''^src/internal-api-docs/meson.build$''
+              ''^src/libcmd/include/nix/cmd/meson.build$''
+              ''^src/libcmd/meson.build$''
+              ''^src/libcmd/nix-meson-build-support$''
+              ''^src/libexpr/include/nix/expr/meson.build$''
+              ''^src/libexpr/meson.build$''
+              ''^src/libexpr/nix-meson-build-support$''
+              ''^src/libexpr-c/meson.build$''
+              ''^src/libexpr-c/nix-meson-build-support$''
+              ''^src/libexpr-test-support/meson.build$''
+              ''^src/libexpr-test-support/nix-meson-build-support$''
+              ''^src/libexpr-tests/meson.build$''
+              ''^src/libexpr-tests/nix-meson-build-support$''
+              ''^src/libfetchers/include/nix/fetchers/meson.build$''
+              ''^src/libfetchers/meson.build$''
+              ''^src/libfetchers/nix-meson-build-support$''
+              ''^src/libfetchers-c/meson.build$''
+              ''^src/libfetchers-c/nix-meson-build-support$''
+              ''^src/libfetchers-tests/meson.build$''
+              ''^src/libfetchers-tests/nix-meson-build-support$''
+              ''^src/libflake/include/nix/flake/meson.build$''
+              ''^src/libflake/meson.build$''
+              ''^src/libflake/nix-meson-build-support$''
+              ''^src/libflake-c/meson.build$''
+              ''^src/libflake-c/nix-meson-build-support$''
+              ''^src/libflake-tests/meson.build$''
+              ''^src/libflake-tests/nix-meson-build-support$''
+              ''^src/libmain/include/nix/main/meson.build$''
+              ''^src/libmain/meson.build$''
+              ''^src/libmain/nix-meson-build-support$''
+              ''^src/libmain-c/meson.build$''
+              ''^src/libmain-c/nix-meson-build-support$''
+              ''^src/libstore/include/nix/store/meson.build$''
+              ''^src/libstore/meson.build$''
+              ''^src/libstore/nix-meson-build-support$''
+              ''^src/libstore/unix/include/nix/store/meson.build$''
+              ''^src/libstore/unix/meson.build$''
+              ''^src/libstore/windows/meson.build$''
+              ''^src/libstore-c/meson.build$''
+              ''^src/libstore-c/nix-meson-build-support$''
+              ''^src/libstore-test-support/include/nix/store/tests/meson.build$''
+              ''^src/libstore-test-support/meson.build$''
+              ''^src/libstore-test-support/nix-meson-build-support$''
+              ''^src/libstore-tests/meson.build$''
+              ''^src/libstore-tests/nix-meson-build-support$''
+              ''^src/libutil/meson.build$''
+              ''^src/libutil/nix-meson-build-support$''
+              ''^src/libutil/unix/include/nix/util/meson.build$''
+              ''^src/libutil/unix/meson.build$''
+              ''^src/libutil/windows/meson.build$''
+              ''^src/libutil-c/meson.build$''
+              ''^src/libutil-c/nix-meson-build-support$''
+              ''^src/libutil-test-support/include/nix/util/tests/meson.build$''
+              ''^src/libutil-test-support/meson.build$''
+              ''^src/libutil-test-support/nix-meson-build-support$''
+              ''^src/libutil-tests/meson.build$''
+              ''^src/libutil-tests/nix-meson-build-support$''
+              ''^src/nix/meson.build$''
+              ''^src/nix/nix-meson-build-support$''
+              ''^src/perl/lib/Nix/meson.build$''
+              ''^src/perl/meson.build$''
+              ''^tests/functional/ca/meson.build$''
+              ''^tests/functional/common/meson.build$''
+              ''^tests/functional/dyn-drv/meson.build$''
+              ''^tests/functional/flakes/meson.build$''
+              ''^tests/functional/git-hashing/meson.build$''
+              ''^tests/functional/local-overlay-store/meson.build$''
+              ''^tests/functional/meson.build$''
+              ''^src/libcmd/meson.options$''
+              ''^src/libexpr/meson.options$''
+              ''^src/libstore/meson.options$''
+              ''^src/libutil/meson.options$''
+              ''^src/libutil-c/meson.options$''
+              ''^src/nix/meson.options$''
+              ''^src/perl/meson.options$''
+            ];
+          };
           nixfmt-rfc-style = {
             enable = true;
             excludes = [
@@ -104,6 +193,154 @@
           };
           shellcheck = {
             enable = true;
+            excludes = [
+              # We haven't linted these files yet
+              ''^config/install-sh$''
+              ''^misc/bash/completion\.sh$''
+              ''^misc/fish/completion\.fish$''
+              ''^misc/zsh/completion\.zsh$''
+              ''^scripts/create-darwin-volume\.sh$''
+              ''^scripts/install-darwin-multi-user\.sh$''
+              ''^scripts/install-multi-user\.sh$''
+              ''^scripts/install-systemd-multi-user\.sh$''
+              ''^src/nix/get-env\.sh$''
+              ''^tests/functional/ca/build-dry\.sh$''
+              ''^tests/functional/ca/build-with-garbage-path\.sh$''
+              ''^tests/functional/ca/common\.sh$''
+              ''^tests/functional/ca/concurrent-builds\.sh$''
+              ''^tests/functional/ca/eval-store\.sh$''
+              ''^tests/functional/ca/gc\.sh$''
+              ''^tests/functional/ca/import-from-derivation\.sh$''
+              ''^tests/functional/ca/new-build-cmd\.sh$''
+              ''^tests/functional/ca/nix-shell\.sh$''
+              ''^tests/functional/ca/post-hook\.sh$''
+              ''^tests/functional/ca/recursive\.sh$''
+              ''^tests/functional/ca/repl\.sh$''
+              ''^tests/functional/ca/selfref-gc\.sh$''
+              ''^tests/functional/ca/why-depends\.sh$''
+              ''^tests/functional/characterisation-test-infra\.sh$''
+              ''^tests/functional/common/vars-and-functions\.sh$''
+              ''^tests/functional/completions\.sh$''
+              ''^tests/functional/compute-levels\.sh$''
+              ''^tests/functional/config\.sh$''
+              ''^tests/functional/db-migration\.sh$''
+              ''^tests/functional/debugger\.sh$''
+              ''^tests/functional/dependencies\.builder0\.sh$''
+              ''^tests/functional/dependencies\.sh$''
+              ''^tests/functional/dump-db\.sh$''
+              ''^tests/functional/dyn-drv/build-built-drv\.sh$''
+              ''^tests/functional/dyn-drv/common\.sh$''
+              ''^tests/functional/dyn-drv/dep-built-drv\.sh$''
+              ''^tests/functional/dyn-drv/eval-outputOf\.sh$''
+              ''^tests/functional/dyn-drv/old-daemon-error-hack\.sh$''
+              ''^tests/functional/dyn-drv/recursive-mod-json\.sh$''
+              ''^tests/functional/eval-store\.sh$''
+              ''^tests/functional/export-graph\.sh$''
+              ''^tests/functional/export\.sh$''
+              ''^tests/functional/extra-sandbox-profile\.sh$''
+              ''^tests/functional/fetchClosure\.sh$''
+              ''^tests/functional/fetchGit\.sh$''
+              ''^tests/functional/fetchGitRefs\.sh$''
+              ''^tests/functional/fetchGitSubmodules\.sh$''
+              ''^tests/functional/fetchGitVerification\.sh$''
+              ''^tests/functional/fetchMercurial\.sh$''
+              ''^tests/functional/fixed\.builder1\.sh$''
+              ''^tests/functional/fixed\.builder2\.sh$''
+              ''^tests/functional/fixed\.sh$''
+              ''^tests/functional/flakes/absolute-paths\.sh$''
+              ''^tests/functional/flakes/check\.sh$''
+              ''^tests/functional/flakes/config\.sh$''
+              ''^tests/functional/flakes/flakes\.sh$''
+              ''^tests/functional/flakes/follow-paths\.sh$''
+              ''^tests/functional/flakes/prefetch\.sh$''
+              ''^tests/functional/flakes/run\.sh$''
+              ''^tests/functional/flakes/show\.sh$''
+              ''^tests/functional/formatter\.sh$''
+              ''^tests/functional/formatter\.simple\.sh$''
+              ''^tests/functional/gc-auto\.sh$''
+              ''^tests/functional/gc-concurrent\.builder\.sh$''
+              ''^tests/functional/gc-concurrent\.sh$''
+              ''^tests/functional/gc-concurrent2\.builder\.sh$''
+              ''^tests/functional/gc-non-blocking\.sh$''
+              ''^tests/functional/git-hashing/common\.sh$''
+              ''^tests/functional/git-hashing/simple\.sh$''
+              ''^tests/functional/hash-convert\.sh$''
+              ''^tests/functional/impure-derivations\.sh$''
+              ''^tests/functional/impure-eval\.sh$''
+              ''^tests/functional/install-darwin\.sh$''
+              ''^tests/functional/legacy-ssh-store\.sh$''
+              ''^tests/functional/linux-sandbox\.sh$''
+              ''^tests/functional/local-overlay-store/add-lower-inner\.sh$''
+              ''^tests/functional/local-overlay-store/add-lower\.sh$''
+              ''^tests/functional/local-overlay-store/bad-uris\.sh$''
+              ''^tests/functional/local-overlay-store/build-inner\.sh$''
+              ''^tests/functional/local-overlay-store/build\.sh$''
+              ''^tests/functional/local-overlay-store/check-post-init-inner\.sh$''
+              ''^tests/functional/local-overlay-store/check-post-init\.sh$''
+              ''^tests/functional/local-overlay-store/common\.sh$''
+              ''^tests/functional/local-overlay-store/delete-duplicate-inner\.sh$''
+              ''^tests/functional/local-overlay-store/delete-duplicate\.sh$''
+              ''^tests/functional/local-overlay-store/delete-refs-inner\.sh$''
+              ''^tests/functional/local-overlay-store/delete-refs\.sh$''
+              ''^tests/functional/local-overlay-store/gc-inner\.sh$''
+              ''^tests/functional/local-overlay-store/gc\.sh$''
+              ''^tests/functional/local-overlay-store/optimise-inner\.sh$''
+              ''^tests/functional/local-overlay-store/optimise\.sh$''
+              ''^tests/functional/local-overlay-store/redundant-add-inner\.sh$''
+              ''^tests/functional/local-overlay-store/redundant-add\.sh$''
+              ''^tests/functional/local-overlay-store/remount\.sh$''
+              ''^tests/functional/local-overlay-store/stale-file-handle-inner\.sh$''
+              ''^tests/functional/local-overlay-store/stale-file-handle\.sh$''
+              ''^tests/functional/local-overlay-store/verify-inner\.sh$''
+              ''^tests/functional/local-overlay-store/verify\.sh$''
+              ''^tests/functional/logging\.sh$''
+              ''^tests/functional/misc\.sh$''
+              ''^tests/functional/multiple-outputs\.sh$''
+              ''^tests/functional/nested-sandboxing\.sh$''
+              ''^tests/functional/nested-sandboxing/command\.sh$''
+              ''^tests/functional/nix-build\.sh$''
+              ''^tests/functional/nix-channel\.sh$''
+              ''^tests/functional/nix-collect-garbage-d\.sh$''
+              ''^tests/functional/nix-copy-ssh-common\.sh$''
+              ''^tests/functional/nix-copy-ssh-ng\.sh$''
+              ''^tests/functional/nix-copy-ssh\.sh$''
+              ''^tests/functional/nix-daemon-untrusting\.sh$''
+              ''^tests/functional/nix-profile\.sh$''
+              ''^tests/functional/nix-shell\.sh$''
+              ''^tests/functional/nix_path\.sh$''
+              ''^tests/functional/optimise-store\.sh$''
+              ''^tests/functional/output-normalization\.sh$''
+              ''^tests/functional/parallel\.builder\.sh$''
+              ''^tests/functional/parallel\.sh$''
+              ''^tests/functional/pass-as-file\.sh$''
+              ''^tests/functional/path-from-hash-part\.sh$''
+              ''^tests/functional/path-info\.sh$''
+              ''^tests/functional/placeholders\.sh$''
+              ''^tests/functional/post-hook\.sh$''
+              ''^tests/functional/pure-eval\.sh$''
+              ''^tests/functional/push-to-store-old\.sh$''
+              ''^tests/functional/push-to-store\.sh$''
+              ''^tests/functional/read-only-store\.sh$''
+              ''^tests/functional/readfile-context\.sh$''
+              ''^tests/functional/recursive\.sh$''
+              ''^tests/functional/referrers\.sh$''
+              ''^tests/functional/remote-store\.sh$''
+              ''^tests/functional/repair\.sh$''
+              ''^tests/functional/restricted\.sh$''
+              ''^tests/functional/search\.sh$''
+              ''^tests/functional/secure-drv-outputs\.sh$''
+              ''^tests/functional/selfref-gc\.sh$''
+              ''^tests/functional/shell\.shebang\.sh$''
+              ''^tests/functional/simple\.builder\.sh$''
+              ''^tests/functional/supplementary-groups\.sh$''
+              ''^tests/functional/toString-path\.sh$''
+              ''^tests/functional/user-envs-migration\.sh$''
+              ''^tests/functional/user-envs-test-case\.sh$''
+              ''^tests/functional/user-envs\.builder\.sh$''
+              ''^tests/functional/user-envs\.sh$''
+              ''^tests/functional/why-depends\.sh$''
+              ''^src/libutil-tests/data/git/check-data\.sh$''
+            ];
           };
         };
       };

maintainers/onboarding.md

@@ -3,9 +3,5 @@
 
 - https://github.com/NixOS/nixos-homepage/
 - https://github.com/orgs/NixOS/teams/nix-team
-- Matrix rooms
-  - [private] Nix maintainer team
-  - Nix ∪ Lix devs (also private)
-  - any open security issues if present and needed
-
+- Matrix room
 - Team member should subscribe to notifications for the [Nix development category on Discourse](https://discourse.nixos.org/c/dev/nix/50)

maintainers/release-notes-todo

@@ -1,58 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-# debug:
-# set -x
-
-START_REF="${1}"
-END_REF="${2:-upstream/master}"
-
-# Get the merge base
-MERGE_BASE=$(git merge-base "$START_REF" "$END_REF")
-unset START_REF
-
-# Get date range
-START_DATE=$(git show -s --format=%cI "$MERGE_BASE")
-END_DATE=$(git show -s --format=%cI "$END_REF")
-
-echo "Checking PRs merged between $START_DATE and $END_DATE" >&2
-
-# Get all commits between merge base and HEAD
-COMMITS=$(git rev-list "$MERGE_BASE..$END_REF")
-
-# Convert to set for fast lookup
-declare -A commit_set
-for commit in $COMMITS; do
-    commit_set["$commit"]=1
-done
-
-# Get the current changelog
-LOG_DONE="$(changelog-d doc/manual/rl-next)"
-is_done(){
-    local nr="$1"
-    echo "$LOG_DONE" | grep -E "^- .*/pull/$nr)"
-}
-
-# Query merged PRs in date range
-gh pr list \
-    --repo NixOS/nix \
-    --state merged \
-    --limit 1000 \
-    --json number,title,author,mergeCommit \
-    --search "merged:$START_DATE..$END_DATE" | \
-jq -r '.[] | [.number, .mergeCommit.oid, .title, .author.login] | @tsv' | \
-while IFS=$'\t' read -r pr_num merge_commit _title author; do
-    # Check if this PR's merge commit is in our branch
-    if [[ -n "${commit_set[$merge_commit]:-}" ]]; then
-        # Full detail, not suitable for comment due to mass ping and duplicate title
-        # echo "- #$pr_num $_title (@$author)"
-        echo "- #$pr_num ($author)"
-        if is_done "$pr_num"
-        then
-            echo "  - [x] has note"
-        else
-            echo "  - [ ] has note"
-        fi
-        echo "  - [ ] skip"
-    fi
-done

maintainers/release-process.md

@@ -24,18 +24,11 @@ release:
 * In a checkout of the Nix repo, make sure you're on `master` and run
   `git pull`.
 
-* Compile a release notes to-do list by running
-
-  ```console
-  $ ./maintainers/release-notes-todo PREV_RELEASE HEAD
-  ```
-
 * Compile the release notes by running
 
   ```console
   $ export VERSION=X.YY
   $ git checkout -b release-notes
-  $ export GITHUB_TOKEN=...
   $ ./maintainers/release-notes
   ```
 
@@ -133,8 +126,6 @@ release:
 
   Commit and push this to the maintenance branch.
 
-* Create a backport label.
-
 * Bump the version of `master`:
 
   ```console
@@ -149,6 +140,10 @@ release:
 
   Make a pull request and auto-merge it.
 
+* Create a backport label.
+
+* Add the new backport label to `.mergify.yml`.
+
 * Post an [announcement on Discourse](https://discourse.nixos.org/c/announcements/8), including the contents of
   `rl-$VERSION.md`.
 

meson.build

@@ -8,6 +8,7 @@ project(
   subproject_dir : 'src',
   default_options : [
     'localstatedir=/nix/var',
+    # hack for trailing newline
   ],
   meson_version : '>= 1.1',
 )
@@ -28,7 +29,7 @@ subproject('nix')
 if get_option('doc-gen')
   subproject('internal-api-docs')
   subproject('external-api-docs')
-  if meson.can_run_host_binaries()
+  if not meson.is_cross_build()
     subproject('nix-manual')
   endif
 endif
@@ -41,10 +42,8 @@ subproject('libexpr-c')
 subproject('libflake-c')
 subproject('libmain-c')
 
-asan_enabled = 'address' in get_option('b_sanitize')
-
 # Language Bindings
-if get_option('bindings') and not meson.is_cross_build() and not asan_enabled
+if get_option('bindings') and not meson.is_cross_build()
   subproject('perl')
 endif
 
@@ -60,4 +59,3 @@ if get_option('unit-tests')
   subproject('libflake-tests')
 endif
 subproject('nix-functional-tests')
-subproject('json-schema-checks')

meson.options

@@ -20,10 +20,3 @@ option(
   value : true,
   description : 'Build language bindings (e.g. Perl)',
 )
-
-option(
-  'benchmarks',
-  type : 'boolean',
-  value : false,
-  description : 'Build benchmarks (requires gbenchmark)',
-)

misc/bash/completion.sh

@@ -1,4 +1,3 @@
-# shellcheck shell=bash
 function _complete_nix {
     local -a words
     local cword cur

misc/fish/completion.fish

@@ -1,4 +1,3 @@
-# shellcheck disable=all
 function _nix_complete
   # Get the current command up to a cursor.
   # - Behaves correctly even with pipes and nested in commands like env.

misc/freebsd/meson.build

@@ -1,10 +0,0 @@
-configure_file(
-  input : 'nix-daemon.in',
-  output : 'nix-daemon',
-  install : true,
-  install_dir : get_option('prefix') / 'etc/rc.d',
-  install_mode : 'rwxr-xr-x',
-  configuration : {
-    'bindir' : bindir,
-  },
-)

misc/freebsd/nix-daemon.in

@@ -1,49 +0,0 @@
-#!/bin/sh
-#
-# PROVIDE: nix_daemon
-# REQUIRE: DAEMON
-# KEYWORD: shutdown
-#
-# Add the following lines to /etc/rc.conf to enable nix-daemon:
-#
-# nix_daemon_enable="YES"
-#
-
-# shellcheck source=/dev/null
-. /etc/rc.subr
-
-name="nix_daemon"
-# shellcheck disable=SC2034
-rcvar="nix_daemon_enable"
-
-load_rc_config $name
-
-: "${nix_daemon_enable:=NO}"
-
-command="@bindir@/nix-daemon"
-command_args=""
-pidfile="/var/run/nix-daemon.pid"
-
-# shellcheck disable=SC2034
-start_cmd="${name}_start"
-# shellcheck disable=SC2034
-stop_cmd="${name}_stop"
-
-nix_daemon_start() {
-    echo "Starting ${name}."
-    # command_args is intentionally unquoted to allow multiple arguments
-    # shellcheck disable=SC2086
-    /usr/sbin/daemon -c -f -p "${pidfile}" "${command}" ${command_args}
-}
-
-nix_daemon_stop() {
-    if [ -f "${pidfile}" ]; then
-        echo "Stopping ${name}."
-        kill -TERM "$(cat "${pidfile}")"
-        rm -f "${pidfile}"
-    else
-        echo "${name} is not running."
-    fi
-}
-
-run_rc_command "$1"

misc/launchd/meson.build

@@ -9,5 +9,5 @@ configure_file(
     # 'storedir' : store_dir,
     # 'localstatedir' : localstatedir,
     # 'bindir' : bindir,
-},
+  },
 )

misc/meson.build

@@ -9,7 +9,3 @@ endif
 if host_machine.system() == 'darwin'
   subdir('launchd')
 endif
-
-if host_machine.system() == 'freebsd'
-  subdir('freebsd')
-endif

misc/zsh/completion.zsh

@@ -1,5 +1,4 @@
 #compdef nix
-# shellcheck disable=all
 
 function _nix() {
   local ifs_bk="$IFS"

nix-meson-build-support/big-objs/meson.build

@@ -2,5 +2,5 @@ if host_machine.system() == 'windows'
   # libexpr's primops creates a large object
   # Without the following flag, we'll get errors when cross-compiling to mingw32:
   # Fatal error: can't write 66 bytes to section .text of src/libexpr/libnixexpr.dll.p/primops.cc.obj: 'file too big'
-  add_project_arguments([ '-Wa,-mbig-obj' ], language : 'cpp')
+  add_project_arguments([ '-Wa,-mbig-obj' ], language: 'cpp')
 endif

nix-meson-build-support/common/asan-options/asan-options.cc

@@ -1,6 +0,0 @@
-extern "C" [[gnu::retain, gnu::weak]] const char * __asan_default_options()
-{
-    // We leak a bunch of memory knowingly on purpose. It's not worthwhile to
-    // diagnose that memory being leaked for now.
-    return "abort_on_error=1:print_summary=1:detect_leaks=0:detect_odr_violation=0";
-}

nix-meson-build-support/common/asan-options/meson.build

@@ -1,11 +0,0 @@
-# Clang gets grumpy about missing libasan symbols if -shared-libasan is not
-# passed when building shared libs, at least on Linux
-if cxx.get_id() == 'clang' and ('address' in get_option('b_sanitize') or 'undefined' in get_option(
-  'b_sanitize',
-))
-  add_project_link_arguments('-shared-libasan', language : 'cpp')
-endif
-
-if 'address' in get_option('b_sanitize')
-  deps_other += declare_dependency(sources : 'asan-options.cc')
-endif

nix-meson-build-support/common/assert-fail/meson.build

@@ -1,32 +0,0 @@
-can_wrap_assert_fail_test_code = '''
-#include <cstdlib>
-#include <cassert>
-
-int main()
-{
-    assert(0);
-}
-
-extern "C" void * __real___assert_fail(const char *, const char *, unsigned int, const char *);
-
-extern "C" void *
-__wrap___assert_fail(const char *, const char *, unsigned int, const char *)
-{
-    return __real___assert_fail(nullptr, nullptr, 0, nullptr);
-}
-'''
-
-wrap_assert_fail_args = [ '-Wl,--wrap=__assert_fail' ]
-
-can_wrap_assert_fail = cxx.links(
-  can_wrap_assert_fail_test_code,
-  args : wrap_assert_fail_args,
-  name : 'linker can wrap __assert_fail',
-)
-
-if can_wrap_assert_fail
-  deps_other += declare_dependency(
-    sources : 'wrap-assert-fail.cc',
-    link_args : wrap_assert_fail_args,
-  )
-endif

nix-meson-build-support/common/assert-fail/wrap-assert-fail.cc

@@ -1,17 +0,0 @@
-#include "nix/util/error.hh"
-
-#include <cstdio>
-#include <cstdlib>
-#include <cinttypes>
-#include <string_view>
-
-extern "C" [[noreturn]] void __attribute__((weak))
-__wrap___assert_fail(const char * assertion, const char * file, unsigned int line, const char * function)
-{
-    char buf[512];
-    int n =
-        snprintf(buf, sizeof(buf), "Assertion '%s' failed in %s at %s:%" PRIuLEAST32, assertion, function, file, line);
-    if (n < 0)
-        nix::panic("Assertion failed and could not format error message");
-    nix::panic(std::string_view(buf, std::min(static_cast<int>(sizeof(buf)), n)));
-}

nix-meson-build-support/common/meson.build

@@ -5,15 +5,6 @@ if not (host_machine.system() == 'windows' and cxx.get_id() == 'gcc')
   deps_private += dependency('threads')
 endif
 
-if host_machine.system() == 'cygwin'
-  # -std=gnu on cygwin defines 'unix', which conflicts with the namespace
-  add_project_arguments(
-    '-D_POSIX_C_SOURCE=200809L',
-    '-D_GNU_SOURCE',
-    language : 'cpp',
-  )
-endif
-
 add_project_arguments(
   '-Wdeprecated-copy',
   '-Werror=suggest-override',
@@ -27,23 +18,3 @@ add_project_arguments(
   '-Wno-deprecated-declarations',
   language : 'cpp',
 )
-
-# GCC doesn't benefit much from precompiled headers.
-do_pch = cxx.get_id() == 'clang'
-
-# This is a clang-only option for improving build times.
-# It forces the instantiation of templates in the PCH itself and
-# not every translation unit it's included in.
-# It's available starting from clang 11, which is old enough to not
-# bother checking the version.
-# This feature helps in particular with the expensive nlohmann::json template
-# instantiations in libutil and libstore.
-if cxx.get_id() == 'clang'
-  add_project_arguments('-fpch-instantiate-templates', language : 'cpp')
-endif
-
-# Darwin ld doesn't like "X.Y.ZpreABCD+W"
-nix_soversion = meson.project_version().split('+')[0].split('pre')[0]
-
-subdir('assert-fail')
-subdir('asan-options')

nix-meson-build-support/default-system-cpu/meson.build

@@ -1,19 +0,0 @@
-# This attempts to translate meson cpu_family and cpu_name specified via
-# --cross-file [1] into a nix *system double*. Nixpkgs mostly respects ([2]) the
-# conventions outlined in [1].
-#
-# [1]: https://mesonbuild.com/Reference-tables.html#cpu-families
-# [2]: https://github.com/NixOS/nixpkgs/blob/master/pkgs/build-support/lib/meson.nix
-
-nix_system_cpu = {'ppc64' : 'powerpc64', 'ppc' : 'powerpc', 'x86' : 'i686'}.get(
-  host_machine.cpu_family(),
-  host_machine.cpu_family(),
-)
-
-if (host_machine.cpu_family() in [ 'ppc64', 'ppc' ]) and host_machine.endian() == 'little'
-  nix_system_cpu += 'le'
-elif host_machine.cpu_family() in [ 'mips64', 'mips' ] and host_machine.endian() == 'little'
-  nix_system_cpu += 'el'
-elif host_machine.cpu_family() == 'arm'
-  nix_system_cpu = host_machine.cpu()
-endif

nix-meson-build-support/deps-lists/meson.build

@@ -6,7 +6,7 @@
 # *interface*.
 #
 # See `man pkg-config` for some details.
-deps_private = []
+deps_private = [ ]
 
 # These are public dependencies with pkg-config files. Public is the
 # opposite of private: these dependencies are used in installed header
@@ -23,14 +23,14 @@ deps_private = []
 # N.B. For distributions that care about "ABI" stability and not just
 # "API" stability, the private dependencies also matter as they can
 # potentially affect the public ABI.
-deps_public = []
+deps_public = [ ]
 
 # These are subproject deps (type == "internal"). They are other
 # packages in `/src` in this repo. The private vs public distinction is
 # the same as above.
-deps_private_subproject = []
-deps_public_subproject = []
+deps_private_subproject = [ ]
+deps_public_subproject = [ ]
 
 # These are dependencencies without pkg-config files. Ideally they are
 # just private, but they may also be public (e.g. boost).
-deps_other = []
+deps_other = [ ]

nix-meson-build-support/export-all-symbols/meson.build

@@ -5,7 +5,7 @@ if host_machine.system() == 'cygwin' or host_machine.system() == 'windows'
   # and not detail with this yet.
   #
   # TODO do not do this, and instead do fine-grained export annotations.
-  linker_export_flags = [ '-Wl,--export-all-symbols' ]
+  linker_export_flags = ['-Wl,--export-all-symbols']
 else
   linker_export_flags = []
 endif

nix-meson-build-support/export/meson.build

@@ -1,12 +1,12 @@
 requires_private = []
 foreach dep : deps_private_subproject
-  requires_private += dep.name()
+  requires_private  += dep.name()
 endforeach
 requires_private += deps_private
 
-requires_public = []
+requires_public  = []
 foreach dep : deps_public_subproject
-  requires_public += dep.name()
+  requires_public  += dep.name()
 endforeach
 requires_public += deps_public
 
@@ -14,7 +14,7 @@ extra_pkg_config_variables = get_variable('extra_pkg_config_variables', {})
 
 extra_cflags = []
 if not meson.project_name().endswith('-c')
-  extra_cflags += [ '-std=c++23' ]
+    extra_cflags += ['-std=c++2a']
 endif
 
 import('pkgconfig').generate(
@@ -29,13 +29,10 @@ import('pkgconfig').generate(
   variables : extra_pkg_config_variables,
 )
 
-meson.override_dependency(
-  meson.project_name(),
-  declare_dependency(
-    include_directories : include_dirs,
-    link_with : this_library,
-    compile_args : [ '-std=c++23' ],
-    dependencies : deps_public_subproject + deps_public,
-    variables : extra_pkg_config_variables,
-  ),
-)
+meson.override_dependency(meson.project_name(), declare_dependency(
+  include_directories : include_dirs,
+  link_with : this_library,
+  compile_args : ['-std=c++2a'],
+  dependencies : deps_public_subproject + deps_public,
+  variables : extra_pkg_config_variables,
+))

nix-meson-build-support/generate-header/meson.build

@@ -1,12 +1,7 @@
-bash = find_program('bash', native : true)
+bash = find_program('bash', native: true)
 
 gen_header = generator(
   bash,
-  arguments : [
-    '-c',
-    '{ echo \'R"__NIX_STR(\' && cat @INPUT@ && echo \')__NIX_STR"\'; } > "$1"',
-    '_ignored_argv0',
-    '@OUTPUT@',
-  ],
+  arguments : [ '-c', '{ echo \'R"__NIX_STR(\' && cat @INPUT@ && echo \')__NIX_STR"\'; } > "$1"', '_ignored_argv0', '@OUTPUT@' ],
   output : '@PLAINNAME@.gen.hh',
 )

nix-meson-build-support/libatomic/meson.build

@@ -3,6 +3,6 @@
 # This is needed for std::atomic on some platforms
 # We did not manage to test this reliably on all platforms, so we hardcode
 # it for now.
-if host_machine.cpu_family() in [ 'arm', 'ppc' ]
+if host_machine.cpu_family() == 'arm'
   deps_other += cxx.find_library('atomic')
 endif